Are you seriously suggesting that what separates a good movie from a lackluster movie is money? Is that really what you want to argue? What about movies that take a lot of money to make, but do poorly due to the fact that they suck?
Of course I am! Spending money doesn't guarantee success (see Mission Earth for a good example) But name a blockbuster movie that DIDN'T involve a billion-dollar budget.
Can you name an example of a movie that was "good" but wasn't profitable due to "pirating"?
Sure can. China has over a BILLION people. China also has crap for Intellectual Property law. Are you going to tell me that despite having 5 TIMES the population of the United States, that a decent movie idea hasn't come out of there? And, perhaps you could tell me where the epicenter of the large, booming Chinese movie industry is?
Where's the Chinese version of the Matrix? Their movie industry is weak and pathetic.
I didn't say all content should be free. It's easy to win an argument when you make up the opposing side from whole cloth.
No, but later in this post you imply that very strongly when you write: Anyone can make anything, but they are not and should not be entitled to make money from it. What part of my "straw man" argument is not well supported by a statement like this?
Indirect theft? Is that when I steal from someone who has stolen?
Pay close attention: Copying copyrighted materials in an infringing way reduces the likelyhood of a purchase of that material. In an indirect way, such activities take away the profit potential of said created material. I know it's a very difficult concept for you to understand, and that's why words like "idiot" come to mind. Sorry you're taking it personally. Feel free to call me a "shill" or something if it makes you feel better.
Why do we want to let the creator decide how they get compensated?
Because they created it. It's theirs. We want to encourage more to be created so we all have something to enjoy. I like good quality software, (like Linux, OpenOffice, KDE) good quality books (Arthur C. Clarke, Larry Niven, etc) and good quality music (my tastes vary from Coldplay to Michael Buble to Depeche Mode) and movies that are worth watching. (the Matrix, or Amadeus)
None of these would be possible without strong Intellectual Property laws that specifically guarantee rights to content creators, restrict the rights of content consumers and prohibit what we'd today call piracy.
The most successful creators/businesses/etc figure out what their target audience wants and then figure out how to profit by getting it to them.
Here we might agree, just a tad. If DRM, etc are really not what consumers want, they won't buy. If producers don't make money, they'll be forced to shift their tactics.
But where we disagree is that it's ethically not up to you, the consumer, to unilaterally decide these terms, much as it's ethically not up to the consumer to decide whether or not to pay for an apple being taken in either case. If you take the apple, even a "copy" of an apple I created without my permission as the creator of the apple, then you have taken something from me, if only the potential for profit on the created apple.
That's a form of theft, and that's wrong.
The entire "zomg pirates" rationale hinges on the idea that a huge percentage of consumers don't buy anything that is in any possible manner freely obtainable. If that were the case, no one would buy just about anything.
Really? How do you come to that conclusion? Please provide some kind of supporting information?
That's pretty much the definiton of "not giving the consumer what they want."
And if that's the case, consumers won't buy. But it's not up to YOU, the consumer, to unilaterally change the terms of the deal. Don't like it? Don't buy it. But you ARE being an idiot if you honestly believe that committing acts of piracy because you don't like some aspect of doing it legitimately (EG: the price) is morally defensible.
I don't see any reason why all of those things are integrated and not seperate addons. And that list gets bigger with each new version.
For a seminal work that explains this concept to the intellectually unenlightened: Bloatware and the 80/20 myth. It's not that bloated, slow software is preferred, exactly, it's simply that so-called "bloat" features are actually an advantage.
I'd personally prefer that FF has automated updates. I noticed the spell-checker after an update, and think it's kinda nice, although my spelling is generally pretty good. The popup blocker is quite nice. The other features I just don't care about, and I never noticed any particular performance decrease on my dual-core, 2 GB RAM laptop. Thus, for me, this "bloat" is something I either like or don't mind.
Other people may think an RSS reader is DA SHIZNIT! Some people lean hard on the anti-phishing features. And they will find bloat just as tasteful as I do. Go ahead - read the article I linked to, and then think about it. Of the functionality, what 20% do you want? And, is that the same 20% that everybody else wants? There's the reason for your bloat.
Want just a browser and only a browser? It's open source code, dude. You are welcome to create a fork and do whatever you like with it.
This is of course why the legal fiction of "intellectual property" has become such a hot topic in the last 10 years or so. The feeling is that if I made something, under the "old" commercial system, in order for someone else to get that thing (during the tenure of my patent or copyright), someone must pay me for it since I am the only one who knows how to do it, has the equipment to do it, employ the people who have the knowledge to make it, etc. But now with digital things, anyone with the proper tools can make a copy and not have to pay me for it. Now, while that must suck, I've yet to understand why people feel entitled to make money from "stuff" they have.
It takes time and money to create the "stuff" in question.
While some people do it purely for the fun/love of doing it, even many of these also have to invest significantly to produce a quality, desirable result.
There are very, very VERY few "free" movies worth anything. There are a few Star Trek fan mini-movies that are almost watchable, usually about on par with the original (cheesy, campy) original ST series. Otherwise, that's it.
But, introduce money into the equation, and suddenly you get watchable, interesting content. So if we don't provide some mechanism to fund the creation of these valuable works, what do you suggest we do to encourage their creation?
Oh, that's right - you figure it all should be free, and you should have an unlimited right to take it, under the misguided notion that whether or not copyright infringement is stealing involves the other consumer?
Idiot. "Copyright infringement" is theft (directly or indirectly) from the producer of the copyrighted work! Even the beloved "super free" GPL only works in the presence of strong copyright law! I say that we let the producer decide how he/she/they want(s) to get compensated, and let the marketplace decide the best formula.
Seriously, Microsoft is getting ready to pull off their kid gloves, now. They are really, truly, in a rather scary position.
1) Their flagship product, Microsoft Windows, is selling very softly. Word on the street is "don't buy until Service Pack 1, at least". (Told to me by our local computer store, I might add) Dell has reverted to Windows XP. Lots of public institutions are making very public noises about switching to alternatives, such as Ubuntu. What's worse is that some are actually doing it, and it's working. Apple OSX is ballooning. People are sick of viruses and dumb security alerts. The cost of supporting Windows clients has been rising almost exponentially as the number of band-aids required to keep a Windows system running has exploded. Anti-virus, Anti-spyware, Firewall, Malicious Software Removal kit, r00tkit detectors, frequent software updates, it's just getting to be too much for any reasonable non-technie to manage.
2) Their next big product, Microsoft Office, is similarly under heavy assault. The Massachussetts ODF debacle brought to the forefront the basis of Microsoft's lock-in, and jurisdictions are switching rapidly to ODF, PDF, and other open formats. Just today, we saw Norway joining the fray.
3C) Lastly, it's just not as relevant anymore. New apps today are commonly web-based, partly to avoid the problems inherent in client-side software.
Case in point: I had a school contact me JUST TODAY and ask if our product (normally Windows/Mac) would work with WINE. (No need for WINE - it's GTK-based)
4) They've almost completely failed to diversify their product line despite trying for over 10 years to do so. They have other, profitable products, but the amount earned by MSN and Xbox is a pittance compared to what Windows and Office earn for them.
So why wouldn't they fight back with whatever they have? They're SCARED SILLY. They have BILLIONS of dollars in their war chest, and their revenue stream might be flat, but there's still an INSANE amount of cash available. They won't take this lying down, folks.
Get ready for the fight of your lives - this will make SCO look like yesterday's donuts.
Don't go up against these guys unless your self control is rock solid AND you understand this technique. Be ready to say something like "much as you might prefer otherwise, I'm not being "audited", I'm not standing here with tin cans in my hand looking like an idiot, you're not going to get me to blow up". Turn it back on 'em, they'll start foaming at the mouth. If a Rondroid is trying to get you pissed, ASSUME there's a camera pointing your way.
Actually, it's far, far more intensive than you describe. Scientologists practice "pushing buttons" hour after hour after hour on a course called the "Pro TRs". In this course, you practice:
1) How to seem completely relaxed and calm in nearly any circumstance. You sit in a chair in various places, both private and public, while somebody watches you intently for any outward sign of discomfort.
2) How to not "lose it" despite having somebody right in front of you trying to get you to. You sit in a chair and try to appear completely calm and relaxed while somebody is authorized to do ANYTHING to try to get you to react. They are encouraged to use any means to "get you", including jeering, screaming, feaux sexual come-ons, depictions of anal sex, teasing, yelling, etc.
3) How to lie effectively and believably. It's called "originating a communication", and the practitioner sits in a chair (notice a theme here?) facing another person. The practitioner then has to say ridiculous, nonsense things from a list, convincingly. The practitioner repeats this until he/she can say virtually anything with conviction and apparent honesty, no matter how crazy.
It goes on and on - I think I've covered maybe the first days of a weeks long course. Also included:
How to order somebody to do something with enough conviction to do something they don't want to.
How to effectively project communication at a distance with apparent ease.
How to appear physically intimidating/threatening without appearing overtly hostile.
How to physically direct somebody who's openly defiant.
And on and on and on. If you want to "go up" against these guys, you'd better practice first. Do like "The Sims" and practice your charisma and your calm very, very intensively first - you're going to need it!
Time for ISPs to stop being so nicey-nice about this.
Being nice is a good way to keep customers. Being "un-nice" is a good way to lose them. Losing paying customers is usually bad for business.
1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email. 2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network. 3) Customer who can't send mail is irate and calls ISP tech support hotline. 4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.
Bam problem solved.
More like: Bam revenue lost.
But, rather than tell the customers to shove off, the ISP *could* offer to fix the problem for a reasonable fee. This could win HUGE karma points for the ISP, and could kick-start a highly profitable sideline business of fix/repairing the computers.
So, do it. It's an open-source world, after all. Write something together - a simple perl script, perhaps - and release it! You just might be surprised at what happens, and you're pretty much guaranteed to learn something, if only how to code something in perl!
it's h4x0rs using stupid routes to DDOS one or more machines on the route as well as whatever machine they're addressing.
This bug sounds alot like one that I got bitten with years ago - source routing.
RedHat 6.2 came with source routing turned on by default. Since I was using a RH 6.2 system as my router/firewall, this was particularly damning, and allowed them to compromise my X11 workstation more than once. I played cat and mouse with a hax0r who penetrated my otherwise very stiff firewall for over a month, before finding out that he/she/they were using source routing to bypass all my carefully crafted firewall rules.
It was only when I set up a "default deny/log" ruleset, enabling ONLY OUTBOUND WWW/SSH/POP/SMTP connections that I found the truth.
So, I've checked source routing on every load of RH Linux when used as a firewall ever since. It's been turned off by default with every release from 7.x on, including CentOS 4.x which I'm using today.
Source routing was a bad idea then, and is a bad idea now. I will be a bad idea 10 years from now, too. Why did ipv6 re-implement this bad idea?
PS: I still don't get why RH killed their "RedHat Linux" line. I mean, I manage about a dozen mini/embedded servers and was happy to give RedHat $5/month each for security updates - and then they had to go and shoot for the moon with their "Enterprise" line. Now they get nothing from me. I never even called them for support! Maybe my 12*5*12=$720 per year doesn't matter, but that's close to a grand every year that I was happy to pay.
Guess I should be happy to save the $720/year, but it still doesn't make sense to me./shrug
Seriously though, estonia? Raise your hand if you know where that is. The only reason I ever recognize that is because I just finished a European History class where we had to memorize the current map of Europe, I'm sure if you asked me last year (or next year:P) I wouldn't know.
Estonia... Estonia... Eh.....
Isn't that somewhere in Asia? North of Elbonia, by Kamchatka?
Oh, just admit it: the law is the OS of the land, and legislation is source code. Legislators and lawyers are the coders.
Adding weight to this is the fact that many people who are today either lawyers or programmers carefully considered both professions before choosing.
My lawyer started out as a software engineer in the 1970s before switching to law. In the early 90's I was heavily involved in paralegal work before deciding to focus on software and computer technology.
And as an example, we aren't particularly special.
What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.
Sort of. Your conclusion that this would work is a result of looking at security only from a limited context. While this does limit the damage of a single type of attack (virus meddling with O/S files) it doesn't do anything at all to defend against the many other forms of online attacks.
To wit:
What about phishing attacks that try to trick you into "logging in" to a bogus website?
What about keyloggers that get your credentials as you type them?
What about viruses that run inside the sandbox, blasting out SPAM while your kid peruses myspace?
What about cross-site scripting attacks that lift private information out of your sessions and cookies?
What about "user-space" viruses and worms that do not infect your Operating System, but rather operate 100% in userland? We'll see more of these as MacOS/Linux adoption increases.
Rather than band-aid a hackjob of an Operating System with yet another layer of duct tape, we need to design a system that is intrinsically secure against these and other forms of attack. Engineered directly into this system should be not only protections for the Operating System, but protections for the user as well!
Your post got me to thinking about using color instead of blank space to separate text.
I put together some prototypes based on this, trying to maintain the word density but still making it easier/faster to read.
Results surprised me a bit - using color to differentiate lines works quite well after a very short adjustment stage! Try it out - the results might surprise you!
You don't charge mystery writers for murder just because they show in detail how to do so. You don't charge news reporters with breaking-and-entering because they communicate to the public how breaking-and-entering was performed. You don't censor history books because they outline how to commit acts of genocide.
In none of these cases is talking about it a crime. It's also not a crime to talk about releasing the decryption key. But releasing the encryption key IS illegal under current law.
I'm not arguing that it SHOULD be illegal, only that it is. Don't confuse "legal" with "right". Lots of things are legal that are unethical, and lots of things are ethical but illegal. But let's spend our time discussing reality instead of some contrived misunderstanding, OK?
I'll be googling 5D 09 7F B4 60 B8 FB BD D0 2B 6A A3 F2 F6 AB CA everyday until I win that lotto jackpot... and don't think I won't. I'm crazy enough to do it. I swear I am. Really.
Yeah, funny, and all that. But people here frequently don't get the point.
It's not the number - it's the context of the number. Yes, I can use this number for my WEP key. I can print it on my T-shirt, print it on toilet paper and wipe my ass with it. I can do whatever you want with this number so long as I don't identify it as the decryption key for YOUR encrypted data.
Here's another example: A tennis racket. By itself, a tennis racket is made for whacking tennis balls. However, I could whack YOU with the racket, and suddenly its role changes from "sporting equipment" to "deadly weapon". But it's the same piece of equipment, and yes, a tennis racket is a plenty good enough weapon to kill somebody with.
It's not the racket itself that's deadly, it's the context for how its used or presented. There's a world of difference between "I'm going to whack the ball" and "I'm going to whack your balls"...
By publishing this number along with phrases like "decryption key for NNN", you've crossed the line from just some random number to establishing the context of the number as somehow important.
So please, please PLEASE get the point - having and/or publishing a number, any number, isn't illegal. Publishing that this number (instead of the billions/trillions of others like it) is the decryption key for $FOO is what's illegal.// now done with armchair legal advice, resuming programming, IANAL YMMV and all that jazz//
Perhaps you missed the part about me having backups?
I have 2 Cf-30 touchbooks. I gladly toss the thing 1-2 stories into the sand at a construction site, It will ride around in the open back of a pickup truck and it looks like it is beat to hell.
If it breaks I go "eh" pull the drive cage and simply fire up the spare, call work to order me a new replacement and then continue as I go.
Be glad you don't work for me - If I caught any of my employees abusing company equipment like that, I'd fire them.
I have three laptops. (one primary, and two older ones) When something goes wrong, it typically costs me a few hours to get back up and running whilst I swap hard drives around, synch drives, restore from backups, etc. Since I use Linux, swapping things around is usually not much of a hassle, and I know that I could run over my machine(s) with a mack truck and be back up and running in just a few hours.
But I still am careful how my primary laptop gets treated - 4 hours lost productivity can cost me hundreds of dollars, and I'm careful how it gets treated. And it still upsets me when things go wrong.
It's normal for people to bond with people/things that are necessary to their survival.
I've bonded very thoroughly with my laptop - it's name is Turing. I jealously clutch it when I travel. Whenever I put it down, I'm very careful to ensure that there's no stress on any cables, plugs, etc. It contains years of professional information and wisdom - emails, passwords, reams and reams of source code, MP3s, pictures, etc.
Yes, I have backups that are performed nightly Yes, I've had problems with the laptop and every few years I replace it with a new one. That doesn't change the bonding - every time there's a problem it's upsetting to me.
Am I crazy? Perhaps. But there's good reason for the laptop to be so important to me - it is the single most important tool I use to support my wife and 6 children, which are the most important things in the world to me. My workload is intense, my software is ambitious, my family is large and close, and this laptop is my means of accomplishing my goals.
If I can get attached like this to something over my professional career, it wouldn't be out of norm for strong emotional reactions towards something preserving your very existence day after day.
We produce software for school districts, and had decided that we were going to support Moodle. So much so that we even announced it to our clientelle. So we spent a significant amount of time studying it and learning how it works.
Moodle is a usability and training nightmare, with dozens of confusing (and usually superfluous) options on every screen. If you happen to be VERY technically oriented, it's probably not so bad, but trying to train the average teacher on how to use and set up a class is simply a joke. It's not just a tweak or two - the whole thing needs a serious revamp with usability in mind. That kind of investment, along with the staff training that we'd have to do in order to take advantage of it is simply more than we can afford.
And, looking at the sources, it's a festering pile of echo statements hacked up in PHP - not a codebase conducive to any kind of basic architectural improvement short of a rewrite.
The license is good, but although we'd LOVE to support Moodle, we simply can't afford to!
But I can't make heads or tails of an analogy if it doesn't involve a car, somehow.
So, to wit:
"This is like comparing a Ferrari with a Ford F-150, without acknowledging that there are in-between solutions that have advantages of their own. Ford Pintos (and Chrysler Minivans) being one example. [sic]"
If the RIAA doesn't fully explore evidence before suing people over then they have no right to continue suing people. It would be like the police bringing a case against a suspected murderer and asking, in the trial, to search the house, car etc. to find evidence.
Ever heard of discovery? Here's how they do it in Utah, USA, on the first page of a Google search for discovery in criminal cases. Gathering supporting facts for a trial after prosecution is not only routine, it's actually part of normal flow of the legal process.
That's not how the legal system is supposed to work. Trial is supposed to be the last thing in a long line of to do's, one of which is verifying that you've got the right person. The RIAA doesn't do that long list, which is horribly wrong but not quite illegal, and more and more often it's coming back to haunt them.
It's generally a good idea to know what you're talking about BEFORE making a post...
There are two kinds of fool. One says 'This is old therefore good.' And one says 'This is new therefore good'- Dean Inge
Slashdot Mirror
Are you seriously suggesting that what separates a good movie from a lackluster movie is money? Is that really what you want to argue? What about movies that take a lot of money to make, but do poorly due to the fact that they suck?
Of course I am! Spending money doesn't guarantee success (see Mission Earth for a good example) But name a blockbuster movie that DIDN'T involve a billion-dollar budget.
Can you name an example of a movie that was "good" but wasn't profitable due to "pirating"?
Sure can. China has over a BILLION people. China also has crap for Intellectual Property law. Are you going to tell me that despite having 5 TIMES the population of the United States, that a decent movie idea hasn't come out of there? And, perhaps you could tell me where the epicenter of the large, booming Chinese movie industry is?
Where's the Chinese version of the Matrix? Their movie industry is weak and pathetic.
I didn't say all content should be free. It's easy to win an argument when you make up the opposing side from whole cloth.
No, but later in this post you imply that very strongly when you write: Anyone can make anything, but they are not and should not be entitled to make money from it. What part of my "straw man" argument is not well supported by a statement like this?
Indirect theft? Is that when I steal from someone who has stolen?
Pay close attention: Copying copyrighted materials in an infringing way reduces the likelyhood of a purchase of that material. In an indirect way, such activities take away the profit potential of said created material. I know it's a very difficult concept for you to understand, and that's why words like "idiot" come to mind. Sorry you're taking it personally. Feel free to call me a "shill" or something if it makes you feel better.
Why do we want to let the creator decide how they get compensated?
Because they created it. It's theirs. We want to encourage more to be created so we all have something to enjoy. I like good quality software, (like Linux, OpenOffice, KDE) good quality books (Arthur C. Clarke, Larry Niven, etc) and good quality music (my tastes vary from Coldplay to Michael Buble to Depeche Mode) and movies that are worth watching. (the Matrix, or Amadeus)
None of these would be possible without strong Intellectual Property laws that specifically guarantee rights to content creators, restrict the rights of content consumers and prohibit what we'd today call piracy.
The most successful creators/businesses/etc figure out what their target audience wants and then figure out how to profit by getting it to them.
Here we might agree, just a tad. If DRM, etc are really not what consumers want, they won't buy. If producers don't make money, they'll be forced to shift their tactics.
But where we disagree is that it's ethically not up to you, the consumer, to unilaterally decide these terms, much as it's ethically not up to the consumer to decide whether or not to pay for an apple being taken in either case. If you take the apple, even a "copy" of an apple I created without my permission as the creator of the apple, then you have taken something from me, if only the potential for profit on the created apple.
That's a form of theft, and that's wrong.
The entire "zomg pirates" rationale hinges on the idea that a huge percentage of consumers don't buy anything that is in any possible manner freely obtainable. If that were the case, no one would buy just about anything.
Really? How do you come to that conclusion? Please provide some kind of supporting information?
That's pretty much the definiton of "not giving the consumer what they want."
And if that's the case, consumers won't buy. But it's not up to YOU, the consumer, to unilaterally change the terms of the deal. Don't like it? Don't buy it. But you ARE being an idiot if you honestly believe that committing acts of piracy because you don't like some aspect of doing it legitimately (EG: the price) is morally defensible.
It isn't, and you're just being stupid.
I don't see any reason why all of those things are integrated and not seperate addons. And that list gets bigger with each new version.
For a seminal work that explains this concept to the intellectually unenlightened: Bloatware and the 80/20 myth. It's not that bloated, slow software is preferred, exactly, it's simply that so-called "bloat" features are actually an advantage.
I'd personally prefer that FF has automated updates. I noticed the spell-checker after an update, and think it's kinda nice, although my spelling is generally pretty good. The popup blocker is quite nice. The other features I just don't care about, and I never noticed any particular performance decrease on my dual-core, 2 GB RAM laptop. Thus, for me, this "bloat" is something I either like or don't mind.
Other people may think an RSS reader is DA SHIZNIT! Some people lean hard on the anti-phishing features. And they will find bloat just as tasteful as I do. Go ahead - read the article I linked to, and then think about it. Of the functionality, what 20% do you want? And, is that the same 20% that everybody else wants? There's the reason for your bloat.
Want just a browser and only a browser? It's open source code, dude. You are welcome to create a fork and do whatever you like with it.
It takes time and money to create the "stuff" in question.
While some people do it purely for the fun/love of doing it, even many of these also have to invest significantly to produce a quality, desirable result.
There are very, very VERY few "free" movies worth anything. There are a few Star Trek fan mini-movies that are almost watchable, usually about on par with the original (cheesy, campy) original ST series. Otherwise, that's it.
But, introduce money into the equation, and suddenly you get watchable, interesting content. So if we don't provide some mechanism to fund the creation of these valuable works, what do you suggest we do to encourage their creation?
Oh, that's right - you figure it all should be free, and you should have an unlimited right to take it, under the misguided notion that whether or not copyright infringement is stealing involves the other consumer?
Idiot. "Copyright infringement" is theft (directly or indirectly) from the producer of the copyrighted work! Even the beloved "super free" GPL only works in the presence of strong copyright law! I say that we let the producer decide how he/she/they want(s) to get compensated, and let the marketplace decide the best formula.
then they ridicule you,
then they fight you,
then you win." -
-- Mahatma Gandhi
Seriously, Microsoft is getting ready to pull off their kid gloves, now. They are really, truly, in a rather scary position.
1) Their flagship product, Microsoft Windows, is selling very softly. Word on the street is "don't buy until Service Pack 1, at least". (Told to me by our local computer store, I might add) Dell has reverted to Windows XP. Lots of public institutions are making very public noises about switching to alternatives, such as Ubuntu. What's worse is that some are actually doing it, and it's working. Apple OSX is ballooning. People are sick of viruses and dumb security alerts. The cost of supporting Windows clients has been rising almost exponentially as the number of band-aids required to keep a Windows system running has exploded. Anti-virus, Anti-spyware, Firewall, Malicious Software Removal kit, r00tkit detectors, frequent software updates, it's just getting to be too much for any reasonable non-technie to manage.
2) Their next big product, Microsoft Office, is similarly under heavy assault. The Massachussetts ODF debacle brought to the forefront the basis of Microsoft's lock-in, and jurisdictions are switching rapidly to ODF, PDF, and other open formats. Just today, we saw Norway joining the fray.
3) Their big ace in the hole is the Windows API. But they're losing that on several fronts:
3A) The Windows API is the cause of many security problems, since it's a buggy, insecure, festering pile.
3B) Even so, it's being emulated, warts and all with increasing effectiveness with the WINE codebase.
3C) Lastly, it's just not as relevant anymore. New apps today are commonly web-based, partly to avoid the problems inherent in client-side software.
Case in point: I had a school contact me JUST TODAY and ask if our product (normally Windows/Mac) would work with WINE. (No need for WINE - it's GTK-based)
4) They've almost completely failed to diversify their product line despite trying for over 10 years to do so. They have other, profitable products, but the amount earned by MSN and Xbox is a pittance compared to what Windows and Office earn for them.
So why wouldn't they fight back with whatever they have? They're SCARED SILLY. They have BILLIONS of dollars in their war chest, and their revenue stream might be flat, but there's still an INSANE amount of cash available. They won't take this lying down, folks.
Get ready for the fight of your lives - this will make SCO look like yesterday's donuts.
Should Vendors Close All Security Holes?
Yes. Just like you should obey ALL TRAFFIC LAWS.
Next?
Don't go up against these guys unless your self control is rock solid AND you understand this technique. Be ready to say something like "much as you might prefer otherwise, I'm not being "audited", I'm not standing here with tin cans in my hand looking like an idiot, you're not going to get me to blow up". Turn it back on 'em, they'll start foaming at the mouth. If a Rondroid is trying to get you pissed, ASSUME there's a camera pointing your way.
Actually, it's far, far more intensive than you describe. Scientologists practice "pushing buttons" hour after hour after hour on a course called the "Pro TRs". In this course, you practice:
1) How to seem completely relaxed and calm in nearly any circumstance. You sit in a chair in various places, both private and public, while somebody watches you intently for any outward sign of discomfort.
2) How to not "lose it" despite having somebody right in front of you trying to get you to. You sit in a chair and try to appear completely calm and relaxed while somebody is authorized to do ANYTHING to try to get you to react. They are encouraged to use any means to "get you", including jeering, screaming, feaux sexual come-ons, depictions of anal sex, teasing, yelling, etc.
3) How to lie effectively and believably. It's called "originating a communication", and the practitioner sits in a chair (notice a theme here?) facing another person. The practitioner then has to say ridiculous, nonsense things from a list, convincingly. The practitioner repeats this until he/she can say virtually anything with conviction and apparent honesty, no matter how crazy.
It goes on and on - I think I've covered maybe the first days of a weeks long course. Also included:
How to order somebody to do something with enough conviction to do something they don't want to.
How to effectively project communication at a distance with apparent ease.
How to appear physically intimidating/threatening without appearing overtly hostile.
How to physically direct somebody who's openly defiant.
And on and on and on. If you want to "go up" against these guys, you'd better practice first. Do like "The Sims" and practice your charisma and your calm very, very intensively first - you're going to need it!
Time for ISPs to stop being so nicey-nice about this.
Being nice is a good way to keep customers. Being "un-nice" is a good way to lose them. Losing paying customers is usually bad for business.
1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network.
3) Customer who can't send mail is irate and calls ISP tech support hotline.
4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.
Bam problem solved.
More like: Bam revenue lost.
But, rather than tell the customers to shove off, the ISP *could* offer to fix the problem for a reasonable fee. This could win HUGE karma points for the ISP, and could kick-start a highly profitable sideline business of fix/repairing the computers.
So, do it. It's an open-source world, after all. Write something together - a simple perl script, perhaps - and release it! You just might be surprised at what happens, and you're pretty much guaranteed to learn something, if only how to code something in perl!
it's h4x0rs using stupid routes to DDOS one or more machines on the route as well as whatever machine they're addressing.
/shrug
This bug sounds alot like one that I got bitten with years ago - source routing.
RedHat 6.2 came with source routing turned on by default. Since I was using a RH 6.2 system as my router/firewall, this was particularly damning, and allowed them to compromise my X11 workstation more than once. I played cat and mouse with a hax0r who penetrated my otherwise very stiff firewall for over a month, before finding out that he/she/they were using source routing to bypass all my carefully crafted firewall rules.
It was only when I set up a "default deny/log" ruleset, enabling ONLY OUTBOUND WWW/SSH/POP/SMTP connections that I found the truth.
So, I've checked source routing on every load of RH Linux when used as a firewall ever since. It's been turned off by default with every release from 7.x on, including CentOS 4.x which I'm using today.
Source routing was a bad idea then, and is a bad idea now. I will be a bad idea 10 years from now, too. Why did ipv6 re-implement this bad idea?
PS: I still don't get why RH killed their "RedHat Linux" line. I mean, I manage about a dozen mini/embedded servers and was happy to give RedHat $5/month each for security updates - and then they had to go and shoot for the moon with their "Enterprise" line. Now they get nothing from me. I never even called them for support! Maybe my 12*5*12=$720 per year doesn't matter, but that's close to a grand every year that I was happy to pay.
Guess I should be happy to save the $720/year, but it still doesn't make sense to me.
Seriously though, estonia? Raise your hand if you know where that is. The only reason I ever recognize that is because I just finished a European History class where we had to memorize the current map of Europe, I'm sure if you asked me last year (or next year
Estonia... Estonia... Eh.....
Isn't that somewhere in Asia? North of Elbonia, by Kamchatka?
Yes I make mistakes. Don't we all?
Don't many of us owe our very existence to mistakes that our parents made?
Oh, just admit it: the law is the OS of the land, and legislation is source code.
Legislators and lawyers are the coders.
Adding weight to this is the fact that many people who are today either lawyers or programmers carefully considered both professions before choosing.
My lawyer started out as a software engineer in the 1970s before switching to law. In the early 90's I was heavily involved in paralegal work before deciding to focus on software and computer technology.
And as an example, we aren't particularly special.
What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.
Sort of. Your conclusion that this would work is a result of looking at security only from a limited context. While this does limit the damage of a single type of attack (virus meddling with O/S files) it doesn't do anything at all to defend against the many other forms of online attacks.
To wit:
What about phishing attacks that try to trick you into "logging in" to a bogus website?
What about keyloggers that get your credentials as you type them?
What about viruses that run inside the sandbox, blasting out SPAM while your kid peruses myspace?
What about cross-site scripting attacks that lift private information out of your sessions and cookies?
What about "user-space" viruses and worms that do not infect your Operating System, but rather operate 100% in userland? We'll see more of these as MacOS/Linux adoption increases.
Rather than band-aid a hackjob of an Operating System with yet another layer of duct tape, we need to design a system that is intrinsically secure against these and other forms of attack. Engineered directly into this system should be not only protections for the Operating System, but protections for the user as well!
Your post got me to thinking about using color instead of blank space to separate text.
I put together some prototypes based on this, trying to maintain the word density but still making it easier/faster to read.
Results surprised me a bit - using color to differentiate lines works quite well after a very short adjustment stage! Try it out - the results might surprise you!
Those who would tweak Architecture for a Marketing Advantage, deserve no Success and will not have it in the long run.
Those who fail to understand that the only point to an architecture IS for marketing advantages deserve no success and will not have it at any time.
... it's still a dead end -- kind of like putting lipstick on a pig.
I guess that depends on your feelings about pigs, and the laws currently in effect in your particular jurisdiction.
I'm not arguing that it SHOULD be illegal, only that it is. Don't confuse "legal" with "right". Lots of things are legal that are unethical, and lots of things are ethical but illegal. But let's spend our time discussing reality instead of some contrived misunderstanding, OK?
It's not the number - it's the context of the number. Yes, I can use this number for my WEP key. I can print it on my T-shirt, print it on toilet paper and wipe my ass with it. I can do whatever you want with this number so long as I don't identify it as the decryption key for YOUR encrypted data.
Here's another example: A tennis racket. By itself, a tennis racket is made for whacking tennis balls. However, I could whack YOU with the racket, and suddenly its role changes from "sporting equipment" to "deadly weapon". But it's the same piece of equipment, and yes, a tennis racket is a plenty good enough weapon to kill somebody with.
It's not the racket itself that's deadly, it's the context for how its used or presented. There's a world of difference between "I'm going to whack the ball" and "I'm going to whack your balls"...
By publishing this number along with phrases like "decryption key for NNN", you've crossed the line from just some random number to establishing the context of the number as somehow important.
So please, please PLEASE get the point - having and/or publishing a number, any number, isn't illegal. Publishing that this number (instead of the billions/trillions of others like it) is the decryption key for $FOO is what's illegal.
You could just say you're a Mac user and we'll understand all the rest.
Would it be appropriate to admit that it's just a Dell running Fedora Core Linux?
Wow you are a nutjob.
Compliments are always welcome.
Get 2 laptops. backup and sync nightly.
Perhaps you missed the part about me having backups?
I have 2 Cf-30 touchbooks. I gladly toss the thing 1-2 stories into the sand at a construction site, It will ride around in the open back of a pickup truck and it looks like it is beat to hell.
If it breaks I go "eh" pull the drive cage and simply fire up the spare, call work to order me a new replacement and then continue as I go.
Be glad you don't work for me - If I caught any of my employees abusing company equipment like that, I'd fire them.
I have three laptops. (one primary, and two older ones) When something goes wrong, it typically costs me a few hours to get back up and running whilst I swap hard drives around, synch drives, restore from backups, etc. Since I use Linux, swapping things around is usually not much of a hassle, and I know that I could run over my machine(s) with a mack truck and be back up and running in just a few hours.
But I still am careful how my primary laptop gets treated - 4 hours lost productivity can cost me hundreds of dollars, and I'm careful how it gets treated. And it still upsets me when things go wrong.
It's normal for people to bond with people/things that are necessary to their survival.
I've bonded very thoroughly with my laptop - it's name is Turing. I jealously clutch it when I travel. Whenever I put it down, I'm very careful to ensure that there's no stress on any cables, plugs, etc. It contains years of professional information and wisdom - emails, passwords, reams and reams of source code, MP3s, pictures, etc.
Yes, I have backups that are performed nightly Yes, I've had problems with the laptop and every few years I replace it with a new one. That doesn't change the bonding - every time there's a problem it's upsetting to me.
Am I crazy? Perhaps. But there's good reason for the laptop to be so important to me - it is the single most important tool I use to support my wife and 6 children, which are the most important things in the world to me. My workload is intense, my software is ambitious, my family is large and close, and this laptop is my means of accomplishing my goals.
If I can get attached like this to something over my professional career, it wouldn't be out of norm for strong emotional reactions towards something preserving your very existence day after day.
We produce software for school districts, and had decided that we were going to support Moodle. So much so that we even announced it to our clientelle. So we spent a significant amount of time studying it and learning how it works.
Moodle is a usability and training nightmare, with dozens of confusing (and usually superfluous) options on every screen. If you happen to be VERY technically oriented, it's probably not so bad, but trying to train the average teacher on how to use and set up a class is simply a joke. It's not just a tweak or two - the whole thing needs a serious revamp with usability in mind. That kind of investment, along with the staff training that we'd have to do in order to take advantage of it is simply more than we can afford.
And, looking at the sources, it's a festering pile of echo statements hacked up in PHP - not a codebase conducive to any kind of basic architectural improvement short of a rewrite.
The license is good, but although we'd LOVE to support Moodle, we simply can't afford to!
Sorry,
But I can't make heads or tails of an analogy if it doesn't involve a car, somehow.
So, to wit:
"This is like comparing a Ferrari with a Ford F-150, without acknowledging that there are in-between solutions that have advantages of their own. Ford Pintos (and Chrysler Minivans) being one example. [sic]"
How many Libraries of Congress is a Ford Pinto?
By the time any of this technology could ship we'd probably have thought controlled car locks. No need for keys then.
Can you imagine how much wear and tear your door locks would get if you had a grand-mal seizure?
This would also seriously change the pick-me-up...
Guy: Hey babe. You know what would look even nicer on you than that beautiful dress?
Girl: Silence
Guy: Me!
Girl's car CLICK!
discovery in criminal cases. Gathering supporting facts for a trial after prosecution is not only routine, it's actually part of normal flow of the legal process. It's generally a good idea to know what you're talking about BEFORE making a post... I'd wager there's a third type....