> t while the proxy can effectively decrypt your https traffic, noone else can
You only know your session is encrypted between your browser and the proxy. You cannot check who is at the other side of the proxy (unless perhaps you're the proxy admin). You don't know whether your session is encrypted between the proxy and the other side. You don't know what grade of encryption is used between the proxy and the website, or whether that traffic is encrypted at all. For all that you know, your company's network admin is a nice honest guy, would never dream of snooping on anyone's traffic, but hasn't noticed that the proxy has been failing all SSL negotiation for the past 14 months and is reverting to no encryption. And even if it doesn't, I've seen commercial websites that provided identity through SSL, but did not encrypt the session. My browser warned me that the traffic is not encrypted. I could check the certificate, see that the other side is who he claims he is, see that the sesion is https but not encrypted, and decide not to use my CC on that site. But would not be able to do so if it were thorough a proxy.
Does it matter that "server-to-server communication is TLS encrypted and authenticated" when there is only one server?
Google Wave was never opened for federation. It was not used as a tool to communicate. Only as a demo for a tool for collaboration between people working on the same system.
People connected to the same computer where able to communicate using the computer. Then in 1971 Ray Tomlinson extended it a bit to allow people with accounts on different hosts to communicate. Email was invented and the rest is history. Wave has never reached this stage. It was a closed garden used only by people using Google Wave accounts. There was no one else running a Wave server and there was no point in doing so when there's no other server open for federation (other than the "sandbox" servers that did not serve any real "users", a.k.a. "people"). Email in 1971 was not close to what it is today. but it was working and allowed people to use it to communicate. "Gadgets" (RFC822, MIME) came years later. In Wave it seems they tried to do it the other way round. Did they expect it to work?
I've deliberately subscribed (also "unsubscribed") some FastMail aliases to some botnet spammers lists. I never got a single piece of spam on these addresses. Subscribing to same lists with other providers produces a steady flow of spam. This has nothing to do with Sieve because most spam never reaches this stage at FastMail. With my Gmail address I don't need to subscribe: the spam finds its way to that address, and there's lots of botnet spam getting into Gmail. True, it's getting into the junkmail "folder", but so are many legitimate messages (false positives) so the spam has to be manually sifted there. WIth fastMail I know that whatever message is rejected and not delivered into a mailbox (junk box or any other box) is producing an "undelivered" report to the sender. With Gmail there has been reports of disappearing mail: mail that was accepted by their servers yet not delivered to either the recipient's inbox or spam box. I have also seen reports by users of Gmail that get so much spam in their spam box that they gave up fishing for false positives despite knowing that they lose some business this way.
IMAPSize is an application for IMAP account management (unlike an email client that would sync with your IMAP account, possibly instructing the server to delete things, IMAPSize backup function only copies and backups. Backups can be incremental, of course. And there's other functionality too, like Attachment removal or header modification).
I know it works with Gmail (used it) though I use it mainly with my fastmail.fm account.
1. Gmail will include the "secret" account address with every email they send (in the "Sender" header and in the envelope-from address ("Retunt-path"). It will be no safer from spammers than the other address.
2. A brand new email address that is not too short or a very common name used by a child will not receive any spam. It's not a new account of an adult that would be fed into every online merchant's site and immediately shared with "select partners" a.k.a. spammers (I was going to write "an account you setup for your wife" but decided to avoid male chauvenism). Though I might be completely wrong about what children do with their email addresses. My kids only exchange emails with very few friends and teachers.
3. Google's spam filtering is not anything close to being "good". They not only miss a few. They also have a quite high rate of false positives ( I saw more than 1% one month that I made counts). They provide absolutely no control on how spam is filtered (such as sensitivity or opting out of spam filtering) and they do not pass detected spam through filtering rules. There is no way to define rules that precede spam filtering. Also there have been reports on legitimate mail that Gmail haven't even filed in the spam folder (or whatever it is in Gmail that's "not a folder").
4. Anyway the spam is not the real problem since the child is not going to get any. My two sons have email accounts for about 3 years and not a single spam message (but they don't use them to "sign up" for anything, and if they do need to sign up I do it for them with disposable addresses).
5. The real issue is that parents have a esponsibility to watch their childrens actions.
Recently my 8 years old son was required to provide an email address "of his own" to his teacher to communicate with his classmates. What I did is provide an alias in my domain and create a rule to forward a copy to his mailbox and keep a copy in my inbox. I also created a personality in his account that uses he address in my domain by default and bcc's by account with all his outgoing mail (all this is using fastmail.fm that hosts my domain so there is no revealing of his account's direct address). That way I can monitor all his mail. Usually I get his mail before he does because I watch my mail much more often (Actually I setup email notification on his computer so he gets notified in real time about incoming email but he is not online all that much). What I plan nest is to open a family account at fastmail.fm and then I can (from my account that I will setup with admin privileges) watch the childrens accounts (when they grow older I can use the "privacy" option that allows the admin to be blocked from reading content of individual accounts so older kids can have privacy but still have dad pay for their account).
BTW: I don't have anything to do with FastMail.fm except for being a happy customer for many years.
I use FastMail since 2002. I host mu personal domain there for email. I use IMAP only for backup. I use the webmail client for handling email, mainly because I got used to several features it has that you don't usually find in a mainstream email client, like easy editing of the "From" header per message, like easy access to source editiing of HTML mail (that many people here will not touch but then I write lots of email that contains both math formulas and right-to-left text which is quite impossible otherwise except for attaching a file which is a no-no for me). I also use the very flexible file hosting option for various purposes. One thing I like is the almost endless possibilities in their system and in their webmail client. But the most important aspect is that the people who run the service and who program and design the service are accessible. They do listen to suggestions. They often implement them. And when it is not possible they provide real explanations (like how it is imcompatible with some other functilnality or how it is not standards comliant or at least why it is difficult to implement) and I've learned a lot from them. But then you can just browse around here and find some responses from FastMail representatives in this Slashdot thread and see what I mean.
In many cases trying to deal with an IT department is just one big PITA and paying a bit of money from one's own pocket can save one lots of work time (while still being paid the same salary and not having to suffer through trying to get someone in the IT department do something that might actually improve work).
The first thing I did when I got my work email address was setup email forwarding to my FastMail account. The IT dept cannot do basic things like configure exchange to send out email without gibberish or to configure Apache not to declare the wrong encoding on webpages. And the guy in our department that's in charge of working with the IT department just told me that "I'm own my own" when it comes to getting anything done that's not on the IT dept's agenda. He stoped expecting anything from them in the early 90's.
So the ritual is that if you want things to work you do it yourself and you keep quiet so no one wili undo what you setup for yourself. If you're still new you try to make things change until you find out there's no use (and everyone else was correct telling you there's no use) and then you give up or else you have to work more to achieve the same results.
> Your question assumes that there is a better interface for webmail than GMail...
And your answer assumes that there is no better interface. Gmail's interface is quite limited. You cannot do basic things like open a message in a separate tab. There are also email related things limited in Gmail. It all depends on your needs. If you need to receive windows executable attachments Gmail will not deliver them. If you need to filter on envelope address (address used to send you email that is not in the headers if email was bcc'd or redirected) Gmail will not filter it for you (Gmail's filters are quite limited to search within a few headers). Gmail is great if your email needs are little and mainstream.
If some data in the logs is encrypted then to be used it would have to be decrypted. If done right this would mean that it would be easy (provided the keys) to decrypt individual records but would be practically impossible to access the "private" data in a high percentage of the records (while bulk data and data that does not identify a person can be accessible without decryption so the logs can serve their purpose). This way Google (and anyone else storing logs) can keep the bulk data they need, the private data governments want for a possible future inquiry but without making all the private data available in bulk.
Read it with the DMCA anti circumvention clause
on
UCITA By the Back Door
·
· Score: 2, Interesting
If it is used for preventing copyright infringement then perhaps you can have a court rule that it was not appropriate to disconnect you, but you are not allowed to do anything to protect yourself against it happening beforehand because it can be interpreted as circumventing means of protection against copyright infringement. And even if it does companies would be reluctant to provide tools to do it, so you're on your own.
So if you're an organization that needs a license for 50 copies of whatever you'd get a license for 100 just in case some race condition makes the monitoring processes that you are not allowed to stop detect 51 copies (when you actually have 49 but moved 2) and then stop your entire business network and corrupt your data bases by disabling some components while others still work. Of course this won't happen but it will cost money to prevent it from happening and the money would go to the hands of those that might make it happen.
How would copyright holders be able to install their malware that is needed to protect them from you if you don't allow them to install the software by denying them admin rights on your computer? Not running as admin would circumvent DRM and thus would be illegal! (as would be any means of detecting and removing a computer virus that is trying to hide itself: that would certainly be trying to circumvent protective measures put there by the owner of the copyright on the virus's code!)
The virgins would be cute but they would stay virgins. That's their job. And anyway that guys that get these 72 virgins first have to blow up any equipment that can be used to change the virgins' status.
Nothing "has a flag on it" indicating ownership by its nature. All "property" is acquired and kept by force. Your cave is "yours" because you guard it. Now people get together and decide that instead of everyone guarding everything they want to keep they would agree to share efforts guarding each other's "property" so they can go about doing other things that interfere with the necessary guarding of "property" without which the concept cannot exist. All this relies on everyone benefiting from it, or at least on that those that don't find it useful being to weak to do something else. As time passes things become more and more complex.
All of this is obvious. There is no difference between various kinds of "property", "real" or "imaginary". It's all "imaginary" and dependent on that enough people agree to imagine the same thing. It's not perfect. People don't always play by the rules even if they think they are reasonable. How many people strictly obey the speed limits? Most agree that they are basically good rules but drive a bit faster.
So it's all about balance. People obey rules because the rules are basically good for most of them. They don't obey rules that they don't think they benefit from. What currently happens with "IP" rights is that "IP" law is committing suicide. People understand that the very long term copyrights are really there to allow taking out of the market of older content so that it doesn't compete with new products. With stricter laws people will not drive slower and will not restrict themselves to what they can find in the store. They will get a radar detector and since they have one they will stop thinking about what's right and what's not so right in "IP" laws - if legislators cannot differentiate than why should those that elected them do?
because then IBM - being the nice big company that they are - would grant free use of the patent in FOSS and then anyone who wants to offer a free lunch would not be able to do it with the software from Redmond...
In the Open University of Israel we have course ware that allows the same user to serve several roles based on identity/course/semester combination for several years already, probably predating the discussed patent. I don't know that exact claims of the patent, but I'm sure that the system here is prior art at least to some aspects. I have instructor privileges in courses where I'm an instructor, course coordinator privileges in courses I coordinate, and since I was a student in the past I also have student access to data on courses I took as a student, although the fact that the last course I took here was in 1984 means that there's not much to see except my grades. Students that took courses in this millennium can access the materials that have permissions for the semester they took the course on or that have permissions for all semesters. So perhaps some details in Desire2Learn's implementation infringe on some particular claims in Blackboard's patent, but I think it is possible to have a rich role oriented course management system that is fully covered by prior art implemented in a course management system. Not that I think that someone should be allowed to patent an existing role dependent permissions system just because the context is different from the context where it was previously implemented, or that such obvious things should be allowed to be patented. Multiple role based permissions models existed long before the computer existed, even in education institutions (Charles Dickens might provide prior art reference?)
>... since most of the alleged compromised computers were in South America, > I doubt they hit a lot of rich people.
How is the location of the hijacked PC hosting the fake website relevant? The people that respond to phishing attempts don't have to reside in the same country where the hijacked PC that hosts the fake site does. The aim of the phishers is that the fake site, the attacker and the victim would be in different jurisdictions.
Anyway, I've seen an Israeli financial services advertise services aimed at "rich people only) using botnet based spam. The service was advertised for people that have "over 350,000NIS to invest" (that's almost $100,000). The service was advertised repeatedly using what looks as botnet based spam: spam arrives from IP addresses located all over the world. Of course headers were forged. But the continued advertising this way so I guess they were getting clients through their spam campaigns. It was not a fake phishing operation. It was a well known financial service handling investment portfolios for rich clients, a subsidiary of a big corporation.
So there were people whose PCs were hijacked and formed into a botnet. The botnet herder sold services to spammers. The spammers solds services to advertising agencies. The advertisers sold their services to their clients, including financial organizations. The botnet operators made money. Clean money made its way from the legitimate market all the way to the botnet operators. I have the IP addresses of infected PCs sending this spam. I have the details of whoever paid to use their hijacked PCs. I can use spamcop to report to the ISPs hosting those PCs. I have no way I know of to get to the people who own these PCs and to let them know who is paying for the use of their PCs. I have no way of asking these people whether the use of their PCs was with or without consent. I have provided the Israeli police with information about the activity of this spammer that is operating openly. They can do nothing on this basis. They need actual evidence about the infected PCs. Just sending email from many computers all around the world is not illegal, and there's nobody complaining to the police that their PC has been hijacked.
When one's home has been broken into one calls the police. Perhaps they can do nothing but still they are called and they collect the evidence. Later they might be able to connect the evidence to other evidence. When one's computer has been broken into one does not involve the police, and no evidence is collected. The evidence is destroyed. There's plenty of evidence available that includes those that pay the botnet operators (the spammers) - information that exist in spam, which computers they use - it's in the spam headers. The missing link is getting the evidence from the owners of hijacked PCs and connecting it to the other evidence. The connection is trivial: match IP addresses. Then the evidence can be passed to the proper jurisdiction were the spammer acts. It doesn't have to be the one that controls the botnet. The one that hires the use of the botnet can be prosecuted.
And while I'm at it: noipmail.com is an email service that offers to hide the IP address of the sender. I tried it and it looks as if it is an interface to some kind of botnet. The headers show that email I send using that service to my other email accounts is sent using various PCs in different countries. They also offer some kind of software to use their service to send bulk mail. I can read email headers but I don't have the skills to test their software in a controlled environment to see what it does. I wonder if someone reading this might want to tst this. If it is doing something that is illegal in Israel (such as obtaining unauthorized access to computers) then I know exactly who to call in the Israeli police (the registrant of that domain name seems to an ex-prisoner that served a 3.5 year sentence on a computer related crime).
Instead you will just be asked to reenter your original Windows(TM) CD and type your registration code to continue to safely use your PC with your Windows(TM) OS (and would also be reminded to upgrade to the latest version and/or to repurchase the OS if you exceeded your limited number of reactivations).
Most spam is sent from the US and Western Europe. East Europe, South America and the far east come next. The Mid east contribution would be close to negligible were it not for Israel and Turkey. (This is based on my own statistics on a few hundred messages that were sent by a particular botnet over the last two years. Statistics based on more data might vary but I doubt they would vary significantly on the main sources, i.e. western countries).
Spam sources are quite proportional to network usage. Most spam is sent by hijacked zombie PCs. I wonder if countries where everyone can get their up to date pirated security software don't have an advantage in this respect over countries were people actually pay for the stuff (or don't pay and don't use up to date security).
I think your suggestions are a bit too long to pass the marketing department up there in Redmond.
Perhaps Mindows?
Then I think that if Linus has been a bit more patriotic back then and named his OS Finux then the Linux based Windows clone could have been named Findows (and later on FinSpire;-)
When I visited Canada this autumn I found out that CDs are very expensive. I needed to buy CDs to backup my photos (to male room for more photos on the camera). Next time I know I need to bring my empty CDs from home.
I think I Canada wants to pay the music distribution industry with tax money it should raise income tax, not introduce costs into other specific activities.
The indirect result of introducing irrelevant costs into computer storage mean that some data that would otherwise be backuped would not be (because of raised costs) and eventually some of it would be lost, some of it resulting in loss of money. So what happens here seems to be just shifting of costs. The same goes for taxing internet connections at a flat rate. It would would result in some of the less fortunate members of Canadian society being cut off the main source of information and education because of a higher entry threshold. Shifting the costs to income tax would be distribute it in a much more socially responsible way, and since the aim of all of this is to make musicians into government employees (and later probably creators of all other forms of arts as their works become distributable on the internet) it is better to do it the same way all other civil servants are being paid.
Slashdot Mirror
> t while the proxy can effectively decrypt your https traffic, noone else can
You only know your session is encrypted between your browser and the proxy.
You cannot check who is at the other side of the proxy (unless perhaps you're the proxy admin).
You don't know whether your session is encrypted between the proxy and the other side. You don't know what grade of encryption is used between the proxy and the website, or whether that traffic is encrypted at all. For all that you know, your company's network admin is a nice honest guy, would never dream of snooping on anyone's traffic, but hasn't noticed that the proxy has been failing all SSL negotiation for the past 14 months and is reverting to no encryption. And even if it doesn't, I've seen commercial websites that provided identity through SSL, but did not encrypt the session. My browser warned me that the traffic is not encrypted. I could check the certificate, see that the other side is who he claims he is, see that the sesion is https but not encrypted, and decide not to use my CC on that site. But would not be able to do so if it were thorough a proxy.
Does it matter that "server-to-server communication is TLS encrypted and authenticated" when there is only one server?
Google Wave was never opened for federation. It was not used as a tool to communicate. Only as a demo for a tool for collaboration between people working on the same system.
People connected to the same computer where able to communicate using the computer. Then in 1971 Ray Tomlinson extended it a bit to allow people with accounts on different hosts to communicate. Email was invented and the rest is history. Wave has never reached this stage. It was a closed garden used only by people using Google Wave accounts. There was no one else running a Wave server and there was no point in doing so when there's no other server open for federation (other than the "sandbox" servers that did not serve any real "users", a.k.a. "people"). Email in 1971 was not close to what it is today. but it was working and allowed people to use it to communicate. "Gadgets" (RFC822, MIME) came years later. In Wave it seems they tried to do it the other way round. Did they expect it to work?
I've deliberately subscribed (also "unsubscribed") some FastMail aliases to some botnet spammers lists. I never got a single piece of spam on these addresses. Subscribing to same lists with other providers produces a steady flow of spam. This has nothing to do with Sieve because most spam never reaches this stage at FastMail. With my Gmail address I don't need to subscribe: the spam finds its way to that address, and there's lots of botnet spam getting into Gmail. True, it's getting into the junkmail "folder", but so are many legitimate messages (false positives) so the spam has to be manually sifted there.
WIth fastMail I know that whatever message is rejected and not delivered into a mailbox (junk box or any other box) is producing an "undelivered" report to the sender. With Gmail there has been reports of disappearing mail: mail that was accepted by their servers yet not delivered to either the recipient's inbox or spam box. I have also seen reports by users of Gmail that get so much spam in their spam box that they gave up fishing for false positives despite knowing that they lose some business this way.
IMAPSize is an application for IMAP account management (unlike an email client that would sync with your IMAP account, possibly instructing the server to delete things, IMAPSize backup function only copies and backups. Backups can be incremental, of course. And there's other functionality too, like Attachment removal or header modification).
I know it works with Gmail (used it) though I use it mainly with my fastmail.fm account.
jimmysSecretAccount@gmail.com ???
1. Gmail will include the "secret" account address with every email they send (in the "Sender" header and in the envelope-from address ("Retunt-path"). It will be no safer from spammers than the other address.
2. A brand new email address that is not too short or a very common name used by a child will not receive any spam. It's not a new account of an adult that would be fed into every online merchant's site and immediately shared with "select partners" a.k.a. spammers (I was going to write "an account you setup for your wife" but decided to avoid male chauvenism). Though I might be completely wrong about what children do with their email addresses. My kids only exchange emails with very few friends and teachers.
3. Google's spam filtering is not anything close to being "good". They not only miss a few. They also have a quite high rate of false positives ( I saw more than 1% one month that I made counts). They provide absolutely no control on how spam is filtered (such as sensitivity or opting out of spam filtering) and they do not pass detected spam through filtering rules. There is no way to define rules that precede spam filtering. Also there have been reports on legitimate mail that Gmail haven't even filed in the spam folder (or whatever it is in Gmail that's "not a folder").
4. Anyway the spam is not the real problem since the child is not going to get any. My two sons have email accounts for about 3 years and not a single spam message (but they don't use them to "sign up" for anything, and if they do need to sign up I do it for them with disposable addresses).
5. The real issue is that parents have a esponsibility to watch their childrens actions.
Recently my 8 years old son was required to provide an email address "of his own" to his teacher to communicate with his classmates. What I did is provide an alias in my domain and create a rule to forward a copy to his mailbox and keep a copy in my inbox. I also created a personality in his account that uses he address in my domain by default and bcc's by account with all his outgoing mail (all this is using fastmail.fm that hosts my domain so there is no revealing of his account's direct address). That way I can monitor all his mail. Usually I get his mail before he does because I watch my mail much more often (Actually I setup email notification on his computer so he gets notified in real time about incoming email but he is not online all that much). What I plan nest is to open a family account at fastmail.fm and then I can (from my account that I will setup with admin privileges) watch the childrens accounts (when they grow older I can use the "privacy" option that allows the admin to be blocked from reading content of individual accounts so older kids can have privacy but still have dad pay for their account).
BTW: I don't have anything to do with FastMail.fm except for being a happy customer for many years.
I use FastMail since 2002. I host mu personal domain there for email.
I use IMAP only for backup. I use the webmail client for handling email, mainly because I got used to several features it has that you don't usually find in a mainstream email client, like easy editing of the "From" header per message, like easy access to source editiing of HTML mail (that many people here will not touch but then I write lots of email that contains both math formulas and right-to-left text which is quite impossible otherwise except for attaching a file which is a no-no for me).
I also use the very flexible file hosting option for various purposes.
One thing I like is the almost endless possibilities in their system and in their webmail client.
But the most important aspect is that the people who run the service and who program and design the service are accessible. They do listen to suggestions. They often implement them. And when it is not possible they provide real explanations (like how it is imcompatible with some other functilnality or how it is not standards comliant or at least why it is difficult to implement) and I've learned a lot from them. But then you can just browse around here and find some responses from FastMail representatives in this Slashdot thread and see what I mean.
In many cases trying to deal with an IT department is just one big PITA and paying a bit of money from one's own pocket can save one lots of work time (while still being paid the same salary and not having to suffer through trying to get someone in the IT department do something that might actually improve work).
The first thing I did when I got my work email address was setup email forwarding to my FastMail account. The IT dept cannot do basic things like configure exchange to send out email without gibberish or to configure Apache not to declare the wrong encoding on webpages. And the guy in our department that's in charge of working with the IT department just told me that "I'm own my own" when it comes to getting anything done that's not on the IT dept's agenda. He stoped expecting anything from them in the early 90's.
So the ritual is that if you want things to work you do it yourself and you keep quiet so no one wili undo what you setup for yourself. If you're still new you try to make things change until you find out there's no use (and everyone else was correct telling you there's no use) and then you give up or else you have to work more to achieve the same results.
> Your question assumes that there is a better interface for webmail than GMail ...
And your answer assumes that there is no better interface.
Gmail's interface is quite limited. You cannot do basic things like open a message in a separate tab. There are also email related things limited in Gmail. It all depends on your needs. If you need to receive windows executable attachments Gmail will not deliver them. If you need to filter on envelope address (address used to send you email that is not in the headers if email was bcc'd or redirected) Gmail will not filter it for you (Gmail's filters are quite limited to search within a few headers). Gmail is great if your email needs are little and mainstream.
If some data in the logs is encrypted then to be used it would have to be decrypted. If done right this would mean that it would be easy (provided the keys) to decrypt individual records but would be practically impossible to access the "private" data in a high percentage of the records (while bulk data and data that does not identify a person can be accessible without decryption so the logs can serve their purpose). This way Google (and anyone else storing logs) can keep the bulk data they need, the private data governments want for a possible future inquiry but without making all the private data available in bulk.
Then English(UK) locale could list the USA as "The colonies"!
Eh?
If it is used for preventing copyright infringement then perhaps you can have a court rule that it was not appropriate to disconnect you, but you are not allowed to do anything to protect yourself against it happening beforehand because it can be interpreted as circumventing means of protection against copyright infringement. And even if it does companies would be reluctant to provide tools to do it, so you're on your own.
So if you're an organization that needs a license for 50 copies of whatever you'd get a license for 100 just in case some race condition makes the monitoring processes that you are not allowed to stop detect 51 copies (when you actually have 49 but moved 2) and then stop your entire business network and corrupt your data bases by disabling some components while others still work. Of course this won't happen but it will cost money to prevent it from happening and the money would go to the hands of those that might make it happen.
> ... will eventually, inevitably, be used for nefarious purposes.
Don't you think that all this anti-terrorism legislation should be balanced with at least a bit of pro-terrorism legislation?
How would copyright holders be able to install their malware that is needed to protect them from you if you don't allow them to install the software by denying them admin rights on your computer? Not running as admin would circumvent DRM and thus would be illegal! (as would be any means of detecting and removing a computer virus that is trying to hide itself: that would certainly be trying to circumvent protective measures put there by the owner of the copyright on the virus's code!)
... and if we don't we can buy some more!
The virgins would be cute but they would stay virgins. That's their job. And anyway that guys that get these 72 virgins first have to blow up any equipment that can be used to change the virgins' status.
Nothing "has a flag on it" indicating ownership by its nature. All "property" is acquired and kept by force. Your cave is "yours" because you guard it. Now people get together and decide that instead of everyone guarding everything they want to keep they would agree to share efforts guarding each other's "property" so they can go about doing other things that interfere with the necessary guarding of "property" without which the concept cannot exist. All this relies on everyone benefiting from it, or at least on that those that don't find it useful being to weak to do something else. As time passes things become more and more complex.
All of this is obvious. There is no difference between various kinds of "property", "real" or "imaginary". It's all "imaginary" and dependent on that enough people agree to imagine the same thing. It's not perfect. People don't always play by the rules even if they think they are reasonable. How many people strictly obey the speed limits? Most agree that they are basically good rules but drive a bit faster.
So it's all about balance. People obey rules because the rules are basically good for most of them. They don't obey rules that they don't think they benefit from. What currently happens with "IP" rights is that "IP" law is committing suicide. People understand that the very long term copyrights are really there to allow taking out of the market of older content so that it doesn't compete with new products. With stricter laws people will not drive slower and will not restrict themselves to what they can find in the store. They will get a radar detector and since they have one they will stop thinking about what's right and what's not so right in "IP" laws - if legislators cannot differentiate than why should those that elected them do?
because then IBM - being the nice big company that they are - would grant free use of the patent in FOSS and then anyone who wants to offer a free lunch would not be able to do it with the software from Redmond...
In the Open University of Israel we have course ware that allows the same user to serve several roles based on identity/course/semester combination for several years already, probably predating the discussed patent. I don't know that exact claims of the patent, but I'm sure that the system here is prior art at least to some aspects. I have instructor privileges in courses where I'm an instructor, course coordinator privileges in courses I coordinate, and since I was a student in the past I also have student access to data on courses I took as a student, although the fact that the last course I took here was in 1984 means that there's not much to see except my grades. Students that took courses in this millennium can access the materials that have permissions for the semester they took the course on or that have permissions for all semesters. So perhaps some details in Desire2Learn's implementation infringe on some particular claims in Blackboard's patent, but I think it is possible to have a rich role oriented course management system that is fully covered by prior art implemented in a course management system. Not that I think that someone should be allowed to patent an existing role dependent permissions system just because the context is different from the context where it was previously implemented, or that such obvious things should be allowed to be patented. Multiple role based permissions models existed long before the computer existed, even in education institutions (Charles Dickens might provide prior art reference?)
> ... since most of the alleged compromised computers were in South America,
> I doubt they hit a lot of rich people.
How is the location of the hijacked PC hosting the fake website relevant?
The people that respond to phishing attempts don't have to reside in the same country where the hijacked PC that hosts the fake site does. The aim of the phishers is that the fake site, the attacker and the victim would be in different jurisdictions.
Anyway, I've seen an Israeli financial services advertise services aimed at "rich people only) using botnet based spam. The service was advertised for people that have "over 350,000NIS to invest" (that's almost $100,000). The service was advertised repeatedly using what looks as botnet based spam: spam arrives from IP addresses located all over the world. Of course headers were forged. But the continued advertising this way so I guess they were getting clients through their spam campaigns. It was not a fake phishing operation. It was a well known financial service handling investment portfolios for rich clients, a subsidiary of a big corporation.
So there were people whose PCs were hijacked and formed into a botnet. The botnet herder sold services to spammers. The spammers solds services to advertising agencies. The advertisers sold their services to their clients, including financial organizations. The botnet operators made money. Clean money made its way from the legitimate market all the way to the botnet operators. I have the IP addresses of infected PCs sending this spam. I have the details of whoever paid to use their hijacked PCs. I can use spamcop to report to the ISPs hosting those PCs. I have no way I know of to get to the people who own these PCs and to let them know who is paying for the use of their PCs. I have no way of asking these people whether the use of their PCs was with or without consent. I have provided the Israeli police with information about the activity of this spammer that is operating openly. They can do nothing on this basis. They need actual evidence about the infected PCs. Just sending email from many computers all around the world is not illegal, and there's nobody complaining to the police that their PC has been hijacked.
When one's home has been broken into one calls the police. Perhaps they can do nothing but still they are called and they collect the evidence. Later they might be able to connect the evidence to other evidence. When one's computer has been broken into one does not involve the police, and no evidence is collected. The evidence is destroyed. There's plenty of evidence available that includes those that pay the botnet operators (the spammers) - information that exist in spam, which computers they use - it's in the spam headers. The missing link is getting the evidence from the owners of hijacked PCs and connecting it to the other evidence. The connection is trivial: match IP addresses. Then the evidence can be passed to the proper jurisdiction were the spammer acts. It doesn't have to be the one that controls the botnet. The one that hires the use of the botnet can be prosecuted.
And while I'm at it: noipmail.com is an email service that offers to hide the IP address of the sender. I tried it and it looks as if it is an interface to some kind of botnet. The headers show that email I send using that service to my other email accounts is sent using various PCs in different countries. They also offer some kind of software to use their service to send bulk mail. I can read email headers but I don't have the skills to test their software in a controlled environment to see what it does. I wonder if someone reading this might want to tst this. If it is doing something that is illegal in Israel (such as obtaining unauthorized access to computers) then I know exactly who to call in the Israeli police (the registrant of that domain name seems to an ex-prisoner that served a 3.5 year sentence on a computer related crime).
Instead you will just be asked to reenter your original Windows(TM) CD and type your registration code to continue to safely use your PC with your Windows(TM) OS (and would also be reminded to upgrade to the latest version and/or to repurchase the OS if you exceeded your limited number of reactivations).
Most spam is sent from the US and Western Europe. East Europe, South America and the far east come next. The Mid east contribution would be close to negligible were it not for Israel and Turkey. (This is based on my own statistics on a few hundred messages that were sent by a particular botnet over the last two years. Statistics based on more data might vary but I doubt they would vary significantly on the main sources, i.e. western countries).
Spam sources are quite proportional to network usage. Most spam is sent by hijacked zombie PCs. I wonder if countries where everyone can get their up to date pirated security software don't have an advantage in this respect over countries were people actually pay for the stuff (or don't pay and don't use up to date security).
I think your suggestions are a bit too long to pass the marketing department up there in Redmond.
;-)
Perhaps Mindows?
Then I think that if Linus has been a bit more patriotic back then and named his OS Finux then the Linux based Windows clone could have been named Findows (and later on FinSpire
When I visited Canada this autumn I found out that CDs are very expensive. I needed to buy CDs to backup my photos (to male room for more photos on the camera). Next time I know I need to bring my empty CDs from home.
I think I Canada wants to pay the music distribution industry with tax money it should raise income tax, not introduce costs into other specific activities.
The indirect result of introducing irrelevant costs into computer storage mean that some data that would otherwise be backuped would not be (because of raised costs) and eventually some of it would be lost, some of it resulting in loss of money. So what happens here seems to be just shifting of costs. The same goes for taxing internet connections at a flat rate. It would would result in some of the less fortunate members of Canadian society being cut off the main source of information and education because of a higher entry threshold. Shifting the costs to income tax would be distribute it in a much more socially responsible way, and since the aim of all of this is to make musicians into government employees (and later probably creators of all other forms of arts as their works become distributable on the internet) it is better to do it the same way all other civil servants are being paid.
What's next? Linwin or Binwin?