If you buy a vacuum cleaner, you expect a working belt to come with it.
But people who buy an open-box vacuum off the back of a truck and discover that there is no belt probably aren't going to complain to the vacuum maker. And if they do, the vacuum maker is going to laugh in their face. Without the CoA, a Windows license/installation is no better than a vacuum cleaner bought off the back of a truck.
You buy a fax machine, you expect a reasonable amount of toner to come with it.
You might expect it, but unless that's written on the box, you shouldn't complain if you don't get it. And again, we get into the "authorized retailer" game, where someone might sell you a used or stolen fax machine without the box and all the manuals. Microsoft is targetting people who bought a PC from a retailer who didn't give them all the manuals/CoA/License, etc. Everything you're talking about has the unspoken assumption that you've purchased it legitimately and from either an authorized retailer or the company itself. No one who buys Windows off the shelf from Best Buy is going to run into a problem with this security check.
It really is a smart way that MS is trying to catch the unscrupulous dealers but shitting on potential customers is just plain wrong.
Ah, so you prefix "customers" with "potential". That's good.
Of course, you still overlook the fact that's been pointed out several times in various other/. posts.. the fact that a) only new content is being withheld, not security fixes. So if your "vacuum" is broken, the manufacturer is still going to fix it for you. They just won't give you the new attachment. And b) duped computer buyers will have the chance to get a legitimate copy of Windows at no extra cost, albeit given a few hoops they have to jump through. Considering Microsoft is under no obligation to provide this, legal, ethical, or moral, it's a pretty good deal. They're not screwing any of their users, they're just trying to stop illegal distribution of their product.
It's like buying flood insurance for you house and your house floods and they don't cut a check for you.
Exactly. I think the reason there aren't any "readily available software hacks" for the X-Box is because, no matter what, you have to have some external hardware in order to do it. Since the softmods rely on bugs in gamesave handling code, you need some way to get a malformed gamesave onto the hard drive. I haven't (yet) read of a way to do this other than transferring from a memory card to the hard drive, then loading the gamesave from there. Since you have to get the malformed gamesave on the memory card, you need either a pre-modded X-Box with a file manager and ftp capabilities, or you need a USBMemory Card adapter.
Of course, you also need copies of the games with the buffer-overflow. The newer editions of said games have all been patched, meaning you're relegated to searching through the used games at your favorite gaming store.
Lastly, none of the softmods is perfect. Each one has an unfortunate flaw (timer problems or an input-sequence requirement to initiate the new mod) which makes it less than ideal, particularly when compared to a mod chip. As of now, there is no way I know of to softmod your X-Box that will be equivalent to dropping a modchip in.
But Microsoft isn't removing Windows Update functionality. They're just requiring that you prove you actually licenced a copy rather than pirating it. If you have licenced a copy, this extra check means nothing to you. You still get ALL the updates you've been getting in the past. If you have not licenced a copy, you are not a Microsoft customer, and thus are probably exempt from participating in a class action lawsuit against them.
If the unknowning "customers" with a whitebox setup from an unscrupulous dealer didn't actually purchase Windows, then they aren't Microsoft's customers, are they?
This was definitely a good old trick in the Windows 3.1 days. You could change the shell in win.ini for CPU intensive games (and this meant most games, since video accelerators weren't the norm back then). Soon as you started Windows, your game started up with no other shell.
Of course, due to trademark law's stringent requirements on protection of the mark, if Vista didn't sue Microsoft, they could very well lose their own trademark. In this regard, you certainly can't blame them for doing so. If a judge/jury determines that the mark is non-infringing, both companies are in the clear and can move on.
It's implied. First of all, the only other Operating System that's currently in support is Millennium. It's conceivable that they'd make a build of IE7 to run on that wretched operating system, except that if you read the original article (not this new dupe) Microsoft says that IE7 relies heavily on security features in XP. To me, that implies that not only will Win2k not get it, no other Windows OS will get it. If the features are too difficult to backport to Windows 2000, imagine how hard they'd be to port to a 95-based OS.
But let's not ignore the legal technicalities that cops use all the time to write additional tickets.
A few years ago on 4th of July weekend, I was pulled over for failing to obey a stop sign. I was pretty shocked at this, because I had stopped. Full stop. Looked both ways. I know this because that intersection is particularly dangerous and I'm always particularly careful on holidays since the cops are out in full force. Every 4th of July, when I have to drive, I am intensely careful not to make the slightest mistake.
As it turns out, I did make a mistake. You see, there is a stop sign at the intersection, but there is also a solid white line. I stopped before the line, but not before the stop sign. Despite the fact that it's a clear viewing distance in all directions and I wasn't in the middle of an intersection when I stopped, the citation was upheld on the technicality. I was deemed to be driving safely (how's that for crappy--ticketed despite driving safely) and allowed to take Defensive Driving to keep the ticket off my record.
So if someone can get off of a traffic violation by a technicality, I say more power to them.
I have the same paperback and love it thoroughly. The movie takes the premise of simulations in simulations and builds a completely different story around it. The ad men/advertisements aren't even imagined in the movie.
The reason I don't like biometrics for identification is that it's virtually impossible to get a new identification should the old one be compromised. Worse, with fingerprints at least, you're leaving copies of your ID everywhere you go on everything you touch.
Imagine someone gets ahold of your identity right now. Yes, it's going to be a pain, but you can get a new SSN, driver's license number, credit cards, etc. But what if a thief gets your fingerprint and creates a fake ? How do you cancel that? Sure, in theory, a database of compromised biometrics could be created to prevent future unauthorized use, but now what about your legitimate use? If my fingerprints were compromised, would I no longer be allowed in to Disneyland? And in a more serious application, would I be denied credit? Be unable to use an ATM?
It's nothing like a remake. The closest I could see to it being a remake is the fact that, as a movie, they have to revisit some of the background. The plot itself is completely new for the series.
When I was a kid, I did more reading than just about anything. I'd go to Waldenbooks and see the street dates for the upcoming Stephen King or Piers Anthony or Ursla K. LeGuin book. I knew about street dates (though not the term itself) because I enjoyed reading books by specific authors and wanted to know when their next one was coming out.
More recently, street dates have been publicized (at least in bookstores) for new books in old series, such as the Wheel of Time. I've known street dates for those, and I refuse to read the books! Similarly for Terry Goodkind's Sword of Truth series--the books are popular enough that when the next one actually gets a release date, it's publicized in the store.
Maybe it's about marketing, drumming up excitement, and maybe it even works. But it works the same way for movies. Video stores have gotten into "trouble" over selling DVDs before they're released--and not even particularly high-profile DVDs. Certainly movies where there wasn't enough marketing oomph to really get worked up over a street date.
To be honest, I have no idea why the dates are such a big deal to publishers. The conspiracy theorist in me wonders if it doesn't have something to do with the potential for bad reviews. Book gets released early, it gets a little bad press, overall sales might drop a bit due to people either putting off buying the book or deciding flat out not to.
I'm not sure how reasonable an argument that is, though. Particularly with a series as popular as JKR's--I can't imagine the review that would make people decide not to buy the book.
I do agree that there needs to be a balance on the odds. That's why I think our solutions (sensitive passwords written down, generic passwords used across other sites) works rather well. It's the idea of using the same login/password on upwards of... 50 sites, some of which may be run by unscrupulous people (yeah, I've got about 50 logins across the web and my job) kinda scares me. I still think that statistically, it's more likely that a person will have a problem with a compromised password being used on another site than someone brute forcing their password, but the liklihood of either is probably pretty small.
Might have to do with age. I know myself that I've mellowed out and become not only more civil, but generally less testy (unless provoked).
Fact is, you know that people with lower UIDs have been around longer, and thus are likely to be older. Age is often correlated with maturity, although the reality does not always match up.
What did the rental agreements say prior to the precedent change? That you owed the money or that you owed it before you could rent again? If it's the former, I don't think they were outside their rights in the least to demand it, and I don't think it was particularly unethical. That was money you owed. Probably they started sending collection agencies after people because those who are willing to let a late fee go on that long are either a) not going to rent from them anymore anyway, and thus they don't risk any loss of customer for it or b) were intentionally not renting because they'd have to pay the additional fee. In the case of a, they've lost a customer already, so why not get what's owed by the terms of the contract? In the case of b, they get what's owed and moreover, since the person now has paid their late fee, they may rent again, thus generating revenue.
Two anecdotes: One friend of mine had a dollar late fee somewhere (I/think/ Blockbuster, but it's been a long time) and they sent out their goons. He gladly paid, since he figured the collection agency cost them far more than the dollar they were getting back, and he liked the irony of it.
Another time, he had over $50 in late fees to a store called Hastings. He obviously stopped renting there, since he wasn't about to drop $50+rental fee to rent a movie (he actually just BOUGHT movies for the longest time since it was cheaper--yes yes, overall it wouldn't have been but whatever). After over a year had passed, Hastings sent out a clemency note--come in and bring this coupon, and they'll forgive the late fees. This is clearly the way to go, as it gets people back into the store (always a good thing) and moreover, gets rid of their late fees so they'll start renting again. It also generates a bit of goodwill. This is the same store that will amortize your late fee so that you can continue renting without paying a large fee. Generally when I get a late fee, they offer to let me pay $1 per future rental until it's covered. I never bother, preferring to just pay the whole thing, but it's a good business practice, I think.
A long and obscure password means you are probably never going to be brute-forced. Good for you. But shorter, unique passwords for each site is better for security for your average person.
Crackers don't want your login and password--they want any login and password--precisely because so many people reuse passwords across multiple sites. If they manage to recover your password through a site hack or phishing scam (yes yes, you're on Slashdot, you're not going to fall for one of those) or a cross-site scripting attack, all your sites are now compromised. Your 20 character password means diddly.
An different 8 character password that will survive a dictionary attack for each site you use would be orders of magnitude more secure. As I said, no one wants your password (if you happen to be the president or a particularly "important" person, forgive my belabouring of that point). No one's going to brute-force your password, they're going to try common passwords for multiple usernames or simply hack the site to recover it. Having a password that will survive a dictionary attack solves the first problem, and not using the same password at every site mitigates the damage caused by the second problem.
One *good* username and password may not be that good.
First of all, let's completely rule out the trust issue you have to have with each of the site's sysadmins, which actually is something to consider (since nearly every forum around requires registration to write, and some require registration to read). You have to worry about sites being compromised. Even if the sites all store passwords encrypted, a compromised site could capture passwords in plaintext before they hit crypt(). If you use the same password everywhere, the cracker can backtrack to whatever e-mail address you used, then go through your e-mail to find other sites (possibly banking sites) and try the same password on those. All your logins can be compromised in one fell swoop.
The very minimum number of passwords I would suggest to the average Internet user is 4. 1 for your primary e-mail address, 1 for a throwaway address, 1 for secure sites (banking, amazon, etc.) and 1 for generic logins (message boards). A better solution would be to have unique passwords for each site that deals with money. Amazon is a pretty big target, and it only takes one lucky hack for them to get a password sniffer on there (for example).
The odds of that becoming compromised are much smaller than the odds of you forgetting/losing one of the multiple ones.
The odds increase with every new site you use that login and password for. A statistically secure password is a good idea, but using the same one to log in to Redneck Discussion (hyuck!) forums run by Joe Schmoe as your online banking is just foolish.
You go to an ATM and make a large deposit. The machine mistakenly deposits twice the money, and you notice this when you get your receipt. You rush into the bank and close your account to get the money the ATM (authorized to act on the bank's behalf) dispensed.
Have you broken the law? Based on empirical evidence, yes.
A few years ago, the ATM in one of the buildings at my college started dispensing double money. It didn't take long for word to spread and for a few students to basically clean out the ATM. 12 or so of those students were "smart" and knew that the bank would correct the errors, so they closed their accounts. They were charged with theft. Everyone else just got their accounts "corrected", probably putting a few into the negative and possibly bouncing some checks.
By yours and most other people's analogies regarding the WAP acting as an agent of the person who owns it, the bank should be shit out of luck. It gave them the cash. If the bank didn't want to lose the cash, they should have made sure the machine was working as THEY wanted. The law, it seems, did not agree with that line of thinking.
All of your analogies are flawed.
/. posts.. the fact that a) only new content is being withheld, not security fixes. So if your "vacuum" is broken, the manufacturer is still going to fix it for you. They just won't give you the new attachment. And b) duped computer buyers will have the chance to get a legitimate copy of Windows at no extra cost, albeit given a few hoops they have to jump through. Considering Microsoft is under no obligation to provide this, legal, ethical, or moral, it's a pretty good deal. They're not screwing any of their users, they're just trying to stop illegal distribution of their product.
If you buy a vacuum cleaner, you expect a working belt to come with it.
But people who buy an open-box vacuum off the back of a truck and discover that there is no belt probably aren't going to complain to the vacuum maker. And if they do, the vacuum maker is going to laugh in their face.
Without the CoA, a Windows license/installation is no better than a vacuum cleaner bought off the back of a truck.
You buy a fax machine, you expect a reasonable amount of toner to come with it.
You might expect it, but unless that's written on the box, you shouldn't complain if you don't get it. And again, we get into the "authorized retailer" game, where someone might sell you a used or stolen fax machine without the box and all the manuals. Microsoft is targetting people who bought a PC from a retailer who didn't give them all the manuals/CoA/License, etc. Everything you're talking about has the unspoken assumption that you've purchased it legitimately and from either an authorized retailer or the company itself. No one who buys Windows off the shelf from Best Buy is going to run into a problem with this security check.
It really is a smart way that MS is trying to catch the unscrupulous dealers but shitting on potential customers is just plain wrong.
Ah, so you prefix "customers" with "potential". That's good.
Of course, you still overlook the fact that's been pointed out several times in various other
It's like buying flood insurance for you house and your house floods and they don't cut a check for you.
That's not even an analogy to this situation.
Exactly. I think the reason there aren't any "readily available software hacks" for the X-Box is because, no matter what, you have to have some external hardware in order to do it. Since the softmods rely on bugs in gamesave handling code, you need some way to get a malformed gamesave onto the hard drive. I haven't (yet) read of a way to do this other than transferring from a memory card to the hard drive, then loading the gamesave from there. Since you have to get the malformed gamesave on the memory card, you need either a pre-modded X-Box with a file manager and ftp capabilities, or you need a USBMemory Card adapter.
Of course, you also need copies of the games with the buffer-overflow. The newer editions of said games have all been patched, meaning you're relegated to searching through the used games at your favorite gaming store.
Lastly, none of the softmods is perfect. Each one has an unfortunate flaw (timer problems or an input-sequence requirement to initiate the new mod) which makes it less than ideal, particularly when compared to a mod chip. As of now, there is no way I know of to softmod your X-Box that will be equivalent to dropping a modchip in.
But Microsoft isn't removing Windows Update functionality. They're just requiring that you prove you actually licenced a copy rather than pirating it. If you have licenced a copy, this extra check means nothing to you. You still get ALL the updates you've been getting in the past. If you have not licenced a copy, you are not a Microsoft customer, and thus are probably exempt from participating in a class action lawsuit against them.
Luckily, security fixes are currently exempt from the Windows Genuine blahblahblah requirement.
If the unknowning "customers" with a whitebox setup from an unscrupulous dealer didn't actually purchase Windows, then they aren't Microsoft's customers, are they?
This was definitely a good old trick in the Windows 3.1 days. You could change the shell in win.ini for CPU intensive games (and this meant most games, since video accelerators weren't the norm back then). Soon as you started Windows, your game started up with no other shell.
Nevertheless, you can license out the name. Only infringement should cause you to lose your trademark, not legitimate use.
Of course, due to trademark law's stringent requirements on protection of the mark, if Vista didn't sue Microsoft, they could very well lose their own trademark. In this regard, you certainly can't blame them for doing so. If a judge/jury determines that the mark is non-infringing, both companies are in the clear and can move on.
It's implied. First of all, the only other Operating System that's currently in support is Millennium. It's conceivable that they'd make a build of IE7 to run on that wretched operating system, except that if you read the original article (not this new dupe) Microsoft says that IE7 relies heavily on security features in XP. To me, that implies that not only will Win2k not get it, no other Windows OS will get it. If the features are too difficult to backport to Windows 2000, imagine how hard they'd be to port to a 95-based OS.
But let's not ignore the legal technicalities that cops use all the time to write additional tickets.
A few years ago on 4th of July weekend, I was pulled over for failing to obey a stop sign. I was pretty shocked at this, because I had stopped. Full stop. Looked both ways. I know this because that intersection is particularly dangerous and I'm always particularly careful on holidays since the cops are out in full force. Every 4th of July, when I have to drive, I am intensely careful not to make the slightest mistake.
As it turns out, I did make a mistake. You see, there is a stop sign at the intersection, but there is also a solid white line. I stopped before the line, but not before the stop sign. Despite the fact that it's a clear viewing distance in all directions and I wasn't in the middle of an intersection when I stopped, the citation was upheld on the technicality. I was deemed to be driving safely (how's that for crappy--ticketed despite driving safely) and allowed to take Defensive Driving to keep the ticket off my record.
So if someone can get off of a traffic violation by a technicality, I say more power to them.
I have the same paperback and love it thoroughly. The movie takes the premise of simulations in simulations and builds a completely different story around it. The ad men/advertisements aren't even imagined in the movie.
The book was better. If you can track down a copy, I highly recommend it.
The reason I don't like biometrics for identification is that it's virtually impossible to get a new identification should the old one be compromised. Worse, with fingerprints at least, you're leaving copies of your ID everywhere you go on everything you touch.
Imagine someone gets ahold of your identity right now. Yes, it's going to be a pain, but you can get a new SSN, driver's license number, credit cards, etc. But what if a thief gets your fingerprint and creates a fake ? How do you cancel that? Sure, in theory, a database of compromised biometrics could be created to prevent future unauthorized use, but now what about your legitimate use? If my fingerprints were compromised, would I no longer be allowed in to Disneyland? And in a more serious application, would I be denied credit? Be unable to use an ATM?
It will also be the latest movie of the summer, what with its September 30th release date.
But yeah, kickass movie. I just hope it's not the fanboy in me that thinks so. I really want to see it succeed so that more films can be made.
It's nothing like a remake. The closest I could see to it being a remake is the fact that, as a movie, they have to revisit some of the background. The plot itself is completely new for the series.
When I was a kid, I did more reading than just about anything. I'd go to Waldenbooks and see the street dates for the upcoming Stephen King or Piers Anthony or Ursla K. LeGuin book. I knew about street dates (though not the term itself) because I enjoyed reading books by specific authors and wanted to know when their next one was coming out.
More recently, street dates have been publicized (at least in bookstores) for new books in old series, such as the Wheel of Time. I've known street dates for those, and I refuse to read the books! Similarly for Terry Goodkind's Sword of Truth series--the books are popular enough that when the next one actually gets a release date, it's publicized in the store.
Maybe it's about marketing, drumming up excitement, and maybe it even works. But it works the same way for movies. Video stores have gotten into "trouble" over selling DVDs before they're released--and not even particularly high-profile DVDs. Certainly movies where there wasn't enough marketing oomph to really get worked up over a street date.
To be honest, I have no idea why the dates are such a big deal to publishers. The conspiracy theorist in me wonders if it doesn't have something to do with the potential for bad reviews. Book gets released early, it gets a little bad press, overall sales might drop a bit due to people either putting off buying the book or deciding flat out not to.
I'm not sure how reasonable an argument that is, though. Particularly with a series as popular as JKR's--I can't imagine the review that would make people decide not to buy the book.
I do agree that there needs to be a balance on the odds. That's why I think our solutions (sensitive passwords written down, generic passwords used across other sites) works rather well. It's the idea of using the same login/password on upwards of ... 50 sites, some of which may be run by unscrupulous people (yeah, I've got about 50 logins across the web and my job) kinda scares me. I still think that statistically, it's more likely that a person will have a problem with a compromised password being used on another site than someone brute forcing their password, but the liklihood of either is probably pretty small.
Might have to do with age. I know myself that I've mellowed out and become not only more civil, but generally less testy (unless provoked).
Fact is, you know that people with lower UIDs have been around longer, and thus are likely to be older. Age is often correlated with maturity, although the reality does not always match up.
What did the rental agreements say prior to the precedent change? That you owed the money or that you owed it before you could rent again? If it's the former, I don't think they were outside their rights in the least to demand it, and I don't think it was particularly unethical. That was money you owed. Probably they started sending collection agencies after people because those who are willing to let a late fee go on that long are either a) not going to rent from them anymore anyway, and thus they don't risk any loss of customer for it or b) were intentionally not renting because they'd have to pay the additional fee. In the case of a, they've lost a customer already, so why not get what's owed by the terms of the contract? In the case of b, they get what's owed and moreover, since the person now has paid their late fee, they may rent again, thus generating revenue.
/think/ Blockbuster, but it's been a long time) and they sent out their goons. He gladly paid, since he figured the collection agency cost them far more than the dollar they were getting back, and he liked the irony of it.
Two anecdotes:
One friend of mine had a dollar late fee somewhere (I
Another time, he had over $50 in late fees to a store called Hastings. He obviously stopped renting there, since he wasn't about to drop $50+rental fee to rent a movie (he actually just BOUGHT movies for the longest time since it was cheaper--yes yes, overall it wouldn't have been but whatever). After over a year had passed, Hastings sent out a clemency note--come in and bring this coupon, and they'll forgive the late fees. This is clearly the way to go, as it gets people back into the store (always a good thing) and moreover, gets rid of their late fees so they'll start renting again. It also generates a bit of goodwill. This is the same store that will amortize your late fee so that you can continue renting without paying a large fee. Generally when I get a late fee, they offer to let me pay $1 per future rental until it's covered. I never bother, preferring to just pay the whole thing, but it's a good business practice, I think.
A long and obscure password means you are probably never going to be brute-forced. Good for you. But shorter, unique passwords for each site is better for security for your average person.
Crackers don't want your login and password--they want any login and password--precisely because so many people reuse passwords across multiple sites. If they manage to recover your password through a site hack or phishing scam (yes yes, you're on Slashdot, you're not going to fall for one of those) or a cross-site scripting attack, all your sites are now compromised. Your 20 character password means diddly.
An different 8 character password that will survive a dictionary attack for each site you use would be orders of magnitude more secure. As I said, no one wants your password (if you happen to be the president or a particularly "important" person, forgive my belabouring of that point). No one's going to brute-force your password, they're going to try common passwords for multiple usernames or simply hack the site to recover it. Having a password that will survive a dictionary attack solves the first problem, and not using the same password at every site mitigates the damage caused by the second problem.
That's the kind of password an idiot would have on his Windows computer.
One *good* username and password may not be that good.
First of all, let's completely rule out the trust issue you have to have with each of the site's sysadmins, which actually is something to consider (since nearly every forum around requires registration to write, and some require registration to read). You have to worry about sites being compromised. Even if the sites all store passwords encrypted, a compromised site could capture passwords in plaintext before they hit crypt(). If you use the same password everywhere, the cracker can backtrack to whatever e-mail address you used, then go through your e-mail to find other sites (possibly banking sites) and try the same password on those. All your logins can be compromised in one fell swoop.
The very minimum number of passwords I would suggest to the average Internet user is 4. 1 for your primary e-mail address, 1 for a throwaway address, 1 for secure sites (banking, amazon, etc.) and 1 for generic logins (message boards). A better solution would be to have unique passwords for each site that deals with money. Amazon is a pretty big target, and it only takes one lucky hack for them to get a password sniffer on there (for example).
The odds of that becoming compromised are much smaller than the odds of you forgetting/losing one of the multiple ones.
The odds increase with every new site you use that login and password for. A statistically secure password is a good idea, but using the same one to log in to Redneck Discussion (hyuck!) forums run by Joe Schmoe as your online banking is just foolish.
I guess some people don't know the definition of the word Troll....
See, it'd be trolling if I suggested that Bush's war with Iraq was merely a distraction to keep the public from knowing about the comet.
All these "deep impact" projects are starting to freak me out. Does the One World Government know something we don't?
Let me ask you this:
You go to an ATM and make a large deposit. The machine mistakenly deposits twice the money, and you notice this when you get your receipt. You rush into the bank and close your account to get the money the ATM (authorized to act on the bank's behalf) dispensed.
Have you broken the law? Based on empirical evidence, yes.
A few years ago, the ATM in one of the buildings at my college started dispensing double money. It didn't take long for word to spread and for a few students to basically clean out the ATM. 12 or so of those students were "smart" and knew that the bank would correct the errors, so they closed their accounts. They were charged with theft. Everyone else just got their accounts "corrected", probably putting a few into the negative and possibly bouncing some checks.
By yours and most other people's analogies regarding the WAP acting as an agent of the person who owns it, the bank should be shit out of luck. It gave them the cash. If the bank didn't want to lose the cash, they should have made sure the machine was working as THEY wanted. The law, it seems, did not agree with that line of thinking.