The heart is a _very_ muscular organ, under a constant pumping action. I'd hardly call it an "equilibrium" state.

I misspoke. I was thinking of various schemes I've been seeing to replace system _RAM_ with SSD's, and the problems with the approach.

> Long haul drivers, never!

That's not the case according to the company president who just retired. He described numerous cases of winding up doing, or helping with, the unloading because the staff when he or his crews arrived weren't ready to handle the delivery. For longer drivers, that's why they have coolers. A bit of fruit and vegetable was apparently helpful for keeping them "regular" when they drove.

Goodness. Logical fallacy much?

I don't hate the man. I didn't hate the man. I just don't think it's fair to lay any blame on JSTOR or MIT for defending themselves from his abuse, and it _was_ criminal abuse of their resources, even if you refuse to call copying documents theft. Simply _scaling back_ the bandwidth of his downloads would have avoided JSTOR's problems and MIT's eventual cooperation with a criminal investigation, and people at MIT or campus guests like Aaron could have done their research unhiindered.

> Trying to control copying, in order to fairly compensate creators, isn't working. Surely we can find and use some other means. That's what the debate is really about.

It is working. An enormous number of artists, and authors, are making a living this way and the public is getting access to those works at prices they can tolerate.

It's not working very _well_, which is a different issues.

> So what you're saying is that when you get real engineers and designers to identify goals and work together

Not really. I'm saying that when you have a _master_ engineer in charge of design, with well specified goals, you can get a master work. Modern cars are profoundly more complex. From their automatic transmission, to their non-skid brakes, to their emission reduction systems, to the enhanced safety standards with airbags, to their complex radio and GPS and telephone docking systems, they've become far more complex. It's not fair to compare them to the old VW Beetle, which was mechanically much, much simpler.

With the complex electrical and mechanical layouts of modern cars, it can be _invaluable_ to do a designed model and ensure that all the angles to detach and replace components can actually be reached without disassembling the entire car. That's difficult to model when designing the engine without an actual shell around it, or before you've cast most of the parts.

On further thought, you're correct. The cache in the SSD drives is for other uses.

> SSL is also equally vulnerable to stolen keys. There is no way in which SSH is worse than SSL.

I'm pointing out a real attack vector for Man-In-The-Middle attacks, which you seemed to think was impossible for SSH. I didn't say it was worse: I'm pointing out that it's still vulnerable.

> Of the MITM attacks against SSL actually deployed in the wild, what proportion rely on stolen keys compared to compromised certs

Since so many MITM attacks are actually performed by institutions against their own users, using the company's own SSL keys on their own proxy servers or routers, I'm afraid it depends on whether you call those keys "stolen". I'd be willing to call them stolen: I'm afraid that most web site owners are not fully aware of the vulnerability they face when they share the key to ease load balancer or proxy access, or when they order private keys through their corporate IT department.

> Vandalism, arson, speeding, blasphemy, slander, theft, fraud, and copying are all different.

Yes, and the laws that govern copyright violation are linked to those of theft, in theft. Please, don't pretend "copying is not theft" and that that somehow covers this case when the law is pretty clear that it _was_ theft, due to its scale.

> No. Journals are no longer expensive to run. Neither the authors nor the reviewers receive any compensation from the publishers.

Again, nonsense. They're reasonably cheap to _print_, although electronic publication has helped that a lot. They're expensive to pay the experts and reviewers that provide the analysis and editing that make these journals useful, and there are real costs with the layout and getting the often badly formatted original documents into a printable format. And some reviewers _do_ get paid, it has become part of the "fast track" to publication to get an article reviewed and published early.

There are fascinating articles about this, such as http://www.nature.com/news/ope..., and we're seeing open access journals springing. But stealing complete copies of all journals, and the indexes and cross references from JSTOR just exacerbates the problem and discredits the "information should be free" community. And yes, the charges included "theft".

>> public access which would be _impossible_ with so many journals and no organization of their contents and references, and no infrastructure to keep websites running and backups made

> Those are jobs for our public libraries.

The job is too big for libraries smaller than the Library of Congress or perhaps the British Library, or some other international institution. The Library of Congress _might_ be able to do it, if they were funded for it. But it would be taking on a job that JSTOR is already doing, as a _private_ library service and quite reasonable charges. Why should a federal agency take on a job that is being done reasonably well by private industry? And which federal program are you going to give up to fund it with?

Nice name calling. It doesn't support your argument, though. Let me go back to your original statement.

> > There exists an extremely widely-used crypto protocol which uses no certificate validation and yet prevents almost all MITM attacks.

"Almost all MITM attacks" is the phrase you used. Many MITM attacks do, indeed, rely on stolen or legitimately obtained copies of the server encryption keys, so please don't claim that SSH is immune from "almost all MITM attacks". And I just showed where the current lack of signatures for SSH private host keys make such attacks very easy indeed.

The need for a targeted attack that you mention is real. But, so what? If you're doing a MITM against a banking or e-commerce site, _of course_ you're going to target them. As it stands, SSH doesn't _buy_ you anything compared using SSL without key verification altogether, and that's demonstrably _worse_ than the current status with SSL.

> The TV licence is not a tax, it has one purpose only, to pay for the public broadcasting system and it is levied only on those in possession of a TV or radio receiver.

Yes, it is a tax. Being dedicated to a specific purpose does not mean it's not a tax. That it is paid whether or not you _use_ the television shows that it is, indeed, a tax for ownership of a television. The world "license" is like pretending that a sparkling wine is not champagne, it's deliberately misleading. Refusal to pay this tax is a criminal offense in the UK, even if you take hardware components out of your television so it can't work with a television signal.

>> and to avoid the typical monitoring and proxy configurations found on most competently administered public wi-fi access points.

> Even if the wi-fi throttled down his bandwidth for excessive usage (though an academic wi-fi should be set up more intelligently, only doing such things when the traffic is purely recreational rather than academic), he still could have obtained the data - it would have taken longer.

The throttling would have shown up and been traceable to his wireless MAC address. And he needed a safe, reliable place to _store_ the laptop with the hard drives.

Few network admins exert the effort to monitor their ports inside their wiring closets very well: they tend to devote their monitoring to their network borders, and to their wi-fi routes because those are most likely to have attackers or abusers from outside your supported community. The articles seem to show that MIT follows this "don't implement security that you can avoid" model to their internal networks.

An article every 10 minutes is slower than new articles appear at JSTOR. But I agree, he could have reduced the chance of detection by lowering his download rate. Even at MIT, if he'd lowered his download rate by 75% I don't think he'd have crashed JSTOR and they'd have pursued his abuse much less avidly: perhaps law enforcement would have never been involved at all.

> Or just their fucking imagination, geesh what mental gyrations "scientists" and the holy believers will go through to "support" their religion.

Well, yes. That's why the researchers looked for artists who tried to do "realistic" work, and compared over years of work by the same artist, and checked for the contrast levels, rather than the direct color. It's actually quite good work based on how human eyes and minds perceive color, as _contrasts_ rather than as absolute values.

Pretending "Copying is not stealing" is like pretending "no one can own the land". It ignores the last two thousand years of copyright law (dating back to the Irish "Cathach" document). I refer more to Swartz's abuse. He had legal access to the documents, He attempted to download and steal the _index_ by replicating the entire contents of JSTOR.

JSTOR was not hit with DDOS. The abusive download, its speed, and its fat bandwidth pipe did, indeed, create repeated Denial-of-Service, just not a "Distributed" one.If you persist in this belief that committing a DDOS or other disabling attacks is OK because they should have protected themselves better, then I suggest you follow the same reasoning and let people punch you in the head repeatedly, to demonstrate how it should have been OK because you should have protected yourself better. "Protecting yourself better" include, in the real world, contacting the client whose systems are attacking yours and getting them to stop it, or falling back on law enforcement if that fails.

JSTOR _does not lock away research_. Please discard that false and confusing description of JSTOR. JSTOR is a compromise between scientific journals, which are very expensive to run and often charge outrageous subscription fees for a a very small number of subscriptions, and public access which would be _impossible_ with so many journals and no organization of their contents and references, and no infrastructure to keep websites running and backups made and organizers paid. JSTOR organizes and makes the data available. They do _not_ lock it away to be lost and unused, they do _not_ add copyrights, and they're very generous in their licensing costs to get the organized journal data into the hands of whoever wants it or needs it.

JSTOR is doing what a responsible non-profit or, indeed, any dedicated librarian would do. They've vastly _improved_ access to it, not reduced it, and deserve support and credit for it. They don't deserve some kid using the free printer, copying out all the books, and putting them up in their own "free library".