Airpillo: how long? Already happened. Google for "viacom chris knight".

The Video Privacy Protection Act:
http://www4.law.cornell.edu/uscode/18/2710.html

In particular, (b)(2)(F) which seems to cover exactly this situation. Note that it makes Viacom, not Google, responsible for providing the prior notice. My data will be in those logs, and I haven't been given notice by Viacom that they're requesting disclosure.

Yes, a letter goes in the mail tomorrow.

@#5: I'm figuring that the links from the DSLAMs to the ISP's internal backbone (or back to the CO in the case of remote boxes) are the "aggregation" links immediately above the DSLAM links. And those show a markedly lower percentage of congestion even though there'd be fewer of them handling more traffic than any individual DSLAM link.

Well, those numbers may indicate a real problem. Close to 5% of links congested may be a pretty high percentage. Or it may not. What exactly do they mean by "congested link"? If that's percentage of links that're at 75% or more of capacity for extended periods, 5% is a frighteningly high number. OTOH if that's percentage of links that went above 75% of capacity at any point in a given 24-hour period, even if only for a moment, then 5% is exceptionally low. And in terms of one customer affecting another, the DSLAM links don't much matter since those aren't shared. It's the aggregation, BAS and backbone links that matter, they're the ones that're shared between customers.

The part of this that truly makes me angry at the Children's Aid/Child Welfare types is that they're willing to indiscriminately believe accusations with this little support. Sexual abuse is one of those things where, when it really happens, evidence tends to be ambiguous. When the investigator has proven willing to believe something just because the Psychic Friends Network said it, it's really hard to believe they're not off in the weeds the next time too. It's the boy who cried wolf: do it often enough and they won't believe you. And they're not being unreasonable, you've proven time and time again that they can't believe you.

And it's not like the ed. assistant has an excuse either. The law says "reasonable cause to believe". This one isn't reasonable. If there's any justice, the ed. assistant should lose her job along with the staff at the school who didn't ask whether she had anything more substantial than that, and the Children's Aid workers who didn't question the veracity of this particular accusation should be at least removed from case work and preferably fired as well.

@WCC #26: Rev3 probably put a drop rule on their firewall for MD's IPs. Nobody's going to set it up to go through the whole TCP handshake and then reset the connection. Too costly in terms of resources. Standard method is a drop rule (all incoming packets from that range get dropped at the router). Correct method technically is to send an ICMP "administratively prohibited" error in response to the initial SYN, but most admins prefer the tarpit effect of a drop rule.

And it may well be a cluster, but it still requires (assuming standard TCP retry timings) a quarter-million simultaneous connect attempts to generate 8K SYN packets a second. Rev3 may be misstating things, but all their statements do seem to be consistent with a network that added a drop rule. And MD does advertise the disruption of P2P networks by exactly things like a SYN flood (which is what Rev3 describes) against the trackers to take them off-line.

I won't go into the technical aspects, but with the finite number of TCP ports available and the fact that a fair number of those aren't available for outgoing client connections, if their programmers were using a standard TCP stack then they could handle a maximum of about 63K attempts every 15 minutes on a single machine. Beyond that rate, their client would be getting continuous system errors trying to allocate a new socket and failing, and would probably be blowing up because of that.

@WCC #20: Rev3 did block outside torrents. Or rather, they blocked all torrents that didn't have the same hashcodes as the official torrents they were supposed to host. That's a lot faster and avoids having the tracker have to retrieve the entire torrent it's being asked to track before deciding whether to accept it. But there is a loophole: if the uploader manipulates their torrent carefully they can generate a hash collision, a torrent with the same hashcode as another one. Doing this is highly non-trivial and the odds on it happening by accident make the odds of 4 poker players all being dealt royal flushes in the same hand look like a downright certainty by comparison, so MD pretty much had to deliberately break the tracker's security to get their torrents hosted.

As far as negligent programming on MD's part, it goes beyond that. I program TCP networking for a living. Standard TCP SYN retry timing is *very* non-aggressive. To get the observed 8K SYNs/second, MD's servers would have to be trying some 120-240K simultaneous connections to the tracker. That volume's high enough that even a marginally competent programmer can tell it's going to DoS the target server even if everything goes right. And doing it with a lower volume requires bypassing the normal network stack and generating your own SYN packets ignoring the normal TCP retry timings specified in the RFCs. This isn't going to happen by accident, and any programmer good enough to work down at the raw IP packet level knows the consequences of being too aggressive. The field's full of stories about stupid network programmers who tried exactly that for "TCP network accelerators" and completely destroyed their customer's networks as a result. There's no way MD did this without knowing (from their techies telling them) *exactly* what was going to happen. They may have decided not to listen, but that doesn't get them off the hook.

Ugol's Law. It's not just a good idea. Also, "Please specify color of goat.".

I concluded long ago that, if you can describe something, someone somewhere probably has a blog about all the websites dedicated to that thing. And they've had to upgrade their servers twice to handle the increasing traffic.

That looks like registration info for one of those companies that help hide the actual registrant's information for privacy purposes. Things like this are one of the reasons I oppose any hiding of the actual registrant's information in WHOIS records.

Apparently Senator Bond thinks waterboarding is similar to surfboarding or something. Methinks the Senator should receive a personal introduction to the technique to clarify his understanding.

We had something like this here in San Diego a while back. The towing companies got nailed in a major way, at least one was put out of business and the owners faced criminal charges. The problems they had were two-fold:

a) They were (ostensibly) issuing tickets and imposing fines. The parking code gives the property owner the right to have vehicles towed, but does not grant any right to ticket or fine. If the property owners want to issue fines then they have to call the real cops and have a real ticket written, and the money from it won't go to the owner or the towing company.

b) The law requires the towing company to be authorized by the property owner (or their legal representative) to tow a specific car. Blanket contracts to tow fail in two ways: they don't authorize specific cars, and the law doesn't allow the authority to authorize to be delegated. So when a towing company hooks up and tows a car from a business parking lot without a piece of paper signed by the business owner or manager, they aren't towing under the law and can be charged with auto theft.

I'd have to wonder whether the rules in the UK are similar. If they are, McDonald's and Civil Enforcement may have a problem on their hands if the guy has a competent attorney.

Tom@22: The police in any large city are, if you're lucky, just going to take that waller or purse and toss it in the lost-property bin at the station and wait for the owner to call looking for it. More likely if you try to give it to a foot-patrol officer they're going to tell you to take it to the station yourself. Not really unreasonable, they've probably got several hours to go before they go back to the station and they've nowhere to carry it between now and then. If I'm heading to work or somewhere and see a wallet or purse, my most likely course would be to pick it up and take it with me. Once I get to work or home where I've plenty of time and a phone handy, then I can sort through the IDs to find some contact information. And if I pass a police officer on the way to where I'm going, I'm going to not give him the wallet/purse because of the above.

What the cops have done here is gotten dinged by a judge for ignoring the law, so they've dug in their heels and tried to finagle a way to ticket people for exactly what the judge said they couldn't. If I were that judge, I'd loooove to get one of those tickets in front of me.

I'll take one of my former boss's responses: "I don't want an apology. I want a detailed description of what steps you've taken to make sure your legal department doesn't do this again. If you aren't taking any steps, I'm going to conclude you don't think it was a mistake.".

KG: That works for some types of mining, but not gold mining. Almost every gold mine in the US (which is mostly the Carlin Trend in north-eastern Nevada) use the heap-leach process. Any mining company would be insanely stupid to just close up like that, because they'd be giving up 10-15 years of viable gold production doing that. What usually happens when the ore runs out is that the company shuts down the pit and leaves the leach piles and refinery running until recovery starts to drop off (which'll be years for even a small mine and decades for the big ones like Newmont's Gold Quarry and North Area). That's a lot of time for the environmental people to be coming around asking when they'll be implementing the reclaim plan for the pit.

When the environmentalists talk, the first thing that comes to my mind was the couple of years I spent schlepping around the Nevada mines as a geotech. One of the hawks up there is an endangered species, and we'd see them all the time since they nested in the exploration areas of a couple of the mines. One year the state Wildlife people were in an uproar because the hawk population had declined by 1. Then a journalist uncovered a report by the state Wildlife department reporting the removal of 2 hawks from the region. That pretty much blew away Wildlife's credibility.

Actually, most of the hard-rock mines are obligated to clean up and restore the land to a reasonably natural state after the mine closes. You won't, however, find that obligation under the law quoted. It stems from later environmental laws.

Svein@18: How high is the cost? Ask Publius, the pseudonym the Federalist Papers were published under.

#13: Exactly. But no, there won't be any copyright-master meta-tag. Think about it. If there were, and the filter passed anything with that tag, then wouldn't the pirates simply begin adding that tag to their pirated copies? Yes it'd be against the rules, but then if the pirates were interested in following the rules they wouldn't be pirates now would they. And what else would a filter have to look at but the two copies of the work? It has the copyright-holder-filed work A in it's database, and the newly-submitted work B it's looking at. If it can't assume that B being absolutely 100% identical to A means a copyright infringement, when could it ever flag an infringement?

Clif@10: Are you really, truly sure about "at all costs", and that it's that easy? Let me pose you a non-hypothetical question. We have two works, A and B. A was provably written before B. B is absolutely, 100%, byte-for-byte identical to A. Is B a copyright infringement?

@Jonathan_V: No, a few sentences overlap does not indicate a probable clone. Think about sentences like "He rang the doorbell and waited.". How many unique stories can you think of off-hand that could include exactly that same sentence while not being anything remotely alike? I can easily think of two completely different novels having, somewhere in them, perhaps two dozen such absolutely identical sentences. And let's not get into the question of a review of a book where a couple of paragraphs of a 300-page novel are quoted and analyzed. That's almost certainly fair use and not a copyright violation, yet it'd trigger your proposed filter. And if that review is put up first, it can prevent the copyright holder of the reviewed work from posting his own copy since his copy would trigger a match with another copyrighted work. Scribd can't even resolve that by removing the review, since the person who wrote the review can legitimately claim copyright ownership on it and now Scribd is deliberately refusing to protect his copyrighted work.

The Sukhoi Su-27 I believe has been doing things like this for a while now. It was in fact the test-bed for the thrust-vectoring system.

As for the arguments that maneuverability isn't useful when engagements are beyond-visual-range, they made that argument in the Viet Nam era too. We've solved the technical problems since then, but that doesn't help. The problem is that it doesn't matter whether the planes and missiles can hit targets the pilot can't see. If you look at the various Iraq wars, the rules of engagement were early on changed (because of friendly-fire incidents) to prohibit engagement until after the pilot had visual identification. If you aren't allowed to shoot until you're in visual range, you will end up in a close-in dogfight no matter what your aircraft and weapons are capable of.

I'd note that the question of how the GPL affects someone's code applies in one and only one circumstance: where the affected person wants to use someone else's code that's available only under the GPL, and at the same time wants to not release the combined code (theirs and the GPL'd code) under the same terms as they're subject to. I think that needs emphasis: they want to distribute someone else's code. When they talk about how they're being restricted in what they can do with their code, that restriction occurs because their code is mixed with someone else's code, eg. they're building their program based on GPL'd core components, or their code is a feature added to a GPL'd program.

I think part of the confusion is "free as in speech, not free as in beer". Most GPL'd software is available for no monetary charge. But there is a price: instead of paying in dollars, you pay in code. You want to benefit from GPL'd code? The price is you let others benefit from your code. If you don't want to pay the price, you don't use the code. When the price is in dollars that's intuitively obvious. When the price is in kind, I think some people get tripped up.

The GPL has always restricted your rights to the software in one important way: you may not restrict other recipients' rights to the software. It's language boils down to "You either grant all the rights to people you redistribute to that were granted to you, or you do not have a license to redistribute.". To me that seems an entirely reasonable restriction. Especially given that without the license I'd have no right to redistribute at all. I'd go so far as to say that the GPL places no restrictions on your rights that weren't placed on you by copyright law, it merely doesn't grant you quite as many extra rights above and beyond the ones you have by law that placing the material in the public domain would have.

Oh, and no the GPL, not even v3, doesn't require you to share your changes. It only requires you to make the source available if you distribute your modified software to other people. Which you have no right to do under copyright law anyway, you only get it from a license from the copyright holder. Again, the GPL doesn't restrict your right to redistribute, it merely doesn't extend that right without limitation.

The changes in the GPLv3 are in the same vein. Companies were trying to use tricks to take rights granted under the GPL away from people they distributed the software to, while continuing to enjoy the benefit of those rights themselves. The patent language, for example, boils down to "You can't enforce your patents on GPL'd software while distributing and profiting from that same GPL'd software yourself.". Note that it doesn't stop a company from enforcing it's patents on GPL'd software, it just requires them to choose between enforcing their patents and benefiting themselves from the software they claim infringes.

I hope they did some serious work on weight-reduction, or the pilot's going to have a very sore neck after the first couple of high-g turns.

Michael: I'd imagine the stripper gets odder requests than that routinely. Half her jobs are probably customers playing similar in-bad-taste pranks on their victims, and she's not getting paid to *not* deliver what the customer ordered. She probably just shrugged and thought "I only get paid for trying, if they've got a problem they can take it up with whoever ordered this.".

Me, I'd probably accept his offer. And then go have a quick talk with the real police officers about the gentleman trying to get suspicious devices past airport security. The cops'll probably enjoy the resulting fun too.

@BSD: Actually, Netflix IS obvious. There was a company, Excalibur Films, doing video and later DVD rental by mail as far back as the late 80s (pre-dating Netflix by at least a decade). They specialized in adult material, but the basic idea was simple: send in your list, they send you the videos, when you were done with them you returned them in the provided mailer with a new list of things you wanted, paid a small exchange fee (about equal to a normal rental payment) and they'd send you the new videos. The only thing missing from them compared to Netflix was a queue of titles you wanted that they'd use to automatically fill exchanges as you sent titles back, and to be completely honest Excalibur may have been doing even that.

Aim for the 100% shooter. If you hit, you've got even odds of surviving the next turn. If you miss, the 50% shooter will aim for him too. If the 50% shooter misses, the 100% shooter will aim for the 50% guy who's the bigger threat. If the 50% guy hits, you get a shot at him before he gets a shot at you.

Teresa (#271): Let me call attention to a contradiction here. First you say this:

"Easy: you published it. XMission stands in relation to you as a printer does to a conventional publisher."

But then you go on to say:

"The site agreed to act as publisher when it didn't have the resources necessary to fulfill the responsibilities of a publisher."

If a site like XMission isn't the publisher but merely a pritner, why should they be deemed to have taken on the responsibilities of a publisher and not merely the responsibilities of a printer? Scribd did and does nothing that XMission doesn't do. Either both are the publisher, or neither is.

And you're right about knowledge. The problem is one of volume. A book or magazine publisher excercises editorial control over material. The first thing they do is read the material to decide whether they want to publish it. A printer, by contrast, excercises no editorial control. Their job isn't to decide whether something should be published, they take what someone else has decided should be published and make the physical copies needed for publication to happen. If a printer had to read everything submitted to them for printing and go through the same editorial process as a publisher did, they'd never have time to actually print the books. And why should they? That's why we have publishers and editors. But those publishers still need a printer to print the books. The same on the Web. To publish material on the web, I either need to run my own printing operation (the physical servers and network connections needed to get the material served up) or I need a printing house (a hosting company that'll handle the servers and network connections for me). Why should there not be the same split between publisher and printer on the Web that there is in every other media?

Teresa: I agree about publication and responsibility. The question is, who publishes? Take my own website (http://www.silverglass.org/). All the material there is mine. Who published it? Did I publish it? Or did XMission, the site that hosts it and that I uploaded it to, publish it?

To me that's the heart of the problem. If you want to publish on the Web but don't want to own and run your own server, you have to upload your material to someone else's server to have it hosted. And someone has to run that server and provide the service to their users. And that brings up the question of who's responsible for the material. Traditionally the answer to that question has been that the originator of the material is responsible. When someone ships something through UPS, the person sending it is responsible and not UPS. When someone makes a telephone call, the person making the call is responsible and not the telephone company. When someone submits a plagiarized article to a magazine or newspaper as their own, it's the submitter we hold responsible and not generally the magazine/paper (unless the plagiarism is particularly obvious). 512(3) codifies this same concept for network sites.

Which brings me back around to XMission. When I upload a file to XMission to make part of my web site, is XMission publishing that file? I believe they aren't, that I am. And if they aren't, then why should XMission bear the responsibility for checking it? And what is the difference, exactly, between XMission and Scribd?

Braxton, #264: one of the issues with a site policing itself is volume. Think about how many uploads Scribd gets every day, and how long it'd take for a human to vet them.

If you want a handle on it, think about UPS. The volume of packages they handle every day is huge. Imagine the problems if UPS had to open and inspect the contents of every single package they shipped. And if the contents were in boxes, those boxes would have to be opened too. And everything repackaged after the inspection. With the volume of packages UPS gets, they simply couldn't keep up. Next-day and second-day delivery would be history, and even normal ground service would take considerably longer than it does now. And if UPS is going to be held liable for what's shipped through it if it doesn't check things, then it has to check every package. We consider this a bad thing, so the law doesn't hold UPS liable unless the problem was so obvious that anyone taking even a quick look at the package would say "Something's wrong with that one.".

Now, you might say UPS should just make their best effort. Problem is, if they do and miss one the claim against them is going to say "They checked all those other packages, they could've checked the one they missed but they didn't. Negligence! Hold them liable!". And indeed, if you look back 15-20 years, sites like Compuserve initially tried their best to police things. And indeed, when people made claims against them for things that were posted by their users, the claims pointed to all the other checking those sites did and said "They checked those other things, they could've checked this one and didn't. Negligence! Hold them liable!". And that is what led eventually to USC Title 17 section 512 being written the way it was.

And that is why sites like Scribd don't police things until someone complains. If they do and they miss anything, copyright owners will hold them directly liable. And they will miss things, the volume's simply too great. Look how well the SFWA did vetting everything on their list, and they had a much smaller list to work with. Since the best Scribd can do isn't sufficient, all they can do is fall back behind the shield the law gives them: look at nothing but legal takedown notices, so they can claim no actual knowledge and thus no liability.

To be honest, I don't object to an ISP charging more for priority handling of traffic. What I object to is them wanting to charge someone else extra for traffic I've requested and that I'm already paying my ISP to handle (if I'm not, then what is that bill my ISP sends me every month for?).

Well, we'll find out in the Viacom v. YouTube case, since Google's citing the safe-harbor provision as an explicit defense. What makes it even more interesting is that Google's also raised the issue that Viacom themselves can't or won't implement the kind of pro-active search that they're demanding of Google. After the Chris Knight fiasco, this is apt to make the YouTube case interesting indeed. Preliminary indications in that case are that the judge is taking the attitude of "It's in the law, Viacom. If you don't like the law, you need to talk to Congress about changing it.".

But whether it turns out to be a good defense or not, it's the only thing that might possibly present a defense so it's what the providers go with at present.

Bob W.: Right. Which is why these services so scrupulously avoid looking at material and so often don't even respond to requests that don't follow the rules set down for DMCA notifications. Per USC 17 512(c)(3)(b), notifications that don't follow the rules are declared to not cause the provider to have actual knowledge of infringement. I think what Jerry Pournelle and others run into are the rules laid down in 512(c)(3)(b)(ii) governing what the provider has to do if they receive a notification that doesn't follow the rules but does provide enough detail to indicate a problem. The provider in that case must not act, but must query the person sending in the notification and tell them what's deficient in the notification. The sender then is obliged to correct the problems. If the provider doesn't do this, but takes the material down, they lose all protection under 512(c).

Yes, it's a messed-up bureaucratic nightmare of a situation. But that's what happens when one party isn't willing to accomodate others. Look up "work to rule", and why union people use it as a threat. I can easily see a situation where the provider is going "We got your notice, but we need these specific things in this format to make it fit what 512(c) requires, can you please re-send the notice with those corrections." and the author going "I told you what you need to take down, why are you balking?".

Bob W.: remember that one of the reasons Scribd and other sites don't actively scan for problematic content is because over the years copyright holders have used exactly that active scanning to justify holding the sites fully liable for anything they miss. And they will miss, it's simply impossible to catch everything unless you refuse to post anything at all until it's been vetted. Talk to Teresa Nielsen Hayden here about the size of job she's got doing just that, then scale it up by a couple of orders of magnitude and you've got an idea what's involved. I saw this develop over the last 20 years and always sighed at the copyright owners' refusal to allow any leeway in policing content, because there's no way to get perfection and when the cost of failing to be perfect is penalties that'll drive you out of business no sane business will take the risk. They all retreated to the safe-harbor provisions, and I don't blame them.