What about plugins then? You can do just as much damage with a badly written plugin as any extension.
Any time you allow a third party to contribute to a product you either have to severly limit what they can contribute or make the user aware that they are putting their security in the hands of the third party.
If you limit the API, you end up with something most people won't use. If FF said: "everybody in this limited sandbox" then it would get bashed for not supporting plugins.
I went to college with a guy who later went to work for one of the major backbone providers in the US. He claims that their standard response included having an armed "entry team" clear the area before the techs could get in.
He had great stories about how one guy on the team didn't have his carry permit yet, and thus was given a huge can of pepper spray which he brandished like it was the only thing standing between him and impending doom.
My friend did a great job described how this "entry team" would kick in the door to some wiring vault somewhere, guns drawn, flashlights out, like some nerdy SWAT team, even though the "enemy" was almost always a rat or squirrel staring back at them.
I have no idea if any of this is true, but it made a great story. Especially the details about how the armed guys always told the pepper-spray guy that one day, they were going to come up against some knife-wielding anarchist, who would gleefully cry "Ah-ha! Pepper-boy takes the point again!" as he fell upon them. (Best said in a corny fake French accent)
I'm not going to argue the merits or faults of IRC, because it doesn't matter. The problem is that even if you say "IRC is bad" there isn't really a way to "not allow" it. Generally IRC uses ports around the range 6669-7000 (IIRC). So everyone firewalls those off... And the owners of the server move to port 3456 (or whatever...)
So just port filtering doesn't work. The next idea is to do stateful packet inspection. Every router looks at the contents of every packet to determine if it is part of the IRC protocol.
Ok, this would work, except it would be unacceptably expensive to implement. Plus, I beleive that some (most? all?) IRC servers support SSL and possibly IPSEC. So the packets are encrypted using SSL, and using some non-obvious port. (like say, port 443) At this point, it is very hard to distinguish between legitimate HTTPS traffic and IRC traffic. I suppose you could look at the packet sizes and do traffic analysis on the flows, but you'd still have problems with other legitimate services running over HTTPS. (Like VPN proxies or Java Applets, or Flash)
So, even if IRC is the root of all evil in the world, it's not possible to just "not allow" it.
(Sorry for the rant, I'm getting over being sick and still a bit punchy)
I could mod you down, but instead I'll just politely suggest you RTFA. I'm not a Dvorak person, and I don't plan to become one, but the article actually has a lot of documented advantages complete with citations.
Just sayin...
How can theft happen when nobody is being deprived of anything?
Well, I'm not a lawyer, but here's how I see it:
If there is value to a secret, and that secret is compromised, then you have deprived the secret's owner of the secret's value.
If I'm an author, and while I'm writing the highly anticipated sequel to a book, and someone breaks into my house, reads the surprise ending, and then broadcasts it to the world, they have stolen. If they make xerox's of the last chapter, and then hand those out, they have stolen AND infringed. If I publish the book, and they make xerox's and hand them out, they have infringed, but not stolen.
Most data is "born" with a copyright, but additional restrictions can be placed on top. Without the patient's consent, the doctor can't legally publish a medical records. If I break into a doctor's office, and make a copy of all the patients' charts, I have committed theft.
One last example. Recipes can't be copyrighted in the US. But the formula for Coca-Cola is still secret. If I break into the secret Coke vault, and make off with a copy of the formula, I've stolen it.
I think that to "infringe a copyright" someone already has to be exercising their right to make copies available. (again, I'm not a lawyer) Cisco didn't make their code available, so it was stolen. Infringement is an escalation of privilege, theft is the unlawful attainment of privilege.
Oh wait, sorry, we're talking about code not music. It's theft!
I know you're trying to be funny, but I think you're missing something basic. The reason this is "theft" and not "infringement" is because the intruder made a copy of something not generally released. (the source code).
In the music world, if someone buys an album, and gives copies to his or her friends, he is violatating the artist's right to control copies. (i.e. their "copyright"). If that same person hacks into the artist's recording studio, and downloads unreleased tracks, the artist has had those tracks stolen. It is a "theft".
One of the great traffic safety myths is stopping distance. Who cares if your stopping distance is 200 feet or 300 feet?
Okay, I agree that in some conditions stopping distance isn't the be-all and end-all of safety, but I still care deeply. The problem isn't "good" drivers. The problem is average-to-poor drivers. Knowing what to do in a panic and actually doing it are two very different things. Almost everyone knows you "steer into a skid" but how many people do that instinctively?
The problem is that most drivers are going to react linearly to threats. Basic amimal instinct is to stop and assess. Steering out of a situtation, or even speeding up to avoid a crash are often viable options, but they require that the driver have awareness and confidence not only of the road in immediately in front of them, but also to the sides and behind them. The simple truth is that 90% of drivers don't pay that sort of attention consistantly. When something unexpected comes up, they hit the brakes. "Slow down, let me think" is too deeply ingrained of an instinct to train around.
Traffic laws have to be made for the lowest common denominator. Unfortunately, this is often the distracted parent in a huge vehicle full of screaming kids with a cell phone in his or her ear. I don't like it, but I don't think there is anything which can be done about it.
The difference between Real ID and a passport, is that you don't need your passport to fly to see your grandparents in Florida. You will need your Real ID though...
While I don't personally get all concerned about the current proof of ID to fly laws, I can see how they are a slippery slope. First of all, as many have pointed out in a much more elegant fashion than I can, why the heck does anyone need to know who is travelling where on an airplane? I understand the need to check for weapons, but what makes air travel so special? So long as there is a decently secure door between the pilots and the passengers, the number of people who can be killed by a terrorist on board is probably lower than the number of people the same terrorist could kill in any other crowded place.
The problem is that the government is intruding into places they don't need to be, and costing us money at the same time. This one item isn't a huge offense, but little things add up over time, and I'd prefer to see this nipped in the bud.
(I realize you likely agree with some/all of this, but you're thread seemed as good as any for a comment.)
Rather than burn a mod point, I'm going to respond to your comment.
...why would any President in his/her right mind appoint somebody that didn't represent their views?
And what views does the President have on signalling protocols? Do you honestly think the things discussed at these meetings have anything to do with Republican or Democratic views? Do you really think Bush (or Kerry) could even follow the discussion, much less have meaningful views?
If you're doing something scientific, you don't kick the best scientists out because they voted for the wrong party. That sort of action is counterproductive and shortsighted. (And I'll remind you a lot of our best scientists, such as lot of the brains in WWII became "ours" because their countries acted similiarly)
All of those totalitarian regimes didn't allow ANY dissent, didn't allow any other parties (the only legal political party in the Soviet Union was the Communist Party!)
Well gee, I guess since we don't flat out outlaw a party, we're okay then. I mean, it's not like there is a slippery slope here... Maybe we should let all the soldiers who voted for Kerry go home because they voted wrong.
Winning an election means you get the office, it doesn't mean you get to piss all over the losers. Bush won the election by a narrow margin. Good for him, but now he is in charge of representing the best interests of the entire country, not just the people that voted for him. No other president has been so petty, so vindictive. Anyone who wants the title of President of the United States of America needs to put aside this sort of childish crap.
I use TurboTax for the web. I like it. So much so that I'm willing to overlook the cardinal sin of "You must use IE to access this site". I've found that IE running under WINE does just fine except for the final step where you need to download the forms as a PDF.
I'm not a zealot, but it takes an awful lot to convince me to use a product which doesn't support my OS of choice -- Linux. The usability and ease of TurboTax won me over. It's obvious they have spent tons of money and hired some really good UI designers. The entire product is aimed at making the customer comfortable.
When I finished my taxes, I got a pop-up asking me to take their user survey. After a brief moment of thinking "ewww... a pop-up" I decided to to take it because it might be good place to drop a hint about supporting Firefox, etc... Generally I try to take feedback surveys if I have time.
The contrast between the well thought out design of the actual app and the absolutely horrible design of the survey was astounding! Endless pages of "Rate on a scale of 1 to 10... 1 being not at all, 10 being extremely important" I didn't count, but I got through at least five pages of 15 or so questions each before I bailed out. The worst part was the questions were stupid. I understand the need for baseline questions, but there were tons of questions like "how important is it the program does math correctly?"
It seems that the actual tax application is a wonderful, well-designed, user-centeric application. On the other hand, the company surrounding it seems to not respect or understand their customers at all. (See the DRM-like fiasco a few year back)
I can't say I know anything about military procurement, nor do I really have much desire to.:)
But regardless of if it is the military or Captian Bob's Waffle House and Screen Door Factory, my question stands: If one party extends GPL'ed software and gives/sells it to another party, the first party must provide source to the second party, but neither party has to give a third party anything. Correct?
This is a bit off-topic, but I want to make sure my understanding of the GPL is correct. (Because sometimes I have to explain it to corporate types, and don't want to be wrong...)
The source provision of the GPL only requires than you can't give someone a binary without also giving them the source at no more than reasonable media costs, correct?
For example, let's say a company extends a GPL application for in-house use. They don't have to give that code, binary, source, or otherwise to anyone. But if they decide that they want to give it to company "B", they have to give "B" a copy of the source (if "B" wants it) and they can't put any restrictions on what "B" does with it. ("B" still has to follow the GPL, of course...)
In the actual story, if LynuxWorks uses GPL code, and they sell it to the Pentagon, LynuxWork's only obligation is to provide the Pentagon with source if requested. The only way Joe Citizen is going to see this code is if LynuxWorks decides to give it to someone who then decides to redistribute it. (Which is unlikely...)
This version came out just in the nick of time for me. I am the SME for a rather obscure product, and just had to do the technicial edit of a 366 page book about it written by someone else. I have no idea what they actually "write" the book in, but for review and comments they use PDF.
There are actually some very nice markup (in the editing sense) tools in Acroread 7, and I had no problem at all using it on Fedora 3. I never managed to crash or hang it, and it was really fast.
I've always used xpdf and friends in the past, but I think I'm going to come to perfer the actual Adobe app now.
I do have one issue with the product: there is an animated advertising button in the top-right of the menubar which changes pitches peroidically. ("Acrobat Reader 7.0" "Try Acrobot for Free!" etc...) This is a bit annoying when you are concentrating on the document and something is flashing in the corner.... There is also a "Search the Internet using Yahoo" button which makes me uneasy for no good reason.
Heh, nope not me. But I would have had to take the other person to court if I wanted them to pay. Since it was halfway across the country, it would have probably been more expensive for me to do that than to pay the whole thing myself.
I suspect this is a common occurance everywhere. People make dumb decisions about who to trust, and they come back to bite them. (And yes, I'll admit what I did was dumb enough to be considered "Judge Judy dumb")
To anyone reading: If you ever find yourself getting into a situation like this, remember that verbal conversations mean nothing.
Exactly. More to the point, while a lot of the time credit issuers will protect you from bad things(tm), don't count on it, especially if you are deviating in even in the seemingly slightest degree from normal, "safe" use.
Even if you are able to sort things out in the end, the amount of time and overhead incurred will be substantial. The best way to avoid trouble is to avoid risk.
For example, loaning it to your friend to make a purchase. He/she makes other purchases on the card, well... you are screwed.
Here's a fun little story to amplify your point:
When I was young(er) and dumb(er) I once gave a phone card number to a friend in another state so they could call me in emergencies. I figured since it had a $50 limit I was insulated to a $50 dollar lesson even if they went insane and called Peru. Plus, it was a major issuer (AT&T), so I didn't expect problems.
Turns out, nope, I wasn't protected at all. The "friend" turned out to have emotional problems and abused the hell out of the card. The phone company was more than happy to let $2500 bucks worth of charges accrue. The fun part was that I was liable because I had given a third party the original access. The _really_ fun part was that when I discovered this was going on (and there was only like $350 charged), I tried to get the charges stopped. I tried reporting the card stolen, explaining the situation, pleading with the issuer, etc... Nothing worked. They told me it would take at least 7-10 days to put a stop on the card because "these things take a while to filter through the system." (bear in mind this was a "global communication company") So even though the issuer knew the card was out of my control, and going vastly over the "limit" (which I was told was actually a "suggestion") they let it run up for more than a week.
The point here, is that if you haven't done something dumb, you usually have no problem with any sort of fraud. If you have, I suspect sometimes the issuing companies let you get dug into as deep of a hole as possible because they know you are on the hook and have no recourse.
So when you do get bitten, even by doing something which seems not to be a big deal, it can bite you VERY hard.
I totally agree that "cracking contests" are a bad way to demonstrate "security", but I don't think that is the purpose of this event. (It's a little hard to say because TFA is a bit sparse...)
The experts and auditors who actually can evaluate a system for "security" have to come from somewhere. Usually these people start off as tinkers, hobbists, and other amateurs. The big problem is how does an amateur gain experience without breaking the law? When I was in college I had to go to great lengths to get approved access to a SunOS box I could poke at with the owner's permission. I wanted to explore things, but didn't want to break any laws or ethical principles.
I think this is just for fun. Breaking into your own system that you know how you secured is boring. The chance to have a third party set up a system and openly invite you to try and break it is rare, and for some people probably very welcome. This sort of event helps ethical people hone their skills and nutures the next generation of experts and auditors.
And finally, I don't want to disagree with Bruce Schneier (because he could crush me with his mind) but these contests do produce useful data if someone tries something which wasn't previously known. I beleive the context of the quote you provided makes that clear.
Well, I agree that if Google starts ranking these derived results more highly than ones which actually contain the search terms it could be annoying. If I do a search for say "Roofer Austin" and there are no roofers in Austin found, I'd rather have something related like "Contractors Central Texas" returned than nothing at all. If for no other reason that it helps me reword my search.
I do agree it should be an option though. Google (in my opinion) has been pretty good about not being obtrusive, so I suspect they won't piss people off with this.
I'm far from a astro-physicist, but I don't think "cutting the lines" is really going to help much. I think it's a safe assumption that the sail is going to have a much smaller mass than the "payload". Cutting the lines just slightly reduces the amount of mass, and therefore only slightly decreases the energy required to counteract the inertia built up.
Actually, I suspect the minute drag the sail might encounter as it approached a atomosphere might help. (Not in the atmosphere, but the density of particles in space increases closer to planets I think...)
Actually, most politicians have "secret" personal accounts as well. My wife used to work at capital in DC. The main $congressman@house.gov account is monitored by staff, but there is usually also something nondescript like rxq223@house.gov which goes to them personally.
You'd also be amazed how many people you have heard of are reachable at some simple variation of $theirname@yahoo.com. When I was helping add a candidate's address book into a database, I had to keep asking if certain entries were a joke. (e.g. "you're kidding, I can mail Janet Reno at janetreno@yahoo.com and it's really her?!?")
(obviously I made all the email addresses in this post up, so don't try mailing them...:) )
I have no idea about Canada, but we pay a surcharge on blank media here in the US as well. It's supposed to be because the blank media could be used for duplicating copyrighted material, but ironically you're still breaking the law if you do.
It's one of those quaint fees the various media industry lobbys have managed to hang on to along with things like the "breakage" fee taken out of artist's profits. (Which is a holdover from when phonograph records tends to break in shipping. Of course modern media doesn't have this problem, but the fee is still assessed)
You gotta love having your cake and eating it too...
So I laughed out loud at this comment, and read it to my officemate (who has read the headline, but not the article...) A short time later I am reading the rest of today's articles, and come across this picture and say: "Crap, look at those things" My office mate looks over at my screen and sez: "Those are the robots they're giving to Japanese old people!?!"
Sadly, this may be slightly true. I work with someone who spent some time at the South Pole. He's done the 300 club thing, but if I remember correctly, it was "take a sauna and then jump in a hole in the ice" There was a fairly elaborate proceedure for fishing the person out too. (I'm repeating something he told me years ago that I dimly remember, if I knew the Choctow, I'd use the correct tense...)
Anyway, he said that one of the motivators was that after a few months in camp, there was a fair amount built up sexual frustration, and the 300 club is co-ed. I don't know if there are attractive researchers at the Pole, but the implication was that after a few months of freezing your butt off, any thrill is a welcome diversion.
That is an assumption, of course. Perhaps that is indeed how it should be, but Google has no special significance in law, nor any special rights to do things other can't just because they're currently the biggest player in the search engine game.
I completely agree that Google has (and should have) no special legal status. If my understanding and experience with Google's image search is correct, images are thumbnailed in a relatively low-quality format and a link is provided to the original image. (Along with some simple "the content of the link may be copyrighted" disclaimer). Now I think (without being a lawyer) that "fair use" entitles anyone to exerpt any publicized work so long as the exerpt is of reasonably small size and quality.
There is a huge difference between a tangible good and intellectual property. When you steal a tangible good, the rightful owner loses his ability to use the good completely. (I have a TV, someone steals it, I have no TV) If someone duplicates intellectual property illegally, the original owner's ability to "use" the property isn't diminished, although the value of the property may be impacted. (I have a photograph of bigfoot I plan to sell, someone copies it and then freely distributes it, I still have the photo but it probably isn't worth nearly as much...) The rightful owner of infringed intellectual property is certainly entitled to some sort of compensation, but this should come from the infringer, not from a third party acting in good faith. Since Google indexed in good faith, and paid nothing, Google shouldn't be liable.
I'm not sure Google should be required to "purge" its archives either. Even if Google used full-resolution copies of the image, I tend to feel that once something is put in the public domain (rightly or wrongly) it can't be removed. Imagine if I stole your secret photograph of bigfoot, and made a giant billboard of it. You would be well within your rights to make me take the billboard down and sue me for damages. However, I don't think you should be able to go to all the news stations which shot footage of the billboard and have them turn over all their tapes and not show a story about the billboard that includes a shot of it.
That's true. On the other hand, they benefitted from numerous other search engines before Google, and if Google fell, they'd benefit from plenty of others who'd follow afterwards, too.
And oobviously it's a two-way street. Whether or not you agree with the nature of their content, it is beyond question that the porn industry has contributed more innovation to the web than many of its other residents. I imagine, though I have no facts to back this up, that a rather significant fraction of Google's visitor base comes because of that porn industry (no pun intended).
I totally agree with you as well. It just rubs me the wrong way (no pun intended either) when someone who is all to happy to benefit from a technology turns around and claims "unfair" the moment it is used in a way which causes them a headache. Google has done a lot to defend free speech. The fact that this case is about a "porn" site doesn't matter to me any more than if it was about a "clipart" site or a "non-profit-save-the-world" site. As you said, it's a two-way street.
Perhaps you're right, but this is a very odd argument to make if your general principles are anything like mine. Google is effectively an unregulated near-monopoly that has far more power over the web than others. People object when, for example, Microsoft leverage a similar status to get bad HTML all over the web that only works with IE. They cheer when others find ways to work around IE's problems. Why does Google merit such support where others in similar positions have not? (Or do you disagree with that particular principle of mine?)
I don't think the point is that stealing image is "socially acceptable". The porn industry is facing the same problems as the **IA's: digital distribution isn't easily controlled.
Even if the porn site secured itself well, a single paid subscriber could download all their content and then upload it somewhere else. I suppose the site could employ something like watermarking to track the violator, but there is nothing they can do to prevent the violation.
Google is an innocent bystander that happens to be easily identifiable and has deep pockets. If the site which mirrored the images doesn't tell Google "don't index me" then Google has every right to index it. If the content isn't properly owned, the issue is between the content owner and the person who is violating their copyright.
The porn industry (like so many others) has benefited greatly from Google. Additionally, it's one of the communities which tends to try and "trick" the engines into higher rankings more often, so I don't have a lot of sympathy for them.
In this particular case, a site stuck with a large (and generally unsolvable) technical problem is lashing out at a third party out of anger. I don't think that is socially acceptable either.
Slashdot Mirror
What about plugins then? You can do just as much damage with a badly written plugin as any extension.
Any time you allow a third party to contribute to a product you either have to severly limit what they can contribute or make the user aware that they are putting their security in the hands of the third party.
If you limit the API, you end up with something most people won't use. If FF said: "everybody in this limited sandbox" then it would get bashed for not supporting plugins.
I went to college with a guy who later went to work for one of the major backbone providers in the US. He claims that their standard response included having an armed "entry team" clear the area before the techs could get in.
He had great stories about how one guy on the team didn't have his carry permit yet, and thus was given a huge can of pepper spray which he brandished like it was the only thing standing between him and impending doom.
My friend did a great job described how this "entry team" would kick in the door to some wiring vault somewhere, guns drawn, flashlights out, like some nerdy SWAT team, even though the "enemy" was almost always a rat or squirrel staring back at them.
I have no idea if any of this is true, but it made a great story. Especially the details about how the armed guys always told the pepper-spray guy that one day, they were going to come up against some knife-wielding anarchist, who would gleefully cry "Ah-ha! Pepper-boy takes the point again!" as he fell upon them. (Best said in a corny fake French accent)
So just port filtering doesn't work. The next idea is to do stateful packet inspection. Every router looks at the contents of every packet to determine if it is part of the IRC protocol.
Ok, this would work, except it would be unacceptably expensive to implement. Plus, I beleive that some (most? all?) IRC servers support SSL and possibly IPSEC. So the packets are encrypted using SSL, and using some non-obvious port. (like say, port 443) At this point, it is very hard to distinguish between legitimate HTTPS traffic and IRC traffic. I suppose you could look at the packet sizes and do traffic analysis on the flows, but you'd still have problems with other legitimate services running over HTTPS. (Like VPN proxies or Java Applets, or Flash)
So, even if IRC is the root of all evil in the world, it's not possible to just "not allow" it.
(Sorry for the rant, I'm getting over being sick and still a bit punchy)
I could mod you down, but instead I'll just politely suggest you RTFA. I'm not a Dvorak person, and I don't plan to become one, but the article actually has a lot of documented advantages complete with citations. Just sayin...
Well, I'm not a lawyer, but here's how I see it:
If there is value to a secret, and that secret is compromised, then you have deprived the secret's owner of the secret's value.
If I'm an author, and while I'm writing the highly anticipated sequel to a book, and someone breaks into my house, reads the surprise ending, and then broadcasts it to the world, they have stolen. If they make xerox's of the last chapter, and then hand those out, they have stolen AND infringed. If I publish the book, and they make xerox's and hand them out, they have infringed, but not stolen.
Most data is "born" with a copyright, but additional restrictions can be placed on top. Without the patient's consent, the doctor can't legally publish a medical records. If I break into a doctor's office, and make a copy of all the patients' charts, I have committed theft.
One last example. Recipes can't be copyrighted in the US. But the formula for Coca-Cola is still secret. If I break into the secret Coke vault, and make off with a copy of the formula, I've stolen it.
I think that to "infringe a copyright" someone already has to be exercising their right to make copies available. (again, I'm not a lawyer) Cisco didn't make their code available, so it was stolen. Infringement is an escalation of privilege, theft is the unlawful attainment of privilege.
I know you're trying to be funny, but I think you're missing something basic. The reason this is "theft" and not "infringement" is because the intruder made a copy of something not generally released. (the source code).
In the music world, if someone buys an album, and gives copies to his or her friends, he is violatating the artist's right to control copies. (i.e. their "copyright"). If that same person hacks into the artist's recording studio, and downloads unreleased tracks, the artist has had those tracks stolen. It is a "theft".
Okay, I agree that in some conditions stopping distance isn't the be-all and end-all of safety, but I still care deeply. The problem isn't "good" drivers. The problem is average-to-poor drivers. Knowing what to do in a panic and actually doing it are two very different things. Almost everyone knows you "steer into a skid" but how many people do that instinctively?
The problem is that most drivers are going to react linearly to threats. Basic amimal instinct is to stop and assess. Steering out of a situtation, or even speeding up to avoid a crash are often viable options, but they require that the driver have awareness and confidence not only of the road in immediately in front of them, but also to the sides and behind them. The simple truth is that 90% of drivers don't pay that sort of attention consistantly. When something unexpected comes up, they hit the brakes. "Slow down, let me think" is too deeply ingrained of an instinct to train around.
Traffic laws have to be made for the lowest common denominator. Unfortunately, this is often the distracted parent in a huge vehicle full of screaming kids with a cell phone in his or her ear. I don't like it, but I don't think there is anything which can be done about it.
While I don't personally get all concerned about the current proof of ID to fly laws, I can see how they are a slippery slope. First of all, as many have pointed out in a much more elegant fashion than I can, why the heck does anyone need to know who is travelling where on an airplane? I understand the need to check for weapons, but what makes air travel so special? So long as there is a decently secure door between the pilots and the passengers, the number of people who can be killed by a terrorist on board is probably lower than the number of people the same terrorist could kill in any other crowded place.
The problem is that the government is intruding into places they don't need to be, and costing us money at the same time. This one item isn't a huge offense, but little things add up over time, and I'd prefer to see this nipped in the bud.
(I realize you likely agree with some/all of this, but you're thread seemed as good as any for a comment.)
And what views does the President have on signalling protocols? Do you honestly think the things discussed at these meetings have anything to do with Republican or Democratic views? Do you really think Bush (or Kerry) could even follow the discussion, much less have meaningful views?
If you're doing something scientific, you don't kick the best scientists out because they voted for the wrong party. That sort of action is counterproductive and shortsighted. (And I'll remind you a lot of our best scientists, such as lot of the brains in WWII became "ours" because their countries acted similiarly)
All of those totalitarian regimes didn't allow ANY dissent, didn't allow any other parties (the only legal political party in the Soviet Union was the Communist Party!)
Well gee, I guess since we don't flat out outlaw a party, we're okay then. I mean, it's not like there is a slippery slope here... Maybe we should let all the soldiers who voted for Kerry go home because they voted wrong.
Winning an election means you get the office, it doesn't mean you get to piss all over the losers. Bush won the election by a narrow margin. Good for him, but now he is in charge of representing the best interests of the entire country, not just the people that voted for him. No other president has been so petty, so vindictive. Anyone who wants the title of President of the United States of America needs to put aside this sort of childish crap.
I'm not a zealot, but it takes an awful lot to convince me to use a product which doesn't support my OS of choice -- Linux. The usability and ease of TurboTax won me over. It's obvious they have spent tons of money and hired some really good UI designers. The entire product is aimed at making the customer comfortable.
When I finished my taxes, I got a pop-up asking me to take their user survey. After a brief moment of thinking "ewww... a pop-up" I decided to to take it because it might be good place to drop a hint about supporting Firefox, etc... Generally I try to take feedback surveys if I have time.
The contrast between the well thought out design of the actual app and the absolutely horrible design of the survey was astounding! Endless pages of "Rate on a scale of 1 to 10 ... 1 being not at all, 10 being extremely important" I didn't count, but I got through at least five pages of 15 or so questions each before I bailed out. The worst part was the questions were stupid. I understand the need for baseline questions, but there were tons of questions like "how important is it the program does math correctly?"
It seems that the actual tax application is a wonderful, well-designed, user-centeric application. On the other hand, the company surrounding it seems to not respect or understand their customers at all. (See the DRM-like fiasco a few year back)
But regardless of if it is the military or Captian Bob's Waffle House and Screen Door Factory, my question stands: If one party extends GPL'ed software and gives/sells it to another party, the first party must provide source to the second party, but neither party has to give a third party anything. Correct?
The source provision of the GPL only requires than you can't give someone a binary without also giving them the source at no more than reasonable media costs, correct?
For example, let's say a company extends a GPL application for in-house use. They don't have to give that code, binary, source, or otherwise to anyone. But if they decide that they want to give it to company "B", they have to give "B" a copy of the source (if "B" wants it) and they can't put any restrictions on what "B" does with it. ("B" still has to follow the GPL, of course...)
In the actual story, if LynuxWorks uses GPL code, and they sell it to the Pentagon, LynuxWork's only obligation is to provide the Pentagon with source if requested. The only way Joe Citizen is going to see this code is if LynuxWorks decides to give it to someone who then decides to redistribute it. (Which is unlikely...)
Is this correct?
There are actually some very nice markup (in the editing sense) tools in Acroread 7, and I had no problem at all using it on Fedora 3. I never managed to crash or hang it, and it was really fast.
I've always used xpdf and friends in the past, but I think I'm going to come to perfer the actual Adobe app now.
I do have one issue with the product: there is an animated advertising button in the top-right of the menubar which changes pitches peroidically. ("Acrobat Reader 7.0" "Try Acrobot for Free!" etc...) This is a bit annoying when you are concentrating on the document and something is flashing in the corner.... There is also a "Search the Internet using Yahoo" button which makes me uneasy for no good reason.
I suspect this is a common occurance everywhere. People make dumb decisions about who to trust, and they come back to bite them. (And yes, I'll admit what I did was dumb enough to be considered "Judge Judy dumb")
Exactly. More to the point, while a lot of the time credit issuers will protect you from bad things(tm), don't count on it, especially if you are deviating in even in the seemingly slightest degree from normal, "safe" use.
Even if you are able to sort things out in the end, the amount of time and overhead incurred will be substantial. The best way to avoid trouble is to avoid risk.
Here's a fun little story to amplify your point:
When I was young(er) and dumb(er) I once gave a phone card number to a friend in another state so they could call me in emergencies. I figured since it had a $50 limit I was insulated to a $50 dollar lesson even if they went insane and called Peru. Plus, it was a major issuer (AT&T), so I didn't expect problems.
Turns out, nope, I wasn't protected at all. The "friend" turned out to have emotional problems and abused the hell out of the card. The phone company was more than happy to let $2500 bucks worth of charges accrue. The fun part was that I was liable because I had given a third party the original access. The _really_ fun part was that when I discovered this was going on (and there was only like $350 charged), I tried to get the charges stopped. I tried reporting the card stolen, explaining the situation, pleading with the issuer, etc... Nothing worked. They told me it would take at least 7-10 days to put a stop on the card because "these things take a while to filter through the system." (bear in mind this was a "global communication company") So even though the issuer knew the card was out of my control, and going vastly over the "limit" (which I was told was actually a "suggestion") they let it run up for more than a week.
The point here, is that if you haven't done something dumb, you usually have no problem with any sort of fraud. If you have, I suspect sometimes the issuing companies let you get dug into as deep of a hole as possible because they know you are on the hook and have no recourse.
So when you do get bitten, even by doing something which seems not to be a big deal, it can bite you VERY hard.
(And yes, I ended up paying the whole bill...)
The experts and auditors who actually can evaluate a system for "security" have to come from somewhere. Usually these people start off as tinkers, hobbists, and other amateurs. The big problem is how does an amateur gain experience without breaking the law? When I was in college I had to go to great lengths to get approved access to a SunOS box I could poke at with the owner's permission. I wanted to explore things, but didn't want to break any laws or ethical principles.
I think this is just for fun. Breaking into your own system that you know how you secured is boring. The chance to have a third party set up a system and openly invite you to try and break it is rare, and for some people probably very welcome. This sort of event helps ethical people hone their skills and nutures the next generation of experts and auditors.
And finally, I don't want to disagree with Bruce Schneier (because he could crush me with his mind) but these contests do produce useful data if someone tries something which wasn't previously known. I beleive the context of the quote you provided makes that clear.
I do agree it should be an option though. Google (in my opinion) has been pretty good about not being obtrusive, so I suspect they won't piss people off with this.
Actually, I suspect the minute drag the sail might encounter as it approached a atomosphere might help. (Not in the atmosphere, but the density of particles in space increases closer to planets I think...)
You'd also be amazed how many people you have heard of are reachable at some simple variation of $theirname@yahoo.com. When I was helping add a candidate's address book into a database, I had to keep asking if certain entries were a joke. (e.g. "you're kidding, I can mail Janet Reno at janetreno@yahoo.com and it's really her?!?")
(obviously I made all the email addresses in this post up, so don't try mailing them... :) )
It's one of those quaint fees the various media industry lobbys have managed to hang on to along with things like the "breakage" fee taken out of artist's profits. (Which is a holdover from when phonograph records tends to break in shipping. Of course modern media doesn't have this problem, but the fee is still assessed)
You gotta love having your cake and eating it too...
Anyway, he said that one of the motivators was that after a few months in camp, there was a fair amount built up sexual frustration, and the 300 club is co-ed. I don't know if there are attractive researchers at the Pole, but the implication was that after a few months of freezing your butt off, any thrill is a welcome diversion.
I completely agree that Google has (and should have) no special legal status. If my understanding and experience with Google's image search is correct, images are thumbnailed in a relatively low-quality format and a link is provided to the original image. (Along with some simple "the content of the link may be copyrighted" disclaimer). Now I think (without being a lawyer) that "fair use" entitles anyone to exerpt any publicized work so long as the exerpt is of reasonably small size and quality.
There is a huge difference between a tangible good and intellectual property. When you steal a tangible good, the rightful owner loses his ability to use the good completely. (I have a TV, someone steals it, I have no TV) If someone duplicates intellectual property illegally, the original owner's ability to "use" the property isn't diminished, although the value of the property may be impacted. (I have a photograph of bigfoot I plan to sell, someone copies it and then freely distributes it, I still have the photo but it probably isn't worth nearly as much...) The rightful owner of infringed intellectual property is certainly entitled to some sort of compensation, but this should come from the infringer, not from a third party acting in good faith. Since Google indexed in good faith, and paid nothing, Google shouldn't be liable.
I'm not sure Google should be required to "purge" its archives either. Even if Google used full-resolution copies of the image, I tend to feel that once something is put in the public domain (rightly or wrongly) it can't be removed. Imagine if I stole your secret photograph of bigfoot, and made a giant billboard of it. You would be well within your rights to make me take the billboard down and sue me for damages. However, I don't think you should be able to go to all the news stations which shot footage of the billboard and have them turn over all their tapes and not show a story about the billboard that includes a shot of it.
I totally agree with you as well. It just rubs me the wrong way (no pun intended either) when someone who is all to happy to benefit from a technology turns around and claims "unfair" the moment it is used in a way which causes them a headache. Google has done a lot to defend free speech. The fact that this case is about a "porn" site doesn't matter to me any more than if it was about a "clipart" site or a "non-profit-save-the-world" site. As you said, it's a two-way street.
I suspect I do agree with your principles, but
Even if the porn site secured itself well, a single paid subscriber could download all their content and then upload it somewhere else. I suppose the site could employ something like watermarking to track the violator, but there is nothing they can do to prevent the violation.
Google is an innocent bystander that happens to be easily identifiable and has deep pockets. If the site which mirrored the images doesn't tell Google "don't index me" then Google has every right to index it. If the content isn't properly owned, the issue is between the content owner and the person who is violating their copyright.
The porn industry (like so many others) has benefited greatly from Google. Additionally, it's one of the communities which tends to try and "trick" the engines into higher rankings more often, so I don't have a lot of sympathy for them.
In this particular case, a site stuck with a large (and generally unsolvable) technical problem is lashing out at a third party out of anger. I don't think that is socially acceptable either.