It's *almost* a complete waste of time. The advantage of the laws is that they make the Spamming activity specifically criminal... which can be used to go after the Spammers. Further, while I-am-not-a-lawyer, I could easily see a criminal case being made for consipiracy against any executive aware of the hiring of a spammer to advertise their company.
1. Spam hits inbox.
2. Extract corporate information.
3. Get freindly judge to issue a warrant for the company's accounts, followed by their computer logs.
4. Find responsible C-level moron.
5. Prosecute
Repeat a few times, and even the V1A6RA idjits will go away. The only remaining spammers will be the completely criminal (EG, Nigerian 419's and identity theft rings)... which are a separate barrel of prosecutions.
Of course, there's a little problem with my theory: you need to have investigators who will actually investigate, and prosecutors who will actually prosecute. However, the mobs of howling taxpayers seem likely to provide an incentive for this.
As the judge remarked the day that he
acquitted my Aunt Hortense,
"To be smut
It must be ut-
Terly without redeeming social importance."
Personally, I think most of the smut (either arriving as spam or available on the web) is really, really bad for young people to be reading.. but not because of the sexual content. The punctuation, grammar, and spelling is spectacularly bad most of the time-- even more so when the idjits are trying to beat a spam filter. And while I recognize that porn (like any other field of literature) has its archetypes and themes, usually the writing doesn't even achieve that: the characters are cardboard, the dialogue is wooden, and the plot is tissue-paper.
Todays kids should spend more time reading the literary classics of smut!
Not to mention his tenure as chief moderator of the rec.humor.funny Usenet group, when the infamous Jewish Ventriloquist joke incident occured. He's no stranger to this sort of battle.
Mind you, I hadn't remembered he was chairman of the board of the EFF. Could AmEx have possibly picked a worse person to try to intimidate?
As I understand it, the reason that most sites giving basic advice add "IANAL/consult a professional" is threefold. First, laws vary from state to state; good advice in California may be very bad advice indeed in Massechusetts. Second and similarly, sometimes the big picture hangs very heavily on a couple of very small but important details; lawyers are well practiced at straining at gnats and swallowing camels, and knowing which is which is not something for an amateur off death row to try. (If you're on death row, what else do you have to do with your time?)
The third reason, however, is the most important. As I understand it, if you give someone legal advice, it both makes you civilly liable for any bad consequences of taking it (IE, you get sued next if they lose the case), and may constitute the criminal offense of practicing law without a license if you are not admitted to the Legal Bar for the jurisdiction your advisee is in. I've heard Arizona is an exception to the second half of that, but I don't know the truth of this.
Many lawyers offer a free initial consultation; if you have a problem, taking advantage of that sounds like a good place to start.
Why do people think that the command line [osnews.com] is *not* "user friendly"? SNIP Then why a system administrator?
You're talking about two different groups of "users". Most users are not system administrators in any significant sense of the word. Yes, home users are by necessity "administrator" on their machine... but they don't do much administration, and I don't think that what you're talking about.
Linux, as is, is fine for systems admins. It is not fine for Aunt Tillie types; I believe the increasing usability is targeted at the latter group.
Oh, and as an incidental aside...
Windows and Linux admins in the same organization? What organization is this?!
Hell, sometimes you can have Windows, Linux, and even Mac administrators in the same *person*. Some of us are agnostic in the great OS holy wars. =)
It depends what you mean by increased usability. A linux expert can do almost anything on Linux right now. Aunt Tillie can't check her e-mail, without risking creating an open SPAM proxy. Increasing usability has very little to do with the underlying code functions, and far more to do with the visual communication of relevant information. As long as the interface does not rely on security through obscurity, improving the interface will only improve security, with things like:
"Warning: Setting Up a SendMail Daemon without checking for security patches may risk increasing the world supply of electronic Junk Mail (SPAM). Perform check for securely signed patches (Default: Yes)? Use Default trusted patch Server patchserver.ThisLinuxVendor.com (Default: Yes)?"
Of course, increasing accessibility also increases accessibility to potential shoot-yourself-in-the-foot things like filesharing. Right now, Security through Obscurity usually protects Aunt Tillie from setting up a SMB share of her entire hard drive. On the other hand, if she does do it somehow, she'll never figure out that her DSL is slow because she's been turned into the leading WAREZ distro for Podunk. Security through Obscurity is generally considered harmful-- but it is Security. Good interfaces can be designed to provide the users with warnings to educate them as to hazards, while letting them shoot themselves in the foot if they really, really want to.
Now, if you talk about increasing the functionality, so the Linux users can do things like install spyware, or DirectX components to reformat their hard drive, then yes, that's likely to decrease security.
30 second sample of a 4 second interlude
on
RIAA's Nasty Easter Egg
·
· Score: 3, Informative
For works under 30 seconds, you can listen to the whole thing; however, you can't save what you hear. (There's about 20 of Shel Silverstein's poems from "A Light in the Attic" and "Where the Sidewalk Ends" that fall in this category.)
I have a friend who is a mental health professional, and he said...
There are subtle variations is degrees of protection of privilege that depend on the nature of the relationship-- doctor-client privilege is subject to different protections than lawyer-client privilege. You'd probably have to ask a or law professor specializing in that field to get the details explained... and the answer might take a semester, since (as you noted) privilege is usually recognized at the state level.
Not a privilege, a legal responsibility.
No, no, no... the privilege is that of the CLIENT. Anything the doctor, lawyer, shrink, or whatever says is *NOT* subject to privilege (save to the extent that it reveals the clients privileged communications), and the client may reveal any of it to anyone they choose.
If I need a password to call a deaf person but not a hearing person, that's hardly equal access.
Not that I think the idiot plan of logging is anything other than an idiot plan, but I thing they're only talking about requiring a name and password for a deaf person to call out, not requiring a password to call a deaf person.
I admit, this is still not equal access: the deaf will need to (briefly) identify themselves and provide proof of their identity (the password) to make a phone call, where the hearing do not. On the other hand, it seems a minimal obstacle. On the gripping hand, I'm not deaf, and won't be for about another 50 years judging by family history, so I'm not the one to judge that.
On yet another arm of my octopus, I'm not sure that such passwords would do any good; they would become a prime target for a new form of identity theft, just like social security numbers and mother's maiden names are now.
Free TTY services be allowed to issue usernames and passwords to their customers,
Yes. Requiring some sort of proof that the service is needed as you suggest might also be desirable.
keep text logs of the conversations,
No.
As I recall my sign language instructor explaining, the TTY Relay Service operator (and, I suppose, anything they might keep a hypothetical log with) is legally considered to be part of the telephone. They are NOT allowed to discuss anthing they hear; and any testimony they give about anything they have heard prior to a wiretap warrant being issued is legally inadmissable. You can be planning a murder, and the operator just has to relay the messages back and forth. It's a condition of legal privilege similar to those of spouses, doctors, lawyers, and the Secret Service.
Allowing mandatory logging would effectively put a bug into the phone of every deaf person who has need of this service. Any regulation or legislation permitting this would be struck down in court as a violation of the equal protection and reasonable search clauses.
As for the phone companies doing it themselves, they are under what is called "common carrier protection"-- they make no judgements over what to carry, they just send the voices back and forth, whether it's a call to mom or a death threat. Yes, harrassing calls are illegal, but the phone company only can take action AFTER the recipient complains. Logging, and revoking access based on use, would remove the Telco common carrier protection, and they REALLY don't want to do that. Not to mention the incidental that this might get them sued for civil rights violations under that pesky equal protection clause again.
This report does lead me to wonder, however. I recall being informed by a professor who specializes in history of computing that the phone phreak community back in the 1970's to 1990s was had a very large blind community. While speculations on the cause of that are moot to the matter at hand, there might actually be a group of deaf/hard-of-hearing folk who are gathering around this new (and even less moral) illegal activity. If so, it would be depressing.
Disclaimer: I am not a lawyer, I just argue with one.
One founded by the descendents of sexually repressed religious zealots who wanted to be able to torture confessions out of witches and heretics in peace?
A LaserJet 6MP is a very respectable printer. Parallel ports are still fast and reliable. Not everybody feels the need to upgrade to USB 2.0 printers just because that is "trendy".
Agreed. Most computer hardware has about a 3 year useful life. Monitors go up to about 6 years. A good laser printer can have a 12+ year useful life, depending on printer quality and duty cycle. One of the users I support has a parallel port HP LaserJet III still in use... it works Just Fine, thank you very much. It was bought 12 years ago, and I fully expect it to last another four years, when the user will retire... but the printer may not.
"When the laser scanners were coming out, everybody was saying, retailers are going to collect information about what you buy. Is that why I have two loyalty cards on my keyring and three more in my wallet?"
Those ID tags only track you if you provide meaningful information when you fill out the ID tag. I consistently use things like "Ima Lyre, born Feb 29 1971, 123 Bogus St., Schenectady NY 12345." (Actually, 12345 is in Sch'dy NY, but no-one lives there-- it's GE's main plant. Since it's a paper application, the sales idjit just smiles and takes it.
Those retailers are collecting information about what entity number 4567489612347 is buying, but the only link to me is in my wallet... if I haven't lost it.
As Cinderella said to Pinochio while sitting on his face, "Lie, you bastard! Lie! Lie! Lie!"
Obviously, the time to distribute fixed and patches goes down as well.
The real "time to distribute patches" is the total of (a) the time required for the manufacturer to discover the bug, (b) the time required to create a patch, (c) the time required to for the user to figure out that yes, they REALLY DO NEED TO DOWNLOAD the $%^&ing patch, (d) the time required to download the patch, and (e) the time required to actually install it (and usually, reboot).
Increasingly available high bandwidth/throughput connections on DSL will cut into the time for step (d), but the big problem is at the "Aunt Tillie" bottleneck at step (c)... which increasing connection speed won't help diddly.
Well if the director of the facility is calling it a Level 5 facility only 6 years ago I would hardly call that outdated or incorrect as in theory he should know more than anyone about the subject.
The citation you give is on the web site of (what based on this reference amoung others, I judge is essentially) a lobbying organization, giving draft notes from a meeting between representatives of the group and various government officials. Furthermore, that was in 1998, only two years after the 1996 change in terminology. Inexact terminology was excusable.
It is not, say, a current official government publication, or official testimony to congress.
It is now eight years since the correct parlance has changed. Using the old terminology is no longer appropriate.
Of course, while the term for the facility and the bugs may have changed from BSL-5 to BSL-4, that doesn't change how #$%^ing dangerous the stuff really is. They were then and still are the nastiest bugs on the planet, and have not gotten one whit safer in the meanwhile. While I'm not sure what the best location would be for such a facility, you're right: putting one that close to New York City is rank insanity.
References to BSL5 appear to be using poor/outdated terminology.
A non-canonically sourced article here (coincidentally mentioning Plum island) mentions "The confusion stems from two separate ranking systems, one for organisms and one for facilities. There are four levels of facilities, said Ms. Hays. And there are four levels of organisms. But once upon a time there were five levels of organisms, the top rank reserved for animals diseases forbidden in the mainland U.S."
A passing reference to this old classification system can be seen here.
The current CDC listing of Biosafety Criteria is here.
My quicksearches using Google to check US government web sites turns up only a handful of references, all false positives (so to speak). This suggests that any mention of BSL-5 is either outdated, incorrect, fictitious, or (for the paranoid) leaked classified information.
Having read the BSL-4 specs from the CDC, about the only step up I can imagine for a BSL-5 facility is "Remote teleoperation only; no on-site human presence allowed. No material, organic or otherwise, may ever leave the facility." Anyone stupid enough to even try to play with something that would need that level of containment ought to be shot; it isn't even useful as weapon, it just exteminates the species.
A freind of mine was preaching to the choir (me) about how inappropriate it is that the RIAA is calling mass copyright infringement "piracy", and how it is an inappropriately biased term given the evils of Blackbeard and the like. Since I agreed, but like my rants to be backed up by better facts, I did some research on piracy of the "Argh, me hearties" kind. To my surprise, it almost fits, if you grant that copyright is "property", Cyberspace is a "place outside the jurisdiction of any State", and that mass copyright infringement falls within "act of depredation". (See what the UN has to say about the Jolly Roger type stuff.)
Skimming the web for some history on this, it seems that the idea of the laws against piracy arose slowly to deal with the problem of crimes committed outside of any national jurisdiction. I was wondering if Mike has any thoughts on this parallel, and what it may imply about how cyberlaw may evolve.
The publishing industry is many hundreds of years older and wiser. (Could it be because some of them still read?) They remember their history, and the last copyright and patent revolt in England: the printers lost, badly; literature survived quite nicely. Modern publishers also realize that lending books ultimately ends up increasing sales longer term; Erik Flint discusses this eloquently at The Baen Free Library.
In the case of copyrighted building codes being made into public domain laws, the courts have come down on the side of the public domain. This seems sensible, IMHO.
However, this should fall under Amendment V: "nor shall private property be taken for public use, without just compensation". Up until the point when the code is made law, the copyright is private property; after, it becomes public property.
Of course, this is (IMHO, IANAL) somewhat different from the case of an assembage of facts (such as the phone book) that is intrinsically uncopyrightable, as opposed to uncopyrightable because of the need for the law to be accessable. Eldred v Ashcroft gives a dim view of the chances of this being knocked down if it does become law.
The proper description is "a bunch of mindless jerks who'll be the first against the wall when the revolution comes."
More seriously, though, it does send a notion wandering through my brain, as to the next step in outsourcing. They've outsourced manufacturing, and now white collar jobs. Could academia be next? Distance learning programs could go up in level, especially if fiber-to-the-door actually comes about.
Slightly more plausible, however, is for the next step to be boards of directors outsourcing management; Pointy Haired Bossing isn't that hard. =)
Of course, stockholding could be outsourced faster still....
RAID 0 at least makes sense; that way the multiple drives involved are treated as a single drive.
The LaCie Bigger Disk is fairly affordable if you need the drive size-- 1TB per drive at about $1200 . The 1000 DVDs = 10 TB implies you need about 10 of these drives for a RAID 0 set. The "marginal" cost of converting 10 drives from a RAID 0 (no redundancy) solution to a RAID 5 (redundant striped set) solution would be proabably about 10%, assuming you can find firewire RAID 5 software. Of course, since you're about to drop $13K at LaCie, I suspect they would be happy to discuss Firewire 800 RAID 5 packages with you. =)
(x) It is defenseless against brute force attacks
Um? Public/Private key encryption is sorta subject to brute force attacks, but last I heard a 1024 bit key set requires a Seti@Home grade cluster to have a hope of breaking it.
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
I don't see that. However, if I enable spam blocking on my mst3k@earthlink.net account, my ISP may then drop everything from those not using this authentication into the bit bucket.
(x) Many email users cannot afford to lose business or alienate potential employers
And these folks will be the last victims of spam, until the diminished number of people seeing spam diminishes those buying spammed products so that spamming is no longer economically viable.
Specifically, your plan fails to account for
(x) Open relays in foreign countries
Such open relays may be subjected to vast pressure from their upstream providers, not to mention DDOS from socially activist script kiddies. They may also be conventionally blacklisted.
(x) Huge existing software investment in SMTP
This is still using SMTP, with perhaps eight additional RFC 822/2076 type headers that can and should be made official via RFC if this proposed standard is implemented. However, the plan does NOT cover the issues of secure key distribution, compare the computational overhead of key-pair signature verification versus current spam filter methods.
(x) Armies of worm riddled broadband-connected Windows boxes
Depends on whether the spamming program uses its own SMTP engine (filtered at destination due to lack of authetication), or parisitizes off the ISP SMTP server (which will at least track spam to particular ISPs.) Granted, we're still going to need several million cluebats, and ISPs will need to deal with those people who enable spammers.
(x) Dishonesty on the part of spammers themselves
I don't see the problem here. More specific, please.
(x) Bandwidth costs that are unaffected by client filtering
If it results in vastly fewer people reading spam (say, reduced to 1% current levels), repsonse rates reduce (roughly) correspondingly. Spam becomes less rewarding, so fewer people will try it, and bandwidth throughput foes down.
I concede, the bandwidth/throughput costs of key distribution for the client filtering may be less than trivial as well.
The problem is, as mentioed earlier, their busisness model. No one seems to have developed a resonable and equitable way to pay outsourcers, because the per call method simply does not work.
I've noticed better quality customer service from places that assign issue ticket ID numbers. IE:
Tech: Welcome to TIC tech support; can I have your user ID?
Caller: mst3k@TIC.net
Tech: [Clickety] Right. You last called us two days ago about a networking problem. Is that still the issue?
Caller: No, that's not it. This is something new.
Tech: Well, let's see what we can do.
[Time passes]
Well, since you don't have a dead chicken handy to wave over the computer, you can pick one up at your local butcher's shop. If that doesn't work, call us back and refer to ticket ID number [clickety] 123456789A.
Caller: Uh, chicken.... right. [Click]
Tech: Oh, damn. I hope he doesn't get one from KFC...
So, if you can come up with a way that pays them per ticket, rather than per call, you might have better results. This system too can be gamed-- such as by techs opening new tickets each time regardless. This can be worked around: tickets considered closed if caller doesn't call back in 30 days on the issue; ticket considered open if the caller references it; ISP pays outsourcer for closed tickets, with an increasing but asymptotic scale ($1, $1.50, $1.75, $1.88, $1.93...) depending on how many calls it takes to fix it.
There's better solutions, no doubt, but I DON'T COME UP WITH THEM FOR A LIVING, and certainly not before my morning coffee. I have, however, read a few articles on outsourcing, and they all agree: you will get what you say you're paying for. So if ISPs want better service departments, they can come up with a way to pay for solutions rather than phone calls.
Slashdot Mirror
It's *almost* a complete waste of time. The advantage of the laws is that they make the Spamming activity specifically criminal... which can be used to go after the Spammers. Further, while I-am-not-a-lawyer, I could easily see a criminal case being made for consipiracy against any executive aware of the hiring of a spammer to advertise their company.
1. Spam hits inbox.
2. Extract corporate information.
3. Get freindly judge to issue a warrant for the company's accounts, followed by their computer logs.
4. Find responsible C-level moron.
5. Prosecute
Repeat a few times, and even the V1A6RA idjits will go away. The only remaining spammers will be the completely criminal (EG, Nigerian 419's and identity theft rings)... which are a separate barrel of prosecutions.
Of course, there's a little problem with my theory: you need to have investigators who will actually investigate, and prosecutors who will actually prosecute. However, the mobs of howling taxpayers seem likely to provide an incentive for this.
As the judge remarked the day that he
acquitted my Aunt Hortense,
"To be smut
It must be ut-
Terly without redeeming social importance."
Personally, I think most of the smut (either arriving as spam or available on the web) is really, really bad for young people to be reading.. but not because of the sexual content. The punctuation, grammar, and spelling is spectacularly bad most of the time-- even more so when the idjits are trying to beat a spam filter. And while I recognize that porn (like any other field of literature) has its archetypes and themes, usually the writing doesn't even achieve that: the characters are cardboard, the dialogue is wooden, and the plot is tissue-paper.
Todays kids should spend more time reading the literary classics of smut!
Not to mention his tenure as chief moderator of the rec.humor.funny Usenet group, when the infamous Jewish Ventriloquist joke incident occured. He's no stranger to this sort of battle.
Mind you, I hadn't remembered he was chairman of the board of the EFF. Could AmEx have possibly picked a worse person to try to intimidate?
As I understand it, the reason that most sites giving basic advice add "IANAL/consult a professional" is threefold. First, laws vary from state to state; good advice in California may be very bad advice indeed in Massechusetts. Second and similarly, sometimes the big picture hangs very heavily on a couple of very small but important details; lawyers are well practiced at straining at gnats and swallowing camels, and knowing which is which is not something for an amateur off death row to try. (If you're on death row, what else do you have to do with your time?)
The third reason, however, is the most important. As I understand it, if you give someone legal advice, it both makes you civilly liable for any bad consequences of taking it (IE, you get sued next if they lose the case), and may constitute the criminal offense of practicing law without a license if you are not admitted to the Legal Bar for the jurisdiction your advisee is in. I've heard Arizona is an exception to the second half of that, but I don't know the truth of this.
Many lawyers offer a free initial consultation; if you have a problem, taking advantage of that sounds like a good place to start.
Why do people think that the command line [osnews.com] is *not* "user friendly"?
SNIP
Then why a system administrator?
You're talking about two different groups of "users". Most users are not system administrators in any significant sense of the word. Yes, home users are by necessity "administrator" on their machine... but they don't do much administration, and I don't think that what you're talking about.
Linux, as is, is fine for systems admins. It is not fine for Aunt Tillie types; I believe the increasing usability is targeted at the latter group.
Oh, and as an incidental aside...
Windows and Linux admins in the same organization? What organization is this?!
Hell, sometimes you can have Windows, Linux, and even Mac administrators in the same *person*. Some of us are agnostic in the great OS holy wars. =)
It depends what you mean by increased usability. A linux expert can do almost anything on Linux right now. Aunt Tillie can't check her e-mail, without risking creating an open SPAM proxy. Increasing usability has very little to do with the underlying code functions, and far more to do with the visual communication of relevant information. As long as the interface does not rely on security through obscurity, improving the interface will only improve security, with things like:
"Warning: Setting Up a SendMail Daemon without checking for security patches may risk increasing the world supply of electronic Junk Mail (SPAM). Perform check for securely signed patches (Default: Yes)? Use Default trusted patch Server patchserver.ThisLinuxVendor.com (Default: Yes)?"
Of course, increasing accessibility also increases accessibility to potential shoot-yourself-in-the-foot things like filesharing. Right now, Security through Obscurity usually protects Aunt Tillie from setting up a SMB share of her entire hard drive. On the other hand, if she does do it somehow, she'll never figure out that her DSL is slow because she's been turned into the leading WAREZ distro for Podunk. Security through Obscurity is generally considered harmful-- but it is Security. Good interfaces can be designed to provide the users with warnings to educate them as to hazards, while letting them shoot themselves in the foot if they really, really want to.
Now, if you talk about increasing the functionality, so the Linux users can do things like install spyware, or DirectX components to reformat their hard drive, then yes, that's likely to decrease security.
For works under 30 seconds, you can listen to the whole thing; however, you can't save what you hear. (There's about 20 of Shel Silverstein's poems from "A Light in the Attic" and "Where the Sidewalk Ends" that fall in this category.)
I have a friend who is a mental health professional, and he said...
There are subtle variations is degrees of protection of privilege that depend on the nature of the relationship-- doctor-client privilege is subject to different protections than lawyer-client privilege. You'd probably have to ask a or law professor specializing in that field to get the details explained... and the answer might take a semester, since (as you noted) privilege is usually recognized at the state level.
Not a privilege, a legal responsibility.
No, no, no... the privilege is that of the CLIENT. Anything the doctor, lawyer, shrink, or whatever says is *NOT* subject to privilege (save to the extent that it reveals the clients privileged communications), and the client may reveal any of it to anyone they choose.
If I need a password to call a deaf person but not a hearing person, that's hardly equal access.
Not that I think the idiot plan of logging is anything other than an idiot plan, but I thing they're only talking about requiring a name and password for a deaf person to call out, not requiring a password to call a deaf person.
I admit, this is still not equal access: the deaf will need to (briefly) identify themselves and provide proof of their identity (the password) to make a phone call, where the hearing do not. On the other hand, it seems a minimal obstacle. On the gripping hand, I'm not deaf, and won't be for about another 50 years judging by family history, so I'm not the one to judge that.
On yet another arm of my octopus, I'm not sure that such passwords would do any good; they would become a prime target for a new form of identity theft, just like social security numbers and mother's maiden names are now.
Free TTY services be allowed to issue usernames and passwords to their customers,
Yes. Requiring some sort of proof that the service is needed as you suggest might also be desirable.
keep text logs of the conversations,
No.
As I recall my sign language instructor explaining, the TTY Relay Service operator (and, I suppose, anything they might keep a hypothetical log with) is legally considered to be part of the telephone. They are NOT allowed to discuss anthing they hear; and any testimony they give about anything they have heard prior to a wiretap warrant being issued is legally inadmissable. You can be planning a murder, and the operator just has to relay the messages back and forth. It's a condition of legal privilege similar to those of spouses, doctors, lawyers, and the Secret Service.
Allowing mandatory logging would effectively put a bug into the phone of every deaf person who has need of this service. Any regulation or legislation permitting this would be struck down in court as a violation of the equal protection and reasonable search clauses.
As for the phone companies doing it themselves, they are under what is called "common carrier protection"-- they make no judgements over what to carry, they just send the voices back and forth, whether it's a call to mom or a death threat. Yes, harrassing calls are illegal, but the phone company only can take action AFTER the recipient complains. Logging, and revoking access based on use, would remove the Telco common carrier protection, and they REALLY don't want to do that. Not to mention the incidental that this might get them sued for civil rights violations under that pesky equal protection clause again.
This report does lead me to wonder, however. I recall being informed by a professor who specializes in history of computing that the phone phreak community back in the 1970's to 1990s was had a very large blind community. While speculations on the cause of that are moot to the matter at hand, there might actually be a group of deaf/hard-of-hearing folk who are gathering around this new (and even less moral) illegal activity. If so, it would be depressing.
Disclaimer: I am not a lawyer, I just argue with one.
What kind of fucked up system is that?
One founded by the descendents of sexually repressed religious zealots who wanted to be able to torture confessions out of witches and heretics in peace?
A LaserJet 6MP is a very respectable printer. Parallel ports are still fast and reliable. Not everybody feels the need to upgrade to USB 2.0 printers just because that is "trendy".
Agreed. Most computer hardware has about a 3 year useful life. Monitors go up to about 6 years. A good laser printer can have a 12+ year useful life, depending on printer quality and duty cycle. One of the users I support has a parallel port HP LaserJet III still in use... it works Just Fine, thank you very much. It was bought 12 years ago, and I fully expect it to last another four years, when the user will retire... but the printer may not.
"When the laser scanners were coming out, everybody was saying, retailers are going to collect information about what you buy. Is that why I have two loyalty cards on my keyring and three more in my wallet?"
Those ID tags only track you if you provide meaningful information when you fill out the ID tag. I consistently use things like "Ima Lyre, born Feb 29 1971, 123 Bogus St., Schenectady NY 12345." (Actually, 12345 is in Sch'dy NY, but no-one lives there-- it's GE's main plant. Since it's a paper application, the sales idjit just smiles and takes it.
Those retailers are collecting information about what entity number 4567489612347 is buying, but the only link to me is in my wallet... if I haven't lost it.
As Cinderella said to Pinochio while sitting on his face, "Lie, you bastard! Lie! Lie! Lie!"
This, however, will not be an option with RFID.
Obviously, the time to distribute fixed and patches goes down as well.
The real "time to distribute patches" is the total of (a) the time required for the manufacturer to discover the bug, (b) the time required to create a patch, (c) the time required to for the user to figure out that yes, they REALLY DO NEED TO DOWNLOAD the $%^&ing patch, (d) the time required to download the patch, and (e) the time required to actually install it (and usually, reboot).
Increasingly available high bandwidth/throughput connections on DSL will cut into the time for step (d), but the big problem is at the "Aunt Tillie" bottleneck at step (c)... which increasing connection speed won't help diddly.
Well if the director of the facility is calling it a Level 5 facility only 6 years ago I would hardly call that outdated or incorrect as in theory he should know more than anyone about the subject.
The citation you give is on the web site of (what based on this reference amoung others, I judge is essentially) a lobbying organization, giving draft notes from a meeting between representatives of the group and various government officials. Furthermore, that was in 1998, only two years after the 1996 change in terminology. Inexact terminology was excusable.
It is not, say, a current official government publication, or official testimony to congress.
It is now eight years since the correct parlance has changed. Using the old terminology is no longer appropriate.
Of course, while the term for the facility and the bugs may have changed from BSL-5 to BSL-4, that doesn't change how #$%^ing dangerous the stuff really is. They were then and still are the nastiest bugs on the planet, and have not gotten one whit safer in the meanwhile. While I'm not sure what the best location would be for such a facility, you're right: putting one that close to New York City is rank insanity.
References to BSL5 appear to be using poor/outdated terminology.
A non-canonically sourced article here (coincidentally mentioning Plum island) mentions "The confusion stems from two separate ranking systems, one for organisms and one for facilities. There are four levels of facilities, said Ms. Hays. And there are four levels of organisms. But once upon a time there were five levels of organisms, the top rank reserved for animals diseases forbidden in the mainland U.S."
A passing reference to this old classification system can be seen here.
The current CDC listing of Biosafety Criteria is here.
My quick searches using Google to check US government web sites turns up only a handful of references, all false positives (so to speak). This suggests that any mention of BSL-5 is either outdated, incorrect, fictitious, or (for the paranoid) leaked classified information.
Having read the BSL-4 specs from the CDC, about the only step up I can imagine for a BSL-5 facility is "Remote teleoperation only; no on-site human presence allowed. No material, organic or otherwise, may ever leave the facility." Anyone stupid enough to even try to play with something that would need that level of containment ought to be shot; it isn't even useful as weapon, it just exteminates the species.
Perhaps it's more freindly than Big Brother, but there's still that gods-awful-huge uncheckably-and-doubtfully-accurate master database somewhere.
A freind of mine was preaching to the choir (me) about how inappropriate it is that the RIAA is calling mass copyright infringement "piracy", and how it is an inappropriately biased term given the evils of Blackbeard and the like. Since I agreed, but like my rants to be backed up by better facts, I did some research on piracy of the "Argh, me hearties" kind. To my surprise, it almost fits, if you grant that copyright is "property", Cyberspace is a "place outside the jurisdiction of any State", and that mass copyright infringement falls within "act of depredation". (See what the UN has to say about the Jolly Roger type stuff.)
Skimming the web for some history on this, it seems that the idea of the laws against piracy arose slowly to deal with the problem of crimes committed outside of any national jurisdiction. I was wondering if Mike has any thoughts on this parallel, and what it may imply about how cyberlaw may evolve.
The publishing industry is many hundreds of years older and wiser. (Could it be because some of them still read?) They remember their history, and the last copyright and patent revolt in England: the printers lost, badly; literature survived quite nicely. Modern publishers also realize that lending books ultimately ends up increasing sales longer term; Erik Flint discusses this eloquently at The Baen Free Library.
In the case of copyrighted building codes being made into public domain laws, the courts have come down on the side of the public domain. This seems sensible, IMHO.
However, this should fall under Amendment V: "nor shall private property be taken for public use, without just compensation". Up until the point when the code is made law, the copyright is private property; after, it becomes public property.
Of course, this is (IMHO, IANAL) somewhat different from the case of an assembage of facts (such as the phone book) that is intrinsically uncopyrightable, as opposed to uncopyrightable because of the need for the law to be accessable. Eldred v Ashcroft gives a dim view of the chances of this being knocked down if it does become law.
The proper description is "a bunch of mindless jerks who'll be the first against the wall when the revolution comes."
More seriously, though, it does send a notion wandering through my brain, as to the next step in outsourcing. They've outsourced manufacturing, and now white collar jobs. Could academia be next? Distance learning programs could go up in level, especially if fiber-to-the-door actually comes about.
Slightly more plausible, however, is for the next step to be boards of directors outsourcing management; Pointy Haired Bossing isn't that hard. =)
Of course, stockholding could be outsourced faster still....
RAID 0 at least makes sense; that way the multiple drives involved are treated as a single drive.
The LaCie Bigger Disk is fairly affordable if you need the drive size-- 1TB per drive at about $1200 . The 1000 DVDs = 10 TB implies you need about 10 of these drives for a RAID 0 set. The "marginal" cost of converting 10 drives from a RAID 0 (no redundancy) solution to a RAID 5 (redundant striped set) solution would be proabably about 10%, assuming you can find firewire RAID 5 software. Of course, since you're about to drop $13K at LaCie, I suspect they would be happy to discuss Firewire 800 RAID 5 packages with you. =)
(x) It is defenseless against brute force attacks Um? Public/Private key encryption is sorta subject to brute force attacks, but last I heard a 1024 bit key set requires a Seti@Home grade cluster to have a hope of breaking it.
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
I don't see that. However, if I enable spam blocking on my mst3k@earthlink.net account, my ISP may then drop everything from those not using this authentication into the bit bucket.
(x) Many email users cannot afford to lose business or alienate potential employers
And these folks will be the last victims of spam, until the diminished number of people seeing spam diminishes those buying spammed products so that spamming is no longer economically viable.
Specifically, your plan fails to account for
(x) Open relays in foreign countries
Such open relays may be subjected to vast pressure from their upstream providers, not to mention DDOS from socially activist script kiddies. They may also be conventionally blacklisted.
(x) Huge existing software investment in SMTP
This is still using SMTP, with perhaps eight additional RFC 822/2076 type headers that can and should be made official via RFC if this proposed standard is implemented. However, the plan does NOT cover the issues of secure key distribution, compare the computational overhead of key-pair signature verification versus current spam filter methods.
(x) Armies of worm riddled broadband-connected Windows boxes Depends on whether the spamming program uses its own SMTP engine (filtered at destination due to lack of authetication), or parisitizes off the ISP SMTP server (which will at least track spam to particular ISPs.) Granted, we're still going to need several million cluebats, and ISPs will need to deal with those people who enable spammers.
(x) Dishonesty on the part of spammers themselves
I don't see the problem here. More specific, please.
(x) Bandwidth costs that are unaffected by client filtering
If it results in vastly fewer people reading spam (say, reduced to 1% current levels), repsonse rates reduce (roughly) correspondingly. Spam becomes less rewarding, so fewer people will try it, and bandwidth throughput foes down.
I concede, the bandwidth/throughput costs of key distribution for the client filtering may be less than trivial as well.
The problem is, as mentioed earlier, their busisness model. No one seems to have developed a resonable and equitable way to pay outsourcers, because the per call method simply does not work.
I've noticed better quality customer service from places that assign issue ticket ID numbers. IE:
Tech: Welcome to TIC tech support; can I have your user ID?
Caller: mst3k@TIC.net
Tech: [Clickety] Right. You last called us two days ago about a networking problem. Is that still the issue?
Caller: No, that's not it. This is something new.
Tech: Well, let's see what we can do.
[Time passes]
Well, since you don't have a dead chicken handy to wave over the computer, you can pick one up at your local butcher's shop. If that doesn't work, call us back and refer to ticket ID number [clickety] 123456789A.
Caller: Uh, chicken.... right.
[Click]
Tech: Oh, damn. I hope he doesn't get one from KFC...
So, if you can come up with a way that pays them per ticket, rather than per call, you might have better results. This system too can be gamed-- such as by techs opening new tickets each time regardless. This can be worked around: tickets considered closed if caller doesn't call back in 30 days on the issue; ticket considered open if the caller references it; ISP pays outsourcer for closed tickets, with an increasing but asymptotic scale ($1, $1.50, $1.75, $1.88, $1.93...) depending on how many calls it takes to fix it.
There's better solutions, no doubt, but I DON'T COME UP WITH THEM FOR A LIVING, and certainly not before my morning coffee. I have, however, read a few articles on outsourcing, and they all agree: you will get what you say you're paying for. So if ISPs want better service departments, they can come up with a way to pay for solutions rather than phone calls.
...of Terry Gilliam saying "It's only a model".