Senate voting in Oz is a real PIA, as it isn't unusual to have 60 or 70 candidates, and you have two options - put a "1" against your perferred party, and let the party allocate any over votes, or check each of the 70 boxes individually. Must be an absolute nightmare for the invigilators, but that's what they get paid for;)
There is a marked difference between what the law says, and what the political parties tell the electorate on the issue of voting the whole tab, BTW. As CrankyOldBastard says, legally, you can miss out numbers and still be counted, but a couple of years ago there was a case of someone advocating that method of voting being very quickly silenced by the government - they don't like it at all.
The rest of us do have another party - the Liberal Party, which, contrary to the naming used, is the party of the right-to-ultra-right. Home of homophobia, anti-abortion, pro-war, anti-boat people, anti-public ownership of anything, anti-public spending on anything (except defence and the police forces).
The national Party (the Nats) are the only right wing socialists in the world. They allie naturally with the Libs in most of the country, but when it comes to subsidies for farmers, they're right up there alongside the old Soviet Union Farmers party with the begging bowl out.
The Liberals have become the Libs, but the Nats had to change their name (from the Country Party) before they could shorten theirs!
The difficult bit about that would be to identify the communication protocol that they were using. What are the chances that not only do their seven layers match ours, but that they use the same bits and bytes we use to mean the same things? We wouldn't even know if their protocol was based on 8 bit characters, or something else - like 256 bit characters, for instance, especially if they used a character set as complex as, say, Kanji.
I agree whole heartedly with bladesjester. I have in-laws overseas, and apart from being fairly computer illiterate (same age group as me, but relatives of my dear computer smasher-upper wife), they are not wealthy enough, or interested enough, to buy a new computer. They'll keep working with Windows 95, and when it eventually dies, they'll put the computer in the loft of their houses, and that'll be the end of their computer "experience". They'll mark it down to "computers are no good - when they break down, they can't be fixed", and probably never look at a computer again.
As for getting them hooked into Linux - no chance! It might be free, but they have probably never heard of it, think that if it is free then there must be something wrong with it, and have no idea at all where they could get a copy of it, or what they would do with it if they did. JC, these people don't even have CD drives, much less DVD drives, and a free set of Ubuntu floppies can be obtained where?
I think that the treatment of the Australian voting system has been a little simplistic, as there are other factors at work, as well as compulsory voting.
1. To win, a candidate must muster at least 50% + 1 of the number on his or her electoral role to secure the seat.
2. The vote is a SINGLE, TRANSFERRABLE VOTE, which means that for a ovte to be valind (and ocunted) it must list the voter's preferences from 1 to the last person on the ballot paper. Any missed candidates will render the vote invalid.
3. After the initial count, if no silgle candidate hass the magic 50% +1, the person with the least number of votes is eliminated, and the vote preferences are allocated to the other candidates, based on that person's voter's second preferences. This process, eliminating the bottom candidate, and allocating those votes based on next highets preference, goes on until one candidate has the mandatory 50% +1 vote.
4. Voting rolls are not within the control of any political party - the voting rolls are maintained by a federal department, which does not include political appointees (well, not officially), and there is open scrutiny of the rolls at all times.
5. The candidates in the election are all able to provide scrutineers to the count(so apart from so-called "drover's dog" electorates ("If it wore the right political colors, even a drover's dog could get elected in this constituency, there are scrutineers at all counting ststions).
6. Party advertising is not allowed inside the polling stations - party people can distribute their stuff outside, but not inside.
7. In federal and stae elections, people don't directly vote for the Prime Minister or state Premier, but that office is held by the leader of the majority party in the state or federal parliament. so, voting tends to be on party lines, and the chances of a good candidate of the "wrong" political persuasion getting up against a bad candidate of the "right" political persuasion is always very poor.
8. As a corrollory to 7., if you live in a marginal seat (one that changes election to election, or which may change with a smallish swing), your vote is worth commensurately more than if you live in a "safe" seat.
In all the companies that I have been involved with, I have always been involved on the application software side, and my responses are, of course, application software oriented. The type of hardware (generally) that you are talking about would not fit the same sort of security mould as does the software, and for that stuff, you are, of course, quite right. I have no hardware security responsibilities, and tend to overlook them as "not my worry", I'm afraid. You blind sided me, and quite rightly so.
Having said that, and NOW putting the caveat that what I am referring to is software security, on big iron, on midi's, on PCs, on client-server applications, on web-based application, do you still have a problem with my statements?
"law" interspersed with 1916, my mother's maiden name interspersed with her date of birth
"aslackby" (my place of birth)interspersed with "60" - my current age
"Jeparit" (where I lived for many years, interspersed with the year we moved there.
No, I don't use any of them, but just give them to you as suggestions of how you can generate seemingly random passwords that are easy to remember, but hard for a third party to crack.
And no, I don't rotate passwords - where they really count, I always generate a new one when the old one runs out - I have absolutely no idea what length of cycle my company uses for passwords, because I've never attempted to find out - I do know that you just can't reuse the last one when it runs out, and i also know that it is cyclic in some manner, because I've asked.
And why don't I know? Because I have no need to know, and good security uses "need to know" as a guideline, always.
"About point 1: What if the system doesn't allow for multiple administrative passwords (like i.e. a router or a network device)? Do you really want the one password to be known by just one person that can be on vacation or under the mythical overuling bus?"
No, but at what level is the security of your one-password box? If it requires real security, then if it only offers single password access, it probably isn't the one you want to use.
"About point 2: If it's going to be a one-shot change, then why "reset" it; just give it a new one and don't change it; it doesn't add nothing. On the other way, what about devices that just can't apply a policy regarding their default password? Remember the military addagio: Mandate only what you are sure you can enforce."
Yes it does. The person who sets it could possibly tell someone about the new password, but the only way to actually use it is to immediately change it, so the person who's password it is will still not have access, at which point it is pretty good policy to declare a security breach, and change it again immediately. Indeed, until the owner of the password has actually changed it, it must be treated as "at risk"
"About point 3: how is it that you are able to stablish a max for password life? Doesn't it depend on the strengh of the security system? On it's sensibleness? On the awareness of a breakeage? On sociological aspects like the fact that people WILL choose weak passwords or they WILL write down on easily accesible places if forced to change them too frecuently (for a variable range of "frecuently")?"
Programmatically, it's not difficult with modern systems to start prompting for a password change a certain number of days before the password expires, and to block the user if the password isn't changed by the expiry date. If someone writes down their password and puts it on the base of their PC (or where ever) that is their responsibility. The system has provided all the security it can, and if that userID is breached, it will be pretty obvious why it was breached, and action can be taken to rectify it - such as re-education of the person involved.
"About point 4: Just redundant. If only one can know a password, it's obvious you can share it with an administrator, not even when/if she sets it, thus, only the user himself can set it (and change it)."
Not sure I understand your reasoning in this one, but if you meant "you can't share", then yes, this is reiteration of a previous point, I suppose.
"About point 5: If the password is to be used, even if it's only a one-shot, it can be used by whoever happens to know it... like the support personnel that resets it."
But once the support person has reset it, what can they do? The user still doesn't have a password, and it soon becomes obvious that any activity using that userID (and you DO log all activities against users, don't you?) must have been carried out by someone else. How many occurrences like this would it take for even the most dim witted to notice a pattern, and do something about it? Anyway, a well secured shop will be using an automatic password generator, and the only person able to see the password will be the person who opens the e-mail that it is transmitted in (automatically, by the system). And because those automatically generated passwords are so horrible, there is yet another reason to force the change as soon as it is used.
"About point 6: Simple naivety. So you really think that when you are in a hurry/critical situation you should wait for a "security officer" to produce a "written permission" to access the resource? What kind of "urgent access" is this?"
No mention of a "security officer" - I said Company officer, and in our company, that means one of the VPs, and yes, that's exactly the way they say that they want it. One is available 24 hours a day, as we are a world wide corporation, on three continents.
"About point 7: Tell it to any device with just a numeric pad
Ah, so, security-wise, you started out well behind the 8 ball, by the sounds of things. Not much you can do if the architecture doesn't allow it, but even then, the next releases shoul, with the hackers and nasties out there today, move towards more modern prevention techniques.
Some of these phone spammers (phammers?) are truly revolting. A work coleague of mine told me of his 17 year old daughter's experience with a phone spammer from the Indian sub-continent, who, between the "No, we're not interested", and hanging up was asked by the lady on the other end "Do you bleed yet?"
Unfortunately, she didn't get the name of the company calling, because if she had, you can be sure that it would have made the front pages of the press. Because that's unprovoked harrassment, any way you look at it!
Unfortunately, if someone does crack your list of words and numbers, feeds them into any sort of password constructor, and then hammers your account to get in, unless it has a set limit of login attempts (and a lot don't) then it will eventually crack it, regardless of how smart you have been in constructing it. That is why it is best to build your password using different "sources" each time, and do it frequently.
Then your rules for the construction of passwords is not well enough described to give the user the latitude they need without allowing them to use their wife's maiden name or youngest daughter's pet name as the password.
If I used 1l9a1w6 as a password, would it mean anything to you? Could it be cracked easily? It looks random - well it's my Mother's maiden name interspersed with her year of birth. Next month it could be as6lack0by, which I would find just as easy to remember, but which would confuse most hackers. Or how about j2e5p9a1rit, also meaningless to you, but easy enough for me.
Expiring passwords frequently is absolutely essential to protection of user IDs. Don't believe me - go to Visa's site and have a look at what they insist for a company to handle transactions on their account (http://www.visa-asia.com/ap/center/merchants/risk mgmt/includes/uploads/ap_pci_data_security_standar d_1.pdf) Visa's Payment Card Industry manual - look at Requirement 8 on page 10, specifically sections 8.4 and 8.5.
Does it work? Yes, it works, and it isn't even all that difficult to deploy. The document I'm pointing to relates to financial transactions, but works equally as wll for any type of situation where password control is important.
Funnily enough, we could be working in the same company. Multiple clients spread over 3 continents.
In fact, I think you missed the point. NO passwords should be kept anywhere. If someone forgets his or her password, it's reset, and even the person resetting it does not have access to anything underneath it. The techs don't need to know the password (in our company, if you blurt out a password to a tech, it's an instant password reset, and they all abide by that). The techs never even see the password - it's system encrypted and automatically sent to the e-mail address registered to the user, which the tech doesn't know, and can only be used by the user to access the password change procedure, so it isn't even a real password. The beauty of the system is that if someone DOES manage to intercept the password, then they may use it to lock out the intended user, but will be stopped when the intended user tries to use it, and has it rejected. THEN the tech has the drains up to find out who's intercepting the password email.
Works like a treat.
Part of my responsibility is related to information security, and as such, I have been exposed to a number of propositions related to password security. The bottom lines are that:
1. No two people should EVER share a password -passwords must be individual, otherwise they have little or no meaning.
2. Every time a password is reset, it must be a "one-shot" reset, forcing the user to change it again before he/she can use it
3. Passwords must be changed every 90 days (maximum), and there must be a certain length of time before the same password can be reused.
4. The user must be the one who is forced to change the password, and it must not be shared with anyone.
5. The support point must have the ability to reset passwords, but not to use the account once the password is reset.
6. In case of requiring urgent access to someone's individual password, that must not be made available without an explicit directive from a company officer, in writing, before the support point will reset the password and give the reset password to anyone other than the user whose password it is.
7. Passwords must at a minimum be 7 characters in length, and contain at least one alpha character, and one numeric character. If you want to piss someone off, use a password generator to create a random password whenever the password has to be renewed - people like to have a password that they have at least a chance of remembering, but this is more secure.
Do that, and you'll have some level of security. Use your password vault, with shared passwords, and you might just as well not use anything.
There is a very noticable difference in penalties for crime against people versus crime against property, and it appears that to our lawmakers, enforcers and judiciary, there is more emphasis nowadays in favour of punishing people who commit crimes against property.
Having said that, there is also a very flexible set of values that are placed on human lives. If you shoot some poor individual known to no-one, I can just about guarantee that the enforcers will put less effort into catching you, and the judiciary will put you behind bars for fewer years than if you manage to get to some really highly placed person, with good media coverage, and do the same thing (especially if the person involved has political connections, and is part of the currently ruling political faction in your country).
Steal a couple of million dollars (while not in control of a multi-national corporation) and the chances are, you're going away for a significant stretch.
"Piracy is one thing, but making a buck off of it is something else entirely" - is entirely an attitude that is just plain wrong, IMHO. I'm not personally picking on DDLKermit007, but this is a common attitude amongst people - that it is OK to pirate a copy of something for "personal use", but selling it on is somehow a no-no.
Sure, I suppose we've all used "evaluation copies" at one time or another, and this, unless the evaluation copy is posted out there by the owners, is also piracy. Stupid law, but piracy (or theft, to give it its proper(ish) title).
And then, when we've found that the software does what we want it to do, we go out and buy it, don't we? Well, yes and no. If it's fully working on the PC, and there are no knobbled features, and no nag ware in it, well then, what's the harm in just letting it go, and keeping on using it? It's piracy - that's what the problem is.
And all because the company that owns the software doesn't make a demo version, so we "have" to get the key or the crack so that we can use the "real" version.
Look fellas, even Microsoft appears to have (finally) understood that the old "try before you buy" is a good idea, and are hustling Windows Vista, Office 2007, and Good Ol' FS's latest incarnation as either feature or time limited demos.
And once Vista, for instance, goes live, who can use the defence "I only cracked it so that I could try it out".
Perhaps the time is coming when you'll be able to give just about any software a try before you buy, and the sooner that is a reality, the sooner the penalty that bites the real pirates will become a reality.
In late breaking news, MicroSoft (R) applies for patent on Pig-Latin, Pig_English and Pig-Ignorance. Claims that the first 2 are based heavily on the third, at which MS have been masters for many years!
Slashdot Mirror
There is a marked difference between what the law says, and what the political parties tell the electorate on the issue of voting the whole tab, BTW. As CrankyOldBastard says, legally, you can miss out numbers and still be counted, but a couple of years ago there was a case of someone advocating that method of voting being very quickly silenced by the government - they don't like it at all.
The rest of us do have another party - the Liberal Party, which, contrary to the naming used, is the party of the right-to-ultra-right. Home of homophobia, anti-abortion, pro-war, anti-boat people, anti-public ownership of anything, anti-public spending on anything (except defence and the police forces).
The national Party (the Nats) are the only right wing socialists in the world. They allie naturally with the Libs in most of the country, but when it comes to subsidies for farmers, they're right up there alongside the old Soviet Union Farmers party with the begging bowl out.
The Liberals have become the Libs, but the Nats had to change their name (from the Country Party) before they could shorten theirs!
Naah, I think he wants more money spent on dances, or ballrooms. Must be something to do with all those hardons!
The difficult bit about that would be to identify the communication protocol that they were using. What are the chances that not only do their seven layers match ours, but that they use the same bits and bytes we use to mean the same things? We wouldn't even know if their protocol was based on 8 bit characters, or something else - like 256 bit characters, for instance, especially if they used a character set as complex as, say, Kanji.
And that's why the contents was posted as ""!
As for getting them hooked into Linux - no chance! It might be free, but they have probably never heard of it, think that if it is free then there must be something wrong with it, and have no idea at all where they could get a copy of it, or what they would do with it if they did. JC, these people don't even have CD drives, much less DVD drives, and a free set of Ubuntu floppies can be obtained where?
1. To win, a candidate must muster at least 50% + 1 of the number on his or her electoral role to secure the seat.
2. The vote is a SINGLE, TRANSFERRABLE VOTE, which means that for a ovte to be valind (and ocunted) it must list the voter's preferences from 1 to the last person on the ballot paper. Any missed candidates will render the vote invalid.
3. After the initial count, if no silgle candidate hass the magic 50% +1, the person with the least number of votes is eliminated, and the vote preferences are allocated to the other candidates, based on that person's voter's second preferences. This process, eliminating the bottom candidate, and allocating those votes based on next highets preference, goes on until one candidate has the mandatory 50% +1 vote.
4. Voting rolls are not within the control of any political party - the voting rolls are maintained by a federal department, which does not include political appointees (well, not officially), and there is open scrutiny of the rolls at all times.
5. The candidates in the election are all able to provide scrutineers to the count(so apart from so-called "drover's dog" electorates ("If it wore the right political colors, even a drover's dog could get elected in this constituency, there are scrutineers at all counting ststions).
6. Party advertising is not allowed inside the polling stations - party people can distribute their stuff outside, but not inside. 7. In federal and stae elections, people don't directly vote for the Prime Minister or state Premier, but that office is held by the leader of the majority party in the state or federal parliament. so, voting tends to be on party lines, and the chances of a good candidate of the "wrong" political persuasion getting up against a bad candidate of the "right" political persuasion is always very poor.
8. As a corrollory to 7., if you live in a marginal seat (one that changes election to election, or which may change with a smallish swing), your vote is worth commensurately more than if you live in a "safe" seat.
Hope that clears it up a bit.
In all the companies that I have been involved with, I have always been involved on the application software side, and my responses are, of course, application software oriented. The type of hardware (generally) that you are talking about would not fit the same sort of security mould as does the software, and for that stuff, you are, of course, quite right. I have no hardware security responsibilities, and tend to overlook them as "not my worry", I'm afraid. You blind sided me, and quite rightly so.
Having said that, and NOW putting the caveat that what I am referring to is software security, on big iron, on midi's, on PCs, on client-server applications, on web-based application, do you still have a problem with my statements?
"aslackby" (my place of birth)interspersed with "60" - my current age
"Jeparit" (where I lived for many years, interspersed with the year we moved there.
No, I don't use any of them, but just give them to you as suggestions of how you can generate seemingly random passwords that are easy to remember, but hard for a third party to crack.
And no, I don't rotate passwords - where they really count, I always generate a new one when the old one runs out - I have absolutely no idea what length of cycle my company uses for passwords, because I've never attempted to find out - I do know that you just can't reuse the last one when it runs out, and i also know that it is cyclic in some manner, because I've asked.
And why don't I know? Because I have no need to know, and good security uses "need to know" as a guideline, always.
No, but at what level is the security of your one-password box? If it requires real security, then if it only offers single password access, it probably isn't the one you want to use.
"About point 2: If it's going to be a one-shot change, then why "reset" it; just give it a new one and don't change it; it doesn't add nothing. On the other way, what about devices that just can't apply a policy regarding their default password? Remember the military addagio: Mandate only what you are sure you can enforce."
Yes it does. The person who sets it could possibly tell someone about the new password, but the only way to actually use it is to immediately change it, so the person who's password it is will still not have access, at which point it is pretty good policy to declare a security breach, and change it again immediately. Indeed, until the owner of the password has actually changed it, it must be treated as "at risk"
"About point 3: how is it that you are able to stablish a max for password life? Doesn't it depend on the strengh of the security system? On it's sensibleness? On the awareness of a breakeage? On sociological aspects like the fact that people WILL choose weak passwords or they WILL write down on easily accesible places if forced to change them too frecuently (for a variable range of "frecuently")?"
Programmatically, it's not difficult with modern systems to start prompting for a password change a certain number of days before the password expires, and to block the user if the password isn't changed by the expiry date. If someone writes down their password and puts it on the base of their PC (or where ever) that is their responsibility. The system has provided all the security it can, and if that userID is breached, it will be pretty obvious why it was breached, and action can be taken to rectify it - such as re-education of the person involved.
"About point 4: Just redundant. If only one can know a password, it's obvious you can share it with an administrator, not even when/if she sets it, thus, only the user himself can set it (and change it)."
Not sure I understand your reasoning in this one, but if you meant "you can't share", then yes, this is reiteration of a previous point, I suppose.
"About point 5: If the password is to be used, even if it's only a one-shot, it can be used by whoever happens to know it... like the support personnel that resets it."
But once the support person has reset it, what can they do? The user still doesn't have a password, and it soon becomes obvious that any activity using that userID (and you DO log all activities against users, don't you?) must have been carried out by someone else. How many occurrences like this would it take for even the most dim witted to notice a pattern, and do something about it? Anyway, a well secured shop will be using an automatic password generator, and the only person able to see the password will be the person who opens the e-mail that it is transmitted in (automatically, by the system). And because those automatically generated passwords are so horrible, there is yet another reason to force the change as soon as it is used.
"About point 6: Simple naivety. So you really think that when you are in a hurry/critical situation you should wait for a "security officer" to produce a "written permission" to access the resource? What kind of "urgent access" is this?"
No mention of a "security officer" - I said Company officer, and in our company, that means one of the VPs, and yes, that's exactly the way they say that they want it. One is available 24 hours a day, as we are a world wide corporation, on three continents.
"About point 7: Tell it to any device with just a numeric pad
Ah, so, security-wise, you started out well behind the 8 ball, by the sounds of things. Not much you can do if the architecture doesn't allow it, but even then, the next releases shoul, with the hackers and nasties out there today, move towards more modern prevention techniques.
Unfortunately, she didn't get the name of the company calling, because if she had, you can be sure that it would have made the front pages of the press. Because that's unprovoked harrassment, any way you look at it!
Unfortunately, if someone does crack your list of words and numbers, feeds them into any sort of password constructor, and then hammers your account to get in, unless it has a set limit of login attempts (and a lot don't) then it will eventually crack it, regardless of how smart you have been in constructing it. That is why it is best to build your password using different "sources" each time, and do it frequently.
If I used 1l9a1w6 as a password, would it mean anything to you? Could it be cracked easily? It looks random - well it's my Mother's maiden name interspersed with her year of birth. Next month it could be as6lack0by, which I would find just as easy to remember, but which would confuse most hackers. Or how about j2e5p9a1rit, also meaningless to you, but easy enough for me.
Expiring passwords frequently is absolutely essential to protection of user IDs. Don't believe me - go to Visa's site and have a look at what they insist for a company to handle transactions on their account (http://www.visa-asia.com/ap/center/merchants/risk mgmt/includes/uploads/ap_pci_data_security_standar d_1.pdf) Visa's Payment Card Industry manual - look at Requirement 8 on page 10, specifically sections 8.4 and 8.5.
Does it work? Yes, it works, and it isn't even all that difficult to deploy. The document I'm pointing to relates to financial transactions, but works equally as wll for any type of situation where password control is important.
In fact, I think you missed the point. NO passwords should be kept anywhere. If someone forgets his or her password, it's reset, and even the person resetting it does not have access to anything underneath it. The techs don't need to know the password (in our company, if you blurt out a password to a tech, it's an instant password reset, and they all abide by that). The techs never even see the password - it's system encrypted and automatically sent to the e-mail address registered to the user, which the tech doesn't know, and can only be used by the user to access the password change procedure, so it isn't even a real password. The beauty of the system is that if someone DOES manage to intercept the password, then they may use it to lock out the intended user, but will be stopped when the intended user tries to use it, and has it rejected. THEN the tech has the drains up to find out who's intercepting the password email. Works like a treat.
Part of my responsibility is related to information security, and as such, I have been exposed to a number of propositions related to password security. The bottom lines are that: 1. No two people should EVER share a password -passwords must be individual, otherwise they have little or no meaning. 2. Every time a password is reset, it must be a "one-shot" reset, forcing the user to change it again before he/she can use it 3. Passwords must be changed every 90 days (maximum), and there must be a certain length of time before the same password can be reused. 4. The user must be the one who is forced to change the password, and it must not be shared with anyone. 5. The support point must have the ability to reset passwords, but not to use the account once the password is reset. 6. In case of requiring urgent access to someone's individual password, that must not be made available without an explicit directive from a company officer, in writing, before the support point will reset the password and give the reset password to anyone other than the user whose password it is. 7. Passwords must at a minimum be 7 characters in length, and contain at least one alpha character, and one numeric character. If you want to piss someone off, use a password generator to create a random password whenever the password has to be renewed - people like to have a password that they have at least a chance of remembering, but this is more secure. Do that, and you'll have some level of security. Use your password vault, with shared passwords, and you might just as well not use anything.
There is a very noticable difference in penalties for crime against people versus crime against property, and it appears that to our lawmakers, enforcers and judiciary, there is more emphasis nowadays in favour of punishing people who commit crimes against property. Having said that, there is also a very flexible set of values that are placed on human lives. If you shoot some poor individual known to no-one, I can just about guarantee that the enforcers will put less effort into catching you, and the judiciary will put you behind bars for fewer years than if you manage to get to some really highly placed person, with good media coverage, and do the same thing (especially if the person involved has political connections, and is part of the currently ruling political faction in your country). Steal a couple of million dollars (while not in control of a multi-national corporation) and the chances are, you're going away for a significant stretch.
Well if those "white collar crims are very popular with a certain class of crim" statements are correct........ Oh, you mean THAT business!
"Piracy is one thing, but making a buck off of it is something else entirely" - is entirely an attitude that is just plain wrong, IMHO. I'm not personally picking on DDLKermit007, but this is a common attitude amongst people - that it is OK to pirate a copy of something for "personal use", but selling it on is somehow a no-no. Sure, I suppose we've all used "evaluation copies" at one time or another, and this, unless the evaluation copy is posted out there by the owners, is also piracy. Stupid law, but piracy (or theft, to give it its proper(ish) title). And then, when we've found that the software does what we want it to do, we go out and buy it, don't we? Well, yes and no. If it's fully working on the PC, and there are no knobbled features, and no nag ware in it, well then, what's the harm in just letting it go, and keeping on using it? It's piracy - that's what the problem is. And all because the company that owns the software doesn't make a demo version, so we "have" to get the key or the crack so that we can use the "real" version. Look fellas, even Microsoft appears to have (finally) understood that the old "try before you buy" is a good idea, and are hustling Windows Vista, Office 2007, and Good Ol' FS's latest incarnation as either feature or time limited demos. And once Vista, for instance, goes live, who can use the defence "I only cracked it so that I could try it out". Perhaps the time is coming when you'll be able to give just about any software a try before you buy, and the sooner that is a reality, the sooner the penalty that bites the real pirates will become a reality.
In late breaking news, MicroSoft (R) applies for patent on Pig-Latin, Pig_English and Pig-Ignorance. Claims that the first 2 are based heavily on the third, at which MS have been masters for many years!