Seriously, how do articles like this get accepted in the first place?
China made a village in the exact style, placements, etc. of an Austrian village. Piracy? Piracy, hardcore, piracy is what China does best? What kind of baseless insult is that? Is this news, or some emotional butthurt editorial from an Austrian?
Does that mean that large parts of China Town ripped off China? Las Vegas ripped off France with its mini Eiffel Tower?
Get real. I can't even believe this is an article. Should not have even made it to Idle.
Why not look at things that actually have happened? Let's say you go to an ATM, put in your card and PIN, and ask for $50. Instead of 5 $10 bills coming out, 5 $20 bills come out, but your receipt says only $50 was withdrawn. Do you consider that the machine or the person that filled it has 'authorized' you to have an extra $50? If so, you are very wrong. In fact, if you do not return the extra $50, you can be charged with theft.
Citation please. If the machine was only off by $50, the machine fucked up, and the customer could have just as easily been confused.
It the ATM is spitting out hundreds on to the floor....
You seem to have a very poor understanding of what authorization means. A machine (webserver) can not grant you authorization. A mistake can not grant you authorization. An incompetent sys admin can not grant you authorization. All of them can provide a means for access, none of them can provide authorization.
I have an excellent understating of what authorization means.
A webserver doesrepresent authorizations. It has to be programmed. There are no mistakes on the part of the webserver (not normally).
Authorization is a function of specifying access rights according to authenticated identities. The identity was authenticated. It was anonymous, everyone, take your pick. The access rights were explicitly defined. Everyone has the right to receive "The File".
If you send a request to a web server for a file, and receive the file, the authorization was explicit. You were allowed the file. The webserver did not ask for credentials. The webserver did not respond with appropriate headers informing you that the request was denied due to policy.
According to you and others, the person programming the web server is not responsible for the authorizations they programmed it with, and everyone must magically know what it is that they meant? .
How does that work? I ask the question of the webserver, and it responds "yes", and I have to think for 5 minutes about if it was really a yes?
No. Webservers relay information regarding to authorization perfectly (in normal operation). You have to be able to rely on the veracity of those authorizations that are being represented, and employees have to be held responsible.
There is no, "Whaaa Whaaa, that's not what I meant, throw them in jail". They can go to jail for extortion, but that company was publishing sensitive information for the whole world to have (explicitly authorized) .
No hacking was performed at any time, and I won't let the company off the hook, and I won't prosecute somebody for computer crimes when that is not actually what happened.
It's not good for the customers because companies can continue to pull this crap without consequences, and is not good for programming and IT professionals because it protects the stupid and incompetent.
It wasn't leaving the door open though. That is an incorrect analogy.
Don't let the company off without responsibility here, and don't further protections for the stupid.
That company programmed their webserver to freely deliver, without any authentication, to anonymous members of the public, confidential data. It is not a distraction to focus on that one part.
These "thieves" can be prosecuted all day long for the attempted extortion. However, they committed no fraud. At all times they represented themselves as a member of the public, asked direct questions, and received the data freely. Authorization to receive it was explicit.
Computers do what you tell them to do, not what you mean for them to do. We need to take responsibility for that.
What if these "hackers" (there was no hacking, btw) disclosed the facts to the media and notified all the customers? Would you still have them prosecuted for hacking?
Lock em up for the extortion, but please, direct as much anger towards the company, and hold the company just as liable.
It makes perfect sense when you are only comparing the conflicting interests of the parties involved.
When it comes to judges and the DOJ, they're some clearly conflicting interests. Normally, a judge would recuse himself, but I doubt that happens as often as it should. My experience has even been that some judges won't even allow arguments to proceed, which is clearly corruption.
No, I presented one that's closer to the subject of this story. The attackers didn't call the company and ask if they could have access to records. They just did what they wanted, and you're arguing that it's legitimate because nothing successfully stopped them.
You don't have to make a voice call to a company to authorize the retrieval of a document from a webserver.
They did not do just what they wanted. They did what the webserver allowed them to do. Your ignoring the cooperation of the webserver.
The records were retrieved using a tool that is incapable of conferring any legal authority, and in this case not even capable of validating the client's authority. Knives don't magically dull when you try to stab someone, guns don't check their target for a pulse before firing, and web servers don't deny requests that they aren't told are special.
No. Webservers are a tool that are perfectly capable of representing legal authority. They must be programmed. The person programming it must be representing the legal authority. Therefore, the programming represents the legal authority.
Not capable of validating the client's authority? It has always been able to do that. A webserver is not some special, magical, and unknowable computer program just because it uses a web browser as an interface. You have all sorts of data passed in headers, IP addresses, submitted data, etc.
Webservers are designed to validate a client's authority, however, you need to program that correctly. They do not possess psychic powers.
So by not configuring your stomach to block a knife blade, you have clearly demonstrated your intent to allow me to stab you? I think you have this premise backwards. Ideally, the webserver would be programmed to match the intent of the company, but mistakes and misunderstandings happen, and the dominant legal philosophy for the past few millenia is that mistakes should have as little impact on the situation as possible. Accidentally burn down a few city blocks while cooking dinner? You'll pay some heavy fines for damages,but the punitive sentence will be tiny.
I think you are using a little hyperbole here with the blame-the-victim game.
Mistakes and misunderstandings happen, but in this case the fault lies with the company. Somebody has to be held responsible for not programming the webserver correctly, and it can't be the hacker. Security through obscurity protected by law is only a way to encourage bad programming.
Remember, we are not talking about a software glitch here. We are talking about incorrectly programming the authorizations to publish specific files, and publishing information about specific files that were to remain private.
That robots.txt file, which accessing it alone is not doing anything wrong, was disclosing information you are seemingly considering possession to be a crime.
And the law would look on this situation, and have to consider all the facts. Did the hamburger cart have posted prices? Does the employee have other signs of mental defect or deficiency that would lead a reasonable person to think that the burgers really weren't free, despite what was said? Do other food carts often give away free burgers?
All those factors would go into the final decision of who was at fault for the misunderstanding, and from that the recourse will stem.
The hamburger cart was not specifically a hamburger cart, and it had no posted prices if were are going to attempt to match the analogy to a webserver.
The employees mental defects represent the incorrect programming by the employee who configured the webserver.
Whether or not hamburgers are intended to be free, or normally free, is not relevant to the law. They were given away for free to the customer. According to your legal interpretation the easiest way to get somebody incarcerated wou
It's the magnitude of their offenses and the strength of their current war against the consumer.
It's not as if they are reformed, in the process of reforming, or even interested in the idea of reform.
Sorry, but it will take a complete replacement of all upper management and years and years and years of good works, involvement with the local communities, helping grandmas across the street, and feeding starving orphans before I can start to reconsider my grudge.
Sony's past crimes, combined with their well known war against the consumer, justifies the death sentence and avoidance at all costs.
They would need to stop their war against the consumer today, eliminate DRM in their products, actively push for sane copyright reform and customer protections under the law, and engage in behavior beneficial to society for decades to make up for what they did.
I can refuse to acknowledge positive contributions because when weighed against the negative contributions, just the current ones, it is so massively one sided, that Sony is seriously evil to the customers.
You got the briefcase analogy wrong. You're forgetting that the executive was asked what the briefcase contained and handed it over without duress. There was no theft, and all times, all actions were authorized by the executive.
The webserver can only do what a company representative told it to do. So the intended level of authorizations needs to match the programmed level of authorizations. The responsibility for that lies entirely with the company.
Pedantic? Not hardly.
Consider this analogy:
You have a food cart. It is staffed by an incompetent employee. Customer walks up and asks if there are hamburgers available. Employee responds yes. Customer asks if just anyone can have it (more accurately the employee never asks who the customer is). Employee responds that it is for everyone. Customer asks for 10 hamburgers. Employee hands over 10 hamburgers.
Now 4 hours later when the police arrive at the customer's home and charge him with theft, is it correct?
I would argue that it is not. The owners of the food cart may not have intended for the hamburgers to be free, or even advertised as available yet, but that is not what their employee said is it? It could even be highly unusual that hamburgers are free, and that a normal person would find it unusual, but once again, the employee handed them over.
It's an important distinction for me because I don't like legislating the protection of the stupid, and don't want corporations to get off lightly. It's a really bad precedent in which logic and reason get thrown out the window to protect the rich and powerful. Standards need to be maintained.
Put the hackers in jail for extortion and fine the crap out of the company for not properly configuring their webserver.
Not legal, but also not representative of what I actually said.
That SVP would have been asked if the laptop contained the marketing plans and customer lists and if you could have a copy of them, and then you would have made a copy.
Nothing will change the fact that somebody had to program the authorizations into the computer systems. That person did so incorrectly. Like I said, computers do what you tell to them to do, and never what you mean for them to do.
Nothing was actually hacked at all. That does not mean they should not go to jail for extortion, but you are being far too lenient on the company.
Corporations have to take responsibility for how they program their systems. "Authorizations" are programmed, and the only thing that matters is not what they intended it to be, but what they made it to be .
You can be upset that I don't want to legally protect your intentions and will only consider what you actually programmed the computer system with, but that is the correct interpretation of law.
Security through obscurity never really works, and legislating security regardless of stupidity is a bad idea too.
Moral of the story? Hire competent people that can program your correct intentions into a computer system.
Did you forget that part at the end where I said they should be prosecuted for extortion?
It was right there at the end? You missed it?
Here it is again:
I would not prosecute these so-called hackers for computer crimes, but simple extortion.
I was not avoiding any moral issue, but was in fact attempting to bring to light the true offender, the company. They provided that data to the public without prior authorization. Prosecute the "hackers" for extortion, but also fine the crap out of the company for not properly configuring their webserver and website.
No. They should not be prosecuted. Depending on the state, the company should be prosecuted, and/or fined.
The company was the one at fault here. While computers and webservers can be complicated at some points, that does not excuse a company taking appropriate steps to secure customer data.
This was not a security exploit and no hacking was actually performed. That webserver was configured to deliver that customer information upon request to any public user without prior authorization.
SONY has been on my "do not patronize" list for years and will remain so for the foreseeable future.
Cue the people telling us to just get over the root-kit or whatever else Sony has done.
NEVER.
Sony long ago declared war against the consumer, and much like an aged convict in prison, it does not matter how goody two-shoes they are today. They still murdered somebody. Parole Denied. Let them turn to dust.
Only the complete destruction of Sony will assuage they deep and intense desire for justice against Sony and their evil deeds.
I don't care if they release the fucking cure for cancer tomorrow. The execution is still going to proceed on schedule.
Although, I want to expand upon the idea of entitlement. I believe that it is in the best interests of society to temporarily entitle creators to be paid for their contributions in that it helps create new content for the Public Domain. I don't care about the creators nearly as much as I care about the concept of the Public Domain. It represents the sum of knowledge, all of our art, all of the hard work and expressions of our ancestors that allow us the luxury of near instantaneous communication on a magic machine.
Creators are not entitled to "own" their works or ideas. Those are free from their inception, and until the ends of time itself. For the time being until we evolve into a more advanced society it just makes sense to help the creators have clothes, food, and shelter.
If the content providers (not always the creators) are Total Dicks and want to attach more to the transaction than simply give-me-my-shit-I-give-you-the-money, then they deserve everything they get. They have no ethical basis to maintain a presence in my home post-sale, nor to constrain my conduct with the content. The only two exceptions being distribution and public performance.
So yes, my problem is the delivery method, what is delivered, different prices and capabilities based on arbitrary time lines and geography, and sometimes complete lack of availability. If you don't make it available for sale, my viewpoint is that you just lost any entitlements to the material. Especially with digital distribution and the costs being so low.
If they are willing to let me have it, on my terms, at a reasonable price, they can have my money. I currently pay for a number of services, Netflix, Slacker, etc. and purchase DVD collections of TV shows, so I am no stranger to paying for stuff.
My terms are quite reasonable too. No DRM. No PUOs on the media players. No commercials or advertisements dispersed throughout the content. No dick-brained attempts at binding me to legal agreements well outside the scope and spirit of copyright to prevent me from media shifting, time shifting, etc.
Even if they did delete the original file it would not be stealing, but destruction of property.
Thank you for pointing out the flaw in the open door analogy that always gets trotted out. Although intent does play a factor, the important word in the law is "unauthorized" or whether or not actions "exceeded authorization".
Web servers are not open doors, and they are not like TRON.
They simply serve documents. Sometimes they will ask for security credentials before serving the document, or check internal policies (htaccess/session based authorization and ACL), but always end up serving a document even if it is a simple response in a header like a 404.
The only thing these hackers did was ask for a file (robots.txt) and notice that it mentioned another file and then asked for it directly.
"Exceeded authorization" would be an interesting argument because computers always do what you tell them to do, not what you meant for them to do. So while this company may not have intended to give authorization, they did in fact, give authorization to download the file. At the very least, they did not deny the hackers the ability to download the file, and were at no time confused about the identity of the hackers (representing public users).
If there is any appropriate analogy here it is that the company had a moron executive walking around with a briefcase full of business data, some random person asked if it was the business data and if they could have it, and the moron executive said why not, here it is. After the fact, random person contact company, informs them of said stupidity, and attempts to assess "idiot tax".
Idiot tax is highly appropriate here.
I would not prosecute these so-called hackers for computer crimes, but simple extortion.
How else does one distinguish themselves amongst a galaxy of replicator clad humanoids if not for fine quality hand made fabrics carefully assembled in the styles of the day?
Can you please STFU about the RIAA? It has nothing to do with this other than to get groupthink fucks to agree with you. These are the same types of fucks who don't know a speeding ticket from a subpoena.
Actually, it has quite a bit to do with it.
The point is that the legal system is broken, not clueless, because the people involved in the deciding part (judges, DOJ) have conflicting interests due to their associations with current/former clients.
That's why Oracle gets a much different result than Apple in the legal system. Not actual logic, ethics, or law, but who you know and where they used to work for.
perhaps the slap in the face finally pushed him into super-villainy...
I think he has been there for years.
It's just one more purchase in a long line of super villiany like purchases. Think about it. Yachts, Islands, massive Data Centers. It's like he decided to purchase everything he ever saw a James Bond villain have.
Slashdot Mirror
Seriously, how do articles like this get accepted in the first place?
China made a village in the exact style, placements, etc. of an Austrian village. Piracy? Piracy, hardcore, piracy is what China does best? What kind of baseless insult is that? Is this news, or some emotional butthurt editorial from an Austrian?
Does that mean that large parts of China Town ripped off China? Las Vegas ripped off France with its mini Eiffel Tower?
Get real. I can't even believe this is an article. Should not have even made it to Idle.
Yeah, I am kind of a different approach now that I am finding myself later in life.
Get as absolutely much pussy as you can NOW. Don't listen to anyone else. This is the one time in your life that your penis is actually correct.
Listen to him. Nail as many high school chicks as you can.
Go boy! Get to it!
Why not look at things that actually have happened? Let's say you go to an ATM, put in your card and PIN, and ask for $50. Instead of 5 $10 bills coming out, 5 $20 bills come out, but your receipt says only $50 was withdrawn. Do you consider that the machine or the person that filled it has 'authorized' you to have an extra $50? If so, you are very wrong. In fact, if you do not return the extra $50, you can be charged with theft.
Citation please. If the machine was only off by $50, the machine fucked up, and the customer could have just as easily been confused.
It the ATM is spitting out hundreds on to the floor....
You seem to have a very poor understanding of what authorization means. A machine (webserver) can not grant you authorization. A mistake can not grant you authorization. An incompetent sys admin can not grant you authorization. All of them can provide a means for access, none of them can provide authorization.
I have an excellent understating of what authorization means.
A webserver does represent authorizations. It has to be programmed. There are no mistakes on the part of the webserver (not normally).
Authorization is a function of specifying access rights according to authenticated identities. The identity was authenticated. It was anonymous, everyone, take your pick. The access rights were explicitly defined. Everyone has the right to receive "The File".
If you send a request to a web server for a file, and receive the file, the authorization was explicit. You were allowed the file. The webserver did not ask for credentials. The webserver did not respond with appropriate headers informing you that the request was denied due to policy.
According to you and others, the person programming the web server is not responsible for the authorizations they programmed it with, and everyone must magically know what it is that they meant? .
How does that work? I ask the question of the webserver, and it responds "yes", and I have to think for 5 minutes about if it was really a yes?
No. Webservers relay information regarding to authorization perfectly (in normal operation). You have to be able to rely on the veracity of those authorizations that are being represented, and employees have to be held responsible.
There is no, "Whaaa Whaaa, that's not what I meant, throw them in jail". They can go to jail for extortion, but that company was publishing sensitive information for the whole world to have (explicitly authorized) .
No hacking was performed at any time, and I won't let the company off the hook, and I won't prosecute somebody for computer crimes when that is not actually what happened.
It's not good for the customers because companies can continue to pull this crap without consequences, and is not good for programming and IT professionals because it protects the stupid and incompetent.
Be as sarcastic as you want.
The moment you let Sony off the hook, and just give up, then they have won.
More people refuse to allow Sony to continue with their shit, the less money they have, the faster they will die.
Don't settle for getting fucked in the ass when you can fight till your last breath trying to kill the bastard doing it.
It wasn't leaving the door open though. That is an incorrect analogy.
Don't let the company off without responsibility here, and don't further protections for the stupid.
That company programmed their webserver to freely deliver, without any authentication, to anonymous members of the public, confidential data. It is not a distraction to focus on that one part.
These "thieves" can be prosecuted all day long for the attempted extortion. However, they committed no fraud. At all times they represented themselves as a member of the public, asked direct questions, and received the data freely. Authorization to receive it was explicit.
Computers do what you tell them to do, not what you mean for them to do. We need to take responsibility for that.
What if these "hackers" (there was no hacking, btw) disclosed the facts to the media and notified all the customers? Would you still have them prosecuted for hacking?
Lock em up for the extortion, but please, direct as much anger towards the company, and hold the company just as liable.
It makes perfect sense when you are only comparing the conflicting interests of the parties involved.
When it comes to judges and the DOJ, they're some clearly conflicting interests. Normally, a judge would recuse himself, but I doubt that happens as often as it should. My experience has even been that some judges won't even allow arguments to proceed, which is clearly corruption.
No, I presented one that's closer to the subject of this story. The attackers didn't call the company and ask if they could have access to records. They just did what they wanted, and you're arguing that it's legitimate because nothing successfully stopped them.
You don't have to make a voice call to a company to authorize the retrieval of a document from a webserver.
They did not do just what they wanted. They did what the webserver allowed them to do. Your ignoring the cooperation of the webserver.
The records were retrieved using a tool that is incapable of conferring any legal authority, and in this case not even capable of validating the client's authority. Knives don't magically dull when you try to stab someone, guns don't check their target for a pulse before firing, and web servers don't deny requests that they aren't told are special.
No. Webservers are a tool that are perfectly capable of representing legal authority. They must be programmed. The person programming it must be representing the legal authority. Therefore, the programming represents the legal authority.
Not capable of validating the client's authority? It has always been able to do that. A webserver is not some special, magical, and unknowable computer program just because it uses a web browser as an interface. You have all sorts of data passed in headers, IP addresses, submitted data, etc.
Webservers are designed to validate a client's authority, however, you need to program that correctly. They do not possess psychic powers.
So by not configuring your stomach to block a knife blade, you have clearly demonstrated your intent to allow me to stab you? I think you have this premise backwards. Ideally, the webserver would be programmed to match the intent of the company, but mistakes and misunderstandings happen, and the dominant legal philosophy for the past few millenia is that mistakes should have as little impact on the situation as possible. Accidentally burn down a few city blocks while cooking dinner? You'll pay some heavy fines for damages,but the punitive sentence will be tiny.
I think you are using a little hyperbole here with the blame-the-victim game.
Mistakes and misunderstandings happen, but in this case the fault lies with the company. Somebody has to be held responsible for not programming the webserver correctly, and it can't be the hacker. Security through obscurity protected by law is only a way to encourage bad programming.
Remember, we are not talking about a software glitch here. We are talking about incorrectly programming the authorizations to publish specific files, and publishing information about specific files that were to remain private.
That robots.txt file, which accessing it alone is not doing anything wrong, was disclosing information you are seemingly considering possession to be a crime.
And the law would look on this situation, and have to consider all the facts. Did the hamburger cart have posted prices? Does the employee have other signs of mental defect or deficiency that would lead a reasonable person to think that the burgers really weren't free, despite what was said? Do other food carts often give away free burgers?
All those factors would go into the final decision of who was at fault for the misunderstanding, and from that the recourse will stem.
The hamburger cart was not specifically a hamburger cart, and it had no posted prices if were are going to attempt to match the analogy to a webserver.
The employees mental defects represent the incorrect programming by the employee who configured the webserver.
Whether or not hamburgers are intended to be free, or normally free, is not relevant to the law. They were given away for free to the customer. According to your legal interpretation the easiest way to get somebody incarcerated wou
That's only because people like you continue to enable corporations like Sony.
If you don't put up with their shit, and actually boycott them, Sony will die before you do.
It's the magnitude of their offenses and the strength of their current war against the consumer.
It's not as if they are reformed, in the process of reforming, or even interested in the idea of reform.
Sorry, but it will take a complete replacement of all upper management and years and years and years of good works, involvement with the local communities, helping grandmas across the street, and feeding starving orphans before I can start to reconsider my grudge.
DRM != rootkit.
They were not remotely equivalent.
It is the magnitude of the past crimes.
Sony's past crimes, combined with their well known war against the consumer, justifies the death sentence and avoidance at all costs.
They would need to stop their war against the consumer today, eliminate DRM in their products, actively push for sane copyright reform and customer protections under the law, and engage in behavior beneficial to society for decades to make up for what they did.
I can refuse to acknowledge positive contributions because when weighed against the negative contributions, just the current ones, it is so massively one sided, that Sony is seriously evil to the customers.
Intent is rather difficult here.
You got the briefcase analogy wrong. You're forgetting that the executive was asked what the briefcase contained and handed it over without duress . There was no theft, and all times, all actions were authorized by the executive.
The webserver can only do what a company representative told it to do. So the intended level of authorizations needs to match the programmed level of authorizations. The responsibility for that lies entirely with the company.
Pedantic? Not hardly.
Consider this analogy:
You have a food cart. It is staffed by an incompetent employee. Customer walks up and asks if there are hamburgers available. Employee responds yes. Customer asks if just anyone can have it (more accurately the employee never asks who the customer is). Employee responds that it is for everyone. Customer asks for 10 hamburgers. Employee hands over 10 hamburgers.
Now 4 hours later when the police arrive at the customer's home and charge him with theft, is it correct?
I would argue that it is not. The owners of the food cart may not have intended for the hamburgers to be free, or even advertised as available yet, but that is not what their employee said is it? It could even be highly unusual that hamburgers are free, and that a normal person would find it unusual, but once again, the employee handed them over.
It's an important distinction for me because I don't like legislating the protection of the stupid, and don't want corporations to get off lightly. It's a really bad precedent in which logic and reason get thrown out the window to protect the rich and powerful. Standards need to be maintained.
Put the hackers in jail for extortion and fine the crap out of the company for not properly configuring their webserver.
Not legal, but also not representative of what I actually said.
That SVP would have been asked if the laptop contained the marketing plans and customer lists and if you could have a copy of them, and then you would have made a copy.
Legal.
You can be as belligerent as you want to be.
Nothing will change the fact that somebody had to program the authorizations into the computer systems. That person did so incorrectly. Like I said, computers do what you tell to them to do, and never what you mean for them to do.
Nothing was actually hacked at all. That does not mean they should not go to jail for extortion, but you are being far too lenient on the company.
Corporations have to take responsibility for how they program their systems. "Authorizations" are programmed, and the only thing that matters is not what they intended it to be, but what they made it to be .
You can be upset that I don't want to legally protect your intentions and will only consider what you actually programmed the computer system with, but that is the correct interpretation of law.
Security through obscurity never really works, and legislating security regardless of stupidity is a bad idea too.
Moral of the story? Hire competent people that can program your correct intentions into a computer system.
You're right. A webserver is a computer and has no authority to authorize anything.
The people who configured it however.... do.
That's my point. Whether or not it was intentional, those authorizations were incorrectly programmed into the webserver.
So a more accurate statement from the judge would be, "Well I understand you being upset, but you told your robot to tell him he could do it!"
Did you forget that part at the end where I said they should be prosecuted for extortion?
It was right there at the end? You missed it?
Here it is again:
I would not prosecute these so-called hackers for computer crimes, but simple extortion.
I was not avoiding any moral issue, but was in fact attempting to bring to light the true offender, the company. They provided that data to the public without prior authorization. Prosecute the "hackers" for extortion, but also fine the crap out of the company for not properly configuring their webserver and website.
No. They should not be prosecuted. Depending on the state, the company should be prosecuted, and/or fined.
The company was the one at fault here. While computers and webservers can be complicated at some points, that does not excuse a company taking appropriate steps to secure customer data.
This was not a security exploit and no hacking was actually performed. That webserver was configured to deliver that customer information upon request to any public user without prior authorization.
SONY has been on my "do not patronize" list for years and will remain so for the foreseeable future.
Cue the people telling us to just get over the root-kit or whatever else Sony has done.
NEVER.
Sony long ago declared war against the consumer, and much like an aged convict in prison, it does not matter how goody two-shoes they are today. They still murdered somebody. Parole Denied. Let them turn to dust.
Only the complete destruction of Sony will assuage they deep and intense desire for justice against Sony and their evil deeds.
I don't care if they release the fucking cure for cancer tomorrow. The execution is still going to proceed on schedule.
Pretty Much.
Although, I want to expand upon the idea of entitlement. I believe that it is in the best interests of society to temporarily entitle creators to be paid for their contributions in that it helps create new content for the Public Domain. I don't care about the creators nearly as much as I care about the concept of the Public Domain. It represents the sum of knowledge, all of our art, all of the hard work and expressions of our ancestors that allow us the luxury of near instantaneous communication on a magic machine.
Creators are not entitled to "own" their works or ideas. Those are free from their inception, and until the ends of time itself. For the time being until we evolve into a more advanced society it just makes sense to help the creators have clothes, food, and shelter.
If the content providers (not always the creators) are Total Dicks and want to attach more to the transaction than simply give-me-my-shit-I-give-you-the-money, then they deserve everything they get. They have no ethical basis to maintain a presence in my home post-sale, nor to constrain my conduct with the content. The only two exceptions being distribution and public performance.
So yes, my problem is the delivery method, what is delivered, different prices and capabilities based on arbitrary time lines and geography, and sometimes complete lack of availability. If you don't make it available for sale, my viewpoint is that you just lost any entitlements to the material. Especially with digital distribution and the costs being so low.
If they are willing to let me have it, on my terms, at a reasonable price, they can have my money. I currently pay for a number of services, Netflix, Slacker, etc. and purchase DVD collections of TV shows, so I am no stranger to paying for stuff.
My terms are quite reasonable too. No DRM. No PUOs on the media players. No commercials or advertisements dispersed throughout the content. No dick-brained attempts at binding me to legal agreements well outside the scope and spirit of copyright to prevent me from media shifting, time shifting, etc.
Even if they did delete the original file it would not be stealing, but destruction of property.
Thank you for pointing out the flaw in the open door analogy that always gets trotted out. Although intent does play a factor, the important word in the law is "unauthorized" or whether or not actions "exceeded authorization".
Web servers are not open doors, and they are not like TRON.
They simply serve documents. Sometimes they will ask for security credentials before serving the document, or check internal policies (htaccess/session based authorization and ACL), but always end up serving a document even if it is a simple response in a header like a 404.
The only thing these hackers did was ask for a file (robots.txt) and notice that it mentioned another file and then asked for it directly.
"Exceeded authorization" would be an interesting argument because computers always do what you tell them to do, not what you meant for them to do. So while this company may not have intended to give authorization, they did in fact, give authorization to download the file. At the very least, they did not deny the hackers the ability to download the file, and were at no time confused about the identity of the hackers (representing public users).
If there is any appropriate analogy here it is that the company had a moron executive walking around with a briefcase full of business data, some random person asked if it was the business data and if they could have it, and the moron executive said why not, here it is. After the fact, random person contact company, informs them of said stupidity, and attempts to assess "idiot tax".
Idiot tax is highly appropriate here.
I would not prosecute these so-called hackers for computer crimes, but simple extortion.
My dear fellow, you make it sound so insidious!
How else does one distinguish themselves amongst a galaxy of replicator clad humanoids if not for fine quality hand made fabrics carefully assembled in the styles of the day?
Can you please STFU about the RIAA? It has nothing to do with this other than to get groupthink fucks to agree with you. These are the same types of fucks who don't know a speeding ticket from a subpoena.
Actually, it has quite a bit to do with it.
The point is that the legal system is broken, not clueless, because the people involved in the deciding part (judges, DOJ) have conflicting interests due to their associations with current/former clients.
That's why Oracle gets a much different result than Apple in the legal system. Not actual logic, ethics, or law, but who you know and where they used to work for.
perhaps the slap in the face finally pushed him into super-villainy...
I think he has been there for years.
It's just one more purchase in a long line of super villiany like purchases. Think about it. Yachts, Islands, massive Data Centers. It's like he decided to purchase everything he ever saw a James Bond villain have.
I wonder if he has a white cat....
Dude...
That's hilarious. He rips the whole movie apart.
So you wait until she commits to marriage... then has a child with you.... before you spring Star Trek on her in an indirect way....
Sounds like unexpected vendor lock-in :)
The irony...