Posts by copsewood

If it's worth hiring investigators

You'd better be sure they are up to their stuff. Being able to radiolocate the WiFi clients would be very useful here using a pair of directional receivers and triangulation, together with standards of equipment maintenance and validation, knowledge of equipment use and logging of activity all good enough to capture evidence usable in court. MAC addresses are whatever the penetration tester or cracker tells aircrack-ng to make them, so a cracker will only disclose these during an attack if they are being careless. Precisely locating the clients is more useful.

Much cheaper to configure WPA2 securely with a very strong password you keep well secret, but if you have good reason to believe a neighbour is hacking your system with intentions of framing you for serious crimes then hiring a well equipped and highly competent PI in the WiFi department seems like an excellent idea.

Small sites can have a good future

Small sites don't get much ad revenue by definition. My websites get zero ad revenue and this will continue because my users' attention is much too precious a commodity for me to want to sell this to third party advertisers. I'm a subscriber to a site ( lwn.net ) which tried initially to pay for journalism through ads. This wasn't going to work (not enough money from ads to cover costs) and the regular readers persuaded the site to keep going by offering subscriptions.

If a website is of genuine value, the regular users will want to pay the piper in preference to it closing down.

monopolies don't have a right to choose their customers

Anyone acting as the sole provider of an essential service has responsibilities to operate without discrimination or favour other than as allowed by law. That is what monopoly commissions and anti-trust legislation and court cases are all about. For example, Severn Trent, as the sole supplier of piped water in my area has it's prices decided by a regulator and has no right to refuse service because their managers don't like someone.

premium prices to run any kind of server

A growing number of ISPs are likely to be doing this already. And customers who don't see a publicly routable IP address on the outside of their routers have no way of running a server on the inside without a much more complex setup involving cooperation from more parties. This is also going to be an excuse for ISPs to charge more to users who do need to make servers inside their home networks contactable by clients outside.

ICANN vulnerability to competition

ICANN have probably done the maths and worked out that flogging any TLD that any registrant wants for a fat fee will not only increase their take. It will also make it increasingly difficult for their less limited role to be taken over by a more democratically accountable organisation. At the moment it would be very difficult for them to get away with hanky panky over the root zone because there are relatively few TLDs and the contents of the root zone are so well known and change infrequently. This makes it relatively easy for another organisation to take over maintenance of this file and to establish an alternative trust anchor.

Establishing a new TLD should require a substantial international organisation with support from a majority of exising TLDs to take over responsibility for the new domain.

freedom of speech versus copyright

Of course the DMCA will be thrown out by the US Supreme Court eventually, which means probably after several decades of people being locked up over it. That's about the record of the supremes over various other fundamental rights denied various groups for many decades, e.g. for freed black slaves to be able to sit on any seat in a bus or to have equal educational rights or to be able to vote in elections. The problem is that it will also probably be several decades before the supremes get around to hearing a DMCA false imprisonment case.

Unless copyright lobbies get to pay to get copyright elevated within the US constitution to a higher status than freedom of speech that is. So far all they seem to be able to buy is laws in the US congress. I think they'd have to buy about 3 quarters of the states as well to get copyright defined as a constitutional right. Mind you, given the undue lobbying influence of those who buy ink by the barrel and can use such purchases to decide who gets elected, I wouldn't put buying constitutional rights past them.

Big brother icon, because those who buy laws for the purpose of protecting copyright want to dismantle our fundamental privacy rights as well for the same purpose, e.g. to legitimse spying on your communications in case your communications breach their copyright.

know nothings

You might be surprised. In a country that could host a 'know nothing' political movement it is difficult to be sure as the scale of the illiterate vote.

http://en.wikipedia.org/wiki/Know_Nothing

some IDs should be single

And some should be multiple. Taxpayers don't like people claiming benefits or tax allowances through claims involving multiple IDs. Bank charges would be even higher than they are if banks established identity for new accounts less securely, but there are good reasons for having more than one bank account. The ID I have with my bank isn't the same as the ID I have with the passport office. I may choose to use one to establish the other but I may choose to use my driving license instead, yet another ID.

The reason for cultivating an ID which can be inherently one of many is that you may want to invest in its reputation. I have many email addresses. Some I create and throw away for a single sender, e.g. if supermarketX give me a special offer on condition I give them an email address I will create and they will get supermarketx@my.domain given to them so I know if it gets sold on who did this, and so I can terminate the contact possibility whenever it suits me.

Weddings can be on any day

And if it was at the weekend we wouldn't get the extra holiday, would we ?

Google is acting as the agent of the recipient

I think contractually this works a bit like writing to someone who has a secretary open their letters. There is nothing illegal about a secretary opening letters you have sent to someone the secretary is working for assuming the recipient has employed the secretary to do this. The issue here as I see it, is whether Google are using their privileged position to find out anything about the _sender_ for their own purposes, over and above the terms on which they offer their services to the _recipient_.

It is a different matter, and entirely reasonable for the ISP which acts as the courier to know the contents of the outside of the envelope if the email is relayed through one of their mail servers. It isn't reasonable for the ISP to know the body of the email, unless their contractual position allows them to act as the secretary who opens and reads the message on behalf of the recipient. I think in the case of Google, their terms and conditions make them more than the delivery boy, but whether their privileged access to the private correspondence of the sender gives them responsibilities not to exploit this information will be up to the courts to decide.

@AC 13:13 GMT

The point about lack of basic human rights in most Muslim regimes is worth making.

The reason non Christians have any freedom of speech in most countries is because democracy developed in Protestant Christian countries before anywhere else, followed soon after in Catholic Christian countries. The Christian Gospel is about freedom from slavery (slavery to sin and Satan). It is therefore hardly a surprise that his Christian faith inspired William Wilberforce to campaign successfully to abolish slavery.

No other faith position can make such claims. Atheists still dream they can create a more perfect society, but the human rights track record of the atheistic regimes of the last century and earlier is pretty appalling.

well spotted

I parsed this sentence the same way when I read it: Google are claiming either not to be working on a social networking platform (unlikely given the context) or is working on something which will beat Metcalfe's law through a significant advance by giving advantages to early adopters, despite the initial competing social network having to start small.

The advantage to my mind which Facebook lacks is a social network which operates more like the web (distributed, many independently operated servers, any client potentially able to connect to any server) than like the Facebook scaled mainframe: logically singular but physically distributed server owned by a company that changes the rules and policies at will with many subservient clients who accept what they are given and who disclose all their personal data to be sold on to Facebook's data customers as part of the deal.

Remember that Google benefits from the development of the web as a whole, and doesn't want competition from the likes of Facebook in their core business of helping customers find vendors who will pay Google for pole search position. How better to destroy the massive potential of competition through the social networking space than by transitioning social networking into a genuinely distributed protocol and infrastructure which is more likely to want to place advertising through Google than through Facebook ?

Please quote your sources

"That is diametrically opposed to what is happening today."

Not so sure either of us have a very good _global_ understanding of precipitation trends. Over the last 20 years or so, following previous decades of desertification, the Sahel has been getting greener:

http://www.eoearth.org/article/Greening_of_the_Sahel

The problem is dominant memories of those old enough to have seen the very many news reports prior to this greening of the advancing desertification there. But the subsequent greening of the Sahel hasn't been reported in the same way at all, just one or 2 academic papers such as the one above based upon satellite imagery, and a few field observations I've seen which substantiate the above paper, which have received virtually zero media coverage.

nobody gets elected by arguing with the man who buys ink by the barrel

Politicians are still keen to pander to the vested media interests which like copyright to be the way it was. So when old media told our representatives what to do about new media, politicians did what they were told.

Not the first time

Disputes about the management of the XFree86 windowing system resulted in the X.org fork. No one bothers with XFree86 anymore, this has effectively been killed by the X.Org fork proving itself the more vigorous and effective development.

Disputes over project management will occur. The advantage of open source here is the evolutionary benefit of survival of the fittest. When there is a dispute over the management of a closed source program there is no guarantee that the leadership chosen by management are the fittest for purpose. Does a genome care if one branch becomes incompatible with another ? Most of the time the better branch will survive, in other cases 2 species emerge into different evolutionary niches.

Annual fee

When banking services are provided by mutually owned and managed organisations, such as the Building Societies, Swiss WIR and the Irish Credit Unions it becomes feasible for these trade and credit accounting services to be the servant of the economy and not its master. With banking services provided by and for private shareholders banks will always be the master of the economy - just look at recent bonuses paid to bankers if you don't believe me.

Currently every plastic purchase you make results in the vendor paying a percentage to the bank. You, the customer, are not supposed to see this, because cash purchasers will normally see the same price. But the vendors have to charge their customers for this by upping prices. You the vendor are supposed to see this as a commission the bank gets for the sale, as if you couldn't get this sale without the bank's assistance. If your credit bill isn't paid in full at the end of the month, you the purchaser get to pay a very high rate of interest compared to what the bank has to borrow money at. It's not as if the bank has to borrow this most of the time anyway, because this money doesn't exist before you spend it - it's your IOU and not that of the bank, because the collateral is your ability to repay it, the bank just insures the very small risk that you can't or won't. The bank also meets payment calls required for clearing differences with other banks and whatever minimal fractional reserve rules the regulators might impose, but these payments made by the bank are minor compared to what the banks lend and charge you for when you spend.

Change this to a mutual money model avoiding the dead hand of government and parasitical shareholder influence, keep risk-taking capitalist investment banking at arms length from mutual retail banking, and you get a deal much closer to that offered by WIRBank in Switzerland ( http://www.wirbank.com ) You'll see very much lower rates on offer there (you'll understand these better if you can read German, French or Italian).

But the mutual accounting operation does have base overheads to pay for (cost of staff and branches mainly), though these can be kept modest. In practice the fairest way to provide for most of these is through annual fees.

Mixing data with executable content is bad for security

"In the end, once again NoScript proves invaluable."

Useful I agree and probably not as bad as IE, but still not good enough. There are simply too many websites that don't function currectly without Javascript, that when I had NoScript installed I had to make too many choices as to which ones to allow and refuse. The problem here is also that the Nobel Peace prize site has the reputation of the Nobel prize itself, so regular visitors to this site using NoScript would be likely to have allowed Javascript from this site believing the site administration to be in good faith. I'm sure it was, but that doesn't make the site administration invincible.

What is fundamentally broken here is having to run Javascript within such a complex and poorly sandboxed environment in order to make web browsing work to more than a very minimal degree without excluding many sites which would not work without Javascript at all. Linux users like myself have no reason to be smug that the attackers chose to have a Windows executable downloaded. The fact that a zero day on Firefox could plant and remotely execute a download on the client should not be enabling anyone to feel the current browser sandboxing and state retention model is safe by any means.

We need better system partitioning than the current Javascript implementations provide for.

@Badvok

"What I really don't understand is why so many people are so content to deprive the artists they like of the funds they need to carry on producing more music. "

Of what value are claimed "rights" which are ineffective due to being almost universally ignored and unenforcible ? To see this in context, there used to be a law obliging London cabbies to carry a bale of hay in their cabs. The moral justification for this was to prevent the horse from going hungry. But it also granted rights to this market to hay suppliers. Technology moved on, but it took 50 years after the disappearance of horse-drawn cabs in London before this unenforceable and universally ignored law was finally got rid of. Was this law primarily for the benefit of the horses, or for the benefit of hay suppliers ? We could argue similarly about musicians, who typically get less than 5% of what we have historically spent on recordings with 95% going to the collection societies and music companies supposedly acting on their behalf.

In practice it's just as well that musicians have other sources of income, including from live performances and legitimate commercial use of their recordings when played in public places and on radio etc. by businesses which have to buy a license to play this legally. I'm supportive myself of artists getting a levy on the sale of network bandwidth and blank media for the purpose of legitimised and unrestricted copying of their work. But I'm not supportive of copyright owners being able to control and spy on what we all do with our computers and consumer electronics.

Big brother icon, because human rights privacy law ultimately trumps copyright. Someone else's copyright does not, based upon any sense of proportion or supremacy of human rights over other kinds of law, entitle them to have my mail steamed upon or my network connection monitored.

Where will it end ?

I would hope somewhere similar to where this started because there are things we could all do about it. But knowing what we can do requires we understand the problem, and our paths of least resistance are our own worst enemies. My own view is that to achieve anything we need to change our own attitudes towards privacy starting with the semantics of 'us' and 'them' because the enemy is staring at us whenever we look in a mirror.

Every move someone could have made in 1948 when Orwell's 1984 was written was covertly observable. Your letters could be steamed open and your telephone could be monitored 24x7. Everywhere you went, who you met and everything you purchased could have been known in detail. But this level of surveillance against a single individual was expensive, requiring round the clock teams involving 3-4 agents active on all shifts, perhaps a team of 12 to carry out full surveillance of one individual. So the state surveills few to this degree. Tyrannies with larger secret police forces do it more, and extend cheaper surviellance to everyone, by making it impossible to live without committing minor crimes with major penalties. Those caught are coerced into spying on their neighbours, relatives and friends through the threat of prosecution. But informant networks based on coercion and fear tend to report what the hearer wants to hear.

The problem concerns how many people state surveillance can affect in practice, and how much it costs the state to do it. It also concerns the centralisation of access to data which many of us collect on each other.

E.G I keep logs of email transactions on my server for myself and 4 other people. Theoretically I could be asked to hand these over, and if I neglected to keep data for the required period I could be in breach of current law. But it is implausible that the state will go after records on tiny systems like mine unless I have very good reason to want to cooperate, because someone looking after the email logs of millions of users is less likely to squeak or obstruct. Also if it costs much securely to tap directly into a single email server for the purpose of automated and remote data collection without needing prior warrant, the state will pay to do this at the largest ISPs only. If they want data from the smaller ISPs they will have to ask which takes time and costs more.

The same applies to videocameras. Someone around the corner (let's call him Joe) may have installed a webcam looking at his own front path after he got burgled. While Joe keeps most of the data on his own disk, perhaps he uploads a still to his public facing website every minute or so. Chances are the local police might google his public facing website if something happens in his street. If they can do it is because Joe has deliberately put the stills where everyone and anyone can see. That's Joe's choice, but it arose from the behaviour of 'us' and not 'them'. The police are still unlikely to go after what Joe keeps on hard disk unless there is a serious local crime, in which event Joe will probably want to assist anyway. (A privately installed camera just round the corner from where I live caught someone recently putting a live cat into a wheelie bin and closing the lid on it).

So how do 'we' ensure that 'they' have the information we really want them to have at a cost sufficiently high so it is available for purposes we think are appropriate (our definition) and not for purposes we think inappropriate (e.g. use of RIPA to catch dog foulers) ? The Data Protection Act was one such attempt. Data collected for one purpose should not be used for another (with certain exceptions). As far as ANPR cameras are concerned, these systems have such great potential for abuse that limiting this needs politics as usual: campaigning, vigilance, letter writing etc. But the effects of ANPR could be mitigated if we preferred neighbourhood car pools instead of private cars most of the time, as knowing who was driving a particular car at a particular time and place would then also require a visit to the car pool record keeper. But it's very unlikely we'd choose to use car pooling mainly for this as opposed to for other reasons.

So use and setup smaller ISPs, use community currencies, run your own mailservers and VPNs etc, pool your cars and encrypt opportunistically whenever and wherever you can. But it's unlikely we will without other incentives because privacy tends always to be a secondary consideration and our willingness to have personal data collected about us is our own enemy here.