...especially if this device is coupled with small pieces of metal/steel called "Keys", which can be used to lock the door using a complicated mechanical procedure.
Do you have any clue why companies have gone to electronic lock systems? Let's see:
Keys can be duplicated, rather easily. Buying the appropriate blanks is relatively simple for those really wanting them, and you can purchase the appropriate files in any Home Depot, Ace Hardware, or equivalent.
There is no access audit. You don't know who, and when, a person went through a particular door.
People lose keys. In a mastering system, the loss of a mid-level key can cost thousands of dollars to re-key. (Of course, that limitation keeps my locksmith neighbor busy, busy, busy!)
If a supervisor neglects to get all the keys a terminated employee has, that counts as a lost key, at high risk if the employee was fired and s/he doesn't take it well.
The complex mechanical device associated with the Key is called a Lock, and the design of most locks enable it to be defeated by turning a handy control which puts it in a failure-null state; even without the control, the Lock can be defeated with Duct Tape or other readily-available blocking device.
Of course, there is a defeat for the Door as well: the Door Stop. How many times have I approached a secure area only to find that some lazy person has employed a Door Stop to completely defeat the security provided by the Door?
My understanding is that in most companies less than 4000 employees worldwide there isn't really any physical security, except perhaps a "Facilities Manager" and a load of useless "Security Guards".
Perhaps you don't know your audience. Have you any clue how many SlashDot readers are "useless 'Security Guards'"? How many of us wear down shoe leather for pay that is lower then that earned by a burger flipper? Even the gun-toting ones typically earn $13-15/hour.
Perhaps you are one of the people that make those "useless" security guards necessary. For example, how many times have you consumed alcohol to excess and bothered the other customers excessively? Have you extended the concept of piracy to include shop-lifting? How about your place of employment: ever though that a piece of office equipment would look better in your house than at your workplace?
Just to give you an example, the US Bankruptcy Court trustee determined that $15K/month for 24/7 guards on a property for asset protection during the process was money well-spent...and the Judge agrees. Of course, those "useless" security guards are protecting roughtly $1.5 million in highly-resellable assets, plus another $1.8 million in structure cost, from theft, destruction, or vandelism.
Did you know that in many states the protection jobs -- private investigator, polygraph operator, security guard, and security consultant -- are licensed and regulated? Check your state laws; in Nevada it's NRS 648. Who knows, you might be breaking the law and don't know it.
And honestly, if you don't have your work done by the time
you catch the plane to your distant meeting, the chances of you being ready are slim-to-none anyway.
When I was "commuting" from Newark to SFO while working for InfoWorld, I would complete a column while in the air. (Toshiba T1100+ could run eight hours on a single charge -- amazing what a non-backlight display and no hard disk could buy you.) Climb on a plane with my research in hand (some printed, some electronic), get into Borland Sidekick, and have at it. At SFO, my editor would meet me at the gate, do a quick once-over while my bag was making it to the luggage carosel, then off to the office to uplink. Worked like a charm.
When I was involved with the Telecommunications Industries Association technical subcommittee TR-30.3, the morning before the meeting was, er, interesting, as the committee members would organize an early-morning "Kinko's Party" so that everyone could get their contributions, honed and polished on the plane, printed and copied. A lot of V.34, for example, was done on airplanes.
So, like most generalizations, yours isn't worth a damn. (With apologies to Oliver Wendell Holmes, and also to Mark Twain.)
Silicon Valley is a subset of the Bay Area; basically a small strip that surrounds a lot of water (the Bay).
When I was working in Silicon Valley, I found the working conditions to be very dry indeed, and the lab I worked in needed static control to minimize damage from ESD.
The air outside may have had a lot of humidity, but the air-conditioned inside air was very, very dry because the place refused to put in humidification equipment to compensate for the dehumidification effect of the A/C. Something about needing to service it too often because of salt buildup, as I recall, and at worst the "problem" caused by airborne particulates. It doesn't have to be the SF Bay area to be true; you can be in Louisiana or Florida and still have ESD problems in your factories and labs and offices.
It is Mojave when you look at humidity levels. Or worse.
On the other hand I thought CG actor Yoda in SWII felt more alive than several of the other actors.
But, but, but... you don't compare the CGI Yoda to the hand-operated muppet Yoda. Not having seen the latest Star Wars "epic" I have no basis to have an opinion (trailers are not enough, but my first impression is not a good one) so it would be nice if you would be more descriptive in your review of the process.
I've been vexed that the sound card plus CD-ROM drive combination always shows signal at around -50 dBVU in CoolEdit. So, just for grins, I decided to capture a few seconds of the noise and analyze the properties. I was astonished to see that the resulting signal is a white-noise pattern with a slight emphasis at the high end (when sampled at 44 kilosamples per second). In short, it looks like diode noise with a 4 kilohertz square wave thrown in.
That suggests to me that this would make a fair source of random samples, especially after you slot out the interfering signal.
How many computers don't have cheap sound cards and CD-ROM drives?
Apache needs real per connection, per user, and per IP rate limiting. mod_throttle and everything else I've seen has to starve connections after they
perform too well. How about something that hard limits connections to 2mbps/sec. I will pay for anything that can do that for Apache today...
Then head for eBay, because a moderate-cost solution to your particular problem (limiting all web traffic to 2 megabits/s) is available for two bids and some cable work: buy two Ascend Pipeline 130s and run them back-to-back with a T1 cross-over cable. Another advantage of this solution is that your web server can be located near the webmaster, up to 5000 feet (without repeaters) from your network access point. Indeed, if you partition all of your services (mail, news, web server, ftp server) then no one service can completely swamp your connection.
Don't like using T1 routers? Then get a moderately powerful Intel computer, install enough Ethernet interfaces to satisfy your needs, load up a modern Linux distribution with 2.4.18 kernal and IPTABLES, and set up rules that will traffic-limit to the interface to which you connect your Web server. If you are like a lot of people who run multiple servers on the same box, the rules can "customize" the throttling by service. Not only that, but you can throttle by direction as well: incoming HTTP could be limited to 30 kilobits/s while outbound HTTP could be limited to 3 megabits/s -- that takes care of some of the problems with DoS attempts on HTTP. The same can be done for other services, such as FTP, mail, and IRC. The amount of control that IPTABLES provides is, well, interesting.
(Yes, I know that the *BSD people have something similar, but I know the IPTABLES stuff better and have seen it work.)
C'mon, people, this isn't all that hard to do if you think and are willing to put a little money where your wishes are.
We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.
Pretty words, Mr. Levy and Mr. Ahmad. Now where is the proof?
Those of us who are working journalists remember the transition of ABC News under Roone Arlege from Cronkite-esque "news" to "entertainment" -- and know that "independence" is a very fragile concept, one that can be crushed very quickly and with little fanfare at any level including the board room. All it takes is one vote of no-confidence on the part of the management to completely change the editorial head, and thus the independence of SecurityFocus. You most likely mean well -- can the same be said of your bosses? Can you point to one Symantec acquition that proved that editorial independence has been achieved in the long run?
I was an expert witness at a multi-million dollar trial because a well-respected computer magazine's editorial staff prostituted themselves to shore up a bad space-sales management decision. It only takes one episode to sully the good name of a publication. (The name of the publication is withheld from public statement to protect the guilty and to keep me out of civil court for defamation.)
I'm happy you were able to get a pile of money, but don't think that SecurityFocus will be viewed the same way. Now, if you had made the sale to an outfit like O'Reilly, the SecurityFocus name would have retained its luster and elan in the industry.
All good things must come to an end. Thanks for all the fish.
These are the comments of Stephen Satchell, Satchell Evaluations, Incline Village, Nevada. Mr. Satchell is a long-time writer of technical articles for computer magazines, and also for the past 25 years records and sells audiorecordings. This comment attempts to provide his answers to the four questions put forward by the workshop committee.
BACKGROUND COMMENTS
The notion of gratuitous intellectual property theft by technical means has a long history in the United States, and this history has been one of copyright owners grossly overstating the effects of technological advancements. Let's look at the high points:
a) The development of high-fidelity tape recording equipment at prices affordable by individuals led to the belief that people would stop buying audiorecordings in the retail channel. Instead, so went the belief, people would tape the music they liked from public performance over the many radio stations in the United States. This belief was so strong that the recording industry assumed that consumers were guilty until proven innocent, which led to the imposition of the "recording tax" on blank recording tape. When the cassette tape was developed, a tax was placed on this media as well. This tax model continues to this day, with governments around the world placing a tax on all recording media that can be used for music, including CD-ROM media. As a professional recording engineer, I paid that tax without ever receiving any of that tax that was supposed to compensate me for any illegal duplication of my copyrighted works.
b) The invention of xerographic copying, which permitted the creation of high-quality copies on plain paper, generated fear that publishing was going to go under. The book industry, in particular, became worried that widespread use of xerographic copying would destroy their industry. Before xerographic copying, photocopying and thermal copying were the principal methods of making copies without re-keyboarding. The cost of the former and the poor quality of the latter kept either of them to be a perceived threat. With the development of plain-paper copying, the book publishers feared that there would be widespread copying of books and other written materials, with a reduction of revenues and disruption of the royalty system. I have never seen credible evidence that any such revenue impact or royalty impact ever occurred. As an author of a book, I find that the lack of royalties paid to me have far less to do with illegal copying and more to do with "creative" accounting.
c) The development of video tape recorders and media inexpensive enough and simple enough to be used in the home cause the movie industry the same panic that the audiotape development did to the record industry. The problem as perceived by copyright owners here went beyond illegal copying: the television broadcast industry was very concerned about "time shifting" and the impact on competition between TV networks and stations within a market area. No longer could TV executives schedules the presentation of shows to weaken the performance of a competitor's show -- people would watch one and tape the other, viewing the second show at a later time.
d) The development and deployment of DVD video took the movie industry's fear of rampant copying to another level. The claim is that with analog video you are limited by the number of generations of copies you can make before the copy becomes unacceptable to the potential consumer. With DVD, however, you can make any number of copies without any degradation in the quality of the copies. There is a parallel fear with DVD-audio within the record industry. (Note that none of the technical solutions offered to date for "protecting" DVD and DVD-audio address bit-copying of disks by content-ignorant hardware.)
e) The evolution of the personal computer and the Internet gave birth to peer-to-peer sharing networks, in which a small but sizable number of consumers placed copyrighted works "in play" so that people could obtain exactly what they need. This is a packaging issue: if you like one cut of a CD, the sharing network let you ignore the other 20 tracks you didn't like. The problem here is that the sharing completely bypassed all existing mechanisms for compensating the artist(s) as well as the production companies. This factor appears to be the root cause for this workshop to be held.
f) The expressed desire for recording companies, movie companies, and even book publishers to move away from the first-sale doctrine, and instead enforce a pay-per-play model on consumers. In this environment change, you would be required to pay for each viewing, hearing, or reading of copyrighted material. Proposals range from imposing time limits on access to actually charging per play/view/reading. This effectively tries to place the same kind of turnstile on material in the home or private automobile that currently exists for material performed in theatres and concert halls.
g) The Founding Fathers of the United States made it clear that the Constitutional grant of limited monopoly was to benefit the generator of intellectual property. The current business models do not reflect that intent, nor do they reflect the further intent that the monopoly is to be a LIMITED one.
With this background in place, let me comment on the four questions.
1) The effectiveness of efforts to pursue technical standards or solutions that are designed to provide a more predictable and secure environment for digital transmission of copyrighted material:
Both government and private-sector organizations have shown that the current technology can provide very effective technical solutions designed to provide a secure environment for digital transmission of material. Some of the solutions are even made available without a requirement for payment of royalties; see in particular the availability of OPENSSH as a protection vehicle for secure transmission of data over the Internet.
The problems I see in the efforts to date are these: expectations of protection, competence of the people who develop the "solutions", a failure for the protections currently in place to protect the root source of the copyrighted property, the authors, composers, screenwriters, performers, and others involved in the creative aspects of the copyrighted works, and a failure to acknowledge the time limits of copyright.
The DVD Content Scramble System (DVD CSS) was broken because the system used a flawed cryptographic scheme for protection. Interestingly, the failure of a vendor to properly encode keys affected not the ability to "crack" the system, but the amount of time required to do so. As more details about the scheme were published, the more the CSS system was shown to be flawed, both as a "protection" scheme and as a digital rights management scheme. Indeed, the CSS scheme did nothing to protect a DVD from being copied by a bit-by-bit copying of the disk. The CSS scheme did get in the way of any Fair Use of the copyrighted material, although with existing equipment in 2001 it's possible to extract an analog equivalent of the material so that Fair Use isn't severely impacted.
Nothing in the Content Scramble System or any other DRM system protects the original creator of the material, only the publisher. When the publisher goes out of business, what happens? When the publisher violates a copyright assignment agreement with a creator, how does DRM protect the creator?
Finally, the solutions proposed to date appear to be an attempt to circumvent the expressed intent of the Constitution that copyright is a LIMITED right, subject to term limitations. The DVD CSS scheme, for example, has no provisions for getting out of the way when the copyright term period has expired.
Any solution needs to be accessible to ALL creators and publishers of copyrighted material, with equal facility. This requirement has not been addressed to the best of my knowledge and belief. Also, independents such as myself have not been "invited to the table" to participate in DRM standard/solution creation.
2) Major obstacles facing an open commercial exchange of digital content
From my viewpoint, the biggest obstacle facing the commercial exchange of digital content is the lack of a means of exchanging electronic value for electronic content with high security and low transaction cost. There have been a number of efforts to deal with the so-called "micro-payments" question, but none of them have been successful at reducing the cost of transaction sufficiently to make low-cost (nickel-and-dime) transactions feasible, while maintaining acceptable security.
Another related obstacle is the unnecessary complexity surrounding compensation of the content creators. The existing business model calls for the publisher to make infrequent royalty payments on purchases of copyrighted content based on some publisher-imposed formula. A better business model would be for the consumer to pay the publisher and the content creator separately, With a low-transaction-cost payment system, any number of creators could be paid from the retail sale of the copyrighted work. Instant payment would eliminate the need for advances, and the fancy accounting that surrounds them. Marketing expenses could then be shared between publisher and content creator in the open, with all parties sharing the risks and enjoying the spoils.
In the music business, the reason that an album has a collection of songs is that it's about as expensive to produce a single (actually a "dual" in the old 45-RPM record days) as it is to produce a larger album with 10-20 songs on it. This continues to hold true with CD releases. The result is that many second-tier content providers produce one or two good songs and a bunch of mediocre ones for a given album. In the peer-to-peer sharing systems, consumers would "rip" the one or two good songs and make them available, leaving the remaining songs to languish (to my ear, in all too many cases justifiably so) in the limbo of non-play. In electronic distribution, there is absolutely no reason to continue this practice -- a content provider can publish a song when it's good (perhaps after test-marketing in concerts) and not make people buy the filler junk. Again, this is a business model issue.
Finally, in another business model issue, publishers charge more money than necessary for electronic delivery, at worst to wring every dollar of profit possible and at best to "protect" the retail outlets and their forty-percent mark-ups. Those mark-ups are necessary for the store to be able to pay the expenses of running a brick-and-mortar establishment, as well as carry inventory. If you have 1,000 record stores across the United States, you could have $800,000 per month in rent alone due. The comparable rent for an e-delivery service is around $16,000 per month -- yet the retail price of the e-distributed music doesn't reflect this difference. Such behavior encourages piracy because of the disgust it creates within certain members of the buying public, and to "redress the wrong" the consumer engages in a form of civil disobedience by making the content available to others, thinking rightly or wrongly that s/he has paid for the privilege.
3) What a future framework for success might entail
Responsibility. Responsibility both on the part of the consumer and on the part of the publisher. People won't steal if they feel they are getting value for their dollar or peso. Right now, the general feeling is that the value isn't there, that the executives are demanding guarantees that they aren't willing to offer their partners in content.
Recognition that 99 percent of the customers should not have to pay for the dishonesty of the one percent who will steal content no matter what. Recognition that no scheme will be perfect. Banks have resigned themselves to a certain level of loss in their credit card operations; entertainment publishing companies will have to live with the same realization.
Show that the content providers get paid for their efforts. How much of my fifteen dollars did the Doobie Brothers get when I purchased their CD? From the information I have at hand, I have to say zero dollars. The thinking then goes like this: "So if the record companies steal from the performers, then why shouldn't I steal from the record companies? Tit for tat." The entertainment press continuously tells us about how movie actors don't get paid unless they are big enough and nasty enough to demand a percentage of the gross revenues; the actors do the work and get none of the gravy?
Universality. Any system should be equally available to Fortune 50 and the garage publisher. The current dichotomy, especially as exhibited by my inability to receive anything from the "media tax" as a content creator in the audio world, is galling to anyone who keeps up with this sort of stuff.
4) Current consumer attitude towards online entertainment
I believe the attitude towards online entertainment have been shaped by the issues I bring up in my answers above: the entertainment industry is trying to gouge the consumer. When market forces don't work, the moguls run to Washington DC and demand marginally-enforceable laws be passed that assume that every consumer is guilty until proven innocent. A buggy-whip in every automobile?
The recent implosion of Web sites on the Internet has driven home the idea to Web-heads that "TANSTAAFL: There ain't no such thing as a free lunch." The surfers now realize that the content they see has to be paid for in some way. Unfortunately, that venue is hurt by the lack of a low-transaction-cost system of small payments. Once we have a way to make millicent payments, much of the problem of funding content disappears and people will expect to pay something...but not pay excessively.
If I purchase a concert ticket for $35 for a three-hour show, I expect to see and hear 120 minutes of music. That works out to roughly $0.30 per minute of song, or just under $1.00 per song. That includes visuals, a roof, seats (maybe), and the ability to hear fluffs by the performers. (Not to mention the chance for autographs after the show, if I'm so inclined.) When I purchase a CD for $15, I get 20 songs, or roughly $0.18 per song, of which $0.08 goes to the retail outlet, so the money to the recording company is $0.10 per song. Over the Internet, I'm paying for roughly half of the delivery system, so if I charge this delivery cost back to the publisher it reduces the retail price per song to around $0.07.
Anyone selling songs for that price over the Internet? How can you possibly? Every single transaction system on the planet would charge more than that just to carry the charge, and a check through the mail costs $0.37 for postage, about $0.15 for the envelope, and $0.25 to clear the check through the Federal Reserve System.
And what is the royalty, per song, to the content creators? I thought so.
Signed, Stephen Satchell
If the guy isn't watching pennies...
on
Buying Unix?
·
· Score: 2
Look here at an IBM server that runs Linux, is supported by IBM, and is a solution that is ready out of the box. Don't like 1U servers? There are other options. Then take a look at the Education page for information on how your institution can use its status to get what it needs.
Prices are higher, but you are buying the support your boss wants.
(I don't work for IBM in any way. One of my clients just moved to IBM solutions and I've been impressed with the service they received on it. Of course, the ISP is running Windows NT...)
The people who do use Embed (and I have) are the ones who really need it for their work, in my case it's creating electronic documents (PDF or Corel Envoy) to send off to whomever needs this or that report within the organisation.
(Cavaets: I used to work for Goss and Varityper, and am well informed about the history of electronic-font theft by printing houses and the older copyright law surrounding fonts. I do not claim to be up-to-date on all aspects of modern font copyright. IANAL -- I Am Not A Lawyer.)
Case law following the 1972 copyright changes made it clear that the actual letter shapes are not subject to copyright, and a cursory look at the various amendments to the Copyright Acts since 1992 indicate there has been no statuary change in this area. What is protected by copyright is the digital description of a font -- the electronic file. The contents of such files go beyond the description of how to draw the character; it also includes information concerning the placement of characters in relation to other characters, sizing information, and "hints" as to how to modify the rendering as you change size, among other things.
What a lot of people tend to forget is that the name of a font is protected by trademark law. That's why Apple used place-names for a number of its in-house-developed fonts, and why "Helvetica", "Swiss", "Ariel", and "Megaron" appears to be synonyms for essentially the same typeface. They are. The difference between the fonts they name is the source of the font.
So, by using "Helvetica" in your document, a trademark, you are acknowledging the source of the font. Helvetica is a registered trademark of Linotype-Hell AG and/or its subsidiaries. Adobe, for example, licenses the face from Linotype-Hell, and is most likely required by that license to limit distribution of the outline files to people who have paid for a license to use.
If your license for the font "Helvetica" does not include the right to embed the font in Portable Document Format files, then you are guilty of copyright infringement.
Unfortunately, the embedding of the outline information in a PDF does not meet the tests for fair use. Others have listed the requirements in this discussion; I leave it to you, Dear Reader, to apply the tests and see how they fail.
The DMCA implications of "embed" is, frankly, just icing on the cake. At the base of the problem is copyright infringement, and the unjust enrichment that comes from the infringement. One person made it clear that he "needs" to embed fonts to ensure that the correct outline, kerning, and master-modification information is used when reading the document, or the result is a "mis-proportioned document" that looks ugly. The person derives a financial benefit from embedding fonts, and this can be viewed in court as "enrichment." By exceeding the boundaries imposed by the font license, s/he is profiting from the copyrighted work of another. The fact that the infringement is internal to an organization is of little weight, as the company may be the one considered guilty of the infringement, not the individual, if the copyright holder can show that the infringer is working within the scope of his/her employment.
The argument that there is no copyright infringement when the document is printed on paper, and therefore there can be no infringement because PDF is "like paper," isn't going to hold up in court. The problem is that the letterform itself is not subject to copyright, and the version of the type on paper is the letterform. Contrast this to the version of the letterform in the electronic PDF document is in its original copyrighted form. If the PDF document were to be in the form of a compressed pixel map, like a fax, then there would be no infringement because the copyrighted work would not be embedded in the electronic document. Unfortunately, such a pixel map, even heavily compressed, would be considerably larger than the desired PDF form, and the resolution of the resulting document would be fixed at the one used to render the page.
This suggests one way to avoid infringement: render the document as an image. It meets most of the original requirements, although the resulting file will be bloated. Because the outline file is not distributed in any way, there is no copying, therefore no copyright infringement. For purely inside distribution over a fast LAN, the bloat issue isn't as much of a problem. Mail servers may need to be upgraded to deal with the larger file sizes, but with the cost of mass storage plummeting the delta shouldn't be painful at all. It's definitely cheaper than lawyers and lawsuits and damages.
The more direct path to avoid infringement is for that person needs to enter into a license with the original holder of the copyright for each typeface s/he uses to specifically permit embedding those fonts s/he uses into PDFs. There may be a license fee per font to do so -- this is a good thing, to reduce file bloat from too many font outline files, not to mention the cleaner documents that will result from reducing font clutter. If there is a distinct business necessity to use specific, copyrighted type faces, the cost of entering into a license agreement should be tolerable. After all, type foundries are in business to sell type, not to bleed customers dry. For that reason, shop around. Every type house/foundry has their versions of a Times newspaper face, a san-serif block face [Helvetica/Swiss/Megaron/&c], a mono-spaced typewriter face, and useful display faces, and their licensing requirements may be more in line with your needs than what Linotype offers. That's competition.
Don't like paying cash for the right to use a letterform? The shapes of the letterforms are not subject to copyright. There is nothing I'm aware of that says you can't print a font, letter by letter, scan the printed pages, and encode them into your own font outline file using any of the many font development packages available. Then you can embed to your heart's content. (Check with a competent intellectual property attorney before doing this.) Don't forget to use your own completely made-up name for the resulting font outline.
For those not willing to put in that kind of time, there is yet another alternative: investigate other type face sources. Donald Knuth has designed a number of faces, originally rendered in Metafont, which are
available as Postscript type faces. They are quite pleasant to the eye, and are very readable. Another source of potential type faces is the X Consortium, although I would check the license regarding typeface use outside of the X environment. A Google search showed there are a number of people who have contributed type faces to the public domain, as well as providing faces in a shareware distribution format.
I keep a daily-update mirror of the Red Hat updates for the "enigma" release, and as of yesterday (Thursday) the CD-ROM image for the updates is at 588,644,352 bytes. In other words, it's more than half of the original distribution. Further, upgrading all of the modules is a royal PITA unless you do a full install because of the hell of dependencies.
One reason I also tend to reformat and load a new version instead of update is that my IDS database is then rebuilt from scratch -- I know that my servers are not compromised at the re-install (of course I yank the Ethernet connections during the install) and I can re-establish a baseline. It takes longer, but I believe the extra effort is worth it.
Some people will complain about having to reconfigure everything. Some things, like my spam-blocking list, get carried over (I run PostFix). For some things like my Web server, I cut and paste from the old config to the new config the access control information; when I move to Apache 2.0 I will have to re-work this, but it'll be worth it.
And when 7.3 is released and the people on the bleeding edge have had time to spill some blood on it, I'll move up and start keeping a new mirror of updates...
What is your track record for keeping this sort of long-term committment, even in the face of change? Remember, the first casualty of a battle is the battle plan.
How can you say that you will be doing thus-and-so that far into the future? You stand a good chance of being side-tracked somewhere along the way, in which case telling your prospective employer that you will say "farewell, so long" at 15 months is not necessarily accurate.
Besides, you may learn that the job isn't what it was cracked up to be, and you leave long before the 15-month "promise". There are too many things unknown.
There is another possibility. You might not quit, but instead take an unpaid leave of absence... if you are good enough and valuable enough.
When I worked in a cube farm, I found myself working very odd hours. One of the main reasons I needed to do that was because I have a very bad habit:
I talk to myself.
Especially when debugging code.
This wasn't a problem in the minicomputer days, when each lab held four rather loud machines and there was enough space so my mutterings at machine 3 weren't audible at any of the other machines. When my desk became the lab, and the noise level was much, much lower, I used to get complaints about my dialog with myself. (I used to be ribbed about it, too. No, I won't elaborate.)
Now, what I have found is the floor-to-ceiling cubes are very nice for people like me -- cheaper than a "hard" office, and it contains the noise quite well. With the proper layout of openings, you don't even have to have doors.
I'll be interested to hear if the bean-counters don't squash you flat...
Ok, so what happens when you live in an apartment in the inner city and one of the neighboring businesses decided that they wish to use this technology
to make their restaurant peaceful for the customers?
If we were dealing with high power or [comparatively] low frequencies, you would have a point. Frankly, the metal used in commercial buildings tends to block RF at the frequencies used by cell phones -- unless the building owners specifically take steps to make the signal available within his store.
Jammers don't need to be powerful to be effective. When the building's walls attenuate the signal 30-40 dB already, it doesn't take much radiation inside the cage to completely mask the signal from the cell site, and result in a "No Signal" indication. Done right, it would take a handful of milliwatts to get the job done...and the same wall that attenuates incoming signals also attenuates the level of the jamming signal seen outside the building, so neighboring buildings wouldn't be affected at all.
In the school situation you brought up in your question, the school would deploy a number of very-low-power tuned-band white-noise generators in the building so that the jamming effect would not be noticed from the parking lot or the playground, let alone at the neighbor's house or the road in front of the school.
You gotta understand how publishing works
on
Review: Showtime
·
· Score: 4, Interesting
Funny how all these people that hate Katz so much still keep coming back to his columns anyway. A true nerd loves a flame war, I guess.
Columnists. You see them everywhere, and the quality of the writing goes from absolutely fabulous to completely clueless. Some of the columnists writing today (with upgrades in IQ) could well have been the source of the idea for the lead character in the movie Legally Blonde. (I lump movie and restaurant reviewers in with columnists, because most of them are written in the first person and therefore qualify as columns.)
Frankly, a columnist is doing his/her job when there is a lot of reaction by the readership to what they write. It can be right or wrong, insightful or flamebait, intelligent or dumb as dishwater -- as long as the readers react, the editor feels the columnist earns the pay.
And YOU help make Katz successful in the eyes of the OSDN bosses.
Tough and stupid as it may sound, we need columnists. Clueful people [you may disagree] like Katz and Dvorak and Cringley. (And Noonan and Buckley and Safire.) Clueless people like the ones gracing the magazine pages of many national and international IT publications and big-name IT-oriented Web sites. (And non-IT sources, too.)
Their purpose is to make you, the reader, THINK, and more importantly to express your thoughts out where others can hear. This is the basic exercise of Speech. Further, the cure (in other countries, not just the United States) for bad speech, insipid speech, just-plain-wrong-facts speech is... more speech. Speech from the clueful. Speech from people who are rarely heard.
One way to get you, the reader, to do that is to goad you into telling people like Katz what a knothead they are.
(I don't work for OSDN or SlashDot in any way. Opinion not necessarily that of the owner of this website, its editors, or its moderators. Or Katz, for that matter.)
Several people have commented already that email is "easy to forge." It is if you only have one side of the conversation. Easily fixed. We already know from literally hundreds of cases that e-mail is discoverable in a lawsuit. So as Plaintiff I would demand "all electronic mail purporting to be to or from account@domain.name on any computer owned by Defeadant", take all my messages to and from the Defendant and get it on CD-ROM, and when I have both CD-ROMs together start matching my e-mail list with his e-mail list. Because you can demonstrate that there was indeed a conversation, you can then verify the authenticity of the e-mail exchange.
For mail stored electronically, there is a wealth of verifying information contained in the headers to a mail message. You have the path the mail took through the Internet, so that it's tracable to the first Internet-connected Mail Transfer Agent, and sometimes even to the originating computer if the MTAs do their job of adding Received: header lines properly. Depending on the level of logging at the various MTAs, you may well be able to obtain third-party verification of the transfers, the length of the letters, and the purported From: and To: headers. Successfully forging every little piece of information is possible, but it's hard to also jerrymander the server logs and the electronic copies on the other side. Very persusasive in an argument of authenticity.
Think why there has traditionally been signatures on documents. The point was to ensure the identities of the parties, that the parties had the intent to enter into contract, and that the parties were aware of the contract. The signature provides all three points.
Now, with the e-mail exchange, do we have a contract? That would depend. In order to have a contract, you need: an offer; an unqualified acceptance; specificity as to subject matter; and, consideration. That's one thing the judge will have to decide.
Now, how many people save all their electronic mail at home? I know that more than 3/4 of my non-spam mail ends up in the electronic trash can, which is religiously emptied multiple times a day. That said, *any* incoming business traffic gets filed in a mailbox folder specific to the client. All outgoing traffic is saved automatically by my mail client in the "Out box", timestamped with the time the MUA sends the mail to my MTA. In turn, the backup system takes the mail and saves it to a file server, and eventually makes it to a back-up CD.
Now for the fly in the ointment: was there the required intent to contract on the part of both parties? This is where part of the argument may well lie. Did the seller in question, in the reasonable belief that the ONLY valid contract was one one paper signed by both parties, intend during the e-mail exchange to enter into contract by virtue of the e-mail? I believe the seller could argue that the e-mail discussions were preliminary negotiations, and not the contract itself, based on his belief that until he puts pen to paper there is no contract. The argument isn't perfect, but with the right support it should win.
Ah, but dung heaps rarely attract only a single fly. The Plaintiff Buyer may well have a complaint against Defendant seller because, according to the article, the two parties did agree to terms and had MADE A SPECIFIC PROMISE to each other to execute a real estate contract. Now we go to the intent of Plaintiff and what Plaintiff did because of the promise. Things get sticky, because if Plaintiff did something (like sell his/her existing house in anticipation of being able to move into Defendant's house) then there is a problem.
A lot of the judge's decision is going to turn on MASS law, both statute and case law, and I'm a long way from that state. I'll let people who know the law in the neighborhood discuss these points further.
In any event, this case will test some legal precepts about electronic mail and how to verify its authenticity. Well worth studying.
Over my 30-year professional career, I have been a guest instructor at a couple of universities and community colleges. Each venue lasted less than a year, because in every single case the school would pass a rule while I was in the middle of a course requiring all instructors be degreed.
Like another famous person in the computing industry, I am a high school graduate with some college. No degree.
My reason for not having a degree is long and boring, so I won't go into it. That didn't stop me from working in what is now called IT at universities -- they weren't so picky about having sheepskins when skill was necessary to actually get the job done. That included the ARPAnet; indeed, the Center for Advanced Computation welcomed my work with open arms (and paybook).
The academic myopia hasn't stopped me from teaching, though. I did my "teaching" in the pages of magazines like InfoWorld, Byte, ComputerWorld, Computer Shopper, Federal Computer Week, and others. I did my teaching on CompuServe on IBMNET and other forums. I did my teaching on BIX as conference moderator in telecom and, for a while, as an Exchange Editor. And I tutor today on Internet principles for more money than I ever recieved as a guest instructor.
I'm a tech guy who teaches, not a teacher trying to teach tech. (Say that three times fast.)
From BusinessWeek Online: MARCH 18, 2002
See today's date...
I wonder who's at fault.
No one. Most weekly magazines use the principle that the "issue date" is the last day that the magazine should be sold on newsstands, not the date that the magazine was first published.
Steven Levy's book Hackers shows that the attitudes Bill Gates and his friends were set a long, long time ago. They never likes the idea of "giving" away any software, none at all. Their mantra was "if you use it, you should pay ME for it." All that time has done is increase their size as a business (most likely by insisting on "don't applaud, throw money instead") and being the driving force behind organizations like the Business Software Alliance (BSA).
As is their right in our society.
You, of course, have the right of choice -- choice that lets you choose to use software vended by someone other than Microsoft.
The anti-trust trial was about Microsoft trying to eliminate sources of software other than itself, in the areas which Microsoft chose to "compete," and the US Department of Justice taking exception to that elimination of competition and choice. We had a charge, an answer, discovery, a trial, a verdict, and an appeal...and at the end of the day we have a company that has been declared guilty (in a Court of Equity) of anti-competitive actions.
Bill continues to show that his grade of "F" in sandbox remains a fair and valid one by refusing to understand why his actions are in violation of statute, and why his actions are harming society.
And who here would be the wiser if you were in his place?
If you want to know something about the person who owns a domain, go to their site and find a way to contact them and ask.
Really? Try to contact me, the administrator for satch-test DOT com, modem-museum DOT org, or even jimgalloway DOT com without resorting to the WHOIS database. Or the Slashdot User Information for this ID.:)
Congratulations. Not every name has a "site" associated with it, contrary to your unwarranted assumption. I hold several domain names to which a web site (1) has not been created because I haven't had the time, (2) will never have a web site because it's used only for electronic mail and other, non-Web, Internet applications, (3) used to have a web site but now is gone, and (4) is intended for secure HTTP traffic with draconian access controls so even if you did figure out how to gain initial access you wuould have to be a cracker to get past the authenticaion that protects the content from the eyes of just anyone.
The information in the contact information portion of the WHOIS record for those domain names is real, and the spam traffic level is low...for now.
Please remember there is more to the Internet than just the World Wide Web and P2P file sharing.
If the government decided that the group responsible for the product (who is responsible is, of course, another issue entirely) must pay damages
caused by security flaws, these licenses aren't worth the bandwidth they're downloaded on. I think that was one of the implications of the
arcicle.
In order to understand the true implications of your statement in relation to liability in the United States, we need to look at just what is behind the strict liability doctrine behind product liability law. No, I'm not a lawyer, I've just been studying this stuff recently. (Take with appropriate amounts of salt. Not applicable to law outside the USA.)
The reason that manufacturers of goods are held to strict liability with their products is that they are receiving money for their product. In turn for receiving money, the seller assumes certain warrants about the product: freedom from harm of the buyer that uses the product reasonably, that the product is made to a reasonable standard, and that the product will indeed work for the purpose for which it is sold.
What makes things tough for software is that almost all of the warrants are disclaimed in EULAs, a practice that consumer advocates find untenable. Because ALL software vendors do it, there may well be anti-trust action in the future to do away with the disclaimer of warranty...assuming Congress doesn't get there first by making the implied warranties I've described enforcable by statute regardless of contract.
What separates "software products" covered by the GPL from ones covered by a commercial transaction is that there is no monetary consideration for the product.
Let's also not forget that "commercial transaction" can include shareware, because there IS an exchange of monetary consideration for the product, but not at the time the person gets the product to try out. The sale happens when the person sends in his $5 or $15 or whatever.
Now, where does Red Hat, Debian, and other "sellers" of Linux come in? They don't sell the software, they sell the packaging of otherwise freely available software, GNU/Linux and a collection of GNU utilities, along with other utilities, and all of what they provide are freely available elsewhere. (This may not be true of Red Hat specific software, although the availability of the ISO images without payment to Red Hat would strongly argue against that view.)
My thesis is that any change in product liability law would indeed apply only to commercial software, because product liability law today requires the commercial transaction as defined by the Universal Commercial Code (UCC).
(See a licensed attorney to learn how the law applies to your specific situation.)
I've seen a huge amount of discussion over the past few years about doing things to computer cases to deaden sound. Now, one person in this discussion started thinking outside the box, talking about his putting the computer into the next room and running cables through the wall -- effective to some extent, but absolute hell when you have to put a CD-ROM into the drive, don'tcha think...
What I've been looking to do is build a proper sound-controlled cabinet for my computers. It would be an enclosed cabinet with doors, fans (ducted at inflow and outflow ports with sound-proofing material) to ensure enough air flow to keep internal temps down, built-in power distribution, built-in Ethernet (I have a 24-port 100-base T hub), and sound-sealed cable ports for the KVM switch and external connections.
Some design points:
The cabinet needs to be deep enough so that the system units will have adequate front and rear clearance for airflow. Experiments with standard cases tells me that you need at least four inches rear clearance and six inches front clearance. The extra clearance in the front is dictated by CD-ROM and DVD-ROM drives, so that the door of your cabinet doesn't interfere with the CD/DVD-ROM tray. Given that the deepest cases are about 20 inches, that means you need an inside depth of 20 + 4 + 6 = 30 inches. Plan on 36 inches of depth for the outside dimension
Your primary sound barrier will be dense material, such as plywood. If you can get birch plywood, this will give you better sound control because of the increased density of the wood. It's tempting to go very thick, but 5/8 inch should be plenty good. Consider using 1x6 for the framing, and be sure the plywood is braced at least every 18 inches with framing.
Most acoustic treatments will require about two inches of depth in order to be effective across the "band of annoyance" (200 Hz to 4 kHz). Thick-pile carpeting (make sure it's flame-retardant!) can be surprisingly effective, and cheap when purchased as end-rolls or remenants. Fiberglass batting and rock wool are also effective, although the stuff is tricky to work with safely. For the sides and the rear wall, standard acoustic tile or ceiling panels can be effective. For ducts, the goal is traverse absorption, so materials like acoustic tile may not be appropriate as they tend to best absorb sound hitting the tiles perpendicular to the surface.
Design the airflow so that air deflects around sound baffles; this prevents direct ray-path propagation of unwanted noise. For example, an air intake can be done by using a front floor-level opening, a baffle panel of burlap-covered 1/4-inch plywood, and a 5/8-inch plywood shelf for the computers that stops six inches from the front of your cabinet. This design directs the airflow to the front of the computers, which from most cases seems to be the most desirable. A similar baffle system at the top of the cabinet can serve to exhaust air, again using baffle panels to break up any direct ray paths.
Any air-motion equipment should be suitably baffled as well. Large low-RPM fans work better than small high-RPM fans.
Finally, cable ports need to be sealed acoustically. Consider rubber gasket material, or the "tube foam" you can find at some fabric shops.
For my prototype, I'm using a rack cabinet I got at an auction last year. The metal skins (including the top one) is replaced by 5/8-inch plywood, faced on the inside with long-nap carpeting. The air intake at the bottom of the cabinet uses exactly the baffling technique I described above, using burlap soaked in fire retardant. Air exhaust is still a problem. Cables go through two slots in the back of the cabinet. The "door" is currently a removable panel of carpet-faced plywood, but I have designed a quad-door arrangement - this lets me get access to the CD-ROM drives without opening the entire front, yet provides for service access easily.
Temperature monitoring is a bit of a problem right now, a problem I hope to solved via eBay.
When I have more, I'll put it on my Web site and let you all know about it.
(One thing: I'm a bachelor, so I don't have a wife to worry about. Your mileage may indeed vary.)
So much for respecting the public interest. This process seeks to sweep the whole thing under the rug before the press can even read the
comments....
You missed the point of the entire exercise, then. The whole purpose of the public comment period was to permit anyone and everyone who had an opinion as to the substance of the Revised Proposed Final Judgment to express their opinion and justify it by quoting the RPFJ, the various court documents, and for the legally enabled from other authorities. It's spelled out in the Tunney Act...read it.
Based on the summary report, the public has indeed spoken. I know I sent in a 24-page opinion and analysis, both in electronic form and via paper using Federal Express. I know my voice has been heard.
Given the volume of comments, I would not have been surprised at a DoJ request to extend the response period, nor would have I have been surprised at the judge's approval. The surprise was that DoJ said they could do the job in the time required by statute.
You missed a fact: the DoJ has to evalute, summarize, and respond to the comments -- more than just doing a Reader's Digest or worse and then putting the whole thing before the judge.
As for "the press reading the comments" many of the comments had been made public by the authors. This Slashdot article has pointers to news articles written based on those author-publicized comments, so the cat's already out of the bag. If you want to read my comment, just ask -- I'll mail it to you as a PDF.
The District Judge has made it clear she won't brook any more delay in getting this thing finished. I agree. Time to get it over with and behind us, IMHO.
The chance of someone "mistyping a URL" and accidentally triggering the Unicode exploit are laughably small. What are the chances
of someone "mistyping a URL" and doing the following?
http://www.someserver.com/scripts/..%25%35%63../wi nnt/system32/cmd.exe?/c+dir
Social engineering. If I was a real prick of a Webmaster, I could include a link in my web page that would "mis-type" the URL for you when all you wanted was to see the item "advertised" by the link, an intimate and revealing picture of Brittney Spears. It's even worse with HTML-capable electronic mail -- when was the last time you really looked at the URL behind the juicy link in front of you? Now imagine a clueless newbie presented with the same message. What happens is left as an exercise to the reader.
As for going to jail, you might want to look into the history of BBS sysops who have been "investigated" for wrong-doing. Suitable links are elsewhere in the discussion.
Slashdot Mirror
Do you have any clue why companies have gone to electronic lock systems? Let's see:
The complex mechanical device associated with the Key is called a Lock, and the design of most locks enable it to be defeated by turning a handy control which puts it in a failure-null state; even without the control, the Lock can be defeated with Duct Tape or other readily-available blocking device.
Of course, there is a defeat for the Door as well: the Door Stop. How many times have I approached a secure area only to find that some lazy person has employed a Door Stop to completely defeat the security provided by the Door?
My understanding is that in most companies less than 4000 employees worldwide there isn't really any physical security, except perhaps a "Facilities Manager" and a load of useless "Security Guards".
Perhaps you don't know your audience. Have you any clue how many SlashDot readers are "useless 'Security Guards'"? How many of us wear down shoe leather for pay that is lower then that earned by a burger flipper? Even the gun-toting ones typically earn $13-15/hour.
Perhaps you are one of the people that make those "useless" security guards necessary. For example, how many times have you consumed alcohol to excess and bothered the other customers excessively? Have you extended the concept of piracy to include shop-lifting? How about your place of employment: ever though that a piece of office equipment would look better in your house than at your workplace?
Just to give you an example, the US Bankruptcy Court trustee determined that $15K/month for 24/7 guards on a property for asset protection during the process was money well-spent...and the Judge agrees. Of course, those "useless" security guards are protecting roughtly $1.5 million in highly-resellable assets, plus another $1.8 million in structure cost, from theft, destruction, or vandelism.
Did you know that in many states the protection jobs -- private investigator, polygraph operator, security guard, and security consultant -- are licensed and regulated? Check your state laws; in Nevada it's NRS 648. Who knows, you might be breaking the law and don't know it.
And honestly, if you don't have your work done by the time you catch the plane to your distant meeting, the chances of you being ready are slim-to-none anyway.
When I was "commuting" from Newark to SFO while working for InfoWorld, I would complete a column while in the air. (Toshiba T1100+ could run eight hours on a single charge -- amazing what a non-backlight display and no hard disk could buy you.) Climb on a plane with my research in hand (some printed, some electronic), get into Borland Sidekick, and have at it. At SFO, my editor would meet me at the gate, do a quick once-over while my bag was making it to the luggage carosel, then off to the office to uplink. Worked like a charm.
When I was involved with the Telecommunications Industries Association technical subcommittee TR-30.3, the morning before the meeting was, er, interesting, as the committee members would organize an early-morning "Kinko's Party" so that everyone could get their contributions, honed and polished on the plane, printed and copied. A lot of V.34, for example, was done on airplanes.
So, like most generalizations, yours isn't worth a damn. (With apologies to Oliver Wendell Holmes, and also to Mark Twain.)
Silicon Valley is a subset of the Bay Area; basically a small strip that surrounds a lot of water (the Bay).
When I was working in Silicon Valley, I found the working conditions to be very dry indeed, and the lab I worked in needed static control to minimize damage from ESD.
The air outside may have had a lot of humidity, but the air-conditioned inside air was very, very dry because the place refused to put in humidification equipment to compensate for the dehumidification effect of the A/C. Something about needing to service it too often because of salt buildup, as I recall, and at worst the "problem" caused by airborne particulates. It doesn't have to be the SF Bay area to be true; you can be in Louisiana or Florida and still have ESD problems in your factories and labs and offices.
It is Mojave when you look at humidity levels. Or worse.
On the other hand I thought CG actor Yoda in SWII felt more alive than several of the other actors.
But, but, but... you don't compare the CGI Yoda to the hand-operated muppet Yoda. Not having seen the latest Star Wars "epic" I have no basis to have an opinion (trailers are not enough, but my first impression is not a good one) so it would be nice if you would be more descriptive in your review of the process.
I slink back to my hole now...
I've been vexed that the sound card plus CD-ROM drive combination always shows signal at around -50 dBVU in CoolEdit. So, just for grins, I decided to capture a few seconds of the noise and analyze the properties. I was astonished to see that the resulting signal is a white-noise pattern with a slight emphasis at the high end (when sampled at 44 kilosamples per second). In short, it looks like diode noise with a 4 kilohertz square wave thrown in.
That suggests to me that this would make a fair source of random samples, especially after you slot out the interfering signal.
How many computers don't have cheap sound cards and CD-ROM drives?
Apache needs real per connection, per user, and per IP rate limiting. mod_throttle and everything else I've seen has to starve connections after they perform too well. How about something that hard limits connections to 2mbps/sec. I will pay for anything that can do that for Apache today...
Then head for eBay, because a moderate-cost solution to your particular problem (limiting all web traffic to 2 megabits/s) is available for two bids and some cable work: buy two Ascend Pipeline 130s and run them back-to-back with a T1 cross-over cable. Another advantage of this solution is that your web server can be located near the webmaster, up to 5000 feet (without repeaters) from your network access point. Indeed, if you partition all of your services (mail, news, web server, ftp server) then no one service can completely swamp your connection.
Don't like using T1 routers? Then get a moderately powerful Intel computer, install enough Ethernet interfaces to satisfy your needs, load up a modern Linux distribution with 2.4.18 kernal and IPTABLES, and set up rules that will traffic-limit to the interface to which you connect your Web server. If you are like a lot of people who run multiple servers on the same box, the rules can "customize" the throttling by service. Not only that, but you can throttle by direction as well: incoming HTTP could be limited to 30 kilobits/s while outbound HTTP could be limited to 3 megabits/s -- that takes care of some of the problems with DoS attempts on HTTP. The same can be done for other services, such as FTP, mail, and IRC. The amount of control that IPTABLES provides is, well, interesting.
(Yes, I know that the *BSD people have something similar, but I know the IPTABLES stuff better and have seen it work.)
C'mon, people, this isn't all that hard to do if you think and are willing to put a little money where your wishes are.
We believe that in order for the SecurityFocus/Bugtraq community to be effective, it must be an independent entity. We believe that its current disclosure policy is appropriate for the venue. Symantec will continue to operate with its separate disclosure policy.
Pretty words, Mr. Levy and Mr. Ahmad. Now where is the proof?
Those of us who are working journalists remember the transition of ABC News under Roone Arlege from Cronkite-esque "news" to "entertainment" -- and know that "independence" is a very fragile concept, one that can be crushed very quickly and with little fanfare at any level including the board room. All it takes is one vote of no-confidence on the part of the management to completely change the editorial head, and thus the independence of SecurityFocus. You most likely mean well -- can the same be said of your bosses? Can you point to one Symantec acquition that proved that editorial independence has been achieved in the long run?
I was an expert witness at a multi-million dollar trial because a well-respected computer magazine's editorial staff prostituted themselves to shore up a bad space-sales management decision. It only takes one episode to sully the good name of a publication. (The name of the publication is withheld from public statement to protect the guilty and to keep me out of civil court for defamation.)
I'm happy you were able to get a pile of money, but don't think that SecurityFocus will be viewed the same way. Now, if you had made the sale to an outfit like O'Reilly, the SecurityFocus name would have retained its luster and elan in the industry.
All good things must come to an end. Thanks for all the fish.
These are the comments of Stephen Satchell, Satchell Evaluations, Incline Village, Nevada. Mr. Satchell is a long-time writer of technical articles for computer magazines, and also for the past 25 years records and sells audiorecordings. This comment attempts to provide his answers to the four questions put forward by the workshop committee.
BACKGROUND COMMENTS
The notion of gratuitous intellectual property theft by technical means has a long history in the United States, and this history has been one of copyright owners grossly overstating the effects of technological advancements. Let's look at the high points:
a) The development of high-fidelity tape recording equipment at prices affordable by individuals led to the belief that people would stop buying audiorecordings in the retail channel. Instead, so went the belief, people would tape the music they liked from public performance over the many radio stations in the United States. This belief was so strong that the recording industry assumed that consumers were guilty until proven innocent, which led to the imposition of the "recording tax" on blank recording tape. When the cassette tape was developed, a tax was placed on this media as well. This tax model continues to this day, with governments around the world placing a tax on all recording media that can be used for music, including CD-ROM media. As a professional recording engineer, I paid that tax without ever receiving any of that tax that was supposed to compensate me for any illegal duplication of my copyrighted works.
b) The invention of xerographic copying, which permitted the creation of high-quality copies on plain paper, generated fear that publishing was going to go under. The book industry, in particular, became worried that widespread use of xerographic copying would destroy their industry. Before xerographic copying, photocopying and thermal copying were the principal methods of making copies without re-keyboarding. The cost of the former and the poor quality of the latter kept either of them to be a perceived threat. With the development of plain-paper copying, the book publishers feared that there would be widespread copying of books and other written materials, with a reduction of revenues and disruption of the royalty system. I have never seen credible evidence that any such revenue impact or royalty impact ever occurred. As an author of a book, I find that the lack of royalties paid to me have far less to do with illegal copying and more to do with "creative" accounting.
c) The development of video tape recorders and media inexpensive enough and simple enough to be used in the home cause the movie industry the same panic that the audiotape development did to the record industry. The problem as perceived by copyright owners here went beyond illegal copying: the television broadcast industry was very concerned about "time shifting" and the impact on competition between TV networks and stations within a market area. No longer could TV executives schedules the presentation of shows to weaken the performance of a competitor's show -- people would watch one and tape the other, viewing the second show at a later time.
d) The development and deployment of DVD video took the movie industry's fear of rampant copying to another level. The claim is that with analog video you are limited by the number of generations of copies you can make before the copy becomes unacceptable to the potential consumer. With DVD, however, you can make any number of copies without any degradation in the quality of the copies. There is a parallel fear with DVD-audio within the record industry. (Note that none of the technical solutions offered to date for "protecting" DVD and DVD-audio address bit-copying of disks by content-ignorant hardware.)
e) The evolution of the personal computer and the Internet gave birth to peer-to-peer sharing networks, in which a small but sizable number of consumers placed copyrighted works "in play" so that people could obtain exactly what they need. This is a packaging issue: if you like one cut of a CD, the sharing network let you ignore the other 20 tracks you didn't like. The problem here is that the sharing completely bypassed all existing mechanisms for compensating the artist(s) as well as the production companies. This factor appears to be the root cause for this workshop to be held.
f) The expressed desire for recording companies, movie companies, and even book publishers to move away from the first-sale doctrine, and instead enforce a pay-per-play model on consumers. In this environment change, you would be required to pay for each viewing, hearing, or reading of copyrighted material. Proposals range from imposing time limits on access to actually charging per play/view/reading. This effectively tries to place the same kind of turnstile on material in the home or private automobile that currently exists for material performed in theatres and concert halls.
g) The Founding Fathers of the United States made it clear that the Constitutional grant of limited monopoly was to benefit the generator of intellectual property. The current business models do not reflect that intent, nor do they reflect the further intent that the monopoly is to be a LIMITED one.
With this background in place, let me comment on the four questions.
1) The effectiveness of efforts to pursue technical standards or solutions that are designed to provide a more predictable and secure environment for digital transmission of copyrighted material:
Both government and private-sector organizations have shown that the current technology can provide very effective technical solutions designed to provide a secure environment for digital transmission of material. Some of the solutions are even made available without a requirement for payment of royalties; see in particular the availability of OPENSSH as a protection vehicle for secure transmission of data over the Internet.
The problems I see in the efforts to date are these: expectations of protection, competence of the people who develop the "solutions", a failure for the protections currently in place to protect the root source of the copyrighted property, the authors, composers, screenwriters, performers, and others involved in the creative aspects of the copyrighted works, and a failure to acknowledge the time limits of copyright.
The DVD Content Scramble System (DVD CSS) was broken because the system used a flawed cryptographic scheme for protection. Interestingly, the failure of a vendor to properly encode keys affected not the ability to "crack" the system, but the amount of time required to do so. As more details about the scheme were published, the more the CSS system was shown to be flawed, both as a "protection" scheme and as a digital rights management scheme. Indeed, the CSS scheme did nothing to protect a DVD from being copied by a bit-by-bit copying of the disk. The CSS scheme did get in the way of any Fair Use of the copyrighted material, although with existing equipment in 2001 it's possible to extract an analog equivalent of the material so that Fair Use isn't severely impacted.
Nothing in the Content Scramble System or any other DRM system protects the original creator of the material, only the publisher. When the publisher goes out of business, what happens? When the publisher violates a copyright assignment agreement with a creator, how does DRM protect the creator?
Finally, the solutions proposed to date appear to be an attempt to circumvent the expressed intent of the Constitution that copyright is a LIMITED right, subject to term limitations. The DVD CSS scheme, for example, has no provisions for getting out of the way when the copyright term period has expired.
Any solution needs to be accessible to ALL creators and publishers of copyrighted material, with equal facility. This requirement has not been addressed to the best of my knowledge and belief. Also, independents such as myself have not been "invited to the table" to participate in DRM standard/solution creation.
2) Major obstacles facing an open commercial exchange of digital content
From my viewpoint, the biggest obstacle facing the commercial exchange of digital content is the lack of a means of exchanging electronic value for electronic content with high security and low transaction cost. There have been a number of efforts to deal with the so-called "micro-payments" question, but none of them have been successful at reducing the cost of transaction sufficiently to make low-cost (nickel-and-dime) transactions feasible, while maintaining acceptable security.
Another related obstacle is the unnecessary complexity surrounding compensation of the content creators. The existing business model calls for the publisher to make infrequent royalty payments on purchases of copyrighted content based on some publisher-imposed formula. A better business model would be for the consumer to pay the publisher and the content creator separately, With a low-transaction-cost payment system, any number of creators could be paid from the retail sale of the copyrighted work. Instant payment would eliminate the need for advances, and the fancy accounting that surrounds them. Marketing expenses could then be shared between publisher and content creator in the open, with all parties sharing the risks and enjoying the spoils.
In the music business, the reason that an album has a collection of songs is that it's about as expensive to produce a single (actually a "dual" in the old 45-RPM record days) as it is to produce a larger album with 10-20 songs on it. This continues to hold true with CD releases. The result is that many second-tier content providers produce one or two good songs and a bunch of mediocre ones for a given album. In the peer-to-peer sharing systems, consumers would "rip" the one or two good songs and make them available, leaving the remaining songs to languish (to my ear, in all too many cases justifiably so) in the limbo of non-play. In electronic distribution, there is absolutely no reason to continue this practice -- a content provider can publish a song when it's good (perhaps after test-marketing in concerts) and not make people buy the filler junk. Again, this is a business model issue.
Finally, in another business model issue, publishers charge more money than necessary for electronic delivery, at worst to wring every dollar of profit possible and at best to "protect" the retail outlets and their forty-percent mark-ups. Those mark-ups are necessary for the store to be able to pay the expenses of running a brick-and-mortar establishment, as well as carry inventory. If you have 1,000 record stores across the United States, you could have $800,000 per month in rent alone due. The comparable rent for an e-delivery service is around $16,000 per month -- yet the retail price of the e-distributed music doesn't reflect this difference. Such behavior encourages piracy because of the disgust it creates within certain members of the buying public, and to "redress the wrong" the consumer engages in a form of civil disobedience by making the content available to others, thinking rightly or wrongly that s/he has paid for the privilege.
3) What a future framework for success might entail
Responsibility. Responsibility both on the part of the consumer and on the part of the publisher. People won't steal if they feel they are getting value for their dollar or peso. Right now, the general feeling is that the value isn't there, that the executives are demanding guarantees that they aren't willing to offer their partners in content.
Recognition that 99 percent of the customers should not have to pay for the dishonesty of the one percent who will steal content no matter what. Recognition that no scheme will be perfect. Banks have resigned themselves to a certain level of loss in their credit card operations; entertainment publishing companies will have to live with the same realization.
Show that the content providers get paid for their efforts. How much of my fifteen dollars did the Doobie Brothers get when I purchased their CD? From the information I have at hand, I have to say zero dollars. The thinking then goes like this: "So if the record companies steal from the performers, then why shouldn't I steal from the record companies? Tit for tat." The entertainment press continuously tells us about how movie actors don't get paid unless they are big enough and nasty enough to demand a percentage of the gross revenues; the actors do the work and get none of the gravy?
Universality. Any system should be equally available to Fortune 50 and the garage publisher. The current dichotomy, especially as exhibited by my inability to receive anything from the "media tax" as a content creator in the audio world, is galling to anyone who keeps up with this sort of stuff.
4) Current consumer attitude towards online entertainment
I believe the attitude towards online entertainment have been shaped by the issues I bring up in my answers above: the entertainment industry is trying to gouge the consumer. When market forces don't work, the moguls run to Washington DC and demand marginally-enforceable laws be passed that assume that every consumer is guilty until proven innocent. A buggy-whip in every automobile?
The recent implosion of Web sites on the Internet has driven home the idea to Web-heads that "TANSTAAFL: There ain't no such thing as a free lunch." The surfers now realize that the content they see has to be paid for in some way. Unfortunately, that venue is hurt by the lack of a low-transaction-cost system of small payments. Once we have a way to make millicent payments, much of the problem of funding content disappears and people will expect to pay something...but not pay excessively.
If I purchase a concert ticket for $35 for a three-hour show, I expect to see and hear 120 minutes of music. That works out to roughly $0.30 per minute of song, or just under $1.00 per song. That includes visuals, a roof, seats (maybe), and the ability to hear fluffs by the performers. (Not to mention the chance for autographs after the show, if I'm so inclined.) When I purchase a CD for $15, I get 20 songs, or roughly $0.18 per song, of which $0.08 goes to the retail outlet, so the money to the recording company is $0.10 per song. Over the Internet, I'm paying for roughly half of the delivery system, so if I charge this delivery cost back to the publisher it reduces the retail price per song to around $0.07.
Anyone selling songs for that price over the Internet? How can you possibly? Every single transaction system on the planet would charge more than that just to carry the charge, and a check through the mail costs $0.37 for postage, about $0.15 for the envelope, and $0.25 to clear the check through the Federal Reserve System.
And what is the royalty, per song, to the content creators? I thought so.
Signed,
Stephen Satchell
Look here at an IBM server that runs Linux, is supported by IBM, and is a solution that is ready out of the box. Don't like 1U servers? There are other options. Then take a look at the Education page for information on how your institution can use its status to get what it needs.
Prices are higher, but you are buying the support your boss wants.
(I don't work for IBM in any way. One of my clients just moved to IBM solutions and I've been impressed with the service they received on it. Of course, the ISP is running Windows NT...)
The people who do use Embed (and I have) are the ones who really need it for their work, in my case it's creating electronic documents (PDF or Corel Envoy) to send off to whomever needs this or that report within the organisation.
(Cavaets: I used to work for Goss and Varityper, and am well informed about the history of electronic-font theft by printing houses and the older copyright law surrounding fonts. I do not claim to be up-to-date on all aspects of modern font copyright. IANAL -- I Am Not A Lawyer.)
Case law following the 1972 copyright changes made it clear that the actual letter shapes are not subject to copyright, and a cursory look at the various amendments to the Copyright Acts since 1992 indicate there has been no statuary change in this area. What is protected by copyright is the digital description of a font -- the electronic file. The contents of such files go beyond the description of how to draw the character; it also includes information concerning the placement of characters in relation to other characters, sizing information, and "hints" as to how to modify the rendering as you change size, among other things.
What a lot of people tend to forget is that the name of a font is protected by trademark law. That's why Apple used place-names for a number of its in-house-developed fonts, and why "Helvetica", "Swiss", "Ariel", and "Megaron" appears to be synonyms for essentially the same typeface. They are. The difference between the fonts they name is the source of the font.
So, by using "Helvetica" in your document, a trademark, you are acknowledging the source of the font. Helvetica is a registered trademark of Linotype-Hell AG and/or its subsidiaries. Adobe, for example, licenses the face from Linotype-Hell, and is most likely required by that license to limit distribution of the outline files to people who have paid for a license to use.
Unfortunately, the embedding of the outline information in a PDF does not meet the tests for fair use. Others have listed the requirements in this discussion; I leave it to you, Dear Reader, to apply the tests and see how they fail.
The DMCA implications of "embed" is, frankly, just icing on the cake. At the base of the problem is copyright infringement, and the unjust enrichment that comes from the infringement. One person made it clear that he "needs" to embed fonts to ensure that the correct outline, kerning, and master-modification information is used when reading the document, or the result is a "mis-proportioned document" that looks ugly. The person derives a financial benefit from embedding fonts, and this can be viewed in court as "enrichment." By exceeding the boundaries imposed by the font license, s/he is profiting from the copyrighted work of another. The fact that the infringement is internal to an organization is of little weight, as the company may be the one considered guilty of the infringement, not the individual, if the copyright holder can show that the infringer is working within the scope of his/her employment.
The argument that there is no copyright infringement when the document is printed on paper, and therefore there can be no infringement because PDF is "like paper," isn't going to hold up in court. The problem is that the letterform itself is not subject to copyright, and the version of the type on paper is the letterform. Contrast this to the version of the letterform in the electronic PDF document is in its original copyrighted form. If the PDF document were to be in the form of a compressed pixel map, like a fax, then there would be no infringement because the copyrighted work would not be embedded in the electronic document. Unfortunately, such a pixel map, even heavily compressed, would be considerably larger than the desired PDF form, and the resolution of the resulting document would be fixed at the one used to render the page.
This suggests one way to avoid infringement: render the document as an image. It meets most of the original requirements, although the resulting file will be bloated. Because the outline file is not distributed in any way, there is no copying, therefore no copyright infringement. For purely inside distribution over a fast LAN, the bloat issue isn't as much of a problem. Mail servers may need to be upgraded to deal with the larger file sizes, but with the cost of mass storage plummeting the delta shouldn't be painful at all. It's definitely cheaper than lawyers and lawsuits and damages.
The more direct path to avoid infringement is for that person needs to enter into a license with the original holder of the copyright for each typeface s/he uses to specifically permit embedding those fonts s/he uses into PDFs. There may be a license fee per font to do so -- this is a good thing, to reduce file bloat from too many font outline files, not to mention the cleaner documents that will result from reducing font clutter. If there is a distinct business necessity to use specific, copyrighted type faces, the cost of entering into a license agreement should be tolerable. After all, type foundries are in business to sell type, not to bleed customers dry. For that reason, shop around. Every type house/foundry has their versions of a Times newspaper face, a san-serif block face [Helvetica/Swiss/Megaron/&c], a mono-spaced typewriter face, and useful display faces, and their licensing requirements may be more in line with your needs than what Linotype offers. That's competition.
Don't like paying cash for the right to use a letterform? The shapes of the letterforms are not subject to copyright. There is nothing I'm aware of that says you can't print a font, letter by letter, scan the printed pages, and encode them into your own font outline file using any of the many font development packages available. Then you can embed to your heart's content. (Check with a competent intellectual property attorney before doing this.) Don't forget to use your own completely made-up name for the resulting font outline.
For those not willing to put in that kind of time, there is yet another alternative: investigate other type face sources. Donald Knuth has designed a number of faces, originally rendered in Metafont, which are available as Postscript type faces. They are quite pleasant to the eye, and are very readable. Another source of potential type faces is the X Consortium, although I would check the license regarding typeface use outside of the X environment. A Google search showed there are a number of people who have contributed type faces to the public domain, as well as providing faces in a shareware distribution format.
There's no excuse for copyright infringement.
I keep a daily-update mirror of the Red Hat updates for the "enigma" release, and as of yesterday (Thursday) the CD-ROM image for the updates is at 588,644,352 bytes. In other words, it's more than half of the original distribution. Further, upgrading all of the modules is a royal PITA unless you do a full install because of the hell of dependencies.
One reason I also tend to reformat and load a new version instead of update is that my IDS database is then rebuilt from scratch -- I know that my servers are not compromised at the re-install (of course I yank the Ethernet connections during the install) and I can re-establish a baseline. It takes longer, but I believe the extra effort is worth it.
Some people will complain about having to reconfigure everything. Some things, like my spam-blocking list, get carried over (I run PostFix). For some things like my Web server, I cut and paste from the old config to the new config the access control information; when I move to Apache 2.0 I will have to re-work this, but it'll be worth it.
And when 7.3 is released and the people on the bleeding edge have had time to spill some blood on it, I'll move up and start keeping a new mirror of updates...
What is your track record for keeping this sort of long-term committment, even in the face of change? Remember, the first casualty of a battle is the battle plan.
How can you say that you will be doing thus-and-so that far into the future? You stand a good chance of being side-tracked somewhere along the way, in which case telling your prospective employer that you will say "farewell, so long" at 15 months is not necessarily accurate.
Besides, you may learn that the job isn't what it was cracked up to be, and you leave long before the 15-month "promise". There are too many things unknown.
There is another possibility. You might not quit, but instead take an unpaid leave of absence... if you are good enough and valuable enough.
When I worked in a cube farm, I found myself working very odd hours. One of the main reasons I needed to do that was because I have a very bad habit:
I talk to myself.
Especially when debugging code.
This wasn't a problem in the minicomputer days, when each lab held four rather loud machines and there was enough space so my mutterings at machine 3 weren't audible at any of the other machines. When my desk became the lab, and the noise level was much, much lower, I used to get complaints about my dialog with myself. (I used to be ribbed about it, too. No, I won't elaborate.)
Now, what I have found is the floor-to-ceiling cubes are very nice for people like me -- cheaper than a "hard" office, and it contains the noise quite well. With the proper layout of openings, you don't even have to have doors.
I'll be interested to hear if the bean-counters don't squash you flat...
Ok, so what happens when you live in an apartment in the inner city and one of the neighboring businesses decided that they wish to use this technology to make their restaurant peaceful for the customers?
If we were dealing with high power or [comparatively] low frequencies, you would have a point. Frankly, the metal used in commercial buildings tends to block RF at the frequencies used by cell phones -- unless the building owners specifically take steps to make the signal available within his store.
Jammers don't need to be powerful to be effective. When the building's walls attenuate the signal 30-40 dB already, it doesn't take much radiation inside the cage to completely mask the signal from the cell site, and result in a "No Signal" indication. Done right, it would take a handful of milliwatts to get the job done...and the same wall that attenuates incoming signals also attenuates the level of the jamming signal seen outside the building, so neighboring buildings wouldn't be affected at all.In the school situation you brought up in your question, the school would deploy a number of very-low-power tuned-band white-noise generators in the building so that the jamming effect would not be noticed from the parking lot or the playground, let alone at the neighbor's house or the road in front of the school.
Funny how all these people that hate Katz so much still keep coming back to his columns anyway. A true nerd loves a flame war, I guess.
Columnists. You see them everywhere, and the quality of the writing goes from absolutely fabulous to completely clueless. Some of the columnists writing today (with upgrades in IQ) could well have been the source of the idea for the lead character in the movie Legally Blonde. (I lump movie and restaurant reviewers in with columnists, because most of them are written in the first person and therefore qualify as columns.)
Frankly, a columnist is doing his/her job when there is a lot of reaction by the readership to what they write. It can be right or wrong, insightful or flamebait, intelligent or dumb as dishwater -- as long as the readers react, the editor feels the columnist earns the pay.
And YOU help make Katz successful in the eyes of the OSDN bosses.
Tough and stupid as it may sound, we need columnists. Clueful people [you may disagree] like Katz and Dvorak and Cringley. (And Noonan and Buckley and Safire.) Clueless people like the ones gracing the magazine pages of many national and international IT publications and big-name IT-oriented Web sites. (And non-IT sources, too.)
Their purpose is to make you, the reader, THINK, and more importantly to express your thoughts out where others can hear. This is the basic exercise of Speech. Further, the cure (in other countries, not just the United States) for bad speech, insipid speech, just-plain-wrong-facts speech is... more speech. Speech from the clueful. Speech from people who are rarely heard.
One way to get you, the reader, to do that is to goad you into telling people like Katz what a knothead they are.
(I don't work for OSDN or SlashDot in any way. Opinion not necessarily that of the owner of this website, its editors, or its moderators. Or Katz, for that matter.)
IANAL -- I am not a lawyer.
Several people have commented already that email is "easy to forge." It is if you only have one side of the conversation. Easily fixed. We already know from literally hundreds of cases that e-mail is discoverable in a lawsuit. So as Plaintiff I would demand "all electronic mail purporting to be to or from account@domain.name on any computer owned by Defeadant", take all my messages to and from the Defendant and get it on CD-ROM, and when I have both CD-ROMs together start matching my e-mail list with his e-mail list. Because you can demonstrate that there was indeed a conversation, you can then verify the authenticity of the e-mail exchange.
For mail stored electronically, there is a wealth of verifying information contained in the headers to a mail message. You have the path the mail took through the Internet, so that it's tracable to the first Internet-connected Mail Transfer Agent, and sometimes even to the originating computer if the MTAs do their job of adding Received: header lines properly. Depending on the level of logging at the various MTAs, you may well be able to obtain third-party verification of the transfers, the length of the letters, and the purported From: and To: headers. Successfully forging every little piece of information is possible, but it's hard to also jerrymander the server logs and the electronic copies on the other side. Very persusasive in an argument of authenticity.
Think why there has traditionally been signatures on documents. The point was to ensure the identities of the parties, that the parties had the intent to enter into contract, and that the parties were aware of the contract. The signature provides all three points.
Now, with the e-mail exchange, do we have a contract? That would depend. In order to have a contract, you need: an offer; an unqualified acceptance; specificity as to subject matter; and, consideration. That's one thing the judge will have to decide.
Now, how many people save all their electronic mail at home? I know that more than 3/4 of my non-spam mail ends up in the electronic trash can, which is religiously emptied multiple times a day. That said, *any* incoming business traffic gets filed in a mailbox folder specific to the client. All outgoing traffic is saved automatically by my mail client in the "Out box", timestamped with the time the MUA sends the mail to my MTA. In turn, the backup system takes the mail and saves it to a file server, and eventually makes it to a back-up CD.
Now for the fly in the ointment: was there the required intent to contract on the part of both parties? This is where part of the argument may well lie. Did the seller in question, in the reasonable belief that the ONLY valid contract was one one paper signed by both parties, intend during the e-mail exchange to enter into contract by virtue of the e-mail? I believe the seller could argue that the e-mail discussions were preliminary negotiations, and not the contract itself, based on his belief that until he puts pen to paper there is no contract. The argument isn't perfect, but with the right support it should win.
Ah, but dung heaps rarely attract only a single fly. The Plaintiff Buyer may well have a complaint against Defendant seller because, according to the article, the two parties did agree to terms and had MADE A SPECIFIC PROMISE to each other to execute a real estate contract. Now we go to the intent of Plaintiff and what Plaintiff did because of the promise. Things get sticky, because if Plaintiff did something (like sell his/her existing house in anticipation of being able to move into Defendant's house) then there is a problem.
A lot of the judge's decision is going to turn on MASS law, both statute and case law, and I'm a long way from that state. I'll let people who know the law in the neighborhood discuss these points further.
In any event, this case will test some legal precepts about electronic mail and how to verify its authenticity. Well worth studying.
Over my 30-year professional career, I have been a guest instructor at a couple of universities and community colleges. Each venue lasted less than a year, because in every single case the school would pass a rule while I was in the middle of a course requiring all instructors be degreed.
Like another famous person in the computing industry, I am a high school graduate with some college. No degree.
My reason for not having a degree is long and boring, so I won't go into it. That didn't stop me from working in what is now called IT at universities -- they weren't so picky about having sheepskins when skill was necessary to actually get the job done. That included the ARPAnet; indeed, the Center for Advanced Computation welcomed my work with open arms (and paybook).
The academic myopia hasn't stopped me from teaching, though. I did my "teaching" in the pages of magazines like InfoWorld, Byte, ComputerWorld, Computer Shopper, Federal Computer Week, and others. I did my teaching on CompuServe on IBMNET and other forums. I did my teaching on BIX as conference moderator in telecom and, for a while, as an Exchange Editor. And I tutor today on Internet principles for more money than I ever recieved as a guest instructor.
I'm a tech guy who teaches, not a teacher trying to teach tech. (Say that three times fast.)
From BusinessWeek Online: MARCH 18, 2002 See today's date... I wonder who's at fault.
No one. Most weekly magazines use the principle that the "issue date" is the last day that the magazine should be sold on newsstands, not the date that the magazine was first published.
Sorry.
Steven Levy's book Hackers shows that the attitudes Bill Gates and his friends were set a long, long time ago. They never likes the idea of "giving" away any software, none at all. Their mantra was "if you use it, you should pay ME for it." All that time has done is increase their size as a business (most likely by insisting on "don't applaud, throw money instead") and being the driving force behind organizations like the Business Software Alliance (BSA).
As is their right in our society.
You, of course, have the right of choice -- choice that lets you choose to use software vended by someone other than Microsoft.
The anti-trust trial was about Microsoft trying to eliminate sources of software other than itself, in the areas which Microsoft chose to "compete," and the US Department of Justice taking exception to that elimination of competition and choice. We had a charge, an answer, discovery, a trial, a verdict, and an appeal...and at the end of the day we have a company that has been declared guilty (in a Court of Equity) of anti-competitive actions.
Bill continues to show that his grade of "F" in sandbox remains a fair and valid one by refusing to understand why his actions are in violation of statute, and why his actions are harming society.
And who here would be the wiser if you were in his place?
If you want to know something about the person who owns a domain, go to their site and find a way to contact them and ask.
Really? Try to contact me, the administrator for satch-test DOT com, modem-museum DOT org, or even jimgalloway DOT com without resorting to the WHOIS database. Or the Slashdot User Information for this ID. :)
Congratulations. Not every name has a "site" associated with it, contrary to your unwarranted assumption. I hold several domain names to which a web site (1) has not been created because I haven't had the time, (2) will never have a web site because it's used only for electronic mail and other, non-Web, Internet applications, (3) used to have a web site but now is gone, and (4) is intended for secure HTTP traffic with draconian access controls so even if you did figure out how to gain initial access you wuould have to be a cracker to get past the authenticaion that protects the content from the eyes of just anyone.
The information in the contact information portion of the WHOIS record for those domain names is real, and the spam traffic level is low...for now.
Please remember there is more to the Internet than just the World Wide Web and P2P file sharing.
If the government decided that the group responsible for the product (who is responsible is, of course, another issue entirely) must pay damages caused by security flaws, these licenses aren't worth the bandwidth they're downloaded on. I think that was one of the implications of the arcicle.
In order to understand the true implications of your statement in relation to liability in the United States, we need to look at just what is behind the strict liability doctrine behind product liability law. No, I'm not a lawyer, I've just been studying this stuff recently. (Take with appropriate amounts of salt. Not applicable to law outside the USA.)
The reason that manufacturers of goods are held to strict liability with their products is that they are receiving money for their product. In turn for receiving money, the seller assumes certain warrants about the product: freedom from harm of the buyer that uses the product reasonably, that the product is made to a reasonable standard, and that the product will indeed work for the purpose for which it is sold.
What makes things tough for software is that almost all of the warrants are disclaimed in EULAs, a practice that consumer advocates find untenable. Because ALL software vendors do it, there may well be anti-trust action in the future to do away with the disclaimer of warranty...assuming Congress doesn't get there first by making the implied warranties I've described enforcable by statute regardless of contract.
What separates "software products" covered by the GPL from ones covered by a commercial transaction is that there is no monetary consideration for the product.
Let's also not forget that "commercial transaction" can include shareware, because there IS an exchange of monetary consideration for the product, but not at the time the person gets the product to try out. The sale happens when the person sends in his $5 or $15 or whatever.
Now, where does Red Hat, Debian, and other "sellers" of Linux come in? They don't sell the software, they sell the packaging of otherwise freely available software, GNU/Linux and a collection of GNU utilities, along with other utilities, and all of what they provide are freely available elsewhere. (This may not be true of Red Hat specific software, although the availability of the ISO images without payment to Red Hat would strongly argue against that view.)
My thesis is that any change in product liability law would indeed apply only to commercial software, because product liability law today requires the commercial transaction as defined by the Universal Commercial Code (UCC).
(See a licensed attorney to learn how the law applies to your specific situation.)
I've seen a huge amount of discussion over the past few years about doing things to computer cases to deaden sound. Now, one person in this discussion started thinking outside the box, talking about his putting the computer into the next room and running cables through the wall -- effective to some extent, but absolute hell when you have to put a CD-ROM into the drive, don'tcha think...
What I've been looking to do is build a proper sound-controlled cabinet for my computers. It would be an enclosed cabinet with doors, fans (ducted at inflow and outflow ports with sound-proofing material) to ensure enough air flow to keep internal temps down, built-in power distribution, built-in Ethernet (I have a 24-port 100-base T hub), and sound-sealed cable ports for the KVM switch and external connections.
Some design points:
The cabinet needs to be deep enough so that the system units will have adequate front and rear clearance for airflow. Experiments with standard cases tells me that you need at least four inches rear clearance and six inches front clearance. The extra clearance in the front is dictated by CD-ROM and DVD-ROM drives, so that the door of your cabinet doesn't interfere with the CD/DVD-ROM tray. Given that the deepest cases are about 20 inches, that means you need an inside depth of 20 + 4 + 6 = 30 inches. Plan on 36 inches of depth for the outside dimension
Your primary sound barrier will be dense material, such as plywood. If you can get birch plywood, this will give you better sound control because of the increased density of the wood. It's tempting to go very thick, but 5/8 inch should be plenty good. Consider using 1x6 for the framing, and be sure the plywood is braced at least every 18 inches with framing.
Most acoustic treatments will require about two inches of depth in order to be effective across the "band of annoyance" (200 Hz to 4 kHz). Thick-pile carpeting (make sure it's flame-retardant!) can be surprisingly effective, and cheap when purchased as end-rolls or remenants. Fiberglass batting and rock wool are also effective, although the stuff is tricky to work with safely. For the sides and the rear wall, standard acoustic tile or ceiling panels can be effective. For ducts, the goal is traverse absorption, so materials like acoustic tile may not be appropriate as they tend to best absorb sound hitting the tiles perpendicular to the surface.
Design the airflow so that air deflects around sound baffles; this prevents direct ray-path propagation of unwanted noise. For example, an air intake can be done by using a front floor-level opening, a baffle panel of burlap-covered 1/4-inch plywood, and a 5/8-inch plywood shelf for the computers that stops six inches from the front of your cabinet. This design directs the airflow to the front of the computers, which from most cases seems to be the most desirable. A similar baffle system at the top of the cabinet can serve to exhaust air, again using baffle panels to break up any direct ray paths.
Any air-motion equipment should be suitably baffled as well. Large low-RPM fans work better than small high-RPM fans.
Finally, cable ports need to be sealed acoustically. Consider rubber gasket material, or the "tube foam" you can find at some fabric shops.
For my prototype, I'm using a rack cabinet I got at an auction last year. The metal skins (including the top one) is replaced by 5/8-inch plywood, faced on the inside with long-nap carpeting. The air intake at the bottom of the cabinet uses exactly the baffling technique I described above, using burlap soaked in fire retardant. Air exhaust is still a problem. Cables go through two slots in the back of the cabinet. The "door" is currently a removable panel of carpet-faced plywood, but I have designed a quad-door arrangement - this lets me get access to the CD-ROM drives without opening the entire front, yet provides for service access easily.
Temperature monitoring is a bit of a problem right now, a problem I hope to solved via eBay.
When I have more, I'll put it on my Web site and let you all know about it.
(One thing: I'm a bachelor, so I don't have a wife to worry about. Your mileage may indeed vary.)
So much for respecting the public interest. This process seeks to sweep the whole thing under the rug before the press can even read the comments....
You missed the point of the entire exercise, then. The whole purpose of the public comment period was to permit anyone and everyone who had an opinion as to the substance of the Revised Proposed Final Judgment to express their opinion and justify it by quoting the RPFJ, the various court documents, and for the legally enabled from other authorities. It's spelled out in the Tunney Act...read it.
Based on the summary report, the public has indeed spoken. I know I sent in a 24-page opinion and analysis, both in electronic form and via paper using Federal Express. I know my voice has been heard.
Given the volume of comments, I would not have been surprised at a DoJ request to extend the response period, nor would have I have been surprised at the judge's approval. The surprise was that DoJ said they could do the job in the time required by statute.
You missed a fact: the DoJ has to evalute, summarize, and respond to the comments -- more than just doing a Reader's Digest or worse and then putting the whole thing before the judge.
As for "the press reading the comments" many of the comments had been made public by the authors. This Slashdot article has pointers to news articles written based on those author-publicized comments, so the cat's already out of the bag. If you want to read my comment, just ask -- I'll mail it to you as a PDF.
The District Judge has made it clear she won't brook any more delay in getting this thing finished. I agree. Time to get it over with and behind us, IMHO.
The chance of someone "mistyping a URL" and accidentally triggering the Unicode exploit are laughably small. What are the chances of someone "mistyping a URL" and doing the following?i nnt/system32/cmd.exe?/c+dir
http://www.someserver.com/scripts/..%25%35%63../w
Social engineering. If I was a real prick of a Webmaster, I could include a link in my web page that would "mis-type" the URL for you when all you wanted was to see the item "advertised" by the link, an intimate and revealing picture of Brittney Spears. It's even worse with HTML-capable electronic mail -- when was the last time you really looked at the URL behind the juicy link in front of you? Now imagine a clueless newbie presented with the same message. What happens is left as an exercise to the reader.
As for going to jail, you might want to look into the history of BBS sysops who have been "investigated" for wrong-doing. Suitable links are elsewhere in the discussion.