Well, I've seen so many otherwise knowledgeable people endorse government control over the internet that is kinda hard to notice jokes on this subject.

> If it were the ultimate tool for "freedom and anarchy" would that be a good thing for society?

In my opinion: fuck yeah.

> Imagine if you couldn't trust the data on wikipedia

Do you trust it right now? Would you use it for mission-critical tasks?

The very premise of wikipedia is write-openness. Everyone using it should have that in mind and exercise common sense when reading informations there. If anything, it should remind us that every piece of written information published in our society may have bias or may be factually wrong. Even the most respected houses of publishing have their agendas. In my opinion, Wikipedia is upfront about its "vulnerability" and, therefore, people read it more critically than traditional media.

> Or if your bank account access could be spoofed
> Or your emails could be read by anyone

These cases are solved by digital encryption, specifically, one that is not plagued with backdoors. In the "social control" version of the Internet, we'd either be denied the right to encrypt, or the encryption mechanisms would have backdoors mandated by the governments. It follows that in the "anarchy and freedom" version of the Internet, where there is non-backdoor encryption, spoofings and eavesdropping would not occur.

It is important to note that, right now, we are closer to social control extreme on this subject, seeing as our encryption models rely on authorities supposed honest (the certificate authorities). A sufficiently powerful government could influence CAs on collaborating in spoofings and eavesdropping activities. We cannot observe this signing process - right now, we simply assume CAs are to be trusted, because we feel that governments haven't sunk so low in the social control measure. Should social control show its ugly face in the future, the only way we could achieve real secrecy and authenticity of communications would be having the sender and the receiver directly exchange public keys - preferably in person. By any metric, this is impractical, and could seriously hamper commercial usage of the network.

> Or even a reputable site by a known firm with a reputation to protect would use online tools to deceive

Yes, that indeed is a problem on the "anarchy and freedom" version of Internet. But how, exactly, does the "social control" version address this problem?

> What if lone individuals could topple governments and cause international diplomatic incidents?

So, we should suppress any speech that rats out illegal or inhuman actions to avoid embarassing governments? If a lone individual is aware and has evidence a government is doing something wrong, it is his duty to expose it. It does not matter if there are multiple nations involved. A perfect example of this would be e
extraordinary renditions, waterboarding, Abu Grahib and yes, the cablegate. The more government critters are afraid of being exposed, the better they will behave, and the more the people have control over their leaders.

--
Human societies were built upon the trust of individuals between each other. Problem is, the larger a group of people gets, the less we appreciate the externalities that our actions inflict upon others. We trust governments, far away as they are from our daily reality, to care for problems we are not specialized enough nor able to care. This trust depends on there being good checks and balances; social control of Internet is a weapon too powerful to be satisfactorily checked.

also, his name is not written like that. I would write the correct spelling, but this frakup called slashcode can't get utf-8 right in 2011.

Right now I receive in Israel Sheqalim, but luckily I'm moving to Euro in a few weeks :)

Maybe useful, but all you've done for them is saved them the trouble of cutting the wood themselves.

and God forbid those pesky Africans be spared of menial work by using more efficient, automated tools.

That will work only until wikileaks' opponents force them to switch to another IP.

OF COURSE there is a clause that allows them to jump of the deal unscathed. That's precisely my point: the disparity of power between the parties makes the contract horribly biased, and that sucks.

Amazon charges for usage in arrears (i.e. after the resource is consumed). That means AWS is extending credit to all of their customers. When businesses extend credit, there are always credit limits in order to limit potential credit losses.

Or, if you are a nice guy, you contact your client to warn they may be incurring in a huge bill.

Or, if you want to be really cautious, you stipulate quotas in the contract according to the client's credit history.

Now I don't work for AWS, and I have no knowledge of the specifics of this case, but if I had a brand new customer run up a massive bill with no prior payment history, I'd cut his ass off.

In my book, "cutting off" means suspending one's account until problems are solved. Say you are an ISP and a zombie-customer gets infected and starts spewing spam - you suspend access and attempt to resolve the case. AWS didn't try, afaik.

It seems to me that AWS booted wikileaks like, forever. What if wikileaks had the actual means of payment? Again, a good shop would try one of the approaches I suggested above.

If you read Sonny Yatzen's first comment in this thread, you'll find his speculation that wikileaks' high load during cablegate launch was the underlying reason for amazon booting wikileaks. My comment addressed Sonny Yatzen's second comment, where he defended business entitlement to change their minds.

My argument is:
1) amazon did not boot wikileaks for high load - they actually charge per usage, so it's not really a problem to them in terms of money

2) business should not be entitled to change their minds at will like that. Contract drafting is already biased for them as it is.

Nonsense. A business ought to understand the risk before accepting the deal. If they underestimated the risks, they are punished with loss of revenue; if they correctly evaluated the risks and priced the service accordingly, they stand for a profit. A business' duty is to honor the contracts they sign. Of course, this is in the ideal world, where parties signing a contract have a fair balance of power; in the real world, amazon dictates the rules, and is in a position to craft some really vague ones at that.

The way I see it, amazon isn't simply breaking the contract over the direct cost of the demanded service like GGP supposes, mostly because the added cost caused by the "unexpected" traffic of cablegate is only marginal to amazon. Also, it is my understanding that amazon charges for bandwidth spent almost linearly, so all this "unexpected" traffic is being charged to Assange anyway. I believe they think there's a indirect cost in upsetting a potentially large client such as the US govt. In other words, they weighed the loss of reputation and money for booting wikileaks against the future loss of opportunities with USG and decided for booting wikileaks.

Granted. In a quick back-of-the-napkin calculation, I got that log256 16^32 is 16, meaning that, in theory, all 16-char passwords *could* map to all possible hashes. So, passwords longer than 16 chars, when stored under md5, collide with 16-char passwords, making the former somewhat useless.

Maybe a good idea for picking a password is to somehow ensure no shorter password would yield the same md5. A daunting task by any metric.

While I concurred with your point somewhere else in this discussion (regarding the usage of salt), I wonder if there is any possibility that an attacker, having a sufficiently large corpus of your stored hashes, would be able to extrapolate what salt your application is using.

I don't see how password length makes any difference here. Most applications naïvely store hash_function(password) in the database. If you manage to find a 4-char string whose hash is the same as the one stored in the database, it doesn't matter if the original password has 300 characters. The best course of action for any application is to store hash_function(password + secret_salt) in the database.

Ostensibly, when you buy a ticket for a given seat in a given flight, you're actually hiring a transportation service from one airport to another.

Airline companies usually have a tiered fare structure, having a fixed amount of tickets for each fare-class in a given flight. Quite naturally, the cheapest tickets get bought earlier, and the company gets the money quite in advance of the actual flight. Should a company allow their tickets to be transferred at no cost, a lot of front-running would occur, setting a higher price-point to the end buyer, and skimming the profit of company towards the front-runner. However, if said front-runners somehow ADDED value to the process (e.g. by setting up web sites that actually work), it wouldn't be unfair.