Except there is a discussion in academia, Ben Stein just doesn't like the outcome of that debate so he claims it's "unfair".
Scientific debate isn't the Skull and Bones society, anybody can join in if they have some good points to make and some good arguments to back them up. All I ever hear from folks like Ben Stein is how they are being unfairly excluded from the debate...yet rarely have I actually seen them making any attempt to join in.
Since this is Slashdot, I can't end this post without an analogy...so here goes. Forget we're talking about science and think about the place where you work. Imagine there is someone who shows up late, leaves early and doesn't get a lot done while he's there. Now imagine that person spends basically all his time at the office complaining that it's unfair how he's not getting promoted and that the boss has it in for him. That's how I feel about Ben Stein here.
This "fact" has been repeated in almost every slashdot discussion on this topic, but it's not even remotely true. While it is legal for the US to spy on British citizens and for the Brits to spy on US citizens, we need to be careful about how we're defining "legal". In this case, it's the laws of the respective countries that allow spying on foreigners...British law does not prohibit spying on Americans, and US law doesn't prohibit spying on Brits.
But American intelligence agencies don't operate under British law, they operate under American law. Attempting to obtain information on US persons without legal authorization is illegal under US law, regardless of how they attempt to go about it. Asking another country to do the actual information gathering is in no way a legal loophole, any more than asking someone to kill your boss for you exempts you from prosecution. If the NSA asked GCHQ to spy on American citizens, GCHQ might not be breaking any British laws, but the NSA would be violating US laws.
You don't think it happens all at once, do you? That you're just going to wake up one day and live in a police state? It happens slowly over time, and it almost always starts with policies that require "tips" if you are of a certain religion or race.
You're right, there is nothing you can do at the application level to work around forget TCP packets with the RST flag set (except repeatedly reopening the connection). Which is why TCP is a poor choice if you don't trust your network, as is sadly the case with ISPs like Comcast.
But lucky for us, Sandvine is pretty primitive technology, and there is a simple alternative to TCP...UDP. If bittorrent used UDP instead of TCP, ALL the connection tracking could be handled at the application level, and then authentication or other methods of bypassing packet forging attacks could be used.
I am not a lawyer, but something about that doesn't sound quite right. If you're right, this would be the first example I can think of where it's legal to hire someone to do something for you that it would be illegal to do yourself.
Me and my packet sniffer would disagree with you. I set up Ethereal to sniff ALL network traffic from my machine to anywhere, then I searched for something using the desktop search page (which actually resides on your local machine, btw).
Nothing at all left my machine during the entire process. NOTHING. Not one packet went to Google, or anywhere else for that matter.
Well that would certainly be a security risk...if it were true. But after doing some testing myself using a packet sniffer, it is very obvious that Google desktop search does NOT send your search results anywhere. If you notice, the desktop search page on Google.com is actually on your local machine (look for "localhost" in the URL), not on Google's servers. So that should be another indication that your data isn't being sent anywhere.
The amount of FUD regarding this product is just silly. Google is not searching your computer, an application you install is. And that application does not send search results anywhere, they stay on your machine. If you don't know enough to understand what's going on, at least listen to people that do.
I was curious, so I installed this on a clean system I use for testing and set up Kerio personal firewall (like Zone Alarm) on the computer as well. Although the program found several "problems" that were just stupid (like every real player file on my computer, they are used for my distance eduation class, and who pirates stuff using real player?), it never tried to send any data anywhere because Kerio never popped up to approve any connections from the program (and it wasn't on the approved list).
Apparently they were telling the truth, even though the program is still pretty stupid.
There's a big flaw in logic that strictly applies copyright law without looking at the situation. Yes, reproduction and distribution rights belong to the copyright holder...but they can be extended and modified if the copyright holder wishes.
The download on MS's site that has been linked earlier is specifically for people who need to install SP2 on multiple computers. So tomorrow at work I'll download SP2 and install it on dozens of computers at my work from one download to save bandwidth. And this is exactly what MS intended people to do with that file, they even say you better not be downloading it for just one computer.
IANAL, but I'd be willing to bet MS would have one hell of a time suing anyone for redistributing service packs since they encourage that very thing. Laws aren't black and white, and this isn't like someone setting up a torrent of the latest Britney Spears song.
Slashdot Mirror
Except there is a discussion in academia, Ben Stein just doesn't like the outcome of that debate so he claims it's "unfair". Scientific debate isn't the Skull and Bones society, anybody can join in if they have some good points to make and some good arguments to back them up. All I ever hear from folks like Ben Stein is how they are being unfairly excluded from the debate...yet rarely have I actually seen them making any attempt to join in. Since this is Slashdot, I can't end this post without an analogy...so here goes. Forget we're talking about science and think about the place where you work. Imagine there is someone who shows up late, leaves early and doesn't get a lot done while he's there. Now imagine that person spends basically all his time at the office complaining that it's unfair how he's not getting promoted and that the boss has it in for him. That's how I feel about Ben Stein here.
This "fact" has been repeated in almost every slashdot discussion on this topic, but it's not even remotely true. While it is legal for the US to spy on British citizens and for the Brits to spy on US citizens, we need to be careful about how we're defining "legal". In this case, it's the laws of the respective countries that allow spying on foreigners...British law does not prohibit spying on Americans, and US law doesn't prohibit spying on Brits. But American intelligence agencies don't operate under British law, they operate under American law. Attempting to obtain information on US persons without legal authorization is illegal under US law, regardless of how they attempt to go about it. Asking another country to do the actual information gathering is in no way a legal loophole, any more than asking someone to kill your boss for you exempts you from prosecution. If the NSA asked GCHQ to spy on American citizens, GCHQ might not be breaking any British laws, but the NSA would be violating US laws.
You don't think it happens all at once, do you? That you're just going to wake up one day and live in a police state? It happens slowly over time, and it almost always starts with policies that require "tips" if you are of a certain religion or race.
You're right, there is nothing you can do at the application level to work around forget TCP packets with the RST flag set (except repeatedly reopening the connection). Which is why TCP is a poor choice if you don't trust your network, as is sadly the case with ISPs like Comcast. But lucky for us, Sandvine is pretty primitive technology, and there is a simple alternative to TCP...UDP. If bittorrent used UDP instead of TCP, ALL the connection tracking could be handled at the application level, and then authentication or other methods of bypassing packet forging attacks could be used.
Since when is the CIA concerned with wiretapping and listening to phone calls? Isn't that what the NSA is for?
I am not a lawyer, but something about that doesn't sound quite right. If you're right, this would be the first example I can think of where it's legal to hire someone to do something for you that it would be illegal to do yourself.
Yeah, I got a little confused myself ;) No problem.
Me and my packet sniffer would disagree with you. I set up Ethereal to sniff ALL network traffic from my machine to anywhere, then I searched for something using the desktop search page (which actually resides on your local machine, btw). Nothing at all left my machine during the entire process. NOTHING. Not one packet went to Google, or anywhere else for that matter.
Well that would certainly be a security risk...if it were true. But after doing some testing myself using a packet sniffer, it is very obvious that Google desktop search does NOT send your search results anywhere. If you notice, the desktop search page on Google.com is actually on your local machine (look for "localhost" in the URL), not on Google's servers. So that should be another indication that your data isn't being sent anywhere. The amount of FUD regarding this product is just silly. Google is not searching your computer, an application you install is. And that application does not send search results anywhere, they stay on your machine. If you don't know enough to understand what's going on, at least listen to people that do.
I was curious, so I installed this on a clean system I use for testing and set up Kerio personal firewall (like Zone Alarm) on the computer as well. Although the program found several "problems" that were just stupid (like every real player file on my computer, they are used for my distance eduation class, and who pirates stuff using real player?), it never tried to send any data anywhere because Kerio never popped up to approve any connections from the program (and it wasn't on the approved list).
Apparently they were telling the truth, even though the program is still pretty stupid.
There's a big flaw in logic that strictly applies copyright law without looking at the situation. Yes, reproduction and distribution rights belong to the copyright holder...but they can be extended and modified if the copyright holder wishes. The download on MS's site that has been linked earlier is specifically for people who need to install SP2 on multiple computers. So tomorrow at work I'll download SP2 and install it on dozens of computers at my work from one download to save bandwidth. And this is exactly what MS intended people to do with that file, they even say you better not be downloading it for just one computer. IANAL, but I'd be willing to bet MS would have one hell of a time suing anyone for redistributing service packs since they encourage that very thing. Laws aren't black and white, and this isn't like someone setting up a torrent of the latest Britney Spears song.