Monday, June 12, 2006

"Banner farms" and spyware

Ben Edelman continues his valuable research with an exposure of Hula Direct's "banner farms" which are being used to display banner ads through popups, driven by spyware installations:
Hula cannot write off its spyware-sourced traffic as a mere anomaly or glitch. I have received Hula popups from multiple spyware programs over many months. Throughout that period, I have never arrived at any Hula site in any way other than from spyware -- never as a popup or popunder served on any bona fide web site, in my personal casual web surfing or in my professional examination of web sites and advertising practices. From these facts, I can only conclude that spyware popups are a substantial source of traffic to Hula's sites.
Edelman also notes that most of Hula's ads include JavaScript code or HTML refresh meta tags to automatically reload the ads fairly quickly. The effect is to display more ads, and to show the ads for a shorter time than the advertisers are expecting.

Hula doesn't have a direct relationship with its advertisers (Edelman notes the relationships of cash and traffic flow), but they are being complacent and allowing it to happen. Some of the advertisers: Vonage, Verizon, Circuit City.

Finally, Edelman notes that some of the ad networks being used by Hula have taken notice and started to take action. One ad network, Red McCombs Media, refused to pay a $200,000+ bill from Hula and has been sued by them for breach of contract.

Sunday, June 11, 2006

Adler on federal environmental regulation

At the Skeptics Society conference on "The Environmental Wars," Jonathan Adler gave a talk on "Fables of Federal Environmental Regulation." Adler's talk made several points, the main ones among them being:

* Federal regulations tend to come late to the game, after state and local regulations or private actions have already begun addressing the problems. The recurring pattern is that there is an initial recognition of a problem, there's state and local regulation and private action to address it, and then there's federalization. I can add to Adler's examples the development of the cellular telephone industry, where private actors stepped in to allocate licenses through the "Big Monopoly Game" (a story told in the book Wireless Nation) when the FCC proved incompetent to do so itself; federal anti-spam legislation, which came only after many states passed anti-spam laws; and federal law to require notification of customers whose personal information has been exposed by system compromise (which still doesn't exist, though almost half the states now have some kind of hacking notification law). (In a related point, industries regularly develop products that completely sidestep federal regulations, such as the SUV, interstate banking, credit cards, money market accounts, and discount brokerages. The development of the latter financial products is a story told in Joseph Nocera's A Piece of the Action: How the Middle Class Joined the Money Class.)

* The causes of federal regulations are not necessarily the problems themselves, but are often rent-seeking by involved entities, which can create a barrier to other alternative solutions. Adler listed four causes of federal environmental regulations: increased environmental awareness (by the voters and the feds), increasingly nationalized politics (political action at a national level), distrust of states and federalism, and rent-seeking. He gave examples to illustrate.

* We don't see (I'd say "we tend not to see") environmental problems where we have well-defined property rights; the environmental problems occur in the commons (cf. Garrett Hardin's "The Tragedy of the Commons"). I disagree with making this an absolute statement since there are bad actors who disregard even well-established property rights (or liability rules).

Adler's intent was to raise skepticism about federal regulation on environmental matters on the basis of several points:

* History shows the problem already being addressed effectively in a more decentralized manner.
* Federal regulation tends to preempt state regulation, creating a uniform approach that doesn't allow us the benefits of seeing how different approaches might work--we can miss out on better ways of dealing with the issue.
* The rent-seeking behavior can produce unintended consequences that can make things worse or impose other costs.

While I'm not sure I agree with the implied conclusion that federal regulation is never helpful, I agree that these are good reasons to be skeptical.

The preemption issue in particular is a big one. The federal anti-spam law, CAN-SPAM, was pushed through after years of failure to pass federal regulations against spam after California passed a tough mandatory opt-in law. The federal law was passed largely through efforts by Microsoft and AOL (whose lawyers helped write it) and preempted state laws which mandated opt-in or any requirements contrary to the federal law. I don't think it's cynical to believe that preventing the California law from taking effect--which would potentially have affected online marketing efforts by Microsoft and AOL--was a major cause of the federal legislation passing.

The benefit of preemption is that it creates a level playing field across the entire nation, which reduces the costs of compliance for those who operate across multiple states. But it also reduces the likelihood of innovation in law through experimentation with different approaches, and reduces the advantages of local entities in competition with multi-state entities. It also prevents a state with more stringent requirements from affecting the behavior of a multi-state provider operating in that state, when the requirements get dropped to a federal lowest common denominator. As regulation almost always has unintended consequences, a diversity of approaches provides a way to discover those consequences and make more informed choices.

Another issue is that many federal regulations provide little in the way of enforcement, and the more federal regulations are created, the less likely that any particular one will have enforcement resources devoted to it. If you look at the FCC's enforcement of laws against illegal telemarketing activity (such as the prohibition on prerecorded solicitations to residential telephones, and the prohibition on telemarketing to cell phones), it's virtually nonexistent. They occasionally issue a citation, and very rarely issue fines to telemarketers who are blatantly violating the law on a daily basis. In this particular case, the law creates a private right of action so that the recipient of such an illegal call can file a civil case, and this model is one I'd like to endorse. I've personally had far more effect on most of the specific telemarketers who have made illegal calls to my residence than the FCC has. Federal laws and regulations can be effective when they are applicable to a small number of large players who can be adequately policed by a federal agency (but in such cases those large players tend to also be large players in Washington, D.C., and have huge influence over what rules get set) or when the enforcement is pushed down to state, local, or even private levels (e.g., using property or liability rules rather than agency-based regulation). Otherwise, they tend to be largely symbolic, with enforcement actions only occurring against major offenders while most violations are left unpunished.

The most effective solutions are those which place the incentives on involved parties to voluntarily come to agreements that address the issues, and I think these are possible in most circumstances with the appropriate set of property and liability rules. A good discussion of this subject may be found in David Friedman's book, Law's Order: What Economics Has to Do With Law and Why It Matters.

There seems to be a widespread illusion on the part of many people that many problems can be solved merely by passing the federal legislation, without regard for the actual empirical consequences of such legislation (or the actual process of how it's determined what gets put into such legislation!). From intellectual property law, to environmental law, to telecommunications law (e.g., net neutrality), good intentions can easily lead to bad consequences by those who don't concern themselves with such details. Friedman's book is a good start as an antidote to such thinking.

Saturday, June 10, 2006

George Ou explains QoS to Russell Shaw

In an exchange on ZDNet, George Ou gives a simple explanation of the benefits of QoS for VoIP traffic and why any form of "net neutrality" that prohibits it or requires it to be offered without premium charges is a bad idea:

I’ll say this loud and clear; QoS is a reordering of packets that is an essential part of network traffic engineering. Take the following example where A represents VoIP packets and b represents webpage packets.

No enhanced QoS policy
AbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbAbAbbbbbbAbA

With enhanced QoS policy
AbbbbbbbbbAbbbbbbbbbbAbbbbbbbbbbAbbbbbbbbbbA

Now note that there are only 5 A packets in the entire stream for either scenario and you still get the exact same throughput for the b packets with or without prioritization for the VoIP A packets. The difference is that the A packets are now a lot more uniform which makes sound quality go up and the webpage b packets don’t really care about uniformity since all they care is that they get there at all intact. With this QoS example, you can improve VoIP without affecting the average throughput of web surfing. More precisely, QoS has ZERO throughput effect on non-prioritized when there is zero congestion on the pipe. If it had been a congested network, then QoS will have minimal effect on non-prioritized traffic.

Hat tip to Richard Bennett at the Original Blog.

Also see Dave Siegel on QoS and net neutrality.

Friday, June 09, 2006

Information Security Index

This post is an index to posts at The Lippard Blog on the subject of information security. This is probably not a complete list; I've tended to exclude posts labeled "security" that don't specifically touch on information security and may have over-excluded.

"Richard Bejtlich reviews Extreme Exploits" (August 16, 2005) Link to Richard Bejtlich review of Extreme Exploits, a book I was the technical editor on.

"Sony's DRM--not much different from criminal hacking" (November 2, 2005) Summary and link to Mark Russinovich's exposure of the Sony rootkit DRM.

"Defending Against Botnets" (November 3, 2005) Link to my presentation on this subject at Arizona State University.

"Sony DRM class action lawsuits"
(November 10, 2005) Comment on the Sony rootkit class action lawsuits.

"Another Botnet Talk" (December 11, 2005) Comment on my December botnet talk for Phoenix InfraGard, with links to past botnet presentations.

"Major flaw in Diebold voting machines" (December 23, 2005) A flaw that allows preloading votes on a memory card for Diebold voting machines in an undetectible way.

"The Windows Meta File (WMF) exploit"
(January 3, 2006) Description of an at-the-time unresolved Windows vulnerability.

"New Internet consumer protection tool--SiteAdvisor.com"
(January 25, 2006) Report on SiteAdvisor.com tool (now a McAfee product).

"Pushing Spyware through Search" (January 28, 2006) Ben Edelman's work on how Google is connected to spyware by accepting paid advertising from companies that distribute it.

"Database error causes unbalanced budget" (February 17, 2006) How a house in Indiana was incorrectly valued at $400 million due to a single-keystroke error, leading to wrongly increased budgets and distribution of funds on the expectation of property tax revenue.

"The Security Catalyst podcast" (February 18, 2006) Announcement of Michael Santarcangelo's security podcast.

"Controversial hacker publishes cover story in Skeptical Inquirer"
(February 19, 2006) Critique of Carolyn Meinel's article about information warfare.

"Even more serious Diebold voting machine flaws"
(May 14, 2006) Hurst report on new major flaws found in Diebold voting machines.

"Botnet interview on the Security Catalyst podcast" (May 23, 2006) Link to part I of my interview on botnets with Michael Santarcangelo.

"Part II of Botnets Interview"
(June 4, 2006) Link to part II of my botnets interview.

"'Banner farms' and spyware"
(June 12, 2006) Ben Edelman's exposure of Hula Direct's "banner farms" used to deliver ads via spyware.

"When private property becomes the commons" (June 12, 2006) Consumer PCs as Internet "commons," economics and information security.

"Network security panel in Boston area" (June 12, 2006) Announcement of a public speaking gig.

"Identity Crisis: How Identification is Overused and Misunderstood" (July 6, 2006) Quotation from Tim Lee review of book by Jim Harper with this title.

"9th Circuit approves random warrantless searches and seizures of laptops" (July 28, 2006) Bad decision granting border police the right to perform full forensic examination of the hard drives of laptops carried by people wanting to cross the U.S. border.

"Is it worth shutting down botnet controllers?"
(August 18, 2006) A response to remarks by Gadi Evron and Paul Vixie that it is no longer worth shutting down botnet controllers.

"The ineffectiveness of TRUSTe" (September 29, 2006) A larger proportion of sites with TRUSTe certification are marked as untrustworthy in SiteAdvisor's database than of those that don't have TRUSTe certification.

"The U.S. no-fly list is a joke" (October 5, 2006) The no-fly list has major flaws, listing people who aren't a threat and not listing people who are--and presuming that terrorists will be identifiable by their names.

"How planespotting uncovered CIA torture flights" (October 20, 2006) How an unusual hobby allowed for traffic analysis to uncover CIA torture flights.

"Point out the obvious, get raided by the FBI"
(October 29, 2006) Chris Soghoian gets raided by the FBI after putting up a web page that allows generation of Northwest Airlines boarding passes.

"Electronic voting machines in Florida having problems in early voting"
(October 31, 2006) A report on voting machines registering votes for the wrong candidate due to touch screen calibration issues.

"The Two Faces of Diebold" (November 5, 2006) The difference between the public and private versions of SAIC's report on Diebold voting machine vulnerabilities.

"FBI eavesdropping via cell phones and OnStar"
(December 4, 2006) Reports of vulnerabilities in newer cell phones that allow them to be used as listening devices even when powered off.

"Time to Stop Using Microsoft Word" (December 7, 2006) New unpatched malicious code execution vulnerability in most versions of Word.

"Staffer for Congressman tries to hire hacker to change grades"
(December 22, 2006) Todd Shriber's failed attempt to retroactively improve his college career.

"My bank is on the ball" (January 6, 2007) My bank prevents theft of my money.

"Skeptical information and security information links" (January 23, 2007) Promotion of my security links and skeptical links sites.

"Schoolteacher convicted on bogus charges due to malware" (February 4, 2007) Connecticut teacher Julie Amero successfully prosecuted for showing porn to kids, when in fact it was the result of malware on a machine the school district refused to pay for antivirus software on.

"McCain proposes an unfunded mandate for ISPs" (February 7, 2007) McCain sponsors a bill to force ISPs to scan all traffic for and report child porn images they find.

"Warner Music: We'd rather go out of business than give customers what they want" (February 9, 2007) Warner Music says no way to DRM-free music.

"The economics of information security" (February 13, 2007) Ross Anderson and Tyler Moore paper on the economics of infosec.

"How IPv6 is already creating security problems" (February 19, 2007) Apple AirPort allows bypass of firewall rules via IPv6.

"Windows, Mac, and BSD Security" (March 8, 2007) Amusing video parody comparing the OSes.

"Bob Hagen on botnet evolution" (March 9, 2007) My former colleague on trends in botnets.

"The rsync.net warrant canary" (March 25, 2007) How rsync.net will communicate whether it receives a National Security Letter without breaking the law.

"FBI focus on counterterrorism leads to increase in unprosecuted fraud and identity theft" (April 11, 2007) The law of unintended consequences strikes again.

"Banning the distribution of AACS keys is futile"
(May 3, 2007) You can't stop the communication of a 128-bit number as though it's proprietary.

"CALEA compliance day" (May 14, 2007) Commemoration of the day that VoIP providers have to be CALEA-compliant.

"Spying on the homefront"
(May 14, 2007) PBS Frontline on FBI misuse of National Security Letters and NSA eavesdropping.

"The bots of summer"
(June 6, 2007) Report on some media coverage of my botnet interview with the Security Catalyst from 2006.

"Microsoft's new Turing Test" (June 12, 2007) It's not often I get to combine animal rescue and information security topics, but this is one--using animal pictures to authenticate.

"Operation Bot Roast" (June 14, 2007) FBI prosecution of some botnet people.

"Google thinks I'm malware"
(July 13, 2007) Google stops returning results to me in some cases because my behavior looks like malware activity.

"Asking printer manufacturers to stop spying results in Secret Service visit?"
(July 14, 2007) MIT Media Lab project to get people to complain to printer manufacturers about their secret coding of serial numbers, which got one person a visit from the USSS.

"A marketplace for software vulnerabilities" (July 29, 2007) WabiSabiLabi's abortive attempt to create a market for the sale and purchase of vulnerability information.

"Another Sony rootkit"
(September 5, 2007) F-Secure finds another Sony product that installs a rootkit--the Sony MicroVault USM-F memory stick (now off the market).

"Anti-P2P company suffers major security breach"
(September 16, 2007) Media Defender gets hacked.

"Microsoft updates Windows XP and Vista without user permission or notification" (September 17, 2007) Nine executables get pushed to everybody even if Windows update is turned off--except for corporate SMS users.

"Lessons for information security from Multics"
(September 19, 2007) Paul Karger and Roger Schell's paper on Multics gets attention from Bruce Schneier.

"Hacker finds vulnerability in Adobe Reader"
(September 24, 2007) The era of attacks on applications rather than OS's gets a boost.

"Break-in at CI Host colo facility" (November 4, 2007) The role of physical security for websites.

"Spammers and criminals for Ron Paul" (November 6, 2007) Botnets used to send spam promoting Ron Paul.

"Macintosh security lags behind Windows and BSD" (November 8, 2007) Rundown on new Mac security features, some of which are negative in effect.

"Multics source code released" (November 13, 2007) Multics becomes open source.

"Untraceable looks unwatchable"
(December 18, 2007) A post that generated a huge amount of response, about the Diane Lane movie that flopped at the box office, before it came out.

"Notorious major spammer indicted"
(January 3, 2008) Alan Ralsky may actually get what he deserves.

"Boeing 787 potentially vulnerable to passenger software-based hijacking" (January 8, 2008) Passenger Internet access for the Boeing 787 is physically connected to the network for communication and navigation.

"'Anonymous' launches 'war' against Scientology"
(January 22, 2008) Denial of service attacks and other pranks against Scientology.

"Tinfoil hat brigade generates fear about Infragard"
(February 8, 2008) Response to Matt Rothschild's article in The Progressive claiming that InfraGard members have the right to "shoot to kill" when martial law is declared.

"FBI responds to 'shoot to kill' claims about InfraGard" (February 15, 2008) Commentary and link to the FBI's response to Rothschild.

"Malware in digital photo frames" (February 17, 2008) Viruses in unusual digital storage locations.

"Canada busts 17 in botnet ring" (February 21, 2008) News about law enforcement action against criminals in Canada.

"More InfraGard FUD and misinformation" (February 23, 2008) Response to Gary Barnett's InfraGard article at the Future of Freedom Foundation website.

"New Mexico InfraGard conference" (February 24, 2008) Summary of the New Mexico InfraGard's "Dollar-Gard 2008" conference.

"Pakistan takes out YouTube, gets taken out in return" (February 25, 2008) Yesterday's events of political and/or religious censorship gone awry in Pakistan.

"Jeremy Jaynes loses appeal on spamming case"
(March 1, 2008) The Virginia Supreme Court upholds Virginia's anti-spam law.

"Software awards scam" (March 25, 2008) Many software download sites give out bogus awards.

"Scammers scamming scammers" (April 7, 2008) Marco Cova looks at what some phishing kits really do.

"Bad military botnet proposal" (May 13, 2008) A response to Col. Charles Williamson's proposal to build a military botnet.

"MediaDefender launches denial of service attack against Revision3" (May 29, 2008) Anti-P2P piracy firm crosses the line and attacks a legitimate company.

"San Francisco's city network held hostage" (July 19, 2008) Some actual facts behind the hyped charges against the city's network administrator.

"Did Diebold tamper with Georgia's 2002 elections?" (July 20, 2008) Some troubling information about Diebold's last-minute patching on Georgia election machines.

"Expert tells China visitors to encrypt data as U.S. announces policy of laptop seizure" (August 1, 2008) Concerns about privacy in both China and the U.S.

"Military botnets article" (August 28, 2008) Peter Buxbaum's article on "Battling Botnets" in Military Information Technology magazine.

"Virginia Supreme Court strikes down anti-spam law" (September 12, 2008) Julian Jaynes goes free as Virginia's anti-spam law goes away.

"Sarah Palin's Yahoo account hacked" (September 17, 2008) Palin's Yahoo account is hacked, and the contents published.

"TSA airport security is a waste of time and money"
(October 18, 2008) Link to Jeffrey Goldberg's article in The Atlantic.

"Behind the scenes during the election process" (November 6, 2008) Both major party presidential nominees suffered computer compromises.

"White House may be forced to recover 'lost' emails"
(November 14, 2008) Lawsuit may require recovery from backups.

"Criminal activity by air marshals"
(November 14, 2008) Multiple cases.

"PATRIOT Act NSL gag order unconstitutional" (December 19, 2008) Recipients of National Security Letters now can't be gagged without court order.

"The U.S. Nazi dirty bomb plot" (March 15, 2009) A little-covered story about a real terrorist plot.

"The Cybersecurity Act of 2009" (April 4, 2009) It's not as bad as it appears.

"Tracking cyberspies through the web wilderness" (May 12, 2009) How University of Toronto researchers have tracked online spying activity.

"Bad military botnet proposal still being pushed" (June 26, 2009) Col. Williamson's proposal to build an offensive U.S. military botnet is still being promoted by him.

"DHS still a mess, five years on" (July 16, 2009) Center for Public Integrity review of DHS.

"How Twitter got compromised"
(July 23, 2009) TechCrunch gives the anatomy of the attack on Twitter.

Net Neutrality Index

This post serves as an index to the net neutrality posts on The Lippard Blog. I'll update this post with any future posts on the subject.

"Net Neutrality" (February 12, 2006) Critique of Bill Thompson's argument for net neutrality.

"Geddes on net neutrality"
(February 14, 2006) Comment on and link to good Martin Geddes blog post on net neutrality.

"Commoncause.org: Spamming for 'net neutrality'" (March 9, 2006) How Common Cause deluged Mark Cuban with spam after depicting him with devil horns for not backing net neutrality.

"Talking Points Memo gets it completely wrong on COPE Act"
(April 22, 2006) Critique of Josh Marshall and Art Brodsky's bogus claim that the bill transfers control of the Internet to the telcos (who have a much smaller percentage of consumer Internet customers in the U.S. than the cable companies).

"Misinformation in defense of net neutrality" (May 7, 2006) Critique of Adam Green and Matt Stoller who repeat the common misconception that common carriage requirements have applied to the Internet, which is the basis of their calling Mike McCurry a liar.

"Net Neutrality and Last-Mile Connectivity: An Analogy"
(May 8, 2006) An analogy about net neutrality and last-mile connectivity in terms of taxicabs, in an attempt to elucidate some of the major points and misconceptions.

"Net Neutrality and the Pace of Innovation" (May 17, 2006) A look at the pace of innovation in the Bell System under monopoly in light of calls for nationalization of "the Internet backbone" (as though there is one such thing) by net neutrality advocates.

"Misinformation from 'Save the Internet'" (May 19, 2006) A critique of "Save the Internet"'s critique of the "Hands Off the Internet" flash animation cartoon, which seems to repeat the common confusion that common carriage requirements have applied to the Internet.

"Bad unintended consequences of HR 5417" (May 19, 2006) A criticism of the Sensenbrenner net neutrality bill.

"Yglesias on McCurry" (May 19, 2006) Critique of Matthew Yglesias on net neutrality guest blogging at Talking Points Memo.

"Net Neutrality and Fair Use"
(May 22, 2006) Disagreement with Larry Lessig about an analogy between net neutrality and fair use. (I tend to agree with Lessig on intellectual property issues, at least about the dangers of ever-extending copyright terms, lack of registration requirements, and DRM.)

"Hillary Clinton and Net Neutrality"
(May 23, 2006) The hypocrisy of Hillary Clinton's support of net neutrality on the grounds of protecting free speech (as pointed out by Adam Thierer).

"Consumer broadband last-mile competition in the Phoenix metropolitan area" (May 24, 2006) A summary of actual broadband options in the Phoenix area, listing eight separate providers.

"Net Neutrality expands to absurdity" (May 24, 2006) Critique of net neutrality advocate Jim Durbin, who thinks corporate web filters are a violation (which presumably he thinks should be made illegal). Also comment on Glenn Harlan Reynolds on pirate WiFi in the enterprise.

"Newmark vs. McCurry on net neutrality" (May 24, 2006) Comment on Craig Newmark's debate with Mike McCurry in the Wall Street Journal, in which Newmark is mightily confused about the technical facts.

"Dave Siegel on QoS and net neutrality" (May 26, 2006) Link to Dave Siegel blog post that summarizes how QoS is used in Global Crossing's network, and to a presentation by Xiao Xipeng on the same topic.

"Save the Internet: Fighting astroturf with astroturf"
(May 26, 2006) How "Save the Internet" has generated astroturfed letters-to-the-editor while condemning astroturf from the telcos. I condemn both.

"More on last-mile options in Phoenix"
(May 27, 2006) A response to criticisms of my list Phoenix-area broadband options from Douglas Ross.

"The Abstract Factory on net neutrality" (May 31, 2006) A link to a good commentary on net neutrality and astroturfing telco shills.

"Kevin Drum gets it wrong on net neutrality and common carriage" (June 1, 2006) Kevin Drum repeats the common misconception that common carriage requirements have applied to the Internet.

"Worst net neutrality analogy ever?" (June 1, 2006) A critique of Susan Crawford's horrible sidewalk analogy.

"George Ou explains QoS to Russell Shaw" (June 10, 2006) In a ZDnet debate, George Ou gives a good simple explanation of QoS to someone who wants to regulate something he doesn't understand.

"Martin Geddes on net neutrality, federalism, and U.S. vs. EU" (June 12, 2006) Link to a nice piece on Geddes' Telepocalypse blog where he provides links to his past positions on network neutrality and compares the U.S. to EU, and their respective regulatory regimes to networks.

"Verizon's Thomas Tauke on net neutrality" (June 12, 2006) Quote from and link to a Declan McCullagh interview with Thomas Tauke of Verizon about net neutrality.

"Bennett on Free Press net neutrality 'facts'" (June 12, 2006) Richard Bennett shows that the Free Press's network neutrality facts are mostly fiction, argues against the anti-QoS provision of Snowe-Dorgan and Markey in a note to Sen. Boxer, comments on tomorrow's Senate hearing, and on Matt Stoller's acting as a spokesman for admitted ignorance.

"'Hands Off the Internet' writes about me, then thinks better of it" (June 15, 2006) A post from the HOTI blog about me, recovered from Google cache. (Most of the content is actually excerpted from my own blog, with a bit of HOTI commentary.)

"The New Republic supports net neutrality, based on error" (June 15, 2006) The editors of The New Republic join the crowds of net neutrality supporters who incorrectly think that common carriage requirements have applied to ISPs and the Internet.

"Douglas Ross's Network Neutrality Index" (June 16, 2006) A link to an index of blog posts by an advocate of net neutrality regulation.

"Demonization of adversaries is wrong, Matt Stoller"
(June 16, 2006) A criticism of part of Matt Stoller's presentation at YearlyKos.

"Andrew Kantor changes his mind on net neutrality" (June 16, 2006) The USA Today technology columnist no longer supports net neutrality regulations.

"Matt Stoller lies about site blocking"
(June 18, 2006) Matt Stoller falsely attributes a problem between Craigslist.org and Cox's PC firewall software to the kind of discriminatory site blocking he thinks net neutrality regulations are needed to prevent--after already being informed of the real cause.

"Update on Cox blocking of Craigslist" (June 20, 2006) Update on who's said what, and a bit more detail on the underlying problem in which I disagree with placing blame on Craigslist.

"Content providers and ISPs: who really has the stronger hand?"
(June 21, 2006) A look at a case of "reverse network neutrality" involving ESPN360 blocking access to ISPs.

"The future of connectivity options"
(June 22, 2006) Telco 2.0 looks at a variety of business models for different types of connectivity and projections for how they will change in significance over the next decade. It would be a bad idea to impose regulations which stifle innovation by prohibiting some business models.

"Matt Stoller refuses to come clean"
(June 22, 2006) Matt Stoller, caught in falsehood, tries to avoid responsibility for his statements and instead accuses others of being "lying liars."

"A version of network neutrality I can endorse" (June 22, 2006) I attempt to put forth a minimal, non-FCC-regulated version of "Lippard Network Neutrality" that I think is reasonable, and explain how it differs from what many network neutrality advocates are supporting.

"Craigslist no longer uses TCP window size of 0" (July 14, 2006) Update on the Craigslist/Cox issue.

"VoIP quality degradation shows need for prioritization" (July 27, 2006) Brix Networks study shows quality of VoIP calls has declined over the last 18 months due to competition for network resources.

"ACLU incompetence and misinformation on net neutrality" (November 3, 2006) The ACLU comes out in support of network neutrality, making many of the same erroneous arguments which have been debunked here before, such as confusing common carriage with IP-layer nondiscrimination.

"Netroots and telecom" (July 19, 2008) Discussion about the description of the Netroots Nation "Big Telecom" panel and an Art Brodsky column about it.

"New Markey/Eshoo net neutrality bill"
(August 3, 2009) Brief comments on the Internet Freedom Preservation Act of 2009.

Wednesday, June 07, 2006

42 innocent people killed by police paramilitary raids

Radley Balko at The Agitator reports on some examples of innocent people murdered by police (and for some reason they almost never get prosecuted), along with his current research tally:
The tally thus far from my research: 42 innocent people killed in paramilitary raids. 57 if you include police officers. Another 20 were nonviolent offenders (recreational pot smokers, gamblers, etc.) shot and killed either by accident or because they mistook raiding police for criminal intruders and were killed when they attempted to defend themselves, their homes, and/or their families.

Monday, June 05, 2006

Conditions of income mobility

Two studies reported in The Economist (pay content) show that income mobility--the ability for children to be more economically successful than their parents--is much greater in Scandanavian countries and the UK than it is in the United States:
The authors rank countries on a scale from one to zero, with one meaning no mobility at all (ie, a child's income is identical to its parents') and zero meaning perfect mobility (ie, a child's income bears no relation to its parents'). The Nordic countries score around 0.2 for sons, Britain scores 0.36, and America 0.54 (meaning that a son's earnings are more closely related to his father's in America). These figures are roughly in line with the conclusions of other studies, though they have the advantage of using standardised data, thereby minimising problems of definition that usually bedevil cross-country comparisons.

The biggest finding of the studies is not, however, about overall social mobility, but about mobility at the bottom. This is the most distinctive feature of Nordic societies, and it is also perhaps the most significant difference with America. Around three-quarters of sons born into the poorest fifth of the population in Nordic countries in the late 1950s had moved out of that category by the time they were in their early 40s. In contrast, only just over half of American men born at the bottom later moved up. This is another respect in which Britain is more like the Nordics than like America: some 70% of its poorest sons escaped from poverty within a generation.

The Nordic countries are distinctive in one further way: the sons born at the bottom (into the poorest fifth) earn roughly the same as those born a rung above them (the second-poorest fifth). In other words, Nordic countries have almost completely snapped the link between the earnings of parents and children at and near the bottom. That is not at all true of America.

The effect is attributed to two things--welfare programs and education. If the consequences of U.S. policies include not only growing income inequality but declining income mobility, the latter undermines a standard argument for the former, and provides a motivation for changing policies.

(The studies are “Non-linearities in Inter-generational Earnings Mobility” (Royal Economics Society, London) and “American Exceptionalism in a New Light” (Institute for the Study of Labour, Bonn). Both are by Bernt Bratsberg, Knut Roed, Oddbjorn Raaum, Robin Naylor, Markus Jantti, Tor Eriksson, Eva Osterbacka and Anders Bjorklund. The Economist also criticized the U.S. for declining income mobility in 2005, in an article that is available in full without a subscription.)

Sunday, June 04, 2006

Valerie Pachulski and Gabi Plumlee's 2004 GOP contributions

How is it that a 1999 high school graduate, "GOP Babe Val," who recently worked as an administrative assistant for Arizona Right-to-Life had over $10,000 to donate [SEE CORRECTION BELOW] to the Nevada Republican Party between July and November 2004 (also see here) while working as a volunteer for Bush-Cheney '04 Inc. of Las Vegas?

In a May 31 Arizona Republic website feature of restaurant reviews from readers, Pachulski is the contributor and mentions that she has "moved to D.C."

Another Arizona donor of over $9000 to the Nevada Republican Party in 2004 [SEE CORRECTION BELOW], Gabi Plumlee, works for the Republican National Committee in D.C.

UPDATE July 8, 2006: As pointed out in the comments by "Kellen Rose", the Center for Public Integrity website I linked to for "over $10,000 to donate" has things exactly backwards--this isn't a record of donations (though CPI has extensive databases of donations to politicians and political campaigns), but a record of expenditures by the Nevada GOP to out-of-state entities. That is, Pachulski and Plumlee were on the GOP payroll, not making contributions. I failed to see what was staring me in the face on that website.

Accordingly, I apologize to Ms. Pachulski and Ms. Plumlee for my inaccurate statements and the suggestion that there was something unusual going on here. I'll leave this post as a historical record of my error and the correction. It was a stupid mistake.

UPDATE (September 24, 2007): Valerie Pachulski points out that she was not an administrative assistant at Arizona Right to Life, but the Director of Events.

Skeptics Society conference

I've returned from the Skeptics Society conference on "The Environmental Wars," and there wasn't much warring between speakers, though there were some debates among audience members between sessions. The most controversial speaker was John Stossel, who was the only person to proclaim himself a global warming skeptic (and did so without having witnessed any of the day's presentations, which made it abundantly clear that (a) there is global warming and (b) it is caused by human activity). Michael Crichton managed to avoid the global warming subject in his talk, though in the Q&A he agreed that (a) there is no debate that the globe is warming (contrary to the position in State of Fear that it's an artifact of city "heat islands"), (b) there is no debate that CO2 has increased as a result of human activity, and (c) there's no debate about the greenhouse effect.

I'll comment more later on at least some of the talks, but for now I'll refer you to conference presenter Jonathan Adler's live-blogged descriptions of the talks and Chris Mooney's summary of his initial debate presentation.

UPDATE June 7, 2006: Also check out desmogblog's coverage of the conference.

UPDATE (July 18, 2009): Looks like my only further comment was on Jonathan Adler's talk on federal environmental regulation, though I did post this on the JREF Forums on June 30, 2008:
I very much enjoyed the Skeptics Society "Environmental Wars" conference. I thought it was a good mix of long-term history on climate change (Prothero), current scientific evidence on climate change (Schneider), what to do about it from an economic perspective (Arnold), what doesn't work from a regulatory perspective (Adler), what wild and crazy mitigation techniques might be available and what they'll cost (Benford), and a little debate on politicization of science (Mooney vs. Bailey), and a couple of climate change skeptics who didn't really address any of the science presented during the conference (Crichton and Stossel). It was also a chance to see one of Paul MacCready's last public appearances before he died.

Michael Crichton and John Stossel were no Mike Reiss (Simpsons writer who gave a hilarious talk in 2005), but I still thought they provided entertainment.

Part II of Botnets Interview

Part II of my interview on Michael Santarcangelo's Security Catalyst podcast is now available.

(Part I is here.)