- most backup software is designed to deal with tape libraries, not so much with shuffling B2D media around
- most archive companies are built around storing tapes; though I suspect there are ones which could deal with hard disks in external caddies
- tapes deal with stress from being transported continuously better than mechanical drives (also wear and tear of plugging and unplugging the interfaces all the time)
- I think unused tapes age better than unused hard disks, but I've nothing to back that up
Bandwidth to the tape drive itself rarely seems to be an issue for actual backups, since network and file I/O latency seem to be more significant issues. We never get anywhere near the maximum speed out of our LTO-4 drive, even when we're just duplicating data from the local array to the tape.
I don't know of any phones that authenticate over USB, as most phones operate as USB mass storage devices which I don't think has any provision for that kind of thing. So, it's as you say: the unlock code has nothing to do with the connectivity, it's simply a matter that the phone will not expose its storage via USB if it's currently locked. This isn't too severe a limitation, since if you're able to plug a USB cable into the phone then you obviously have physical access to the device and can unlock it from the keypad.
Most phones can be configured to automatically lock after a certain amount of time. For example, my phone is set to lock after 5 minutes at which point you'll need to enter the PIN in order to access it. You can also configure it to never automatically lock and therefore you can manually tell it to lock when it suits you. So the answer to your big question is "it depends how the user has configured it".
As mentioned before, while it's locked you can't access the memory through USB. It's not exactly bullet-proof security, but it's enough to deter the casual attacker. It's very likely my phone (and others) have an override code or reset facility that could be used to gain access to the phone even if it's locked, possibly at the expense of wiping all settings (but it'll likely retain at least some user data).
Of course the issue with the iPhone is actually that at bootup it doesn't respect the lock code - so it works as expected while it's powered on, but if someone switches it off, and then connects to it via USB and powers it on they can access it. I'm not sure if it's possible to turn the iPhone off while it's locked though (doesn't it require confirmation?). However, this does violate the assumption that a powered-off PIN-locked phone is secure.
Can't speak to Blackberries and such, but on my Symbian-based phone (Samsung i8510) if I connect it to USB while it's PIN-locked all it does is recharge. I did this on my work PC while watching/var/log/dmesg and all it registered was a USB HUB being connected. No access to the phone memory at all. After I entered the PIN, the phone's internal storage and the SD card I have in were suddenly available.
Of course, if you have physical access to my phone you can pull out the SD card, which doesn't have any protection at all. But it's mostly just music on that, I think all my "private" information is on the internal memory and/or the SIM (which I also have a PIN on).
Yes I think it's a subscriber plum. If I go to any of the https slashdots while logged in it remains on SSL, if I'm not logged in then I get redirected to the non-SSL site.
Yes... I think that's reasonable. The wronged party sues Best Buy (who committed the infringement), who then sues their supplier -- presumably they have a contract in place which makes their supplier liable if the goods they're providing Best Buy can't be legally sold by Best Buy. That might go back a few levels as well, if the supplier is themselves a middleman.
Presumably in an actual situation, lawyers for the wronged party would talk to the lawyers for Best Buy, who would show them the relevant parts of the contract which absolve Best Buy from any liability, and the wronged party's lawyers would move on to sue the original supplier directly (possibly with Best Buy's assistance). But IANAL and it may be the case that BB would settle the claims directly with the wronged party, and then go after their suppliers separately.
The reason there's no lawsuit is because it's not the most productive thing for the FSF to do. You aren't obliged to immediately file suit against everyone who violates your copyright, it's just an option you have. They see their best strategy here is to try to come to some kind of agreement that can see Free Software being distributed through one of the world's most popular distribution services. Definitely seems a smarter play than to immediately get out the stick. After all, the best the FSF could hope for from a lawsuit would be having the software pulled, maybe receiving money in damages (questionable), and Apple being extra-special-careful to never allow anything that was derived from GPL to enter their store again.
That's likely to be the end game here; the FSF probably has more to gain by having the GPL legitimatised by Apple than Apple has to gain from having GPL'd software on iTunes. But it certainly makes sense for the FSF to try first.
It's similar to the theory that people surfing [legit] porn through tor are doing the people who actually need the anonymity a favour: if the only things that are encrypted are things that are sensitive, then it becomes easier to target interesting sites. If everything is encrypted, then you have to decrypt everything in order to find out what bits are interesting. And that's a much harder nut to crack.
/. has supported SSL for a long time. I think it may have been a plumb for subscribers when I first subscribed, but it doesn't seem to be listed on the FAQ so maybe not.
Firstly the filter isn't implemented yet; the current proposed plan will do the filtering at the ISP-level, i.e. you won't be able to bypass it from your home connection (aside from by using a VPN or getting your kiddie porn through anything other than unencrypted HTTP on port 80).
I'm still hopeful the filter will be dropped. It doesn't seem to have much support, especially if the audience at least week's Q&A is anything to go by.
Not sure exactly why this qualifies as "news", although I suppose it's quite plausible that a government-backed national broadband network would require a particular device and/or OS in order to access. So I suppose the news here is that a government hasn't made a mind-boggingly poor technical decision.
You can still get the data if you happen to be using the wireless network at the time they come past.
But really, the issue here is about aggregating seemingly harmless data in an easily accessible format. For example, anyone can drive/walk down a street and see whether your car is in the driveway, and from that ascertain whether you're home or not. Anyone can hang out on the footpath or other public area and keep an eye on your property and make notes on your coming and going.
So where's the harm in doing that on a large scale in an automated manner? But it's pretty clear that it's not going to be in many people's interest to have a website where you can easily find everyone who isn't home at the moment in a particular neighbourhood.
Ease of access to information does play a part in our privacy, as even a false sense of security is still a sense of security. For example, "reverse phone books" that provide name/address from a phone number, tend to be pretty controlled, even though the information in them is all entirely public (just indexed in the opposite direction). So on the one hand it doesn't prevent people from engaging in certain types of antisocial behaviour; but it does increase the amount of effort required to do so.
In past times, ascertaining the water depth involved a difficult process called "sounding," which was done by throwing a weighted line over the side in an attempt to find the bottom. This line, called a "lead line" was knotted in increments that allowed the user to measure the water's depth in feet or more commonly, in "fathoms" a nautical unit of measure equal to 6 feet. Using a lead line from a moving vessel was of course problematic, and subject to inaccuracies. The user had to stand on the bow of the ship or boat and toss the line, wait until the lead weight hit the bottom, and then haul in the line and count the number of knots that were submerged. All the while the vessel was still moving and the bottom contour could, of course, have already changed by the time the sounder called out the depth to the captain.
Today's electronic depth sounders have changed all of this. Depth sounders provide instant and continuously updated readings of the water depth as a vessel speeds along. Depth sounders work by the principle of "sonar." A sound signal is emitted from the bottom of the hull and this signal travels through the water until it reaches the bottom and then bounces back, to be picked up by the depth sounder's receiver. Since sound waves travel at a known rate, the depth can be determined by calculating the amount of time it takes for the sound waves to hit the bottom and return to the vessel. This is all done automatically and instantaneously by the instrument.
So it was called sounding before we had sonar, and it's just a coincidence that the term "sound" is involved.
Falcon 4 isn't a particularly good example of a developer getting it right. More it's the community managing to improve things despite the original design. Lead Pursuit managed to get a license and sold an updated version of F4 as Allied Force, but that was back in 2005 and the company has been silent for several years now. Apparently they're still working on something, but as far as I know that's in their spare time around their real jobs, so who knows... Meanwhile, the only happenings in the Falcon community have been from Open Falcon, which is based on an older exe and so is pretty unstable, and fails to run properly with most nVidia cards.
So basically if you want a stable game that runs on modern systems, you're stuck with F4: Allied Force, which is around 5 years old now with the most recent patch being released in January 2008. Maybe the BMS people are up to something, but that rumour seems to have surfaced periodically for the last couple of years so it's hard to get excited about it.
I think Bohemia Interactive Studio is probably one of the main bastions of mod-friendly gaming, from the very powerful scripting language to the SDK and tools they provide. Still not perfect, but far beyond what most companies do. Also one of the features of the forthcoming Operation Arrowhead is "integrated mod management" - remains to be seen exactly what that is.
A vanishingly small number of people receive cracks from the original creators. Most get it after it's passed through several people's hands, who have nothing to do with "the scene", and don't abide by its standards of ethics or excellence. That's where the malware comes from. Sometimes they'll be creative and embed their malware into part of the application or even the crack itself, but often they'll just package it with it and ensure it gets run through other means (e.g. hijack the autorun to run their malware as well as the installer).
This provides an easy avenue for infecting people: you download a good crack or release, add some malware, and re-upload it. Nobody's going to come after you for adding the malware, since the stuff you're corrupting is illegal anyway, and the actual creator of the product won't really care either (since malware decreases the value of warez). So it's easy to do, costs very little, potentially reaches a lot of people, can be done completely anonymously, and law enforcement will almost universally not give a shit anyway. Pretty much perfect for people who want to spread malware.
To be pedantic, they rarely identify them as viruses (unless their heuristics are playing up, or it actually is infected). But they do normally flag known cracks under a special category. This makes sense because employees may bring in unlicensed software which the company employing them would be liable for. So flagging the cracks as viruses means the sysadmins can be alerted and helps them make sure there's no unlicensed software being used in the business.
Similarly most AV products detect things like nmap as being some kind of malware, so as to alert the people running the infrastructure that someone's got a network scanner on their system. It's not exactly foolproof and you wouldn't want to rely on it as your only line of defense, but it does make sense to include that kind of thing in an AV product.
IT/software shouldn't be treated any differently to any other industry. Most people don't have sufficient expertise to buy most things, which is why salespeople exist in the first place. Yes, they're going to present their product in the best possible light, but presenting a product in a good light is a different beast than misrepresenting its capabilities.
Performing a full-scale test of a single piece of software is often impractical. The only way to really see how it fares in your actual business is to deploy it and use it for your actual business, alongside your existing practice. That can be huge undertaking, especially if part of the deployment of the new software is to make significant changes to your business processes. What about problems that only manifest themselves over time? Do you have to run the application (or several, since there's probably a few candidates) for several years to prove that they don't become unusably slow once they have a bunch of real data in them? What vendors are going to let you trial their application for several years?
Of course salespeople have an incentive to lie, just as thieves have an incentive to steal, and people on trial for committing crimes have an incentive to lie. That's why we create laws in the first place - to provide a disincentive where there otherwise wouldn't be one (or an insufficient one). That way, when you ask a vendor if their software meets your requirements, you can take them on their word.
IMO the software industry is not held to account for its claims often enough, and this ruling won't do much to change that. So your cynicism is understandable. But just saying "it's always going to be like that" is I think a defeatist attitude, and we should instead be raising the bar of acceptable behaviour.
That's kind of the point of why this is an interesting / important story. Everyone has those kinds of statements in the EULA, and this judge has ruled that if you're selling a product to do X, it better actually be capable of doing X because no amount of weasel-words gets you out of the fact that you sold someone a product that would do X.
Most games that you buy in the store require online activation these days anyway, and some even require you to be connected all the time (ala Ubisoft). So if you're not going to do use any cracks etc. at all, then you're just as screwed with physical purchases. If you're going to use cracks to allow you to play games if you can no longer activate it for whatever reason, then you have the same ability to play your downloaded games forever as well.
The only advantage of the physical media is that if your hard drive dies, you don't lose your purchased game (you just reinstall from disc). But that advantage is pretty much completely mitigated by the fact that it's very easy to back up digitally-distributed things, so if you're concerned about losing it there's no reason you can't put a copy on a USB stick, burn it to DVD/BluRay, put it on an external HDD, etc. And if you store it a different location, it's even protected against physical loss like fire or theft.
Kudos for taking the financial stand, I'm not sure it'll have the desired effect though. Big media seems to put any drop in revenue down to piracy, and never seem to consider even for a moment if they might be selling a product in a form people don't want to buy.
So you really think it's perfectly okay for salespeople to lie about a product's capabilities, and a customer who buys a product and then discovers it can't do what the vendor claimed it could do ought to have no recourse?
The point isn't really for you to attack the site. The point is for people writing web applications to look at this deliberately and openly buggy application and see the similarities to their own code. If they can't easily understand the Jarslberg code then they might not make that connection, thus defeating the whole point of the exercise.
Most of the things they're demonstrating are obvious and well-known to anyone who actively thinks about security and sanitisation of user-supplied data. So while you can argue that any good programmer with knowledge of a handful languages would be able to easily understand Python code, it's not really aimed at the good programmers in the first place.
The "all of it legal" thing threw me. Since when was selling drugs to crack heads on the street legal? Since when was breaking into people's houses legal? I assumed you were making some kind of indirect reference to something else and using these examples as analogies, but I couldn't work out what you were referring to.
Ultimately, there are two things I disagree with in what you're saying. Firstly the notion that being a lawyer is somehow immoral and comparable to dealing drugs or selling slaves (in modern times). Secondly, the idea that part of the solution is to artificially reduce the availability of lawyers.
To the first point: selling slaves was indeed once not an immoral occupation. It's possible that someday farming animals to be slaughtered for meat will be considered horrific and immoral (when we can synthesize "meat"), but that doesn't mean farmers of today are doing anything immoral. Similarly, maybe someone will come up with a better solution than the legal system for solving disputes and lawyers as we know them today will be but an embarrassing memory. But that's not the case. Lawyers provide a vital service to a society that's based on the rule of law.
To the second point: simply making professional, competent legal advice harder to obtain (by artificially decreasing the supply) will only cause additional pain to those who need them. The people most likely to be hurt by this are likely the people who you're mostly wanting to help with this suggestion, i.e. the common people and companies who just mind their own business and try to do the right thing without pulling any sneaky tricks on anyone.
You cannot legislate morality, as for one thing there are many people who will disagree with you about the immorality of e.g. being a patent troll. The system itself needs to be improved such that things that aren't beneficial to society aren't profitable to the perpetrator. In extreme cases one can set up a system of punishment to try to deter people from particular modes of behaviour, but it's far more effective to remove the incentive in the first place.
So, patent reform is one thing to consider to prevent a certain class of abuse of the legal system. You also mention personal injury claims; what would you propose as the alternative? Who is supposed to decide whether a particular claim is frivolous?
I'll certainly agree that the current state of the legal system imposes quite a bit of overhead. On the other hand, I haven't heard of any proposals for a system that would allow disputes to be resolved in a fair (for some version of "fair") and consistent manner that wouldn't incur some overhead. So perhaps the frivolous lawsuits are the price to be paid for having the ability to have your complains heard? A bit like having to allow idiots to spout offensive intolerant messages is a price that must be paid in order to have free speech.
OK. Then, some hoodlum on the street has a job selling drugs to crack heads. Some Crack addicts have a job breaking into lawyers houses to feed their habit. Lawyers have a job, duping the public into feeling they provide a useful service, when they are robbing them blind (all without a gun, and all of it is legal)
You've lost me on this one.
I know that lawyers have become parasites on economy. Not all, but the vast majority. The United States would be a lot better off morally, and financially, if we could 'reeducate' 75% of the lawyers.
And I suppose the solution to health is to 'reeducate' 75% of the doctors, right?
Never heard of supply and demand? If we get rid of 75% of the lawyers, the remainder would have so much demand for their services that their prices would skyrocket and then only the very wealthy could afford them and therefore use the legal system to destroy any smaller competitors even easier than they can now. I'm pretty sure that wouldn't be good for the United States, morally or financially.
If you think there's too much demand for lawyers, maybe you should think about addressing the reasons for that demand. Why do businesses and individuals hire lawyers in the first place?
Once you've established the source of the demand, you can then come up with a mechanism for reducing that demand and the number of people who can make a living from practicing law will drop accordingly. But simply drastically reducing the supply isn't going to fix anything.
When a lawyer uses tricks of the legal system to absolve a client that she KNOWS to be guilty, how can it be said that the lawyer is not supporting the side of evil.
Well that one's easy: because it's their damned job!
Who really KNOWS anything, anyway? Lawyers aren't magical pixies with supreme knowledge of everything their client has ever done: they may well THINK their client is guilty, but it's not up to the lawyer to judge their client. The lawyer's job is to do the best they can to convince the judge/jury that their client is innocent, or failing that, is only guilty of a lesser crime. They are however supposed to have supreme knowledge of the relevant laws and "legal tricks" that can be used to their client's benefit (otherwise, what is the point of having a lawyer?).
AFAIK in most places lawyers have to defend their clients to the best of their ability. They can probably get away with asking to be removed from a particular case if they really cannot bring themselves to defend a particular client, but if they made a habit of doing that every time they thought the person they were defending was probably guilty they'd likely end up in a lot of trouble. Disclaimer: this may be entirely untrue. IANAL.
Slashdot Mirror
Points in favour of tapes:
- most backup software is designed to deal with tape libraries, not so much with shuffling B2D media around
- most archive companies are built around storing tapes; though I suspect there are ones which could deal with hard disks in external caddies
- tapes deal with stress from being transported continuously better than mechanical drives (also wear and tear of plugging and unplugging the interfaces all the time)
- I think unused tapes age better than unused hard disks, but I've nothing to back that up
Bandwidth to the tape drive itself rarely seems to be an issue for actual backups, since network and file I/O latency seem to be more significant issues. We never get anywhere near the maximum speed out of our LTO-4 drive, even when we're just duplicating data from the local array to the tape.
That's not much use if you want to be able to restore the individual files from the backup, which is nearly always desirable.
Disaster-recovery-only backups are okay, but if you're spending the money to archive your data you normally want a bit more flexibility.
Additionally there's the obvious problem of taking the server offline while you do the backup...
I don't know of any phones that authenticate over USB, as most phones operate as USB mass storage devices which I don't think has any provision for that kind of thing. So, it's as you say: the unlock code has nothing to do with the connectivity, it's simply a matter that the phone will not expose its storage via USB if it's currently locked. This isn't too severe a limitation, since if you're able to plug a USB cable into the phone then you obviously have physical access to the device and can unlock it from the keypad.
Most phones can be configured to automatically lock after a certain amount of time. For example, my phone is set to lock after 5 minutes at which point you'll need to enter the PIN in order to access it. You can also configure it to never automatically lock and therefore you can manually tell it to lock when it suits you. So the answer to your big question is "it depends how the user has configured it".
As mentioned before, while it's locked you can't access the memory through USB. It's not exactly bullet-proof security, but it's enough to deter the casual attacker. It's very likely my phone (and others) have an override code or reset facility that could be used to gain access to the phone even if it's locked, possibly at the expense of wiping all settings (but it'll likely retain at least some user data).
Of course the issue with the iPhone is actually that at bootup it doesn't respect the lock code - so it works as expected while it's powered on, but if someone switches it off, and then connects to it via USB and powers it on they can access it. I'm not sure if it's possible to turn the iPhone off while it's locked though (doesn't it require confirmation?). However, this does violate the assumption that a powered-off PIN-locked phone is secure.
Can't speak to Blackberries and such, but on my Symbian-based phone (Samsung i8510) if I connect it to USB while it's PIN-locked all it does is recharge. I did this on my work PC while watching /var/log/dmesg and all it registered was a USB HUB being connected. No access to the phone memory at all. After I entered the PIN, the phone's internal storage and the SD card I have in were suddenly available.
Of course, if you have physical access to my phone you can pull out the SD card, which doesn't have any protection at all. But it's mostly just music on that, I think all my "private" information is on the internal memory and/or the SIM (which I also have a PIN on).
Yes I think it's a subscriber plum. If I go to any of the https slashdots while logged in it remains on SSL, if I'm not logged in then I get redirected to the non-SSL site.
Yes... I think that's reasonable. The wronged party sues Best Buy (who committed the infringement), who then sues their supplier -- presumably they have a contract in place which makes their supplier liable if the goods they're providing Best Buy can't be legally sold by Best Buy. That might go back a few levels as well, if the supplier is themselves a middleman.
Presumably in an actual situation, lawyers for the wronged party would talk to the lawyers for Best Buy, who would show them the relevant parts of the contract which absolve Best Buy from any liability, and the wronged party's lawyers would move on to sue the original supplier directly (possibly with Best Buy's assistance). But IANAL and it may be the case that BB would settle the claims directly with the wronged party, and then go after their suppliers separately.
The reason there's no lawsuit is because it's not the most productive thing for the FSF to do. You aren't obliged to immediately file suit against everyone who violates your copyright, it's just an option you have. They see their best strategy here is to try to come to some kind of agreement that can see Free Software being distributed through one of the world's most popular distribution services. Definitely seems a smarter play than to immediately get out the stick. After all, the best the FSF could hope for from a lawsuit would be having the software pulled, maybe receiving money in damages (questionable), and Apple being extra-special-careful to never allow anything that was derived from GPL to enter their store again.
That's likely to be the end game here; the FSF probably has more to gain by having the GPL legitimatised by Apple than Apple has to gain from having GPL'd software on iTunes. But it certainly makes sense for the FSF to try first.
It's similar to the theory that people surfing [legit] porn through tor are doing the people who actually need the anonymity a favour: if the only things that are encrypted are things that are sensitive, then it becomes easier to target interesting sites. If everything is encrypted, then you have to decrypt everything in order to find out what bits are interesting. And that's a much harder nut to crack.
/. has supported SSL for a long time. I think it may have been a plumb for subscribers when I first subscribed, but it doesn't seem to be listed on the FAQ so maybe not.
Here's your comment: https://tech.slashdot.org/comments.pl?sid=1664284&cid=32337858
Firstly the filter isn't implemented yet; the current proposed plan will do the filtering at the ISP-level, i.e. you won't be able to bypass it from your home connection (aside from by using a VPN or getting your kiddie porn through anything other than unencrypted HTTP on port 80).
I'm still hopeful the filter will be dropped. It doesn't seem to have much support, especially if the audience at least week's Q&A is anything to go by.
Not sure exactly why this qualifies as "news", although I suppose it's quite plausible that a government-backed national broadband network would require a particular device and/or OS in order to access. So I suppose the news here is that a government hasn't made a mind-boggingly poor technical decision.
You can still get the data if you happen to be using the wireless network at the time they come past.
But really, the issue here is about aggregating seemingly harmless data in an easily accessible format. For example, anyone can drive/walk down a street and see whether your car is in the driveway, and from that ascertain whether you're home or not. Anyone can hang out on the footpath or other public area and keep an eye on your property and make notes on your coming and going.
So where's the harm in doing that on a large scale in an automated manner? But it's pretty clear that it's not going to be in many people's interest to have a website where you can easily find everyone who isn't home at the moment in a particular neighbourhood.
Ease of access to information does play a part in our privacy, as even a false sense of security is still a sense of security. For example, "reverse phone books" that provide name/address from a phone number, tend to be pretty controlled, even though the information in them is all entirely public (just indexed in the opposite direction). So on the one hand it doesn't prevent people from engaging in certain types of antisocial behaviour; but it does increase the amount of effort required to do so.
http://www.essortment.com/hobbies/depthsoundersh_secb.htm
In past times, ascertaining the water depth involved a difficult process called "sounding," which was done by throwing a weighted line over the side in an attempt to find the bottom. This line, called a "lead line" was knotted in increments that allowed the user to measure the water's depth in feet or more commonly, in "fathoms" a nautical unit of measure equal to 6 feet. Using a lead line from a moving vessel was of course problematic, and subject to inaccuracies. The user had to stand on the bow of the ship or boat and toss the line, wait until the lead weight hit the bottom, and then haul in the line and count the number of knots that were submerged. All the while the vessel was still moving and the bottom contour could, of course, have already changed by the time the sounder called out the depth to the captain.
Today's electronic depth sounders have changed all of this. Depth sounders provide instant and continuously updated readings of the water depth as a vessel speeds along. Depth sounders work by the principle of "sonar." A sound signal is emitted from the bottom of the hull and this signal travels through the water until it reaches the bottom and then bounces back, to be picked up by the depth sounder's receiver. Since sound waves travel at a known rate, the depth can be determined by calculating the amount of time it takes for the sound waves to hit the bottom and return to the vessel. This is all done automatically and instantaneously by the instrument.
So it was called sounding before we had sonar, and it's just a coincidence that the term "sound" is involved.
Then all the lawyers really will be hot single women in their late 20s - early 30s, just like on TV!
Falcon 4 isn't a particularly good example of a developer getting it right. More it's the community managing to improve things despite the original design. Lead Pursuit managed to get a license and sold an updated version of F4 as Allied Force, but that was back in 2005 and the company has been silent for several years now. Apparently they're still working on something, but as far as I know that's in their spare time around their real jobs, so who knows... Meanwhile, the only happenings in the Falcon community have been from Open Falcon, which is based on an older exe and so is pretty unstable, and fails to run properly with most nVidia cards.
So basically if you want a stable game that runs on modern systems, you're stuck with F4: Allied Force, which is around 5 years old now with the most recent patch being released in January 2008. Maybe the BMS people are up to something, but that rumour seems to have surfaced periodically for the last couple of years so it's hard to get excited about it.
I think Bohemia Interactive Studio is probably one of the main bastions of mod-friendly gaming, from the very powerful scripting language to the SDK and tools they provide. Still not perfect, but far beyond what most companies do. Also one of the features of the forthcoming Operation Arrowhead is "integrated mod management" - remains to be seen exactly what that is.
A vanishingly small number of people receive cracks from the original creators. Most get it after it's passed through several people's hands, who have nothing to do with "the scene", and don't abide by its standards of ethics or excellence. That's where the malware comes from. Sometimes they'll be creative and embed their malware into part of the application or even the crack itself, but often they'll just package it with it and ensure it gets run through other means (e.g. hijack the autorun to run their malware as well as the installer).
This provides an easy avenue for infecting people: you download a good crack or release, add some malware, and re-upload it. Nobody's going to come after you for adding the malware, since the stuff you're corrupting is illegal anyway, and the actual creator of the product won't really care either (since malware decreases the value of warez). So it's easy to do, costs very little, potentially reaches a lot of people, can be done completely anonymously, and law enforcement will almost universally not give a shit anyway. Pretty much perfect for people who want to spread malware.
To be pedantic, they rarely identify them as viruses (unless their heuristics are playing up, or it actually is infected). But they do normally flag known cracks under a special category. This makes sense because employees may bring in unlicensed software which the company employing them would be liable for. So flagging the cracks as viruses means the sysadmins can be alerted and helps them make sure there's no unlicensed software being used in the business.
Similarly most AV products detect things like nmap as being some kind of malware, so as to alert the people running the infrastructure that someone's got a network scanner on their system. It's not exactly foolproof and you wouldn't want to rely on it as your only line of defense, but it does make sense to include that kind of thing in an AV product.
IT/software shouldn't be treated any differently to any other industry. Most people don't have sufficient expertise to buy most things, which is why salespeople exist in the first place. Yes, they're going to present their product in the best possible light, but presenting a product in a good light is a different beast than misrepresenting its capabilities.
Performing a full-scale test of a single piece of software is often impractical. The only way to really see how it fares in your actual business is to deploy it and use it for your actual business, alongside your existing practice. That can be huge undertaking, especially if part of the deployment of the new software is to make significant changes to your business processes. What about problems that only manifest themselves over time? Do you have to run the application (or several, since there's probably a few candidates) for several years to prove that they don't become unusably slow once they have a bunch of real data in them? What vendors are going to let you trial their application for several years?
Of course salespeople have an incentive to lie, just as thieves have an incentive to steal, and people on trial for committing crimes have an incentive to lie. That's why we create laws in the first place - to provide a disincentive where there otherwise wouldn't be one (or an insufficient one). That way, when you ask a vendor if their software meets your requirements, you can take them on their word.
IMO the software industry is not held to account for its claims often enough, and this ruling won't do much to change that. So your cynicism is understandable. But just saying "it's always going to be like that" is I think a defeatist attitude, and we should instead be raising the bar of acceptable behaviour.
That's kind of the point of why this is an interesting / important story. Everyone has those kinds of statements in the EULA, and this judge has ruled that if you're selling a product to do X, it better actually be capable of doing X because no amount of weasel-words gets you out of the fact that you sold someone a product that would do X.
Most games that you buy in the store require online activation these days anyway, and some even require you to be connected all the time (ala Ubisoft). So if you're not going to do use any cracks etc. at all, then you're just as screwed with physical purchases. If you're going to use cracks to allow you to play games if you can no longer activate it for whatever reason, then you have the same ability to play your downloaded games forever as well.
The only advantage of the physical media is that if your hard drive dies, you don't lose your purchased game (you just reinstall from disc). But that advantage is pretty much completely mitigated by the fact that it's very easy to back up digitally-distributed things, so if you're concerned about losing it there's no reason you can't put a copy on a USB stick, burn it to DVD/BluRay, put it on an external HDD, etc. And if you store it a different location, it's even protected against physical loss like fire or theft.
Kudos for taking the financial stand, I'm not sure it'll have the desired effect though. Big media seems to put any drop in revenue down to piracy, and never seem to consider even for a moment if they might be selling a product in a form people don't want to buy.
So you really think it's perfectly okay for salespeople to lie about a product's capabilities, and a customer who buys a product and then discovers it can't do what the vendor claimed it could do ought to have no recourse?
Actually I think it's very 2000's of you to ask a question which was answered in the post you replied to (and quoted).
The point isn't really for you to attack the site. The point is for people writing web applications to look at this deliberately and openly buggy application and see the similarities to their own code. If they can't easily understand the Jarslberg code then they might not make that connection, thus defeating the whole point of the exercise.
Most of the things they're demonstrating are obvious and well-known to anyone who actively thinks about security and sanitisation of user-supplied data. So while you can argue that any good programmer with knowledge of a handful languages would be able to easily understand Python code, it's not really aimed at the good programmers in the first place.
The "all of it legal" thing threw me. Since when was selling drugs to crack heads on the street legal? Since when was breaking into people's houses legal? I assumed you were making some kind of indirect reference to something else and using these examples as analogies, but I couldn't work out what you were referring to.
Ultimately, there are two things I disagree with in what you're saying. Firstly the notion that being a lawyer is somehow immoral and comparable to dealing drugs or selling slaves (in modern times). Secondly, the idea that part of the solution is to artificially reduce the availability of lawyers.
To the first point: selling slaves was indeed once not an immoral occupation. It's possible that someday farming animals to be slaughtered for meat will be considered horrific and immoral (when we can synthesize "meat"), but that doesn't mean farmers of today are doing anything immoral. Similarly, maybe someone will come up with a better solution than the legal system for solving disputes and lawyers as we know them today will be but an embarrassing memory. But that's not the case. Lawyers provide a vital service to a society that's based on the rule of law.
To the second point: simply making professional, competent legal advice harder to obtain (by artificially decreasing the supply) will only cause additional pain to those who need them. The people most likely to be hurt by this are likely the people who you're mostly wanting to help with this suggestion, i.e. the common people and companies who just mind their own business and try to do the right thing without pulling any sneaky tricks on anyone.
You cannot legislate morality, as for one thing there are many people who will disagree with you about the immorality of e.g. being a patent troll. The system itself needs to be improved such that things that aren't beneficial to society aren't profitable to the perpetrator. In extreme cases one can set up a system of punishment to try to deter people from particular modes of behaviour, but it's far more effective to remove the incentive in the first place.
So, patent reform is one thing to consider to prevent a certain class of abuse of the legal system. You also mention personal injury claims; what would you propose as the alternative? Who is supposed to decide whether a particular claim is frivolous?
I'll certainly agree that the current state of the legal system imposes quite a bit of overhead. On the other hand, I haven't heard of any proposals for a system that would allow disputes to be resolved in a fair (for some version of "fair") and consistent manner that wouldn't incur some overhead. So perhaps the frivolous lawsuits are the price to be paid for having the ability to have your complains heard? A bit like having to allow idiots to spout offensive intolerant messages is a price that must be paid in order to have free speech.
OK. Then, some hoodlum on the street has a job selling drugs to crack heads. Some Crack addicts have a job breaking into lawyers houses to feed their habit. Lawyers have a job, duping the public into feeling they provide a useful service, when they are robbing them blind (all without a gun, and all of it is legal)
You've lost me on this one.
I know that lawyers have become parasites on economy. Not all, but the vast majority. The United States would be a lot better off morally, and financially, if we could 'reeducate' 75% of the lawyers.
And I suppose the solution to health is to 'reeducate' 75% of the doctors, right?
Never heard of supply and demand? If we get rid of 75% of the lawyers, the remainder would have so much demand for their services that their prices would skyrocket and then only the very wealthy could afford them and therefore use the legal system to destroy any smaller competitors even easier than they can now. I'm pretty sure that wouldn't be good for the United States, morally or financially.
If you think there's too much demand for lawyers, maybe you should think about addressing the reasons for that demand. Why do businesses and individuals hire lawyers in the first place?
Once you've established the source of the demand, you can then come up with a mechanism for reducing that demand and the number of people who can make a living from practicing law will drop accordingly. But simply drastically reducing the supply isn't going to fix anything.
When a lawyer uses tricks of the legal system to absolve a client that she KNOWS to be guilty, how can it be said that the lawyer is not supporting the side of evil.
Well that one's easy: because it's their damned job!
Who really KNOWS anything, anyway? Lawyers aren't magical pixies with supreme knowledge of everything their client has ever done: they may well THINK their client is guilty, but it's not up to the lawyer to judge their client. The lawyer's job is to do the best they can to convince the judge/jury that their client is innocent, or failing that, is only guilty of a lesser crime. They are however supposed to have supreme knowledge of the relevant laws and "legal tricks" that can be used to their client's benefit (otherwise, what is the point of having a lawyer?).
AFAIK in most places lawyers have to defend their clients to the best of their ability. They can probably get away with asking to be removed from a particular case if they really cannot bring themselves to defend a particular client, but if they made a habit of doing that every time they thought the person they were defending was probably guilty they'd likely end up in a lot of trouble. Disclaimer: this may be entirely untrue. IANAL.
A-10s carry Mavericks, not Hellfire.