If you have too much traffic to your secure servers, take a look at what they're sending. Maybe the canned images can be moved to a non-secure server
In theory, this sounds good, however, many browsers put up a warning when a web page contains mixed "secure" and "unsecure" content. (I just checked this with FireFox 2.0.0.2 with a page on my internal server; I got such a warning.)
I hope such warnings will continue to be the default. As such, the work around is either reduce the number and size of images in your web page, and/or use SSL/TSL acceleration.
Note that the proxy can only succeed at representing itself as having the expected identity because it has been configured with the private key corresponding to that certificate and its identity. In other words, no random person can set up this man-in-the-middle.
Mostly true. Be aware that in a corporate environment, the IT department can install its own SSL CA certificates into the web browsers (and other applications). Once this is done, corporate proxy can masquerade as any entity the IT department chooses - up to and including auto-generation of SSL certificates, signed, of course, with the IT department's CA certificate.
This, of course, is no surprize.
Also, I assume that applications, including web browsers, could be configured to use a central CA certificate store, therefore, simplifying the task of seeding the applications' certificate stores.
What would be worrying is if there are proxy appliances (whether actual boxes or software appliances) that can do this without the need for seeding the browser certificate store. This would be possible if, for example, the appliance contained copies of the CA certificates used by the certificate vendors.
I suppose Verisign (or other certificate issuer) could market such appliances, but wouldn't they be opening themselves up to lawsuits in the event one (or more) of their CA certificates were to "escape"?
Limiting bright kids in their development is an effective way of turning them into trouble kids.
and
These are decisions for schools to make. These are decisions for parents to make.
Having been one of those bright kids, and now a parent of an even brighter kid (and an average kid), I'm not so sure that the kids are less right than the parents or schools.
Even other bright kids I grew up with are making the same mistakes their (and my) parents did. And, if anything, the schools are treating the bright kids even worse, today, than back then. The regular school very quickly labeled my one kid "ADHD". I chose to pay the higher cost of a private school. Within a few years, a scholarship for a much better school was offered. Unlike my parents, I let my kid choose whether to accept the scholarship.
Other parents - including my own - protest that I am being unfair to my other kid. Perhaps, but I do not think so. And I fully beleive that, at least in this case, my one kid would know better than I.
The key point of the majority opinion seems to be that the law was also inteded to project minors from their own mistakes. Given that, it seems to me that if anyone should have been charged and tried, it should have been the parents of the two kids. The majority even admitted the kids clearly did not have the maturity to properly assess the risks invovled with taking, storing and transfering the pictures. As such, it would have the parents' responsability.
Technically, I am sure it is possible, however, if a non-Apple device trying to use Apple's DRM technology leaks protected content, there will be a "blame storm" resulting in a huge legal mess - especially if the leaked content was purchased from Apple's online store.
From a liability standpoint, the only way Apple can be sure the target device for the content purchased from the iTunes Store is safe is if it is an Apple device.
IANAL, but as I understand it, the creator / author / composer / artist automatically has ownership of the created work - except in the case of "works for hire", which are owned by the person / entity who commissioned the work.
As for the old, non-ratified treaty, it just sounds wrong. It seems to require that content creators surrender ownership to the distributors, rather than licensing distribution rights, as is currently done. This just seems to be a way for big media to reassert their strangle hold on the flow of content.
As for what WIPO is trying to do, while I'm sure they would like us to believe that they are trying to protect the rights of content creators who post their works from "accidentally" giving away their work, more likely, they are subscribing to the assumption that, until proven otherwise, the posters do not actually own the content they post. (And if that old treaty gets successfully revived, they won't, even if they did own it before they posted it.)
Part of me would like to think that the politicians would smell the stink in this before now, but since they effectively work for big media (and big business in general), anyway, they see no reason to care that their own content would become the poperty of said big media.
Well, there is a way to limit DVD viewing, though (cross fingers) probably not useful for burnable DVDs. A while back, someone came up with the idea of disposable DVDs as a competitor to rentals. The DVD would be made from a material that, upon exposure to air, would start to degrade. IIRC, it would take 30-40 hours to become unplayable. While still inside their packaging, they would be safe, but after opening the package, you would have a day or so to view it as much as you could manage.
If applied to burn-kiosks, customers would have to view the DVDs basically the same day as purchased.
Even if it would work, I do not think people would be willing to buy such disks from a burn-kiosk - or even burn them on their own PCs.
Linux already has a better security mechanism then DRM. It's commonly called "SE Linux" or "Security Enhanced Linux". It was originally developed at the NSA (National Security Agency), who then helped develop the LSM ( Linux Security Module) interface that was integrated into the main kernel development.
SEL provides comprehensive, fine grained access control and management. Most importantly, SEL is fully under the control of the machine's owners - *not* some external 3rd party, like Microsoft, the RIAA or the MPAA.
Any business that wants to implement this kind of control can do so, now (or could have, even 3 or more years ago), with Linux.
I was crazy enough to attempt dual degrees in CS and Electronics Engineering. Due to silly requirements and competive politics, I ended up getting more CS credits than engineering and dropped the engineering degree.
Anyway, in CS, the only large project I worked on was a C compiler, but that was really just a series of weekly homework assignments. There was no actual project oriented offering.
In EE, I got to work on 2 large projects: one was the 2nd half of the class, the other was semmester long, and involoved teams of 5 or 6 students. We did planning, requirements analysis, design and implementation.
While my profession career has been 90% software work, it was the EE program that prepared me the most for the real world.
As for co-op/internship programs, at all the clients I have worked for, the CS students I saw were treated like "gofers". This is very unfortunate, though in recent years, I can begin to understand. The students I've worked with had almost no practical skills. Oh, they could write simple programs to do calculations and sorting and such, but were totally lost in the realm of complete applications, let alone integrated systems.
The EE stufents, however, were much better prepared for realities of business.
Sure, yes, if a player converts her/his avatar's in-game resources into real world money, or accepts real world money from another person (presumably another player), taxes apply. No new laws needed.
But an avatar does not exit outside the game. The avatar is really the property of the game's owners, which is leased to a player for some period of time in exchange for some fee. (The visual appearance and/or textual description, however, might be the intellectual property of the player, depending on the terms of service for the game.)
Therefore, any in-game resources an avatar "owns" are actually owned by the game's owners.
Someone made an analogy to property taxes. What in-game services are being provided by a real world government? As best I can tell, none. Sure, the government provides infrastructure and protection for the organization(s) who own the game and/or host the game's servers, but any taxes the players might owe for such are being paid indirectly through the fees paid to the game's owners.
Granted, Linden Lab has complicated things by publishing an official exchange rate to purchase L$ using US$. But, even if they had not published a rate for purchasing L$ with US$, there would be no practical way to prevent the exchange of real world money for in-game resources, only make it hard. Players can still "sell" in-game resources privately through out-of-game means.
(I put quotes around the word, sell, because the player doesn't really own the in-game resources, though her/his avatar has (some) control over resources in her/his possession. The buyer risks loosing his real world money as the game owners have the right to take away those resources. Both players risk loosing their avatars and all in-game resources.)
I suppose a government might want to monitor in-game transactions on the assumption that transfers of resources between avatars represent parallel real world transfers of money, but trying to valuate a RW transfer by valuating an IG transfer would be very difficult. I just peeked at some in-game merchandise on slexchange. The prices bare little or no relationship to their real world counterparts. Examples: L$750 for jet-pack (to make an avatar fly) and L$1000 for a business suit. (Not saying these are unreasonable prices, just very hard to valuate.)
Avatars are not citizens of the real world. To the extent a player does not reach out from behind the curtain to "steal" an avatar's resources, those assets should not be taxable.
The Ares I also proposes a new, not yet man-rated engine: The 5 segment SRB. Maybe that could get man-rated faster than the RS-68. As for the RS-68 not being restartable, neither is the SSME. The proposed applications of either engine (in either proposal) does not require a restartable engine.
Seems to me that the Direct proposal could initially use SSMEs, then upgrade to the RS-68s, later.
Also, FWIW, the military commissioned the Titan IV as a backup to the shuttle - one of the available payload shrouds is designed to accept even the largest shuttle payload. I do not know if a Titan IV launch would be too harsh for ISS modules, but, so far, the military has not permitted civilian use. I do recall, however, that the Artemis Project had a proposal to use a pair of Titan IV launches to get the 2 halves of their spacecraft into orbit.
Secure? I think I see a potential loophole in the protocol. The client receives the server's cert directly from the server, then authenticates it using a copy of the CA cert installed in the browser.
However, in, say, an internet cafe, where the client PCs are controled by someone other than the user, the management could install their own CA cert in the browser and have a proxy server generate forged server certs to provide to the client, which will accept said forgery as the real cert because it is signed with the cafe's cert.
Even though an OSX/Linux user is unlikely to be running with root or "power user" priviledges, so can not damage the system itself (or directly affect other users of the same system), there is still room for damage. The user's files could be deleted or corrupted - including the user's personal webpages. Emails could be sent from the user's account. Malware could even schedule recuring tasks under the user's account. However, all those actions are far easier to detect and mitigate.
At leaset with OSX/Linux, you probably are not running with root or even "power user" priviledges, so the amount of damage you can do is, by default, very limited.
Some of my clients are manufacturers of electronic control devices. Nearly all of the testing machines are run by commodity PCs, either Windows or Linux - usually Windows.
Years ago, they did use purpose built computers, however, the price of PCs has plunged relative to the alternatives.
I've seen Mac's used on manufacturing lines. My guess is that the factory uses Windows because PCs are less expensive than Macs. That and the applications being run not supporting OSX (or Linux, for that matter).
Basically, what the big ISPs are trying to do is make customers pay each carrier involved.
AT&T, Verizon, et al, a;ready do this with cellular service: Your monthly fee includes (nearly) unlimited calls to other customers of your cell service provider, but you either pay per minute or a higher monthly fee to call other providers' cuomers.
Sadly, I think MSFT has the right idea in lining up with "Trusted Computers".
(at least for maintaining their market domination.)
Once you have a chipset that will only boot a trusted OS, the chipset maker than has to "bless" the OSes so they can run on it. Of course, since the whole idea of a "trusted computer" is about making the PC "safe", this opens up the chipset maker to a vastly larger realm of liability than he had before, so he's not going to bless just any OS - his insurance company won't let him.
So, how would an OS get "blessed"? One way is through extensive enough testing to pursuade both the chipset maker and his insurance company that the OS is "safe". This is a hugely expensive thing to do. And, of course, each new release of the OS would require complete retesting (plus any new tests that get added (and they will)), so the expense is ongoing.
MSFT, IBM and, maybe, Apple, Sun and Novell, could do this. (Now that Apple uses Intel chipsets, they, too, will have to get blessings.)
(Another option is to pay the chipset maker's insurance premiums. But, again, this is a hugely expensive undertaking.)
And this does not stop at the OS. The OS will have to only allow trusted applications to run. Well, it could still allow "untrusted" apps, but they would have so many restrictions they would not be able to do anything useful. So, for an app to be able to do anything useful, it will have to be blessed by the OS vendors.
Unless a huge insurance underwriter, like, for example, Lloyds, gets behind OSS in a big way, I suspect we are likely to end with with an IBM-MSFT duopoly or Apple-IBM-MSFT triopoly. (At the OS level. At the chipset level, looks like Intel might be the real winner.)
Slashdot Mirror
In theory, this sounds good, however, many browsers put up a warning when a web page contains mixed "secure" and "unsecure" content. (I just checked this with FireFox 2.0.0.2 with a page on my internal server; I got such a warning.)
I hope such warnings will continue to be the default. As such, the work around is either reduce the number and size of images in your web page, and/or use SSL/TSL acceleration.
Mostly true. Be aware that in a corporate environment, the IT department can install its own SSL CA certificates into the web browsers (and other applications). Once this is done, corporate proxy can masquerade as any entity the IT department chooses - up to and including auto-generation of SSL certificates, signed, of course, with the IT department's CA certificate.
This, of course, is no surprize.
Also, I assume that applications, including web browsers, could be configured to use a central CA certificate store, therefore, simplifying the task of seeding the applications' certificate stores.
What would be worrying is if there are proxy appliances (whether actual boxes or software appliances) that can do this without the need for seeding the browser certificate store. This would be possible if, for example, the appliance contained copies of the CA certificates used by the certificate vendors.
I suppose Verisign (or other certificate issuer) could market such appliances, but wouldn't they be opening themselves up to lawsuits in the event one (or more) of their CA certificates were to "escape"?
Limiting bright kids in their development is an effective way of turning them into trouble kids.
and
These are decisions for schools to make. These are decisions for parents to make.
Having been one of those bright kids, and now a parent of an even brighter kid (and an average kid), I'm not so sure that the kids are less right than the parents or schools.
Even other bright kids I grew up with are making the same mistakes their (and my) parents did. And, if anything, the schools are treating the bright kids even worse, today, than back then. The regular school very quickly labeled my one kid "ADHD". I chose to pay the higher cost of a private school. Within a few years, a scholarship for a much better school was offered. Unlike my parents, I let my kid choose whether to accept the scholarship.
Other parents - including my own - protest that I am being unfair to my other kid. Perhaps, but I do not think so. And I fully beleive that, at least in this case, my one kid would know better than I.
The key point of the majority opinion seems to be that the law was also inteded to project minors from their own mistakes. Given that, it seems to me that if anyone should have been charged and tried, it should have been the parents of the two kids. The majority even admitted the kids clearly did not have the maturity to properly assess the risks invovled with taking, storing and transfering the pictures. As such, it would have the parents' responsability.
Technically, I am sure it is possible, however, if a non-Apple device trying to use Apple's DRM technology leaks protected content, there will be a "blame storm" resulting in a huge legal mess - especially if the leaked content was purchased from Apple's online store.
From a liability standpoint, the only way Apple can be sure the target device for the content purchased from the iTunes Store is safe is if it is an Apple device.
IANAL, but as I understand it, the creator / author / composer / artist automatically has ownership of the created work - except in the case of "works for hire", which are owned by the person / entity who commissioned the work.
As for the old, non-ratified treaty, it just sounds wrong. It seems to require that content creators surrender ownership to the distributors, rather than licensing distribution rights, as is currently done. This just seems to be a way for big media to reassert their strangle hold on the flow of content.
As for what WIPO is trying to do, while I'm sure they would like us to believe that they are trying to protect the rights of content creators who post their works from "accidentally" giving away their work, more likely, they are subscribing to the assumption that, until proven otherwise, the posters do not actually own the content they post. (And if that old treaty gets successfully revived, they won't, even if they did own it before they posted it.)
Part of me would like to think that the politicians would smell the stink in this before now, but since they effectively work for big media (and big business in general), anyway, they see no reason to care that their own content would become the poperty of said big media.
Well, there is a way to limit DVD viewing, though (cross fingers) probably not useful for burnable DVDs. A while back, someone came up with the idea of disposable DVDs as a competitor to rentals. The DVD would be made from a material that, upon exposure to air, would start to degrade. IIRC, it would take 30-40 hours to become unplayable. While still inside their packaging, they would be safe, but after opening the package, you would have a day or so to view it as much as you could manage.
If applied to burn-kiosks, customers would have to view the DVDs basically the same day as purchased.
Even if it would work, I do not think people would be willing to buy such disks from a burn-kiosk - or even burn them on their own PCs.
Linux already has a better security mechanism then DRM. It's commonly called "SE Linux" or "Security Enhanced Linux". It was originally developed at the NSA (National Security Agency), who then helped develop the LSM ( Linux Security Module) interface that was integrated into the main kernel development.
SEL provides comprehensive, fine grained access control and management. Most importantly, SEL is fully under the control of the machine's owners - *not* some external 3rd party, like Microsoft, the RIAA or the MPAA.
Any business that wants to implement this kind of control can do so, now (or could have, even 3 or more years ago), with Linux.
I was crazy enough to attempt dual degrees in CS and Electronics Engineering. Due to silly requirements and competive politics, I ended up getting more CS credits than engineering and dropped the engineering degree. Anyway, in CS, the only large project I worked on was a C compiler, but that was really just a series of weekly homework assignments. There was no actual project oriented offering. In EE, I got to work on 2 large projects: one was the 2nd half of the class, the other was semmester long, and involoved teams of 5 or 6 students. We did planning, requirements analysis, design and implementation. While my profession career has been 90% software work, it was the EE program that prepared me the most for the real world. As for co-op/internship programs, at all the clients I have worked for, the CS students I saw were treated like "gofers". This is very unfortunate, though in recent years, I can begin to understand. The students I've worked with had almost no practical skills. Oh, they could write simple programs to do calculations and sorting and such, but were totally lost in the realm of complete applications, let alone integrated systems. The EE stufents, however, were much better prepared for realities of business.
Sure, yes, if a player converts her/his avatar's in-game resources into real world money, or accepts real world money from another person (presumably another player), taxes apply. No new laws needed.
But an avatar does not exit outside the game. The avatar is really the property of the game's owners, which is leased to a player for some period of time in exchange for some fee. (The visual appearance and/or textual description, however, might be the intellectual property of the player, depending on the terms of service for the game.)
Therefore, any in-game resources an avatar "owns" are actually owned by the game's owners.
Someone made an analogy to property taxes. What in-game services are being provided by a real world government? As best I can tell, none. Sure, the government provides infrastructure and protection for the organization(s) who own the game and/or host the game's servers, but any taxes the players might owe for such are being paid indirectly through the fees paid to the game's owners.
Granted, Linden Lab has complicated things by publishing an official exchange rate to purchase L$ using US$. But, even if they had not published a rate for purchasing L$ with US$, there would be no practical way to prevent the exchange of real world money for in-game resources, only make it hard. Players can still "sell" in-game resources privately through out-of-game means.
(I put quotes around the word, sell, because the player doesn't really own the in-game resources, though her/his avatar has (some) control over resources in her/his possession. The buyer risks loosing his real world money as the game owners have the right to take away those resources. Both players risk loosing their avatars and all in-game resources.)
I suppose a government might want to monitor in-game transactions on the assumption that transfers of resources between avatars represent parallel real world transfers of money, but trying to valuate a RW transfer by valuating an IG transfer would be very difficult. I just peeked at some in-game merchandise on slexchange. The prices bare little or no relationship to their real world counterparts. Examples: L$750 for jet-pack (to make an avatar fly) and L$1000 for a business suit. (Not saying these are unreasonable prices, just very hard to valuate.)
Avatars are not citizens of the real world. To the extent a player does not reach out from behind the curtain to "steal" an avatar's resources, those assets should not be taxable.
Seems to me that the Direct proposal could initially use SSMEs, then upgrade to the RS-68s, later.
Also, FWIW, the military commissioned the Titan IV as a backup to the shuttle - one of the available payload shrouds is designed to accept even the largest shuttle payload. I do not know if a Titan IV launch would be too harsh for ISS modules, but, so far, the military has not permitted civilian use. I do recall, however, that the Artemis Project had a proposal to use a pair of Titan IV launches to get the 2 halves of their spacecraft into orbit.
However, in, say, an internet cafe, where the client PCs are controled by someone other than the user, the management could install their own CA cert in the browser and have a proxy server generate forged server certs to provide to the client, which will accept said forgery as the real cert because it is signed with the cafe's cert.
The website http://colorfilter.wickline.org/ claims to provide representations of how websites will look to various forms of color blindness.
Even though an OSX/Linux user is unlikely to be running with root or "power user" priviledges, so can not damage the system itself (or directly affect other users of the same system), there is still room for damage. The user's files could be deleted or corrupted - including the user's personal webpages. Emails could be sent from the user's account. Malware could even schedule recuring tasks under the user's account. However, all those actions are far easier to detect and mitigate.
At leaset with OSX/Linux, you probably are not running with root or even "power user" priviledges, so the amount of damage you can do is, by default, very limited.
Some of my clients are manufacturers of electronic control devices. Nearly all of the testing machines are run by commodity PCs, either Windows or Linux - usually Windows. Years ago, they did use purpose built computers, however, the price of PCs has plunged relative to the alternatives.
Sorry to say this, but there are viruses for OSX and Linux, as well.
I've seen Mac's used on manufacturing lines. My guess is that the factory uses Windows because PCs are less expensive than Macs. That and the applications being run not supporting OSX (or Linux, for that matter).
As I recall, Microsoft took over Hotmail in a buyout, then converted the systems over to Windows.
Basically, what the big ISPs are trying to do is make customers pay each carrier involved. AT&T, Verizon, et al, a;ready do this with cellular service: Your monthly fee includes (nearly) unlimited calls to other customers of your cell service provider, but you either pay per minute or a higher monthly fee to call other providers' cuomers.
Sadly, I think MSFT has the right idea in lining up with "Trusted Computers".
(at least for maintaining their market domination.)
Once you have a chipset that will only boot a trusted OS, the chipset maker than has to "bless" the OSes so they can run on it. Of course, since the whole idea of a "trusted computer" is about making the PC "safe", this opens up the chipset maker to a vastly larger realm of liability than he had before, so he's not going to bless just any OS - his insurance company won't let him.
So, how would an OS get "blessed"? One way is through extensive enough testing to pursuade both the chipset maker and his insurance company that the OS is "safe". This is a hugely expensive thing to do. And, of course, each new release of the OS would require complete retesting (plus any new tests that get added (and they will)), so the expense is ongoing.
MSFT, IBM and, maybe, Apple, Sun and Novell, could do this. (Now that Apple uses Intel chipsets, they, too, will have to get blessings.)
(Another option is to pay the chipset maker's insurance premiums. But, again, this is a hugely expensive undertaking.)
And this does not stop at the OS. The OS will have to only allow trusted applications to run. Well, it could still allow "untrusted" apps, but they would have so many restrictions they would not be able to do anything useful. So, for an app to be able to do anything useful, it will have to be blessed by the OS vendors.
Unless a huge insurance underwriter, like, for example, Lloyds, gets behind OSS in a big way, I suspect we are likely to end with with an IBM-MSFT duopoly or Apple-IBM-MSFT triopoly. (At the OS level. At the chipset level, looks like Intel might be the real winner.)
(just my 0.02USD worth)