tag:blogger.com,1999:blog-13843231.post8811490388100014745..comments2023-06-14T04:31:58.925-04:00Comments on Bouquets of Gray: Why there is room for doubt about Warman and the Cools postUnknownnoreply@blogger.comBlogger22125tag:blogger.com,1999:blog-13843231.post-46493212012984028292008-04-13T09:54:00.000-04:002008-04-13T09:54:00.000-04:00BCL. Yes, when the Rogers proxy rewrote the packe...BCL. Yes, when the Rogers proxy rewrote the packet headers, the user-agent details (os, browser, etc.) were left unchanged. <BR/><BR/>Not all proxies do this. Compare the widget <A HREF="http://bouquetsofgray.blogspot.com/2008/04/browsers-systems-proxies-and-warman.html" REL="nofollow">here</A>, with those <A HREF="http://www.proxylord.com/proxy.php?q=http%3A%2F%2Fbouquetsofgray.blogspot.com%2F2008%2F04%2Fbrowsers-systems-proxies-and-warman.html&hl=1111100001" REL="nofollow">this proxy which forwards user agent details</A> and <A HREF="http://bouquetsofgray.blogspot.com/2008/04/browsers-systems-proxies-and-warman.html" REL="nofollow">this one that fakes them</A>. (The latter two are free proxies, which are set up for cloaking traffic, not web caching.)bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-88276517491732847632008-04-13T09:06:00.000-04:002008-04-13T09:06:00.000-04:00Buckets,I guess my point is, do we know those are ...Buckets,<BR/><BR/>I guess my point is, do we know those are the settings from the home machine (not, for example, the proxy). Although I imagine a proxy would NOT even be equipped with a browser and etc.bigcitylibhttps://www.blogger.com/profile/05081538803991095825noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-10773967361474705402008-04-13T08:27:00.000-04:002008-04-13T08:27:00.000-04:00BigCity. I'll write up a post about this.BigCity. I'll write up a post about this.bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-8609387966526724842008-04-13T08:16:00.000-04:002008-04-13T08:16:00.000-04:00(hit post accidentally; picking up where I left of...(hit post accidentally; picking up where I left off) <BR/>But if there are 10s of thousands of people using each proxy every day, and the proxy that forwards any specific post to a site is fluid, the culpatory value of someone having the same IP over a three month period is greatly diminished.bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-71616986594455580722008-04-13T08:06:00.000-04:002008-04-13T08:06:00.000-04:00Jay. Continuing. If Warman had posted that, the ...Jay. Continuing. If Warman had posted that, the post <I>might</I> have been sent through 66.185.84.204. But if you read Klatt's testimony (which I've reproduced in <A HREF="http://bouquetsofgray.blogspot.com/2008/02/klatts-testimony-or-sometimes-204-200.html" REL="nofollow">this post</A>), there were <I>two</I> IPs involved in Cools post, 66.185.84.204 and 66.185.84.200. (This is a result of load balancing, which I discuss <A HREF="http://bouquetsofgray.blogspot.com/2008/04/load-balancing-at-rogers.html" REL="nofollow">here</A>) And I've shown in multiple posts that these proxy IPs move around under people quite a bit (see <A HREF="http://bouquetsofgray.blogspot.com/2008/03/6618584204-and-promiscuity-of-rogers.html" REL="nofollow">here</A> -- something that the ball-of-string is an attempt to replicate. But if there are 10s of thousands of people using each proxy every day, and the proxy that forwards any specific post to a site is fluidbucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-80835677489101134472008-04-13T07:49:00.000-04:002008-04-13T07:49:00.000-04:00Jay. Thanks for your comment. I'll answer the te...Jay. Thanks for your comment. I'll answer the technical side first on these cache servers. Say you were a Rogers customer. If your computer was set up to use the proxying function (and not all were), and you sent your browser to Kinsella's page, your request would go down the pipe to the server, and it would look to see if it had the page or parts of the page in its cache. If it was there, it'd send you the page. Kinsella would never know that you'd visited.<BR/><BR/>If the page was not in its cache, the proxy would send the request on to Kinsella, but now the headers are rewritten so that it looks like the request was coming from the server instead of from you. (If you're interested in a better explanation and a concrete example of how Rogers' proxies rewrite the header, see <A HREF="http://www.fourmilab.ch/documents/security/incidents/ddos_2004-01/snoops.txt" REL="nofollow">here</A>).bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-73127487281123319842008-04-13T07:35:00.000-04:002008-04-13T07:35:00.000-04:00Erasmus. Yes, the judge will look at other factor...Erasmus. Yes, the judge will look at other factors, including the number of other people who Rogers was sending through this IP. But is there any good reason other than the IP-link to believe this is Warman?bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-18704638909363542902008-04-13T07:31:00.000-04:002008-04-13T07:31:00.000-04:00Buckets, I know you've mentioned the OS/Browser co...Buckets, I know you've mentioned the OS/Browser combination thing occasionally, but how does that fit in?<BR/><BR/>Specifically, how would it be possible to gather from the record on Stormfront that the computer issuing requests THROUGH the proxy had x or y config? <BR/><BR/>Would this information not be about the configuration of the proxy?bigcitylibhttps://www.blogger.com/profile/05081538803991095825noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-27034880910861603542008-04-13T02:33:00.000-04:002008-04-13T02:33:00.000-04:00You raise good point Buckets. As I pointed out in ...You raise good point Buckets. As I pointed out in my post linking you the Statement(s) of Defense are going to have to come to grips with what you are saying.<BR/><BR/>However, I am a bit confused about one matter: cache servers, as I understand it, store the pages users access "locally" so that the lag time can be reduced.<BR/><BR/>Thus, if I commonly go to SDA or the Lying Jackal Kinsella's pages a copy of those pages will be stored on the cache server.<BR/><BR/>What I don't quite get is how, if my understanding is correct, the cache status of the server matters one way or another in terms of Warman's alleged activities.<BR/><BR/>Assume for the moment that Warman had (as we know he had) accessed Stormfront before. The cache server saved the page. The alleged Warman computer was hot to post a little screed on Senator Cools and called the page. It got the page from the cache server and then posted the filth. Which was passed on from the cache server.<BR/><BR/>Nothing abnormal about the tech. And nothing in the least bit exculpatory as to the post.<BR/><BR/>But, as I say, I am not that tech savvy or network knowledgeable.Jay Curriehttps://www.blogger.com/profile/07100960091229282311noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-23414982026461435952008-04-13T02:08:00.000-04:002008-04-13T02:08:00.000-04:00All I am saying is that a judge will weigh other f...All I am saying is that a judge will weigh other factors besides just a pool of people. I have no doubt that people from that IP address posted on FD. Sure, there may be a pool of 70,000. Only Rogers knows for sure.<BR/><BR/>But the question is not one of certainty, as I feel your arguments seem geared towards, but to a balance of probabilities, which is what a judge will look at. All it takes is a judge to say that it was more probably than not. Just given the surrounding facts, even including your data, I think a judge could go either way on it. Thats all.Unknownhttps://www.blogger.com/profile/14859791969895767931noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-80474062063486473712008-04-12T18:01:00.000-04:002008-04-12T18:01:00.000-04:00Erasmus,That evidence is still too dilute to matte...Erasmus,<BR/><BR/>That evidence is still too dilute to matter. If that IP is rarely found on FD proves nothing. As the IP comes from a huge pool of possibilities, even after factoring in reductions for the other criteria, according to <A HREF="http://www.catprint.ca/blog/blog/misc/odds" REL="nofollow">Lance's original math</A>, 12.1% of system configs out there at that time match the one in question, leaving 84,700 possibilities out of the pool of 700,000.<BR/><BR/>As for comparing posts to determine author based upon style... good luck.<BR/><BR/>Clearly, with this information, under a balance of possibilities, Warman is in a good position. To nail him, you would have to trace so close to him that probability would state that it less likely to be anyone else.<BR/><BR/>I know of one online libel case where a defendant claimed to not be the author. The IP was traced to a router. There were three people on the other side of the router who could have written it. That was a problem for the plaintiff, until enough evidence was found to show that the other two were less likely than the defendant. What was critical was that the IP was at least tied to a location. That is not the case here.<BR/><BR/>During the time in question, I was doing posts to FD using Rogers with the same system config as with the Cools post. I did not write the Cools post or anything like it, but there are others I did write which may show up under the same IP. If so, and given that Warman has supposedly admitted doing the Lucy posts, and given that we both deny writing the Cools post, please, prove which one of us did it. Before you answer, throw in the other possible 84,000 systems involved we know nothing about.<BR/><BR/>See the problem?Mark Richard Francishttps://www.blogger.com/profile/16331995640397477486noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-51333144545038076182008-04-12T14:07:00.000-04:002008-04-12T14:07:00.000-04:00The libel laws here need reforming, but with peopl...The libel laws here need reforming, but with people seemingly abusing free speech like this, it's going to get harder to make the case for reforms.<BR/><BR/>*sigh*Mark Richard Francishttps://www.blogger.com/profile/16331995640397477486noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-33770686656301193492008-04-12T13:42:00.000-04:002008-04-12T13:42:00.000-04:00There is room to doubt. Sure.But there are a few ...There is room to doubt. Sure.<BR/><BR/>But there are a few things not in the analysis here. The fact is, none of all these extra people behind this one IP have been proved to post on a that particular message board or blog that resembles anything close to what 90sareover posted or where he posted it. Thus, I think it might be a bit trickier than saying it was a common IP.<BR/><BR/>Further, the meta details of broswer, OS type, etc are the same. And using "Mozilla 4" in 2003. This could get a bit tricky for a judge to sort out.<BR/><BR/>I am not suggesting anyone wrote it or not. But that there is more evidence than merely that there was a large pool of people here/<BR/><BR/>The legal test is not certainty; it is balance of probabilities.Unknownhttps://www.blogger.com/profile/14859791969895767931noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-87472498587145270442008-04-11T22:20:00.000-04:002008-04-11T22:20:00.000-04:00Those this is why, years ago when I had Rogers, I ...Those this is why, years ago when I had Rogers, I could host a (trilobite)website on my own computer using my IP number number?<BR/>Canada's defamation laws clearly favor the plaintiff. That's why the bloggers had to be so careful with their allegations. They weren't.Anonymoushttps://www.blogger.com/profile/13070204620109039321noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-31241190284275397052008-04-11T14:17:00.000-04:002008-04-11T14:17:00.000-04:00Buckets, excellent work.I've made a retraction on ...Buckets, excellent work.<BR/><BR/>I've made a retraction on my original post regarding my mistaken assumption of a DHCP assigned IP and made a new post linking to this site.<BR/><BR/>Good on you.<BR/><BR/>Cheers,<BR/>lancelancehttps://www.blogger.com/profile/14481248175442820597noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-41580349507466417522008-04-11T13:49:00.000-04:002008-04-11T13:49:00.000-04:00Lance also thinks you've got it pegged:http://www....Lance also thinks you've got it pegged:<BR/><BR/>http://www.catprint.ca/blog/blog/misc/meaculpa.htmlbigcitylibhttps://www.blogger.com/profile/05081538803991095825noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-30968323084043117592008-04-11T11:13:00.000-04:002008-04-11T11:13:00.000-04:00I've linked you over at my place, thanks to MWW wh...I've linked you over at my place, thanks to MWW who pointed out your heroic labours. Fine work!Dr.Dawghttps://www.blogger.com/profile/00416571487451925246noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-72962804402763258272008-04-11T09:00:00.000-04:002008-04-11T09:00:00.000-04:00Good work.You know, if you're interested in joinin...Good work.<BR/><BR/>You know, if you're interested in joining the Blogging Alliance of Non-Partisan Canadians, you're most welcome to.James Bowhttps://www.blogger.com/profile/11888307747088266395noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-39071163197498522882008-04-10T21:42:00.000-04:002008-04-10T21:42:00.000-04:00sw. nice to hear from you. keep well.sw. nice to hear from you. keep well.bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-81796646159421986642008-04-10T21:41:00.000-04:002008-04-10T21:41:00.000-04:00Mark. There are some details in Klatt's testimony...Mark. There are some details in Klatt's testimony that seem to me to point towards the basic reliability of the information. He mentions, for example, a shift back and forth between 66.185.84.200 and 204. In light of what I've posted here over the coming weeks, that is believable, and not something that he could make up, even if he were inclined to do so.bucketshttps://www.blogger.com/profile/14335699928912269666noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-6119853981988825132008-04-10T20:07:00.000-04:002008-04-10T20:07:00.000-04:00Hey Buckets. Thanks for doing all this work. It se...Hey Buckets. <BR/><BR/>Thanks for doing all this work. It seems a pity that people are working themselves up into a frothy frenzy over the news that Warman has sued, and very few cool heads are prevailing. I've taken a look at the writ that Ezra has posted on his blog in PDF format. I've made several posts in the last 48 hours about the technical aspects of law that I observe in this process.<BR/><BR/>I think that it is far from likely that the defendants will win in this case. I have not decided which side of the fence I am on... The water has been muddied so much.<BR/><BR/>Your diligent research is greatly appreciated (at least by me) for adding real facts to the situation instead of wild speculation.Somena Womanhttps://www.blogger.com/profile/05010535817469581311noreply@blogger.comtag:blogger.com,1999:blog-13843231.post-9903091267042570312008-04-10T16:57:00.000-04:002008-04-10T16:57:00.000-04:00Given how reliable your work is, Warman seems to b...Given how reliable your work is, Warman seems to be in a good position.<BR/><BR/>One has to also wonder of the veracity of the source of the information. There's no evidence that I haven't seen so far that can't be simply typed up.Mark Richard Francishttps://www.blogger.com/profile/16331995640397477486noreply@blogger.com