FP and channel 1 (OT, sort of)
on
The Pledge
·
· Score: 2
This is sort of, but not really, OT, becacuse Katz has written about the topic of degradation of the discussion space before, too.
You know, I think that GimpBoy's on to something here. Do you know why there's no channel 1 on a US television? Because the FCC realized that stations would fight tooth and nail to be the "first post" on the dial. If you take away FP by simply putting a post (or two or three) at the start of the discussion, then the value of FP goes away, and we at least get rid of that annoyance.
Replace all just replaces all occurrences. It assumes that you meant to do what you're doing.
I only use R/A when I'm doing large regexp replaces. That happens often enough, though, that I learned the keyboard shortcuts to do it quickly. (Why, you ask, would any programmer do that, seeing as how it's rather dangerous? The particular piece of code I was working on when I learned the trick contained a number of rather large tables of the form
{Name, CONST_, "Name", ,...}
where it was easy to create a list of the Name fields. That's the kind of thing that old vi-warriors know calls for regexp replace all.)
Have you looked at crime trends? They're going up you know.
Err, yes, actually, I have. Violent crime is down dramatically across the United States, which is the country that has most radically transferred work from manual to automated over the last generation. In Japan, which has been resisting such changes, crime is indeed up. In Europe, which has been resisting such changes less than Japan, but more than in the US, crime is up, but less sharply than it is in Japan.
And get your terminology right: It attaches a digital signature( not a "security certificate") then it encrypts your message. only people that have my private ( not "specific" ) key can read it. Where did you get those term from anyway?
Bzzt! Sorry, no prize, but thanks for playing.
PKCS 7 does, indeed, attach a copy of the certificate to the message. It also attaches a copy of the MD5 hash of the body of the message, encrypted with the sender's private key. The receiver can then recompute the hash of the message he or she received and compare it to the value he or she obtains by decrypting the encrypted hash paylod with the sender's public key. They must match, or the message has been tampered with.
Finally - and here's why people use X.509 certs, - the MUA can resolve the certificate chain corresponding to the cert in the message. If each certificate in the chain was issued by its putative issuer, and if the root of the chain is trusted, then either the sender's key has been compromised, or the message is both authentic and valid.
PKCS 7 can, but is not required to, encrypt the message body itself. That is a somewhat more complicated process. In order to encrypt a message, it needs the public key of the known recipient. It then generates a cryptographically secure random number, and encrypts it with the receipient's public key. It then use that random number to conceal the contents of the message (using a standard symmetric algorithm). That body is then signed as per the unencrypted form, and the resulting envelope is sent.
It is left as an exercise to the reader to figure out why (a) the message is securely encrypted, (b) the resulting message is repudiable, (c) this all works without either party needing to know the other party's private key and (d) why the keys in each leaf (non-issuer) certificate can be, and are, thrown away after the cert is generated, so that the only copy left in existence is in the cert itself.
Let's look at the argument in favor of security through obscurity -- "There's only one of me; there are lots of us; why would anybody attack me?" That's a sound argument, and it is the argument that gets all of us through every facet of our lives in each and every day. I don't have a food taster, I don't have people check on my kids friends, etc. My bet is that you don't, either. After all, any rational person would ask "Why would anybody target me? I'm not worth it!"
But that same argument applies if there are thousands of files on a single server! If somebody breaks into my employer's corporate network, they're not going to steal code from me, since there are just too many "mes" there. The same thing is true of your data if it's up on some great big server in the sky. If your data is physically safe in your home or office, then it's logically safe on some big company's server. The very same argument applies.
And, contrapositively, if your data is NOT logically safe on some big company's server, then it is NOT physically safe if you're trying to protect it yourself. Hey, you keep good backups? Good for you -- I'll hire a PI to come "reclaim" them for me. Lot's of 'em won't worry too much about whether you really stole them from me or not. And what about the possibility of a fire in your office? If your office burned down tomorrow...where are your backups? Are they under your desk? How much good will they do for you if they're reduced to carbonized dust? Did the cleaning staff pick them up while vacuuming, placing them on top of you monitor? A monitor is a great degaussing device, you know...
The truth is that if what you've got is worth securing, then you will do well to get a pro to secure it, paying him or her to figure out how to put the layers of protection in place for each different item. One of those layers will entail offsite backup of at least some of your most critical data, and that will mean putting it in a site with other valuable data. That site will be subject to attack. If you've picked your security geek well, your data will still be more secure in that bank safe deposit box than it is in your own home.
You may feel more secure taking care of your own data, but you will *be* more secure asking somebody else to do it for you.
Actually, server side data is probably a good deal more secure than any data you can store on your machine. As SuiteSisterMarypointed out last week, in a discussion of the recent Microsoft hack, ease of use is inversely proportional to functional security. It's not easy to secure a server, of course, but it is a great deal easier to secure a server than it is to secure a device that has to give users face time. Your computer at home or at your office is certainly less secure than any server at, say, Microsoft, Red Hat, or Sun -- you depend on security through obscurity to hope that it doesn't get attacked. They don't.
And keep in mind that an attack can consist of something as crude as stealing a whole computer, lock, stock, and barrel. That's a lot more efficient than working across the network, believe it or not. I can't speak for all corporations, but most majors have their key servers in rooms with alarms and/or armed guards. I'll bet that your backups aren't stored in such safe conditions.
This is the same fallacy that leads people to be scared while the plane is landing, and then be blase when they pull out onto the freeway. Guess which of those is more dangerous?
AFAIK the Win32 API doesn't have such a thing, which makes emulating fork() in WIN32 rather hard
It can be done with CreateProcess(), but therefore is endlessly more inefficient than Unix's fork().
Not in real world practice. Is CreateProcess less elegant than fork()? Absolutely -- fork() has to be one of the all time most beautiful abstractions in OS design. But is CreateProcess less efficient than fork()? Functionally, no.
There are two contexts in which fork() is used in a *n?x environment: when the system call is immediately followed by transfer of control to another executable (that is, as a very expensive way to execute CreateProcess()), or as a way to spawn a separate handler for an event (that is, as a very expensive way of calling CreateThread()). In neither case is fork() itself a useful or efficient system call.
Ironically, Linux is now moving towards the NT model: in 2.4, fork() and pfork() are both instances of a deeper kernel call, clone(), a call which creates a new execution context, and specifies the data pages bindings thereof. As a consequence, Linux now has threads as its basic element of process objects, rather than processes.
All of the various Microsoft products contain the Berkeley sockets header files. Until recently, each of those files, in turn, contained the famous "string header", and the requirement that it propagate. (Yes, the license has changed, but the poster was referring to the Windows 95 ftp code. That was issued under the terms of the earlier Berkeley license.) So, yes, of course they would pop up the Berkeley CVS entry.
(Since by failing, they are making it less likely that they exist, we must start with a 100% assumption rate, right?)
Actually, no. (Slash doesn't support MathML -- and your browser probably doesn't either -- so you'll have to put up with words instead of formulas.)
Suppose that there are N objects in the universe, and I've observed none of them. What's the probability that at least one of them is a unicorn? Well, given that I know nothing about the relative likelihood of Unicorn-ness among objects, the most likely a priori estimate of the likelihood of a Unicorn is given by quantifying across all possible predicates on the Universe, and computing the probability that IsAUnicorn(x) is true for some x. (After all, the IsAUnicorn predicate is just another predicate. I don't know its characteristic function, but it's got one.) Then it's easy: the Universe is finite, and so there are only finitely many predicates on it, and (drumroll please)...exactly one of those predicates has no elements!
So, our estimate of the probability that there exists at least one Unicorn, given that we have no evidence speaking to the question, either way, is 1 - 2^(-N), where N is the number of objects in the Universe. Thus, it is very, very likely that there exists a Unicorn, in default of any evidence -- but it is not quite certain.
Failing to falsify does not strengthen an argument.
That claim, although popular, is false. Failing to falsify does strengthen an argument; it merely can't prove it. It is possible to gather evidence for the non-existence of an object. There's even a whimsical statement of the paradox: "Every green blade of grass further convinces me that all crows are black."
Here's how it works. The statement "All crows are black" is logically equivalent to the statement "All non-black objects are non-crows."
So, assuming there's a finite universe of objects -- take that one up with the cosmologists -- I can estimate the probability that there exists a non-black object that is, in fact, a crow, simply by counting non-black objects, and looking to see crows among them. A good place to start is out on my lawn; I'll go through and see if any of the green objects sprouting from the soil out there is a crow.
Nope: they're all weeds...I mean, blades of grass. That's still more evidence for the thesis that all crows are black.
To carry this through to your thesis that there are no unicorns, the statement "There are no unicorns" is logically equivalent to "All objects are 'non-unicorns'". I can't acquire any evidence of the first one directly, but I can provide evidence of the second.
Actually, it's 10%... Of course with my superior genes, it's closer to 50%:)
I'm so sorry to hear that you have only 20% of the brain capacity that everyone else has. Poor kid. It must be tough to only use 10% of the 20% you had from the start.
"Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and
protection of national security against threats of invasion of privacy."
The second clause (in bold) doesn't appear to be written in English. What would it mean to threaten to invade the privacy of national security?
(Emphasis added by previous poster)
He's right, it isn't in English. That's because he parsed the sentence wrong. The correct (and syntactically and semantically valid) parse is
"Any electronic surveillance involves balancing
needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy."
In formal English, one "balances" a "against" b -- in this case, needs against threats -- and one does not "balance" a "and" b.
Actually, yes, it's big news that it's going to use TCP instead of UDP, at least in the mobile telephony space.
Politically, Phone.com (the original developer of WAP) has very much wanted to keep WAP 2.0 on UDP; the various p.c browsers don't generalize well to TCP. Meanwhile, there are other micro-browsers out there which handle XHTML and HTML over TCP/IP on phones as well as handling WAP over UDP/IP; p.c doesn't want to lose market share to them.
From a user perspective, if your phone supports TCP/IP as well as UDP/IP, then protocols like SMTP, POP3 and IMAP4 are available directly from the phone. Users don't need to go through the carrier's WAP gateway and read mail in the browser. You can see why that's convenient.
So, yes, it's a big deal, both to the people in the industry, and to the users of the phones.
Lemme see. Four years ago, the copyright on _Huckleberry Finn_ expired, Russ. The copyright on _Alice in Wonderland_ expired about a decade ago. Sometime recently, _The Strand's_ copyright on _A Study in Scarlet_ expired.
Yes, the current state of copyright law is abusive. Yes, the terms accorded to items of value are ridiculous. Fine -- you want my help (or even my money) fixing that? You got 'em. But the only way to provide any return on investment on a commodity with zero marginal cost is to grant a monopoly on that commodity. For literary and creative works, whose content is independent of the form of their presentation, that means something not unlike copyright.
If information wants to be free, and people need to eat, then if you want people to produce information, then you need to prop up the cost of the information they produce. You can do it through government subsidy or you can provide it by monopoly, or you can use a hybrid, such as we use now. The hybrid -- a small number of people get government subsidies to do basic work, and everybody else gets a monopoly on their content -- seems to work. The other two extremes don't.
Gee, Timothy...I don't think that there's a lot of ice on the ocean a 0 deg north latitude. In fact, I'd wager that there hasn't ever been much ice there.
That's as close as I've ever seen an opinion come to "Congress, this is a stupid law, and you should fix it -- but, given that it's Constitutional, there's nothing I can do about it."
Stop for a moment, and think. Is the t-shirt a violation of DCMA? That depends on how you read that act. Certainly, it's a means of distributing an illegal circumvention device. Is that it's primary aim? Is it an effective means of disseminating the code?
Touretsky is being disingenuous in his testimony. Buying and wearing the t shirt is an act of political speech, predominantly for the purpose of protest. That's not the same thing as distributing something in a mass medium for the purpose of having it compiled. Moreover, it's not a very effective means of disseminating the putative violation -- somehow, I can't see ten million script kiddies buying their 133t s41rts and typing the code in by hand!
Those are key facts. If the primary purpose in disseminating something is to protest, then it might be (and, in my opinion, probably is) protected speech, even if it's facially a violation of DCMA. Even if it isn't protected, the inefficiency of the medium is a sufficiently high barrier that it would almost certainly be protected under the traditional doctrine of fair use.
Contrast this to the case in front of the judge. Corley and 2600 are alleged to have intended to disseminate a cracking tool. If the plaintiffs show that, the protected speech defense fails. Moreover, they were using a highly efficient technique to disseminate the item: first, the source itself, then, links to the source. So, the secondary "fair use" defence fails.
Judges and juries are capable of makng that distinction. It's perfectly reasonable that the t-shirt is protected from DCMA, but the program and the links are not.
Slashdot Mirror
This is sort of, but not really, OT, becacuse Katz has written about the topic of degradation of the discussion space before, too.
You know, I think that GimpBoy's on to something here. Do you know why there's no channel 1 on a US television? Because the FCC realized that stations would fight tooth and nail to be the "first post" on the dial. If you take away FP by simply putting a post (or two or three) at the start of the discussion, then the value of FP goes away, and we at least get rid of that annoyance.
Replace all just replaces all occurrences. It assumes that you meant to do what you're doing.
...}
I only use R/A when I'm doing large regexp replaces. That happens often enough, though, that I learned the keyboard shortcuts to do it quickly. (Why, you ask, would any programmer do that, seeing as how it's rather dangerous? The particular piece of code I was working on when I learned the trick contained a number of rather large tables of the form
{Name, CONST_, "Name", ,
where it was easy to create a list of the Name fields. That's the kind of thing that old vi-warriors know calls for regexp replace all.)
Well,
:%s/stupidity/intelligence/
is much quicker to type, than using the mouse to:
Edit|Search and Replace
Search "stupidity", Replace "intelligence"
But it isn't faster to type than ctrl-H, stupidity, TAB, intelligence, Alt-A. That's the key sequence in MSVC.
Have you looked at crime trends? They're going up you know.
Err, yes, actually, I have. Violent crime is down dramatically across the United States, which is the country that has most radically transferred work from manual to automated over the last generation. In Japan, which has been resisting such changes, crime is indeed up. In Europe, which has been resisting such changes less than Japan, but more than in the US, crime is up, but less sharply than it is in Japan.
And get your terminology right: It attaches a digital signature( not a "security certificate") then it encrypts your message. only people that have my private ( not "specific" ) key can read it. Where did you get those term from anyway?
Bzzt! Sorry, no prize, but thanks for playing.
PKCS 7 does, indeed, attach a copy of the certificate to the message. It also attaches a copy of the MD5 hash of the body of the message, encrypted with the sender's private key. The receiver can then recompute the hash of the message he or she received and compare it to the value he or she obtains by decrypting the encrypted hash paylod with the sender's public key. They must match, or the message has been tampered with.
Finally - and here's why people use X.509 certs, - the MUA can resolve the certificate chain corresponding to the cert in the message. If each certificate in the chain was issued by its putative issuer, and if the root of the chain is trusted, then either the sender's key has been compromised, or the message is both authentic and valid.
PKCS 7 can, but is not required to, encrypt the message body itself. That is a somewhat more complicated process. In order to encrypt a message, it needs the public key of the known recipient. It then generates a cryptographically secure random number, and encrypts it with the receipient's public key. It then use that random number to conceal the contents of the message (using a standard symmetric algorithm). That body is then signed as per the unencrypted form, and the resulting envelope is sent.
It is left as an exercise to the reader to figure out why (a) the message is securely encrypted, (b) the resulting message is repudiable, (c) this all works without either party needing to know the other party's private key and (d) why the keys in each leaf (non-issuer) certificate can be, and are, thrown away after the cert is generated, so that the only copy left in existence is in the cert itself.
Has there every actually been an actual and successful exploit using a buffer overrun that caused anything other than a GPF/segfault?
Try going to your favorite search engine and searching for "Morris worm".
Hmm. Yes and no.
Let's look at the argument in favor of security through obscurity -- "There's only one of me; there are lots of us; why would anybody attack me?" That's a sound argument, and it is the argument that gets all of us through every facet of our lives in each and every day. I don't have a food taster, I don't have people check on my kids friends, etc. My bet is that you don't, either. After all, any rational person would ask "Why would anybody target me? I'm not worth it!"
But that same argument applies if there are thousands of files on a single server! If somebody breaks into my employer's corporate network, they're not going to steal code from me, since there are just too many "mes" there. The same thing is true of your data if it's up on some great big server in the sky. If your data is physically safe in your home or office, then it's logically safe on some big company's server. The very same argument applies.
And, contrapositively, if your data is NOT logically safe on some big company's server, then it is NOT physically safe if you're trying to protect it yourself. Hey, you keep good backups? Good for you -- I'll hire a PI to come "reclaim" them for me. Lot's of 'em won't worry too much about whether you really stole them from me or not. And what about the possibility of a fire in your office? If your office burned down tomorrow...where are your backups? Are they under your desk? How much good will they do for you if they're reduced to carbonized dust? Did the cleaning staff pick them up while vacuuming, placing them on top of you monitor? A monitor is a great degaussing device, you know...
The truth is that if what you've got is worth securing, then you will do well to get a pro to secure it, paying him or her to figure out how to put the layers of protection in place for each different item. One of those layers will entail offsite backup of at least some of your most critical data, and that will mean putting it in a site with other valuable data. That site will be subject to attack. If you've picked your security geek well, your data will still be more secure in that bank safe deposit box than it is in your own home.
You may feel more secure taking care of your own data, but you will *be* more secure asking somebody else to do it for you.
Actually, server side data is probably a good deal more secure than any data you can store on your machine. As SuiteSisterMary pointed out last week, in a discussion of the recent Microsoft hack, ease of use is inversely proportional to functional security. It's not easy to secure a server, of course, but it is a great deal easier to secure a server than it is to secure a device that has to give users face time. Your computer at home or at your office is certainly less secure than any server at, say, Microsoft, Red Hat, or Sun -- you depend on security through obscurity to hope that it doesn't get attacked. They don't.
And keep in mind that an attack can consist of something as crude as stealing a whole computer, lock, stock, and barrel. That's a lot more efficient than working across the network, believe it or not. I can't speak for all corporations, but most majors have their key servers in rooms with alarms and/or armed guards. I'll bet that your backups aren't stored in such safe conditions.
This is the same fallacy that leads people to be scared while the plane is landing, and then be blase when they pull out onto the freeway. Guess which of those is more dangerous?
If you run W2K, at least, you can go and look at the list of 118 default trusted CA's available on your machine.
Sure, Verisign is the dominant authority, but they're not without competition.
"These are the words that the elves of Netscapethrond heard, and knew that they were betrayed...
Argh! Spam! Nagathuluth
Awk! Spam! Nagathul
Argh! Spam! Crapatitlook!
Argh! Spam! Howawful!"
There are two contexts in which fork() is used in a *n?x environment: when the system call is immediately followed by transfer of control to another executable (that is, as a very expensive way to execute CreateProcess()), or as a way to spawn a separate handler for an event (that is, as a very expensive way of calling CreateThread()). In neither case is fork() itself a useful or efficient system call.
Ironically, Linux is now moving towards the NT model: in 2.4, fork() and pfork() are both instances of a deeper kernel call, clone(), a call which creates a new execution context, and specifies the data pages bindings thereof. As a consequence, Linux now has threads as its basic element of process objects, rather than processes.
Oh, Lord. Not this canard again!
All of the various Microsoft products contain the Berkeley sockets header files. Until recently, each of those files, in turn, contained the famous "string header", and the requirement that it propagate. (Yes, the license has changed, but the poster was referring to the Windows 95 ftp code. That was issued under the terms of the earlier Berkeley license.) So, yes, of course they would pop up the Berkeley CVS entry.
Suppose that there are N objects in the universe, and I've observed none of them. What's the probability that at least one of them is a unicorn? Well, given that I know nothing about the relative likelihood of Unicorn-ness among objects, the most likely a priori estimate of the likelihood of a Unicorn is given by quantifying across all possible predicates on the Universe, and computing the probability that IsAUnicorn(x) is true for some x. (After all, the IsAUnicorn predicate is just another predicate. I don't know its characteristic function, but it's got one.) Then it's easy: the Universe is finite, and so there are only finitely many predicates on it, and (drumroll please)...exactly one of those predicates has no elements!
So, our estimate of the probability that there exists at least one Unicorn, given that we have no evidence speaking to the question, either way, is 1 - 2^(-N), where N is the number of objects in the Universe. Thus, it is very, very likely that there exists a Unicorn, in default of any evidence -- but it is not quite certain.
Here's how it works. The statement "All crows are black" is logically equivalent to the statement "All non-black objects are non-crows."
So, assuming there's a finite universe of objects -- take that one up with the cosmologists -- I can estimate the probability that there exists a non-black object that is, in fact, a crow, simply by counting non-black objects, and looking to see crows among them. A good place to start is out on my lawn; I'll go through and see if any of the green objects sprouting from the soil out there is a crow.
Nope: they're all weeds...I mean, blades of grass. That's still more evidence for the thesis that all crows are black.
To carry this through to your thesis that there are no unicorns, the statement "There are no unicorns" is logically equivalent to "All objects are 'non-unicorns'". I can't acquire any evidence of the first one directly, but I can provide evidence of the second.
Malfuctioning indeed. You do know, though, that your computer would stop malfunctioning if you put a NT on it, instead of a Unix-derivative?
Actually, it's 10%... Of course with my superior genes, it's closer to 50% :)
I'm so sorry to hear that you have only 20% of the brain capacity that everyone else has. Poor kid. It must be tough to only use 10% of the 20% you had from the start.
(Emphasis added by previous poster)
He's right, it isn't in English. That's because he parsed the sentence wrong. The correct (and syntactically and semantically valid) parse is
In formal English, one "balances" a "against" b -- in this case, needs against threats -- and one does not "balance" a "and" b.
Actually, yes, it's big news that it's going to use TCP instead of UDP, at least in the mobile telephony space.
Politically, Phone.com (the original developer of WAP) has very much wanted to keep WAP 2.0 on UDP; the various p.c browsers don't generalize well to TCP. Meanwhile, there are other micro-browsers out there which handle XHTML and HTML over TCP/IP on phones as well as handling WAP over UDP/IP; p.c doesn't want to lose market share to them.
From a user perspective, if your phone supports TCP/IP as well as UDP/IP, then protocols like SMTP, POP3 and IMAP4 are available directly from the phone. Users don't need to go through the carrier's WAP gateway and read mail in the browser. You can see why that's convenient.
So, yes, it's a big deal, both to the people in the industry, and to the users of the phones.
Lemme see. Four years ago, the copyright on _Huckleberry Finn_ expired, Russ. The copyright on _Alice in Wonderland_ expired about a decade ago. Sometime recently, _The Strand's_ copyright on _A Study in Scarlet_ expired.
Yes, the current state of copyright law is abusive. Yes, the terms accorded to items of value are ridiculous. Fine -- you want my help (or even my money) fixing that? You got 'em. But the only way to provide any return on investment on a commodity with zero marginal cost is to grant a monopoly on that commodity. For literary and creative works, whose content is independent of the form of their presentation, that means something not unlike copyright.
If information wants to be free, and people need to eat, then if you want people to produce information, then you need to prop up the cost of the information they produce. You can do it through government subsidy or you can provide it by monopoly, or you can use a hybrid, such as we use now. The hybrid -- a small number of people get government subsidies to do basic work, and everybody else gets a monopoly on their content -- seems to work. The other two extremes don't.
Shouldn't that be the Into_the_Silent_Planet department, Hemos?
SHR? It's easy: take the register, shift it right by one bit, and subtract the right-shifted version from the original...
Oh. You meant SHift Right, not Shift-right is Halfway Recursive? Sorry.
Gee, Timothy...I don't think that there's a lot of ice on the ocean a 0 deg north latitude. In fact, I'd wager that there hasn't ever been much ice there.
Now, 90 degrees North is a different matter.
That's as close as I've ever seen an opinion come to "Congress, this is a stupid law, and you should fix it -- but, given that it's Constitutional, there's nothing I can do about it."
Maybe I'm crazy, but wouldn't it make more sense for it to actually tell you about the problem?
I'd be inclined to think so. Unfortunately, Microsoft didn't put this particular Easter egg into the code; it's a feature of the BIOS itself.
Stop for a moment, and think. Is the t-shirt a violation of DCMA? That depends on how you read that act. Certainly, it's a means of distributing an illegal circumvention device. Is that it's primary aim? Is it an effective means of disseminating the code?
Touretsky is being disingenuous in his testimony. Buying and wearing the t shirt is an act of political speech, predominantly for the purpose of protest. That's not the same thing as distributing something in a mass medium for the purpose of having it compiled. Moreover, it's not a very effective means of disseminating the putative violation -- somehow, I can't see ten million script kiddies buying their 133t s41rts and typing the code in by hand!
Those are key facts. If the primary purpose in disseminating something is to protest, then it might be (and, in my opinion, probably is) protected speech, even if it's facially a violation of DCMA. Even if it isn't protected, the inefficiency of the medium is a sufficiently high barrier that it would almost certainly be protected under the traditional doctrine of fair use.
Contrast this to the case in front of the judge. Corley and 2600 are alleged to have intended to disseminate a cracking tool. If the plaintiffs show that, the protected speech defense fails. Moreover, they were using a highly efficient technique to disseminate the item: first, the source itself, then, links to the source. So, the secondary "fair use" defence fails.
Judges and juries are capable of makng that distinction. It's perfectly reasonable that the t-shirt is protected from DCMA, but the program and the links are not.