Ok, that's functional, but that does not buy you more security. I will brute force the authentication relationship:
T[2] = HASH ( DECRYPT ( T[1] with K ) )
with various values for password K, until I get a match. T[1] and T[2] are fixed and known to the attacker, since he has a copy of the password database. I don't need the salt value, what I care about is the password, and the scheme does not add entropy to the password. Unlike what some posters claim above, forcing the attacker to brute-force an encrypted salt in order to obtain the password would be a major victory (a 256 bit random password is impossible to brute-force); however this scheme does not achieve such a goal.
Password Hash = SHA256( AES_ENCRYPT( SALT using PASSWORD ) )
Salt Hash = SHA256( SALT )
Authentication: user enters password
Does SHA256 ( AES_DECRYPT ( Password Hash using PASSWORD ) ) equal Salt Hash ?
This calls for a bit of algebra. You say: SHA256 ( AES_DECRYPT ( Password Hash using PASSWORD ) ) = SHA256( SALT ) Ignoring collisions: AES_DECRYPT ( Password Hash using PASSWORD ) ) = SALT Replacing Password hash defined by you: AES_DECRYPT ( SHA256( AES_ENCRYPT( SALT using PASSWORD ) ) using PASSWORD ) ) = SALT [1]
But obviously: SALT = SALT AES_ENCRYPT( SALT using PASSWORD ) = AES_ENCRYPT( SALT using PASSWORD ) AES_DECRYPT ( AES_ENCRYPT( SALT using PASSWORD ) using PASSWORD) = SALT [2]
[1]+[2]: SHA256( AES_ENCRYPT( SALT using PASSWORD )) = AES_ENCRYPT( SALT using PASSWORD ) In conclusion, SHA256( K ) = K
Now that's what I call a cryptographic breakthrough ! Who knew ?
While most people know enough about security to avoid a plain password hash, very few people know how vulnerable common key derivation functions truly are. Things like PBKDF2, bcrypt and MD5-crypt widely used for example in Linux shadow file or in TrueCrypt give only a linear advantage over a salted plain hash. 5000 MD5 repetitions might sound like great security from a brute force perspective, but the asymptotic hardware cost of brute-forcing such a password is fairly small. The cost to break your 8 letter bcrypt password is in the hundreds of dollars, assuming enough passwords are cracked to justify a hardware cracker. I can almost bet NSA has a multi-million dollar hardware cracker that can brute-force your Linux or TrueCrypt password, assuming it has less than about 50 bits of entropy. Very few people are capable or willing to use truly safe passwords with 100bit+ entropy.
I know of only one strong key derivation algorithm that forces the attacker to scale it's hardware cost at the same rate as the software slowdown: scrypt. So by all means, don't use bcrypt, use scrypt.
The issue is completely different in a webserver, that probably can't spend 1 second of CPU time whenever a user logs in. Is such cases a hash + salt is all that you can realistically expect if a dedicated authentication machine does not exist. At least try to combine them safely using a HMAC, not some home-grown SHA1(salt+password) scheme.
So, spoofing device IDs to exploit a latent vulnerability in an obscure driver is an enormous attack surface? [...] most obscure usb devices are not included in my own kernel compiles.
The ability to exploit ALL usb drivers that ship with Linux is indeed an enormous attack surface. The attacker needs to find a single flaw in ANY of those drivers. The more obscure the driver, the higher the chance that it has security issues, and allot of obscure drivers add up to millions of obscure lines of code that were most likely not written or audited in an adversarial security mindset like other parts of the kernel.
Sure, you can compile your own kernel, write your own kernel, or build your own relay computer out of relays and be perfectly safe.
There is no autorun, mount, and execute set up upon device identification for my system.
Disabling auto-mount is pointless, you will eventually mount that USB device - why else would you plug it in ? 95% of the Slashdot population will plug and mount a stick received in the mail with the caption "You need to see this". Before you even have the option of mounting, the attacker has an enormous attack surface, by suppling it's own USB device ID: he can exploit the drivers for any of the myriad mouses, keyboards, cameras etc. that Linux supports by default, and gain kernel access. You will simply see his custom hardware device as a defective USB stick and forget about it. If the USB device actually turns out to be a flash drive, it can be formated using any file system supported by Linux: ext, FAT, NTFS etc. Each of the drivers have exotic and seldom used features that can hide bugs. Sure, you can do allot by limiting idiotic features in your GUI tools, but a lot of the security is out of your hands.
If I want to purchase services from a provider available to me that prioritizes YouTube and Netflix over Torrent traffic, why the heck shouldn't I be able to? To echo the sentiment of your other responders. What if I DON'T want to purchase internet services from such a provider? Why the heck should I HAVE to?
You don't have to do any such thing. You can power up your short-wave radio for free, take long walks in the park, play chess with your friends and otherwise exercise your constitutional freedoms in just about any way you see fit. Last time I checked, access to the Internet was not a constitutional right. The Internet is a private service, and you must enter private contracts to use the service. It's entirely your choice it the terms of those contracts are acceptable or not, as is the choice of contract partners. If Congress decides that access to Internet is a fundamental right, then I expect the state to build a tax-funded network that can enable said right, not confiscate existing private infrastructure to provide a technically unattainable access guarantee, for the sake of leftist "the internet is free for all" ideas.
Because then I might have to pay more to get an unprioritized Internet connection, as the market for it would be smaller. This is a violation of my rights, quite simply.
By the exact same logic, the state should force all shoe manufactures to use crocodile leather, otherwise I might pay a larger price on my specialty footwear, or even resort to [gasp!] imports. Humor me, what rights of yours are being violated, precisely ? The right to coerce other people into unwillingly subsidize your statistically anomalous usage patterns ?
The only place where some form of net neutrality can be justified is in highly monopolistic telecom markets, such as rural. Even then, Comcast should still be able to sell a prioritized connection if it clearly discloses in it's marketing material that the actual internet connection is low speed, and the high speed refers only to selected IPTV offers. That is, disallow deceitful advertising, not interfere with private rights of private entities to exchange private bits as they see fit through private copper.
Since the average internet troll can't IP spoof (he is limited to a/32 block) it's fairly obvious he will reveal his location. No need to use the source for that, Luke. The idea behind a voluntary botnet is that the damage done by each participant does light damage, and is not effectively ddosing, while at the same time the aggregate damage is effective in delivering the desired mob justice. The legal effectiveness of that defense might vary.
In cryptographic lingo, it means that although the algorithms aren't broken, they have a small security margin, for example 14 of 16 rounds are broken. Since attacks always get better, it's a good idea to pick an algorithm twice as slow with, say, 32 rounds, then to be on the bleeding edge. Sure, you get twice the speed, but you are only one good research paper away from hell. In regard to AES, it's largely agreed in the crypto community that NIST went for the performance, and we now trust an algorithm with a comparatively low security margin. If advances in cryptography continue at the same rate as the did in the past 30 years, then surely AES will be insecure 30 years from now [citation needed]. That's not sound mathematical reasoning, but it is sound pragmatic reasoning to reject an algorithm that's "too fast".
There are some things that are better off kept secret.
If you look at previous terrorist targets, they tend to be visible, symbolic or crowded places. The land-point of transatlantic cable ? A vaccine factory ? Those might be strategic locations, but they are not a terrorist targets. Nobody is going to be terrorized by a slower internet connection. Terrorists don't need target suggestions, attacking any school or crowded government building will provide a fair amount of terror.
So if this list is anything but a terrorist hit-list, as anyone can grasp, then what is it ? Could it be that it's presented to us as a terrorist hit-list precisely to fuel the knee-jerk reaction and character assassination of Wikileaks ?
Wikileaks helping the terrorist by providing secret hit-list ! Therefore, Wikileaks is terrorist. Terrorist try to kill american. Therefore, kill Wikileaks !
The analogy is flawed because governments are not private individuals. As an individual, you have an essential right to keep secrets: it's called privacy, and it's critical for liberty. Yes, I have the right to hide even if i didn't do anything wrong.
The government on the other hand is an entity with unlimited power and has a single purpose: to represent the people, maximize their overall welfare, and mediate the conflicts. I ask you, where is the need for secrecy in performing that task ?
There is an often repeated 'fact' these past few days, that government needs secrecy to be effective. Assange has gone 'too far' they say. It's often repeated, but there are rarely any arguments brought in favor. Quite the opposite, it's impossible for the government to be effective if it can operate in secrecy. It will always evolve into a corrupt conspiracy that looks out for it's own collective interest, not those they are representing. Again and again, history has shown that open societies maximize liberty, and that oppressive states operate by controlling fear and information. What's the point of holding elections if I don't know what the incumbents are doing, and what the opposition is planning ? That's a charade, not democracy.
One can argue that the military surely can't work without secrecy. The enemy will learn of the 'surprise' attack and flee. That may be true, but then again, the military is the exact antithesis of democracy. There's no vote when choosing the best attack target. I lead, you follow, I aim, you kill - that's how the army works. The military is a totalitarian institution and this maximizes it's effectiveness to kill.
It's you choice if you want to live in a secretive, militarized society as a pawn of the leaders, or as free individual who get's to decide democratically what the army should really protect him against.
You should have the right to kick him out for the spewing. That's the key factor
The key factor is that I can kick him out for any reason I want, or for no reason at all. It's my property, I allow whomever I want in. He claims he's being discriminated against because he's black, OK, the onus is on him to prove it. He claims he's discriminated because of his purple shoes ? To bad, there's no law preventing me to do that ! Yes, it's censorship and in this specific case it is despicable. But it's private censorship, you have no right to force me into supporting your free speech. Speak on the street-corner, on public property. Boycott my store if you don't like my views. Just don't force me to support yours - that's true liberty.
First of all, the article is about PayPal, not Amazon. It's debatable if Amazon is a common carrier. PayPal is in no way a common carrier, and it severely hurts PayPal's credibility if, say, the majority of PayPal shops are scams.
Secondly, you are making this a 'do I have a legitimate claim for king you out' issue. In fact, it's 'I can do whatever I want with my property, except discriminate you in a limited number of ways' issue. You are imposing your belief system and what you deem justifiable, upon me and my property. In fact, I can do whatever I want with my property, except break the law. Is there any law forcing me to take the mayor's money and publish his material in my paper ? There's not, and I can refuse service to whomever I want, as long as I don't discriminate against certain minorities defined by the law.
In your example, the mayor is committing a crime, that's where the problem lies, not with the (private) power company right to select it's customer base. In theory, the newspaper can buy power on the free market and it's not susceptible to that kind of persuasion. If the power company has a local monopoly enforced with the government's help, it clearly forfeits the right to select it's customers, and should be forced to provide a non-discriminatory service.
For example, it's been settled unequivocally that you can't run a lunch counter and refuse to serve blacks.
So, no, Amazon doesn't have the "freedom to not do business with you".
I certainly can't bar black people from my diner - it's illegal. What about a specific black person, who spews leftist propaganda at my customers ? Am I not allowed to kick him out because he's black, or because he has political views ?
The key issue here is that 'discrimination' is not always bad. Employers routinely discriminate against stupid people. The penal system discriminates against criminals by it's very nature. "To discriminate" means to distinguish, to select. You have no blanket right protecting you from all discrimination, you have specific and limited rights: in most societies you can't be picked on based on race, age, sex, orientation etc. I.a a blacklist of characteristics you can't be discriminated against.
However, you should expect being discriminated against when you are wearing an Osama t-shirt. You can wear it on the street, and post it on you website - that's freedom of speech. I will refuse to renew your lease - that's freedom of association.
By the way, I consider mr Assange a hero (albeit, an egomaniac one), and I'm seeding the wikileaks torrent. I just feel it's easy to go over-board when you feel the cold breath of the fascist state down your spine. The state needs fixing, not everyone else forced to share your opinion. US is still a great democracy. Here in Romania, none of the wikileaks domains resolve.
Freedom works both ways. I give you the freedom of speech, but please allow me the freedom to not do business with you. I don't so much mind the fact that some american businesses are bigoted red-necks. The politicians are the one to watch.
They're getting exactly that: a building. Google is getting 100% return from it's add business, do you think they care about a 5% return from current tenants ? At about 700$/sq feet, they are buying an 80 year old building for the same price it would have take to build it from scratch at the height of the real-estate bubble. I can understand the're can be other reasons for wanting this, like preventing a competitor from buying it to disrupt their core business, and forcing local competitors to regroup elsewhere. But from the real-estate stand-point, is'a a crap deal.
Alas! Meat plants still do exist, and Creationists have proved this. In fact, the meat-plants evolved into Creationists and are alive and kicking in Kentucky.
The color in question being green. It's a simple case of a messenger defecting from his duty in a primitive world that no longer adheres to the "don't kill the messenger" principle.
By all means, hunt Assange like Osama, seize the Wikileaks domains with ICANN’s help, DDoS Europe and use Palin’s fat ass to plug the internets. It’s the patriotic ‘right decision’.
What does the FCC have to do with this, again? Last I checked, internet was not transferred directly over the air like traditional television, so they have no more jurisdiction over internet than cable TV.
God damn there outta be an IQ requirement to post here! What part of "Federal" or "Communications" or "Commission" equates to only "over-the-air"?
The original mandate of such governmental agencies is to regulate the airwaves, a finite natural resource that does not lend itself to the laws of free market and can't be owned by anyone. So we, as a society, mandate the government, our representative, to oversee that resource is put to good use.
On the other hand, if Susie and Joe build a cup phone and start talking, that's an entirely private issue. The government, as your elected representative, has no natural prerogative to control private communication, just like you have no right to tap your neighbor's phone line.
We can argue that, since the real-world telecommunication market tends to form oligopolies (few choices for the end user), regulation such as net-neutrality is required. I can accept that on economic grounds, if you can prove it will lower the cost, improve the quality and availability, just like regulation of the electricity and gas companies. But again, it has nothing to do with the service being a "communications" one, it's an interference from the state who tries to 'fix' the market. As always results may vary.
In any case, I wholeheartedly reject the commission's right to regulate how I use a copper wire that's my property running over my back yard to my friend's house.
In my personal experience, the FTC's Do Not Call list has actually worked pretty well.
That's because a personal phone call from a live human costs alot and anyone who uses this method must target it's customer base very well to be cost-effective. In turn, it's almost certainly a US business, operating on US soil, and care about the FTC. If they violate the DNC list, you incur a high cost, and are likely to do something about it, like report them.
No so on the Internets. Tracking is 100% automatic, and non-intrusive. Only a minority of the sites doing the tracking are from your country (this is true most everywhere except maybe US). If they feel the local law is too restrictive, the add-farm can always reincorporate in the Solomon Isles, with no impact on the user experience. The vast majority of users don't care if they're being watched, so don't hold your breath for a regulatory solution.
The economics of the issue say a "do not track" list is going even less effective the a "do not spam list". A passive DNT browser setting (ex. a meta tag) will be ignored, and an active one will incur a cost for the user - it's extremely hard, even for the informed user, to discern among, say login and tracking cookies. Again, the economic pressue means that the add-farm with the best tracking can make the most money, and you can bet they will fight to stay competitive and track the users.
You're no longer allowed to create a social networking site using Face-, that's all
I see nothing about "social networking" in the trademark application. "Telecommunication services, namely, providing online chat rooms and electronic bulletin boards for transmission of messages among computer users" is an incredibly broad domain, and can be twisted around to mean almost any kind of website or communication service. Is a company website called "Face2Face.com" not an electronic bulletin board ? Furthermore, if such a site includes a "Contact us" form or simply list an email address, does it not facilitate transmission of messages among computer users ? Most importantly, does such a trademark allow Facebook, a billion-dollar company to effectively bully and bankrupt in court any.*face.* website ? I say it absolutely does.
The way it's granted, it will allow Facebook to block an online presence for almost any use of the word "face". Sure, the mom-and-pops across the street will not be targeted, but few successful companies in the 21st century can deny themselves an online presence. This gives Facebook an incredibly broad control over the word "face" all-across the business world. If a few thousand companies start doing this, the effect is a privatization of the vocabulary, a limited natural resource. I believe the individual right to self-enterprise is severely damaged when you can no longer sell your bricks online on NiceBricks.com and you are allowed only ParallelepipedicCeramicThingies.com
You are also presuming Facebook will act rationally and enforce the trademark only where it makes business sense, to kill copy-cats. That expectation is unreasonable, because the law works regardless if the people following are sane or crazy. It's like granting the Second Amendment right to carry a firearm to a crazy person. It's absolutely plausible for a bankrupt Facebook to go for the kill and extort every "face" that looks weak enough to fold in court and pay-up. You are also presuming allot about how a service such as FaceTime is not breaking the trademark - it clearly does. Apple might be strong enough to assert the literal meaning in court, by a start-up with a similar service will promptly be squashed. Let's not forget a trademark needs constant vigilance to avoid it becoming generic (... how more generic that "face" can you get?).
protect them from people launching services named faceXXX or XXXface that may indicate relationship to facebook
Then why not grant the trademark in such a way that any faceXXX is forced to prominently disclaim any relationship with Facebook ? The way it's formulated, it blocks any faceXXX, and damages my right to associate and communicate about my clean and legal fetish. Who do you think you are, telling me how to live my life ?
The system is designed to protect consumers from deliberate confusion, and its a good one for all it's flaws.
A simple fix: no dictionary words!. The name-space is simply to limited to grant perpetual ownership of a word to a private individual, regardless of the domain. Two word combinations ? Sure: 5000 common words combine in almost 25.000.000 ways. Plenty for any start-up until the year 2450 when we populate the galaxy. It's your choice to name your business Bricks, don't expect protection and ownership of the word bricks. We can make an allowance for brands already granted, but stop granting more.
(a different poster bellow)
If you load it up with ads, call it FaceBoook and post links all over the 'net trying to get people to accidentally click - thats a commercial action, it's fraudulant, and it's not allowed.
A simple trademark on FaceBook will cover that, it's an intentional attempt to deceit. I should be free to call my hamburger "Big Willie" or "Tasty Mac" (The fanboy's delight), it's clear for the consumer there are different products than the "Big Mac".
And the distribution and marketing model of Android guarantees the carrier and phone manufacturer the ability to do whatever they please
I like to think of it like the PC revolution all-over again.
The PC ecosystem has thrived not because they 'stole' the GUI and whatnot from Apple, Xerox, etc. The PC survived because it was a fundamental shift from the way computers were sold in the 80': a common HW specification ('go clone an IBM-PC') and an ubiquitous and inexpensive system software (DOS/Windows) allowed the PC manufactures to compete, lower the prices, cut down any cruft and deliver a variety of boxes that met the needs of any and all niches of the market, in a way no single company could ever do.
This is the real openness of the Android: the low market entry barrier for any hardware and software vendor, which must simply stick to a common spec, and have the freedom to inovate and compete. The fact that the reference implementation of the spec, the OS itself, is also open-source is just bonus openness. It means for example that Google can't pull a 'Windows' move on us, the way MS did on the PC market, because Android can be freely forked.
Regarding the open and not-so-open phones, this is strictly for the market to decide. The individual vendor might take the decision that makes most sense to its customer base. For example it might decide to lock down the device for security and reliability issues: it's better to have a solid device the luser can't break by downloading PamelaAndresonsBoobs.exe, then to have an angry customer because his phone is calling by itself to numbers in China. Or it might lock it down as requested by the network that sells it - and you can't expect an OS to fix eveything that's wrong in the tellecom world, just as you can't expect booting Linux on your PC to lower your internet bill.
The key issue is that if you, as a hobbyist, start-up, or established vendor, want to sell an 100% open Android phone which boots into root console, you can do that without anyone's aproval, in a way you will never be able to legally sell an iPhone-compatible. (or even software for the iPhone)
Slashdot Mirror
Ok, that's functional, but that does not buy you more security. I will brute force the authentication relationship:
T[2] = HASH ( DECRYPT ( T[1] with K ) )
with various values for password K, until I get a match. T[1] and T[2] are fixed and known to the attacker, since he has a copy of the password database. I don't need the salt value, what I care about is the password, and the scheme does not add entropy to the password. Unlike what some posters claim above, forcing the attacker to brute-force an encrypted salt in order to obtain the password would be a major victory (a 256 bit random password is impossible to brute-force); however this scheme does not achieve such a goal.
Password Hash = SHA256( AES_ENCRYPT( SALT using PASSWORD ) )
Salt Hash = SHA256( SALT )
Authentication: user enters password
Does SHA256 ( AES_DECRYPT ( Password Hash using PASSWORD ) ) equal Salt Hash ?
This calls for a bit of algebra. You say:
SHA256 ( AES_DECRYPT ( Password Hash using PASSWORD ) ) = SHA256( SALT )
Ignoring collisions:
AES_DECRYPT ( Password Hash using PASSWORD ) ) = SALT
Replacing Password hash defined by you:
AES_DECRYPT ( SHA256( AES_ENCRYPT( SALT using PASSWORD ) ) using PASSWORD ) ) = SALT [1]
But obviously:
SALT = SALT
AES_ENCRYPT( SALT using PASSWORD ) = AES_ENCRYPT( SALT using PASSWORD )
AES_DECRYPT ( AES_ENCRYPT( SALT using PASSWORD ) using PASSWORD) = SALT [2]
[1]+[2]:
SHA256( AES_ENCRYPT( SALT using PASSWORD )) = AES_ENCRYPT( SALT using PASSWORD )
In conclusion,
SHA256( K ) = K
Now that's what I call a cryptographic breakthrough ! Who knew ?
While most people know enough about security to avoid a plain password hash, very few people know how vulnerable common key derivation functions truly are. Things like PBKDF2, bcrypt and MD5-crypt widely used for example in Linux shadow file or in TrueCrypt give only a linear advantage over a salted plain hash. 5000 MD5 repetitions might sound like great security from a brute force perspective, but the asymptotic hardware cost of brute-forcing such a password is fairly small. The cost to break your 8 letter bcrypt password is in the hundreds of dollars, assuming enough passwords are cracked to justify a hardware cracker. I can almost bet NSA has a multi-million dollar hardware cracker that can brute-force your Linux or TrueCrypt password, assuming it has less than about 50 bits of entropy. Very few people are capable or willing to use truly safe passwords with 100bit+ entropy.
I know of only one strong key derivation algorithm that forces the attacker to scale it's hardware cost at the same rate as the software slowdown: scrypt. So by all means, don't use bcrypt, use scrypt.
The issue is completely different in a webserver, that probably can't spend 1 second of CPU time whenever a user logs in. Is such cases a hash + salt is all that you can realistically expect if a dedicated authentication machine does not exist. At least try to combine them safely using a HMAC, not some home-grown SHA1(salt+password) scheme.
So, spoofing device IDs to exploit a latent vulnerability in an obscure driver is an enormous attack surface? [...] most obscure usb devices are not included in my own kernel compiles.
The ability to exploit ALL usb drivers that ship with Linux is indeed an enormous attack surface. The attacker needs to find a single flaw in ANY of those drivers. The more obscure the driver, the higher the chance that it has security issues, and allot of obscure drivers add up to millions of obscure lines of code that were most likely not written or audited in an adversarial security mindset like other parts of the kernel.
Sure, you can compile your own kernel, write your own kernel, or build your own relay computer out of relays and be perfectly safe.
There is no autorun, mount, and execute set up upon device identification for my system.
Disabling auto-mount is pointless, you will eventually mount that USB device - why else would you plug it in ? 95% of the Slashdot population will plug and mount a stick received in the mail with the caption "You need to see this".
Before you even have the option of mounting, the attacker has an enormous attack surface, by suppling it's own USB device ID: he can exploit the drivers for any of the myriad mouses, keyboards, cameras etc. that Linux supports by default, and gain kernel access. You will simply see his custom hardware device as a defective USB stick and forget about it.
If the USB device actually turns out to be a flash drive, it can be formated using any file system supported by Linux: ext, FAT, NTFS etc. Each of the drivers have exotic and seldom used features that can hide bugs. Sure, you can do allot by limiting idiotic features in your GUI tools, but a lot of the security is out of your hands.
If I want to purchase services from a provider available to me that prioritizes YouTube and Netflix over Torrent traffic, why the heck shouldn't I be able to?
To echo the sentiment of your other responders. What if I DON'T want to purchase internet services from such a provider? Why the heck should I HAVE to?
You don't have to do any such thing. You can power up your short-wave radio for free, take long walks in the park, play chess with your friends and otherwise exercise your constitutional freedoms in just about any way you see fit. Last time I checked, access to the Internet was not a constitutional right. The Internet is a private service, and you must enter private contracts to use the service. It's entirely your choice it the terms of those contracts are acceptable or not, as is the choice of contract partners.
If Congress decides that access to Internet is a fundamental right, then I expect the state to build a tax-funded network that can enable said right, not confiscate existing private infrastructure to provide a technically unattainable access guarantee, for the sake of leftist "the internet is free for all" ideas.
Because then I might have to pay more to get an unprioritized Internet connection, as the market for it would be smaller. This is a violation of my rights, quite simply.
By the exact same logic, the state should force all shoe manufactures to use crocodile leather, otherwise I might pay a larger price on my specialty footwear, or even resort to [gasp!] imports. Humor me, what rights of yours are being violated, precisely ? The right to coerce other people into unwillingly subsidize your statistically anomalous usage patterns ?
The only place where some form of net neutrality can be justified is in highly monopolistic telecom markets, such as rural. Even then, Comcast should still be able to sell a prioritized connection if it clearly discloses in it's marketing material that the actual internet connection is low speed, and the high speed refers only to selected IPTV offers. That is, disallow deceitful advertising, not interfere with private rights of private entities to exchange private bits as they see fit through private copper.
Since the average internet troll can't IP spoof (he is limited to a /32 block) it's fairly obvious he will reveal his location. No need to use the source for that, Luke.
The idea behind a voluntary botnet is that the damage done by each participant does light damage, and is not effectively ddosing, while at the same time the aggregate damage is effective in delivering the desired mob justice. The legal effectiveness of that defense might vary.
Well that's mathematically sound reasoning!
In cryptographic lingo, it means that although the algorithms aren't broken, they have a small security margin, for example 14 of 16 rounds are broken. Since attacks always get better, it's a good idea to pick an algorithm twice as slow with, say, 32 rounds, then to be on the bleeding edge. Sure, you get twice the speed, but you are only one good research paper away from hell.
In regard to AES, it's largely agreed in the crypto community that NIST went for the performance, and we now trust an algorithm with a comparatively low security margin. If advances in cryptography continue at the same rate as the did in the past 30 years, then surely AES will be insecure 30 years from now [citation needed]. That's not sound mathematical reasoning, but it is sound pragmatic reasoning to reject an algorithm that's "too fast".
There are some things that are better off kept secret.
If you look at previous terrorist targets, they tend to be visible, symbolic or crowded places. The land-point of transatlantic cable ? A vaccine factory ? Those might be strategic locations, but they are not a terrorist targets. Nobody is going to be terrorized by a slower internet connection. Terrorists don't need target suggestions, attacking any school or crowded government building will provide a fair amount of terror.
So if this list is anything but a terrorist hit-list, as anyone can grasp, then what is it ? Could it be that it's presented to us as a terrorist hit-list precisely to fuel the knee-jerk reaction and character assassination of Wikileaks ?
Wikileaks helping the terrorist by providing secret hit-list ! Therefore, Wikileaks is terrorist. Terrorist try to kill american. Therefore, kill Wikileaks !
The analogy is flawed because governments are not private individuals. As an individual, you have an essential right to keep secrets: it's called privacy, and it's critical for liberty. Yes, I have the right to hide even if i didn't do anything wrong.
The government on the other hand is an entity with unlimited power and has a single purpose: to represent the people, maximize their overall welfare, and mediate the conflicts. I ask you, where is the need for secrecy in performing that task ?
There is an often repeated 'fact' these past few days, that government needs secrecy to be effective. Assange has gone 'too far' they say. It's often repeated, but there are rarely any arguments brought in favor. Quite the opposite, it's impossible for the government to be effective if it can operate in secrecy. It will always evolve into a corrupt conspiracy that looks out for it's own collective interest, not those they are representing. Again and again, history has shown that open societies maximize liberty, and that oppressive states operate by controlling fear and information. What's the point of holding elections if I don't know what the incumbents are doing, and what the opposition is planning ? That's a charade, not democracy.
One can argue that the military surely can't work without secrecy. The enemy will learn of the 'surprise' attack and flee. That may be true, but then again, the military is the exact antithesis of democracy. There's no vote when choosing the best attack target. I lead, you follow, I aim, you kill - that's how the army works. The military is a totalitarian institution and this maximizes it's effectiveness to kill.
It's you choice if you want to live in a secretive, militarized society as a pawn of the leaders, or as free individual who get's to decide democratically what the army should really protect him against.
Please lets not conflate Wikipedia and Wikileaks. That is not good for anyone.
Don't you know, 'wiki' is the new 'liberal'. Michael Savage has found the missing link between Wikipedia and Wikileaks:
http://www.trn1.com/uploads/automp3/savagesegments/Savage_11-29-2010_HR1.mp3 (at about 1:40)
You should have the right to kick him out for the spewing. That's the key factor
The key factor is that I can kick him out for any reason I want, or for no reason at all. It's my property, I allow whomever I want in. He claims he's being discriminated against because he's black, OK, the onus is on him to prove it. He claims he's discriminated because of his purple shoes ? To bad, there's no law preventing me to do that !
Yes, it's censorship and in this specific case it is despicable. But it's private censorship, you have no right to force me into supporting your free speech. Speak on the street-corner, on public property. Boycott my store if you don't like my views. Just don't force me to support yours - that's true liberty.
First of all, the article is about PayPal, not Amazon. It's debatable if Amazon is a common carrier. PayPal is in no way a common carrier, and it severely hurts PayPal's credibility if, say, the majority of PayPal shops are scams.
Secondly, you are making this a 'do I have a legitimate claim for king you out' issue. In fact, it's 'I can do whatever I want with my property, except discriminate you in a limited number of ways' issue. You are imposing your belief system and what you deem justifiable, upon me and my property. In fact, I can do whatever I want with my property, except break the law. Is there any law forcing me to take the mayor's money and publish his material in my paper ? There's not, and I can refuse service to whomever I want, as long as I don't discriminate against certain minorities defined by the law.
In your example, the mayor is committing a crime, that's where the problem lies, not with the (private) power company right to select it's customer base. In theory, the newspaper can buy power on the free market and it's not susceptible to that kind of persuasion. If the power company has a local monopoly enforced with the government's help, it clearly forfeits the right to select it's customers, and should be forced to provide a non-discriminatory service.
For example, it's been settled unequivocally that you can't run a lunch counter and refuse to serve blacks.
So, no, Amazon doesn't have the "freedom to not do business with you".
I certainly can't bar black people from my diner - it's illegal. What about a specific black person, who spews leftist propaganda at my customers ? Am I not allowed to kick him out because he's black, or because he has political views ?
The key issue here is that 'discrimination' is not always bad. Employers routinely discriminate against stupid people. The penal system discriminates against criminals by it's very nature. "To discriminate" means to distinguish, to select. You have no blanket right protecting you from all discrimination, you have specific and limited rights: in most societies you can't be picked on based on race, age, sex, orientation etc. I.a a blacklist of characteristics you can't be discriminated against.
However, you should expect being discriminated against when you are wearing an Osama t-shirt. You can wear it on the street, and post it on you website - that's freedom of speech. I will refuse to renew your lease - that's freedom of association.
By the way, I consider mr Assange a hero (albeit, an egomaniac one), and I'm seeding the wikileaks torrent. I just feel it's easy to go over-board when you feel the cold breath of the fascist state down your spine. The state needs fixing, not everyone else forced to share your opinion. US is still a great democracy. Here in Romania, none of the wikileaks domains resolve.
The original poster had it almost right. The building has 3 million sq feet, and Google owns 89%. Price tag: 5797 Eur / m
Freedom works both ways. I give you the freedom of speech, but please allow me the freedom to not do business with you.
I don't so much mind the fact that some american businesses are bigoted red-necks. The politicians are the one to watch.
WiFileaks.org ?
They're getting more than just a building
They're getting exactly that: a building. Google is getting 100% return from it's add business, do you think they care about a 5% return from current tenants ?
At about 700$/sq feet, they are buying an 80 year old building for the same price it would have take to build it from scratch at the height of the real-estate bubble.
I can understand the're can be other reasons for wanting this, like preventing a competitor from buying it to disrupt their core business, and forcing local competitors to regroup elsewhere. But from the real-estate stand-point, is'a a crap deal.
Alas! Meat plants still do exist, and Creationists have proved this. In fact, the meat-plants evolved into Creationists and are alive and kicking in Kentucky.
Modpoints.
Nice that amazon have shown their colours
The color in question being green.
It's a simple case of a messenger defecting from his duty in a primitive world that no longer adheres to the "don't kill the messenger" principle.
By all means, hunt Assange like Osama, seize the Wikileaks domains with ICANN’s help, DDoS Europe and use Palin’s fat ass to plug the internets. It’s the patriotic ‘right decision’.
What does the FCC have to do with this, again? Last I checked, internet was not transferred directly over the air like traditional television, so they have no more jurisdiction over internet than cable TV.
God damn there outta be an IQ requirement to post here! What part of "Federal" or "Communications" or "Commission" equates to only "over-the-air"?
The original mandate of such governmental agencies is to regulate the airwaves, a finite natural resource that does not lend itself to the laws of free market and can't be owned by anyone. So we, as a society, mandate the government, our representative, to oversee that resource is put to good use.
On the other hand, if Susie and Joe build a cup phone and start talking, that's an entirely private issue. The government, as your elected representative, has no natural prerogative to control private communication, just like you have no right to tap your neighbor's phone line.
We can argue that, since the real-world telecommunication market tends to form oligopolies (few choices for the end user), regulation such as net-neutrality is required. I can accept that on economic grounds, if you can prove it will lower the cost, improve the quality and availability, just like regulation of the electricity and gas companies. But again, it has nothing to do with the service being a "communications" one, it's an interference from the state who tries to 'fix' the market. As always results may vary.
In any case, I wholeheartedly reject the commission's right to regulate how I use a copper wire that's my property running over my back yard to my friend's house.
In my personal experience, the FTC's Do Not Call list has actually worked pretty well.
That's because a personal phone call from a live human costs alot and anyone who uses this method must target it's customer base very well to be cost-effective. In turn, it's almost certainly a US business, operating on US soil, and care about the FTC. If they violate the DNC list, you incur a high cost, and are likely to do something about it, like report them.
No so on the Internets. Tracking is 100% automatic, and non-intrusive. Only a minority of the sites doing the tracking are from your country (this is true most everywhere except maybe US). If they feel the local law is too restrictive, the add-farm can always reincorporate in the Solomon Isles, with no impact on the user experience. The vast majority of users don't care if they're being watched, so don't hold your breath for a regulatory solution.
The economics of the issue say a "do not track" list is going even less effective the a "do not spam list". A passive DNT browser setting (ex. a meta tag) will be ignored, and an active one will incur a cost for the user - it's extremely hard, even for the informed user, to discern among, say login and tracking cookies. Again, the economic pressue means that the add-farm with the best tracking can make the most money, and you can bet they will fight to stay competitive and track the users.
You're no longer allowed to create a social networking site using Face-, that's all
I see nothing about "social networking" in the trademark application. "Telecommunication services, namely, providing online chat rooms and electronic bulletin boards for transmission of messages among computer users" is an incredibly broad domain, and can be twisted around to mean almost any kind of website or communication service. Is a company website called "Face2Face.com" not an electronic bulletin board ? Furthermore, if such a site includes a "Contact us" form or simply list an email address, does it not facilitate transmission of messages among computer users ? Most importantly, does such a trademark allow Facebook, a billion-dollar company to effectively bully and bankrupt in court any .*face.* website ? I say it absolutely does.
The way it's granted, it will allow Facebook to block an online presence for almost any use of the word "face". Sure, the mom-and-pops across the street will not be targeted, but few successful companies in the 21st century can deny themselves an online presence. This gives Facebook an incredibly broad control over the word "face" all-across the business world. If a few thousand companies start doing this, the effect is a privatization of the vocabulary, a limited natural resource. I believe the individual right to self-enterprise is severely damaged when you can no longer sell your bricks online on NiceBricks.com and you are allowed only ParallelepipedicCeramicThingies.com
You are also presuming Facebook will act rationally and enforce the trademark only where it makes business sense, to kill copy-cats. That expectation is unreasonable, because the law works regardless if the people following are sane or crazy. It's like granting the Second Amendment right to carry a firearm to a crazy person. It's absolutely plausible for a bankrupt Facebook to go for the kill and extort every "face" that looks weak enough to fold in court and pay-up. You are also presuming allot about how a service such as FaceTime is not breaking the trademark - it clearly does. Apple might be strong enough to assert the literal meaning in court, by a start-up with a similar service will promptly be squashed.
Let's not forget a trademark needs constant vigilance to avoid it becoming generic (... how more generic that "face" can you get?).
protect them from people launching services named faceXXX or XXXface that may indicate relationship to facebook
Then why not grant the trademark in such a way that any faceXXX is forced to prominently disclaim any relationship with Facebook ? The way it's formulated, it blocks any faceXXX, and damages my right to associate and communicate about my clean and legal fetish. Who do you think you are, telling me how to live my life ?
The system is designed to protect consumers from deliberate confusion, and its a good one for all it's flaws.
A simple fix: no dictionary words!. The name-space is simply to limited to grant perpetual ownership of a word to a private individual, regardless of the domain. Two word combinations ? Sure: 5000 common words combine in almost 25.000.000 ways. Plenty for any start-up until the year 2450 when we populate the galaxy. It's your choice to name your business Bricks, don't expect protection and ownership of the word bricks. We can make an allowance for brands already granted, but stop granting more.
(a different poster bellow)
If you load it up with ads, call it FaceBoook and post links all over the 'net trying to get people to accidentally click - thats a commercial action, it's fraudulant, and it's not allowed.
A simple trademark on FaceBook will cover that, it's an intentional attempt to deceit. I should be free to call my hamburger "Big Willie" or "Tasty Mac" (The fanboy's delight), it's clear for the consumer there are different products than the "Big Mac".
And the distribution and marketing model of Android guarantees the carrier and phone manufacturer the ability to do whatever they please
I like to think of it like the PC revolution all-over again.
The PC ecosystem has thrived not because they 'stole' the GUI and whatnot from Apple, Xerox, etc. The PC survived because it was a fundamental shift from the way computers were sold in the 80': a common HW specification ('go clone an IBM-PC') and an ubiquitous and inexpensive system software (DOS/Windows) allowed the PC manufactures to compete, lower the prices, cut down any cruft and deliver a variety of boxes that met the needs of any and all niches of the market, in a way no single company could ever do.
This is the real openness of the Android: the low market entry barrier for any hardware and software vendor, which must simply stick to a common spec, and have the freedom to inovate and compete. The fact that the reference implementation of the spec, the OS itself, is also open-source is just bonus openness. It means for example that Google can't pull a 'Windows' move on us, the way MS did on the PC market, because Android can be freely forked.
Regarding the open and not-so-open phones, this is strictly for the market to decide. The individual vendor might take the decision that makes most sense to its customer base. For example it might decide to lock down the device for security and reliability issues: it's better to have a solid device the luser can't break by downloading PamelaAndresonsBoobs.exe, then to have an angry customer because his phone is calling by itself to numbers in China. Or it might lock it down as requested by the network that sells it - and you can't expect an OS to fix eveything that's wrong in the tellecom world, just as you can't expect booting Linux on your PC to lower your internet bill.
The key issue is that if you, as a hobbyist, start-up, or established vendor, want to sell an 100% open Android phone which boots into root console, you can do that without anyone's aproval, in a way you will never be able to legally sell an iPhone-compatible. (or even software for the iPhone)