Where, exactly, does the second linked patent say anything at all about routes, fees, retailers, or congestion? As I read it, the second patent is about charging tailgaters a higher toll, based on the theory that tailgating causes everyone behind the tailgater to increase braking and acceleration, which is bad for the environment.
Only if seller is competent and authorized to make such a decision. If the 'seller' is the checker at your local department store, you still owe $50 if you take the merchandise. Failure to pay it, regardless of what the checker says, is still theft. Same with web servers that have not been authorized to accept counteroffers.
No, because you have to be competent to make an agreement. A machine that is not designed to recognize, understand, and analyze unexpected counteroffers is not competent to make a decision, therefore any such 'agreements' are probably non-binding.
You are correct up to a point. However, the catch is that if you don't agree, you don't get to use the service, because it is only offered on acceptance of the agreement.
Think of it this way: someone offers to sell you something for $50. You do not accept that price, and make a counteroffer of $40. At this point, the seller owes you nothing, and you owe the seller nothing. Until you come to an agreement, you do not get the thing, and the seller gets no money.
A EULA or TOS is expected and assumed to be agreed to by a competent person. Said person has the opportunity to read and understand the agreement. If he can't understand it, he can get advice from legal council. If he doesn't want to do that, he can reject the agreement.
A modified GET or POST is not expected to be seen by a person. A machine can not make a decision if it was not designed to do so.
If you are legally unable to make a decision, whether you are a person (ie underage, incompetent, etc) or machine (not designed to do so), your decisions are not binding.
Here is an easy way for you to test this bizarre theory. Go to a web site that sells stuff. Purchase a couple thousand dollars worth of stuff. When you get to the page that says you agree to pay, send a modified response that says 'BTW - I am proposing different prices. I will only pay $100 for all these things. If you ship the stuff to me you have accepted these modifications'.
When you get your credit card bill, contest the charges on the grounds that you proposed a different price and they accepted it. See if you can convince anyone (merchant, CC, police, prosecutor, judge, jury) that what you did was anything other than fraud.
And no, an error (such as ignoring unexpected data) does not count as acceptance of an agreement, which requires a conscious decision (the so-called meeting of the minds).
Have you checked out the laws on practicing law without a license? It seems to me you are offering legal advice (use this tool and you can modify a legal agreement), but don't really know even the most basic things about law.
What exactly is the point of this? Your choices are pretty much:
1) Agree to the TOS, and use the service 2) Don't agree, don't use the service 3) Propose modifications, which will either be not seen, ignored, or rejected, and you are right back where you started
If you don't like the TOS, send an email and say why you aren't using their service.
Yeah, except that it was Intel (not Microsoft) that invented it about 15 years ago. Oh, and Linux has supported it since 2000. As does HP-UX, openVMS, and Apple. Now, finally, MS is using it, and somehow it magically became EVIL.
Eh? The 'keys' you are referring to are a list of vendors you trust. Having said public key does not allow anyone to sign code. The whole point is that only developers you trust can sign code. If you trust Red Hat, you can run their signed code. If you trust Microsoft, you can run their signed code. Trusting Red Hat does not mean you can run Microsoft signed code, and vice-versa.
What are you talking about? How is a bios going to 'leak' a key? The keys are public, that is the whole point of them.
Here is my understanding of how this works: A vendor has a piece of code it wants you to trust (bootloader). The vendor creates a public/private key pair, and distributes the public key to all it's users. It uses the private key to sign the piece of code, and the signature gets distributed with the code. When UEFI is ready to load the bootloader, it uses the public key to verify that the signature is still correct on the code (the code has not changed since the vendor signed it). If the signature is good, boot proceeds as normal. If the vendor subsequently updates the code, the new code is again signed with the same key, and everything works as expected. If a piece of malware modifies the bootloader the signature will not match and booting is halted.
In this scenario there are basically three things that can go wrong: the signer of the code (ie the original vendor) can sign code with malware in it, the signer of the code can lose the private key, allowing anyone to sign invalid code, and the public key you have could be bogus. The first two would remove the vendor from the 'trusted' category, so any further discussion of trust is moot. The third one (bogus key) should be relatively easy to prevent (vendor has a SSL-protected web site that contains the key).
I am not sure what happens with your plan. Let's say you (a consumer) buy a new Dell PC at Best Buy (or a new no-name box from PCs-R-Us that comes with a copy of an OS). I think you said you would generate the signature on first boot, right? Well what happens if the code has already been compromised by the OEM, the retailer, the shipping company etc? You just said to trust code that can't be trusted. What happens when the vendor OR malware updates the code, making your signature invalid? Do you expect your users to fully understand the nature of the change, and re-sign the code? If they could do that, we wouldn't need to have this discussion in the first place.
In the UEFI method, a leaked or broken key would be bad. However, that is a pretty unlikely scenario. Even if it does happen, you could get the word out that the boot process is no longer secure, contact your vendor for a fix, etc.
In your scenario you have no protection at all, ever. It is no different than today, because you are trusting too many people along the way. Including, most worryingly, the end users.
Egad that is awful. You have just switched from "this is trusted becomes it comes from someone I trust" to "this is trusted because I said so". And how, exactly, is the average consumer supposed to know just what to trust? Your method is no more secure than the status quo, which is not secure at all.
You do realize that there is no law requiring anyone to use UEFI, right? About the most that could happen would be the owner of the UEFI trademark (if any) could sue for trademark infringement. And that is quite easily avoided by manufacturers - just don't call it UEFI.
Unless you have some sort of proof that Microsoft forced the OEMs to not allow it to be disabled and did not allow for other OS's to be installed, any such cases would be immediately thrown in the trash where they belong. And no, a bunch of whining and 'what ifs' and 'it could happen' and even 'it happened before' do not count as proof.
What does that have to do with anything? IBM made $23B selling it's own software. Does Microsoft sell Android phones? No? Then what is the point of your post?
Why wait for Google or someone else to do that? If you think that is such a great idea, put together a business plan that involves spending a ton of money to build towers, remaining price competitive with the existing carriers (so you can attract more than just the very few top bandwidth users), and overbuilding your network so that no user ever runs into a cap or throttling situation. Pitch that plan to investors, and have a go at it.
Slashdot doesn't have articles, it has summaries, which generally should not be relied on as the sole source of information. In addition, the press release has a link 'for more information' in the very first paragraph. And that page has a bullet which says "Visit the website of a U.S. library that offers digital services from OverDrive." I would think that as a writer you would know that summaries and press releases seldom contain all the information someone would like to know about a subject.
In the time it took you to write your little rant you could have found out that not only is this service provided by OverDrive, but also that:
OverDrive was a founding member of the International Digital Publishing Forum (IDPF). Established in 2000, the IDPF promotes the development of electronic publishing applications and products that will benefit creators of content, makers of reading systems, and consumers, including the industry standard EPUB format.
Yeah, sounds like they are really out to screw authors.
Hmm. Let's see. First line of the press release (which in this case is the article): "Amazon.com today announced that Kindle and Kindle app customers can now borrow Kindle books from more than 11,000 local libraries in the United States." I fail to see how "borrowing books from libraries" is substantially different from "libraries lending books" other than point of view.
A bank doesn't have to have cash on hand to cover deposits, but they must have assets to cover them. The assets are usually in the form of outstanding loans. Full Tilt has neither cash nor assets, the money is just gone.
Actually, it is the very definition of a Ponzi scheme.
There should be two distinct piles of money here. First, we have the business's money. I don't know how they earn this (percentage of play maybe), but it doesn't really matter. This is the money they can use to operate the business. For this fund, it is perfectly reasonable to expect money to keep coming in, that is how businesses operate.
However, there should be a separate pile of money that belongs to the account holders. This is NOT the business's money. They should, at any time, be able to pay off every single account holder every penny they hold in the account. If you have to keep having new accounts (or more money added to them) to pay off other accounts, that is a Ponzi scheme.
Slashdot Mirror
Where, exactly, does the second linked patent say anything at all about routes, fees, retailers, or congestion? As I read it, the second patent is about charging tailgaters a higher toll, based on the theory that tailgating causes everyone behind the tailgater to increase braking and acceleration, which is bad for the environment.
Only if seller is competent and authorized to make such a decision. If the 'seller' is the checker at your local department store, you still owe $50 if you take the merchandise. Failure to pay it, regardless of what the checker says, is still theft. Same with web servers that have not been authorized to accept counteroffers.
No, because you have to be competent to make an agreement. A machine that is not designed to recognize, understand, and analyze unexpected counteroffers is not competent to make a decision, therefore any such 'agreements' are probably non-binding.
You are correct up to a point. However, the catch is that if you don't agree, you don't get to use the service, because it is only offered on acceptance of the agreement.
Think of it this way: someone offers to sell you something for $50. You do not accept that price, and make a counteroffer of $40. At this point, the seller owes you nothing, and you owe the seller nothing. Until you come to an agreement, you do not get the thing, and the seller gets no money.
A EULA or TOS is expected and assumed to be agreed to by a competent person. Said person has the opportunity to read and understand the agreement. If he can't understand it, he can get advice from legal council. If he doesn't want to do that, he can reject the agreement.
A modified GET or POST is not expected to be seen by a person. A machine can not make a decision if it was not designed to do so.
If you are legally unable to make a decision, whether you are a person (ie underage, incompetent, etc) or machine (not designed to do so), your decisions are not binding.
Here is an easy way for you to test this bizarre theory. Go to a web site that sells stuff. Purchase a couple thousand dollars worth of stuff. When you get to the page that says you agree to pay, send a modified response that says 'BTW - I am proposing different prices. I will only pay $100 for all these things. If you ship the stuff to me you have accepted these modifications'.
When you get your credit card bill, contest the charges on the grounds that you proposed a different price and they accepted it. See if you can convince anyone (merchant, CC, police, prosecutor, judge, jury) that what you did was anything other than fraud.
And no, an error (such as ignoring unexpected data) does not count as acceptance of an agreement, which requires a conscious decision (the so-called meeting of the minds).
Have you checked out the laws on practicing law without a license? It seems to me you are offering legal advice (use this tool and you can modify a legal agreement), but don't really know even the most basic things about law.
And be AUTHORIZED to accept a counteroffer.
And exactly how does an unread, ignored, or rejected counter-proposal achieve any of your lofty goals?
What exactly is the point of this? Your choices are pretty much:
1) Agree to the TOS, and use the service
2) Don't agree, don't use the service
3) Propose modifications, which will either be not seen, ignored, or rejected, and you are right back where you started
If you don't like the TOS, send an email and say why you aren't using their service.
Even if that were remotely true (which it isn't), that would be entirely between the buyer and seller of the ad, not you.
Yeah, except that it was Intel (not Microsoft) that invented it about 15 years ago. Oh, and Linux has supported it since 2000. As does HP-UX, openVMS, and Apple. Now, finally, MS is using it, and somehow it magically became EVIL.
Eh? The 'keys' you are referring to are a list of vendors you trust. Having said public key does not allow anyone to sign code. The whole point is that only developers you trust can sign code. If you trust Red Hat, you can run their signed code. If you trust Microsoft, you can run their signed code. Trusting Red Hat does not mean you can run Microsoft signed code, and vice-versa.
What are you talking about? How is a bios going to 'leak' a key? The keys are public, that is the whole point of them.
Here is my understanding of how this works: A vendor has a piece of code it wants you to trust (bootloader). The vendor creates a public/private key pair, and distributes the public key to all it's users. It uses the private key to sign the piece of code, and the signature gets distributed with the code. When UEFI is ready to load the bootloader, it uses the public key to verify that the signature is still correct on the code (the code has not changed since the vendor signed it). If the signature is good, boot proceeds as normal. If the vendor subsequently updates the code, the new code is again signed with the same key, and everything works as expected. If a piece of malware modifies the bootloader the signature will not match and booting is halted.
In this scenario there are basically three things that can go wrong: the signer of the code (ie the original vendor) can sign code with malware in it, the signer of the code can lose the private key, allowing anyone to sign invalid code, and the public key you have could be bogus. The first two would remove the vendor from the 'trusted' category, so any further discussion of trust is moot. The third one (bogus key) should be relatively easy to prevent (vendor has a SSL-protected web site that contains the key).
I am not sure what happens with your plan. Let's say you (a consumer) buy a new Dell PC at Best Buy (or a new no-name box from PCs-R-Us that comes with a copy of an OS). I think you said you would generate the signature on first boot, right? Well what happens if the code has already been compromised by the OEM, the retailer, the shipping company etc? You just said to trust code that can't be trusted. What happens when the vendor OR malware updates the code, making your signature invalid? Do you expect your users to fully understand the nature of the change, and re-sign the code? If they could do that, we wouldn't need to have this discussion in the first place.
In the UEFI method, a leaked or broken key would be bad. However, that is a pretty unlikely scenario. Even if it does happen, you could get the word out that the boot process is no longer secure, contact your vendor for a fix, etc.
In your scenario you have no protection at all, ever. It is no different than today, because you are trusting too many people along the way. Including, most worryingly, the end users.
Egad that is awful. You have just switched from "this is trusted becomes it comes from someone I trust" to "this is trusted because I said so". And how, exactly, is the average consumer supposed to know just what to trust? Your method is no more secure than the status quo, which is not secure at all.
You do realize that there is no law requiring anyone to use UEFI, right? About the most that could happen would be the owner of the UEFI trademark (if any) could sue for trademark infringement. And that is quite easily avoided by manufacturers - just don't call it UEFI.
Unless you have some sort of proof that Microsoft forced the OEMs to not allow it to be disabled and did not allow for other OS's to be installed, any such cases would be immediately thrown in the trash where they belong. And no, a bunch of whining and 'what ifs' and 'it could happen' and even 'it happened before' do not count as proof.
I don't see how your 'right' way is any different from what actually happens, and nothing in those quotes indicates otherwise.
What does that have to do with anything? IBM made $23B selling it's own software. Does Microsoft sell Android phones? No? Then what is the point of your post?
IBM made $23B in software last year, so apparently they can do just a little bit of software marketing.
Why wait for Google or someone else to do that? If you think that is such a great idea, put together a business plan that involves spending a ton of money to build towers, remaining price competitive with the existing carriers (so you can attract more than just the very few top bandwidth users), and overbuilding your network so that no user ever runs into a cap or throttling situation. Pitch that plan to investors, and have a go at it.
Slashdot doesn't have articles, it has summaries, which generally should not be relied on as the sole source of information. In addition, the press release has a link 'for more information' in the very first paragraph. And that page has a bullet which says "Visit the website of a U.S. library that offers digital services from OverDrive." I would think that as a writer you would know that summaries and press releases seldom contain all the information someone would like to know about a subject.
In the time it took you to write your little rant you could have found out that not only is this service provided by OverDrive, but also that:
OverDrive was a founding member of the International Digital Publishing Forum (IDPF). Established in 2000, the IDPF promotes the development of electronic publishing applications and products that will benefit creators of content, makers of reading systems, and consumers, including the industry standard EPUB format.
Yeah, sounds like they are really out to screw authors.
Hmm. Let's see. First line of the press release (which in this case is the article): "Amazon.com today announced that Kindle and Kindle app customers can now borrow Kindle books from more than 11,000 local libraries in the United States." I fail to see how "borrowing books from libraries" is substantially different from "libraries lending books" other than point of view.
A bank doesn't have to have cash on hand to cover deposits, but they must have assets to cover them. The assets are usually in the form of outstanding loans. Full Tilt has neither cash nor assets, the money is just gone.
Actually, it is the very definition of a Ponzi scheme.
There should be two distinct piles of money here. First, we have the business's money. I don't know how they earn this (percentage of play maybe), but it doesn't really matter. This is the money they can use to operate the business. For this fund, it is perfectly reasonable to expect money to keep coming in, that is how businesses operate.
However, there should be a separate pile of money that belongs to the account holders. This is NOT the business's money. They should, at any time, be able to pay off every single account holder every penny they hold in the account. If you have to keep having new accounts (or more money added to them) to pay off other accounts, that is a Ponzi scheme.