I like that story. Not that it matters anymore, but taxi cab storage was probably a bad idea. The disks were undoubtedly the "Winchester" type and when powered down the head would be parked on a "landing strip". Still, subjecting these drives to jolts from a taxi riding over bumps in the road could damage the head or cause it to be misaligned. You would have known though it that actually turned out to be a problem. Also, I wouldn't trust a taxi driver with the company database. Although, that is probably due to an unreasonable bias towards cab drivers. I won't mention the numerous arguments with them (not in the U.S.) over fares and the one physical fight with a driver who nearly ran me down while I was walking.
In this case they were not dealing with unknown malware that was steadily erasing the system as they watched. There was, apparently, a delete event at a single point in time that had repercussions that made things disappear while people worked on the movie. I'll bet things disappeared when whatever editing was being done required a file to be refreshed. A refresh operation would make the related object disappear when the underlying file was no longer available. Apart from the set of files that had already been deleted, more files could have been corrupted when the computer was unplugged. Having said that, this occurred in 1999 when they were probably using the Ext2 filesystem under Linux. These days most everyone uses a filesystem that includes journaling which protects against corruption that may occur when a computer loses power. Ext3 is a journaling filesystem and was introduced in 2001.
In 1998 I had to rebuild my entire home computer system. A power glitch introduced corruption in a Windows 95 system file and use of a Norton recovery tool rendered the entire disk into a handful of unusable files. It took me ten hours to rebuild the OS and re-install all the added hardware, software, and copy personal files from backup floppies. The next day I went out and bought a UPS. Nowadays, sometimes the UPS for one of my computers will fail during one of the three dozen power outages a year I get here. I no longer have problems with that because of journaling.
Oren Jacob, the Pixar director featured in the animation, has made a comment on the Quora post that explains things in much more detail. The narration and animation was telling a story, as in storytelling. Despite the 99% true caption at the end, a lot of details were left out which misrepresented what had happened. Still, it was a fun tale for anyone who had dealt with backup problems. Oren Jacob's retelling in the comment makes it much more realistic and believable.
The terabytes level of data came from whoever posted the video on Quora. The video itself never mentions the actual amount of data lost or the total amount the raw files represent. Oren says, vaguely, that it was much less than a terabyte. There were backups! The last one was from two days previous to the delete event. The backup was flawed in that it produced files that when tested, by rendering,
exhibited errors. They ended up patching a two-month old backup together with the home computer version (two weeks old). This was labor intensive as some 30k files had to be individually checked.
The moral of the story. Firstly, always test a restore at some point when implementing a backup system. Secondly, don't panic! Panic can lead to further problems. They could well have introduced corruption in files by abruptly unplugging the computer. Thirdly, don't panic! Despite, somehow, deleting a large set of files these can be recovered apart from a backup system. Deleting files, under Linux as well as just about any OS, only involves deleting the directory entries. There is software which can recover those files as long as further use of the computer system doesn't end up overwriting what is now free space.
My favorite album that uses a lot of sampling was one of the earliest uses of sampling, Brian Eno and David Byrnes 1981 collaboration on "My Life in the Bush of Ghosts". A brilliant set of songs! I am now wondering if they will see some sort of lawsuit.
A distinction should be made in how school officials can react. Certainly a school should have a program that teaches about bullying (what constitutes bullying, what motivates bullying, and how it can be handled). They could even hold discussions in response to a particular incident. The school is not responsible for a students actions outside of school or school sponsored events. Schools should not usurp the parents authority. When a public school is in session, school officials have a role as a surrogate for the parents or as an extension of the state. Punishing speech or behavior occurring outside of school is beyond their jurisdiction. Perhaps the best response is to inform the parents of any instigator and arrange a conference if the parents agree.
How far does the schools responsibility and authority extend? If a student accesses Facebook from school using the school equipment and internet connection, clearly the school has authority. What if the access is from a students phone during lunch break? What if the student accesses Facebook from a phone while walking or riding home or to the local fast-food joint? The answer to these questions apply not just to bullying behavior but also in the same way to any sort of speech.
In addition to location, let's look at ownership of equipment as a factor in determining the schools authority.
Austin Carroll, the Indiana high school student who was expelled for a profane tweet did this from his home. He used a school issued laptop which was configured to use a school server as a proxy in accessing the internet. After logging in to the school website, which is the home page upon launching the browser, he had access to the internet which appeared to him exactly the same as just going through his local ISP connection. The school claims that their ownership of the laptop and forced routing through the school network gives them the authority to censor his speech as if he was physically at school. Is it enough ownership to claim authority if Austin had used the school laptop and avoided going through the school's network? Would the same logic apply if he used a school issued pencil to write an objectionable sentence? My feeling is schools should only get involved if speech occurs at school or a school sponsored function and, if applicable, using school owned equipment.
When a student is not at school he or she has them same free speech rights as anyone else (I am disregarding, for now, the parents say in the matter). There is no restriction on what people this speech is in reference to. They can talk about teachers, school officials, and other students. The school has no authority here even if the speech rises to libel or slander. The school can, of course, contact law enforcement or the parents playing the role of informer or counselor. Teachers do not have the same freedom, as they have a responsibility to maintain the privacy of students and are subject to restrictions that any other government employee would have.
Like anything valuable, it can be abused. I think having the capability of anonymity on the internet is too important to forgo because there are some criminals, terrorists, pedophiles etc. who would also use it as a tool. They can be caught or stopped in other ways. With global surveillance and data mining quickly becoming a technological possibility, anonymity provides a way for dissidents to communicate, which is an important tool to fight tyranny.
One of the characteristics of TOR is that a message transmitted through the network will travel through node(s) that are not subject to a single country's laws. Also, you personally could host a TOR node. I'm sure there are people who are willing to do this in the US who are motivated not to voluntarily share information with the government.
I am certainly motivated, after reading recent articles on NSA's Bluffdale, Utah facility which included the fact that Stellar Wind uses at least 10 to 20 intercept points in our telecom infrastructure. This certainly has undercut and continues to undercut the 4th amendment I am motivated because CISPA will legitimize, unless it is found contrary to the 4th amendment, arbitrary surveillance leading to a surveillance state. A surveillance state, for sure, provides the tools to protect from terrorism, cybercrime, etc. but at the same time provides the infrastructure for a totalitarian state. I am now motivated and will be sending in my resume tonight to work full time on the TOR project as I saw this week they have a software opening.
If you read the article referenced in this story it is completely understandable that you could come away with the impression it was no coincidence that Bit9 released the survey results while CISPA was being debated and the survey results could be used to support CISPA. I looked further and it seems the survey release may or may not be coincidental but if the timing was intentional Bit9 is only glomming onto any sort of publicity dealing with "cybercrime".
From Bit9's web-site and about the survey: http://www.bit9.com/company/news-release-details.php?id=247
"Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security."
"S o how do we protect against these types of attacks while still not infringing on the privacy of the typical user? The legislation is very broad, leaving a lot of wiggle room for the government to acquire information outside of the bill's initial intent. Unlike the USA PATRIOT Act, which allows roving domestic wiretaps, CISPA would grant the government unprecedented access to web company user data and trump already passed (and extended) legislation like the USA PATRIOT Act."
"By putting companies in control, the bill claims to protect each user’s privacy by not mandating private or public web companies to fork over their user data. This would leave companies like Facebook to choose what to do with the information it knows about you as opposed to the government – a little better, but still disconcerting. Facebook, Microsoft, Oracle, Symantec, Verizon and reportedly Google have come out in support of the legislation – a stark contrast to the public and company protests regarding SOPA and PIPA."
"But most of these brands do not have a great track record of protecting user privacy to begin with. So the fact that they embrace support for this bill is a far cry from an authoritative endorsement of user privacy protection. The bill may be an "opt-in" legislative measure, but who is to say that both parties (the government and corresponding companies) can't both mutually benefit from the sharing of private information? This may now give companies the ability to barter private information with the government in exchange for corporate influence."
I would say this shows that Bit9 does not support CISPA. It does show that you often need to look past a single blog's summary of an event or publication, particularly if you are going to make a presumption, about Bit9 and CISPA here, that the blog does not make.
Nice summary of botnets Rich. I would like to point out one aspect of botnets you did not mention. I don't have the time today to track down a reference, but my memory tells me that a large portion of botnet zombies become zombies because the user does not update their OS or application software to patch security vulnerabilities and/or they do not have anti-malware software installed. There is a correlation between pirated versions of Windows and malware infection. This could be due to the end-users risky behavior in general, by downloading software from any source and blindly trusting it not to be malware, or the end-users mistaken perception that Microsoft insists on applying security updates to only validated versions of MS software.
This is not to say that fully updated systems running anti-malware and IDS systems cannot be infected. They can. However, it is more likely that a system that is not updated will be infected. This makes anti-malware software useful in limiting the size of botnets. Otherwise, why isn't everyone's computer part of some botnet? Frankly, I don't know how to convince people to keep their computers updated, but wider adoption of this practice would limit the size of botnets further. In addition, takedowns of botnets like Zeus and Kelihos is a new technique that pushes the balance further toward limiting the spread of botnets.
One thing for sure, as you say, the problem of botnets will not be fixed through legislation and is not a valid argument in support of CISPA.
I am always skeptical of what Richard Clark says but I would not dismiss everything he says out of hand. I assume that he is always selling something, and to me, his worst fault is intentionally distorting the context or importance of the things he talks about. The following is a short video he did for Bit9 discussing this survey. http://www.youtube.com/watch?v=rnnxFPOKHKU&feature=relmfu
In this, he categorizes the different motivations for attacks well (CHEW - crime, hacktivism, espionage, and war). Surprisingly, he downplays the threat of war by saying it doesn't go on very much. I imagine, that apparent change in his thinking is motivated by who he is currently representing. He emphasizes espionage as being the most important concern. Despite the cover photo for the video being the, Anonymous adopted, Guy Fawkes mask from "V for Vendetta", Clark doesn't seem too concerned about hacktivism here.
Richard Clark, former advisor to 3 presidents including National Coordinator for Security and Counterterrorism, and Special Advisor to the President for Cyber Security, is on the board of directors for Bit9 which is the company that conducted this survey. This is not terribly surprising though. I would not expect congress members to be involved because this company is a technology company providing security software and appliances. US government agencies could be a customer but as their survey emphasized, the solutions IT professionals see for security are not more government regulations and more law enforcement but technological tools to protect against cyberattacks (i.e. what Bit9 sells). Not much use for lobbying here.
There was an incident in Britain, which already has a law similar to the CFAA in the US, where Glenn Mangham was sentenced several weeks ago to 8 months in jail for doing security research. He found a security vulnerability in Facebook and collected evidence (internal Facebook documents and code) to present to Facebook as proof of the vulnerability. Despite the judge in his case stating:
"I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences,"
he was found guilty and sentenced to jail time under Computer Misuse Act despite having no criminal intent associated with his actions. The EU Cybercrime bill not only would allow this kind of abuse across all of Europe, it would be worse than the CMA or the US CFAA.
Peer to peer protocols will be of no benefit to DNS whether they use the current root or an alternate one. The main benefit of peer to peer is relieving bandwidth requirements on what would otherwise be the sole source of distribution. That benefit comes when the files being distributed are sizable. DNS records, even ones with certificates, are not very big. The response to a root query is contained, by design, in a single 512 byte IP packet. This is why there are only 13 root servers. (Yes, I know this is amplified by anycast and load balancing to some 242 physical root servers).
The other main benefit of peer to peer protocols is redundancy and a distributed architecture. DNS already is structured to be redundant and distributed in other ways. The contents of the root zone file is determined at a single point, but the distribution of these contents is indeed, redundant and distributed.
I think it is a little unfair to say that the comment process was being abused. The topic for these comments was "Defensive Applications for New gTLDs". ICANN was opening up, for further comment, a discussion about why corporations or individuals feel the need to defensively register for gTLDs to protect their brand(s), whether or not it is a trademark or service mark. An important motivation for defensive registrations is how the brand owner perceives the effectiveness of rights protection measures (RPMs). ICANN has pointed out that the objection process for domains that are either already registered or in the process of being registered by someone else, is easier and cheaper than defensively registering a domain. So, bringing up issues surrounding the RPMs, such as URS, is a valid part of this current discussion.
Given that, I don't view items 1 and 2 above as being good ideas. It was Verizon, AT&T, Microsoft and CRIDO/ANA (Coalition for Responsible Internet Domain Oversight and Association of National Advertisers) that were the main parties making comments in support of making URS more favorable to big brands. One of their arguments was that defensive registration of 2nd level domains under a new gTLD was more expensive than registration of just a gTLD.
Readers here ought to be interested in the following portion of a Verizon comment:
"Amending the PDDRP to offer real remedies against new registries that become havens for cybersquatting and other crimes, with the lower “preponderance of the evidence” standard of proof. Registries should be held accountable when acting in bad faith and with willful blindness for fraudulent and illegal activities shown to arise on a continued basis in their delegated gTLD." Verizon (29 Feb. 2012).
I find the phrase "cybersquatting and other crimes", as if cybersquatting itself was a crime, to be rather revealing.
I think it's funny that someone, other than Verizon, registered verizonwireless.xxx, though I don't see why Verizon should get so freaked out about that as it's not plausible that Verizon would run a porn site. Am I being naive?
ICANN's summary of all this indicates that nothing will change for the current round of gTLD applications. These battles will be seen again for the next round, in 2 or 3 years.
Please note that item #3 above, applying URS to .com, was not part of this ICANN comment process, but a "horrendous idea recently advocated by a former President of ICANN’s Intellectual Property Constituency" (from the referenced article).
I believe one needs to read the accounts from both articles referenced in this Techdirt post. Also, understand that the school officials may not comprehend how their laptops are set-up and represent any access incorrectly. A critical point is that school's officials said that the twitter posting showed the school's IP address. My educated guess is that the student did tweet from home using the school laptop given to him. Furthermore, the laptop is set-up to use a server at the school as a proxy. Thus, any internet access went through the school as an intermediate step. The school could be monitoring this internet activity via it's proxy or it could log transactions on the laptop which are then reported to the school when the laptop is directly connected to the school's network. If so, and the school did not explain to students about the proxy or that their internet activity, even at home, was being monitored, then the school is in the wrong, violated the student's 1st amendment rights and violated his privacy.
Re: I've gotta story like this too
I like that story. Not that it matters anymore, but taxi cab storage was probably a bad idea. The disks were undoubtedly the "Winchester" type and when powered down the head would be parked on a "landing strip". Still, subjecting these drives to jolts from a taxi riding over bumps in the road could damage the head or cause it to be misaligned. You would have known though it that actually turned out to be a problem. Also, I wouldn't trust a taxi driver with the company database. Although, that is probably due to an unreasonable bias towards cab drivers. I won't mention the numerous arguments with them (not in the U.S.) over fares and the one physical fight with a driver who nearly ran me down while I was walking.
Re: Re: a retelling by Oren Jacob
In this case they were not dealing with unknown malware that was steadily erasing the system as they watched. There was, apparently, a delete event at a single point in time that had repercussions that made things disappear while people worked on the movie. I'll bet things disappeared when whatever editing was being done required a file to be refreshed. A refresh operation would make the related object disappear when the underlying file was no longer available. Apart from the set of files that had already been deleted, more files could have been corrupted when the computer was unplugged. Having said that, this occurred in 1999 when they were probably using the Ext2 filesystem under Linux. These days most everyone uses a filesystem that includes journaling which protects against corruption that may occur when a computer loses power. Ext3 is a journaling filesystem and was introduced in 2001.
In 1998 I had to rebuild my entire home computer system. A power glitch introduced corruption in a Windows 95 system file and use of a Norton recovery tool rendered the entire disk into a handful of unusable files. It took me ten hours to rebuild the OS and re-install all the added hardware, software, and copy personal files from backup floppies. The next day I went out and bought a UPS. Nowadays, sometimes the UPS for one of my computers will fail during one of the three dozen power outages a year I get here. I no longer have problems with that because of journaling.
a retelling by Oren Jacob
Oren Jacob, the Pixar director featured in the animation, has made a comment on the Quora post that explains things in much more detail. The narration and animation was telling a story, as in storytelling. Despite the 99% true caption at the end, a lot of details were left out which misrepresented what had happened. Still, it was a fun tale for anyone who had dealt with backup problems. Oren Jacob's retelling in the comment makes it much more realistic and believable.
The terabytes level of data came from whoever posted the video on Quora. The video itself never mentions the actual amount of data lost or the total amount the raw files represent. Oren says, vaguely, that it was much less than a terabyte. There were backups! The last one was from two days previous to the delete event. The backup was flawed in that it produced files that when tested, by rendering,
exhibited errors. They ended up patching a two-month old backup together with the home computer version (two weeks old). This was labor intensive as some 30k files had to be individually checked.
The moral of the story. Firstly, always test a restore at some point when implementing a backup system. Secondly, don't panic! Panic can lead to further problems. They could well have introduced corruption in files by abruptly unplugging the computer. Thirdly, don't panic! Despite, somehow, deleting a large set of files these can be recovered apart from a backup system. Deleting files, under Linux as well as just about any OS, only involves deleting the directory entries. There is software which can recover those files as long as further use of the computer system doesn't end up overwriting what is now free space.
early sampling
My favorite album that uses a lot of sampling was one of the earliest uses of sampling, Brian Eno and David Byrnes 1981 collaboration on "My Life in the Bush of Ghosts". A brilliant set of songs! I am now wondering if they will see some sort of lawsuit.
Re: Re: Re: Sure the school could have done something!
A distinction should be made in how school officials can react. Certainly a school should have a program that teaches about bullying (what constitutes bullying, what motivates bullying, and how it can be handled). They could even hold discussions in response to a particular incident. The school is not responsible for a students actions outside of school or school sponsored events. Schools should not usurp the parents authority. When a public school is in session, school officials have a role as a surrogate for the parents or as an extension of the state. Punishing speech or behavior occurring outside of school is beyond their jurisdiction. Perhaps the best response is to inform the parents of any instigator and arrange a conference if the parents agree.
How far does the schools responsibility and authority extend? If a student accesses Facebook from school using the school equipment and internet connection, clearly the school has authority. What if the access is from a students phone during lunch break? What if the student accesses Facebook from a phone while walking or riding home or to the local fast-food joint? The answer to these questions apply not just to bullying behavior but also in the same way to any sort of speech.
In addition to location, let's look at ownership of equipment as a factor in determining the schools authority.
Austin Carroll, the Indiana high school student who was expelled for a profane tweet did this from his home. He used a school issued laptop which was configured to use a school server as a proxy in accessing the internet. After logging in to the school website, which is the home page upon launching the browser, he had access to the internet which appeared to him exactly the same as just going through his local ISP connection. The school claims that their ownership of the laptop and forced routing through the school network gives them the authority to censor his speech as if he was physically at school. Is it enough ownership to claim authority if Austin had used the school laptop and avoided going through the school's network? Would the same logic apply if he used a school issued pencil to write an objectionable sentence? My feeling is schools should only get involved if speech occurs at school or a school sponsored function and, if applicable, using school owned equipment.
When a student is not at school he or she has them same free speech rights as anyone else (I am disregarding, for now, the parents say in the matter). There is no restriction on what people this speech is in reference to. They can talk about teachers, school officials, and other students. The school has no authority here even if the speech rises to libel or slander. The school can, of course, contact law enforcement or the parents playing the role of informer or counselor. Teachers do not have the same freedom, as they have a responsibility to maintain the privacy of students and are subject to restrictions that any other government employee would have.
Re: Re: Re: Re: It's finally time
Like anything valuable, it can be abused. I think having the capability of anonymity on the internet is too important to forgo because there are some criminals, terrorists, pedophiles etc. who would also use it as a tool. They can be caught or stopped in other ways. With global surveillance and data mining quickly becoming a technological possibility, anonymity provides a way for dissidents to communicate, which is an important tool to fight tyranny.
Re: Re:
Show me the proof that your 5 cans can survive a nuclear war.
Re: Re: It's finally time
One of the characteristics of TOR is that a message transmitted through the network will travel through node(s) that are not subject to a single country's laws. Also, you personally could host a TOR node. I'm sure there are people who are willing to do this in the US who are motivated not to voluntarily share information with the government.
I am certainly motivated, after reading recent articles on NSA's Bluffdale, Utah facility which included the fact that Stellar Wind uses at least 10 to 20 intercept points in our telecom infrastructure. This certainly has undercut and continues to undercut the 4th amendment I am motivated because CISPA will legitimize, unless it is found contrary to the 4th amendment, arbitrary surveillance leading to a surveillance state. A surveillance state, for sure, provides the tools to protect from terrorism, cybercrime, etc. but at the same time provides the infrastructure for a totalitarian state. I am now motivated and will be sending in my resume tonight to work full time on the TOR project as I saw this week they have a software opening.
Bit9 doesn't support CISPA
If you read the article referenced in this story it is completely understandable that you could come away with the impression it was no coincidence that Bit9 released the survey results while CISPA was being debated and the survey results could be used to support CISPA. I looked further and it seems the survey release may or may not be coincidental but if the timing was intentional Bit9 is only glomming onto any sort of publicity dealing with "cybercrime".
From Bit9's web-site and about the survey:
http://www.bit9.com/company/news-release-details.php?id=247
"Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security."
and from:
http://blog.bit9.com/bid/81664/CISPA-Does-the-Bill-Protect-Brands-More-Than-Their-Users
"S o how do we protect against these types of attacks while still not infringing on the privacy of the typical user? The legislation is very broad, leaving a lot of wiggle room for the government to acquire information outside of the bill's initial intent. Unlike the USA PATRIOT Act, which allows roving domestic wiretaps, CISPA would grant the government unprecedented access to web company user data and trump already passed (and extended) legislation like the USA PATRIOT Act."
"By putting companies in control, the bill claims to protect each user’s privacy by not mandating private or public web companies to fork over their user data. This would leave companies like Facebook to choose what to do with the information it knows about you as opposed to the government – a little better, but still disconcerting. Facebook, Microsoft, Oracle, Symantec, Verizon and reportedly Google have come out in support of the legislation – a stark contrast to the public and company protests regarding SOPA and PIPA."
"But most of these brands do not have a great track record of protecting user privacy to begin with. So the fact that they embrace support for this bill is a far cry from an authoritative endorsement of user privacy protection. The bill may be an "opt-in" legislative measure, but who is to say that both parties (the government and corresponding companies) can't both mutually benefit from the sharing of private information? This may now give companies the ability to barter private information with the government in exchange for corporate influence."
I would say this shows that Bit9 does not support CISPA. It does show that you often need to look past a single blog's summary of an event or publication, particularly if you are going to make a presumption, about Bit9 and CISPA here, that the blog does not make.
Re: Re: Re:
Nice summary of botnets Rich. I would like to point out one aspect of botnets you did not mention. I don't have the time today to track down a reference, but my memory tells me that a large portion of botnet zombies become zombies because the user does not update their OS or application software to patch security vulnerabilities and/or they do not have anti-malware software installed. There is a correlation between pirated versions of Windows and malware infection. This could be due to the end-users risky behavior in general, by downloading software from any source and blindly trusting it not to be malware, or the end-users mistaken perception that Microsoft insists on applying security updates to only validated versions of MS software.
This is not to say that fully updated systems running anti-malware and IDS systems cannot be infected. They can. However, it is more likely that a system that is not updated will be infected. This makes anti-malware software useful in limiting the size of botnets. Otherwise, why isn't everyone's computer part of some botnet? Frankly, I don't know how to convince people to keep their computers updated, but wider adoption of this practice would limit the size of botnets further. In addition, takedowns of botnets like Zeus and Kelihos is a new technique that pushes the balance further toward limiting the spread of botnets.
One thing for sure, as you say, the problem of botnets will not be fixed through legislation and is not a valid argument in support of CISPA.
Re: Re: Re:
I am always skeptical of what Richard Clark says but I would not dismiss everything he says out of hand. I assume that he is always selling something, and to me, his worst fault is intentionally distorting the context or importance of the things he talks about. The following is a short video he did for Bit9 discussing this survey.
http://www.youtube.com/watch?v=rnnxFPOKHKU&feature=relmfu
In this, he categorizes the different motivations for attacks well (CHEW - crime, hacktivism, espionage, and war). Surprisingly, he downplays the threat of war by saying it doesn't go on very much. I imagine, that apparent change in his thinking is motivated by who he is currently representing. He emphasizes espionage as being the most important concern. Despite the cover photo for the video being the, Anonymous adopted, Guy Fawkes mask from "V for Vendetta", Clark doesn't seem too concerned about hacktivism here.
Re:
Richard Clark, former advisor to 3 presidents including National Coordinator for Security and Counterterrorism, and Special Advisor to the President for Cyber Security, is on the board of directors for Bit9 which is the company that conducted this survey. This is not terribly surprising though. I would not expect congress members to be involved because this company is a technology company providing security software and appliances. US government agencies could be a customer but as their survey emphasized, the solutions IT professionals see for security are not more government regulations and more law enforcement but technological tools to protect against cyberattacks (i.e. what Bit9 sells). Not much use for lobbying here.
(untitled comment)
There was an incident in Britain, which already has a law similar to the CFAA in the US, where Glenn Mangham was sentenced several weeks ago to 8 months in jail for doing security research. He found a security vulnerability in Facebook and collected evidence (internal Facebook documents and code) to present to Facebook as proof of the vulnerability. Despite the judge in his case stating:
"I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences,"
he was found guilty and sentenced to jail time under Computer Misuse Act despite having no criminal intent associated with his actions. The EU Cybercrime bill not only would allow this kind of abuse across all of Europe, it would be worse than the CMA or the US CFAA.
http://www.out-law.com/en/articles/2012/february/british-facebook-hacker-sentenced-to-eight -months-in-jail/
Re: Alt DNS
Peer to peer protocols will be of no benefit to DNS whether they use the current root or an alternate one. The main benefit of peer to peer is relieving bandwidth requirements on what would otherwise be the sole source of distribution. That benefit comes when the files being distributed are sizable. DNS records, even ones with certificates, are not very big. The response to a root query is contained, by design, in a single 512 byte IP packet. This is why there are only 13 root servers. (Yes, I know this is amplified by anycast and load balancing to some 242 physical root servers).
The other main benefit of peer to peer protocols is redundancy and a distributed architecture. DNS already is structured to be redundant and distributed in other ways. The contents of the root zone file is determined at a single point, but the distribution of these contents is indeed, redundant and distributed.
not an abuse of comment process
I think it is a little unfair to say that the comment process was being abused. The topic for these comments was "Defensive Applications for New gTLDs". ICANN was opening up, for further comment, a discussion about why corporations or individuals feel the need to defensively register for gTLDs to protect their brand(s), whether or not it is a trademark or service mark. An important motivation for defensive registrations is how the brand owner perceives the effectiveness of rights protection measures (RPMs). ICANN has pointed out that the objection process for domains that are either already registered or in the process of being registered by someone else, is easier and cheaper than defensively registering a domain. So, bringing up issues surrounding the RPMs, such as URS, is a valid part of this current discussion.
Given that, I don't view items 1 and 2 above as being good ideas. It was Verizon, AT&T, Microsoft and CRIDO/ANA (Coalition for Responsible Internet Domain Oversight and Association of National Advertisers) that were the main parties making comments in support of making URS more favorable to big brands. One of their arguments was that defensive registration of 2nd level domains under a new gTLD was more expensive than registration of just a gTLD.
Readers here ought to be interested in the following portion of a Verizon comment:
"Amending the PDDRP to offer real remedies against new registries that become havens for cybersquatting and other crimes, with the lower “preponderance of the evidence” standard of proof. Registries should be held accountable when acting in bad faith and with willful blindness for fraudulent and illegal activities shown to arise on a continued basis in their delegated gTLD." Verizon (29 Feb. 2012).
I find the phrase "cybersquatting and other crimes", as if cybersquatting itself was a crime, to be rather revealing.
I think it's funny that someone, other than Verizon, registered verizonwireless.xxx, though I don't see why Verizon should get so freaked out about that as it's not plausible that Verizon would run a porn site. Am I being naive?
ICANN's summary of all this indicates that nothing will change for the current round of gTLD applications. These battles will be seen again for the next round, in 2 or 3 years.
Please note that item #3 above, applying URS to .com, was not part of this ICANN comment process, but a "horrendous idea recently advocated by a former President of ICANN’s Intellectual Property Constituency" (from the referenced article).
Re: school email list
also Twitter account for the Superintendent, not that he uses it very much.
Dennis Stockdale
@MrDStockdale
Re: school email list
The principal of Garret High School
Matt Smith
Principal
msmith@gkb.k12.in.us
probably better to contact the district superintendent at this point.
Dennis Stockdale, Superintendent of Schools, dstockdale@gkbschools.org
Re: Re: Re:
I believe one needs to read the accounts from both articles referenced in this Techdirt post. Also, understand that the school officials may not comprehend how their laptops are set-up and represent any access incorrectly. A critical point is that school's officials said that the twitter posting showed the school's IP address. My educated guess is that the student did tweet from home using the school laptop given to him. Furthermore, the laptop is set-up to use a server at the school as a proxy. Thus, any internet access went through the school as an intermediate step. The school could be monitoring this internet activity via it's proxy or it could log transactions on the laptop which are then reported to the school when the laptop is directly connected to the school's network. If so, and the school did not explain to students about the proxy or that their internet activity, even at home, was being monitored, then the school is in the wrong, violated the student's 1st amendment rights and violated his privacy.
Re: Needs a T-Shirt
Or..
Remember, remember the twentieth of November
vampires, trademark, and tag lots
I see no lark why vampires, trademark
should ever be forgot
Hmm, throws off the rhythm a bit.
Re: Re: Re: its the tags
You must be thinking of Amber Lamps