IANAL but (1) copying something (illegally) is not the same as taking (stealing) it. Illegal duplication, whether photocopying a book or software, music, movies, or pictures is copyright violation, not theft.
And (2) by equating copyright violation with theft, the RIAA attempts to cast people in the role of masked thieves who break into stores at night and make off with a truckload of CDs: It's a lot easier for the RIAA to intimidate people and get a settlement when they think of illegal downloading as theft than "merely" copyright violation.
There will always be an achilles heel with respect to security and hiding things on (in) the human body, so a security system like this can only make people feel secure: Terrorists could shove weapons up various body cavities, after all, and if not metallic they'll never be found except through luck by random cavity searches.
What worries me far more than the terrorists is the continual erosion of civil rights that far too many seem happy enough about: A free society bent on cooperation has at most to worry about psychopathic freaks in the world; an oppressive state that curtails freedoms and imposes its will with increasing force breeds discontent and enemies.
Is it just me or is all this fear over security a sign that we are stuck in a vicious circle of paranoia that's becoming a self-fulfilling prophecy?
Osama Bin Laden probably uses Microsoft Word. I say Bill should be held accountable. And Mr. Bush uses Microsoft Word, too. Oh sh--... One degree of separation. Who would have thought?
<sigh> Can't we just send all these "idjets" off to the moon or something? (/me hangs his head; exit stage left)
From a theoretical standpoint Linus is absolutely correct: the more eyeballs, the faster the issue is fixed, so distribute it far and wide and as fast as you can.
From a practical standpoint, however, everyone would have to update their system the moment the fix is available, because the published issue is in the hands of the "bad guys", too. That is simply not going to happen in the real world.
The Right Thing(tm) is probably somewhere in-between, which is (as I perceive it) precisely what the industry is presently doing, for the most part. There may be (and probably should be) improvements to that model which should be made, but complete and immediadiate openness is at one extreme end of the spectrum just as gag orders and denial by proprietary software vendors are on the other.
Stupidity isn't the reason why social engineering succeeds, but rather it is rooted in the trust that we all must show towards each other in our daily life: you trust other drivers on the road, the train operator, the cook at the restaurant, and construction workers who built the house you live in, not to be targeting you. Social engineering abuses this trust.
Most computer users have an appallingly crippled understanding of the technology they use to surf the web, write letters, and balance their checkbook. They perceive no need to understand it more, and more importantly have insufficient background to grasp all the ways that this technology can be used against them even if they had the chance to learn. That isn't stupidity, necessarily, but a fact of life. Social engineering will continue to work as long as there are people who are involved in something (anything) that has the potential for abuse. None of us can know all about everything and be constantly on guard about potential abuse. That's just life.
Is there a solution as far as the internet is concerned? I really don't know, but it would have to lie in better interfaces, IMO. What if a browser were to perform a DNS lookup on all permutations of a URL (e.g. citybank, citibank, citi6ank, citi-bank, etc.) and show a warning if the URL seems suspect. Or show an analysis of a URL with multiple domain names, login name, and password in it.
Generics improve the reliability of code by allowing the compiler to catch programmer mistakes before they become deployment errors.
No, Generics aren't C++ templates, but they are a significant step forward to help eliminate mistakes that a programmer's inattention can introduce into the code.
BUY OUR SOFTWARE TO GENERATE 9x10^9999999 TOTALLY FUCKING UNIQUE EMAIL ADDRESSES ON INFINITE NUMBERS OF DOMAINS AND MAKE MILLIONS OF DOLLARS FROM PEOPLE WHO WANT THEIR PENIS ENLARGED. ONLY $99 IF YOU CALL NOW: 1-905-555-1212...........
(groan)
They do realize that any of those domains MUST have a postmaster@... address, yes? Someone's gonna have a field day with that!
It's ALMOST worth paying some spammer for one of those kazillion emails cd-roms to put out a spam of exactly that nature with SCO's phone numbers in it.
One way to combat this strategy is to use one industry to fight another: Purchase the disc using a major credit card (NOT a debit card!!) and if it doesn't play properly you return it to the store because it is defective.
If the store only gives a store refund, you just keep doing this again and again, until they get sick and tired of handling dozens, perhaps even hundreds of defective discs. They may have to send the discs back to the factory, after all.
If the store refuses to give you back your money you call up your credit card (from your cell phone right there in the store) and open a dispute on the charge. You will be issued an immediate credit for the disputed charge. The credit card company will then require the store to return the money to the credit company (or the credit company will not pay the store in the first place). What many people may not know is that the merchant ends up getting stuck with the bill; the consumer is very well protected.
Lather, rinse, repeat. If thousands do this, eventually the industry will get the message that they ought to serve the consumers, not themselves. The stores will eventually wise-up and not carry those types of discs anymore.
Have I tried this? Admittedly, no. But why would it not work?
What if the browser actually did download the popup adds, but at a hideosly(!) slow rate (1 byte per second, or something that I can control?), thereby tying up a socket connection on the popup server for hours at a time. The browser could continue the download in the background but signal the page that the image is blocked.
How long before the ad server begins to refuse connections and automagically improves everyone else's life?
Also check out my LaTeX-PDF HOW-TO, which describes how to add high-quality(!) thumbnails to a LaTeX/PDF using absolutely no Adobe software at all. There is also information there on how to add images and hyperlinks (in-document, browser-based, etc) to put most other half-assed productions to shame;->
._. Udo Schuermann
My software (WebLord) has been using md5 hashes since 1997 to determine whether a re-generated (static) page actually needs to be pushed up to the server.
My use of this concept easily(!) predates their application deadline of Feb 18, 1999 by something like 12 months.
Their patent is not just stoopid, it's also unenforcable because of prior art. And I would bet good money that there's hundreds of others.
Slashdot Mirror
IANAL but (1) copying something (illegally) is not the same as taking (stealing) it. Illegal duplication, whether photocopying a book or software, music, movies, or pictures is copyright violation, not theft.
And (2) by equating copyright violation with theft, the RIAA attempts to cast people in the role of masked thieves who break into stores at night and make off with a truckload of CDs: It's a lot easier for the RIAA to intimidate people and get a settlement when they think of illegal downloading as theft than "merely" copyright violation.
Don't sing the RIAA's song, folks!
What worries me far more than the terrorists is the continual erosion of civil rights that far too many seem happy enough about: A free society bent on cooperation has at most to worry about psychopathic freaks in the world; an oppressive state that curtails freedoms and imposes its will with increasing force breeds discontent and enemies.
Is it just me or is all this fear over security a sign that we are stuck in a vicious circle of paranoia that's becoming a self-fulfilling prophecy?
The only way for the company that cannot make stable software to build an uncrashable car is to prevent it from starting in the first place:
Car: "Keyboard error. Press F1 to continue."
Osama Bin Laden probably uses Microsoft Word. I say Bill should be held accountable. And Mr. Bush uses Microsoft Word, too. Oh sh-- ... One degree of separation. Who would have thought?
<sigh> Can't we just send all these "idjets" off to the moon or something?
(/me hangs his head; exit stage left)
From a theoretical standpoint Linus is absolutely correct: the more eyeballs, the faster the issue is fixed, so distribute it far and wide and as fast as you can.
From a practical standpoint, however, everyone would have to update their system the moment the fix is available, because the published issue is in the hands of the "bad guys", too. That is simply not going to happen in the real world.
The Right Thing(tm) is probably somewhere in-between, which is (as I perceive it) precisely what the industry is presently doing, for the most part. There may be (and probably should be) improvements to that model which should be made, but complete and immediadiate openness is at one extreme end of the spectrum just as gag orders and denial by proprietary software vendors are on the other.
Stupidity isn't the reason why social engineering succeeds, but rather it is rooted in the trust that we all must show towards each other in our daily life: you trust other drivers on the road, the train operator, the cook at the restaurant, and construction workers who built the house you live in, not to be targeting you. Social engineering abuses this trust.
Most computer users have an appallingly crippled understanding of the technology they use to surf the web, write letters, and balance their checkbook. They perceive no need to understand it more, and more importantly have insufficient background to grasp all the ways that this technology can be used against them even if they had the chance to learn. That isn't stupidity, necessarily, but a fact of life. Social engineering will continue to work as long as there are people who are involved in something (anything) that has the potential for abuse. None of us can know all about everything and be constantly on guard about potential abuse. That's just life.
Is there a solution as far as the internet is concerned? I really don't know, but it would have to lie in better interfaces, IMO. What if a browser were to perform a DNS lookup on all permutations of a URL (e.g. citybank, citibank, citi6ank, citi-bank, etc.) and show a warning if the URL seems suspect. Or show an analysis of a URL with multiple domain names, login name, and password in it.
Hey Bill, I'll take a hundred million-million copies of NT/PPC if YOU spend a boat load of cash to get it to market soon. Really!
And I bet a hundred thousand of my very, very good slashdot friends would do the same. Really-really!
Truuuuuuuust uuuuuuus! We're your friends, Bill!
Generics improve the reliability of code by allowing the compiler to catch programmer mistakes before they become deployment errors.
No, Generics aren't C++ templates, but they are a significant step forward to help eliminate mistakes that a programmer's inattention can introduce into the code.
Very, very good stuff!
Microsofties will choose the blue pill.
Everyone else will go for the red pill.
Wait... s/pill/mouse/g
Yeah, that's it!
BUY OUR SOFTWARE TO GENERATE 9x10^9999999 TOTALLY FUCKING UNIQUE EMAIL ADDRESSES ON INFINITE NUMBERS OF DOMAINS AND MAKE MILLIONS OF DOLLARS FROM PEOPLE WHO WANT THEIR PENIS ENLARGED. ONLY $99 IF YOU CALL NOW: 1-905-555-1212...........
(groan)
They do realize that any of those domains MUST have a postmaster@... address, yes? Someone's gonna have a field day with that!
It's ALMOST worth paying some spammer for one of those kazillion emails cd-roms to put out a spam of exactly that nature with SCO's phone numbers in it.
If I just didn't hate spam so much.
One way to combat this strategy is to use one industry to fight another: Purchase the disc using a major credit card (NOT a debit card!!) and if it doesn't play properly you return it to the store because it is defective.
If the store only gives a store refund, you just keep doing this again and again, until they get sick and tired of handling dozens, perhaps even hundreds of defective discs. They may have to send the discs back to the factory, after all.
If the store refuses to give you back your money you call up your credit card (from your cell phone right there in the store) and open a dispute on the charge. You will be issued an immediate credit for the disputed charge. The credit card company will then require the store to return the money to the credit company (or the credit company will not pay the store in the first place). What many people may not know is that the merchant ends up getting stuck with the bill; the consumer is very well protected.
Lather, rinse, repeat. If thousands do this, eventually the industry will get the message that they ought to serve the consumers, not themselves. The stores will eventually wise-up and not carry those types of discs anymore.
Have I tried this? Admittedly, no. But why would it not work?
How long before the ad server begins to refuse connections and automagically improves everyone else's life?
Also check out my LaTeX-PDF HOW-TO, which describes how to add high-quality(!) thumbnails to a LaTeX/PDF using absolutely no Adobe software at all. There is also information there on how to add images and hyperlinks (in-document, browser-based, etc) to put most other half-assed productions to shame ;->
._. Udo Schuermann
My software (WebLord) has been using md5 hashes since 1997 to determine whether a re-generated (static) page actually needs to be pushed up to the server.
My use of this concept easily(!) predates their application deadline of Feb 18, 1999 by something like 12 months.
Their patent is not just stoopid, it's also unenforcable because of prior art. And I would bet good money that there's hundreds of others.