I thought he was you actually.
In the future everyone will be Satoshi Nakamoto for 15 minutes.
I thought he was you actually.
In the future everyone will be Satoshi Nakamoto for 15 minutes.
Oh and there is an eight:
The claim to be rated by the better business bureau has been shown to be false. KlearGear makes several such claims that have been shown to be false for the purpose of gaining business. That meets the legal definition of fraud. In addition to creating the possibility of criminal sanctions, fraud voids a contract.
The Bill of rights is also enforceable on state governments.
KlearGear is attempting to enforce a purported contract term, guess what regulates contracts, oh yes, its the courts. And guess what the courts are part of, oh yes they are part of the government.
One of the sources of the Bill of Rights was precisely a concern about the government 'privatizing' censorship. That is how the British libel laws came into being, the purposes were to reduce the number of duels by providing an alternative dispute resolution process and to enable the rich and powerful to suppress their critics. It is no coincidence that in the 20th century the UK libel laws were used by a long series of corrupt bastards to suppress legitimate criticism, from John Major, the adulterer suing the New Statesman over an allegation of adultery, to Robert Maxwell the guy who stole almost a billion dollars worth of pension funds, to Jeffrey Archer and John Aitken who went to jail for perjury after making fraudulent libel claims.
The breach led to the contract being voided. KlearGear never delivered and Paypal refunded the money. So there was no exchange on either side.
The buyers might have had a claim for non-performance but the idea that the seller could enforce their one sided terms is ridiculous.
A clause that prevents reporting the failure to perform is certainly not going to be valid, not even in Texas.
The contract clause is unenforceable for multiple reasons. The first amendment has a bearing on one of them.
First there is no contract, The goods were never delivered, KlearGear failed to perform its obligation, there was never an exchange of a consideration. Therefore no contract.
Second, the original agreement was with the husband, the comments were made by the wife.
Third, the contract terms were added after the original agreement as is demonstrated by the Way Back Machine archives
Fourth, even if there had been a contract it would be a contract of adhesion. The seller defines the terms and the buyer has a weak negotiating position. In such cases civilized jurisdictions (i.e. not necessarily a corrupt jurisdiction) generally strike out clauses that are surprising or contrary to normal practice absent clear proof that the buyer was aware the term existed. A line of text in a fifty page contract in 6pt type is not normally enforceable.
Fifth, the term in question was unconscionable which means that it offends the basic principles of commerce and/or society. Constitutional precedent and in particular the first amendment is frequently used to establish that a clause is 'unconscionable'. Kleargear is not 'violating' the first amendment but the courts are not going to enforce a contract term whose purpose is to take away constitutionally protected rights.
Sixth, even if all the above were not so, the claim for $3,500 is a liquidated damages clause and thus invalid. As a matter of public policy, corporations are not allowed to set fines.
Seventh, the amount was clearly in dispute. Thus the reporting to Experian was in breach of the fair credit reporting act.
I am sure that there are weaker claims out there, but I can't think of one offhand.
Man, here I was hoping helm's deep would reinvigorate LOTRO. And yes, I had even pre-ordered it.
Not an IETF list.
It is not even meant to be a proposal.
The point of the document is that I took all the points that had been made five or more times already and put them into one document so that we can move the discussion on to the next stage. Otherwise every time we get a new person joining the group we have to go through the same thing all over. And the third or fourth time round it becomes 'we already know that', 'NOO you are trying to censor me, NSA plant!'.
It isn't meant to become an IETF draft, they would make me take out all the fun parts. Like pointing out the abject incompetence of an organization that lets a 29 year old contractor with a pole dancer for a girl friend have access to that material six months after joining. Why do Alexander and Clapper still have jobs? And spying on US citizens and then trading the raw SIGINT with foreign powers that are certain to share it with my commercial competitors? What were these idiots thinking?
There is work going on in IETF and in fact we started before his Bruce-ship made his call to arms. I doubt the PRISM-PROOF branding will stick. But it is powerful mind share as this story proves. We have botched deployment of almost all the security protocols developed in IETF except for TLS and that succeeded before it went in. This is a chance to hit the reset button and fix the mindbogglingly stupid deployment gaps. Like having no standard way to discover recipient keys and having two different message formats (OpenPGP and S/MIME) forcing people to choose between two key endorsement schemes rather than allow them to pick the one suited to their needs.
Yes, I do think there was interference in the past efforts but I suspect it was subtler than most imagine and not coming from the NIST folk. Rather, I think the interference came from folk who would encourage both sides in technical disputes to dig in and refuse to compromise, folk who participate with no visible means of financial support and seem to have limitless time to write drafts but are not very technical.
Hmmm I replace my hard drives when I start to see RAID errors. I don't plan to run SSD raid as the on board fault tolerance should be ok.
Would be nice to have hard data on expected failures so that I know whether to plan for a three or a six year lifespan. I generally replace my main machine on a six year cycle as I have a lot of expensive software. Looking to upgrade this year when the higher performance intel chips launch.
1tb is quite a lot. Probably more than I need in solid state. The price is also quite a bit more than the $0.05/gig for Hard drives. But it's getting a lot narrower. And RAID 1 doubles that cost anyway...
I haven't posted a journal here in almost three years, because I couldn't find the button to start a new entry.
So... hi, Slashdot. I used to be really active here, but now I mostly lurk and read. I've missed you.
1. Actually, revocation checking does not solve the problem, alteast if someone had the CA private key, they could generate the same ID's as other existing certificate. OSCP/revocation lists only checks id's not names, which makes it not useful for all possible problems.
Neither CRLs nor OCSP are intended to mitigate a CA private key breach.
The only control in the system is to revoke the CA root and that can be effected on Windows by issuing a new CTL (as happened to revoke the Diginotar root) that drops the compromised root. The other browsers have similar mechanisms.
2. I also think DNSSEC can be useful, it would be really helpful for the domain-owner to be able to make it clear that his website uses cert X and cert Y (which implies CA A and CA B). And not any other cert or CA. Deployment of DNSSEC is very slow though at the moment.
The war could well be over by the time DNSSEC is deployed. The Iranian group have developed new attacks and dramatically escalated the sophistication of their attacks. The time between attacks has been weeks, not years. There is simply no prospect of large scale DNSSEC deployment in the next 6 months. the Iranian 'elections' are in March. I can't even see any possibility of deployment ahead of the next presidential election.
We need at least 2 things: - a fallback method that browser makers want to adopt where DNSSEC hasn't been deployed by the ISP or when you are stuck in a "hotel network" or your OS does not support and so on. Because the browser needs to get the keying material to be able to check the if the data is properly signed. It do not think it even matters where it got it from, any old fallback channel might probably do. For OSCP http is used, so maybe that is good enough here too ?
Working on both of those.
- much better industry support for automating the keyrollover communication with TLDs. If I get my domain at some provider and run my own DNS-server there is hardly any provider, if any, which support EPP or whatever to communicate my DS-record to the TLD. Many TLDs that have deployed some DNSSEC don't (yet) even support DNSSEC in their EPP from their direct customers/members.
3. Can you be a bit more specific about what you proposed in 1993 ?
Not without sounding really whinny.
At this point its water under the bridge, I have changed my mind on what the approach to security should be and so has the industry.
The browser that an Iranian dissident should be using is probably not the same as the one your granny uses to shop online for sex toys. There are security concerns in both cases but the risks and issues are totally incommensurate.
Wishing without work is like fishing without bait. -- Frank Tyger