Exactly. This is why I cannot picket inside a business, but I can do so on the public property just outside their property.
Let's extend this guy's argument a bit. It would seem as though he's suggesting that I should be able to force my local newspaper to run an ad decrying that newspaper. Or that Google could be forced to run an ad for googlesucks.com. It's an absurd suggestion.
On what basis do you make this claim? In the general case, businesses have the right to deny service to anyone they please. Which exception prevents them from doing that here?
Hard to say. I'd consider both of those actions to be fairly malicious. Printing in all black is a huge waste of resources, and the mathematical errors thing could really be costly, too. It really seems to me that the best course of action is to simply cease to load.
They said it deletes files on pirated keys, not on invalid keys. If the keys are similar enough that awhat you're suggesting could trigger a delete, then there's another problem here entirely.
Reporting the IP might be considered an invasion of privacy, but it would be a far cry from deleting data irrevocably. If I was doing something like this, I'd probably just have the program queue up a mail to the BSA stating that the user is a pirate.
Or maybe (hey, this is a crazy idea) the pirated key should just not unlock the program. Whoa! What a concept! That's so ingenious, I should go patent it.
Fact is, the program knows that the key is invalid and chooses to do something malicious rather than simply ceasing to function.
I doubt very seriously that the activation keys are similar to one another. You're talking about typoing aj34-adsf-34zk-3j4i instead of zxcf-ko90-p34j-l32k.
I'm not defending the guy, but I'm getting tired of reading all of the "OMG, what if I typo!?!" comments....
You're throwing around the word 'solution' without defining the real problem.
RAID is to keep the system running (except for that absurd RAID0 crap). Backups are to mitigate data loss.
Now let's look at what the article was about. The title is "Recovering a Wrecked RAID". Why might you need to do this? To keep the system running? Not with what they're talking about. No, they're talking about recovering from a data loss where RAID is involved. Responding to this with, "Well, you should have kept backups. Then you wouldn't need the expensive and time consuming recovery solution," is absolutely an appropriate response.
Meanwhile, a drunk driver who kills someone can get off scott free, with no jail time at all. Sweet.
10 years of probation isn't 'scott free' (or did you believe the Digg sensationalist rhetoric a little too much?) Also, we don't know the terms of his probation: he's probably going to be living a very restrictive life for the next 10 years. And since probation isn't considered 'punishment', you can have all sorts of normally unconstitutional strings attached to it. If he doesn't like them, he's always free to go to prison.
I'm not trying to defend the sentence or anything, but the point is that we don't know all of the parameters of this situation.
Then there's the fact that jurors differ. Every jury is a different entity with different emotions and ability to interpret the facts and impose the sentences. To suggest otherwise is to be ignorant, and to suggest that there is any reasonable way to have a jury impose sentence in a fair way is, as well.
And lastly (though tightly coupled with the juror point) is the fact that people have different definitions of what sentencing is for. Some people believe it should be punitive--you did something wrong, and you're going to be punished for it. Some people believe that it should be rehabilitative--there's something wrong with you, and you need to learn what it is. If this man was genuinely sorry--if he felt absolutely terrible about what he did, it's quite possible that justice has been served. The copyright infringer (who was the leader of the group, not just someone downloading every once in awhile) intentionally committed and induced others to commit copyright infringement. He did it over and over again, showing no remorse or justification. Compared to a guy who makes a terrible, fatal mistake one time, I'm honestly not sure which way this should go. It feels weird almost arguing that the guy who killed someone should serve less time than the guy who was the ringleader for a copyright infringement gang, but there it is. If you look at intent, the drunk driver is considerably more innocent than this guy.
Of course. The point of all of this is that, at the moment, we've hit a point where Windows isn't significantly less secure than Linux, for desktop purposes. It is more popular, which means that it will be targeted more than Linux, but most 'vulnerabilities' start with the user doing something stupid.
Linux still has a lot to offer, in my opinion. Mostly in customization. It's hard to get the level of customization that I want (via hot keys) along with the power of the shell and standard Linux utilities while running Windows.
Aside of this, yes, it's quite possible to become a spy drone, a DDoS sheep, a spambot as a user on a *ix system. It is harder though, provided that root does its job, which is rarely the case in case of user machines, granted. Once we pass a certain OS security threshold, this fact rears its ugly head: human stupidity is the biggest weakness in computer security. Windows XP service pack 2 isn't terribly insecure. It has a firewall by default (most Linux distributions don't, though they tend to have fewer services which are both on by default and exposed to the Internet) and automatic updates on by default (most Linux distributions don't do this). Internet Explorer, certainly, had flaws, but so has Firefox. Office has flaws, and I suspect that so does Open Office (I don't keep up with that security mailing list). The biggest difference between the FOSS world and the Windows world is market share (and until VERY recently, the learning curve, which was a barrier to entry.)
But at the very least it offers a chance to run unknown software of questionable origin in a secluded and tightly shut down space before installing it on the main account. It would require trojan writers to actually provide the user (again) with what the trojan originally stood for: A program that does what the user wants and also has a payload that executes the harmful actions. Current trojans, at best, mask their "intended use" behind a bogus error message, so the user doesn't get suspicious because there was "no" action. How many users would do this? How many do it now? Assuming you run Linux, how often have you downloaded a tarball, unzipped it without testing it first (untarring can overwrite files in your home directory), and ran 'make' without looking through Makefile? Ever downloaded a.deb or.rpm and installed it without looking through it? Most Linux users I ask about this answer 'all the time' and 'yes' respectively. Only two have ever said that they run in a test environment first (alternate user account for trying out suspicious files). Most of these users, if they inadvertently downloaded a trojan file, would compromise their own accounts and have an infected machine on their hands. Could they log in as root? Sure, and they might even be able to clean things up. But these are the clued people exhibiting similar behavior to your average Windows user. What do you expect to happen if, en masse, they all migrated to Linux? They wouldn't suddenly gain a knowledge of best practices that even current Linux users don't possess. They'd treat their machines exactly like they do now--installing software with no thought as to the source or the consequences.
So what would using Linux gain you, then? Do you think that a restrict Linux machine can't become part of a botnet? Can't be part of a DDOS? Can't send spam? Do you think that it's impossible to compromise a restricted account, and maintain that compromise after a reboot?
The benefit of the *ix security model is that one compromised account, if not the super user, does not allow a compromise of the box and of other users. The problems we have on the Internet right now have nothing to do with this, and neither do the "identity theft" issues.
Your parent's post was pointing out the obvious: downloading trojans has nothing to do with OS choice. Trojans could be (and have been) written for Linux, and they could do the exact same bad things as on Windows. The only thing they can't do in your scenario is hide quite as well, but then, they don't have to. Most people with viruses, malware, and spyware don't even realize that they have them. Even if they do realize the problem, they may not care to do anything about it (the computer works, after all, and dammit, I want my Weatherbug!)
So I agree with your parent. We'd be in exactly the same situation if everyone migraged to Linux overnight.
Except that Linux doesn't have a firewall on by default (most distros) or automatic updates set to install by default (most distros). The world going from current Windows to current Linux right now would be a step back.
Ah, I didn't realize that. It bothers me, because there are already copy-protection measures on the discs (the discs can't be copied under normal circumstances, and a disc is required to be in the drive to play the game) but it definitely changes my interpretation of the case a bit.
If the people who wrote the summaries were more specific, or if people would bother to look into these stories, it would be clear to all that the cop wanted the arrest warrant because they were harassing him. They sent him multiple e-mails, and he requested that they stop. They didn't--he went to a judge.
He was probably pissed that they taped him speeding, but the illegal activity they engaged in was 'stalking' or 'harassment' (the articles I read say stalking, but it seems more like harassment to me)
Actually, you don't have to pay for Battlenet Diablo/Diablo II games. I'm pretty sure that WoW is the first Blizzard game to require a monthly payment. The whole bnetd thing was completely about control, not money.
The program allows a person to leave their computer and let the script play for them. It is cheating...period.
The grandparent was bringing up the fact that the definition of cheating is highly variable. Semantically, what's the difference if a script does my grinding or if hit the attack button a dozen times while reading a book? Would a complicated OCR+mechanical keypresser setup be cheating? Is it cheating to have something flash on your screen if you're being attacked? Is it cheating to modify UI elements to be more useable?
The line is fine and arbitrarily drawn by Blizzard. That's all he was saying.
Alternatively, they could claim that that part of the TOS isn't a valid contract. They can also argue that there are no real damages because the choice to ban is Blizzard's, and thus the choice to lose the money was theirs as well.
I don't know what the parameters of the competition are, but for XSS/CSRF to work, there would almost certainly have to be simulated user-input to allow these sorts of vulnerabilities to be exploited.
It could also be that the quote is somehow out of context, or that the winner was spouting off. But from what I infer, Javascript could very likely have been involved.
I don't know who made that decision for your school, or why, but it might not be as nefarious as you think.
While games tended to be optimized for 56k modems, they usually aren't optimized for all types of routing equipment. That is, MMOs in general and WoW specifically tend to spew out a huge number of packets per second (pps). Lots of network gear is optimized for throughput rather than pps, so lots of really small packets might actually cause it to choke.
It's also possible that you've got a smaller pipe, and even if game playing doesn't completely saturate the link, if it prevents educational use of the connection, it's pretty reasonable to limit or block it. After all, with most colleges, you're welcome to move off-campus and get your own connection.
Linus isn't asking them to change the UI. He's asking them to offer the option of changing the UI. There's no reason that the Gnome developers can't set the default while allowing someone to muck around with it (without having to go into the source and modifying/recompiling).
The specific issue at hand has to do with mouse events. In Gnome, mouse events are apparently hard-coded. Allegedly, you can't change the function of the right-click. That's absurd behavior from a user-interface. Yes, there should be a sane default (opening the context menu) but if I want to change it so that it shades the window or minimizes it, or whatever, I should be able to.
You can have something that works out of the box (catering to most people) while allowing configurability (catering to almost everyone else). That's all Linus is saying.
It's a common theme amongst UI developers. Provide lots of customization, but ship with sane defaults. There is no reason that the Gnome developers couldn't provide this, except for the lack of time. Linus has started the process of solving that problem with his patches.
It's this misunderstanding that drives the entire ID movement. To lay people, a "theory" is little more than an idea. They don't understand that the word has a distinctly different definition in the context of science. Intelligent Design, viewed in the context of science, is not a theory, and therefore does not belong in the science classroom.
You may be right for every case where the entire contents of the basket were boxed sets of DVDs. What about cases where there was more to the order? Amazon gets $20, I get 4 boxed sets plus a non-discounted movie. Well - there you have to ask if there was any consideration for the DVDs - in the case where there is a fair price for the items you have purchased, and then a substatially unfair price for the remaining items - and there is no sign that this unfair price was bargained for - a few things that could be argued (lack of genuine consideration, lack of bargained for contract, etc) but the best argument would probably be a failure of good-faith. I'm not sure about this. Contracts can certainly be "unfair" to one side. The question is whether the transaction as a whole is considered, or whether the itemization is considered. If the consideration is based on an itemized listing, then I would think that any "free with purchase" promotion could be handled the same way. The point of adding a DVD in the mix along with the boxed sets is to show that the customer might not have noticed the problem, and that Amazon was clearly getting some benefit.
There is also an argument that somehow Amazon is not allowed to charge your card because "it wasn't authorized." Excuse me? When was the last time you ordered something from amazon and didn't have to click the little "I authorize a charge to my payment method" button (unless you used one-click, the authorization is in the contract to sign up for one-click.) You're generally authorizing them to charge the amount listed for the item and for shipping. Just shopping with Amazon doesn't give them carte blanche to start putting charges on your card.
If I put items in my cart, and the total comes out to $54.92, they're authorized to charge $54.92 to my card, and no more. If that amount changes, they are expected to notify me before charging, unless their terms allow for increasing the charge automatically (I can't find terms like this their site).
The common sense rule that carries into court is: if you didn't pay for it, but you asked for it, and it wasn't a gift - you have to pay for it or return it. The mail order case you're refering to only refers to "blind mailings" (return this magazine within one week, or you agree to subscribe to 2 years and ow use 200 dollars). I definitely think that it's not 100% common sense. I don't like the idea that a store can call something a mistake and demand retroactive charges or a return. Furthermore, Amazon won't accept a return if the item is open, meaning that innocent people who got caught up in all of this might have no choice but to pay (and probably dispute the charges) if they opened the items before finding out that the "contract was invalid".
For that reason, I would probably argue that Amazon's fulfillment of their part of the contract should validate said contract--that is, they shipped the items for the price listed. If they felt that the contract was unfair or invalid, they shouldn't have fulfilled their end of it.
Usually specials like that have a disclaimer that says, "Not valid with any other offer or sale." If it didn't have that, I would think that the specials could be combined, and that the store was engaging in deceptive business practices to claim otherwise at the register.
Exactly. This is why I cannot picket inside a business, but I can do so on the public property just outside their property.
Let's extend this guy's argument a bit. It would seem as though he's suggesting that I should be able to force my local newspaper to run an ad decrying that newspaper. Or that Google could be forced to run an ad for googlesucks.com. It's an absurd suggestion.
On what basis do you make this claim? In the general case, businesses have the right to deny service to anyone they please. Which exception prevents them from doing that here?
Hard to say. I'd consider both of those actions to be fairly malicious. Printing in all black is a huge waste of resources, and the mathematical errors thing could really be costly, too. It really seems to me that the best course of action is to simply cease to load.
No!
They said it deletes files on pirated keys, not on invalid keys. If the keys are similar enough that awhat you're suggesting could trigger a delete, then there's another problem here entirely.
Reporting the IP might be considered an invasion of privacy, but it would be a far cry from deleting data irrevocably. If I was doing something like this, I'd probably just have the program queue up a mail to the BSA stating that the user is a pirate.
Or maybe (hey, this is a crazy idea) the pirated key should just not unlock the program. Whoa! What a concept! That's so ingenious, I should go patent it.
Fact is, the program knows that the key is invalid and chooses to do something malicious rather than simply ceasing to function.
I doubt very seriously that the activation keys are similar to one another. You're talking about typoing aj34-adsf-34zk-3j4i instead of zxcf-ko90-p34j-l32k.
I'm not defending the guy, but I'm getting tired of reading all of the "OMG, what if I typo!?!" comments....
You're throwing around the word 'solution' without defining the real problem.
RAID is to keep the system running (except for that absurd RAID0 crap).
Backups are to mitigate data loss.
Now let's look at what the article was about. The title is "Recovering a Wrecked RAID". Why might you need to do this? To keep the system running? Not with what they're talking about. No, they're talking about recovering from a data loss where RAID is involved. Responding to this with, "Well, you should have kept backups. Then you wouldn't need the expensive and time consuming recovery solution," is absolutely an appropriate response.
Yeah, it scares me that people like that exist in this country.
The drunk driver did not knowingly kill someone. In your example, the person playing Russian Roulette knew someone would die.
The drunk driver never thought it would happen. He didn't set out to kill anyone, and he probably never thought it would happen.
There are huge differences between your hypothetical and what happens in most drunk driving cases.
Meanwhile, a drunk driver who kills someone can get off scott free, with no jail time at all. Sweet.
10 years of probation isn't 'scott free' (or did you believe the Digg sensationalist rhetoric a little too much?) Also, we don't know the terms of his probation: he's probably going to be living a very restrictive life for the next 10 years. And since probation isn't considered 'punishment', you can have all sorts of normally unconstitutional strings attached to it. If he doesn't like them, he's always free to go to prison.
I'm not trying to defend the sentence or anything, but the point is that we don't know all of the parameters of this situation.
Then there's the fact that jurors differ. Every jury is a different entity with different emotions and ability to interpret the facts and impose the sentences. To suggest otherwise is to be ignorant, and to suggest that there is any reasonable way to have a jury impose sentence in a fair way is, as well.
And lastly (though tightly coupled with the juror point) is the fact that people have different definitions of what sentencing is for. Some people believe it should be punitive--you did something wrong, and you're going to be punished for it. Some people believe that it should be rehabilitative--there's something wrong with you, and you need to learn what it is. If this man was genuinely sorry--if he felt absolutely terrible about what he did, it's quite possible that justice has been served. The copyright infringer (who was the leader of the group, not just someone downloading every once in awhile) intentionally committed and induced others to commit copyright infringement. He did it over and over again, showing no remorse or justification. Compared to a guy who makes a terrible, fatal mistake one time, I'm honestly not sure which way this should go. It feels weird almost arguing that the guy who killed someone should serve less time than the guy who was the ringleader for a copyright infringement gang, but there it is. If you look at intent, the drunk driver is considerably more innocent than this guy.
Of course. The point of all of this is that, at the moment, we've hit a point where Windows isn't significantly less secure than Linux, for desktop purposes. It is more popular, which means that it will be targeted more than Linux, but most 'vulnerabilities' start with the user doing something stupid.
Linux still has a lot to offer, in my opinion. Mostly in customization. It's hard to get the level of customization that I want (via hot keys) along with the power of the shell and standard Linux utilities while running Windows.
So what would using Linux gain you, then? Do you think that a restrict Linux machine can't become part of a botnet? Can't be part of a DDOS? Can't send spam? Do you think that it's impossible to compromise a restricted account, and maintain that compromise after a reboot?
The benefit of the *ix security model is that one compromised account, if not the super user, does not allow a compromise of the box and of other users. The problems we have on the Internet right now have nothing to do with this, and neither do the "identity theft" issues.
Your parent's post was pointing out the obvious: downloading trojans has nothing to do with OS choice. Trojans could be (and have been) written for Linux, and they could do the exact same bad things as on Windows. The only thing they can't do in your scenario is hide quite as well, but then, they don't have to. Most people with viruses, malware, and spyware don't even realize that they have them. Even if they do realize the problem, they may not care to do anything about it (the computer works, after all, and dammit, I want my Weatherbug!)
So I agree with your parent. We'd be in exactly the same situation if everyone migraged to Linux overnight.
Except that Linux doesn't have a firewall on by default (most distros) or automatic updates set to install by default (most distros). The world going from current Windows to current Linux right now would be a step back.
Ah, I didn't realize that. It bothers me, because there are already copy-protection measures on the discs (the discs can't be copied under normal circumstances, and a disc is required to be in the drive to play the game) but it definitely changes my interpretation of the case a bit.
If the people who wrote the summaries were more specific, or if people would bother to look into these stories, it would be clear to all that the cop wanted the arrest warrant because they were harassing him. They sent him multiple e-mails, and he requested that they stop. They didn't--he went to a judge.
He was probably pissed that they taped him speeding, but the illegal activity they engaged in was 'stalking' or 'harassment' (the articles I read say stalking, but it seems more like harassment to me)
Actually, you don't have to pay for Battlenet Diablo/Diablo II games. I'm pretty sure that WoW is the first Blizzard game to require a monthly payment. The whole bnetd thing was completely about control, not money.
The program allows a person to leave their computer and let the script play for them. It is cheating...period.
The grandparent was bringing up the fact that the definition of cheating is highly variable. Semantically, what's the difference if a script does my grinding or if hit the attack button a dozen times while reading a book? Would a complicated OCR+mechanical keypresser setup be cheating? Is it cheating to have something flash on your screen if you're being attacked? Is it cheating to modify UI elements to be more useable?
The line is fine and arbitrarily drawn by Blizzard. That's all he was saying.
Alternatively, they could claim that that part of the TOS isn't a valid contract. They can also argue that there are no real damages because the choice to ban is Blizzard's, and thus the choice to lose the money was theirs as well.
I don't know what the parameters of the competition are, but for XSS/CSRF to work, there would almost certainly have to be simulated user-input to allow these sorts of vulnerabilities to be exploited.
It could also be that the quote is somehow out of context, or that the winner was spouting off. But from what I infer, Javascript could very likely have been involved.
I don't know who made that decision for your school, or why, but it might not be as nefarious as you think.
While games tended to be optimized for 56k modems, they usually aren't optimized for all types of routing equipment. That is, MMOs in general and WoW specifically tend to spew out a huge number of packets per second (pps). Lots of network gear is optimized for throughput rather than pps, so lots of really small packets might actually cause it to choke.
It's also possible that you've got a smaller pipe, and even if game playing doesn't completely saturate the link, if it prevents educational use of the connection, it's pretty reasonable to limit or block it. After all, with most colleges, you're welcome to move off-campus and get your own connection.
Linus isn't asking them to change the UI. He's asking them to offer the option of changing the UI. There's no reason that the Gnome developers can't set the default while allowing someone to muck around with it (without having to go into the source and modifying/recompiling).
The specific issue at hand has to do with mouse events. In Gnome, mouse events are apparently hard-coded. Allegedly, you can't change the function of the right-click. That's absurd behavior from a user-interface. Yes, there should be a sane default (opening the context menu) but if I want to change it so that it shades the window or minimizes it, or whatever, I should be able to.
You can have something that works out of the box (catering to most people) while allowing configurability (catering to almost everyone else). That's all Linus is saying.
It's a common theme amongst UI developers. Provide lots of customization, but ship with sane defaults. There is no reason that the Gnome developers couldn't provide this, except for the lack of time. Linus has started the process of solving that problem with his patches.
It's this misunderstanding that drives the entire ID movement. To lay people, a "theory" is little more than an idea. They don't understand that the word has a distinctly different definition in the context of science. Intelligent Design, viewed in the context of science, is not a theory, and therefore does not belong in the science classroom.
The point of adding a DVD in the mix along with the boxed sets is to show that the customer might not have noticed the problem, and that Amazon was clearly getting some benefit. There is also an argument that somehow Amazon is not allowed to charge your card because "it wasn't authorized." Excuse me? When was the last time you ordered something from amazon and didn't have to click the little "I authorize a charge to my payment method" button (unless you used one-click, the authorization is in the contract to sign up for one-click.) You're generally authorizing them to charge the amount listed for the item and for shipping. Just shopping with Amazon doesn't give them carte blanche to start putting charges on your card.
If I put items in my cart, and the total comes out to $54.92, they're authorized to charge $54.92 to my card, and no more. If that amount changes, they are expected to notify me before charging, unless their terms allow for increasing the charge automatically (I can't find terms like this their site). The common sense rule that carries into court is: if you didn't pay for it, but you asked for it, and it wasn't a gift - you have to pay for it or return it. The mail order case you're refering to only refers to "blind mailings" (return this magazine within one week, or you agree to subscribe to 2 years and ow use 200 dollars). I definitely think that it's not 100% common sense. I don't like the idea that a store can call something a mistake and demand retroactive charges or a return. Furthermore, Amazon won't accept a return if the item is open, meaning that innocent people who got caught up in all of this might have no choice but to pay (and probably dispute the charges) if they opened the items before finding out that the "contract was invalid".
For that reason, I would probably argue that Amazon's fulfillment of their part of the contract should validate said contract--that is, they shipped the items for the price listed. If they felt that the contract was unfair or invalid, they shouldn't have fulfilled their end of it.
Usually specials like that have a disclaimer that says, "Not valid with any other offer or sale." If it didn't have that, I would think that the specials could be combined, and that the store was engaging in deceptive business practices to claim otherwise at the register.