What did he say that was that controversial? I hope there's more to it than what's published in the article, otherwise I can't see how that clause possibly could be enforceable.
Not unless you think BitTorrent is incapable of "substantial non-infringing use" -- that'd be a tough case to make these days.
I'll grant you that the AC you're responding is so very wrong. Still, there are so many inaccuracies in your short explanation here that I don't even know where to start. When you're trying to argue from authority ("because I have a computer science degree") you should probably be sure you're right.
I'm not trying to be a pedant but almost everything you said here is technically inaccurate. I can believe this comment was moderated insightful -- that's a major hivemind fail.
@Marcus: Heh, but I doubt the patent lawyers in Marshall need to advertise at all!
Which brings up an important point about free speech: IIRC the bar for protection is substantially lower for commercial speech. You'd think this lawyer would know that and not specifically pigeon-hole his complaint by referring to "unnecessary restrictions on advertisement". This is of course more than just a restriction on commercial speech so this seems like a pretty bad move.
I'm glad to see you updated the article -- but the update is *still* inaccurate. I probably should have been more clear about this in my first comment -- the problem isn't whether sites use SSL during the login or payment phases (this is been considered a best practice for years now). You've got to use SSL for the lifetime of the session, at the _very_ least for users on unencrypted wifi where MITM attacks have been made so very easy by tools like firesheep.
Since there's no way to know which users are on coffee shop wifi it is now considered a best practice to push everyone to SSL. If you don't believe me download firesheep and see what you can get away with on another user's amazon account. You may not be able to buy anything but you'll be able to do quite a bit of damage.
Mike, I love you man, but you're really out of your element here. It's already been pointed out how Schumer's staff wouldn't control the cert, and that it's a dead endpoint anyway, and that (surprisingly!) the senator is actually *correct*...
But more importantly: if you understood the attack vector in question you'd understand that it is only really relevant for hijacking user sessions in progress. If you'd looked at the port 80 version of the site you may notice the lack of a login feature anywhere, thus your complaint is completely baseless. In this case you're the one doing the grandstanding.
While you're right that encryption was left out of HTTP by design (for the caching benefits) it was relatively recently (even later than 2007) that it become obvious that HTTPS was more than just a best practice for any web application where users log in.
Before tools like firesheep  came on the scene it was generally assumed that simply encrypting the login exchange was sufficient. I'm pretty sure I remember you mentioning firesheep in a story so you ought to be aware of this but it sounds like you may have missed the wider implications.
RE: vpn, as pointed out by the first Coward, your statement is not quite true. It _will_ however help you in a proximity-based attack (e.g. coffee shop wifi + firesheep).
I would imagine that anyone who got one of these tickets is likely to be able to get out of it in court by pointing to the deceased officer's "certification."
"Of course, I'm also wondering if he's violating the law himself in threatening people with criminal charges based on absolutely nothing..."
If he's not, he ought to be. I don't say this often, but there ought to be a law...
Not available in digital form does *means* not available! Shipping a cd takes substantially longer than shipping a few megabytes. He'd already invested too much of his precious time trying to find this thing legitimately, now you want him to *wait* a week and then spend another 20 minutes ripping it? Screw that.
"The internet is mostly a free, open place. Push too hard, and the most restrictive countries will step in and put their foot down. If you really want freedom, then you need to back off a bit and keep it that way."
This is absurd. And your otherwise thoughtful (if ill-informed) comment suggests you know this as well. For starters, you cannot say "mostly free" and "push too hard" in the same breath -- is it free or not? If it were, you couldn't "push too hard". You can't say "the most restrictive countries will step in and put their foot down" -- they already have. Are you saying they'll put their foot down harder? Sure, but they're far from "mostly free" (such a silly phrase anyway). You *certainly* can't say "imagine the US having only two peering points to the outside world" without providing some roadmap where this were feasible. You just say "It is possible" -- sure, but *wildly* improbably.
But your points about DNS are spot on -- it's not *fixable* but it's definitely feasible to route around it. It may be inextricably linked to the internet but it's by no means required.
> The real shame, of course, is that the US government, who has been speaking so forcefully about being against online censorship over the last year or so, may ultimately be the leading cause for these new infrastructure tools to be built...
It's an embarrassment, yes. But not a shame. It's a gift, plain and simple. Intent is irrelevant -- as you've noted DNS is especially in need of a swift kick in the ass. It's about time.
While I agree with your sentiment, you're a little off base in your analysis. The LoC is not part of the executive branch like most gov't agencies: it's quite literally "of Congress", and as such is beholden to the wimbs of congress, for better or worse.
You linked to the times paywall -- please don't do that!
Disabling cookies gets you nowhere. There are many other systems you'd have to disable -- including a variation on the css history hack you referenced earlier that can actually persist arbitrary data) you'd have to disable. And that leak has only been plugged in FF4 -- every other browser is susceptible. But that's just scratching the surface...
If you're privacy-sensitive, try not to shit your pants: http://samy.pl/evercookie/
There are some interesting possible technical solutions to these problems -- but a policy solution is just absolutely impossible. The browser is just too insecure -- we can't reasonably expect every company to vet every bit of ad code that goes on their servers. Censorship through third party liability indeed.
rot-13? that's not nearly nefarious enough!
Come on Mike, you're better than that. You're clearly taking the "dog's breakfast" quote completely out of context...
"The reality is it's someone who's 40 years old and poor and settling for a dog's breakfast of Netflix and short-form video."
I don't know where the "40 years old and poor" comes from (sounds like the typical shill bs) but be fair -- even if you don't completely buy the "dog's breakfast" part you could at least represent it fairly.
And as someone's who's cut the cord more than once (and yes, I'm young, educated and employed) I have to admit that while I'm plenty happy with my entertainment options online my girlfriend would probably agree with the dog's breakfast characterization. Needless to say we have cable again, at least for now.
Back when I with the USPTO (when it was the Dudas regime, not long ago) they'd already decided the number one problem was the time it takes to get a patent. In fact they often referred to it as the "$500 million problem", though I still don't *quite* understand why. Same as it ever was...
Just to small correction: the source article at fair.org actually says he was the NSA chief. Too late to change a headline?
Heh. I didn't know that mark was still "used in commerce" -- I thought Little Caesars died off years ago (it certainly did in the DC area).