Which is why an exemption that specifically allows you the right to back up your own CDs and move them onto whatever devices you own can trump your argument. If law enforcement is such that it is not illegal for me to do day-to-day activities on my computer with media I've legally acquired, then shutting down public trackers that make almost exclusively copyrighted material available is a possibity.
I don't have a problem with this scenario. The exemptions provided to the DMCA today allow me to enjoy my media within the bounds of the law, using whatever devices I desire. I don't buy the "information wants to be free" argument. It is merely an excuse for those who don't want to pay for anything, regardless of how much work was put into its creation. As a software developer who expects to somehow make a living writing code, it would be quite hypocritical for me to support a system which allows every creative work to be spread around the globe after a single person pays for it. Sure, there are people who want their creations spread on these terms, but we should respect those who don't, regardless of how badly they misbehave when their business model is threatened.
For me, supporting piracy has been about freedom, not money. It is true that the widespread adoption of the Internet throughout the world has changed many things, most notably the reduction in effort to create and distribute a copy. In an attempt to protect their business model, the MAFIAA has attempted to dictate their terms on how we may enjoy media in the digital age. No question that this is wrong, because it has made criminals of many people who are not criminals. People's rights have been trodden on while lawyers engage in a campaign of fear and misinformation. But, when supporting civil disobedience in protest against legal oppression, one must be willing to change one's stance when the change sought has been achieved, or at least solid progress has been made.
I admit, I have no reason to think that the American government will act in good faith. The track record of those who lobby for copyright reform is one of deception and fear. On the other hand, if all parties are willing to deescalate the fight, then perhaps rational minds will prevail once again. I, for one, am willing to give peace a chance. It's been a decade since the war on piracy began, and today is the most progress I've ever seen. I'm looking forward to a future where public concerns are granted equal weight to lobbyist's desires, despite the fact that the public concerns are rarely accompanied by a large brown envelope stuffed with cash.
This is the first time since the DMCA has been introduced that any compromise has been offered. There are specific exemptions for fair use things like educational use and security testing should cover most of the issues that people have while still making it possible to go after those who distribute in public forums. Of course, since it's a compromise, us piratey types would have to make a couple of concessions too:
that actively identifying and prosecuting those who distribute on the Internet will remain the deterrent for such activities, and;
that participation in a torrent whose purpose is to distribute a copyrighted work will leave you liable for damages. Since it is now legal to circumvent CSS for certain educational/non-commercial uses, it is expected that any such fair use claim would require at least temporary possession of the master copy.
These concessions seem pretty reasonable to me, provided that no effort is made to make the exemptions moot. My arguments justifying piracy on philosophical grounds do not hold up if the US government adheres to these exceptions in good faith. Under these new conditions, I do not feel unnecessarily limited in my use of a copyrighted work, and I hope that others would feel the same way. I admit that there are still some smaller issues to deal with, most notably things like eFuse which would not allow users to exercise their rights under the new exceptions. However, overall, this is much better than the DMCA as it was originally introduced.
There's just not any growth left in MS's core competencies, and at least they're trying new stuff, even if the results are pretty embarrassing most of the time.
That's just it - there's plenty of growth left in MS's core competencies. A.NET development shop costs a fortune, mostly paid to Microsoft and its business partners. And, according to TFA, Microsoft has doubled its assets since Balmer took the lead. The major problem is that this growth is not translating into share price, which leads one to wonder why. Employees, whose compensation is partially in the form of Microsoft stock are starting to get pissed off, but for some reason the board of directors (who should have incentive to increase share price as well) still support him.
Does a theme, rather than simply calling a WP function, incorporate actual code from WordPress?
Due to the nature of PHP, yes. The PHP interpreter could not interpret the theme in the absence of WordPress code. It is incorporated in the most explicit manner. The argument that you can apply this same logic to the Linux operating system specifically is not valid, since it is possible to create a stand-alone binary that contains no GPL code. The execution of this binary would never incorporate GPL code; it would only use a system built from GPL code. To prove this, take the non-GPL binary and run it on a commercial UNIX box (there are plenty that provide Linux ELF support). Conversely, take the WordPress theme and run it on an application server that does not have the WordPress source available to it.
Sure, we're splitting hairs here, but the whole point of the GPL is to protect the intended non-commercial nature of the original project. WordPress was a development given to the public domain in a spirit of community. The creator should not stand by and watch as someone else gets rich from his hard work.
Clearly someone needs to write a competing system with the same APIs and blow their argument clear out of the water.
Sure, as long as they don't read the WP code first. Then you could legitimately claim that the template calls non-GPL code. For now, however, it does, and there is no alternative. It's a GPL violation as it stands.
A friend of mine thinks that GPS'es need an "avoid ghetto" option. I told her that's a great idea in theory but it would preclude anyone who lives in our town from returning home;)
More specifically, a "find detour" option. It'd be great to override Google's route-calculation by telling it that a particular part of the route is not possible.
And, once again, the magic of the computer knowing what is actually in the image is accomplished by combing through huge databases of similar images and gleaning human-inputted tags. What could possibly go wrong?
3) Where is it possible to access the data?
4) Is it feasible to monitor and log accesses to the data?
If the answer to 3) is "anywhere" and 4) is "no", there is a case for a strong password. In these cases, it may be necessary to take advantage of password memory features in either your smartphone or web browser. In this case, a strong password would protect against constant phishing, while still being useable. The fact that I don't actually remember my password is balanced by the fact that the password is only remembered in a physically secure location. Password recovery in the case that you need it could be accomplished via a token-based password reset using a callback scheme (e.g. email or SMS). You would have to break into my house or steal my phone to be able to access those accounts. Admittedly, this may be a concern depending on the value of the data; but I would change the answers to 3) and 4) in this case.
This is why "ontologies" have become synonymous with fail.
So you're saying that Google bought a failure to save the rest of the world from it? It's the "tons of human labor" part that becomes the issue; it's bad enough trying to teach a human about semantics, let alone a pedantic automaton. Wake me up when an AI can disambiguate without me spending 45 minutes explaining the basics of English language.
The best reference yet. I was just thinking about how technology reporting and reviewing has become a propaganda battle. So maybe the iPhone issue isn't as big as it's made out to be, but Jobs has been so disingenuous with his public relations, one has to wonder if he has something to hide. Of course, there are many other smartphone companies that benefit from the whole problem being hyped too. It is getting far too difficult to separate the politics from the technology.
Actually, the ideal would be to tune the timing to infer to the attacker something utterly unlike the actual password, and if someone sends in the password you are inferring by your timing you are now aware that a time-based attack is underway, and you can stop trying to check passwords sent by that connection entirely - just keep replying "access denied" with the delay continuing to infer the same key. Puts a lot less load on your system, and keeps the attacker busy and armed with lots of incorrect information.
Now that's just spiteful! Remind me never to piss you off...
True, but the basis of the vulnerability is the same: do not provide timing indications of success/failure if its possible to cycle and record to deduce the password. I'm not saying it's not possible to invent a login mechanism that doesn't have this particular vulnerability, just that it's not something even security-concious people immediately think of.
This reminds me of a similar flaw in Apache HTTPS a while back. It takes considerable timing resolution (i.e. not remote) to accomplish, but the problematic construct looks something like this:
if (!md5match) {
return FAIL;
} else {// do something long and complicated
return SUCCESS;
}
Basically, by using enough attacks and cycling through the bits of the calculated hash, you can determine which bits are and aren't in the private key. It takes some time to accomplish, and the network latency must be very low, but it is possible.
Your "spewing buzzwords" might as well be someone talking about technology way over your head and you're missing out on a great hacker.
Which is why it's stupid for people to believe that they can start a web business without even a basic understanding of the technology involved. Keep in mind, too, that my response was mostly tongue-in-cheek, though it's not always easy to tell with me any more.
Generally I would have an interview with the applicants that seemed most qualified. It's the easiest way to see if someone is padding their resume or generally bullshitting. When the vacant look comes into their eyes as they spew forth buzzwords in answer to your technical questions, you know you've got a loser. If you can't separate the liars from the nerds in an interview, you have a real problem.
Also: do you need this person long-term? If not, I'd advise a contract with the person that uses more Agile methodologies, thus requiring more feedback from the developer, and less time between releases so you can see work being done. If the work starts to suck, at most you're out four weeks work, and you have everything from previous releases to give to a different developer. If you think you might want them long-term, perhaps a 6-12 month contract period as probation might be a good way to safely evaluate their work before committing to an expensive, long-term employment relationship.
Overall, I'd not worry so much about specific technologies. Zero exposure to LAMP would be bad, but a younger person who's willing to learn is cheaper and has something to prove. Just make sure your production environment is well-shielded from mistakes, and try to enforce some discipline on a younger developer. A more experienced developer will be well aware of the dev/test/prod environment, and generally make less mistakes, so the turn-around time will be less. However, experienced developers typically favor one technology over another based on their experience, so it might be harder to teach them new tricks, so to speak.
It worked for him; the cheque from him was worth far more than the value printed on it. I think that offering rewards for disclosure can only lead to better code. Microsoft hasn't yet implemented this method as they would rapidly go broke.
Don't forget the tens of thousands of media hungry, 1337 skilled and most importantly, CYNICAL, 30-somethings who have been through all of this before.
Unfortunately I think that within the last 15 years I have seen this behavior worsen significantly, as the Internet has made it possible for people to interact exclusively with those who share their delusions, no matter how inane and obscure.
What buttons do I have to click to get my free patches? Oh that's right, they don't supply patches for free anymore.
When did they ever? Yes, Oracle is selling Solaris support. So what? If you need Solaris, then you should be willing to pay for it. If not, Oracle supports Linux as well. The Oracle bashing has gotten to be a bit much. Sun would have been dead one way or another; they're lucky someone with cash decided to trawl through all of it and decide some of it was worth keeping. It's unfortunate to see an open community die like this, but if it can't survive without Oracle, then there probably weren't many people there to begin with.
While I suppose it could be colossal incompetence, I posit that the system is purposefully set up to steal money owed to artists.
It is a little bit of both, I'd say. Human error exists, and thus can be used as a defence against a single incident. Delegating to someone who is incompetent has the desired result without actually resorting to the action oneself. Of course, this is still highly unethical if you are aware that the person to whom you are delegating is incompetent, and that the organization is not likely to replace them with somebody competent.
No, an individual card issuer does not have any responsibility, nor should they. It is the responsibility of the financial network to mandate minimum security requirements of each card issuer, and all terminals under their control. (e.g. Interac, Cirrus, Visa). It is only the card issuer's responsibility to adhere to the policy set out by their network.
And so what if they do? If 50 kids flap their lives away on Facebook for every one whose closed world is blown open by access to the Internet, that's okay with me. The 50 get an education in consumer mass-media and the 1 gets the opportunity grow up and out in a hurry.
That's a very narrow-minded view. Those 50 kids will eventually grow up and need jobs. These days, that seems to be accomplished by lowering the requirements and expectations to the point where those 50 kids can actually do something productive for a living. I would not want to be the 1 who actually did something in school, as I'd be vastly overqualified for every job on the planet.
but quite frankly that's going to be delayed for as long as possible precisely because we don't see a huge amount of value in Internet access for kids in elementary school, and "requirements" that homework be "e-mailed" in isn't going to change that.
Without question the best idea here. I didn't have Internet when I was in school, and so spent most of my time on much more fruitful endeavours. I, too, fail to see the value in providing external network access to children. They should learn about the Internet from their parents; school is a place to learn.
Slashdot Mirror
Which is why an exemption that specifically allows you the right to back up your own CDs and move them onto whatever devices you own can trump your argument. If law enforcement is such that it is not illegal for me to do day-to-day activities on my computer with media I've legally acquired, then shutting down public trackers that make almost exclusively copyrighted material available is a possibity.
I don't have a problem with this scenario. The exemptions provided to the DMCA today allow me to enjoy my media within the bounds of the law, using whatever devices I desire. I don't buy the "information wants to be free" argument. It is merely an excuse for those who don't want to pay for anything, regardless of how much work was put into its creation. As a software developer who expects to somehow make a living writing code, it would be quite hypocritical for me to support a system which allows every creative work to be spread around the globe after a single person pays for it. Sure, there are people who want their creations spread on these terms, but we should respect those who don't, regardless of how badly they misbehave when their business model is threatened.
For me, supporting piracy has been about freedom, not money. It is true that the widespread adoption of the Internet throughout the world has changed many things, most notably the reduction in effort to create and distribute a copy. In an attempt to protect their business model, the MAFIAA has attempted to dictate their terms on how we may enjoy media in the digital age. No question that this is wrong, because it has made criminals of many people who are not criminals. People's rights have been trodden on while lawyers engage in a campaign of fear and misinformation. But, when supporting civil disobedience in protest against legal oppression, one must be willing to change one's stance when the change sought has been achieved, or at least solid progress has been made.
I admit, I have no reason to think that the American government will act in good faith. The track record of those who lobby for copyright reform is one of deception and fear. On the other hand, if all parties are willing to deescalate the fight, then perhaps rational minds will prevail once again. I, for one, am willing to give peace a chance. It's been a decade since the war on piracy began, and today is the most progress I've ever seen. I'm looking forward to a future where public concerns are granted equal weight to lobbyist's desires, despite the fact that the public concerns are rarely accompanied by a large brown envelope stuffed with cash.
This is the first time since the DMCA has been introduced that any compromise has been offered. There are specific exemptions for fair use things like educational use and security testing should cover most of the issues that people have while still making it possible to go after those who distribute in public forums. Of course, since it's a compromise, us piratey types would have to make a couple of concessions too:
These concessions seem pretty reasonable to me, provided that no effort is made to make the exemptions moot. My arguments justifying piracy on philosophical grounds do not hold up if the US government adheres to these exceptions in good faith. Under these new conditions, I do not feel unnecessarily limited in my use of a copyrighted work, and I hope that others would feel the same way. I admit that there are still some smaller issues to deal with, most notably things like eFuse which would not allow users to exercise their rights under the new exceptions. However, overall, this is much better than the DMCA as it was originally introduced.
There's just not any growth left in MS's core competencies, and at least they're trying new stuff, even if the results are pretty embarrassing most of the time.
That's just it - there's plenty of growth left in MS's core competencies. A .NET development shop costs a fortune, mostly paid to Microsoft and its business partners. And, according to TFA, Microsoft has doubled its assets since Balmer took the lead. The major problem is that this growth is not translating into share price, which leads one to wonder why. Employees, whose compensation is partially in the form of Microsoft stock are starting to get pissed off, but for some reason the board of directors (who should have incentive to increase share price as well) still support him.
From the lawyer referenced by your link:
Does a theme, rather than simply calling a WP function, incorporate actual code from WordPress?
Due to the nature of PHP, yes. The PHP interpreter could not interpret the theme in the absence of WordPress code. It is incorporated in the most explicit manner. The argument that you can apply this same logic to the Linux operating system specifically is not valid, since it is possible to create a stand-alone binary that contains no GPL code. The execution of this binary would never incorporate GPL code; it would only use a system built from GPL code. To prove this, take the non-GPL binary and run it on a commercial UNIX box (there are plenty that provide Linux ELF support). Conversely, take the WordPress theme and run it on an application server that does not have the WordPress source available to it.
Sure, we're splitting hairs here, but the whole point of the GPL is to protect the intended non-commercial nature of the original project. WordPress was a development given to the public domain in a spirit of community. The creator should not stand by and watch as someone else gets rich from his hard work.
Clearly someone needs to write a competing system with the same APIs and blow their argument clear out of the water.
Sure, as long as they don't read the WP code first. Then you could legitimately claim that the template calls non-GPL code. For now, however, it does, and there is no alternative. It's a GPL violation as it stands.
A friend of mine thinks that GPS'es need an "avoid ghetto" option. I told her that's a great idea in theory but it would preclude anyone who lives in our town from returning home ;)
More specifically, a "find detour" option. It'd be great to override Google's route-calculation by telling it that a particular part of the route is not possible.
And, once again, the magic of the computer knowing what is actually in the image is accomplished by combing through huge databases of similar images and gleaning human-inputted tags. What could possibly go wrong?
i386 protected mode OS
ext2/3
emacs
Perl, Python and others
decss
bayesian spam filtering
eclipse
To name a few more. Proprietary is not necessarily first, just the first to try and make profit from the project.
I would also add:
3) Where is it possible to access the data?
4) Is it feasible to monitor and log accesses to the data?
If the answer to 3) is "anywhere" and 4) is "no", there is a case for a strong password. In these cases, it may be necessary to take advantage of password memory features in either your smartphone or web browser. In this case, a strong password would protect against constant phishing, while still being useable. The fact that I don't actually remember my password is balanced by the fact that the password is only remembered in a physically secure location. Password recovery in the case that you need it could be accomplished via a token-based password reset using a callback scheme (e.g. email or SMS). You would have to break into my house or steal my phone to be able to access those accounts. Admittedly, this may be a concern depending on the value of the data; but I would change the answers to 3) and 4) in this case.
This is why "ontologies" have become synonymous with fail.
So you're saying that Google bought a failure to save the rest of the world from it? It's the "tons of human labor" part that becomes the issue; it's bad enough trying to teach a human about semantics, let alone a pedantic automaton. Wake me up when an AI can disambiguate without me spending 45 minutes explaining the basics of English language.
techo-Goebbles
The best reference yet. I was just thinking about how technology reporting and reviewing has become a propaganda battle. So maybe the iPhone issue isn't as big as it's made out to be, but Jobs has been so disingenuous with his public relations, one has to wonder if he has something to hide. Of course, there are many other smartphone companies that benefit from the whole problem being hyped too. It is getting far too difficult to separate the politics from the technology.
Actually, the ideal would be to tune the timing to infer to the attacker something utterly unlike the actual password, and if someone sends in the password you are inferring by your timing you are now aware that a time-based attack is underway, and you can stop trying to check passwords sent by that connection entirely - just keep replying "access denied" with the delay continuing to infer the same key. Puts a lot less load on your system, and keeps the attacker busy and armed with lots of incorrect information.
Now that's just spiteful! Remind me never to piss you off...
True, but the basis of the vulnerability is the same: do not provide timing indications of success/failure if its possible to cycle and record to deduce the password. I'm not saying it's not possible to invent a login mechanism that doesn't have this particular vulnerability, just that it's not something even security-concious people immediately think of.
This reminds me of a similar flaw in Apache HTTPS a while back. It takes considerable timing resolution (i.e. not remote) to accomplish, but the problematic construct looks something like this:
if (!md5match) { return FAIL; } else { // do something long and complicated
return SUCCESS;
}
Basically, by using enough attacks and cycling through the bits of the calculated hash, you can determine which bits are and aren't in the private key. It takes some time to accomplish, and the network latency must be very low, but it is possible.
Your "spewing buzzwords" might as well be someone talking about technology way over your head and you're missing out on a great hacker.
Which is why it's stupid for people to believe that they can start a web business without even a basic understanding of the technology involved. Keep in mind, too, that my response was mostly tongue-in-cheek, though it's not always easy to tell with me any more.
Generally I would have an interview with the applicants that seemed most qualified. It's the easiest way to see if someone is padding their resume or generally bullshitting. When the vacant look comes into their eyes as they spew forth buzzwords in answer to your technical questions, you know you've got a loser. If you can't separate the liars from the nerds in an interview, you have a real problem.
Also: do you need this person long-term? If not, I'd advise a contract with the person that uses more Agile methodologies, thus requiring more feedback from the developer, and less time between releases so you can see work being done. If the work starts to suck, at most you're out four weeks work, and you have everything from previous releases to give to a different developer. If you think you might want them long-term, perhaps a 6-12 month contract period as probation might be a good way to safely evaluate their work before committing to an expensive, long-term employment relationship.
Overall, I'd not worry so much about specific technologies. Zero exposure to LAMP would be bad, but a younger person who's willing to learn is cheaper and has something to prove. Just make sure your production environment is well-shielded from mistakes, and try to enforce some discipline on a younger developer. A more experienced developer will be well aware of the dev/test/prod environment, and generally make less mistakes, so the turn-around time will be less. However, experienced developers typically favor one technology over another based on their experience, so it might be harder to teach them new tricks, so to speak.
It worked for him; the cheque from him was worth far more than the value printed on it. I think that offering rewards for disclosure can only lead to better code. Microsoft hasn't yet implemented this method as they would rapidly go broke.
Don't forget the tens of thousands of media hungry, 1337 skilled and most importantly, CYNICAL, 30-somethings who have been through all of this before.
Unfortunately I think that within the last 15 years I have seen this behavior worsen significantly, as the Internet has made it possible for people to interact exclusively with those who share their delusions, no matter how inane and obscure.
You must be new here :D
What buttons do I have to click to get my free patches? Oh that's right, they don't supply patches for free anymore.
When did they ever? Yes, Oracle is selling Solaris support. So what? If you need Solaris, then you should be willing to pay for it. If not, Oracle supports Linux as well. The Oracle bashing has gotten to be a bit much. Sun would have been dead one way or another; they're lucky someone with cash decided to trawl through all of it and decide some of it was worth keeping. It's unfortunate to see an open community die like this, but if it can't survive without Oracle, then there probably weren't many people there to begin with.
While I suppose it could be colossal incompetence, I posit that the system is purposefully set up to steal money owed to artists.
It is a little bit of both, I'd say. Human error exists, and thus can be used as a defence against a single incident. Delegating to someone who is incompetent has the desired result without actually resorting to the action oneself. Of course, this is still highly unethical if you are aware that the person to whom you are delegating is incompetent, and that the organization is not likely to replace them with somebody competent.
No, an individual card issuer does not have any responsibility, nor should they. It is the responsibility of the financial network to mandate minimum security requirements of each card issuer, and all terminals under their control. (e.g. Interac, Cirrus, Visa). It is only the card issuer's responsibility to adhere to the policy set out by their network.
And so what if they do? If 50 kids flap their lives away on Facebook for every one whose closed world is blown open by access to the Internet, that's okay with me. The 50 get an education in consumer mass-media and the 1 gets the opportunity grow up and out in a hurry.
That's a very narrow-minded view. Those 50 kids will eventually grow up and need jobs. These days, that seems to be accomplished by lowering the requirements and expectations to the point where those 50 kids can actually do something productive for a living. I would not want to be the 1 who actually did something in school, as I'd be vastly overqualified for every job on the planet.
but quite frankly that's going to be delayed for as long as possible precisely because we don't see a huge amount of value in Internet access for kids in elementary school, and "requirements" that homework be "e-mailed" in isn't going to change that.
Without question the best idea here. I didn't have Internet when I was in school, and so spent most of my time on much more fruitful endeavours. I, too, fail to see the value in providing external network access to children. They should learn about the Internet from their parents; school is a place to learn.
Why is this not modded insightful?