Given that Biden's name hasn't been added to the PDF, and the structural changes that were made to the web page version of the plan haven't been reflected in the PDF, it seems reasonable to wonder whether the PDF is soon going to get a similar face left. Therefore, the question of what Obama/Biden's actual technology plan is remains an open one. If the campaign is signaling that they have no present plan to change that PDF, it would be appropriate for the campaign to issue a more authoritative and comprehensive statement than "I got this email from this guy who says he got it from a campaign staffer."
And needless to say, everyone else who has tried the "all you can eat" music pricing model has failed.
Whoa, do you mean that Rhapsody has gone out of business!? Oh, wait, no they haven't. Not at all.
So please inform me exactly what Apple is finally getting! Thanks. I won't be holding my breath.
How snarky! Steve, is that you??? I'll try to be equally arrogant in how I explain this to you.
I'm sure you realize that a hardware device is not a music distribution service. They are actually two completely different things. If you understand the difference between these two things, surely it must follow that some people might select an ipod because they think the ipod is the best MP3 player hardware out there, but still be unhappy with Apple's distribution system... They might prefer if they could use their ipods with a subscription service instead.
Steve Jobs has insisted in the past that no one would want to use a music subscription service. Clearly the fact that Rhapsody has not, in fact, failed, proves that both he and you are wrong about that (assuming that you are, in fact, different people). Some people want to pay two dollars for a DRMed file that could easily be wiped out by a hard drive crash, but personally, I'd prefer to be able to listen to any song that I want to whenever I want, and I wish I could do it on my ipod. Sure, its more expensive than buying audio files, but I'm willing to pay for it. Its unfortunate that Apple does not allow such a service to be sold on their hardware.
Basically, what Apple is finally getting is that Steve Jobs doesn't actually know what is best for everybody. I'm glad you didn't hold your breath. It took a long time to type this all in. If you had done it you'd probably be dead by now.
This discussion is heavily slanted toward the pro-regulation crowd. The moderators seem to be modding up posts based on the position they take in the debate rather than the value of the points they are making. I would think that a community for geeks would have a better understanding of this issue, and would have more people who are sympathetic to the interests of private individuals who have domain names for non-commercial reasons.
There are a large number of straw men that are raised constantly by supporters of whois accuracy regulation. Not one holds up to objective analysis.
1. No one is talking about getting rid of Whois. Whois was originally voluntary. You could publish as much or as little information as you wanted in it. Later, it was changed to make publication of names, addresses, and telephone numbers mandatory. If this vote was successful it would become voluntary again. This is not the same thing as taking down the service.
2. Criminals and spammers are not going to publish accurate information in whois. There is no way to force the data to be accurate regardless of what the regulations are. So the regulations mostly impact well meaning, honest people, not criminal groups.
3. Businesses want you to know how to contact them. No legitimate business is going to keep it's whois information private. The regulations do not effect businesses or organizations, who would publish contact information regardless of whether or not they were required to, they effect individual, non-commercial domain holders.
4. You do not need DNS Whois to resolve technical, security, or legal issues with a domain. Its convenient, but if the data is wrong or not present, you can contact the ISP that is responsible for the IP address the computer in question is using. DNS Whois is never necessary. Most kinds of Internet crimes can be committed without a domain name, and so DNS whois is obviously not sufficient to investigate those cases. How does the RIAA prosecute P2P users, who are publishing on the Internet without a domain name? The argument that its ok to have an anonymous sub domain but its not ok to have an anonymous primary domain also does not make sense. If you have a problem with an anonymous primary domain you can contact the ISP responsible for the IP address the computer in question is using, just as you are forced to do if there is no domain name being used.
5. Yes, proxy services are available, but they are expensive, and this expense ought to serve some sort of legitimate purpose. If the purpose of this regulation isn't fighting spammers or criminals or making sure businesses disclose their locations, than what is it and are we willing to spend $9 per domain to serve it?
6. Individuals who use the Internet for noncommercial reasons are not interested in eating cake. We don't want dymanic dns records hosted on a sub-domain. We don't want to use hosting services. We want domains, and we've been able to use domains for non commercial purposes without publishing personal contact information for most of the history of the Internet! The response "if you don't like it use XYZ" is not acceptable. The people who advocate that people be required to publish their personal information in the whois database must defend the need for and value of that regulation, and not simply offer that those who disagree go somewhere else!
The bottom line is that supporters of these rules are motivated by misinformation, private interests, or outright authoritarianism.
The misinformed are those who like doing whois lookups on domains and assume that this information should always be required to be there in a form they expect simply because it is often there and often useful. This is a bit like assuming that personal homepages should have a terms of service agreement and a "contact us" page because lots of sites do and they like to use them.
The private interests are those like the RIAA and other IP interests, who wish to ensure that honest, well meaning private individuals who use d
As a GoDaddy customer who hosts an open discussion site on a domain that is registered with GoDaddy, I am troubled by the mishandling of this incident. Frankly, I look at this as a substantial risk to the stability of my website, and I am now contemplating a transition to a new registrar.
I'm assuming that this account and response were actually posted by GoDaddy. If so, I'm glad you've decided to address this matter, but unforunately, you haven't gone far enough. Your handling of the matter was irresponsible, and this post glosses over serious problems with your process. You need to address these problems directly if you expect people to rely on you for registrar services. For example:
In this case, Go Daddy attempted to contact the customer with regard to a large list of MySpace user names and passwords which appeared on his Web site. The registrant was not available at the time.
This is not an honest representation of what occurred. The voicemail your abuse department left has been made public. You called the customer to inform him that the domain had already been scheduled for deactivation. You did not provide an explanation and you did not provide any telephone contact information.
Once we were able to discuss the issue with the registrant, he assured us he would remove the offending material and we re-enabled his site while he was on the phone. The site was back up within one hour.
The fact is that you did not leave a telephone number where your abuse department could be reached. According to the customer you did not respond to emails that were sent to the abuse department, your technical support group would not forward calls to the abuse department, and the customer was informed that he would receive a response in one to two business days.
This characterization that you did everything you could to contact the customer and when you finally did you got the site back up immediately is totally dishonest. The facts are that you knew that this website was a large community site and that the operators had not directly posted the content you were seeking to block access to, but you disconnected the domain without making prior contact with the customer, and you made it as hard as you possibly could for the customer to contact you after the fact to resolve the matter.
This is not a responsible way to handle incidents like this, and you cannot justify it. Furthermore, spinning it makes matters even worse, as it means that we can expect similar problems to be dealt with in a similar way in the future. That means that GoDaddy cannot be relied upon as a DNS registrar for serious Internet resources that need stable DNS services, particularly if they are open or community based sites that allow third parties to post content.
I would caution you against underestimating the influence that technical communities like Slashdot AND Seclists.org have over the purchasing decisions made by people deploying Internet systems and networks. If you do not take a serious critical look at your processes and respond to your customers in a way that assures us that incidents like this will not happen again it will have a serious negative impact on your business.
Would it be appropriate for Google's registrar to shut them down immediately if questionable information appeared in their search engine or one of their forums? I don't see what the difference is.
Would it not have been appropriate, having shut down an entire site, that those who made the decision at least give the site owner an explanation and a way to contact them in less than 1 to 2 business days?
If a company will send us its logs related to an intrusion, we will be able to provide a profile of the attacker.
On the other hand they state:
The purpose of this study is trying to describe objectively hackers' everyday life, providing the people that have a poor knowledge of the hacking scene and the digital underground with a clear vision, uninfluenced by mass media or personal prejudices, putting an end to all the stereotypes surrounding this world.
I might suggest that the primary stereotype that the hacker subculture would like to put an end to is the idea that people in the hacker scene are responsible for most computer crimes.
The questionnaire should yield a profile of hackers who practice hacking in their spare time and without professional purposes. It is unlikely that cyber-warriors, industrial spies, governmental agents, and military hackers, who practice hacking professionally, will fill out the questionnaire, due to the obvious prudence required by their activities.
What is the difference between a "cyber warrior" and a "military hacker?" Aren't there other groups committing computer crime who don't merely "practice hacking in their spare time and without professional purposes." Like organized criminals? Who is running the bot nets? Who is sending out the phishing scams? Who is installing the malware? I might suggest that these people are neither "driven by the love for knowledge" nor are they employed by the military, and a study like this isn't going to shed any light on them.
The complete version of the questionnaire will be distributed exclusively to the persons who we are sure belong to the hacker underground. This group will act as a control group toward those who have filled out the compact version.
What does it mean if the compact version deviates from the control group? That people lied on the survey, or that the control group was poorly selected? Is this science or politics?
If you want to understand computer criminals, do a broad study of people who have been convicted of committing the sort of crime you are interested in.
I agree, offering to hire him is a little far, but you take what you can get, and this is better then having the message out there that if you criticise homeland security they throw the book at you.
He's not schizophrenic. He is listening to people who've shown concern about this case, such as those in this forum, and he has taken a closer look at it.
Congressman Markey put out a press release today which softens his stance with regard to this case. This may be the result of hearing from constituents and taking a closer look at the specific circumstances here. Sometimes politicians do actually listen.
Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed. He picked a lousy way of doing it, but he should not go to jail for his bad judgment.
This article is terrible! Its complete gobbledygook. The author has no idea what he is talking about. Consider this:
Anti-virus solutions will also be required, and these must be designed to ensure that excessive delay in telephony packets transiting the network is not introduced.
Thats Intrusion Prevention not Anti-Virus. Does he even understand what those words mean?
Phishing attacks on VoIP networks involve attackers faking the number of the phone they are using, making it look as though a legitimate organisation is making the call... However, anti-spoofing packet filters in the network will help prevent hackers or spammers hiding behind acceptable addresses.
NO! Anti-spoofing packet filters do NOT prevent caller ID spoofing in VoIP protocols. They have absolutely nothing to do with Voice over IP!
Its unethical for people who don't understand computer security to offer computer security advice. As for the Slashdot Editors, there are so many more important things they could have covered today, such as the attempt in Georgia to imprison people for performing computer forensics without a private investigator's license. (Its also unethical for people who don't understand computer security to attempt to use legislation to corner the market on it.)
The hyperbole displayed in this post is exactly the sort of behavior that computer security professionals should avoid engaging in. People who take undue offence at obviously innocent acts and run around making completely unfounded accusations of mal-intent and criminal liability are the sort of network operators who can make a workplace a living hell for people who are trying to get things done. Its a power trip and in a serious corporate environment it is totally inappropriate. Security professionals should be focused on real threats to business continuity rather then getting their rocks off by hunting down port scanners.
It should be painfully obvious that nothing about this assignment is either illegal or immoral. The students are asked to perform a vulnerability assessment. They are asked to collect information; they are not asked to act on that information and break in. If you want to understand how security gets done it makes sense to take a look at someone who is doing it and see what they are doing. Its the kind of activity that might raise suspicion in the event that the intent was to use the information collected in the subsiquent commission of a crime, but that obviously isn't the intent here, so there is no REAL problem. If your Internet connected computer is so weak from a security standpoint that this kind of snooping is enough to impact your operation then I suggest you stop reading this and go check on it because you are probably offline right now.
Obviously one needs to be careful in performing this sort of audit that one doesn't use aggressive tools that can impact the operation of a host, and students do need to understand the difference between collecting information and obtaining unauthorized access. It might make sense for this lesson to be bundled with a serious conversation about the ethical issues. Obviously, it would be preferable to ask students to look at a honeypot host rather then examining someone's live network, if for no other reason then this kind of probing is suspicious and, albeit EXTRMELY unlikely, could cause administrators to waste time investigating. However, to suggest that performing this kind of information collection against a remote host is a crime regardless of the intent of the exercise is, frankly, "just plain stupid and ignorant."
Sans security ought to relax. The likelyhood that any of the targets of this exercise so much as noticed it is infinitesimal.
This isn't news. When encryption software was removed from the ITAR list it was added to the Commerce Control List instead. Encryption export in the US is regulated by BIS "Dubya and Company" didn't do this. This has been the case since the Clinton years. And, no, the government isn't completely confused about the Internet, and they don't think these regulations are useless.
Cryptoanalytic items are more strictly controlled then encryption items because the regs are immature. Few people actually make and export them, and most cryptanalytic stuff is designed for snooping on people and not protecting computer security. The regs are designed with snooping equipment in mind. I don't think Lopht Crack is the droid BIS is looking for, and I figure Symantec could probably get a license to export it if they tried. Furthermore, I figure that if you had an open source cryptanalytic program you could probably distribute it online with the same sort of TSU notification you have to do when you ship open source cryptography software. However, IANAL, so don't take my word for that...
The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware.
No, the problem with the SonyBMG situation is that they installed "technology" without the user's consent. How can the user consent in the fine print of an EULA to installing software which is specifically designed to hide itself and to be impossible to uninstall? Obviously, if there was any credibility to the claim that the user consented to installing the software there would be absolutely no reason to hide it! The idea that you can simultaneously get me to consent to something AND keep me from knowing about it is so insane that it would be comical if so many people weren't seriously suggesting that its true.
Furthermore, the "vulnerability" in this program that SONY was "unaware of" is not a typical software bug that developers might be reasonably unaware of. This software is specifically designed to hide any file starting with the $sys$ prefix! The idea that the creators of this software are "unaware" of something they specifically designed this program to do is almost as insane as the fallacy above.
Whats worse, the uninstaller is designed to break security too! If you are putting a remotely accessible ActiveX control on a machine, which has a function called "ExecuteCode," you're allowing any web page to "ExecuteCode" on that machine. This isn't a vulnerability, its a bad design, and the design is so obviously bad that it is impossible to be sympathetic.
If you are savvy enough about computers to be designing DRM software in the first place then obviously you would know that these things are problems!
I can empathize with your stance you wouldn't want to provide profit (e.g., for slashdot) when you (and the community) are the providers of the content.
On the other hand, were they (or slashdot) to ask something more like $20 A MONTH, I'd question their motive (as I question Microsoft's)
Why is it indicitive of a questionable motive to seek to make a living from what one does? Why do you go to a bar? Its obviously not for the beer, as the same beer can be obtained more cheaply at a grocery store. You go for the people. But those people don't expect the beer for free or question the motives of the bartender if he or she makes a profit. We want our bartenders to make a profit so we'll have good bars.
If you want people to devote their time and energy into creating online communities you ought to pay them. Otherwise they will not be able to make communities that are as nice, because they'll have to keep down a day job at the same time, and won't be able to devote as much energy into the community.
Here is a screen capture of the page returned by DURL. You can see that some people are reading Smart Mobs because they associated it with the concepts of "creativity" or "ubiquitous computing". Others are using tags such as "collaboration," "mobile" or "community." (Credit: Robin Millette/del.icio.us).
I run a small internet community called MemeStreams that has had a feature like this for some time. MemeStreams has a thread bookmarklet. You can click on it when viewing any URL and see a discussion thread about that page if users of MemeStreams have commented on it. These discussions could clearly be moderated although there is not enough traffic to warrant it right now.
The idea is that any web page could be associated with a open, threaded discussion that is available one click away.
They'd probably wouldn't mind skipping encryption altogether and saving a buck, but I doubt very many labels would support that scheme.
Um, no, the encryption in this context doesn't just protect the music industry. It also prevents competitors from interoperating with apple's products. Apple likes it that way.
I certainly wish this person had posted a copy of their warrant, and pictures of the equipment. There is so much that they could do to shore up their story. However, if their story is correct this certainly is "another Steve Jackson affair."
The important point thing about the Steve Jackson case had absolutely nothing to do with whether or not he was guilty. The case was an example of hundreds of cases that were occuring all over the country at the time that shared two common characteristics:
1. Law Enforcement had no idea what they were talking about. (They thought a role playing game was a handbook for computer crime.)
2. The investigation was intended to be punative. They show up, seize everything they can possibly get their hands on, destory as much of it as possible, hold onto it for as long as possible, and do everything in their power to make the court proceedings as expensive as possible. At the end of the day if the suspect is innocent it doesn't matter, everyone who is targetted by investigations like this is left completely broke and unemployed with tarnished reputations in their communities. Ruined.
Now let me be completely clear on this second point. There are those in law enforcement who beleive that they need to deal with suspects as harshly as possible to send a message that people should stay away from crime. They are dead wrong. Punative investigations are unconstituional. The judicial branch meters out punishments, not the executive. When the executive steps outside the bounds of its constituional authority and starts attempting to punish people who have yet to be convicted of a crime the whole balance of our system is undermined. Innocent people are caught up in the frey.
When you have punative investigations pursued by law enforcement agents who have no idea what they are talking about the result is a very dangerous government organization that is completely out of control. An angry drunk with a baseball bat.
Steve Jackson Games was simply a particularly good place to draw a line in the sand. Thats why you are familiar with it.
If this account is correct, then this case has all the hallmarks of such a situation.
Clueless law enforcement/investigators: On the MPAA side, a completely incompetent attempt to serve a cease and desist notice. One has to wonder if this wasn't intentional. How hard is it to get this right? Didn't they get a bounce message? On the FBI side, a totally bizzare analogy between a Scifi fan club and organized crime in the warrant application!
Punative Investigation: You have to really try to smash an LCD screen, or you have to be so negligent in your handling of the equipment that you might as well have tried. Note also that they seized things like "girlfriends laptop" which are technically covered by their warrant but really have nothing to do with their investigation. Note also that they chose a court venue on the other side of the country.
Three comments:
1. Law Enforcement agents who operate this way do so consistently. We can look forward to lots more stories like this.
2. The FBI is usually much more professional then this. Its a shame. They are sending a very bad message about themselves here. Intellectual Property on the internet is an extremely controversial and visible topic. These cases are going to get a lot of attention. They should be handling this more carefully.
3. The decision to move Copyright cases into the criminal justice system was bad law. This case is exactly why. This whole thing could have been dealt with via a properly delivered C&D. It would have cost far less taxpayer money. We do not need our federal security forces out smashing computers for the MPAA!!
For one thing, requiring my lawyer to contact your lawyer to resolve a dispute is no more open or public than
me emailing you and saying "hey, that's my stuff, wouldya please take it off your web page."
Good job dude, you caught me when I'm drunk at a hacker con in NYC. You are clearly confused. If my DNS information is private, and you have to file a subpoena with a court in order to get my ISP to offer up my billing information and email address to your lawyer, then you have a court (an independent third party and a public record) involved before your lawyer can send my lawyer an email. This is a very simple concept. Do you understand?
I'd have to go after you for damages, not because the infringement did me any actual monetary harm, but because I've got to pay my lawyer, who does me entirely too much monetary harm.
Have you ever sued someone before?
I never said that "everyone speaking on the Internet is required to make their personal contact information public." I never even implied it. Owning a domain name and "speaking on the Internet" are two totally different things.
OIC, people with domain names should be tracked in a public database, but if they want to let someone host some anonymous speech on a subpage thats OK. Anonymous speakers shouldn't be allowed to have primary domains, however, because thats dangerous... Controversial political speech should be relegated to secondary status on the internet where it cannot exist on primary domains.
Nor would keeping the ownership of domain names secret from all but lawyers and their ilk prevent the types of issues that chillingeffects.org is reporting.
Actually, thats exactly what it would do, because if you needed a court's approval to subpoena the contact information before you could make threats you would have to have a claim that has at least a feasible basis in the law.
Taking away something that has been one of the few tools available to the victims -- the ability to find out who is bombarding them with the stuff -- and giving the bad guys an impenetrable shield of secrecy will make things much, much worse.
1. I'm not advocating that the ability to find out who is "bombarding them with the stuff" should be "taken away." I'm advocating that a court ought to be involved when you do this.
2. Are you telling me that criminal spammers just up and stop because you send them a polite email asking them too? Man, the spammers targeting your servers are a hell of a lot cooler then the ones targeting mine!! How do you do it?!
Openness has served the Net well for many years.
Once again, this isn't about openness versus closed. Either everyone with a domain has open contact information and the threats sent to domain holders are closed, OR people with domains can choose to have closed contact information and the threats have to be open. Choose wisely. The future depends on it.
BTW, I'm drunk, and I asked my friends here at HOPE if I'm being too much of a dick here. They said "there is no such thing as being too much of a dick on slashdot." I'm not sure I trust my friends. So, like, maybe when I'm sober I'll be cooler. But my opinions won't be different. Think about it.
Openness cleans up problems -- secrecy nurtures them.
You say this, and then immediately thereafter you say:
Gee, how terrible... you can get in touch with the guy who's got unauthorized copies of your stuff and ask him to take it down.
So, I should be forced to provide my personal contact information to the general public so that its open, but the threats that you send me, whether by lawyer or by crow bar, ought to be kept private?!
You have a choice, you can force everyones contact information to be public and allow disputes to be resolved in secret, or you can give people the option of keeping their contact information private and require some disputes to be resolved in a public forum. Why would you choose to prevent the secrecy of contact information over preventing the secrecy of volatile (and sometimes violent) disputes?
A future in which everyone speaking on the internet is required to make their personal contact information public is a future in which disputes are resolved through threats and intimidation. A future in which requests for contact information are handled out in the open is a future in which disputes are resolved with due process and justice.
Are you so frustrated by having to delete annoying emails that you are willing to do away with any reasonable balance in society? Are you under the impression that everyone who operates a website is a "potential spammer" and everyone who wishes to obtain the personal contact information of a website operator has good intentions? If so you are surely mistaken.
Well, they ARE publishing the RSS feed. It probably depends on whether your LED sign is for "home use" or it if is "publically displayed."
I think that if Slashdot wishes to prevent the republication of their RSS feed on LED signs they ought to push for a new field to be added to the RSS file format that prohibits the copying or rebroadcast of the contents, along with new federal legislation prohibiting technology that parses RSS but ignores this field. They could call it the "broadcast flag." Oh, thats right, someone is already doing this...
Here is a very simple program I wrote that pulls down a number of RSS news feeds, including Slashdot, and scrolls them on an Pro Lite LED display. This one is written in perl.
And Lamar Alexander -- Lamar Alexander, elected to the Congress planned and created by the same Constitution -- when he says that "The Government must play a greater role in punishing those who conceal their identities", well, I have to ask, when is the last time Lamar Alexander read that fine Constitution, that Constitution created by those three anonymous men publishing under a fake name?
Wrong Lamar. Its Lamar Smith, Texas, not Lamar Alexander, Tennessee.
Oh, fer Pete's sake, Taco. Would it really hurt all that much to give a full, accurate blurb on this one?
I wrote the blurb. Blame me. Taco just decided to post it. You've posted serveral times to the board about this inaccuracy. I'll respond here.
You're right, I should have been more clear. Basically, always read the article. This is a summary and not a complete rehash.
But also, try to read between the lines. Someone who is seriously engaged in fraud isn't going to pop their real information into the whois database, regardless of what the penalty is.
The intent is to create a situation where ordinary domain name holders feel like they've got to have accurate information in whois. Thats what these guys want. The way that they seek to get it in this version of the story (there have been several attempts at this) is to make people afraid that if they get charged with some sort of intellectual property crime, like posting Simpson's fan fiction, they will get a harsher sentence if the whois information is out of whack. If you believe that you will never be sued in connection with content of your domain you haven't been paying attention lately. Whats more, those who really need anonymnity the most are those who are also most likely to get sued, be it on a reasonable basis or not.
The fact is that the RIAA doesn't NEED whois to track down domain holders. You nslookup. You get an IP, and you subpoena the ISP just like you would if there was no domain name associated with the IP. When they say its impossible to track down people with fake whois information they are lieing outright. Furthermore, the advantage, to them, of relying on accurate whois information instead of a subpoena is that they don't have to file paperwork with a court. There is no legal proceeding and no judicial oversite. They contact you directly and threaten you unless you settle with them, and if you can't afford to defend yourself you are on your own.
Slashdot Mirror
Given that Biden's name hasn't been added to the PDF, and the structural changes that were made to the web page version of the plan haven't been reflected in the PDF, it seems reasonable to wonder whether the PDF is soon going to get a similar face left. Therefore, the question of what Obama/Biden's actual technology plan is remains an open one. If the campaign is signaling that they have no present plan to change that PDF, it would be appropriate for the campaign to issue a more authoritative and comprehensive statement than "I got this email from this guy who says he got it from a campaign staffer."
Thanks!
I'm sure you realize that a hardware device is not a music distribution service. They are actually two completely different things. If you understand the difference between these two things, surely it must follow that some people might select an ipod because they think the ipod is the best MP3 player hardware out there, but still be unhappy with Apple's distribution system... They might prefer if they could use their ipods with a subscription service instead.
Steve Jobs has insisted in the past that no one would want to use a music subscription service. Clearly the fact that Rhapsody has not, in fact, failed, proves that both he and you are wrong about that (assuming that you are, in fact, different people). Some people want to pay two dollars for a DRMed file that could easily be wiped out by a hard drive crash, but personally, I'd prefer to be able to listen to any song that I want to whenever I want, and I wish I could do it on my ipod. Sure, its more expensive than buying audio files, but I'm willing to pay for it. Its unfortunate that Apple does not allow such a service to be sold on their hardware.
Basically, what Apple is finally getting is that Steve Jobs doesn't actually know what is best for everybody. I'm glad you didn't hold your breath. It took a long time to type this all in. If you had done it you'd probably be dead by now.
This discussion is heavily slanted toward the pro-regulation crowd. The moderators seem to be modding up posts based on the position they take in the debate rather than the value of the points they are making. I would think that a community for geeks would have a better understanding of this issue, and would have more people who are sympathetic to the interests of private individuals who have domain names for non-commercial reasons.
There are a large number of straw men that are raised constantly by supporters of whois accuracy regulation. Not one holds up to objective analysis.
1. No one is talking about getting rid of Whois. Whois was originally voluntary. You could publish as much or as little information as you wanted in it. Later, it was changed to make publication of names, addresses, and telephone numbers mandatory. If this vote was successful it would become voluntary again. This is not the same thing as taking down the service.
2. Criminals and spammers are not going to publish accurate information in whois. There is no way to force the data to be accurate regardless of what the regulations are. So the regulations mostly impact well meaning, honest people, not criminal groups.
3. Businesses want you to know how to contact them. No legitimate business is going to keep it's whois information private. The regulations do not effect businesses or organizations, who would publish contact information regardless of whether or not they were required to, they effect individual, non-commercial domain holders.
4. You do not need DNS Whois to resolve technical, security, or legal issues with a domain. Its convenient, but if the data is wrong or not present, you can contact the ISP that is responsible for the IP address the computer in question is using. DNS Whois is never necessary. Most kinds of Internet crimes can be committed without a domain name, and so DNS whois is obviously not sufficient to investigate those cases. How does the RIAA prosecute P2P users, who are publishing on the Internet without a domain name? The argument that its ok to have an anonymous sub domain but its not ok to have an anonymous primary domain also does not make sense. If you have a problem with an anonymous primary domain you can contact the ISP responsible for the IP address the computer in question is using, just as you are forced to do if there is no domain name being used.
5. Yes, proxy services are available, but they are expensive, and this expense ought to serve some sort of legitimate purpose. If the purpose of this regulation isn't fighting spammers or criminals or making sure businesses disclose their locations, than what is it and are we willing to spend $9 per domain to serve it?
6. Individuals who use the Internet for noncommercial reasons are not interested in eating cake. We don't want dymanic dns records hosted on a sub-domain. We don't want to use hosting services. We want domains, and we've been able to use domains for non commercial purposes without publishing personal contact information for most of the history of the Internet! The response "if you don't like it use XYZ" is not acceptable. The people who advocate that people be required to publish their personal information in the whois database must defend the need for and value of that regulation, and not simply offer that those who disagree go somewhere else!
The bottom line is that supporters of these rules are motivated by misinformation, private interests, or outright authoritarianism.
The misinformed are those who like doing whois lookups on domains and assume that this information should always be required to be there in a form they expect simply because it is often there and often useful. This is a bit like assuming that personal homepages should have a terms of service agreement and a "contact us" page because lots of sites do and they like to use them.
The private interests are those like the RIAA and other IP interests, who wish to ensure that honest, well meaning private individuals who use d
...may be expensive but if you can fit the electronics inside of a ping pong ball you can at least get it close for free.
This is not an honest representation of what occurred. The voicemail your abuse department left has been made public. You called the customer to inform him that the domain had already been scheduled for deactivation. You did not provide an explanation and you did not provide any telephone contact information. The fact is that you did not leave a telephone number where your abuse department could be reached. According to the customer you did not respond to emails that were sent to the abuse department, your technical support group would not forward calls to the abuse department, and the customer was informed that he would receive a response in one to two business days.I'm assuming that this account and response were actually posted by GoDaddy. If so, I'm glad you've decided to address this matter, but unforunately, you haven't gone far enough. Your handling of the matter was irresponsible, and this post glosses over serious problems with your process. You need to address these problems directly if you expect people to rely on you for registrar services. For example:
This characterization that you did everything you could to contact the customer and when you finally did you got the site back up immediately is totally dishonest. The facts are that you knew that this website was a large community site and that the operators had not directly posted the content you were seeking to block access to, but you disconnected the domain without making prior contact with the customer, and you made it as hard as you possibly could for the customer to contact you after the fact to resolve the matter.
This is not a responsible way to handle incidents like this, and you cannot justify it. Furthermore, spinning it makes matters even worse, as it means that we can expect similar problems to be dealt with in a similar way in the future. That means that GoDaddy cannot be relied upon as a DNS registrar for serious Internet resources that need stable DNS services, particularly if they are open or community based sites that allow third parties to post content.
I would caution you against underestimating the influence that technical communities like Slashdot AND Seclists.org have over the purchasing decisions made by people deploying Internet systems and networks. If you do not take a serious critical look at your processes and respond to your customers in a way that assures us that incidents like this will not happen again it will have a serious negative impact on your business.
Would it be appropriate for Google's registrar to shut them down immediately if questionable information appeared in their search engine or one of their forums? I don't see what the difference is.
Would it not have been appropriate, having shut down an entire site, that those who made the decision at least give the site owner an explanation and a way to contact them in less than 1 to 2 business days?
What does it mean if the compact version deviates from the control group? That people lied on the survey, or that the control group was poorly selected? Is this science or politics?
If you want to understand computer criminals, do a broad study of people who have been convicted of committing the sort of crime you are interested in.
I agree, offering to hire him is a little far, but you take what you can get, and this is better then having the message out there that if you criticise homeland security they throw the book at you.
He's not schizophrenic. He is listening to people who've shown concern about this case, such as those in this forum, and he has taken a closer look at it.
That is, actually, exactly what the article suggests. You should read it. BTW, I can load the page from here...
Its unethical for people who don't understand computer security to offer computer security advice. As for the Slashdot Editors, there are so many more important things they could have covered today, such as the attempt in Georgia to imprison people for performing computer forensics without a private investigator's license. (Its also unethical for people who don't understand computer security to attempt to use legislation to corner the market on it.)
The hyperbole displayed in this post is exactly the sort of behavior that computer security professionals should avoid engaging in. People who take undue offence at obviously innocent acts and run around making completely unfounded accusations of mal-intent and criminal liability are the sort of network operators who can make a workplace a living hell for people who are trying to get things done. Its a power trip and in a serious corporate environment it is totally inappropriate. Security professionals should be focused on real threats to business continuity rather then getting their rocks off by hunting down port scanners. It should be painfully obvious that nothing about this assignment is either illegal or immoral. The students are asked to perform a vulnerability assessment. They are asked to collect information; they are not asked to act on that information and break in. If you want to understand how security gets done it makes sense to take a look at someone who is doing it and see what they are doing. Its the kind of activity that might raise suspicion in the event that the intent was to use the information collected in the subsiquent commission of a crime, but that obviously isn't the intent here, so there is no REAL problem. If your Internet connected computer is so weak from a security standpoint that this kind of snooping is enough to impact your operation then I suggest you stop reading this and go check on it because you are probably offline right now. Obviously one needs to be careful in performing this sort of audit that one doesn't use aggressive tools that can impact the operation of a host, and students do need to understand the difference between collecting information and obtaining unauthorized access. It might make sense for this lesson to be bundled with a serious conversation about the ethical issues. Obviously, it would be preferable to ask students to look at a honeypot host rather then examining someone's live network, if for no other reason then this kind of probing is suspicious and, albeit EXTRMELY unlikely, could cause administrators to waste time investigating. However, to suggest that performing this kind of information collection against a remote host is a crime regardless of the intent of the exercise is, frankly, "just plain stupid and ignorant." Sans security ought to relax. The likelyhood that any of the targets of this exercise so much as noticed it is infinitesimal.
Cryptoanalytic items are more strictly controlled then encryption items because the regs are immature. Few people actually make and export them, and most cryptanalytic stuff is designed for snooping on people and not protecting computer security. The regs are designed with snooping equipment in mind. I don't think Lopht Crack is the droid BIS is looking for, and I figure Symantec could probably get a license to export it if they tried. Furthermore, I figure that if you had an open source cryptanalytic program you could probably distribute it online with the same sort of TSU notification you have to do when you ship open source cryptography software. However, IANAL, so don't take my word for that...
Furthermore, the "vulnerability" in this program that SONY was "unaware of" is not a typical software bug that developers might be reasonably unaware of. This software is specifically designed to hide any file starting with the $sys$ prefix! The idea that the creators of this software are "unaware" of something they specifically designed this program to do is almost as insane as the fallacy above.
Whats worse, the uninstaller is designed to break security too! If you are putting a remotely accessible ActiveX control on a machine, which has a function called "ExecuteCode," you're allowing any web page to "ExecuteCode" on that machine. This isn't a vulnerability, its a bad design, and the design is so obviously bad that it is impossible to be sympathetic.
If you are savvy enough about computers to be designing DRM software in the first place then obviously you would know that these things are problems!
Why is it indicitive of a questionable motive to seek to make a living from what one does? Why do you go to a bar? Its obviously not for the beer, as the same beer can be obtained more cheaply at a grocery store. You go for the people. But those people don't expect the beer for free or question the motives of the bartender if he or she makes a profit. We want our bartenders to make a profit so we'll have good bars.
If you want people to devote their time and energy into creating online communities you ought to pay them. Otherwise they will not be able to make communities that are as nice, because they'll have to keep down a day job at the same time, and won't be able to devote as much energy into the community.
I run a small internet community called MemeStreams that has had a feature like this for some time. MemeStreams has a thread bookmarklet. You can click on it when viewing any URL and see a discussion thread about that page if users of MemeStreams have commented on it. These discussions could clearly be moderated although there is not enough traffic to warrant it right now.
The idea is that any web page could be associated with a open, threaded discussion that is available one click away.
I certainly wish this person had posted a copy of their warrant, and pictures of the equipment. There is so much that they could do to shore up their story. However, if their story is correct this certainly is "another Steve Jackson affair."
The important point thing about the Steve Jackson case had absolutely nothing to do with whether or not he was guilty. The case was an example of hundreds of cases that were occuring all over the country at the time that shared two common characteristics:
1. Law Enforcement had no idea what they were talking about. (They thought a role playing game was a handbook for computer crime.)
2. The investigation was intended to be punative. They show up, seize everything they can possibly get their hands on, destory as much of it as possible, hold onto it for as long as possible, and do everything in their power to make the court proceedings as expensive as possible. At the end of the day if the suspect is innocent it doesn't matter, everyone who is targetted by investigations like this is left completely broke and unemployed with tarnished reputations in their communities. Ruined.
Now let me be completely clear on this second point. There are those in law enforcement who beleive that they need to deal with suspects as harshly as possible to send a message that people should stay away from crime. They are dead wrong. Punative investigations are unconstituional. The judicial branch meters out punishments, not the executive. When the executive steps outside the bounds of its constituional authority and starts attempting to punish people who have yet to be convicted of a crime the whole balance of our system is undermined. Innocent people are caught up in the frey.
When you have punative investigations pursued by law enforcement agents who have no idea what they are talking about the result is a very dangerous government organization that is completely out of control. An angry drunk with a baseball bat.
Steve Jackson Games was simply a particularly good place to draw a line in the sand. Thats why you are familiar with it.
If this account is correct, then this case has all the hallmarks of such a situation.
Clueless law enforcement/investigators: On the MPAA side, a completely incompetent attempt to serve a cease and desist notice. One has to wonder if this wasn't intentional. How hard is it to get this right? Didn't they get a bounce message? On the FBI side, a totally bizzare analogy between a Scifi fan club and organized crime in the warrant application!
Punative Investigation: You have to really try to smash an LCD screen, or you have to be so negligent in your handling of the equipment that you might as well have tried. Note also that they seized things like "girlfriends laptop" which are technically covered by their warrant but really have nothing to do with their investigation. Note also that they chose a court venue on the other side of the country.
Three comments:
1. Law Enforcement agents who operate this way do so consistently. We can look forward to lots more stories like this.
2. The FBI is usually much more professional then this. Its a shame. They are sending a very bad message about themselves here. Intellectual Property on the internet is an extremely controversial and visible topic. These cases are going to get a lot of attention. They should be handling this more carefully.
3. The decision to move Copyright cases into the criminal justice system was bad law. This case is exactly why. This whole thing could have been dealt with via a properly delivered C&D. It would have cost far less taxpayer money. We do not need our federal security forces out smashing computers for the MPAA!!
Good job dude, you caught me when I'm drunk at a hacker con in NYC. You are clearly confused. If my DNS information is private, and you have to file a subpoena with a court in order to get my ISP to offer up my billing information and email address to your lawyer, then you have a court (an independent third party and a public record) involved before your lawyer can send my lawyer an email. This is a very simple concept. Do you understand?
Have you ever sued someone before?
OIC, people with domain names should be tracked in a public database, but if they want to let someone host some anonymous speech on a subpage thats OK. Anonymous speakers shouldn't be allowed to have primary domains, however, because thats dangerous... Controversial political speech should be relegated to secondary status on the internet where it cannot exist on primary domains.
Actually, thats exactly what it would do, because if you needed a court's approval to subpoena the contact information before you could make threats you would have to have a claim that has at least a feasible basis in the law.
1. I'm not advocating that the ability to find out who is "bombarding them with the stuff" should be "taken away." I'm advocating that a court ought to be involved when you do this.
Once again, this isn't about openness versus closed. Either everyone with a domain has open contact information and the threats sent to domain holders are closed, OR people with domains can choose to have closed contact information and the threats have to be open. Choose wisely. The future depends on it.2. Are you telling me that criminal spammers just up and stop because you send them a polite email asking them too? Man, the spammers targeting your servers are a hell of a lot cooler then the ones targeting mine!! How do you do it?!
BTW, I'm drunk, and I asked my friends here at HOPE if I'm being too much of a dick here. They said "there is no such thing as being too much of a dick on slashdot." I'm not sure I trust my friends. So, like, maybe when I'm sober I'll be cooler. But my opinions won't be different. Think about it.
You say this, and then immediately thereafter you say:
So, I should be forced to provide my personal contact information to the general public so that its open, but the threats that you send me, whether by lawyer or by crow bar, ought to be kept private?!
You have a choice, you can force everyones contact information to be public and allow disputes to be resolved in secret, or you can give people the option of keeping their contact information private and require some disputes to be resolved in a public forum. Why would you choose to prevent the secrecy of contact information over preventing the secrecy of volatile (and sometimes violent) disputes?
A future in which everyone speaking on the internet is required to make their personal contact information public is a future in which disputes are resolved through threats and intimidation. A future in which requests for contact information are handled out in the open is a future in which disputes are resolved with due process and justice.
Are you so frustrated by having to delete annoying emails that you are willing to do away with any reasonable balance in society? Are you under the impression that everyone who operates a website is a "potential spammer" and everyone who wishes to obtain the personal contact information of a website operator has good intentions? If so you are surely mistaken.
Try to think outside of your personal experience.
Well, they ARE publishing the RSS feed. It probably depends on whether your LED sign is for "home use" or it if is "publically displayed."
I think that if Slashdot wishes to prevent the republication of their RSS feed on LED signs they ought to push for a new field to be added to the RSS file format that prohibits the copying or rebroadcast of the contents, along with new federal legislation prohibiting technology that parses RSS but ignores this field. They could call it the "broadcast flag." Oh, thats right, someone is already doing this...
lednews.pl
(The Scientific American feed is commented out because newsisfree changed their syndication urls. I don't have the new url handy...)
Wrong Lamar. Its Lamar Smith, Texas, not Lamar Alexander, Tennessee.
I wrote the blurb. Blame me. Taco just decided to post it. You've posted serveral times to the board about this inaccuracy. I'll respond here.
You're right, I should have been more clear. Basically, always read the article. This is a summary and not a complete rehash.
But also, try to read between the lines. Someone who is seriously engaged in fraud isn't going to pop their real information into the whois database, regardless of what the penalty is.
The intent is to create a situation where ordinary domain name holders feel like they've got to have accurate information in whois. Thats what these guys want. The way that they seek to get it in this version of the story (there have been several attempts at this) is to make people afraid that if they get charged with some sort of intellectual property crime, like posting Simpson's fan fiction, they will get a harsher sentence if the whois information is out of whack. If you believe that you will never be sued in connection with content of your domain you haven't been paying attention lately. Whats more, those who really need anonymnity the most are those who are also most likely to get sued, be it on a reasonable basis or not.
The fact is that the RIAA doesn't NEED whois to track down domain holders. You nslookup. You get an IP, and you subpoena the ISP just like you would if there was no domain name associated with the IP. When they say its impossible to track down people with fake whois information they are lieing outright. Furthermore, the advantage, to them, of relying on accurate whois information instead of a subpoena is that they don't have to file paperwork with a court. There is no legal proceeding and no judicial oversite. They contact you directly and threaten you unless you settle with them, and if you can't afford to defend yourself you are on your own.