Thanks, that's a really nice way to start a conversation.
They promise not to randomly share SPI (which may not mean you think it means) to random individuals (e.g., making it publicly available) but they can provide it to business partners. The kicker is that your identity is not considered SPI, nor is your location, nor information about your economic or financial situation.
Where are you getting the definition? From the glossary linked to by the privacy policy, personal information "is information which you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by Google."
So wherever the privacy policy mentions "personal information", it includes anything that could be used to link your data back to your real identity. What that means is that advertisers may be given your other information (such as your interests), but only in aggregate form, and they would not be able to link it back to your real identity without being in violation of this privacy policy.
but they can provide it to business partners
If you read the privacy policy carefully, I believe (and this is just my reading; remember that I don't have good reading comprehension) that they couldn't get away with providing personal information to trusted business partners for any reason. The policy states:
We provide personal information to our affiliates or other trusted businesses or persons to process it for us
Emphasis mine. That means that they would be able to hire a third party to perform data aggregation or the like. The data would specifically have to be used by this third party to process the data on Google's behalf. They would not be able to use this data for their own arbitrary purposes without violating this privacy policy.
which their "privacy" policy is ballsy enough to mention some particularly nasty aspects of
You say it like it's a bad thing that they had the "balls" to make it so clear what they were doing, as if you'd consider it better somehow if they jumbled it up in a long legal document. Isn't this what we've been asking companies to do all along -- provide clear and transparent policies on what they are doing with our data?
I won't deny that it is a hell of a lot of information, considering that Google has a piece of JavaScript on most non-Google web pages. But I'm happy to see that, given that's the underlying technology, they have a really clear privacy policy that, to me, seems to protect my interests and limit third-party access to my data to acceptable levels.
Okay, so those approximately match my first and second sharing types in my list of three. For #1, they state that they will not do this in the new policy:
We do not share personal information with companies, organizations and individuals outside of Google unless...
The "unless" includes a bunch of exceptions, which I don't see as a big deal but you may disagree. In summary, a) if you give them permission, b) if you have a domain administrator (doesn't apply to normal users), c) with a third party affiliate for "processing", which must also agree to the privacy policy (not quite sure what that means), d) if compelled to by a court.
For #2, that isn't what they meant at all by "sharing information between services". It does NOT imply that, for example, your calendar would be randomly shared on Google+. It only means that they will share data with you and you alone, across services (for example, to give you relevant results and ads). If you haven't used Google+, the sharing is very straightforward and very tightly controlled: only things you explicitly post on there get shared, and every time you share something, it explicitly asks that you nominate a group of people or individuals to share it with, and once posted, that group of people cannot be changed.
Maybe it is not because Google will combine the privacy policies into a single one, but also all the users data across all its services?
Yep, that's certainly the idea. Note that most of Google's existing privacy policies already did give them the ability to share user's data across all its services. For example, YouTube already shows videos that your friends share on Google+. The problem was that they were inconsistent. Google cannot currently share data from YouTube with other sites. Their new policy allows them to do that. This is all explained in their letter to U.S. Congress.
Now what exactly is the problem with this? It seems to me that if Google is going to share my data, there are three sets of people they could share it with:
Third-party companies, such as advertisers (e.g., selling your personal data for profit)
Your social connections (e.g., sharing your personal information without your permission)
You (e.g., showing you ads relevant to your interests)
I see a significant harm if they were to engage in the first two. I don't really have a problem with the third. And this privacy policy specifically prevents them from doing the first two. So what this allows them to do is share my information, from one Google service to another, for the purposes of showing me relevant links and ads. In that case, where is the harm? Further, how am I worse off having, for example, Google search results informed by what YouTube videos I've been watching. It sounds like it could give me more relevant search results.
Further, I would much rather know that anything I upload to any Google service might be used by any other Google service, than have to remember a complex set of rules about which products' privacy policies allow Google to share data with which other products.
Perhaps the move will no longer let you share individual services data, like sharing your Google+ data but withhold your Calendar?
What does this mean? What do you mean by "share" in this context? Withhold your Calendar from whom? As far as I am concerned, the only people who have access to my calendar are me and Google's servers. If the Google+ app had access to my calendar (for example, it might show appointments on the side), that doesn't increase the people who have access to my calendar: It's still just me and Google's servers.
Since when did any company give you explicit control over how the data is stored on their servers? With Google's new policy, it is simple: if you use a service, your data for that service will be stored on Google and may be used by any other service within that company (and not sold to third parties). How is that harmful? How is that different to any other company?
Then in that case, the delay (which will vary based on the operation) will require that the public cannot monitor police radios. They would have to come up with an alternative mechanism for distributing radio chatter to the public, perhaps via the Internet.
But I'm curious as to why they need to be published at all. We do not publish private conversations between police officers at the station, so why do we need to publish their long-distance communication?
There has been a lot of attention on government transparency in recent years, due to WikiLeaks and so on. But it seems as though police radio is exactly the sort of thing that should be exempt from government transparency -- it pertains to operations that are going on right now, and disclosing those details immediately in public could compromise those operations. I don't see the problem with police security.
It's like the episode of Seinfeld where Jerry's dentist is making Jewish jokes, and Jerry starts making dentist jokes. Then the dentist gets all upset because his "people" (the dentists) are oppressed, and Kramer calls Jerry an "anti-dentite". Classic.
I would also like to see trade secret eliminated entirely. Why are we paying the monopolists if we can't ever get the benefit?
I'm not sure if you mean eliminate all trade secrets, or just those associated with protected intellectual property. I don't have any qualms with trade secrets: if Coke wants to have a secret formula for their drinks, and they don't want to tell me how to replicate it, fine. That is absolutely their right, just as it is my right not to tell you the contents of my hard drive. But where I agree with you is that it should not be legal to keep a trade secret and enjoy protection under IP laws. If you are going to get the benefit of a government-sponsored monopoly in exchange for releasing some knowledge into the world, then by damn you had better release that knowledge.
That is essentially the converse of your demand that patents be limited to things that can't be reverse engineered. If you are going to have a patent on something that is easy to learn by inspecting the product, then the patent isn't worth anything to society because it isn't telling us anything we can't already find out. Conversely, if you are going to patent something that is ridiculously complicated, then you must tell us how it works or the patent isn't worth anything to society because we can't replicate the invention after it expires. I realise that the patent does theoretically describe the invention, but all the patents I've read have only described the invention in enough detail that you could be sued if you invented one, not enough detail for an engineer to implement it.
I would also like to see trademark weakened considerably. However, I'm not sure how to do that. Maybe allow each company only a single trademark?
I don't have a very big problem with trademark law. You don't want to force companies to have one trademark that refers to their own name. Then nobody can protect the name of a product they might create -- I don't see how that would help. Also, anybody rich enough would easily get around it by creating dozens of shell companies with the name of each product.
But do your Nvidia cards have Optimus? My previous laptop (bought in late 2007) had an Nvidia GeForce 8600M GT 256MB, and that played games pretty well on Windows and Linux (but it was starting to get a bit old so I bought a new one). This laptop (bought in late 2011) has an Nvidia GeForce 540M 2GB, and it runs fine on Windows, abysmally on Linux. I haven't played any serious 3D games, but 2D games like Braid and Jamestown are sluggish, and I've tried my own (poorly optimised) 3D game and it runs at half the framerate as on my four year old hardware.
The reason is that the GeForce 540M (and all new Nvidia cards) have two video cards built in -- one "integrated" Intel video card and one serious Nvidia card. On Linux, it will always use the integrated one, because Optimus is not supported. I have installed Bumblebee and I am aware that people have reported success getting the Nvidia card working, but so far I haven't managed to get it going (and I've been told on this particular model that it is impossible to get it to display to the laptop display; it is only possible to get the Nvidia graphics working via the HDMI output). Anyway, not asking for tech support, just a warning.
As a Linux user, it's become pretty hard for me to take Linux gaming seriously since Nvidia launched Optimus and left us Linux users out in the cold. I just bought a new laptop with an Nvidia card and I had no idea what I was getting myself into: even simple 2D games run sluggishly on my brand new $400 graphics card in Linux, because it falls back to the Intel integrated card and there appears to be no way to get the real graphics card to work without booting Windows. I've lost all respect for Nvidia, but more importantly, it looks like I won't be playing any more games in Linux until I buy another new computer in a couple of years.:(
Aha. Good explanation (especially about the static linking).
If they did open source the DRM library as you say, it would still be a risk -- presumably if you have the source code to a statically linked library, it is not too difficult to recompile a given function and then hack it into the executable. But then, all client-side DRM is susceptible to hacking, and this would make it non-trivial to do so.
I'm not too familiar with this platform, but a quick browse of the site shows that the client supports some kind of DRM (if nothing else, their developer page lists "Check player authentication (are they allowed to play the game / banned)" under API Integration). Wouldn't open-sourcing the client allow anybody to produce a version that ignored any DRM checks in the client?
When you open source a game, I suppose it's your choice as the developer. But when you open source a content delivery platform, doesn't that affect all the other publishers? (I'm no fan of DRM, but I'm just wondering how this open source changes the nature of the platform.)
"creative editing and quoting?" I thought it was pretty standard practice to remove unimportant parts of quotations using the "..." to indicate that you have removed text. "Those sentences aren't even in the same paragraph." You say that as if I pulled two random quotes out of context, when really, the two paragraphs were right next to each other (I only removed two sentences). If it really bothers you that much, here's my post again, without any text removed from the original quote:
I don't think you understand SOPA. SOPA isn't a problem with Technology. It's not going to physically break the backbone routers we need for the internet. It's not going to present technological challenges. What it's going to do that is a problem is rape free speech, make user-generated content (like what I'm doing right now) nearly impossible and on par with China's arcane policies as well as a number of other things. It threatens uploading content, it threatens internal networks, it threatens open source software, it threatens DNS, DNSSEC and internet security. And the worst part is that it's going to be completely ineffective at what it aims to do!
You don't need to understand technology to read the pieces on how this is a direct assault on free speech.
Unfortunately, yes, you do. You just listed four highly technical terms, and explaining how SOPA is going to break those things does require a highly technical understanding. So I believe the original article is absolutely right that the problem is politicians not understanding technology.
Was that less "creative" for you? As far as I can tell, my point is exactly the same, only it's harder to read because you have to wade through parts of the original quote that aren't relevant for my reply.
I consider SOPA a reason to assume they're ignorant about it, if nothing else. You might attribute that to malice. ("Never attribute to malice that which is adequately explained by stupidity.") I think it's a mixture of both.
I don't doubt that these politicians have been completely bought out by the likes of the MPAA, and that they are acting in the interests of lobbying groups. But at the same time, I also don't think they have a clue, for example, what we mean when we say "SOPA will break DNSSEC," and nor do they care.
I don't think you understand SOPA. SOPA isn't a problem with Technology.... It threatens uploading content, it threatens internal networks, it threatens open source software, it threatens DNS, DNSSEC and internet security.... You don't need to understand technology to read the pieces on how this is a direct assault on free speech.
Unfortunately, yes, you do. You just listed four highly technical terms, and explaining how SOPA is going to break those things does require a highly technical understanding. So I believe the original article is absolutely right that the problem is politicians not understanding technology.
Screw their understanding of technology, frame this piece of shit legislation as a direct assault on basic civil liberties! Let them chisel into stone memos about their dry cleaning, who cares if they don't use e-mail. Just make sure they understand that this is first and foremost diametrically opposed to free speech when you simply consider the internet as a means of communication and expression!
But they don't consider the Internet as a means of communication and expression. If they are chiseling into stone tablets, then SOPA isn't going to affect them. To them, the Internet is that thing that lets pirates get films for free, and the MPAA has told them that's wrong. Again, the problem is that they don't understand that the Internet is free speech in one of its purest forms, and this will strangle the Internet.
*woman sits behind bars with a look of remorse on her face*
There's a website along these lines: Free Justin Beiber. I agree, a 15 second ad would be great.
Yeah, I agree with the Anonymous Coward who replied earlier. This isn't bad practice per se -- using the key id is the standard way to import a key. Importing by fingerprint doesn't make you any more secure because you haven't verified the fingerprint. That guide you linked to is inherently insecure because it isn't asking you to verify the key (and it isn't claiming to be secure against a fraudulent key).
The fingerprint is used when you are about to sign a key -- then you need to make sure that it actually belongs to its supposed owner. Having said all that, perhaps if you trust the site telling you to install a key, then it would add some extra verification to tell you to check the fingerprint.
It isn't a security vulnerability for the same reason that key id collisions aren't vulnerabilities. If I enter a long fingerprint and get two keys, one of which matches only the short id, that is a user interface bug. It isn't a security issue because I should never trust a key I pulled from the cloud unless a) the web of trust tells me it's okay (which means it has checked the full public key), or b) I subsequently check the full fingerprint in my local database.
I suppose you could expect GPG to verify it for you after typing in the long fingerprint, then I guess it's severe. I just wouldn't trust a key unless I looked at the fingerprint in my local database.
Do you really think that the developers of the world's foremost free encryption tool, the same one used by virtually all Linux distributions for package security, would have been too stupid to consider the birthday paradox? Read my post for an explanation of why this is not a problem.
Also, it isn't a one in 65536 chance (16-bits), it's a one in 4,294,967,296 chance (32-bits). Still, that is a very small number in cryptography, so I agree with you on this: with so many people using GPG, there are probably already key ID collisions happening all the time. It just isn't an issue because the system is designed with the expectation that key IDs would collide.
This. There is no problem here. The system is explicitly designed for the key id to be collidable. That is precisely why there is such a thing as a key fingerprint. The 32-bit key ID was never intended to be used to verify the validity of a key, merely for quickly identifying a key. The worst that can happen if two keys have the same ID is you are presented with two keys and have to look more closely to decide which one you want. The 180-bit fingerprint is used to verify a key and should be resistant to collisions for many many years.
The only problem is if people are using key IDs for verification, in which case it is a user error. Therefore, the lesson of this story is that if you want to know whether a key matches the one you were expecting, you need to look at the whole fingerprint, NOT the key id. That is why when you sign someone's key, they give you the fingerprint, not just the id.
But if you can't provide evidence to show a patent is more likely than not obvious, given the prior art that existed at the time of invention, and a patent results, then the system is working properly. This is justice, not emotion.
First, this doesn't account for the lengthy (insane) time that a patent lasts. Twenty years? In an industry where the entire landscape changes every three or four years, why should one company be able to hold back the innovation of all others for maybe ten generations of devices? Just because you invented something useful (and perhaps non-obvious), it doesn't necessarily follow that nobody else should be able to use it for a quarter of a human lifetime.
If no one ever thought of combining chocolate and peanut butter, then the Reese's cup is pretty freakin' inventive.
Second, this line of reasoning essentially assumes that all inventions are obvious. Everything ever invented had, at some point, never been thought of before. That does not automatically make it non-obvious. I would say that detecting URLs in text and linkifying them is an obvious invention. Someone was bound to invent it sooner or later. That doesn't mean that whoever invented it first ought to have a monopoly on the invention for twenty years. The patent system specifically has a clause for obviousness, and that doesn't appear to be followed very much.
Even if it's trivial to do without reading how it was made. No one even ever had the idea, so, the inventor's disclosure is really important to the public.
Thirdly, that's a fallacy. In the case of such a product (where it is trivial to reproduce without reading how it was made), simply selling the invention is disclosure. There is no need for a patent. So to take your example, if I invented and sold a Reese's cup, that may be an important contribution to society. But if I also published a patent on the Reese's cup, that doesn't add any further contribution to society: merely having the product tells us everything we need to know. To quote Wikipedia, "the temporary monopoly on the subject matter of the patent is regarded as a quid pro quo for thus disclosing the information to the public." In these cases, there is no quid pro quo, so you don't deserve a 20-year monopoly in exchange for telling us absolutely nothing extra.
Fair enough. But I'm sure someone thought of this before 1996.
More to the point, it just shows how brutally broken the patent system is when a completely obvious (but useful) idea, trivial to implement and trivial to understand without reading about how it was made*, can be used to legally block the sale of an entire product fifteen years after it was invented, during which time the entire industry exploded and was reinvented several times.
*The point "trivial to understand without reading about how it was made" is important: the only reason the patent system exists at all is to convince inventors to describe the details of their inventions to the public. Without the patent system, the theory goes, we would have a lot more trade secrets and we would lose the secrets of useful technology. So when you have a patent describing something that could trivially be re-implemented without underlying knowledge of how it was made -- something like "automatically link text that appears to be in a certain format" or "swipe to unlock" or "arrange buttons in a rectangular grid" -- there is no value to society. So it shouldn't be patentable.
I wonder if automatic hyperlinking of email addresses count as prior art; although this does not include the user interface element asking which program to use.
In that case, it isn't an invention, it's just two old and obvious ideas put together. For decades, programs have detected patterns in text and automatically linked them or associated a particular action. For decades, programs have asked users what program to use to handle a particular type of content. The idea of "let's detect patterns in text to determine the type of content, and then ask users what program to use" is a simple combination of the above two ideas. It does not constitute an invention that you should be able to destroy all sales of your competition.
Once again, Apple is using a law supposedly about innovation to ruin everybody else's chances in the marketplace. Their time on top is over, and legal protection for bogus patents is the only thing they have left.
Slashdot Mirror
Thanks, that's a really nice way to start a conversation.
Where are you getting the definition? From the glossary linked to by the privacy policy, personal information "is information which you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by Google."
So wherever the privacy policy mentions "personal information", it includes anything that could be used to link your data back to your real identity. What that means is that advertisers may be given your other information (such as your interests), but only in aggregate form, and they would not be able to link it back to your real identity without being in violation of this privacy policy.
If you read the privacy policy carefully, I believe (and this is just my reading; remember that I don't have good reading comprehension) that they couldn't get away with providing personal information to trusted business partners for any reason. The policy states:
Emphasis mine. That means that they would be able to hire a third party to perform data aggregation or the like. The data would specifically have to be used by this third party to process the data on Google's behalf. They would not be able to use this data for their own arbitrary purposes without violating this privacy policy.
You say it like it's a bad thing that they had the "balls" to make it so clear what they were doing, as if you'd consider it better somehow if they jumbled it up in a long legal document. Isn't this what we've been asking companies to do all along -- provide clear and transparent policies on what they are doing with our data?
I won't deny that it is a hell of a lot of information, considering that Google has a piece of JavaScript on most non-Google web pages. But I'm happy to see that, given that's the underlying technology, they have a really clear privacy policy that, to me, seems to protect my interests and limit third-party access to my data to acceptable levels.
Okay, so those approximately match my first and second sharing types in my list of three. For #1, they state that they will not do this in the new policy:
The "unless" includes a bunch of exceptions, which I don't see as a big deal but you may disagree. In summary, a) if you give them permission, b) if you have a domain administrator (doesn't apply to normal users), c) with a third party affiliate for "processing", which must also agree to the privacy policy (not quite sure what that means), d) if compelled to by a court.
For #2, that isn't what they meant at all by "sharing information between services". It does NOT imply that, for example, your calendar would be randomly shared on Google+. It only means that they will share data with you and you alone, across services (for example, to give you relevant results and ads). If you haven't used Google+, the sharing is very straightforward and very tightly controlled: only things you explicitly post on there get shared, and every time you share something, it explicitly asks that you nominate a group of people or individuals to share it with, and once posted, that group of people cannot be changed.
Yep, that's certainly the idea. Note that most of Google's existing privacy policies already did give them the ability to share user's data across all its services. For example, YouTube already shows videos that your friends share on Google+. The problem was that they were inconsistent. Google cannot currently share data from YouTube with other sites. Their new policy allows them to do that. This is all explained in their letter to U.S. Congress.
Now what exactly is the problem with this? It seems to me that if Google is going to share my data, there are three sets of people they could share it with:
I see a significant harm if they were to engage in the first two. I don't really have a problem with the third. And this privacy policy specifically prevents them from doing the first two. So what this allows them to do is share my information, from one Google service to another, for the purposes of showing me relevant links and ads. In that case, where is the harm? Further, how am I worse off having, for example, Google search results informed by what YouTube videos I've been watching. It sounds like it could give me more relevant search results.
Further, I would much rather know that anything I upload to any Google service might be used by any other Google service, than have to remember a complex set of rules about which products' privacy policies allow Google to share data with which other products.
What does this mean? What do you mean by "share" in this context? Withhold your Calendar from whom? As far as I am concerned, the only people who have access to my calendar are me and Google's servers. If the Google+ app had access to my calendar (for example, it might show appointments on the side), that doesn't increase the people who have access to my calendar: It's still just me and Google's servers.
Since when did any company give you explicit control over how the data is stored on their servers? With Google's new policy, it is simple: if you use a service, your data for that service will be stored on Google and may be used by any other service within that company (and not sold to third parties). How is that harmful? How is that different to any other company?
Then in that case, the delay (which will vary based on the operation) will require that the public cannot monitor police radios. They would have to come up with an alternative mechanism for distributing radio chatter to the public, perhaps via the Internet.
But I'm curious as to why they need to be published at all. We do not publish private conversations between police officers at the station, so why do we need to publish their long-distance communication?
There has been a lot of attention on government transparency in recent years, due to WikiLeaks and so on. But it seems as though police radio is exactly the sort of thing that should be exempt from government transparency -- it pertains to operations that are going on right now, and disclosing those details immediately in public could compromise those operations. I don't see the problem with police security.
It's like the episode of Seinfeld where Jerry's dentist is making Jewish jokes, and Jerry starts making dentist jokes. Then the dentist gets all upset because his "people" (the dentists) are oppressed, and Kramer calls Jerry an "anti-dentite". Classic.
I agree with you entirely, up to this point:
I'm not sure if you mean eliminate all trade secrets, or just those associated with protected intellectual property. I don't have any qualms with trade secrets: if Coke wants to have a secret formula for their drinks, and they don't want to tell me how to replicate it, fine. That is absolutely their right, just as it is my right not to tell you the contents of my hard drive. But where I agree with you is that it should not be legal to keep a trade secret and enjoy protection under IP laws. If you are going to get the benefit of a government-sponsored monopoly in exchange for releasing some knowledge into the world, then by damn you had better release that knowledge.
That is essentially the converse of your demand that patents be limited to things that can't be reverse engineered. If you are going to have a patent on something that is easy to learn by inspecting the product, then the patent isn't worth anything to society because it isn't telling us anything we can't already find out. Conversely, if you are going to patent something that is ridiculously complicated, then you must tell us how it works or the patent isn't worth anything to society because we can't replicate the invention after it expires. I realise that the patent does theoretically describe the invention, but all the patents I've read have only described the invention in enough detail that you could be sued if you invented one, not enough detail for an engineer to implement it.
I don't have a very big problem with trademark law. You don't want to force companies to have one trademark that refers to their own name. Then nobody can protect the name of a product they might create -- I don't see how that would help. Also, anybody rich enough would easily get around it by creating dozens of shell companies with the name of each product.
Now, were we talking about Star Wars?
And if you really love verbatim so much, modify your bookmarlet or search URL to include that.
But do your Nvidia cards have Optimus? My previous laptop (bought in late 2007) had an Nvidia GeForce 8600M GT 256MB, and that played games pretty well on Windows and Linux (but it was starting to get a bit old so I bought a new one). This laptop (bought in late 2011) has an Nvidia GeForce 540M 2GB, and it runs fine on Windows, abysmally on Linux. I haven't played any serious 3D games, but 2D games like Braid and Jamestown are sluggish, and I've tried my own (poorly optimised) 3D game and it runs at half the framerate as on my four year old hardware.
The reason is that the GeForce 540M (and all new Nvidia cards) have two video cards built in -- one "integrated" Intel video card and one serious Nvidia card. On Linux, it will always use the integrated one, because Optimus is not supported. I have installed Bumblebee and I am aware that people have reported success getting the Nvidia card working, but so far I haven't managed to get it going (and I've been told on this particular model that it is impossible to get it to display to the laptop display; it is only possible to get the Nvidia graphics working via the HDMI output). Anyway, not asking for tech support, just a warning.
As a Linux user, it's become pretty hard for me to take Linux gaming seriously since Nvidia launched Optimus and left us Linux users out in the cold. I just bought a new laptop with an Nvidia card and I had no idea what I was getting myself into: even simple 2D games run sluggishly on my brand new $400 graphics card in Linux, because it falls back to the Intel integrated card and there appears to be no way to get the real graphics card to work without booting Windows. I've lost all respect for Nvidia, but more importantly, it looks like I won't be playing any more games in Linux until I buy another new computer in a couple of years. :(
Aha. Good explanation (especially about the static linking).
If they did open source the DRM library as you say, it would still be a risk -- presumably if you have the source code to a statically linked library, it is not too difficult to recompile a given function and then hack it into the executable. But then, all client-side DRM is susceptible to hacking, and this would make it non-trivial to do so.
I'm not too familiar with this platform, but a quick browse of the site shows that the client supports some kind of DRM (if nothing else, their developer page lists "Check player authentication (are they allowed to play the game / banned)" under API Integration). Wouldn't open-sourcing the client allow anybody to produce a version that ignored any DRM checks in the client?
When you open source a game, I suppose it's your choice as the developer. But when you open source a content delivery platform, doesn't that affect all the other publishers? (I'm no fan of DRM, but I'm just wondering how this open source changes the nature of the platform.)
"creative editing and quoting?" I thought it was pretty standard practice to remove unimportant parts of quotations using the "..." to indicate that you have removed text. "Those sentences aren't even in the same paragraph." You say that as if I pulled two random quotes out of context, when really, the two paragraphs were right next to each other (I only removed two sentences). If it really bothers you that much, here's my post again, without any text removed from the original quote:
Was that less "creative" for you? As far as I can tell, my point is exactly the same, only it's harder to read because you have to wade through parts of the original quote that aren't relevant for my reply.
Really insightful. Regretfully, I agree with you.
I consider SOPA a reason to assume they're ignorant about it, if nothing else. You might attribute that to malice. ("Never attribute to malice that which is adequately explained by stupidity.") I think it's a mixture of both.
I don't doubt that these politicians have been completely bought out by the likes of the MPAA, and that they are acting in the interests of lobbying groups. But at the same time, I also don't think they have a clue, for example, what we mean when we say "SOPA will break DNSSEC," and nor do they care.
Unfortunately, yes, you do. You just listed four highly technical terms, and explaining how SOPA is going to break those things does require a highly technical understanding. So I believe the original article is absolutely right that the problem is politicians not understanding technology.
But they don't consider the Internet as a means of communication and expression. If they are chiseling into stone tablets, then SOPA isn't going to affect them. To them, the Internet is that thing that lets pirates get films for free, and the MPAA has told them that's wrong. Again, the problem is that they don't understand that the Internet is free speech in one of its purest forms, and this will strangle the Internet.
There's a website along these lines: Free Justin Beiber.
I agree, a 15 second ad would be great.
Yeah, I agree with the Anonymous Coward who replied earlier. This isn't bad practice per se -- using the key id is the standard way to import a key. Importing by fingerprint doesn't make you any more secure because you haven't verified the fingerprint. That guide you linked to is inherently insecure because it isn't asking you to verify the key (and it isn't claiming to be secure against a fraudulent key).
The fingerprint is used when you are about to sign a key -- then you need to make sure that it actually belongs to its supposed owner. Having said all that, perhaps if you trust the site telling you to install a key, then it would add some extra verification to tell you to check the fingerprint.
It isn't a security vulnerability for the same reason that key id collisions aren't vulnerabilities. If I enter a long fingerprint and get two keys, one of which matches only the short id, that is a user interface bug. It isn't a security issue because I should never trust a key I pulled from the cloud unless a) the web of trust tells me it's okay (which means it has checked the full public key), or b) I subsequently check the full fingerprint in my local database.
I suppose you could expect GPG to verify it for you after typing in the long fingerprint, then I guess it's severe. I just wouldn't trust a key unless I looked at the fingerprint in my local database.
Do you really think that the developers of the world's foremost free encryption tool, the same one used by virtually all Linux distributions for package security, would have been too stupid to consider the birthday paradox? Read my post for an explanation of why this is not a problem.
Also, it isn't a one in 65536 chance (16-bits), it's a one in 4,294,967,296 chance (32-bits). Still, that is a very small number in cryptography, so I agree with you on this: with so many people using GPG, there are probably already key ID collisions happening all the time. It just isn't an issue because the system is designed with the expectation that key IDs would collide.
Ah okay, I didn't read the bug report. That is indeed a bug, but it isn't a security vulnerability.
This. There is no problem here. The system is explicitly designed for the key id to be collidable. That is precisely why there is such a thing as a key fingerprint. The 32-bit key ID was never intended to be used to verify the validity of a key, merely for quickly identifying a key. The worst that can happen if two keys have the same ID is you are presented with two keys and have to look more closely to decide which one you want. The 180-bit fingerprint is used to verify a key and should be resistant to collisions for many many years.
The only problem is if people are using key IDs for verification, in which case it is a user error. Therefore, the lesson of this story is that if you want to know whether a key matches the one you were expecting, you need to look at the whole fingerprint, NOT the key id. That is why when you sign someone's key, they give you the fingerprint, not just the id.
Okay, three things.
First, this doesn't account for the lengthy (insane) time that a patent lasts. Twenty years? In an industry where the entire landscape changes every three or four years, why should one company be able to hold back the innovation of all others for maybe ten generations of devices? Just because you invented something useful (and perhaps non-obvious), it doesn't necessarily follow that nobody else should be able to use it for a quarter of a human lifetime.
Second, this line of reasoning essentially assumes that all inventions are obvious. Everything ever invented had, at some point, never been thought of before. That does not automatically make it non-obvious. I would say that detecting URLs in text and linkifying them is an obvious invention. Someone was bound to invent it sooner or later. That doesn't mean that whoever invented it first ought to have a monopoly on the invention for twenty years. The patent system specifically has a clause for obviousness, and that doesn't appear to be followed very much.
Thirdly, that's a fallacy. In the case of such a product (where it is trivial to reproduce without reading how it was made), simply selling the invention is disclosure. There is no need for a patent. So to take your example, if I invented and sold a Reese's cup, that may be an important contribution to society. But if I also published a patent on the Reese's cup, that doesn't add any further contribution to society: merely having the product tells us everything we need to know. To quote Wikipedia, "the temporary monopoly on the subject matter of the patent is regarded as a quid pro quo for thus disclosing the information to the public." In these cases, there is no quid pro quo, so you don't deserve a 20-year monopoly in exchange for telling us absolutely nothing extra.
Fair enough. But I'm sure someone thought of this before 1996.
More to the point, it just shows how brutally broken the patent system is when a completely obvious (but useful) idea, trivial to implement and trivial to understand without reading about how it was made*, can be used to legally block the sale of an entire product fifteen years after it was invented, during which time the entire industry exploded and was reinvented several times.
*The point "trivial to understand without reading about how it was made" is important: the only reason the patent system exists at all is to convince inventors to describe the details of their inventions to the public. Without the patent system, the theory goes, we would have a lot more trade secrets and we would lose the secrets of useful technology. So when you have a patent describing something that could trivially be re-implemented without underlying knowledge of how it was made -- something like "automatically link text that appears to be in a certain format" or "swipe to unlock" or "arrange buttons in a rectangular grid" -- there is no value to society. So it shouldn't be patentable.
Well Microsoft Word 97 certainly did it. I'm not sure if anything predates that, but that is fourteen years old.
In that case, it isn't an invention, it's just two old and obvious ideas put together. For decades, programs have detected patterns in text and automatically linked them or associated a particular action. For decades, programs have asked users what program to use to handle a particular type of content. The idea of "let's detect patterns in text to determine the type of content, and then ask users what program to use" is a simple combination of the above two ideas. It does not constitute an invention that you should be able to destroy all sales of your competition.
Once again, Apple is using a law supposedly about innovation to ruin everybody else's chances in the marketplace. Their time on top is over, and legal protection for bogus patents is the only thing they have left.