Yeah, I'm definitely not in favor of amateur detectives tossing around half-baked allegations. I do find it interesting that despite the massive multi-million dollar dragnet surveillance apparatus, this guy was apparently able to get away without any of the cameras getting a decent photo.
I would be curious what Michael Shermer and others think of some of the more recent scientific investigations, as detailled by Fr. Andrew Dalton on Pints with Aquinas:
I doubt he’d think much of it. I’m about 2/3rds through it. It’s all more of the same and not terribly convincing.
Fr. Andrew Dalton is a Sindonologist(?), somebody who studies the shroud, but not necessarily from a scientific perspective. Sindonology isn’t exactly embraced by Shermer in his article, or, apparently, by the scientific community in general. I hadn’t encountered the term before, but at a glance it seems to have all the scientific rigor of ufology or cryptozoology.
What I’ve heard so far in the video isn’t new evidence, but enthusiastic re-hashing of previous topics that have already been discussed to death. The video offers precisely the kinds of suspicious arguments that Shermer talks about. Exactly, in the case of C14 dating, “French invisible weaves”, and corner-holding-contamination.
I hadn’t encountered the AZ 1 & 2 C14 differences though and I’d be curious to get more details. He only briefly mentions them and doesn’t provide anything further. Fr. Dalton seems to point people to shroud.com which he calls “the most scientific of websites’ - that statement seems dubious at best, and browsing the site doesn’t change my impression.
I do appreciate that towards the end of the video that Fr. Dalton completely acknowledges that there is no evidence dating the shroud to the 1st century. All the other discussion around the “historical facts” surrounding JC, such as the kind of crown we supposedly wore, the kind of cross he supposedly carried, etc. is very eye-brow raising. The discussion of Eucharistic miracles and the prevalence of the AB blood type is similarly…interesting.
At the end of the day the authenticity of the shroud is a matter of faith. Evidence doesn’t seem like it should be important.
Setting aside religious discussion, what I found interesting is that the shroud has a lot of things that we simply cannot explain. For example, we have been unable to replicate the image as it exists (I think he said 200 nm thick), using highly advanced UV technology. If we can't figure it out now, how on earth would someone have created it centuries ago? I found other details, such as the absense of the photo-negative impression where blood stains were, fascinating.
I also thought the debunking of the 1988 "findings" made a lot of sense.
I'm not saying that it is "authentic" in that it is the impression of Christ from the Resurrection. What I am saying is that using our best scientific methods, we still have no explanation for how it came to exist.
I suppose I should ask, what kind of evidence are you looking for that would make something convincing to you?
What happened to personal freedom of letting people choose for themselves how long a certificate should last? Not really liking this trend of large companies making decisions for others and then forcing them on everyone.
I'm not sure how you think certificates work? It's not for 'yourself' - the certificate is an assertion to billions of users worldwide, called relying parties. If you don't care about those, then you can use a private CA. If you do care (and want anyone's browser to work) then it's not a 'personal freedom'.
A lot of CAs are non-american. Also not sure how encrypted HTTP and DNS allows google to snoop on your traffic? If you don't trust google then don't use their eDNS service?
Also in this case, "safety" can be defined as protecting American companies from lawsuits while ensuring they continue to make lots of money from extorting SSL certificate sales.
>while ensuring they continue to make lots of money from extorting SSL certificate sales.
Which IaaS/PaaS providers are doing this? Most of the popular ones I know (ie. not some shady shared hosting reseller using whmcs solutions) lets you upload whatever certificate you want, or has certificates for free/included in the monthly price. In other words they're not going to benefit from shorter lived certificates. In the worst case you can set up cloudflare "flexible SSL" in front of your site and get it for free.
I find it interesting that all of the arguments seem to be about the merits of whether pushing this on everyone is good or not, and they all take for granted that personal freedom does not matter anymore.
I dislike not being able to choose my SSL lifetime for the same reason I do not like a web browser deciding for me if I can use my own CA. In both cases choices are being made for me, whether I like them or not.
And making ourselves completely dependent on those certificate authorities handing out certs. Dystopian, a couple of mega corps deciding who gets a cert and who doesn't.
My site is http-only because I prefer to not be dependent on those certificate authorities handing out certs, because it's been that way for 25 years, because there is zero confidential data on it, and because the issues concerning snooping and ad insertion by intermediates is not a real threat to my limited readership.
However, there is the https-only movement to prevent web browsers from viewing my website, because it it not https and therefore not 'safe'.
This movement overlaps pretty well with the people who don't accept other different certificate authorities.
> However, there is the https-only movement to prevent web browsers from viewing my website, because it it not https and therefore not 'safe'.
Like i said, nothing is stopping you from doing whatever you want other than the fact that other people might not like it, and might choose to treat your website differently. Just like you can choose not to use https, other people can choose not to like sites that don't use https. Freedom goes both ways.
The point is that if the browsers make it hard enough to actually use HTTP sites then it doesn't really matter if the user is OK with that. Same with self-signed certificates or private CAs.
Certificates are particularly painful because it sometimes seems that every program that needs them has its own way to find them. I can't just install in one OS-wide store and say that it should work just like the certificates from the major certificate authorities.
No, I have to install it in Chrome and Firefox. Oh and I've got some Python scripts and some Perl scripts and some PHP scripts that need it, so I've got to put it where they want. And let's not forget curl and wget. And how about thing I'm running in a VM or under Docker? Or database clients.
I thought you were too dismissive with your use of "nothing is stopping you."
There is a big difference between "nothing is stopping you from starting an exercise program" and "nothing is stopping you from being the ruler of the planet" even though the construction is the same.
Sure, but we are talking about open source software you can fork and change however you like, the difficulty level is a bit in the middle. I'd put it more on the level of - if you dont like the food a resturant serves, nothing is stopping you from opening your own. Yes its hard, but certainly not impossible.
Nothing stopping you running your own CA and issuing your own certs.
Your actual problem is that the browser vendors (who decide which certs should live in the root store) have certain criteria which CAs need to meet in order to be trusted.
Why should Firefox / Chrome / etc. have to honour your desire that your arbitrary-length lifetime certs are trusted by default in their browsers? You still have the personal freedom of installing your own CA root if you like.
The networked environment of today is rapidly phasing-out anything not passing through big bulky systems (most of the time these are for-profit firms). While we wait for the moment one of them (like Let's Encrypt or Sectigo or some BS from FAANGs) will become a SPoF and mess up services anywhere, you can always roll a private CA, use SSH tunnels or SOCKS proxies.
The depends where you live, and what the government means. In some places the validity of a passport is written in a law, voted by the parliament; in other it's a operation decision by the government (e.g. the ministry of the internal affairs).
Where I live it's a law voted by the parliament.
Also TLS fingerprints and biometrical data are "hashed" data, if that's what you mean about having in common.
It's got nothing to do with what committee decides what the expiry is and how they then enforce it. The thing that certs and passports have in common is unrelated to whether the issuer is a governmental body or not.
They're both centrally revokable, attested assertions of identity, where the attestation can be validated with the attester offline.
If you try and come up with a design for any system that includes this type of assertion, you'll end up in a place where you'll probably want it to expire and need re-validation at some point. That expiry is a property of the attestation, and is therefore controlled by the person/group doing the attestation. In the case of a passport, this happens to be the government. For a cert, it's the CA.
Passport/ID document expiration dates are decided by law. Therefore it is in fact "the government." Do you think there should be a law limiting the lifetime duration of an SSL cert to 45 days?
The CAB forum is not a company (although it is made up of some) and the government does not set passport max validity lengths (they can make it shorter than 10 years, just like CAs can make certs shorter, but there is a reason no country gives out passports longer than 10 years)
Most important part of the article, in my opinion:
> It’s worth pointing out that the company that owns the foundation model used to make these headshots, Stable Diffusion, is being sued for stealing over 12 million copyrighted photos to train it with.
I have to question how much these AI tools are profiting off stolen data.
I wonder if people have forgotten the legal grounds on which the US claimed jurisdiction. I may be misremembering, but I think it was because megaupload.com was registered as a .COM, and the .COM top level domain is owned by Verisign, an American company, and therefore the US has jurisdiction over it.
I guess one lesson from this is that running out of .COM domain names is not a bad thing, because it reduces the grip the American empire has on the internet.
It doesn't really matter because, as the dominant world power and arbiter of the world's currency, the US can invent legal grounds to do pretty much anything to anyone.
The US government is so powerful, they are the only country that enforces a draconian global taxation scheme on any citizen or person who has ever held a US green card, even after they permanently leave the country. The US treasury will withhold the ability to transact in US Dollars from any country that does not report the holdings of US-adjacent persons every single year.
If you think you're out of reach of a country that treats their own citizens as criminals by default the minute they leave the country, I have some swamp land in Florida to sell you.
USA can't tax non-citizens. Revoke citizenship if you really don't want to pay. That comes with a lot of downsides though (no more US passport, no getting rescued by the US if you wander into North Korea, etc), which implies the taxes aren't for nothing just because you live out-of-country.
> USA can't tax non-citizens. Revoke citizenship if you really don't want to pay. That comes with a lot of downsides though (no more US passport, no getting rescued by the US if you wander into North Korea, etc), which implies the taxes aren't for nothing just because you live out-of-country.
The USA can, and does, tax non-citizens. Many countries tax non-citizens. Go out and buy a foreign stock-they will tax you on earnings or dividends. Go visit a country and pay the local sales tax.
If I don't complete my FACTA compliance forms with my Australian bank every 2-3 years to (re)confirm that I am an Australian, living in Australia, using my Australian bank account then my bank will withhold certain amounts to cover my supposed obligations to the IRS.
Sure smells a lot like levying tax on non-citizens living in other countries.
> I did not see that in his comment. He said tax. You are making a pretty big leap.
No, that's exactly what I meant. It's implied from context that I am talking about taxation of people living in other countries. The bit I was directly replying to from root post:
> The US government is so powerful, they are the only country that enforces a draconian global taxation scheme on any citizen or person who has ever held a US green card, even after they permanently leave the country.
So I replied:
"USA can't tax non-citizens. Revoke citizenship if you really ..."
Dodging taxes is not a valid reason to renounce citizenship in the US of A and having renounced citizenship for of "tax reasons" is a question on the standard ESTA form. If you check "yes", you can't enter the US.
So, legally speaking, you not only lose citizenship but also the right to ever step foot on American soil again, no matter which other citizenship you gain.
Of course, you can just lie about your reasons on the forms.
> enforces a draconian global taxation scheme on any citizen or person who has ever held a US green card, even after they permanently leave.
That's not quite true. If you _return_ your green card ("abandon it"), you no longer have to pay taxes. This makes sense as a parallel to being a US citizen, who would pay taxes even if they lived abroad.
I'm not saying it's right, but we need to be accurate.
That's false. FATCA only applies to American taxpayers like U.S. businesses[1], citizens, greencard holders, and other residents [2]. It does not apply to nonresident illegal aliens, former citizens, or nonresident former greencard holders.
[1] In this context, including foreign businesses that file a U.S. tax return.
[2] Note that for FATCA purposes, if a person is a US taxpayer for any portion of the year, they are subject to FATCA compliance purposes for that tax year no matter how much of that year was actually spent as a US taxpayer. However, if they are not a US taxpayer at the end of the year, they would not be subject to FATCA compliance for the following year.
Yes, theoretically. Practically though when one applies to open an account they will be asked "do you have or have you ever had a US address or phone number? Have you ever had a greencard? Have you ever had SSN? Were you a subject to US taxation?" and single YES would lead to rejection.
For banks which make a few bucks per year per customer dealing with anyone who remotely could be a subject to FATCA is just not worth it.
FATCA does not apply once you are no longer a US taxpayer. Moreover, the FATCA regime has been copied by so many other countries (including the EU) that there is now a global version of FATCA called CRS (and the procedural system for implementing CRS is known as AEOI).
FATCA is now considered the least burdensome implementation of CRS, which has been implemented by all OECD countries, China, India, and Brazil.
If a bank is turning you down because you answered "YES" to the FATCA question, the problem isn't FATCA. The bank is trying to avoid an audit and it's a huge red flag not to do business with them.
The fact that some countries started mimicking FATCA does not make it less idiotically counterproductive and stupidly wasteful.
Not to mention it undermining international law and making this world less stable of course.
Banks are run by people and they are private businesses. Humans don't follow laws like computers follow instruction, we are flawed creatures. Businesses will mitigate risks wherever possible, and refuse to work with customers who carry added risk all the time.
While in theory this shouldn't be causing people trouble and preventing people from getting locked out of the banking system or forcing them into unfair agreements, in reality, it is.
It turns out government regulation has unintended consequences. Just because it's "wrong" for them to interpret the regulation in this way, doesn't change the fact that many many established, legitimate banks are doing it "wrong." Nor does it help the people suffering the consequences to point your finger back at the wording of the regulation and say "Ackshually..."
It really is that simple. This has been part of my job for the past decade+ and it has not been an issue for Americans to open up bank accounts in foreign countries at respectable banks in at least a decade.
If a foreign bank won't open an account for you because you were once American, the problem is that the bank has something to hide. Full stop. End of story.
> The US government is so powerful, they are the only country that enforces a draconian global taxation scheme on any citizen or person who has ever held a US green card […]
While it may be true that they are the only ones able to do it effectively, there are some other countries with citizenship-based taxation. According to Wikipedia[0] these currently are:
Hungary, Eritrea, Myanmar and Tajikistan
Some other countries have similar policies for tax heavens.
And then there is FATCA and CRS : when opening a bank account for my non-profit I had to answer 15 pages of questions related to me, other directors and the non-profit itself. I'm a non-US citizen outside of the US.
>The US government is so powerful [...] can invent legal grounds to do pretty much anything to anyone
Sounds like what a totalitarian king would do.
"In vain they change from a single person to a few. These few have the passions of the one; and they unite to strengthen themselves, and to secure the gratification of their lawless passions at the expense of the general good. In vain do we fly to the many. The case is worse; their passions are less under the government of reason, they are augmented by the contagion, and defended against all attacks by their multitude." - Edmund Burke, 1756.
"Megaupload is based in Hong Kong, but some of the alleged pirated content was hosted on leased servers in Ashburn, Va., which gave federal authorities jurisdiction, the indictment said." - Jun 25, 2012
> As of December 2019, Eritrea, Marshall Islands, Nauru, Palau, San Marino, and WTO Observer countries Iran, Iraq, Ethiopia, Somalia, and South Sudan are not a party to any copyright convention.
If you run a service that allows people to upload data, you are hosting pirated content. The DMCA was specifically designed to address this, to create a system whereby those who host data are not on the hook for every violation. The issue is not that you host pirated content but whether you are following all the rules necessary to enjoy safe harbor protection.
If you look into the case, this wasn't a situation in which they accidentally hosted pirated content as a byproduct of hosting legitimate content. There are records of internal communication of the business discussing how to encourage piracy on the platform. This wasn't early Youtube turning a blind eye to piracy with plausible deniability. This was a business consciously and intentionally using piracy as a growth strategy.
Piracy as a growth strategy was very common at the time. Everyone, including Youtube, was just rushing to stay on top long enough to translate piracy into money sufficient to keep the lawyers away a few days longer.
>> Karim left YouTube before Google bought it in 2006. But he kept YouTube e-mail on his personal computer, enabling Viacom to obtain correspondence that Hurley had said he lost, according to court documents. [..] In a July 29, 2005 e-mail, Chen advised Hurley and Karim to "steal it!" in an apparent reference to an unidentified video clip, according to the court documents. After Hurley asked if he wanted to steal movies, Chen replied, "haha ya. Or something."
>> Google had its own copyright reservations about YouTube before it struck a deal. Internal documents obtained by Viacom quote Google executives describing YouTube as "a 'rogue enabler' of content theft" and warning the site "is completely sustained by pirated content."
"Plausible deniability" was the key phrase in my original comment. A one off person abusing the system (before the Google purchase) or Google executives recognizing that "[Youtube] is completely sustained by pirated content." is not the same thing as having corporate policies designed to encourage piracy like Megaupload did.
> I may be misremembering, but I think it was because megaupload.com was registered as a .COM, and the .COM top level domain is owned by Verisign, an American company, and therefore the US has jurisdiction over it.
You are definitely misremembering and spreading FUD backed by your biases.
He was hosting illegal material on servers geolocated inside the US. I'm sure if someone were producing and distributing illegal material (let's use the extreme example: child pornography, for instance) on NZ servers and networks, NZers would want to see them extradited.
Was he hosting illegal material, or simply creating a platform where such material could be held? If you post child porn on Facebook, I assume you would get sent to jail, not Mark Zuckerberg. It seems that Kim Dotcom is in a similar position.
Facebook wasn't created with the primary intention of hosting illicit material (Kim Dotcom actively made statements along those lines) and doesn't facilitate + protect the hosting of such materials. You can be damn sure that if Facebook refused removal requests for copyrighted videos, that they (and Zuckerberg) would be in hot water.
You can try to pettyfog the case and move goalposts all you like, each time one of your points/misunderstandings is debunked, however it's pretty clear what he was doing. And, more importantly to the original point, the laws/extradition would apply similarly to any nations with the same IP laws; "empire" or not.
I'm not trying to move goalposts, I was simply looking for clarification.
A couple points.
First, wasn't there a huge issue where the data centers had money problems because the FBI (or some agency) was forcing them to retain all the data, as they didn't actually know for sure what was there? Or am I wrong and they had a list of specific files hosted on specific servers and were able to use that to demonstrate wrongdoing? Just because I say I'm going to hack the Gibson, doesn't mean I actually do it.
Second, there is a real jurisdiction issue here. Kim Dotcom is a German citizen based in New Zealand. The servers themselves are (or were) hosted in the US. Did Kim Dotcom himself upload anything to them? I can absolutely see the case for shutting down servers that might contain illegal data. I don't see the case for extraditing someone to the US for allegedly breaking a law that applies neither to his country of origin nor residence.
Also, I'm not sure why you're being so angry with me, I'm just looking at the facts. I do have a bias, but I'm not moving any goalposts, just making sure we discuss the actual issues at hand.
If we remove the digital aspect of it. What do you think the US would do if Kim let anonymous people send him DVDs and albums over snailmail and he would burn and mail them to anyone who requested it?
Personally I find safe harbour arguments very weak when the service provider allows anonymous sharing.
If you want to make a proper analogy, it would be more like living in NZ and owning a store in the US that receives DVDs and blindly mails out burnt copies as requested.
But we don't need to wonder what the US would do in such a scenario, since we already know. What's being discussed is not that the Internet being in the way somehow changes things, but that countries shouldn't be able to override jurisdictions like this. If other countries had balls, the most the US could do is ask for a person to be tried in the country they were in when the event in question happened, under that country's laws. What, the US now has jurisdiction over every living person? Anyone can be accused and tried in the US despite never having set foot there?
> What, the US now has jurisdiction over every living person? Anyone can be accused and tried in the US despite never having set foot there?
If they choose to operate in/through that country, yes. If he never illegally hosted anything on a server within US jurisdiction, they would never have an argument.
Your entire argument is akin to "oh, I hired someone to kill a guy in the Germany, but I'm in China so...too bad". They only care because someone was killed (pirated material was hosted) in Germany, breaking Germany's laws.
You're delusional if you think other countries wouldn't make the same claims. And it's on the recipient country to agree or not. Plenty of countries deny extradition to the US all the time, just look at Roman Polanski.
>Your entire argument is akin to "oh, I hired someone to kill a guy in the Germany, but I'm in China so...too bad". They only care because someone was killed (pirated material was hosted) in Germany, breaking Germany's laws.
What would normally happen in that case is that one country would present evidence to the other country, which would then prosecute under its own laws and court system, since hiring assassins is illegal everywhere. You're the one who's delusional if you think countries have free reign to impose their laws on people who are not physically there. It's called sovereignty. What NZ is doing here is saying that it's the US's bitch.
It seems like the only way to get health insurance in the US that actually helps you get health care is to get elected to Congress.