It's funny, there's also a reverse of the exam dream, that teachers get. I've talked to a number of teachers who have the dream that they've got to prepare an exam for a class they've forgotten about all year.
These kinds of dreams seem to be universal constants; I think they are related to the "showing up at work/school naked" dreams. Dreams where there is a sense of being completely unprepared or unable to complete a given task. I wonder what exactly our minds are trying to cross reference with those...
As funny as this is, because of exactly what the problem is, it's not going to be an issue:
The leak is in The Update Manager. If you're not running the update manager, you don't have a problem and the system won't go down. If you ARE running the Update Manager - well, it'll just automatically get the update from RedHat, won't it? Assuming that part works, anyway...
Although it is nice from a tax perspective. Here's the logic behind the way it works:
BigCo gives a Bob, an employee, stock options at $5, the current price. Bob is not taxed for this, and BigCo doesn't put the transaction on its balance sheet, because there was no real value traded. BigCo gave Bob the ability to buy shares at $5, which is what he could buy them in the market for, anyway. Hence, no income for Bob, no loss for BigCo.
Five years later, BigCo has had an enormous run-up in its stock price, and those options are now worth $50. Bob excercises his options, buying 100 shares of BigCo stock at $5 per share, or a total cost of $500. But those shares are worth $50 each, or $5000. A nice profit for Bob, to say the least; he can now sell the shares at their full market value.
According to both the IRS and standard accounting practices, this gets counted as a taxable gain for Bob (that $45 difference gets hit as income). Similarly, if BigCo had just hung onto those shares, they could've sold them themselves for $50, so BigCo gets with with a $45/share loss. A company's profit is the total revenue in minus total money lost, and that loss counts. If you end up with a total number that is negative, you don't pay taxes, since taxes are on net profits.
So, the article's contention that it becomes a "tax deduction" for the company is a bit simple - it becomes a loss for the company. This is why so many.coms like to trumpet their pro forma numbers - those usually exclude "non-cash charges" such as the non-cash loss they are forced by accounting rules to take on the hefty stock compensation they give their employees. That non-cash loss is why you can see statements like "fooco.com has lost $278 million since inception," but, if you look back through their announcements, you'll find out fooco.com has only raised $75 million. The rest is a "non-cash loss," and, frankly, given that fooco.com is losing money, anyway and not going to pay taxes for a long time, they'd probably rather just get rid of the current system. In today's media world of people looking for "dot bombs," fooco.com is likely to report a $.75/share loss (including non-cash charges) and a $.25/share pro forma loss, with analyst excpectations of a $.50/share (pro forma) loss, and have the press complain that they missed their numbers!
The fundamental logic is simple - Bob was compensated by BigCo. Bob has to pay taxes on his compensation. It doesn't make any more sense to have BigCo pay taxes on the lost money in that transaction that it would for BigCo to pay taxes on the salary it has to pay Bob.
Given that this has been hapenning a lot, lately, and causes egg-on-face syndrome to the/. crew because there are a lot of people who have nothing better to do than complain about this, how about a simple technological solution, namely:
Almost every story submission contains at least one URI, correct? Why not modify the story processing queue to let Cmdr. Taco, Hemos, etc, see a by-title list of every story which has been posted in the past month that contained that URI? Or, as a story is being submitted to the page, have an automated system look for URIs in past stories and request verification? This could be done in a way that would not take a lot of time from the processing crew, but still cactch like 90% of the duplicates.
Get a clue, folks. "I don't know" is what any competent witness says to any question that can plausibly be the answer to. A key way people (Engineering types, in particular) get in trouble on the stand is by trying to helpfully answer the other side's questions. Any question you conceivably could not know the answer to, you should answer "I don't know" to.
Not saying this is right, of course, but it's how court cases are won, and I'm sure it's second nature to someone like Velenti. Do you really think that when William Jefferson Clinton said that he didn't know whether "the insertion of an object in the genitalia of another person" counted as "sexual relations," that he really just honestly didn't have any idea? I'm sure if you find a transcript of the OJ trial, you'll find that magic phrase all over The Juice's testimony, as well. I also bet that The Unabomber doesn't say it very much - quite simply, "I don't know" is something successful litigants do whenever anyone asks them a question about anything that could even conceivably help the other side. Defendents that don't say "I don't know" tend to end up in jail, and lawyers that don't say "I don't know" don't become high ranking lawyers for the MPAA.
Mr. Valenti probably is relatively clueless on technology, but probably not as woefully clueless in general as you might suspect from transcripts of his talks. It's all just an artful dodge to fulfil the wishes of his corporate masters.
Also, there is the issue of IBM openly supporting, lets say XFS. While that might make good business sense, it would mean lots of bad PR and midshare loss.
IBM, believe it or not, is reasonably clueful on these types of issues. They recognize that thier business is selling support, not software or hardware. This is why they've done so much work on Open Source Software in the past few years. They had their own, proprietary web server, which they dumped in favor of Apache when it became clear Apache was better. You could probably buy an IBM support contract for your toaster - just as long as the bill gets paid. In fact, it wouldn't surprise me if you called up IBM right now and said, "Guys, I need to pay you to support my XFS install," if they didn't say, "Sure thing - just sign right here!"
Does this mean my local police deparment won't laugh and hang up when I call and report that script-kiddiez just erased three years of work on my system?
I had no idea any serious company could operate in such ways, and live.
This is usually the beginnings of the end. The last Unix company I remember that seriously marketed the "But, with Linux, it's all run by a bunch of grubby hackers - you don't want to trust your business to that, do you?" was SCO...and they didn't last very long after that.
Let's face it - providing for lots of money exactly what others provide for free isn't a very good business model.
But isn't this a bit of a security problem? It should take the bad guys (and the "good guys", for that matter) about ten seconds to put together a missle that uses your broadcast info to figure out where you're going and do a perfect intercept, every time.
Well, in my personal case, almost all my systems have very few services - ssh, http on some, sendmail and named on one. I think most people these days don't use the rsh commands (or I certainly HOPE not) and it would be nice if the default install didn't leave stuff like finger, talk, etc. running. You should have to turn that stuff ON (IMHO). It was, of course, my fault. Just a little frustrated by it. As I said, it was certainly easier to recover from than my LAST cracking...
Ok, they got me. My main personal mailserver/web server/MP3 server got compromised. I upgraded the system (which had 390 days of uptime, woo-hoo!) in late August to Redhat 6.2. Due to the high quality of crack I've been smoking, I FORGOT to turn off rpc in inetd.conf. Whoops! I noticed this last week and fixed it, but I'd already been gotten by the rcp.statd. Interestingly, what tipped me off was the fact that the DDOS software essentially caused a denial of service against ME. I have a DSL connection, and the DOS software flooded my network so badly I started investigating why my network performance was so slow.
I have to rant a little bit, here - Redhat, is it SO HARD to make the default install be BASICALLY SECURE? Don't turn RPC on by default, for God's sake! The first thing I have to remember to do is to remove the really obvious security holes as soon as I install!
One nice thing about this DDOS activity - now, the script kiddies want my network bandwith. Used to be they didn't know what to do when they got in. The same system was compromised three years ago while I was on vacation, and the script kiddies involved did an "rm -rf/" as root. Ouch. This time was pretty easy to clean up from, by comparison.
But, whomever pointed out that the connections of the hosts are important - absolutely. I'm sure my puny 384kbps upstream didn't cause whoever the victim was any real trouble.
Tips for people who may be having the same experience:
First, I was tipped off by the very large numbers of collisions on my hub, and the massive traffic. I'd installed a bunch of new hardware and software, and, at first, thought something was broken. Additionally, I was running mrtg against my router, and the traffic saturation broke SNMP connections, so cron kept complaining.
Once I figured out the host the traffic was coming from, I started looking around. First of all, a command representing itself as "lpsched" was running with a very low PID (like 120) and had a child process representing itself as in.telne (I believe these were actually the same program). When I killed them, the traffic ended. After some research, I realized that the attackers had installed a trojan in/usr/sbin/init (which was then changing its program name as represented in ps after execution)./usr/sbin/init was being executed by/etc/rc.d/rc.sysinit, at the end of the file (placed here very nicely with a check to make sure/etc/rc.d/rc.sysinit existed).
Interestingly, they did NOT install a rootkit - I used SHA1 hashing and some custom scripts I wrote to compare the compromised host with a clean install of RedHat 6.2. All they did was modify/etc/rc.d/rc.sysinit and install the Trojan (they may also have edited log files at the time of intrusion). rpc.statd did spew a "I'm executing this obvious buffer overflow attack" in/var/log/messages; "grep rcp.statd/var/log/*" should give you some idea if you have a problem. In the rpc buffer overlow, they echoed to/tmp/m:
9088 stream tcp nowait root/bin/sh -i
and then, executed "/usr/sbin/inetd/tmp/m", essentially giving themselves a root shell on port 9088. What they did from there I have no record of, but, obviously, they installed the Trojan and moved onto the next one.
Good luck, out there...
Close, but no cigar...
on
Lawsuits Suck
·
· Score: 1
Obviously, if Suck had moderator points, most people would've marked that flamebait. But then, if it wasn't flamebait, it wouldn't be suck...
I think they're close in their analysis, but I think they just missed on three big points.
First of all, I don't think the decisions of late have been all that bad on a fundamental level. There are two type of legal decisions we may disagree with - those that are merely upholding existing law (i.e., the mp3.com case) and those that strike at fundamental constitutional issues (i.e., the Communications Decency Act, the DeCSS case). With the notable exception of the DeCSS case, the courts have been doing the Right Thing with the net. We have thus far managed to avoid the kind of broad-based regulation that other media technologies received during their initial rises to popularity. The Communications Decency act really restored my faith in our nation's court systems - a bunch of old white guys who had never even seen a computer were still able to "get it" about the net and free speech. The DeCSS case is unfortunate, but there is a competing precedent at the Federal level, in the 9th circuit, in which Judge Patel (currently hated becuase of her Napster decision) decided very clearly in the Bernstein case, "[S]ource code...must be viewed as expressive for First Ammendment purposes, and thus is entitled to the protections of the prior restraint doctrine" (i.e., the government can't prevent you from publishing source code). Judge Patel's ruling is clearly in conflict with the recent DeCSS decision, and I'd expect the Supreme Court to take this one up.
If Patel was so cool on crypto, why doesn't she get Napster? Well, they're two different issues. The crypto issue was a fundamental freedom of speech issue, bringing up new legal arguments, attempting to determine if there was constitutional protection for a given type of speech. She found (correctly, in my view) that there is. On Napster, she is being asked to decide whether Napster is violating current copyright law by being a Vicarious Infringer. Clearly, according to the DMCA, they are. The argument about whether the DMCA should prohibit what Napster does is a complex one. My personal view is that, as long as the Constitution calls out Intellectual Property protections, something like the DMCA's Safe Harbor provisions make sense. The question of whether the Constitution aught to have IP in it at ALL is a different one, but Judge Patel has no ability to simply change the Constitution. I guess what I'm trying to get across here is that the legal system's main power [in fundamental Net issues] has to do with finding laws unconstitutional. Judge Patel is currently trying to balance the IP protections given in the Constitution with the First Ammendment. In the case of Napster, I think the current DMCA prohibitions make constitutional sense. They say, "You can't copy this stuff." In the case of DeCSS, they don't make Constitutional sense. They say "You can't make a device (or provide speech that explains in exact detail) that could copy this stuff." It's essentially the same issue Judge Patel ruled on in the Bernstein case. I'm optimistic the Supreme Court will do the Right Thing when asked to decide whether Bernstein was right or the MPAA is right. If you think the Constitution is wrong on the issue of IP, that's another point, but you need to be organizing a Constitutional Ammendment, not getting angrgy at judges who are just doing their jobs.
Secondly, the Suck article says, basically, the geeks naively think they're gonna win because they don't really understand how things work. I think personally that geeks think we're going to win because we have a fundamental faith that, if we get up and make logical arguments, that logic will overcome corporate lobbying, etc. Amazingly, I believe there is some truth to this. We do need to be eternally vigilant, and the efforts of the EFF, for example, are invaluable in leading the fight. One place we really need to be on the lookout in the future is copyright law - the big copyright holders are going to continue to lobby congress for as many prohibitions on our right to fair use as they can. And, as I said above, the Constitution calls out IP protection as one of the few things Congress can actually do something about, so we don't really have a Constitutional leg to stand on unless they do something that ridiculously violates the First Ammendment.
Finally, I think the biggest trouble we get in is uninformed legal theorizing and hair splitting. This is exactly what just hung mp3.com out to dry. They said, "This makes sense to me, the end-user isn't violating anything, let's do it." Clearly, under current copyright law, however, they made 80,000 unauthorized copies of CDs for commercial gain. You can argue if you want about whether this should be legal, but it is unquestionable right now that it is not legal, and hasn't been for 125 years. The second part, the hair-splitting, is where we read laws (or often times don't), and say things like, "Aha! It says here in the DMCA that copyright controls have to be effective, and if I can break them, they're obviously not, so we're OK!" The law, as the Suck article rightly points out, is grey shades and precedents. It's intent and "Legislative History" (what were the Congresspeople talking about when they wrote this, what did they really mean). Cases can be turned over on technicalities, but laws never are.
Moving forward, there are two areas we need to think about. The first are the fundamental, Constitutional issues. Things like source code as speech, linking, the Communications Decency Act, etc. I think that we will continue to win these, because they are pretty clearly cut in our favor. The second issue has to do with IP, and things like UCITA, and the DMCA's anti-reverse engineering provisions. These items either may be Constitutional, or there is some basic doubt about whether they are, or not. The copyright owners, as well, will continue to lobby Congress to extend their rights and reduce ours, and we'll need a solid lobbying organization to fight that.
There are challenges ahead of us, as always. But if we think about what we say, and put our money where our mouths are, I think we can win the important ones. There will be some battles we won't like the outcome of, but that's pretty well inevitable in a democracy.
This seems to be a common misconception. It is not clear that no new content would be provided in the scenario you outline. Quite the contrary. On my server, I can create new characters with new names, spin a new story and set up an entirely new game world that happens to have the same basic character classes, monsters and geography of Everquest. But that doesn't necessarily make it "leech-like;" on the server, there is could be a LOT of originality. True, once Sony/Verant stop developing the client side, there will be no new monsters, lands, characters, etc. But there could still be a very rich world with lots of new material - if the new material you're after are things like story, a plot, characters...
I recently upgraded my game machine from a PIII-350 to a PIII-800. This necessitated a new motherboard. When I rebooted after the install, Win2k crapped out. I flipped back into Linux, did some research, and discovered that you've got to reinstall Win2k when you flip motherboards.
Supposedly, this is because it's unable to find the new hard drive controller on restarts. Great feature, though.
Actually, "effectively controls access" is much less than you might think. Just becuase you can break it doesn't mean it's ineffective (Ah, don't you love the law?). From
The DMCA, Section 1201(a)(3)(B),
[A] technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment...to gain access to the work.
So, it's the "ordinary course of its operation" that is the issue. Your reverse engineering of CSS isn't in the "ordinary course of its operation" (although, perversely, if you could distribute it fast enough, you could make an argument that since everyone uses it, it's ordinary now), therefor, CSS is "effective". There is some argument that MP3's "Don't Copy Me" bit would be "effective" if the majority of players, devices and computers paid attention to it. Although I now think that such a trivial excercise as ignoring a bit wouldn't be considered an an "application of information, or a process or a treatment". But it would seem to me that ROT-13 would meet that definition.
I certainly hope the people behind the OSS Cue Cat protocol software have the intestinal fortitude to give these guys the finger and take em to court. Is there a legal defense fund, somewhere? I also hope they have the savvy to countersue for a frivolous lawsuit, defamation of character, slander, and to recover legal expenses. Would be nice to see the Sonys and Cue Cats of the world start to learn that these kinds of intimidations can cost them money, not just the goodwill of customers.
Yes, caught and revealed, but it's a lot cheaper and easier to have a live connection and prevent it to begin with, which is why they dropped the beaming support.
"Unfortunately, many in the news media are not qualified to properly report scientific/technical results."
Unfortunately, many in the news and media are not qualified to properly report their own damn grocery lists. One of the most eye-opening things to me about working in small, well-watched Silicon Valley companies has been how consistently wrong the press is, on technical issues, on business issues, on anything. Every single story I've ever read in the press where I knew the facts has had at least one siginificant error.
A lot of this comes from the awful time pressure the reporters are under. They've got deadlines, and they've got to come up with something. Making news is often the only choice (as Hearst said, "You furnish the pictures, and I'll furnish the war"), although
Elliot Carver level manipulation is obviously rare, these days. Or, if it isn't, they've gotten so good at it you don't notice.;)
The real eye-opener for me was when I was at PGP, and had only been there a few months. CNN (who has at least two twenty-four hour days to fill with content) was doing the standard story about Internet privacy - how They can find out your credit card numbers, steal your house, etc., without anyone finding out. The reporter, of course, knew nothing about it, so (via some contact or other), the producer got in touch with the product manager for PGP. The CNN crew dropped by the office, and filmed the product manager demoing PGP 5.0 for Personal Privacy (which I always thought sounded like a personal hygeine product - "Hey Mom, ever get that not-so-secure feeling?"). When the spot ran, it was essentially a 2.5 minute commercial for PGP, running in high rotation over a weekend on CNN Headline News. Incredible coverage for us, and everyone was elated. I saw, later that week, a copy of the thank-you note the product manager got from the producer. From the producer's perspective, the product manager had helped her fill a much-needed two and a half minutes. But, ever since then, whenever I see a news story, I wonder what company's marketing people got the thank-you note for it.
But, the bottom line is, reporters of all kinds are under terrible deadlines, with essentially no short-term review. Their job is to sell magazines (or newspapers or whatever). Stories about melting polar icecaps sell papers. Stories about how evidence is slowly mounting that things are gradually warming don't. As in all other things, natural selection will do its brutal work here, and the responsible, uninteresting journalist will end up doing responsible, uniniteresting (and hence unselling) work.
I find it to be so humorous whenever I see someone like the Editor in Chief of the New York Times wringing his (or her) hands about how the true awfulness of the Internet is that there are no gatekeepers, and no content filters. And, certainly, even here at/. where there is a little gatekeeping (and if you think/. doesn't have the problems I described above, your head is in the sand), a lot of what gets posted is just drivel. But, unlike on CNN, even if some large company manages to slip marketing fluff in, it tends to be caught, quickly.
What I'd really love to see happen on Slashdot is moderation of stories the same way messages get moderated. I could set my minimum threshold to "two" and miss all of the stories whose top thirty comments are all "This is such crap, don't you guys even read these things?"
And, of course, on/. as in all things, we have our own natural selection power. Should we decide that accuracy is more important than so-called objectivity (in which news reporting is dropped to the level of simply reporting what the spokesman for the Democrats said and what the spokesman for the Republicans said, because that's "objective"), we will eventually extinct those news outlets whose means of operation is to publish lurid stories.
Yes, exactly, it's a bounced check. But forcing wireless net access on the device doing the transfer prevents such a thing from ocurring - if it bounces, it'll bounce immediately. I'm sure these kinds of things are why PayPal discontinued the beaming app. It was great for most people (where the ammounts are like $5 and the guy beaming you is a good friend), but financial empires are not built on systems that depend on no one trying to be fraudulent. Not successful ones, anyway.:)
Well, at least, the second problem I described is possible - Bob could open a Pay Pal account, synch is pilot, making his pilot think he had $4000 available (or whatever the limit is). He could then spend $4000 (in fact just by paying another account he owns) without the pilot, then beam Alice money that he doesn't have. When she tries to synch, it fails.
But users, like I said, don't "own" the textures. They "license" them from Verant.
This is technically true, but there is a lot of courtroom precedent that adds up to say that, if it substantially "looks like" a purchase, it effectively is one.
This is why, for example, the EULA on MS Windows doesn't prevent you from transferring it to other people (i.e., selling the software to someone else when you're done with it). Earlier EULAs (don't know if they were necessarily from MS) had such stipulations, but the court held that, if I pay you $200 for a product that comes in a box, it's still effectively a sale, and if I want to resell it (or copy it for my own use, or whatever) it's still allowed. The user has purchased a license to those images from Verant. Under US law, he can essentially do whatever he wants with them as long as he doesn't copy them for commercial gain without the copyright owner's persmission. It would clearly not, for example, be a violation of the law to take a screen shot of your character in Everquest and make it the background of your desktop. It is arguable that it would be a violation for you to post it on your web site, however. But when it's within the four walls of your house, and doesn't leave it, you have wide latitude to do whatever you want with all of the copyrighted materials you have a license to - books, art, software, music, whatever.
I was pretty annoyed by it, too, but I think I understand why they did it.
I'm sure they had huge problems with people "sending" money and then forgetting to hotsync. I beam you $5, you think you've collected...I go home, don't hotsynch, or lose my pilot, or (maliciously) reset all the pilot info (or delete the conduit...) Not to mention that I could "beam" you $5 that my Palm thinks I have that I don't, actually. For financial systems, you need more reliability than that. By forcing the transaction to occur online, it is possible to verify account balance, etc., realtime.
Of course, I'm one of those luddite throwbacks who thinks my Palm should be one device and my mobile phone should be another. And who thinks that trying to browse the web on my teeny-tiny Nokia 8890 screen wouldn't be any fun even if Nokia were stupid enough to put in web-access. As for putting my phone in my Palm, what happens when I want to write down a phone number while I'm talking on the phone? "Ok, Six..hang on...Ok...Five...Hang on...OK, Zero...hang on..." Until I can get a bluetooth wireless earpiece to hook into my Palm, I want two devices, thank you very much.
Which is not to say I don't miss the Palm beaming, too. I'll just have to wait until the Palm VII gets as small as the Palm V (the VII is big enough I'd just leave it on my desk all the time) so I can have portable net access.
No, but the textures remain on the client. The server simply sends a packet to the client. The fact that the client then uses that to pop up the copyrighted image (which the client owner has already paid for) isn't a violation.
I think you misunderstand. They're creating an emulator, out of whole cloth. You stick your Everquest CD in your drive, today, and your client connects to Verant's servers. Yes, there is a whole world there, and presumably Verant owns copyright to it. But, what these guys are doing is, you make some modification to your client configuration, and you connect to a Ethernalquest server. This is a completely seperate server world; the code is new and the world is new. The characters and objects that exist in Verant's EQ servers do not exist in the Ethernalquest server. No code or objects have been copied, therefore there is no copyright violation.
As far as I can tell, the clearest precedent for this would be Sony's own Connectix case. It seems quite plausible to me that, under US law, the server would be protected under the same argument. Essentially, all the EthernalQuest folks have done is reverse engineer the protocol (the same way, say, Samba did SMB). Sony and Verant probably have little or no recourse against the people developing the server. There is no more a copying of the world's data than Samba copied all of Microsoft's corporate servers.
Now, there is the practical matter of the EULA. It prohibits running these servers, or playing on them. UO has a similar prohibition. Essentially their only recourse is to shut down your regular Everquest account (which shouldn't affect your ability to play the EthernalQuest version). OSI does this ocassionally to UO folks, but they don't make a habit of it. Number one, it'd be almost impossible to find out if someone is running or using such a server. But, even in cases where they have people talking about it publically, they don't usually do anything. They save it as a selective enforcement tool to have an excuse to kick off people who complain too loudly about the service.
The fact that Verant is sending cease-and-desists doesn't necessarily mean they intend to persue in court. Sending such a letter gives Verant no obligations, and costs almost nothing. So, why not do it - the coders might just roll over (or so goes Verant's thinking). I've also go some question as to who would do the suing - Sony or Verant? Verant seems to operate the service, but I think it's Sony's property.
Sony as a corporation has a real tendancy to keep running into the same wall again and again and again - Beta...MiniDisc...Memory Stick - hey guys, how about using an OPEN format for a change, maybe it'll get some acceptance... So, even though they are the precedent that seems to support the Hackersquest folks, that doesn't necessarily mean they won't just run right over that cliff, again.
For $1300 I can buy this HP thing and use it as an LPR spool from my Linux box. OR...
For nothing, I can hook the printer up to my Linux box and use my Linux box as an LPR spool.
Given that, if you already have Linux, the product is completely unneeded, maybe that is why HP decided not to bother marketing it to the Linux community.
Slashdot Mirror
These kinds of dreams seem to be universal constants; I think they are related to the "showing up at work/school naked" dreams. Dreams where there is a sense of being completely unprepared or unable to complete a given task. I wonder what exactly our minds are trying to cross reference with those...
The leak is in The Update Manager. If you're not running the update manager, you don't have a problem and the system won't go down. If you ARE running the Update Manager - well, it'll just automatically get the update from RedHat, won't it? Assuming that part works, anyway...
BigCo gives a Bob, an employee, stock options at $5, the current price. Bob is not taxed for this, and BigCo doesn't put the transaction on its balance sheet, because there was no real value traded. BigCo gave Bob the ability to buy shares at $5, which is what he could buy them in the market for, anyway. Hence, no income for Bob, no loss for BigCo.
Five years later, BigCo has had an enormous run-up in its stock price, and those options are now worth $50. Bob excercises his options, buying 100 shares of BigCo stock at $5 per share, or a total cost of $500. But those shares are worth $50 each, or $5000. A nice profit for Bob, to say the least; he can now sell the shares at their full market value.
According to both the IRS and standard accounting practices, this gets counted as a taxable gain for Bob (that $45 difference gets hit as income). Similarly, if BigCo had just hung onto those shares, they could've sold them themselves for $50, so BigCo gets with with a $45/share loss. A company's profit is the total revenue in minus total money lost, and that loss counts. If you end up with a total number that is negative, you don't pay taxes, since taxes are on net profits.
So, the article's contention that it becomes a "tax deduction" for the company is a bit simple - it becomes a loss for the company. This is why so many .coms like to trumpet their pro forma numbers - those usually exclude "non-cash charges" such as the non-cash loss they are forced by accounting rules to take on the hefty stock compensation they give their employees. That non-cash loss is why you can see statements like "fooco.com has lost $278 million since inception," but, if you look back through their announcements, you'll find out fooco.com has only raised $75 million. The rest is a "non-cash loss," and, frankly, given that fooco.com is losing money, anyway and not going to pay taxes for a long time, they'd probably rather just get rid of the current system. In today's media world of people looking for "dot bombs," fooco.com is likely to report a $.75/share loss (including non-cash charges) and a $.25/share pro forma loss, with analyst excpectations of a $.50/share (pro forma) loss, and have the press complain that they missed their numbers!
The fundamental logic is simple - Bob was compensated by BigCo. Bob has to pay taxes on his compensation. It doesn't make any more sense to have BigCo pay taxes on the lost money in that transaction that it would for BigCo to pay taxes on the salary it has to pay Bob.
Almost every story submission contains at least one URI, correct? Why not modify the story processing queue to let Cmdr. Taco, Hemos, etc, see a by-title list of every story which has been posted in the past month that contained that URI? Or, as a story is being submitted to the page, have an automated system look for URIs in past stories and request verification? This could be done in a way that would not take a lot of time from the processing crew, but still cactch like 90% of the duplicates.
Not saying this is right, of course, but it's how court cases are won, and I'm sure it's second nature to someone like Velenti. Do you really think that when William Jefferson Clinton said that he didn't know whether "the insertion of an object in the genitalia of another person" counted as "sexual relations," that he really just honestly didn't have any idea? I'm sure if you find a transcript of the OJ trial, you'll find that magic phrase all over The Juice's testimony, as well. I also bet that The Unabomber doesn't say it very much - quite simply, "I don't know" is something successful litigants do whenever anyone asks them a question about anything that could even conceivably help the other side. Defendents that don't say "I don't know" tend to end up in jail, and lawyers that don't say "I don't know" don't become high ranking lawyers for the MPAA.
Mr. Valenti probably is relatively clueless on technology, but probably not as woefully clueless in general as you might suspect from transcripts of his talks. It's all just an artful dodge to fulfil the wishes of his corporate masters.
IBM, believe it or not, is reasonably clueful on these types of issues. They recognize that thier business is selling support, not software or hardware. This is why they've done so much work on Open Source Software in the past few years. They had their own, proprietary web server, which they dumped in favor of Apache when it became clear Apache was better. You could probably buy an IBM support contract for your toaster - just as long as the bill gets paid. In fact, it wouldn't surprise me if you called up IBM right now and said, "Guys, I need to pay you to support my XFS install," if they didn't say, "Sure thing - just sign right here!"
Does this mean my local police deparment won't laugh and hang up when I call and report that script-kiddiez just erased three years of work on my system?
This is usually the beginnings of the end. The last Unix company I remember that seriously marketed the "But, with Linux, it's all run by a bunch of grubby hackers - you don't want to trust your business to that, do you?" was SCO...and they didn't last very long after that.
Let's face it - providing for lots of money exactly what others provide for free isn't a very good business model.
But isn't this a bit of a security problem? It should take the bad guys (and the "good guys", for that matter) about ten seconds to put together a missle that uses your broadcast info to figure out where you're going and do a perfect intercept, every time.
Well, in my personal case, almost all my systems have very few services - ssh, http on some, sendmail and named on one. I think most people these days don't use the rsh commands (or I certainly HOPE not) and it would be nice if the default install didn't leave stuff like finger, talk, etc. running. You should have to turn that stuff ON (IMHO). It was, of course, my fault. Just a little frustrated by it. As I said, it was certainly easier to recover from than my LAST cracking...
I have to rant a little bit, here - Redhat, is it SO HARD to make the default install be BASICALLY SECURE? Don't turn RPC on by default, for God's sake! The first thing I have to remember to do is to remove the really obvious security holes as soon as I install!
One nice thing about this DDOS activity - now, the script kiddies want my network bandwith. Used to be they didn't know what to do when they got in. The same system was compromised three years ago while I was on vacation, and the script kiddies involved did an "rm -rf /" as root. Ouch. This time was pretty easy to clean up from, by comparison.
But, whomever pointed out that the connections of the hosts are important - absolutely. I'm sure my puny 384kbps upstream didn't cause whoever the victim was any real trouble.
Tips for people who may be having the same experience:
First, I was tipped off by the very large numbers of collisions on my hub, and the massive traffic. I'd installed a bunch of new hardware and software, and, at first, thought something was broken. Additionally, I was running mrtg against my router, and the traffic saturation broke SNMP connections, so cron kept complaining.
Once I figured out the host the traffic was coming from, I started looking around. First of all, a command representing itself as "lpsched" was running with a very low PID (like 120) and had a child process representing itself as in.telne (I believe these were actually the same program). When I killed them, the traffic ended. After some research, I realized that the attackers had installed a trojan in /usr/sbin/init (which was then changing its program name as represented in ps after execution). /usr/sbin/init was being executed by /etc/rc.d/rc.sysinit, at the end of the file (placed here very nicely with a check to make sure /etc/rc.d/rc.sysinit existed).
Interestingly, they did NOT install a rootkit - I used SHA1 hashing and some custom scripts I wrote to compare the compromised host with a clean install of RedHat 6.2. All they did was modify /etc/rc.d/rc.sysinit and install the Trojan (they may also have edited log files at the time of intrusion). rpc.statd did spew a "I'm executing this obvious buffer overflow attack" in /var/log/messages; "grep rcp.statd /var/log/*" should give you some idea if you have a problem. In the rpc buffer overlow, they echoed to /tmp/m:
and then, executed "/usr/sbin/inetd
Good luck, out there...
I think they're close in their analysis, but I think they just missed on three big points.
First of all, I don't think the decisions of late have been all that bad on a fundamental level. There are two type of legal decisions we may disagree with - those that are merely upholding existing law (i.e., the mp3.com case) and those that strike at fundamental constitutional issues (i.e., the Communications Decency Act, the DeCSS case). With the notable exception of the DeCSS case, the courts have been doing the Right Thing with the net. We have thus far managed to avoid the kind of broad-based regulation that other media technologies received during their initial rises to popularity. The Communications Decency act really restored my faith in our nation's court systems - a bunch of old white guys who had never even seen a computer were still able to "get it" about the net and free speech. The DeCSS case is unfortunate, but there is a competing precedent at the Federal level, in the 9th circuit, in which Judge Patel (currently hated becuase of her Napster decision) decided very clearly in the Bernstein case, "[S]ource code...must be viewed as expressive for First Ammendment purposes, and thus is entitled to the protections of the prior restraint doctrine" (i.e., the government can't prevent you from publishing source code). Judge Patel's ruling is clearly in conflict with the recent DeCSS decision, and I'd expect the Supreme Court to take this one up.
If Patel was so cool on crypto, why doesn't she get Napster? Well, they're two different issues. The crypto issue was a fundamental freedom of speech issue, bringing up new legal arguments, attempting to determine if there was constitutional protection for a given type of speech. She found (correctly, in my view) that there is. On Napster, she is being asked to decide whether Napster is violating current copyright law by being a Vicarious Infringer. Clearly, according to the DMCA, they are. The argument about whether the DMCA should prohibit what Napster does is a complex one. My personal view is that, as long as the Constitution calls out Intellectual Property protections, something like the DMCA's Safe Harbor provisions make sense. The question of whether the Constitution aught to have IP in it at ALL is a different one, but Judge Patel has no ability to simply change the Constitution. I guess what I'm trying to get across here is that the legal system's main power [in fundamental Net issues] has to do with finding laws unconstitutional. Judge Patel is currently trying to balance the IP protections given in the Constitution with the First Ammendment. In the case of Napster, I think the current DMCA prohibitions make constitutional sense. They say, "You can't copy this stuff." In the case of DeCSS, they don't make Constitutional sense. They say "You can't make a device (or provide speech that explains in exact detail) that could copy this stuff." It's essentially the same issue Judge Patel ruled on in the Bernstein case. I'm optimistic the Supreme Court will do the Right Thing when asked to decide whether Bernstein was right or the MPAA is right. If you think the Constitution is wrong on the issue of IP, that's another point, but you need to be organizing a Constitutional Ammendment, not getting angrgy at judges who are just doing their jobs.
Secondly, the Suck article says, basically, the geeks naively think they're gonna win because they don't really understand how things work. I think personally that geeks think we're going to win because we have a fundamental faith that, if we get up and make logical arguments, that logic will overcome corporate lobbying, etc. Amazingly, I believe there is some truth to this. We do need to be eternally vigilant, and the efforts of the EFF, for example, are invaluable in leading the fight. One place we really need to be on the lookout in the future is copyright law - the big copyright holders are going to continue to lobby congress for as many prohibitions on our right to fair use as they can. And, as I said above, the Constitution calls out IP protection as one of the few things Congress can actually do something about, so we don't really have a Constitutional leg to stand on unless they do something that ridiculously violates the First Ammendment.
Finally, I think the biggest trouble we get in is uninformed legal theorizing and hair splitting. This is exactly what just hung mp3.com out to dry. They said, "This makes sense to me, the end-user isn't violating anything, let's do it." Clearly, under current copyright law, however, they made 80,000 unauthorized copies of CDs for commercial gain. You can argue if you want about whether this should be legal, but it is unquestionable right now that it is not legal, and hasn't been for 125 years. The second part, the hair-splitting, is where we read laws (or often times don't), and say things like, "Aha! It says here in the DMCA that copyright controls have to be effective, and if I can break them, they're obviously not, so we're OK!" The law, as the Suck article rightly points out, is grey shades and precedents. It's intent and "Legislative History" (what were the Congresspeople talking about when they wrote this, what did they really mean). Cases can be turned over on technicalities, but laws never are.
Moving forward, there are two areas we need to think about. The first are the fundamental, Constitutional issues. Things like source code as speech, linking, the Communications Decency Act, etc. I think that we will continue to win these, because they are pretty clearly cut in our favor. The second issue has to do with IP, and things like UCITA, and the DMCA's anti-reverse engineering provisions. These items either may be Constitutional, or there is some basic doubt about whether they are, or not. The copyright owners, as well, will continue to lobby Congress to extend their rights and reduce ours, and we'll need a solid lobbying organization to fight that.
There are challenges ahead of us, as always. But if we think about what we say, and put our money where our mouths are, I think we can win the important ones. There will be some battles we won't like the outcome of, but that's pretty well inevitable in a democracy.
This seems to be a common misconception. It is not clear that no new content would be provided in the scenario you outline. Quite the contrary. On my server, I can create new characters with new names, spin a new story and set up an entirely new game world that happens to have the same basic character classes, monsters and geography of Everquest. But that doesn't necessarily make it "leech-like;" on the server, there is could be a LOT of originality. True, once Sony/Verant stop developing the client side, there will be no new monsters, lands, characters, etc. But there could still be a very rich world with lots of new material - if the new material you're after are things like story, a plot, characters...
I recently upgraded my game machine from a PIII-350 to a PIII-800. This necessitated a new motherboard. When I rebooted after the install, Win2k crapped out. I flipped back into Linux, did some research, and discovered that you've got to reinstall Win2k when you flip motherboards.
Supposedly, this is because it's unable to find the new hard drive controller on restarts. Great feature, though.
I wasn't trying to imply that the DMCA applied here, I was just pointing out that just becuase you can break a control doesn't make it ineffective.
So, it's the "ordinary course of its operation" that is the issue. Your reverse engineering of CSS isn't in the "ordinary course of its operation" (although, perversely, if you could distribute it fast enough, you could make an argument that since everyone uses it, it's ordinary now), therefor, CSS is "effective". There is some argument that MP3's "Don't Copy Me" bit would be "effective" if the majority of players, devices and computers paid attention to it. Although I now think that such a trivial excercise as ignoring a bit wouldn't be considered an an "application of information, or a process or a treatment". But it would seem to me that ROT-13 would meet that definition.
I certainly hope the people behind the OSS Cue Cat protocol software have the intestinal fortitude to give these guys the finger and take em to court. Is there a legal defense fund, somewhere? I also hope they have the savvy to countersue for a frivolous lawsuit, defamation of character, slander, and to recover legal expenses. Would be nice to see the Sonys and Cue Cats of the world start to learn that these kinds of intimidations can cost them money, not just the goodwill of customers.
Yes, caught and revealed, but it's a lot cheaper and easier to have a live connection and prevent it to begin with, which is why they dropped the beaming support.
Unfortunately, many in the news and media are not qualified to properly report their own damn grocery lists. One of the most eye-opening things to me about working in small, well-watched Silicon Valley companies has been how consistently wrong the press is, on technical issues, on business issues, on anything. Every single story I've ever read in the press where I knew the facts has had at least one siginificant error.
A lot of this comes from the awful time pressure the reporters are under. They've got deadlines, and they've got to come up with something. Making news is often the only choice (as Hearst said, "You furnish the pictures, and I'll furnish the war"), although Elliot Carver level manipulation is obviously rare, these days. Or, if it isn't, they've gotten so good at it you don't notice. ;)
The real eye-opener for me was when I was at PGP, and had only been there a few months. CNN (who has at least two twenty-four hour days to fill with content) was doing the standard story about Internet privacy - how They can find out your credit card numbers, steal your house, etc., without anyone finding out. The reporter, of course, knew nothing about it, so (via some contact or other), the producer got in touch with the product manager for PGP. The CNN crew dropped by the office, and filmed the product manager demoing PGP 5.0 for Personal Privacy (which I always thought sounded like a personal hygeine product - "Hey Mom, ever get that not-so-secure feeling?"). When the spot ran, it was essentially a 2.5 minute commercial for PGP, running in high rotation over a weekend on CNN Headline News. Incredible coverage for us, and everyone was elated. I saw, later that week, a copy of the thank-you note the product manager got from the producer. From the producer's perspective, the product manager had helped her fill a much-needed two and a half minutes. But, ever since then, whenever I see a news story, I wonder what company's marketing people got the thank-you note for it.
But, the bottom line is, reporters of all kinds are under terrible deadlines, with essentially no short-term review. Their job is to sell magazines (or newspapers or whatever). Stories about melting polar icecaps sell papers. Stories about how evidence is slowly mounting that things are gradually warming don't. As in all other things, natural selection will do its brutal work here, and the responsible, uninteresting journalist will end up doing responsible, uniniteresting (and hence unselling) work.
I find it to be so humorous whenever I see someone like the Editor in Chief of the New York Times wringing his (or her) hands about how the true awfulness of the Internet is that there are no gatekeepers, and no content filters. And, certainly, even here at /. where there is a little gatekeeping (and if you think /. doesn't have the problems I described above, your head is in the sand), a lot of what gets posted is just drivel. But, unlike on CNN, even if some large company manages to slip marketing fluff in, it tends to be caught, quickly.
What I'd really love to see happen on Slashdot is moderation of stories the same way messages get moderated. I could set my minimum threshold to "two" and miss all of the stories whose top thirty comments are all "This is such crap, don't you guys even read these things?"
And, of course, on /. as in all things, we have our own natural selection power. Should we decide that accuracy is more important than so-called objectivity (in which news reporting is dropped to the level of simply reporting what the spokesman for the Democrats said and what the spokesman for the Republicans said, because that's "objective"), we will eventually extinct those news outlets whose means of operation is to publish lurid stories.
Yes, exactly, it's a bounced check. But forcing wireless net access on the device doing the transfer prevents such a thing from ocurring - if it bounces, it'll bounce immediately. I'm sure these kinds of things are why PayPal discontinued the beaming app. It was great for most people (where the ammounts are like $5 and the guy beaming you is a good friend), but financial empires are not built on systems that depend on no one trying to be fraudulent. Not successful ones, anyway. :)
Well, at least, the second problem I described is possible - Bob could open a Pay Pal account, synch is pilot, making his pilot think he had $4000 available (or whatever the limit is). He could then spend $4000 (in fact just by paying another account he owns) without the pilot, then beam Alice money that he doesn't have. When she tries to synch, it fails.
This is technically true, but there is a lot of courtroom precedent that adds up to say that, if it substantially "looks like" a purchase, it effectively is one.
This is why, for example, the EULA on MS Windows doesn't prevent you from transferring it to other people (i.e., selling the software to someone else when you're done with it). Earlier EULAs (don't know if they were necessarily from MS) had such stipulations, but the court held that, if I pay you $200 for a product that comes in a box, it's still effectively a sale, and if I want to resell it (or copy it for my own use, or whatever) it's still allowed. The user has purchased a license to those images from Verant. Under US law, he can essentially do whatever he wants with them as long as he doesn't copy them for commercial gain without the copyright owner's persmission. It would clearly not, for example, be a violation of the law to take a screen shot of your character in Everquest and make it the background of your desktop. It is arguable that it would be a violation for you to post it on your web site, however. But when it's within the four walls of your house, and doesn't leave it, you have wide latitude to do whatever you want with all of the copyrighted materials you have a license to - books, art, software, music, whatever.
I'm sure they had huge problems with people "sending" money and then forgetting to hotsync. I beam you $5, you think you've collected...I go home, don't hotsynch, or lose my pilot, or (maliciously) reset all the pilot info (or delete the conduit...) Not to mention that I could "beam" you $5 that my Palm thinks I have that I don't, actually. For financial systems, you need more reliability than that. By forcing the transaction to occur online, it is possible to verify account balance, etc., realtime.
Of course, I'm one of those luddite throwbacks who thinks my Palm should be one device and my mobile phone should be another. And who thinks that trying to browse the web on my teeny-tiny Nokia 8890 screen wouldn't be any fun even if Nokia were stupid enough to put in web-access. As for putting my phone in my Palm, what happens when I want to write down a phone number while I'm talking on the phone? "Ok, Six..hang on...Ok...Five...Hang on...OK, Zero...hang on..." Until I can get a bluetooth wireless earpiece to hook into my Palm, I want two devices, thank you very much.
Which is not to say I don't miss the Palm beaming, too. I'll just have to wait until the Palm VII gets as small as the Palm V (the VII is big enough I'd just leave it on my desk all the time) so I can have portable net access.
No, but the textures remain on the client. The server simply sends a packet to the client. The fact that the client then uses that to pop up the copyrighted image (which the client owner has already paid for) isn't a violation.
As far as I can tell, the clearest precedent for this would be Sony's own Connectix case. It seems quite plausible to me that, under US law, the server would be protected under the same argument. Essentially, all the EthernalQuest folks have done is reverse engineer the protocol (the same way, say, Samba did SMB). Sony and Verant probably have little or no recourse against the people developing the server. There is no more a copying of the world's data than Samba copied all of Microsoft's corporate servers.
Now, there is the practical matter of the EULA. It prohibits running these servers, or playing on them. UO has a similar prohibition. Essentially their only recourse is to shut down your regular Everquest account (which shouldn't affect your ability to play the EthernalQuest version). OSI does this ocassionally to UO folks, but they don't make a habit of it. Number one, it'd be almost impossible to find out if someone is running or using such a server. But, even in cases where they have people talking about it publically, they don't usually do anything. They save it as a selective enforcement tool to have an excuse to kick off people who complain too loudly about the service.
The fact that Verant is sending cease-and-desists doesn't necessarily mean they intend to persue in court. Sending such a letter gives Verant no obligations, and costs almost nothing. So, why not do it - the coders might just roll over (or so goes Verant's thinking). I've also go some question as to who would do the suing - Sony or Verant? Verant seems to operate the service, but I think it's Sony's property.
Sony as a corporation has a real tendancy to keep running into the same wall again and again and again - Beta...MiniDisc...Memory Stick - hey guys, how about using an OPEN format for a change, maybe it'll get some acceptance... So, even though they are the precedent that seems to support the Hackersquest folks, that doesn't necessarily mean they won't just run right over that cliff, again.
For $1300 I can buy this HP thing and use it as an LPR spool from my Linux box. OR...
For nothing, I can hook the printer up to my Linux box and use my Linux box as an LPR spool.
Given that, if you already have Linux, the product is completely unneeded, maybe that is why HP decided not to bother marketing it to the Linux community.