I already had to make that decision. I have enough money that I could take early retirement, so now I only work for organizations I actually like. That means I end up doing things like six months pro-bono for a leadership campaign, and then three years with a start-up, because they were inherently worth doing. Now I'm with a hardware company, because I love their product.
These three companies primarily want
- to continue to make money from us, by showing they're paying attention, and
- to not get thrown in jail.
I expect, like Lauren Weinstein (http://factsquad.com, https://lauren.vortex.com/2016...), that labelling fake news will be the most likely approach. That avoids the jail problem (:-))
To ensure they look "fair", I suspect that crowd-sourcing is the way theywill get leads, but not how the initial decision to label will be made. I expect them to do a sort --unique and feed the results to a human, handle a level or so of appeals internally, and eventually take objections to mediation, with appeals to the courts.
That's how a lot of similar problems, like consumer packaging rules, are handled in Canada. It may be the same in the 'States, but I wouldn't know.
Apprehended assault is legalese for what most people would call threatening to beat the shit out of someone. Incitement to assault is asking other folks to help.
Canada is nearby, speaks almost the same dialict of English and even shares the same timezones, so you can have a meeing during working hours (;-))
While I'm biased in favor of Canada, I strongly recommend Ireland and Canada to US companies which might want to have some of their business based outside of the U.S. (for example, Google) After that I've had good luck working with folks in Israel, Singapore and India, modulo problems with accents.
A lot of confidentiality is acheivable, but bugs lead to covert channels, and they seem insanely hard to find. That means a lot of maintenance. If his kernel sees reasonable sales, I'll buy in.
Governments are predominantly good at policing things: regulation is someting of a misnomer (regulators keep voltages stable: police arrest people).
The UL-like body need to be backed up by real police powers, like the power to have the local police seize dangerous goods, and be financially independant of the people who make the products being certified as safe to import and use.
Ontario famously tried to get the crooks (waterworks operators) pay for the police (drinking-water inspectors). That promptly killed seven people and infected thousands in the Walkerton E Coli outbreak, so simple user-pays is not a good model.
Probably a fixed fee for the first one licenced, paid to customs, and a tiny one per each 1000 additional devices of the same type. Then add a sampling process to make sure the manufacturer had not changed what's inside the box. Sampling is done at the retail store as well as at the border or plant. Customs pays the UL-like body, and if something is dangerous, customs and the police impound them.
All seizures require a warrent, and the courts handle appeals against the decision to seize.
I just started doing some work with "communicating sequential programs" from 1978, in the form of pipes inside a language.
Gee, something we know works, that was ignored by everyone but the Unix folks for 33 years.
Blech!
I now plan to create a time machine and go back and kill the unrestricted-multithreading folks (;-))
It's a defense in depth. If the attacker is a professional security service and has a key logger on your system, they can get anything, at the expense of having to grovel through everything you type for a day (;-))
If they're a script kiddy and can only read files, though, you can stop them by having some selected files encrypted, or their contents encrypted. For example,/etc/shadow.
Not that unusual: it pretty much worked that way in the TekSavvy case, for example. The court was sensitized to the risk of "speculative invoicing" on the part of the complainant, and put controlls on the data being released. According to CanLII, the troll seems to have given up at that point.
The courts may need to put further protection in place. Three might be
- have the text released to a third party sworn to confidentiality, possibly the telco
- have the reply address the local crimestoppers, an arms-length body
- require the list be destroyed after use.
In various countries, ISPs are reluctant to block spam from their customers, or even tell the customers that they have an virus, for fear the customer will sue them. In Canada (right next to the US) we were advised to do nothing, as one litigatious customer could ruin your whole year (;-))
The size of the problem space made it impossible. Any margin of error whatsoever, multiplied by the (number of people you're looking for + the number of people passing through the airport) leads to insane number of false positives. The German Federal Security Service did a trial with Siemens' recognizer many moons back, loved the technology, hoped the number of false positives would be small... and were disappointed. Even with an unreachably high efficiency, it kept tagging grandma as a terrorist.
It's like the birthday paradox: with only one chance in 365 of two people having the same birthday, it turns out that with 23 people in a room, you have a 50% chance of two birthdays matching. A 99% chance if there are 75 people. See http://danteslab-eng.blogspot.... As he notes, if you have a system that is 0.999999 accurate (one in a million), we have a 50% chance of a false positive or false negative as soon as we have scanned 1178 people... meaning for about each 1000 people we either arrest grandma or let Osaman Bin Laden stroll through.
They've probably reported that already, and been told "don't worry about mere mathematics, this is politics" (;-))
It's an extraordinary remedy called a"Norwich Order", and to oversimplify, the requester has to swear they're suing someone, and the suit has to have a "prima facie case of" an offence and the claim has to appear to be reasonable and made in good faith. See also http://www.canlii.org/en/on/on...
Ordinary suits are filed against John Doe, and the courts asked to issue a order to third parties to help identify the defendants.
Some governments think this kind of security is a bad thing, and and wrote in a clause of the Trans-Pacific Partnership treaty to prohibit it.
TPP “prevents governments in TPP countries from requiring the use of local servers for data storage,” the Canadian government states on its website.
This creates a privacy issue, suggested Guy Caron, NDP MP for Rimouski-Neigette-Témiscouata-Les Basques, in the House of Commons May 12.
Slashdot Mirror
reflashing with openwrt/lede/dd-wrt, https://plus.google.com/107942...
I already had to make that decision. I have enough money that I could take early retirement, so now I only work for organizations I actually like. That means I end up doing things like six months pro-bono for a leadership campaign, and then three years with a start-up, because they were inherently worth doing. Now I'm with a hardware company, because I love their product.
Already approved by Congress, aimed at "forign propagandists". https://news.slashdot.org/stor...
These three companies primarily want
- to continue to make money from us, by showing they're paying attention, and
- to not get thrown in jail.
I expect, like Lauren Weinstein (http://factsquad.com, https://lauren.vortex.com/2016...), that labelling fake news will be the most likely approach. That avoids the jail problem (:-))
To ensure they look "fair", I suspect that crowd-sourcing is the way theywill get leads, but not how the initial decision to label will be made. I expect them to do a sort --unique and feed the results to a human, handle a level or so of appeals internally, and eventually take objections to mediation, with appeals to the courts.
That's how a lot of similar problems, like consumer packaging rules, are handled in Canada. It may be the same in the 'States, but I wouldn't know.
The terrs are winning: they've convinced the security services to go after their own citizens.
Apprehended assault is legalese for what most people would call threatening to beat the shit out of someone. Incitement to assault is asking other folks to help.
Canada is nearby, speaks almost the same dialict of English and even shares the same timezones, so you can have a meeing during working hours (;-))
While I'm biased in favor of Canada, I strongly recommend Ireland and Canada to US companies which might want to have some of their business based outside of the U.S. (for example, Google) After that I've had good luck working with folks in Israel, Singapore and India, modulo problems with accents.
Citation, please?
A lot of confidentiality is acheivable, but bugs lead to covert channels, and they seem insanely hard to find. That means a lot of maintenance. If his kernel sees reasonable sales, I'll buy in.
Pacemakers.
Governments are predominantly good at policing things: regulation is someting of a misnomer (regulators keep voltages stable: police arrest people).
The UL-like body need to be backed up by real police powers, like the power to have the local police seize dangerous goods, and be financially independant of the people who make the products being certified as safe to import and use.
Ontario famously tried to get the crooks (waterworks operators) pay for the police (drinking-water inspectors). That promptly killed seven people and infected thousands in the Walkerton E Coli outbreak, so simple user-pays is not a good model.
Probably a fixed fee for the first one licenced, paid to customs, and a tiny one per each 1000 additional devices of the same type. Then add a sampling process to make sure the manufacturer had not changed what's inside the box. Sampling is done at the retail store as well as at the border or plant. Customs pays the UL-like body, and if something is dangerous, customs and the police impound them.
All seizures require a warrent, and the courts handle appeals against the decision to seize.
I think there's a Van Jacobsen article about that (;-))
I just started doing some work with "communicating sequential programs" from 1978, in the form of pipes inside a language. Gee, something we know works, that was ignored by everyone but the Unix folks for 33 years.
Blech!
I now plan to create a time machine and go back and kill the unrestricted-multithreading folks (;-))
Build a fence!
If they're a script kiddy and can only read files, though, you can stop them by having some selected files encrypted, or their contents encrypted. For example, /etc/shadow.
Not that unusual: it pretty much worked that way in the TekSavvy case, for example. The court was sensitized to the risk of "speculative invoicing" on the part of the complainant, and put controlls on the data being released. According to CanLII, the troll seems to have given up at that point.
The courts may need to put further protection in place. Three might be
- have the text released to a third party sworn to confidentiality, possibly the telco
- have the reply address the local crimestoppers, an arms-length body
- require the list be destroyed after use.
I read this as a DOS attack on your neighbours' wi-fi (;-)) followed by the units being banned, followed by either
Also apply negative caching, with a timeout so that when I register OrvilleTorpid.org it eventually propogates.
In various countries, ISPs are reluctant to block spam from their customers, or even tell the customers that they have an virus, for fear the customer will sue them. In Canada (right next to the US) we were advised to do nothing, as one litigatious customer could ruin your whole year (;-))
We just expanded the law to deal with variation on the scheme: an academic paper on it is at http://digitalcommons.osgoode....
The size of the problem space made it impossible. Any margin of error whatsoever, multiplied by the (number of people you're looking for + the number of people passing through the airport) leads to insane number of false positives. The German Federal Security Service did a trial with Siemens' recognizer many moons back, loved the technology, hoped the number of false positives would be small... and were disappointed. Even with an unreachably high efficiency, it kept tagging grandma as a terrorist.
It's like the birthday paradox: with only one chance in 365 of two people having the same birthday, it turns out that with 23 people in a room, you have a 50% chance of two birthdays matching. A 99% chance if there are 75 people. See http://danteslab-eng.blogspot.... As he notes, if you have a system that is 0.999999 accurate (one in a million), we have a 50% chance of a false positive or false negative as soon as we have scanned 1178 people... meaning for about each 1000 people we either arrest grandma or let Osaman Bin Laden stroll through.
They've probably reported that already, and been told "don't worry about mere mathematics, this is politics" (;-))
It's an extraordinary remedy called a"Norwich Order", and to oversimplify, the requester has to swear they're suing someone, and the suit has to have a "prima facie case of" an offence and the claim has to appear to be reasonable and made in good faith. See also http://www.canlii.org/en/on/on...
Ordinary suits are filed against John Doe, and the courts asked to issue a order to third parties to help identify the defendants.
Some governments think this kind of security is a bad thing, and and wrote in a clause of the Trans-Pacific Partnership treaty to prohibit it.
See also http://www.canadianunderwriter...
It's specifically illegal for banks, who invented it.