This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?
I'm pretty sure they'll follow through on the threat this time. The reason? SCO has an earnings call on March 3. While their legal case is pretty clearly going nowhere, they do seem media-savvy enough to know that a loudly-trumpeted lawsuit against a high-profile company will distract the analyst/media community enough to help them avoid questions they'd rather not answer.
Re:How did this virus spread so easily?
on
SCO Offline
·
· Score: 4, Interesting
What I find particularly fascinating about all of this is the fact that this is being treated primarily as a user education issue. While it's true that a savvy user can dodge this attack completely by simply not opening the attachment in question, one might still rightly ask, "Why is it that users have to be security-savvy in order to effectively use their computers?" Many of the security problems that we see are, in fact, caused by architectural flaws.
The lack of distinction between executable files and data is the first problem. Windows differentiates between data files and programs through file naming convention; the mere construction of a filename is sufficient to get the operating system to attempt to run it if the user should happen to click on it within the GUI.
Other operating systems don't do this. Unix systems have an attribute separate from the filename that indicates that the file is executable code. This attribute (a permission bit, actually) must be set in order for the code to execute in response to a click from within the GUI (or, for that matter, in response to actions in the command-line interface). Had this worm been effective on a Unix system, it would have required that the user save the attachment as a file, modify the executable permissions for the file, then invoke the application. Most other non-Unix systems with which I've worked are similar; you have to either explicitly communicate to the operating system "run this file as a program" or somehow bless the file in order to turn it into an application.
Once the application is running, we discover the next major architectural flaw: it's possible for most users of Windows to modify the behavior of the operating system itself without realizing it. Most modern operating systems require a user to be in some sort of a privileged mode in order to install applications or otherwise change the behavior of the system. The "su" command (or, better yet, the "sudo" command) in Unix allows one to assume "superuser" privileges for this purpose. In Windows, you have to be logged in as a user with administrative rights to the computer, but there's no simple way to assume and release privileges for the purpose of installing an application. So most users (outside the most restrictive of corporate environments) use their Windows environments from a login with full administrative privileges. This is the equivalent of running one's Unix environment while logged in as "root," a practice regarded as reckless and incompetent. Unfortunately, it's very hard to get work done in Windows any other way.
As a result, malware like the MyDoom worm can take advantage of these administrative privileges in order to make itself harder to remove. It's quite common for such applications to add themselves to the list of things that run when the computer is started up. One variant of the MyDoom worm even goes so far as to damage a network configuration file in order to make it difficult for antivirus software to download updated signature files. These attacks work only because the worm is easily able to gain administrative rights to the computer. There's certainly plenty of mischief that can be perpetrated as an ordinary user, but it's quite a bit easier to prevent when the OS is off-limits. And, when bad things do happen, it's vastly easier to clean up the damage when the integrity of the operating system itself isn't in question.
So, the next time you hear the claim that a security problem is caused by a user acting stupid, consider this: is it really the case that the user is stupid, or is the real stupidity the set of architectural decisions that enable the user to make mistakes?
I believe there's some sort of sequence number sent as part of the response from the EZ-Pass toll transponder, and that it's incremented each time the transponder sends an interrogation response. When the toll reconcilation is done, an already-used sequence number or one that's lower than one previously used will flag the account for attention; this makes transponder cloning a relatively unrewarding activity. (Since toll reconciliation isn't a real-time process, the "lower than previously-used" test is actually a little more complicated than the way I've described it, but the basic idea is the same).
I'd imagine that the credit card scheme will include some kind of similar anti-duplication support, though this is just speculation on my part.
The U.S. military was also going to be moving all of their coding efforts to the Ada programming language. As I'm sure folks have noticed, this didn't happen. They certainly have an interest in standards, but they're also pragmatic enough to realize that standards are about interoperability. I'd fully expect them to rethink or delay their IPV6 mandate if there isn't sufficient industry support for it.
Well, I actually did RTFA (forgive me!) and note with some concern that the standard provides for "device revocation" under some clearly-defined terms, though those terms are unspecified. Can anyone shed some light on what those might be?
The obvious concern here is that the devices will be sold under some sort of license agreement that will permit unspecified others to figuratively fry your hardware if they suspect it's compromised (or are otherwise displeased with you). I imagine that one's recourse as a consumer (remember: we're "consumers" and not "citizens" here!) will be quite limited. Sigh.
It will be interesting to see how the public reacts to this. Done correctly, it will increase the security of the passport without really compromising privacy. If the format of the data on the smart card is completely documented, it will be easy to verify that the only information is being stored appears in printed form on the passport itself. Since all of the information in printed form is being stored someplace now, it's hard to argue that a smart-card version of this information disadvantages the traveler somehow.
The presence of the digital signature, however, provides MUCH stronger assurances that these identity credentials aren't forged; this seems to me to be a very good thing indeed.
I've actually used this with great success as a job interview question. It's enlightening to ask a prospective candidate about their experience with a nonexistent technology; the reaction can tell you quite a lot about the candidate's attitude, willingness to learn, and whether s/he will be straight with you when the correct answer really is "I don't know."
Phil
Standardized connector?
on
42-Volt Autos
·
· Score: 1
I've RTFA but I can't find one piece of information that seems pretty important: does the move to 36V power mean that we'll also see a standardized accessory connector that's less of a kludge than the "cigarette lighter" connectors we have know. I believe that the laws of physics would prevent something more kludgey from being used, but this seems like a perfect opportunity for the industry to settle on a sensible scheme for the interconnection of external devices. Does anyone know if this is slated to happen?
I'm amused, too, that you should bring up the Beatles catalog. Those who remember the ramp-up in popularity for CDs in the mid-to-late 1980s will remember that the Beatles catalog was very late in coming to the CD format.
The reason? According to the label, it was at least partially because the very high quality of the digital recording would result in mass piracy (to cassette tape), which would in turn cut into vinyl sales. (As I recall, there were some other rights issues to be resolved as well, but a large part of the reason was this supposed piracy.)
I think it's worth noting that it's the META group that's saying this, not Microsoft. META's in the business of selling their prognostication services; it's therefore to their distinct advantage to make headline-grabbing bold predictions like this from time to time. Magazine columnists do this sort of thing sometimes, too: controversy and bold predictions really do help sell publications.
I'm not suggesting META's conclusions are right or that they're wrong--merely that there may be some "publicity stunt" component behind their analysis.
A very similar technology been used for the identification of gems for quite a while. The idea is pretty much the same: shine a laser beam into the gem, then record the pattern generated by internal reflection/refraction. The technique has been around for at least twenty years, I believe. Still, the idea of a physical one-way hash function is interesting and quite likely useful.
Is it just me, or does this card look fragile? It sure looks like the antenna will protrude beyond the edge of the device. Given how thin MMC/SD/SDIO cards are, this might afford the user considerable opportunity to damage the card and/or device it's installed in. I haven't seen the cards myself, so it's certainly possible that I'm simply incorrect--but it's worth checking out before spending the $130, I imagine...
FYI, here are my comments to Senator George Allen of Virginia. I sent similar missives to Senator John Warner (Virginia) and Senator Hollings himself. I'm not actually expecting to hear back in any meaningful way from any of them, but will certainly take advantage of the opportunity should someone actually call me.
** I would very much appreciate the opportunity to have a short phone conversation on this topic with the staffer who handles technology issues for Senator Allen. **
I'm writing to express my concern about activities currently underway in the Senate Commerce Committee (to be discussed in a 9:30AM hearing on 2/28, SR-253). It's my understanding that Senator Hollings is considering the introduction of legislation that would mandate the introduction of copy controls on all digital equipment manufactured and sold in the United States. The users of this equipment would, of course, ultimately bear the cost burden that this requirement imposes.
As a technologist, I find this objectionable. I support the right of intellectual property holders to protect their work through both technological and legal means. But I think an attempt to legislate these controls into all digital technologies simply represents an attempt by the entertainment industry to transfer the costs of these protections to other industries.
There is absolutely nothing stopping the entertainment industry from collaborating right now with computer and other technology manufacturers to produce a highly secure platform for the distribution of electronic media.
But consumers should have the freedom not to purchase such systems, just as the entertainment industry has the freedom not to release material for any systems that they feel are insufficiently secure.
The marketplace has time and again rejected such systems that favor security over usability, though--which is why the entertainment industry would like to limit consumer choice in a way that creates a ready-made market for their product.
I hope Senator Allen shares my view that government's role in commerce is to protect freedoms and expand consumer choice rather than limit those freedoms in order to protect the profits of an already-wealthy industry. I ask that he convey my deep concerns to Senator Hollings at his earliest opportunity.
Sincerely,
Phillip Wherry
Why do companies tolerate this?
on
Read the Fine Print
·
· Score: 5, Interesting
[IANAL, so consider these comments accordingly]
I'm really quite surprised that there hasn't been a big backlash from the legal departments of corporate customers over the text in the license agreements from software makers like Microsoft.
Most of the large organizations that I've worked with have relatively paranoid legal departments. The average person cannot, for example, sign a non-disclosure agreement, vendor contract, or do anything else that binds the company without having the document scrutinized in excruciating detail by the company's legal department. And, as anyone who's ever been through this process knows, excruciating is the correct word for this situation.
Yet people install software all the time that binds the company to ridiculously one-sided terms: This software is ours, not yours. Unless it breaks: then it's yours, not ours--and we're obligated to do everything up to and including nothing to help you.
It seems to me like two possible explanations exist--neither of them pleasant:
Legal departments aren't challenging shrink-wrap licenses because they feel they're not really enforceable contracts. This seems to fly in the face of things like UCITA, though, which allow the software vendor to say "W3 0wn j00" in their license agreements with the force of law to back them up.
Legal departments aren't challenging shrink-wrap licenses because they realize that most of the time they're dealing with a powerful monopoly--and that the choice is to accept unconscionable terms or simply be unable to perform essential functions. Most legal departments don't understand open-source software, and I think Microsoft's done a good enough job with its fearmongering campaign about the GPL that there will be a lot of hesitation even if the light bulb ever does come on.
There's also the issue of who's allowed to "sign" these things. In most corporate-user situations, the user doing the software installation (and therefore "agreeing" to the click-wrap terms) isn't a corporate officer or someone who's been delegated the authority to bind the company to a set of terms--no matter how reasonable. This seems to me to be pretty dangerous. In the case of a dispute with the vendor, it could potentially put the user at personal risk for representing they had the authority to bind the company when, in fact, they did not. While the economics of pursuing an individual over a company's breach of the license "agreement" probably don't make sense, this remains at least a theoretical risk.
The existence of this product just indicates one thing: storage density and cost still favor tape so long as you can live with the limitations (lack of random access, mechanical complexity, wear). For example: DDS-4 tapes (4mm computer tapes that hold about 20G uncompressed) cost about one-fourth of what a 20G hard disk costs. Recordable CDs are cost-competitive, but you need about thirty of them, which makes them impractical for an application where you need high storage density.
It's inevitable that random-access (disc/disk) technology will catch up. Rewriteable DVD stores 4.7 Gbytes on a relatively affordable disc now, but that's only one-quarter of the available storage on one of these D-VHS tapes. Presuming that it takes a few years for a suitably large random-access medium to emerge, I imagine that D-VHS will fill a hole in the current high-definition market for a while.
You're almost completely right: lack of cashflow for their products is the only thing that will get their attention. Whether they understand the significance of that lack of cashflow is another story entirely.
My fear is that they'll attribute their declining profits entirely to thievery. While it's true that some of their profits are being eroded by dishonest behavior, the same thing can be said of pretty well any other commercial endeavor. Stores lose money to shoplifting. Other businesses endure losses from theft of office supplies and personal telephone calls. But every one of those businesses has made a decision about how to balance its business model against the possibility of theft. The music industry in particular isn't doing this: in the face of demonstrable demand for something, they're choosing to cling to a business model that's becoming less workable by the day. The fact that there's some theft is inevitable. The fact that they've been unsuccessful in balancing the risk of theft against the business benefits of providing what consumers actually want just means that they're not particularly clever.
I'm just about to finish up ripping all of my CDs to 160 Kbps MP3 format so I can do casual listening without handling physical media. I'm not too terribly bothered by the loss in quality caused by compression, since I've got the original media to work with for those occasions when I need higher fidelity.
It occurs to me, though, that the inclusion of a compressed audio player on the CD really doesn't solve the problem, even if it's possible to copy the audio files in some protected way to a hard disk.
Here's why: my earliest CDs were purchased in early 1986. At that time, my PC was running MS-DOS 3.1. Think for a moment about the odds of a copy-protected program from 1986 working unmodified in a modern computer--let alone the computers we'll have twenty years hence. The inclusion of a copy-protected player program in lieu of a standards-compliant CD looks even more pitiful when one stops to consider the fact that the player program will be basically unuseable in a few years' time.
I must admit that I'm impressed at Verizon's ingenuity here. I really didn't think it was going to be feasible to find a way to do per-minute pricing for a packet service, but I underestimated the company's ability to misunderstand the utility of packet data.
Whether it's the entertainment industry or the telecom industry, consumer preference is pretty clear: predictable costs drive product acceptance. The cellular industry, however, is justly famous for deliberately making costs hard to understand, let alone predict.
This pricing scheme is doubly insulting from a CDMA carrier; as those who are familiar with CDMA are aware, it's far and away the most bandwidth-efficient wireless communications system in widespread use. There's at least one carrier that's been quite successful in using CDMA technology to offer a truly flat-rate all-you-can-talk local calling service in a number of areas in the U.S. [Important disclaimer: I work for the aforementioned carrier's parent company, but don't speak for it in this forum; I'm mentioning the service here in order to illustrate a point, not advertise the service. If you live in a coverage area, you've heard about it already, I'm sure...]
Packet data can be even more bandwidth-efficient than voice traffic since the latency requirements are relaxed considerably, so it seems to me that there's really no excuse for Verizon to be billing for this service in such a boneheaded way.
Well, I imagine that somewhere, deep within Microsoft, there's a document called "The Microsoft Guide to Writing Error Messages". The exact contents are trade secret, of course (or perhaps the document is jusr corrupted), but it goes something like this:
DO NOT RELEASE SOFTWARE TO MANUFACTURING until the following criteria have been satisfied in full!
Does your error message suggest at least two reasons that the message might have appeared?
Are the reasons unrelated?
Have you double-checked to make sure that none of the listed reasons are related to the actual cause of the problem?
Have you ensured that the message itself declares the existence of a problem without suggesting any solution? Far better to say something like "An installation error occurred. [OK]" than risk confusing the user with technical details. Remember: we charge for "support."
Have all useful problem resolution procedures been removed from online help?
Hmm. This seems to be turning into a Slashdot FAQ.
In any case...
It's a great idea to make the sacrifice and go get the degree before it gets even harder to do.
While it varies by employer, the degree for the most part demonstrates your ability to define a goal, then stick with it for a while until it's completed. The lack of a degree is a red flag; while the specific degree figures into hiring decisions, your experience and your ability to explain why you made the choices you did matter more.
Don't forget to use this as an opportunity to develop your communication skills and your ability to interact with people with different backgrounds and priotities. In the end, this will matter more than any specific technical ability or degree.
I've got two of these beasts (as well as one of the older 340M versions) for digital camera use.
In general, they work pretty well. They're a little bit slower than flash memory, and they use more power--but those are really about the only practical differences under normal circumstances.
You can hear the disk spinning (and the head actuator operating) if you listen carefully, but it's by no means loud.
They do demand careful treatment, though. A friend of mine dropped his Microdrive from about waist height onto carpet, and it never worked again.
Slashdot Mirror
This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?
I'm pretty sure they'll follow through on the threat this time. The reason? SCO has an earnings call on March 3. While their legal case is pretty clearly going nowhere, they do seem media-savvy enough to know that a loudly-trumpeted lawsuit against a high-profile company will distract the analyst/media community enough to help them avoid questions they'd rather not answer.
What I find particularly fascinating about all of this is the fact that this is being treated primarily as a user education issue. While it's true that a savvy user can dodge this attack completely by simply not opening the attachment in question, one might still rightly ask, "Why is it that users have to be security-savvy in order to effectively use their computers?" Many of the security problems that we see are, in fact, caused by architectural flaws.
The lack of distinction between executable files and data is the first problem. Windows differentiates between data files and programs through file naming convention; the mere construction of a filename is sufficient to get the operating system to attempt to run it if the user should happen to click on it within the GUI.
Other operating systems don't do this. Unix systems have an attribute separate from the filename that indicates that the file is executable code. This attribute (a permission bit, actually) must be set in order for the code to execute in response to a click from within the GUI (or, for that matter, in response to actions in the command-line interface). Had this worm been effective on a Unix system, it would have required that the user save the attachment as a file, modify the executable permissions for the file, then invoke the application. Most other non-Unix systems with which I've worked are similar; you have to either explicitly communicate to the operating system "run this file as a program" or somehow bless the file in order to turn it into an application.
Once the application is running, we discover the next major architectural flaw: it's possible for most users of Windows to modify the behavior of the operating system itself without realizing it. Most modern operating systems require a user to be in some sort of a privileged mode in order to install applications or otherwise change the behavior of the system. The "su" command (or, better yet, the "sudo" command) in Unix allows one to assume "superuser" privileges for this purpose. In Windows, you have to be logged in as a user with administrative rights to the computer, but there's no simple way to assume and release privileges for the purpose of installing an application. So most users (outside the most restrictive of corporate environments) use their Windows environments from a login with full administrative privileges. This is the equivalent of running one's Unix environment while logged in as "root," a practice regarded as reckless and incompetent. Unfortunately, it's very hard to get work done in Windows any other way.
As a result, malware like the MyDoom worm can take advantage of these administrative privileges in order to make itself harder to remove. It's quite common for such applications to add themselves to the list of things that run when the computer is started up. One variant of the MyDoom worm even goes so far as to damage a network configuration file in order to make it difficult for antivirus software to download updated signature files. These attacks work only because the worm is easily able to gain administrative rights to the computer. There's certainly plenty of mischief that can be perpetrated as an ordinary user, but it's quite a bit easier to prevent when the OS is off-limits. And, when bad things do happen, it's vastly easier to clean up the damage when the integrity of the operating system itself isn't in question.
So, the next time you hear the claim that a security problem is caused by a user acting stupid, consider this: is it really the case that the user is stupid, or is the real stupidity the set of architectural decisions that enable the user to make mistakes?
I believe there's some sort of sequence number sent as part of the response from the EZ-Pass toll transponder, and that it's incremented each time the transponder sends an interrogation response. When the toll reconcilation is done, an already-used sequence number or one that's lower than one previously used will flag the account for attention; this makes transponder cloning a relatively unrewarding activity. (Since toll reconciliation isn't a real-time process, the "lower than previously-used" test is actually a little more complicated than the way I've described it, but the basic idea is the same).
I'd imagine that the credit card scheme will include some kind of similar anti-duplication support, though this is just speculation on my part.
The U.S. military was also going to be moving all of their coding efforts to the Ada programming language. As I'm sure folks have noticed, this didn't happen. They certainly have an interest in standards, but they're also pragmatic enough to realize that standards are about interoperability. I'd fully expect them to rethink or delay their IPV6 mandate if there isn't sufficient industry support for it.
Well, I actually did RTFA (forgive me!) and note with some concern that the standard provides for "device revocation" under some clearly-defined terms, though those terms are unspecified. Can anyone shed some light on what those might be?
The obvious concern here is that the devices will be sold under some sort of license agreement that will permit unspecified others to figuratively fry your hardware if they suspect it's compromised (or are otherwise displeased with you). I imagine that one's recourse as a consumer (remember: we're "consumers" and not "citizens" here!) will be quite limited. Sigh.
It will be interesting to see how the public reacts to this. Done correctly, it will increase the security of the passport without really compromising privacy. If the format of the data on the smart card is completely documented, it will be easy to verify that the only information is being stored appears in printed form on the passport itself. Since all of the information in printed form is being stored someplace now, it's hard to argue that a smart-card version of this information disadvantages the traveler somehow.
The presence of the digital signature, however, provides MUCH stronger assurances that these identity credentials aren't forged; this seems to me to be a very good thing indeed.
I've actually used this with great success as a job interview question. It's enlightening to ask a prospective candidate about their experience with a nonexistent technology; the reaction can tell you quite a lot about the candidate's attitude, willingness to learn, and whether s/he will be straight with you when the correct answer really is "I don't know."
Phil
I've RTFA but I can't find one piece of information that seems pretty important: does the move to 36V power mean that we'll also see a standardized accessory connector that's less of a kludge than the "cigarette lighter" connectors we have know. I believe that the laws of physics would prevent something more kludgey from being used, but this seems like a perfect opportunity for the industry to settle on a sensible scheme for the interconnection of external devices. Does anyone know if this is slated to happen?
Phil
It's simpler than TiVo because there's no device in the viewer's home. Most of the infrastructure is centralized at the cable system's head-end.
You make a good point.
I'm amused, too, that you should bring up the Beatles catalog. Those who remember the ramp-up in popularity for CDs in the mid-to-late 1980s will remember that the Beatles catalog was very late in coming to the CD format.
The reason? According to the label, it was at least partially because the very high quality of the digital recording would result in mass piracy (to cassette tape), which would in turn cut into vinyl sales. (As I recall, there were some other rights issues to be resolved as well, but a large part of the reason was this supposed piracy.)
Sigh.
Phil
I think it's worth noting that it's the META group that's saying this, not Microsoft. META's in the business of selling their prognostication services; it's therefore to their distinct advantage to make headline-grabbing bold predictions like this from time to time. Magazine columnists do this sort of thing sometimes, too: controversy and bold predictions really do help sell publications.
I'm not suggesting META's conclusions are right or that they're wrong--merely that there may be some "publicity stunt" component behind their analysis.
Phil
A very similar technology been used for the identification of gems for quite a while. The idea is pretty much the same: shine a laser beam into the gem, then record the pattern generated by internal reflection/refraction. The technique has been around for at least twenty years, I believe. Still, the idea of a physical one-way hash function is interesting and quite likely useful.
Is it just me, or does this card look fragile? It sure looks like the antenna will protrude beyond the edge of the device. Given how thin MMC/SD/SDIO cards are, this might afford the user considerable opportunity to damage the card and/or device it's installed in. I haven't seen the cards myself, so it's certainly possible that I'm simply incorrect--but it's worth checking out before spending the $130, I imagine...
Phil
FYI, here are my comments to Senator George Allen of Virginia. I sent similar missives to Senator John Warner (Virginia) and Senator Hollings himself. I'm not actually expecting to hear back in any meaningful way from any of them, but will certainly take advantage of the opportunity should someone actually call me.
** I would very much appreciate the opportunity to have a short phone conversation on this topic with the staffer who handles technology issues for Senator Allen. **
I'm writing to express my concern about activities currently underway in the Senate Commerce Committee (to be discussed in a 9:30AM hearing on 2/28, SR-253). It's my understanding that Senator Hollings is considering the introduction of legislation that would mandate the introduction of copy controls on all digital equipment manufactured and sold in the United States. The users of this equipment would, of course, ultimately bear the cost burden that this requirement imposes.
As a technologist, I find this objectionable. I support the right of intellectual property holders to protect their work through both technological and legal means. But I think an attempt to legislate these controls into all digital technologies simply represents an attempt by the entertainment industry to transfer the costs of these protections to other industries.
There is absolutely nothing stopping the entertainment industry from collaborating right now with computer and other technology manufacturers to produce a highly secure platform for the distribution of electronic media.
But consumers should have the freedom not to purchase such systems, just as the entertainment industry has the freedom not to release material for any systems that they feel are insufficiently secure.
The marketplace has time and again rejected such systems that favor security over usability, though--which is why the entertainment industry would like to limit consumer choice in a way that creates a ready-made market for their product.
I hope Senator Allen shares my view that government's role in commerce is to protect freedoms and expand consumer choice rather than limit those freedoms in order to protect the profits of an already-wealthy industry. I ask that he convey my deep concerns to Senator Hollings at his earliest opportunity.
Sincerely,
Phillip Wherry
I'm really quite surprised that there hasn't been a big backlash from the legal departments of corporate customers over the text in the license agreements from software makers like Microsoft.
Most of the large organizations that I've worked with have relatively paranoid legal departments. The average person cannot, for example, sign a non-disclosure agreement, vendor contract, or do anything else that binds the company without having the document scrutinized in excruciating detail by the company's legal department. And, as anyone who's ever been through this process knows, excruciating is the correct word for this situation.
Yet people install software all the time that binds the company to ridiculously one-sided terms: This software is ours, not yours. Unless it breaks: then it's yours, not ours--and we're obligated to do everything up to and including nothing to help you.
It seems to me like two possible explanations exist--neither of them pleasant:
- Legal departments aren't challenging shrink-wrap licenses because they feel they're not really enforceable contracts. This seems to fly in the face of things like UCITA, though, which allow the software vendor to say "W3 0wn j00" in their license agreements with the force of law to back them up.
- Legal departments aren't challenging shrink-wrap licenses because they realize that most of the time they're dealing with a powerful monopoly--and that the choice is to accept unconscionable terms or simply be unable to perform essential functions. Most legal departments don't understand open-source software, and I think Microsoft's done a good enough job with its fearmongering campaign about the GPL that there will be a lot of hesitation even if the light bulb ever does come on.
There's also the issue of who's allowed to "sign" these things. In most corporate-user situations, the user doing the software installation (and therefore "agreeing" to the click-wrap terms) isn't a corporate officer or someone who's been delegated the authority to bind the company to a set of terms--no matter how reasonable. This seems to me to be pretty dangerous. In the case of a dispute with the vendor, it could potentially put the user at personal risk for representing they had the authority to bind the company when, in fact, they did not. While the economics of pursuing an individual over a company's breach of the license "agreement" probably don't make sense, this remains at least a theoretical risk.The existence of this product just indicates one thing: storage density and cost still favor tape so long as you can live with the limitations (lack of random access, mechanical complexity, wear). For example: DDS-4 tapes (4mm computer tapes that hold about 20G uncompressed) cost about one-fourth of what a 20G hard disk costs. Recordable CDs are cost-competitive, but you need about thirty of them, which makes them impractical for an application where you need high storage density.
It's inevitable that random-access (disc/disk) technology will catch up. Rewriteable DVD stores 4.7 Gbytes on a relatively affordable disc now, but that's only one-quarter of the available storage on one of these D-VHS tapes. Presuming that it takes a few years for a suitably large random-access medium to emerge, I imagine that D-VHS will fill a hole in the current high-definition market for a while.
You're almost completely right: lack of cashflow for their products is the only thing that will get their attention. Whether they understand the significance of that lack of cashflow is another story entirely.
My fear is that they'll attribute their declining profits entirely to thievery. While it's true that some of their profits are being eroded by dishonest behavior, the same thing can be said of pretty well any other commercial endeavor. Stores lose money to shoplifting. Other businesses endure losses from theft of office supplies and personal telephone calls. But every one of those businesses has made a decision about how to balance its business model against the possibility of theft. The music industry in particular isn't doing this: in the face of demonstrable demand for something, they're choosing to cling to a business model that's becoming less workable by the day. The fact that there's some theft is inevitable. The fact that they've been unsuccessful in balancing the risk of theft against the business benefits of providing what consumers actually want just means that they're not particularly clever.
Did something change when I wasn't looking?
While I'm genuinely impressed by the idea, announcements like this are traditionally made at the beginning of April, not February!
I'm just about to finish up ripping all of my CDs to 160 Kbps MP3 format so I can do casual listening without handling physical media. I'm not too terribly bothered by the loss in quality caused by compression, since I've got the original media to work with for those occasions when I need higher fidelity.
It occurs to me, though, that the inclusion of a compressed audio player on the CD really doesn't solve the problem, even if it's possible to copy the audio files in some protected way to a hard disk.
Here's why: my earliest CDs were purchased in early 1986. At that time, my PC was running MS-DOS 3.1. Think for a moment about the odds of a copy-protected program from 1986 working unmodified in a modern computer--let alone the computers we'll have twenty years hence. The inclusion of a copy-protected player program in lieu of a standards-compliant CD looks even more pitiful when one stops to consider the fact that the player program will be basically unuseable in a few years' time.
...that you'll have to obtain new Windows/Office XP licenses if you clone more than one organ within some window of time.
I must admit that I'm impressed at Verizon's ingenuity here. I really didn't think it was going to be feasible to find a way to do per-minute pricing for a packet service, but I underestimated the company's ability to misunderstand the utility of packet data.
Whether it's the entertainment industry or the telecom industry, consumer preference is pretty clear: predictable costs drive product acceptance. The cellular industry, however, is justly famous for deliberately making costs hard to understand, let alone predict.
This pricing scheme is doubly insulting from a CDMA carrier; as those who are familiar with CDMA are aware, it's far and away the most bandwidth-efficient wireless communications system in widespread use. There's at least one carrier that's been quite successful in using CDMA technology to offer a truly flat-rate all-you-can-talk local calling service in a number of areas in the U.S. [Important disclaimer: I work for the aforementioned carrier's parent company, but don't speak for it in this forum; I'm mentioning the service here in order to illustrate a point, not advertise the service. If you live in a coverage area, you've heard about it already, I'm sure...]
Packet data can be even more bandwidth-efficient than voice traffic since the latency requirements are relaxed considerably, so it seems to me that there's really no excuse for Verizon to be billing for this service in such a boneheaded way.
DO NOT RELEASE SOFTWARE TO MANUFACTURING until the following criteria have been satisfied in full!
Hmm. This seems to be turning into a Slashdot FAQ.
In any case...
It's a great idea to make the sacrifice and go get the degree before it gets even harder to do.
While it varies by employer, the degree for the most part demonstrates your ability to define a goal, then stick with it for a while until it's completed. The lack of a degree is a red flag; while the specific degree figures into hiring decisions, your experience and your ability to explain why you made the choices you did matter more.
Don't forget to use this as an opportunity to develop your communication skills and your ability to interact with people with different backgrounds and priotities. In the end, this will matter more than any specific technical ability or degree.
I've got two of these beasts (as well as one of the older 340M versions) for digital camera use.
In general, they work pretty well. They're a little bit slower than flash memory, and they use more power--but those are really about the only practical differences under normal circumstances.
You can hear the disk spinning (and the head actuator operating) if you listen carefully, but it's by no means loud.
They do demand careful treatment, though. A friend of mine dropped his Microdrive from about waist height onto carpet, and it never worked again.