First, I can read 17 USC as well as the next guy, and it's pretty clear:
the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright
That doesn't say, "is a defense against a lawsuit for infringement". That says "is not an infringement of copyright". So, if you are doing any of those things, you are not infringing, and you don't need a "defense".
The gray area is what, exactly, is meant by "fair use". The list of examples given shows what the law intended, but defining it specifically is maybe not as easy. Still, I'm pretty sure that saying "this code sucks because of this buggy line right here" would fall under "criticism". If you word it a little differently, I think "research" would apply.
Second, there really is no need for an affirmative fair use right unless you are distributing copies, as like anything else, if the right isn't granted or limited to a specific group or person, it is reserved for "all the people". For computer software source code, here is the complete list of all "the exclusive rights to do and to authorize" that the copyright holder has:
to reproduce the copyrighted work in copies or phonorecords
to prepare derivative works based upon the copyrighted work
to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending
For everything else, the copyright holder has no special rights.
What this means is that until you distribute something copyrighted by someone else, you are not infringing, and you don't need to worry about a "defense". So, re-compile that code and test it as much as you want...you aren't infringing on copyright. Or, print out thousand copies and store them in your basement if that floats your boat...you may be crazy, but you're not infringing on copyright.
And it has been substantially eroded, and continues to be.
The "erosion" of fair use is primarily because of the back door of "no circumvention" Otherwise, "fair use" has done nothing but increase. Time shifting and device shifting have been upheld by courts as "fair use", and ventures like YouTube have greatly expanded fair use through more lawsuits over the length and completeness of copies.
It is possible to have disclosed source code with "All Rights Reserved", such that nobody would ever have rights to compile the code.
"All rights reserved" has a very specific meaning with respect to copyright, and not being able to compile code isn't included among those.
The phrase is actually shorthand for "all copyright rights reserved", and nowhere in 17 USC is "compling" mentioned as a form of copyright infringement.
It's exactly the same as MLB or the NFL trying to convince you that you need "express written permission" to copy a portion of the broadcast of the game. Those entities would like you to believe that their copyright rights can allow them to do that, but that's not the way it works. The same is true for "all rights reserved". Damn near every book published today says "all rights reserved" on the copyright page, but that doesn't change the fact that you can copy snippets of the book for your book review, or even copy every page of the book...as long as you don't distribute that exact duplicate, you are 100% within your rights.
Since it prevents derivative works and redistribution, we'd be unable to include code snippets in any report. We would be legally unable to modify the software for the purpose of testing bug fixes.
I hope that you actually understand copyright better than you appear to with this statement.
If you make the source code of "open source" software available, it is no different from publishing it as a book. In the case of a book, you get the "source code" by obtaining a copy the book (either by purchasing, borrowing, etc.). How you obtain the source to the software is unimportant as long as you obtained the copy legally, and even that might be a gray area.
After that, normal copyright law—including fair use—applies. So, you most certainly can publish code snippets in a report, because a report would be considered a review or criticism. It's important to understand that "licenses" on freely available source code can't remove rights that are available for normal copyright...they can only increase the end user rights. Most often, this increase is giving someone who does not hold the copyright a license for distribution, sometimes with some restrictions on that distribution.
Although some of this might not apply if obtaining the source required signing some sort of restrictive personalized contract (as opposed to being able to download it anonymously), something quite literally freely available to anyone would certainly allow normal fair use, regardless of any "license" to the contrary. This would include re-compiling to test bug fixes.
Despite any "license", copyright allows people to do pretty much anything with a copyrighted work for their own personal use. Now, whether you could publish your "derivative work" that is the bug fix...that's another story. But, you almost certainly could publish just the fix as "criticism" as part of fair use. You certainly might get sued for this, but then you might get sued for chewing gum and walking at the same time.
By booting off of a different device, I can edit the hard drive on the machine and give myself admin access to that machine. This means I can disable any malware detectors and install software that will allow me to scan the domain for vulnerabilities.
Worse yet, if your machine is physically available, then I could install a keylogger there if I want to.
I've been in various casinos around the country and never play very big money, and I could have easily become an alcoholic on just those vists.
I don't play slots, but have many friends that do, and all get free drinks without even asking...basically a waitress comes up and asks "what do you want?", and the only money the waitress gets is a tip, regardless of the drink.
OK, so it sounds like you run a sweatshop where people show up at fixed times, punch in, use the computer, punch out when they go on break, punch back in, etc. Everything gets done during official working hours, and people leave exactly at quitting time.
Also, you don't have to swap the hard drive...you just need the case open for long enough to pull and replace the CMOS battery while the power cable is unplugged. The advantage to this method is that unless you do frequent physical audits of the machines that includes testing the BIOS settings, the pwnage can continue indefinitely.
I have webmail from anywhere, and can connect directly to the Exchange server using Outlook with the right config. I can VPN or Citrix in when I need "local" access.
And, I can do all this without being restricted to a work-provided machine because they trust me to be an adult and not misuse them. If I did, I'd be gone.
This is the problem with these IT lockdown discussions...IT tools are no different from the phones, copier, restrooms, or coffee machine. Abuse your rights to any of those and the company has a good reason to fire you, and IT tools should be exactly the same. Instead, most companies treat their employees like children as far as computers are concerned. Those companies get back pretty much what you'd expect in that situation...a bunch of people who are as petulant as kids who are told "no" but who probably have great deal more ability to get around the "problem".
The advantage of the approach where the system boots from a known image each time is that your lusers can get all the viruses, spyware, adware, etc., installed on their machine, but it won't be there for more than a few hours.
Who reboots their machines every few hours? My XP Pro install at work has 17 days of uptime, and the last time I logged in (other than unlocking the screen) was probably 10 days ago.
They can keep trying and trying, but there is no way for any of my users to install anything (small company - i'm the only one with admin rights), and all wireless connections are locked tight with encrypted keys + MAC filters.
Do you allow anyone to work unsupervised after (or before) hours? Do all of your computers either have physical locks or enabled intrusion detection switches?
Answer those questions wrong, and I'll be happy to show you that you are sadly mistaken about there being "no way for any of my users to install anything". And, if you don't have video cameras recording the office 24/7, you won't even know how it happened.
The only way to stop someone from bringing in porn to watch is to completely disable the ability for every work device to accept data from any non-work device.
This means no USB drives, no CD or DVD drives, no PDAs/cell phones that have web browsers (or any network connectivity).
I think if I worked in a place that restrictive that I would bring in printouts of hex dumps of porn movies and pictures and enter them by hand (BYTE magazine, anyone?) just so that management would have to ban keyboards, too.
Arguments that you 'want' to sync to your home system result in admonitions that corporate data is not to be on your home systems, in fact on nothing but provided corporate systems.
Great. That means no webmail, no VPN unless you give me a company laptop, etc. Which means as soon as I'm out the door, work will wait until I get back. If the customers (either internal or external) don't like that, I can just tell them "sorry, company policy".
I think you would be hard pressed to find any computer made after 2002 or so that doesn't have a serial port that can handle 19.2 Mbps.
High Speed USB 1.1/2.0 is 480 Mbps, and Firewire 400 is 386 Mbps.
Although USB can handle it, it's not the "serial port" that most people think of, and requires a lot more than just plugging in a cable.
If a standard serial port were used, in theory you could use any terminal program that takes data from the serial port and dump it to disk and end up with the recording. But, with USB, you'll need to have a driver that can talk with the device that is doing the receiving. At that point, you might as well buy a USB ATSC tuner just like TFA suggests.
If you use a DNS blocking list (DNSBL) for e-mail, you will stop receiving any e-mail, because every lookup will always return a "found", and DNSBLs work by returning NXDOMAIN if the site isn't listed, and returning an IP address if it is.
I'm a little fuzzy on how opt-out can be cookie based.
When your web browser does the DNS lookup for "nosuch.domain.com", it asks the OS, and the OS does the lookup. If the DNS server you are using returns a "hijacked" result, how can a browser cookie (that isn't sent until the HTTP request is sent) make a difference?
I can see that the resulting hijack server could use the cookie to know you don't want to see the ad-covered web page, but how does it get back into a "host not found" error that isn't completely borked up? The only thing it can do at that point is to redirect to something that doesn't exist, but then the error message for "http://nosuch.domain.com" would talk about "http://169.254.1.1/" or something similar.
I suppose they could also look at the user agent and send back a page that looks like the default "host not found" error page for the browser in question. Even without knowing a lot about how important DNS is, the more you look at this, the idea of hijacking DNS to show ads that nobody cares about becomes dumber and dumber.
Let's say it takes 4 hours to build a reasonable MythTV box, install and configure it. $200 for this thing. $200/4 hours = $50/hour. For me personally, my time is worth way more per hour than that -- it makes more sense to go the prepackaged route.
You're making the very bad assumption that it will take zero time to get the "prepackaged" version going.
Since it is software for your PC, it has all the problems that any software for your PC would have: does other software conflict with it, does it support your hardware, etc. Installing and configuring this isn't going to be a zero-time project.
Also, unless you are a very rare person, your time isn't worth more much more than $50/hour. You have to bill at $210/hour full time (2080 hours a year) for your time to be worth $50/hour. Of course, you could be very special and be able to work 20+ hours a day every day of your life and get that charge down to only $60/hour.
I don't use MythTV yet, but I'm going to be moving that way soon for my OTA recording. Right now, I use the MyHD card, and it doesn't offer the full PVR experience, but the install and configure takes less than an hour and then it just works at recording. I haven't fiddled with the software or TV hardware in either of the machines running this card for nearly two years, although I have replaced other hardware that dies, which is one of the advantages to not buying a pre-built DVR.
I'd like to make it dump the raw data directly to a PC (perhaps over a serial port), so that I can read the raw MPEG2 data as it streams-in over the antenna.
There are very few serial ports in PCs that can handle the 19.2Mbps that ATSC transmists.
Unless you have seen one that can be set to 19200000,N,8,1, I think you'll have to look some other way. As long as this software doesn't use a very limited list of esoteric tuners in the "supported" list, you should be able to pick one up for $50 or so, with a dual-tuner model well south of $150.
Net "neutrality" (I am still bewildered about how that term is valid) seems like a big excuse for ISPs in the US to punish their customers.
It's a big excuse for ISPs in the US who chose not to re-invest in their ifrastructure with the billions of tax break dollars they received in the past decade.
In particular, cable companies here have done nothing to improve their core. They kept ramping up the claimed speeds in the last mile, but never bothered to fix their core networking so it could handle all those leaf nodes at full speed. Pretty much every cable company in the US requires transit from some other ISP before they hit major backbones, and they pay dearly for that.
But, the ISPs that did any forward thinking and build out are not punishing their customers with total byte caps or speeds reduced from maximum.
I run my own primary DNS server, but there are times that machine needs to be down, while the service machines are not. But, nobody could get to anything while the DNS server was down unless they had the name in their cache.
So, I signed up with DNS Made Easy for $15/year and get 3 DNS servers as secondary DNS, but those three are really many boxes around the world. For not much more, you can have them host all your DNS. They don't have API support, though, so it's not for the original question poster.
The point is to introduce a cap in order to make it part of their bandwidth policy. Now in time as users fully accept a cap, Comcast will slowly creep the cap down from 250 GB. It's a whole lot cheaper (millions of dollars) to simply change a number than to lay down more fiber.
They can just leave the cap at 250GB. It won't be long until "normal" users start to hit that as web pages grow heavier, even more free (or cheap) legal media is available, and more devices are developed that couldn't really exist until the bandwidth was there (Slingbox, etc.).
There is nothing that prevents that app that displayed the dialog from doing the same thing for clicking "OK", "Yes" or the close box (if there is one).
It's not good practice for a real app, but there are a lot of bad programmers out there.
Why? Does the mail server you are trying to connect to not support the latest SMTP RFC?
Using "EHLO" can give you extended information that tells you the capabilities of the mail server, and when you're trying to diagnose a problem, that's a good thing. Many times I have figured out a mail server is misconfigured from only the response to "EHLO".
Even known terrorist groups are now using "non-traditional" people as attackers, so either positive (i.e., "you look like a terrorist") or negative ("you don't look like a terrorist") profiling will cause too many false positives and negatives.
Second, it wouldn't be surprising to see people that aren't part of the "traditional" terrorist groups perfoming acts of terror for reasons unrelated to the political goals of groups like al-Qaida. In the US, it might be one of the "militias", while in Germany it might be a neo-Nazi. There might even just be a nutjob who got fired from an airline. If you're going to have terrorist screening slowing down airports, bus terminals, etc., then you want to catch all terrorists, not just ones that fit some previous profile.
<rant>It really pisses me off that all the steps taken to "protect" us are completely reactive. Sure, there's the standard behind-the-scenes investigations that have always taken place, but all the general-public screening is reactive. So, when several groups of terrorists shoot up a bunch of shopping malls, then we'll have screening at the entrance to every shopping mall, but until then, nobody would even consider unobtrusive metal detectors at every entrance, yet if this hardware really works, it would be great to install in those shopping malls.</rant>
I have noticed that greylisting isn't quite as effective as it once was, because lots of spammers are actually using real queueing mail senders now.
I haven't noticed a lot of reduction in effectiveness in my homebrew greylisting implementation, but I also temporarily blacklist IPs that send spam or viruses using a exponential scoring system (e.g., send one spam and you get blocked for an hour, send 20 and you get blocked for 16 days, while 100 gets you blocked for a year and half).
Slashdot Mirror
First, I can read 17 USC as well as the next guy, and it's pretty clear:
the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright
That doesn't say, "is a defense against a lawsuit for infringement". That says "is not an infringement of copyright". So, if you are doing any of those things, you are not infringing, and you don't need a "defense".
The gray area is what, exactly, is meant by "fair use". The list of examples given shows what the law intended, but defining it specifically is maybe not as easy. Still, I'm pretty sure that saying "this code sucks because of this buggy line right here" would fall under "criticism". If you word it a little differently, I think "research" would apply.
Second, there really is no need for an affirmative fair use right unless you are distributing copies, as like anything else, if the right isn't granted or limited to a specific group or person, it is reserved for "all the people". For computer software source code, here is the complete list of all "the exclusive rights to do and to authorize" that the copyright holder has:
For everything else, the copyright holder has no special rights.
What this means is that until you distribute something copyrighted by someone else, you are not infringing, and you don't need to worry about a "defense". So, re-compile that code and test it as much as you want...you aren't infringing on copyright. Or, print out thousand copies and store them in your basement if that floats your boat...you may be crazy, but you're not infringing on copyright.
And it has been substantially eroded, and continues to be.
The "erosion" of fair use is primarily because of the back door of "no circumvention" Otherwise, "fair use" has done nothing but increase. Time shifting and device shifting have been upheld by courts as "fair use", and ventures like YouTube have greatly expanded fair use through more lawsuits over the length and completeness of copies.
It is possible to have disclosed source code with "All Rights Reserved", such that nobody would ever have rights to compile the code.
"All rights reserved" has a very specific meaning with respect to copyright, and not being able to compile code isn't included among those.
The phrase is actually shorthand for "all copyright rights reserved", and nowhere in 17 USC is "compling" mentioned as a form of copyright infringement.
It's exactly the same as MLB or the NFL trying to convince you that you need "express written permission" to copy a portion of the broadcast of the game. Those entities would like you to believe that their copyright rights can allow them to do that, but that's not the way it works. The same is true for "all rights reserved". Damn near every book published today says "all rights reserved" on the copyright page, but that doesn't change the fact that you can copy snippets of the book for your book review, or even copy every page of the book...as long as you don't distribute that exact duplicate, you are 100% within your rights.
Since it prevents derivative works and redistribution, we'd be unable to include code snippets in any report. We would be legally unable to modify the software for the purpose of testing bug fixes.
I hope that you actually understand copyright better than you appear to with this statement.
If you make the source code of "open source" software available, it is no different from publishing it as a book. In the case of a book, you get the "source code" by obtaining a copy the book (either by purchasing, borrowing, etc.). How you obtain the source to the software is unimportant as long as you obtained the copy legally, and even that might be a gray area.
After that, normal copyright law—including fair use—applies. So, you most certainly can publish code snippets in a report, because a report would be considered a review or criticism. It's important to understand that "licenses" on freely available source code can't remove rights that are available for normal copyright...they can only increase the end user rights. Most often, this increase is giving someone who does not hold the copyright a license for distribution, sometimes with some restrictions on that distribution.
Although some of this might not apply if obtaining the source required signing some sort of restrictive personalized contract (as opposed to being able to download it anonymously), something quite literally freely available to anyone would certainly allow normal fair use, regardless of any "license" to the contrary. This would include re-compiling to test bug fixes.
Despite any "license", copyright allows people to do pretty much anything with a copyrighted work for their own personal use. Now, whether you could publish your "derivative work" that is the bug fix...that's another story. But, you almost certainly could publish just the fix as "criticism" as part of fair use. You certainly might get sued for this, but then you might get sued for chewing gum and walking at the same time.
You're still missing the point.
By booting off of a different device, I can edit the hard drive on the machine and give myself admin access to that machine. This means I can disable any malware detectors and install software that will allow me to scan the domain for vulnerabilities.
Worse yet, if your machine is physically available, then I could install a keylogger there if I want to.
I've been in various casinos around the country and never play very big money, and I could have easily become an alcoholic on just those vists.
I don't play slots, but have many friends that do, and all get free drinks without even asking...basically a waitress comes up and asks "what do you want?", and the only money the waitress gets is a tip, regardless of the drink.
OK, so it sounds like you run a sweatshop where people show up at fixed times, punch in, use the computer, punch out when they go on break, punch back in, etc. Everything gets done during official working hours, and people leave exactly at quitting time.
Also, you don't have to swap the hard drive...you just need the case open for long enough to pull and replace the CMOS battery while the power cable is unplugged. The advantage to this method is that unless you do frequent physical audits of the machines that includes testing the BIOS settings, the pwnage can continue indefinitely.
Yes, they do.
I have webmail from anywhere, and can connect directly to the Exchange server using Outlook with the right config. I can VPN or Citrix in when I need "local" access.
And, I can do all this without being restricted to a work-provided machine because they trust me to be an adult and not misuse them. If I did, I'd be gone.
This is the problem with these IT lockdown discussions...IT tools are no different from the phones, copier, restrooms, or coffee machine. Abuse your rights to any of those and the company has a good reason to fire you, and IT tools should be exactly the same. Instead, most companies treat their employees like children as far as computers are concerned. Those companies get back pretty much what you'd expect in that situation...a bunch of people who are as petulant as kids who are told "no" but who probably have great deal more ability to get around the "problem".
The advantage of the approach where the system boots from a known image each time is that your lusers can get all the viruses, spyware, adware, etc., installed on their machine, but it won't be there for more than a few hours.
Who reboots their machines every few hours? My XP Pro install at work has 17 days of uptime, and the last time I logged in (other than unlocking the screen) was probably 10 days ago.
They can keep trying and trying, but there is no way for any of my users to install anything (small company - i'm the only one with admin rights), and all wireless connections are locked tight with encrypted keys + MAC filters.
Do you allow anyone to work unsupervised after (or before) hours? Do all of your computers either have physical locks or enabled intrusion detection switches?
Answer those questions wrong, and I'll be happy to show you that you are sadly mistaken about there being "no way for any of my users to install anything". And, if you don't have video cameras recording the office 24/7, you won't even know how it happened.
The only way to stop someone from bringing in porn to watch is to completely disable the ability for every work device to accept data from any non-work device.
This means no USB drives, no CD or DVD drives, no PDAs/cell phones that have web browsers (or any network connectivity).
I think if I worked in a place that restrictive that I would bring in printouts of hex dumps of porn movies and pictures and enter them by hand (BYTE magazine, anyone?) just so that management would have to ban keyboards, too.
Arguments that you 'want' to sync to your home system result in admonitions that corporate data is not to be on your home systems, in fact on nothing but provided corporate systems.
Great. That means no webmail, no VPN unless you give me a company laptop, etc. Which means as soon as I'm out the door, work will wait until I get back. If the customers (either internal or external) don't like that, I can just tell them "sorry, company policy".
I assume the 20 minutes you spent writing this post was on your break and not listed on your timesheet as "continuing technical education".
I think you would be hard pressed to find any computer made after 2002 or so that doesn't have a serial port that can handle 19.2 Mbps. High Speed USB 1.1/2.0 is 480 Mbps, and Firewire 400 is 386 Mbps.
And why does it have to be serial?
electrictroy asked for serial in his post.
Although USB can handle it, it's not the "serial port" that most people think of, and requires a lot more than just plugging in a cable.
If a standard serial port were used, in theory you could use any terminal program that takes data from the serial port and dump it to disk and end up with the recording. But, with USB, you'll need to have a driver that can talk with the device that is doing the receiving. At that point, you might as well buy a USB ATSC tuner just like TFA suggests.
And, the reverse that others have mentioned.
If you use a DNS blocking list (DNSBL) for e-mail, you will stop receiving any e-mail, because every lookup will always return a "found", and DNSBLs work by returning NXDOMAIN if the site isn't listed, and returning an IP address if it is.
I'm a little fuzzy on how opt-out can be cookie based.
When your web browser does the DNS lookup for "nosuch.domain.com", it asks the OS, and the OS does the lookup. If the DNS server you are using returns a "hijacked" result, how can a browser cookie (that isn't sent until the HTTP request is sent) make a difference?
I can see that the resulting hijack server could use the cookie to know you don't want to see the ad-covered web page, but how does it get back into a "host not found" error that isn't completely borked up? The only thing it can do at that point is to redirect to something that doesn't exist, but then the error message for "http://nosuch.domain.com" would talk about "http://169.254.1.1/" or something similar.
I suppose they could also look at the user agent and send back a page that looks like the default "host not found" error page for the browser in question. Even without knowing a lot about how important DNS is, the more you look at this, the idea of hijacking DNS to show ads that nobody cares about becomes dumber and dumber.
Let's say it takes 4 hours to build a reasonable MythTV box, install and configure it. $200 for this thing. $200/4 hours = $50/hour. For me personally, my time is worth way more per hour than that -- it makes more sense to go the prepackaged route.
You're making the very bad assumption that it will take zero time to get the "prepackaged" version going.
Since it is software for your PC, it has all the problems that any software for your PC would have: does other software conflict with it, does it support your hardware, etc. Installing and configuring this isn't going to be a zero-time project.
Also, unless you are a very rare person, your time isn't worth more much more than $50/hour. You have to bill at $210/hour full time (2080 hours a year) for your time to be worth $50/hour. Of course, you could be very special and be able to work 20+ hours a day every day of your life and get that charge down to only $60/hour.
I don't use MythTV yet, but I'm going to be moving that way soon for my OTA recording. Right now, I use the MyHD card, and it doesn't offer the full PVR experience, but the install and configure takes less than an hour and then it just works at recording. I haven't fiddled with the software or TV hardware in either of the machines running this card for nearly two years, although I have replaced other hardware that dies, which is one of the advantages to not buying a pre-built DVR.
I'd like to make it dump the raw data directly to a PC (perhaps over a serial port), so that I can read the raw MPEG2 data as it streams-in over the antenna.
There are very few serial ports in PCs that can handle the 19.2Mbps that ATSC transmists.
Unless you have seen one that can be set to 19200000,N,8,1, I think you'll have to look some other way. As long as this software doesn't use a very limited list of esoteric tuners in the "supported" list, you should be able to pick one up for $50 or so, with a dual-tuner model well south of $150.
Net "neutrality" (I am still bewildered about how that term is valid) seems like a big excuse for ISPs in the US to punish their customers.
It's a big excuse for ISPs in the US who chose not to re-invest in their ifrastructure with the billions of tax break dollars they received in the past decade .
In particular, cable companies here have done nothing to improve their core. They kept ramping up the claimed speeds in the last mile, but never bothered to fix their core networking so it could handle all those leaf nodes at full speed. Pretty much every cable company in the US requires transit from some other ISP before they hit major backbones, and they pay dearly for that.
But, the ISPs that did any forward thinking and build out are not punishing their customers with total byte caps or speeds reduced from maximum.
You can do both
I run my own primary DNS server, but there are times that machine needs to be down, while the service machines are not. But, nobody could get to anything while the DNS server was down unless they had the name in their cache.
So, I signed up with DNS Made Easy for $15/year and get 3 DNS servers as secondary DNS, but those three are really many boxes around the world. For not much more, you can have them host all your DNS. They don't have API support, though, so it's not for the original question poster.
The point is to introduce a cap in order to make it part of their bandwidth policy. Now in time as users fully accept a cap, Comcast will slowly creep the cap down from 250 GB. It's a whole lot cheaper (millions of dollars) to simply change a number than to lay down more fiber.
They can just leave the cap at 250GB. It won't be long until "normal" users start to hit that as web pages grow heavier, even more free (or cheap) legal media is available, and more devices are developed that couldn't really exist until the bandwidth was there (Slingbox, etc.).
There is nothing that prevents that app that displayed the dialog from doing the same thing for clicking "OK", "Yes" or the close box (if there is one).
It's not good practice for a real app, but there are a lot of bad programmers out there.
Why? Does the mail server you are trying to connect to not support the latest SMTP RFC?
Using "EHLO" can give you extended information that tells you the capabilities of the mail server, and when you're trying to diagnose a problem, that's a good thing. Many times I have figured out a mail server is misconfigured from only the response to "EHLO".
Even known terrorist groups are now using "non-traditional" people as attackers, so either positive (i.e., "you look like a terrorist") or negative ("you don't look like a terrorist") profiling will cause too many false positives and negatives.
Second, it wouldn't be surprising to see people that aren't part of the "traditional" terrorist groups perfoming acts of terror for reasons unrelated to the political goals of groups like al-Qaida. In the US, it might be one of the "militias", while in Germany it might be a neo-Nazi. There might even just be a nutjob who got fired from an airline. If you're going to have terrorist screening slowing down airports, bus terminals, etc., then you want to catch all terrorists, not just ones that fit some previous profile.
<rant>It really pisses me off that all the steps taken to "protect" us are completely reactive. Sure, there's the standard behind-the-scenes investigations that have always taken place, but all the general-public screening is reactive. So, when several groups of terrorists shoot up a bunch of shopping malls, then we'll have screening at the entrance to every shopping mall, but until then, nobody would even consider unobtrusive metal detectors at every entrance, yet if this hardware really works, it would be great to install in those shopping malls.</rant>
That eventually leads to a system where every human is a terrorist, at least according to the machines.
I have noticed that greylisting isn't quite as effective as it once was, because lots of spammers are actually using real queueing mail senders now.
I haven't noticed a lot of reduction in effectiveness in my homebrew greylisting implementation, but I also temporarily blacklist IPs that send spam or viruses using a exponential scoring system (e.g., send one spam and you get blocked for an hour, send 20 and you get blocked for 16 days, while 100 gets you blocked for a year and half).