Record it all. The legal notices, phone calls, etc. If they send lawyers over, videotape it. Police? Videotape it. Webcams are preferred since even if they smash your cameras the footage you've already captured has been streamed onto the net. Cameras make oppressive forces nervous. Viewers won't see people defending their copyrights from pirates, they'll see a BSA lead gestapo terrorizing a university.
Oh, also. Try the angle of EULAs not being legally binding. You're batting about 50/50 based on previous court cases whether or not EULAs are legally binding contracts. EULAs are those things you click past that say the copyright holder or any assignee (BSA) have a right to audit your systems, not to mention also say you own a license to use the software and not in fact your own private copy.
Obviously you should have lawyers working hard on this.
Perhaps to minimize your liability in the event of an audit, on non-critical machines (such as machines that are sitting idle, or just used for web browsing, or whatever) you could install a Linux distro on them. If you were planning to migrate your servers from NT, now might be a good time to expedite it.
Binary only drivers are inferior. Even when you have an open sourced kernel module to intermediate. The argument would be less unreasonable if it was source vs. open source, but it's not. It's binary only vs source available.
In any case, nVidia wants to open source their drivers. The reason I got for them being binary only was that they licensed the AGP code from a third party which is unwilling to open their code. Too bad.
Katz is on the right track. He can feel how the internet is a different ballgame entirely when it comes to marketing, but he's not quite sure how. Or why. Or what.
It basically mandates that logging onto a random server and playing for an hour or so every couple nights isn't "good enough". Now you have to engage in moronic chit-chat with the dozen
retards on the server in order to can gain their trust. No thanks.
Not necessarily. The beauty of such a web is that you don't need to know the people you play with, just that you know common people (which if you pick two random people in the US, they probably know each other with a suprisingly small amount of displacement).
It means that you need to know at least someone, but in the worst case you may just play on a server where no one trusts you--which is how much they already trusted you.
The end result is that this is going to be more effective than useless anti-cheat clients, and is really the only hope you've got unless you only plan on playing with people you trust, trust network or otherwise.
It's not an uphill battle. It's a losing battle no matter what. It was already lost before it was started.
With punkbuster, signatures of exploits (mainly aim bots) can be detected, even if they have NOTHING TO DO WITH THE.DLL's that the game uses to run. It is not only a client side program that authenticates.
So uh, what stops me from hacking punkbuster so that it sees only what it needs to see?
Untill game developers start encrypting every packet made by the client, before it is sent off to the network, and on the OS level, the video memory can be locked out, even by the root user, aim bots will exist. and people will use them.
I have full control of my machine. I can break any of these mechanisms if I want to. That anti-cheat client developers don't get this fact means that they're naive. Or think they can make assloads of money by running everyone through the mud.
Anti-cheat clients will inconvenience legitimate users (you know, people who didn't install the latest fucking anti-cheat tool of the month) and do nothing to people who want to cheat.
A less hopeless attempt at cheat prevention would be to integrate a "web of trust" system into gaming communities.
This is all doable through cryptography, but I'll explain the protocol without the implementation details:
Players take a vow to play cheat free. They get their friends to confirm that they play cheat free. Friends confirm other friends. The web develops. This relationship is published to a well known repository and linked to other webs of trust submitted by other groups based on common participants.
Alice and Bob have never met before, but they can be pretty sure that niether is cheating because Alice trusts Frank, who trusts Trent, who trusts Eve, who trusts Andrew, who trusts Bob. This many levels of displacement is probaby enough to cover the population of the United States.
When you join a server to play, the server checks your position in the web of trust to that of others on the web, and tells you their trustworthiness. By playing against people who are trusted by people you trust you can play with higher confidence. You could set policies to only allow players who meet a certain trust level.
Someone who is actually confirmed to be cheating could damage the trustworthiness of a huge set of players, and would motivate the participants to quickly distance themselves from the cheater or be classified as cheaters themselves.
A lot of the attacks against this model are based on the implementation, but it sounds more promising to me than pursuing ridiculous anti-cheat clients.
It always frustates me how naive people who should rightfully know better are when it comes to cheat prevention. It's great to see an anti-cheat client actually work and kick the occasional cheater off of a server, but it often gives an irrational sense of hope.
Anti-cheat clients are a losing battle by definition. There is no way they can possibly be successful. The more effective one is, the more effort people will put forth to break it.
As long as the client must be trusted on computers that players own (and may therefore hack accordingly), cheating will always be possible.
The software scans key dll and other files in the RCTW folders and other factors to try to determine if any modification has been made to those files, and if so, the client is flagged as a cheater, and typically kicked from the server.
There are dozens of ways around this on any modern OS that has basic process debugging functions. Without even getting creative:
You can hack the program to disable the anti-cheat client, and run your own anti-cheat client that meets the server's security requirements.
Detect when the anti-cheat client runs and redirect its calls to a different, legit set of data.
Write cheats that don't depend on modifying on-disk DLLs. When the game starts, modify in-core game data. Since the on-disk DLLs are never modified, the client says all is well.
Intercept game system calls to load DLLs and redirect them to a set of hacked DLLs. Take measures to ensure that the anti-cheat client is not also redirected (it probably uses different calls).
Impose a proxy between the client and the server that intercepts and adjusts actions accordingly.
Run the game under an emulator (legitimate reasons are like how I run Counter-Strike under Linux/Wine). Set up a pristine system environment in the emulator, run all of the cheats from the host OS. The anti-cheat client could never access the host OS (unless the emulator is broken) and would have a much harder time detecting cheats.
Are there ways to write anti-cheat clients to counter all of these? Probably. But then you open up yet another round of the clever game developers vs. all clever hackers in the world. With each release, the anti-cheat client has to be more clever, more complex, more intertwined, which is only going to make it easier to defeat since there will be so many more points of attack.
If you want to play games without cheating, play on computers that are owned by a trusted third party (like a lan gaming place). Or play with players you trust. Trusting an anti-cheat client on an untrusted computer in front of an untrusted player is hopeless.
The difference between WinModems and WinWiFi would be that Linux is much more popular now than it was when WinModems were relevant. If the good hardware manufacturers went WinWiFi, they could probably be convinced to allow LinWiFi drivers. I can't imagine Lucent (who actually offers LTwinmodem Linux drivers now) not doing that, for example.
I think Lucent almost gets it. Other companies I'm not so sure of. Make sure to vote with your wallet, manufacturers have more incentive to listen now than they ever did.
Oh, and for all that people whine about hardware not being supported in Linux, I actually have hardware that works under Linux but is completely unusable in Windows 2000. Eat it.
Microsoft's successful business model depends on products tied around their Windows platform. A Windows platform means a Windows license, other products that they sell that runs on that platform (resulting in more licenses), and keeps people who have invested in becoming Windows developers in business, who will in turn produce software for the platform which increases its value to Microsoft. They have certification programs based on this, and work very hard to get this one platform into as many markets as possible (X-Box, for one example).
Instead of complying with open standards, it's much more advantageous to Microsoft if you use their standards. A ubiquitous Microsoft standard platform means all kinds of profit potential.
Microsoft will never forgive itself for missing the opportunity to take a cut of every credit card transaction initiated from a Windows platform. My guess is that they're hoping that one day Passport/Wallet will be the way to reclaim this dream.
So why would they give up a major cash cow plus endanger a future cash cow motherlode just because some hippies are whining about source code? They won't. They'll pay it lip service, they'll do what is required to make them sound hip, but don't expect them to open source Windows until their monopoly foothold is completely gone.
They are not a typical software company, and things that make sense for many software companies do not make sense for them. Therefore open source is out, unless it's for technology that really doesn't matter to them if people can reproduce.
The fact that they're now speaking highly of open source and alternative.NET implementations leads me to believe that they're not directly a core to their plans, and may even be assisting their world domination plans. Be so afraid.:)
All of the people that shared their experiences with MySQL helped turn that document into a very useful weapon against nuisance naysayers. I'm hoping the same will happen for AMD.
I mean I can't imagine a court doing more than simply ordering you to purchase the missing licenses, and maybe a slap on the wrist fine if the BSA can prove you were lazy about it.
The only case where I can see an actual judgement of $100,000 per copyright is if you were redistributing software. If you're not doing that (which is basically what the BSA was formed to deal with) I really can't see a court punishing you as severely as the BSA wants to.
And again, if the judge thinks the BSA is being that unreasonable and you've shown that you made a good faith attempt to stay current, they may just judge in your favor and compensate you for the hassle plus a little extra to punish the BSA.
And indeed, that sense of fear and the resulting policies among customers is quite valuable to software vendors. Organizations thereafter tend to "dot their I's and cross their T's" when it comes to software. They tend to review the EULAs and ask questions about what licenses they need to be fully compliant. They don't take chances. They know that it doesn't matter what would or would not hold up in court. What truely matters is what the outcome of a BSA audit will be, and what sort of position the BSA will be in the demand/extort a "settlement".
First, IANAL.
If the BSA ever drops by, kick them out of your office. Let them sue you and then countersue them for restraint of trade. The grounds being that EULAs are not legally enforcable and even with good faith attempts to remain compliant it's difficult. If the BSA's suit demands basically what you pasted it'd reek of nuisance suit and courts respond very harshly to that.
The only people who can get away with shit like that is the IRS.:)
The Republicans/Democrats finally got their money. Once this latest bout of bureacracy works its way through the system, Microsoft will go free.
Anti-trust litigation is just a tool for politicians to mess with big businesses that haven't paid their dues. The ones that pay go free. The ones that don't suffer the consequences.
If the American people really didn't want Windows, they would stop buying it. My sister uses a Mac. I use Linux. My other sister and my dad use Windows. What's the problem?
If Dell can be pressured by Microsoft to drop Linux support, that's Dell's problem. They could never pull that against IBM, for example.
Not in all places. Here, it's 10 -- we have two area codes that overlap. I'm still slowly getting used to dialing at least 10 digits whenever I make a call...
Oh, never claimed otherwise. I didn't qualify it with "In the US..." because Slashdot is an American (TM) site though. It's in the FAQ.;)
And as it turns out, research shows that 7 is the max number of digits easily remembered by subjects in studies of short-term memory. Short-term memory is, of course, the pathway one generally needs to traverse to produce long-term memories.
Telephone numbers are seven digits. But they used to be only six digits, which means that the telephone company probably didn't do this study to figure out how many digits to use.
I bet if we used 8 digit phone numbers for 30 years they'd be able to remember 8 digits without problem.:)
When working an ISP, that was the most common password. Never really got the other 3 so much, probably because people don't want to say 'SEX' over the phone.
I went to my bank the other day to assign a PIN to my ATM card. For this you need to sit down with a bank person at their desk. Just to be a pain in the ass, I asked her how many numbers I could enter (it's 7). She said 4. I entered 7 and it took.
Then she went "How do you remember 7 numbers?" and I said "The same way I'd remember 4 numbers. It's not like remembering yet another set of numbers is going to be hard--I've memorized the passwords of at least 20 other services".
To which the lady at the bank said "See, the best way is to just use the same password for EVERYTHING. This way you only need to remember one!"
Ah, http://www.mta.nyc.ny.us/ which happens to be the site now known as http://mta.info/
So, there you have it. A smart naming scheme.
I don't think it's smart at all. In fact it's very arrogant. Every other city, state, or country is so out of luck if they also have an MTA.
What happens if someone in LA wants to visit their MTA homepage? How obvious is it that they should visit mta.net? Or Maryland residents should go to mtamaryland.net because they're not important enough to have mta.info?
There's no way that the NYC MTA could be of any use at all to anyone in Kentucky, especially when they're likely to have one of their own. Keeping it local makes perfect sense.
The fact that people are so uneducated about the hierarchy of DNS is what leads to these conflicts over what are essentially artificial limitations. If hierarchial names had occured to the guy who Asked Slashdot about what naming scheme to use in the first place he wouldn't have even Asked Slashdot!
Slashdot Mirror
Record it all. The legal notices, phone calls, etc. If they send lawyers over, videotape it. Police? Videotape it. Webcams are preferred since even if they smash your cameras the footage you've already captured has been streamed onto the net. Cameras make oppressive forces nervous. Viewers won't see people defending their copyrights from pirates, they'll see a BSA lead gestapo terrorizing a university.
Oh, also. Try the angle of EULAs not being legally binding. You're batting about 50/50 based on previous court cases whether or not EULAs are legally binding contracts. EULAs are those things you click past that say the copyright holder or any assignee (BSA) have a right to audit your systems, not to mention also say you own a license to use the software and not in fact your own private copy.
Obviously you should have lawyers working hard on this.
Perhaps to minimize your liability in the event of an audit, on non-critical machines (such as machines that are sitting idle, or just used for web browsing, or whatever) you could install a Linux distro on them. If you were planning to migrate your servers from NT, now might be a good time to expedite it.
RIAA funded RIAA police, who work under the supervision of the EFF. Time to bribe a Congressman.
Binary only drivers are inferior. Even when you have an open sourced kernel module to intermediate. The argument would be less unreasonable if it was source vs. open source, but it's not. It's binary only vs source available.
In any case, nVidia wants to open source their drivers. The reason I got for them being binary only was that they licensed the AGP code from a third party which is unwilling to open their code. Too bad.
Try the web site it was based on. http://www.cluetrain.com/
Katz is on the right track. He can feel how the internet is a different ballgame entirely when it comes to marketing, but he's not quite sure how. Or why. Or what.
Read the Cluetrain Manifesto.
It basically mandates that logging onto a random server and playing for an hour or so every couple nights isn't "good enough". Now you have to engage in moronic chit-chat with the dozen retards on the server in order to can gain their trust. No thanks.
Not necessarily. The beauty of such a web is that you don't need to know the people you play with, just that you know common people (which if you pick two random people in the US, they probably know each other with a suprisingly small amount of displacement).
It means that you need to know at least someone, but in the worst case you may just play on a server where no one trusts you--which is how much they already trusted you.
The end result is that this is going to be more effective than useless anti-cheat clients, and is really the only hope you've got unless you only plan on playing with people you trust, trust network or otherwise.
It's not an uphill battle. It's a losing battle no matter what. It was already lost before it was started.
With punkbuster, signatures of exploits (mainly aim bots) can be detected, even if they have NOTHING TO DO WITH THE .DLL's that the game uses to run. It is not only a client side program that authenticates.
So uh, what stops me from hacking punkbuster so that it sees only what it needs to see?
Untill game developers start encrypting every packet made by the client, before it is sent off to the network, and on the OS level, the video memory can be locked out, even by the root user, aim bots will exist. and people will use them.
I have full control of my machine. I can break any of these mechanisms if I want to. That anti-cheat client developers don't get this fact means that they're naive. Or think they can make assloads of money by running everyone through the mud.
Anti-cheat clients will inconvenience legitimate users (you know, people who didn't install the latest fucking anti-cheat tool of the month) and do nothing to people who want to cheat.
Meant to include this in the parent post.
A less hopeless attempt at cheat prevention would be to integrate a "web of trust" system into gaming communities.
This is all doable through cryptography, but I'll explain the protocol without the implementation details:
Players take a vow to play cheat free. They get their friends to confirm that they play cheat free. Friends confirm other friends. The web develops. This relationship is published to a well known repository and linked to other webs of trust submitted by other groups based on common participants.
Alice and Bob have never met before, but they can be pretty sure that niether is cheating because Alice trusts Frank, who trusts Trent, who trusts Eve, who trusts Andrew, who trusts Bob. This many levels of displacement is probaby enough to cover the population of the United States.
When you join a server to play, the server checks your position in the web of trust to that of others on the web, and tells you their trustworthiness. By playing against people who are trusted by people you trust you can play with higher confidence. You could set policies to only allow players who meet a certain trust level.
Someone who is actually confirmed to be cheating could damage the trustworthiness of a huge set of players, and would motivate the participants to quickly distance themselves from the cheater or be classified as cheaters themselves.
A lot of the attacks against this model are based on the implementation, but it sounds more promising to me than pursuing ridiculous anti-cheat clients.
It always frustates me how naive people who should rightfully know better are when it comes to cheat prevention. It's great to see an anti-cheat client actually work and kick the occasional cheater off of a server, but it often gives an irrational sense of hope.
Anti-cheat clients are a losing battle by definition. There is no way they can possibly be successful. The more effective one is, the more effort people will put forth to break it.
As long as the client must be trusted on computers that players own (and may therefore hack accordingly), cheating will always be possible.
The software scans key dll and other files in the RCTW folders and other factors to try to determine if any modification has been made to those files, and if so, the client is flagged as a cheater, and typically kicked from the server.
There are dozens of ways around this on any modern OS that has basic process debugging functions. Without even getting creative:
Are there ways to write anti-cheat clients to counter all of these? Probably. But then you open up yet another round of the clever game developers vs. all clever hackers in the world. With each release, the anti-cheat client has to be more clever, more complex, more intertwined, which is only going to make it easier to defeat since there will be so many more points of attack.
If you want to play games without cheating, play on computers that are owned by a trusted third party (like a lan gaming place). Or play with players you trust. Trusting an anti-cheat client on an untrusted computer in front of an untrusted player is hopeless.
The difference between WinModems and WinWiFi would be that Linux is much more popular now than it was when WinModems were relevant. If the good hardware manufacturers went WinWiFi, they could probably be convinced to allow LinWiFi drivers. I can't imagine Lucent (who actually offers LTwinmodem Linux drivers now) not doing that, for example.
I think Lucent almost gets it. Other companies I'm not so sure of. Make sure to vote with your wallet, manufacturers have more incentive to listen now than they ever did.
Oh, and for all that people whine about hardware not being supported in Linux, I actually have hardware that works under Linux but is completely unusable in Windows 2000. Eat it.
See this page for a method that would surely destroy the telemarketing industry if enough companies did it.
Microsoft's successful business model depends on products tied around their Windows platform. A Windows platform means a Windows license, other products that they sell that runs on that platform (resulting in more licenses), and keeps people who have invested in becoming Windows developers in business, who will in turn produce software for the platform which increases its value to Microsoft. They have certification programs based on this, and work very hard to get this one platform into as many markets as possible (X-Box, for one example).
Instead of complying with open standards, it's much more advantageous to Microsoft if you use their standards. A ubiquitous Microsoft standard platform means all kinds of profit potential.
Microsoft will never forgive itself for missing the opportunity to take a cut of every credit card transaction initiated from a Windows platform. My guess is that they're hoping that one day Passport/Wallet will be the way to reclaim this dream.
So why would they give up a major cash cow plus endanger a future cash cow motherlode just because some hippies are whining about source code? They won't. They'll pay it lip service, they'll do what is required to make them sound hip, but don't expect them to open source Windows until their monopoly foothold is completely gone.
They are not a typical software company, and things that make sense for many software companies do not make sense for them. Therefore open source is out, unless it's for technology that really doesn't matter to them if people can reproduce.
The fact that they're now speaking highly of open source and alternative .NET implementations leads me to believe that they're not directly a core to their plans, and may even be assisting their world domination plans. Be so afraid. :)
The exciting sequel to MySQL Myths Debunked is AMD Myths Debunked! Laugh, cry, maybe share your experiences?
All of the people that shared their experiences with MySQL helped turn that document into a very useful weapon against nuisance naysayers. I'm hoping the same will happen for AMD.
Like any of their other codenames were at all relevant? Perhaps they have ties to codebreaking in WW2? (Enigma) Or maybe South Park? (Cartman)
Dan Bernstein's software is certainly different, but I've never known it to exhibit "poor coding". Do you have any additional information?
I mean I can't imagine a court doing more than simply ordering you to purchase the missing licenses, and maybe a slap on the wrist fine if the BSA can prove you were lazy about it.
The only case where I can see an actual judgement of $100,000 per copyright is if you were redistributing software. If you're not doing that (which is basically what the BSA was formed to deal with) I really can't see a court punishing you as severely as the BSA wants to.
And again, if the judge thinks the BSA is being that unreasonable and you've shown that you made a good faith attempt to stay current, they may just judge in your favor and compensate you for the hassle plus a little extra to punish the BSA.
And indeed, that sense of fear and the resulting policies among customers is quite valuable to software vendors. Organizations thereafter tend to "dot their I's and cross their T's" when it comes to software. They tend to review the EULAs and ask questions about what licenses they need to be fully compliant. They don't take chances. They know that it doesn't matter what would or would not hold up in court. What truely matters is what the outcome of a BSA audit will be, and what sort of position the BSA will be in the demand/extort a "settlement".
First, IANAL.
If the BSA ever drops by, kick them out of your office. Let them sue you and then countersue them for restraint of trade. The grounds being that EULAs are not legally enforcable and even with good faith attempts to remain compliant it's difficult. If the BSA's suit demands basically what you pasted it'd reek of nuisance suit and courts respond very harshly to that.
The only people who can get away with shit like that is the IRS. :)
The Republicans/Democrats finally got their money. Once this latest bout of bureacracy works its way through the system, Microsoft will go free.
Anti-trust litigation is just a tool for politicians to mess with big businesses that haven't paid their dues. The ones that pay go free. The ones that don't suffer the consequences.
If the American people really didn't want Windows, they would stop buying it. My sister uses a Mac. I use Linux. My other sister and my dad use Windows. What's the problem?
If Dell can be pressured by Microsoft to drop Linux support, that's Dell's problem. They could never pull that against IBM, for example.
That still doesn't change the fact that their EULA is not legally enforcable.
The whole big deal with UCITA is to make these shrinkwrap/clickthrough licenses legally binding. Otherwise it's just bullshit.
Would they sue you over it? Maybe, but they probably won't win on purely legal grounds.
Not in all places. Here, it's 10 -- we have two area codes that overlap. I'm still slowly getting used to dialing at least 10 digits whenever I make a call...
Oh, never claimed otherwise. I didn't qualify it with "In the US..." because Slashdot is an American (TM) site though. It's in the FAQ. ;)
And as it turns out, research shows that 7 is the max number of digits easily remembered by subjects in studies of short-term memory. Short-term memory is, of course, the pathway one generally needs to traverse to produce long-term memories.
Telephone numbers are seven digits. But they used to be only six digits, which means that the telephone company probably didn't do this study to figure out how many digits to use.
I bet if we used 8 digit phone numbers for 30 years they'd be able to remember 8 digits without problem. :)
They forgot to mention 'password'
When working an ISP, that was the most common password. Never really got the other 3 so much, probably because people don't want to say 'SEX' over the phone.
The reason you want to enter 4 is because a lot of old systems only supported 4. They were trying to make you backwards compatible.
If I plan on travelling to Europe I'll change it. It hasn't affected me otherwise.
I went to my bank the other day to assign a PIN to my ATM card. For this you need to sit down with a bank person at their desk. Just to be a pain in the ass, I asked her how many numbers I could enter (it's 7). She said 4. I entered 7 and it took.
Then she went "How do you remember 7 numbers?" and I said "The same way I'd remember 4 numbers. It's not like remembering yet another set of numbers is going to be hard--I've memorized the passwords of at least 20 other services".
To which the lady at the bank said "See, the best way is to just use the same password for EVERYTHING. This way you only need to remember one!"
Ah, http://www.mta.nyc.ny.us/ which happens to be the site now known as http://mta.info/
So, there you have it. A smart naming scheme.
I don't think it's smart at all. In fact it's very arrogant. Every other city, state, or country is so out of luck if they also have an MTA.
What happens if someone in LA wants to visit their MTA homepage? How obvious is it that they should visit mta.net? Or Maryland residents should go to mtamaryland.net because they're not important enough to have mta.info?
There's no way that the NYC MTA could be of any use at all to anyone in Kentucky, especially when they're likely to have one of their own. Keeping it local makes perfect sense.
The fact that people are so uneducated about the hierarchy of DNS is what leads to these conflicts over what are essentially artificial limitations. If hierarchial names had occured to the guy who Asked Slashdot about what naming scheme to use in the first place he wouldn't have even Asked Slashdot!
Sheesh. :)