This is all way off-topic by now, but my point is still the same: MojoKid's position is probably correct. There are significant costs for servers and for bandwidth for any site that scales up, and they can easily become more than it's reasonable to expect a hobbyist to pay out of their own pocket if the site becomes popular.

Of course, this is all before there is any actual content on the site! Doing the planning and research and writing and editing and presentation of original material takes about as much time and money on a web site as in any other medium.

You know somewhere that provides reliable hosting for five servers supplying 40MB/s each for less than 5-10 bucks? I doubt that very much. For the dedicated servers I use on one of the commercial sites I mentioned, I'd be running at over $1,000 per day for that kind of traffic.

Obviously no-one running at that kind of scale is still on the same kind of hardware and pricing set up that my little site is on, but dedicated/unmetered lines aren't cheap either. In any case, you get the point: the servers aren't the problem for high traffic sites, the network bandwidth is.

I suspect in reality that the best sites would continue, but there would be a lot more paywalls around, probably less editorial integrity on open sites as things like product placements and affiliate referral fees became more reliable revenue streams, and maybe over time we'd eventually get somewhere with micropayments. In some ways, moving to more "honest" funding via paywalls and/or micropayments might be a better long-term model for the people who do produce good content and run valuable sites than what we have today, though no doubt it would be a painful transition with many casualties.

The thing that makes me a little sad inside is that the aggressive, irresponsible advertisers have spoiled the model for the moderate, responsible ones. Because of the former group, I do block very aggressively when I'm browsing, and I don't feel any guilt about it because my motivations are security, privacy and performance. However, I also have no problem with people who just want to make a bit of money from running a decent site, and I wouldn't block their ads if there were a reliable way to allow those while still eliminating the rest. Unfortunately, I don't see that being possible any time soon, which is why none of the commercial sites I've ever run myself has relied on ads as a business model.

Sure you can. I've run various personal or social group sites over the years that just paid a little to keep things running, without expecting any sort of income in return. For the personal sites, I do it for the satisfaction of giving something back, and sometimes starting enjoyable discussions with others who share my interests.

I also run some commercial sites, aiming at a wider audience, charging real money for signing up. This is a completely different scale of commitment in terms of hardware, connectivity, and operating costs.

If you're running a discussion forum that you share with 50 friends, sure, it can be in the first category and you can do it for peanuts and enjoy all the high quality interaction you like. But running a significant news or social networking site with thousands of participants? Not even close.

What I'd really like with modern trends is more emphasis on "private clouds". I want to put my data on my own server on my own network, so it can be accessed from any of my devices around the house and over VPN if I'm out, but with the data always securely under my control and backed up according to my wishes.

This is easy for some formats, including plain files obviously. However, it's surprisingly awkward for stuff like e-mail, where there are plenty of relevant concepts like IMAP and mail stores and smart hosts and web mail systems, but actually setting them up in a useful combination if you're not an experienced sysadmin is quite a challenge.

Sadly, it seems even the best FOSS client software is dying out these days, often because "everyone has Google Whatever". As far as I know there hasn't yet been a lot of movement in the FOSS world towards having easily-deployable private clouds for e-mail, shared documents, and so on, which always surprises me given the implicit freedom, independence, privacy and security.

You might not have much recourse even if it's a commercial service you're using. Ironically, on-line back-up services are among the worst offenders. If you use one, go ahead and check its terms, and see whether any of those lovely restoration options they offer will still be there if they decide to close down on a whim. (Hint: Probably they won't, and all you'll get is maybe 48 or 72 hours to download as much as you can at the same time as every other customer they have is trying to do the same.)

If it matters, back it up on systems you control yourself. If it's private, don't upload it to anything, and encrypt the back-ups. It's really that simple. Then again, so is "make sure you back up your important files", and how many people don't do that because it's mildly inconvenient? Maybe those on-line back-up services aren't quite so bad after all...

Indeed, and yet I'm dozens of posts into this discussion before you were the first person I saw even notice. :-(

This could in theory be used to prevent something like a phone triggering a bomb, though if there is a genuine threat of something like that happening, I would think that restricting or turning off transmission over the network was a much more reliable method than assuming that someone willing to blow up a bomb was also obliging enough not to mod their phone to ignore the kill switch.

Meanwhile, it has now been demonstrated beyond any doubt that video recording of police officers at work reduces both complaints of excessive force against officers and instances of violence toward officers, both of which are surely good things. It has also been demonstrated on numerous occasions that officers who did cross the line may then attempt to destroy evidence such as photographs or recordings on electronic devices held by passers by. Obviously if all it takes is accessing some centralised police system with insufficient safeguards and oversight to remotely destroy that evidence, as opposed to potentially physically confronting someone who is just an innocent third party and making their situation worse, there is less deterrent to the minority of officers who do abuse their position.

Ah, I see. I had intended the IPS/DLP example to demonstrate both the fact that it was technically possible to MITM SSL traffic if you have control of the client and the fact that this is actually done in practice. I didn't mean to imply that routine logging was necessarily going on in any particular organisation; I don't expect that it is in most places, at least not intentionally, for all the reasons we've talked about. Apologies if that wasn't clear.

Likewise.

You can post credentials as much as you like. I've worked in the industry, and I know who some of the big customers are. (Given your background and the nature of the discussion, I hope you'll take my word for that and understand why I'm not going to post a list similar to yours here.)

I said before but will repeat: your liability concerns are fair and valid. In fact, there is a significant side market in devices that can pick out parts of the network traffic that might be sensitive one way or another and mask out or truncate the unwanted details, and that market is driven in party by exactly the kinds of liability concerns you mentioned.

The fact remains that from a technical point of view, if corporate IT want to log your traffic and if you're working on a company machine and talking over the company network, there are tools available that will do that for them and you would never know it was happening without inside information. Everything else is down to legal issues and how much you trust your employer to behave responsibly.

I get the feeling that we would agree about the fundamental ethics of the situation anyway. This little discussion started when BitZtream argued that a good sysadmin can control "what his company does and doesn't see on company time, company equipment, and company networks". Zero__Kelvin seemed to think SSL would be a barrier to that. It is not.

Just to be clear, I'm not talking about small companies. IME, the smaller companies I've worked with have been far less likely to do this kind of thing, because the level of trust is greater when "everyone knows everyone".

The liability issue you raise with regulated external sites is a fair point, and so are your comments about internal segregation in some contexts. However, please remember that not everywhere has the same legal rules and precedents as the US.

This whole field is rather young to make too many general claims about what is and isn't considered acceptable, particularly if an employee has been explicitly told that company equipment and networks are monitored and use may be recorded. How much employees should be explicitly warned about -- for example, whether this kind of SSL-defeating technique should be highlighted even if you're already saying you might read communications -- is something of an open question at least ethically and possibly legally as well. Heck, workplace surveillance generally is a very two-sided issue, and even where the law is relatively settled already, it can be a source of serious problems and disagreements.

But the general principle we were discussing was that sysadmins can have a lot of control about what happens on company networks, and that stands. Even if, for legal, moral or ethical reasons, an organisation chooses not to log the content of things like IM and e-mail communications, the technical tools to do so exist right now. And while you (and I, for the record) might choose to avoid working for an employer who we knew to use such monitoring, the reality is that unless you actually work in their IT department, you're never going to be able to determine reliably what is actually being done and it's all a matter of trust.

As I said, IPS and DLP devices are routinely used to MITM SSL connections. There's not much point having some stupidly expensive firewall setup at the edge of your corporate network if all its takes for malware to get in is Joe from Accounts opening his GMail and running cute_kitty_photoz.exe.

Typically, the volume of data transmitted through these kinds of links makes comprehensive long-term recording and storage prohibitively expensive. However, logging everything normally sent over plain-text, human-speed communications channels such as e-mail or IM is quite achievable, as is logging a complete traffic stream identified by some trigger.

Incidentally, these devices are often used precisely because they allow you to control and limit your liability. For example, it's easier to argue you're in compliance with regulations like HIPAA or PCI-DSS if you can demonstrate reliably that traffic leaving your network was scanned and nothing fitting certain suspicious patterns was sent. A simpler but no less significant consideration is the damage any large organisation could suffer if malware did somehow get into their network.

They don't have to block SSL, they just have to MITM the connection if they need to analyse or log the traffic. IPS and DLP devices that can do this for all the major protocols have been available to professional sysadmins for some time. If you access the Internet from a company device at an organisation that is either very large or working in a particularly sensitive field, there is a good chance your traffic is already being processed in this way.

If you want some communications to be private from your employer, use your own device, not a company-administered one. It's really as simple as that these days.

Not by default, but I know of no legal reason an admission contract couldn't include a clause transferring copyright in any recordings made to the organisers.

That is correct. There are some specific exceptions, commonly referred to as "fair dealing" over here, and there have been some recent developments that will expand the scope of the exceptions, but there is no generic limitation on copyright determined by a set of qualitative tests like the Fair Use rules in the US. However, if we're talking about someone's own footage of the goals, the more important issue might be what the contract was when they bought their admission ticket.

If the conditions of entry clearly say no recording is allowed and that if any recordings are made anyway then all rights are assigned to the organisers, then my expectation is that the uploaders won't have a leg to stand on here. It would be very surprising in this day and age if such terms weren't routinely included, and I fully expect that this is how any debate about legality will wind up being resolved.

On the other hand, if there's nothing prohibiting the use of recording devices and nothing claiming any rights over recordings made by spectators, it might be tough to argue successfully in court along the lines that someone's personal recording was a copy or derivative work of some official recording that the organisers sell to TV networks. It's not an unprecedented idea: publishing photos of major public landmarks like the Hollywood sign or Eiffel Tower can be legally hazardous, particularly if commercial use is involved. However, those restrictions tend to result from some carefully contrived/created edge cases in the legal position for specific places, and it's hard to see how anything similar applies to a football match.

(IANAL so obviously you shouldn't trust anything you just read if it actually matters to you.)

You seem to be conflating several issues, as well as setting up some straw men, neither of which encourages constructive debate.

One issue is statutory licensing, which may artificially limit the number of people who can drive for-hire vehicles in a given area. It is true that such regimes are vulnerable to local politics and regulatory capture, pushing expenses up for drivers and reducing competition. There are also some arguments in favour of reasonable licensing regimes, not least because there is only so much road space and so much demand for hire vehicles. There is certainly room for debate about how this side of the industry works and whether newer alternative models might be better.

Another issue is safety regulations, which typically restrict things like permitted time behind the wheel without a break or how often vehicles must be maintained and tested. This is quite a different thing from licensing to limit supply in the market, though clearly some method of identifying who is subject to the safety regulations is needed. Here it is common, at least in my country, for professional drivers who spend many hours behind the wheel to be regulated. For example, lorry drivers and coach drivers also have to comply with regulations that don't apply to individuals driving private vehicles for their own purposes. Here, there is much less room for debate. Normal people don't spend the equivalent of an entire working day behind the wheel, day in and day out, with relatively little to keep their attention focused on driving. Even when private individuals make long journeys by car, they rarely spend as long behind the wheel as lorry drivers do daily. And of course the service and mandatory testing intervals for private cars are set with private driving in mind, while vehicles used commercially tend to do much higher mileage.

As a third related issue there is insurance. It is a legal requirement in my country for every driver to have proper insurance to certain minimum standards. Note that this is primarily for the protection of others: as far as I know, you can still drive a personal car without insurance to cover wrapping it around a tree and writing it off, but you may not legally drive it without "third party" insurance that would cover any damage you do if you wrap it around someone else's car and write off both vehicles. Insurance policies typically specify things like the type of vehicle and how it will be used and are priced accordingly, and the insurance industry probably has a better understand of the true risks of different types of driving than anyone else. So letting people drive commercially when their insurance doesn't cover it would just be a loophole and a clear risk to other road users who won't be protected as the law requires in the event of an accident.

I don't think the people who question services like Uber on regulatory grounds are necessarily against competition or innovation in the marketplace. I'm certainly not; I write software every day for businesses that do stuff no-one has done before that is only possible because of that software, so why would I want to hold back progress? But some of those regulations really are there for good, sensible, practical reasons, and I don't think a new entrant into the market should get a free pass on breaking the rules that apply to everyone else just because they're new.