The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain administrative control of Twitter,
The privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.”
Does NOT seem to be a misrepresentation.
If they employ any measures at all.
it failed to take reasonable steps to prevent unauthorized administrative control of its system, including:
The FTC's ideas of what "reasonable steps" are sure does make me laugh...
I am sure as hell glad the FTC's job is NOT to dictate proper IT security policies.
They are clearly carrying around some pretty whacky notions of what security measures are basic and reasonable.
Requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites, or networks
Wait. "Hard to guess" and "Not used for other programs" are separate criteria.
It is not necessary to require that last bit, to have strong security against intruders.
It is not reasonable to expect that users of a computer network memorize a separate strong password for each service, change it frequently.
The whole notion of "strong password" is a direct contradiction of "remembered (but not written) password". Any password that is not weak, by current security standards, is not able to be memorized by a human.
Enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days
It is well demonstrated that this does not improve security. Instead, it encourages people to choose weaker passwords, or write them down.
Password expiration only helps if an account has been compromised, but (for some reason) the hacker has not used the password yet.
The likelihood of this is slim, the security improvement is practically ZERO, and the cost is very high.
Prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts
It is not necessary to 'prohibit employees from storing admin passwords in plain text'.
To have security
Your admins must know better.
Chances are your company doesn't have a specific policy that says "Admins may not write their passwords on giant signs and carry them down the hall. At a certain point, it's just ridiculous (and doesn't improve security) to say "But you didn't prohibit X?!"
Suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts
This does not improve security.
Actually, it increases the chance that an administrative account could be disabled by an attacker, making it more difficult to determine the nature of or respond to an ongoing attack.
A strong password will be secure, even in the face of a brute force attack.
A brute force attack can be mitigated using less disruptive techniques, such as automatically banning any IP address for 10 minutes, if a certain number of failed logins are attempted.
Providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users
This is only more secure, if you assume that an administrative login is known, and compromised.
An additional web page for admin logins just creates another potential point of exposure to attack, has to be secured separately from the main login page, and the result is likely a less overall secure system.
Compromise of individual users' Twitter accounts leaks private information, just as badly as a compromise of an administrative login...
Particularly if the use of administrative logins is monitored carefully, and a co
In that case, maybe you want to file a Statutory Invention Registration instead.
It's not a "patent", but it's a defensive publication that will prevent anyone else patenting it...
If the USPTO does their job, that is.
In reality, there's a (small) chance some troll might be able to quote your entire patent and add the phrase "on a computer", to the claims, and get a shiny new patent.
And again a few years later by replacing "on a computer" with "using the internet"
5 years later, someone else might be able to change "with a computer" to "with a mobile phone on the internet", and get a second brand new shiny patent.
And 2 years later, yet another company can change the "with a mobile phone" to "with a handheld tablet". And maybe get yet another brand new shiny patent.
etc... etc.... millions will thank you, the gift that keeps on giving (new patents, that is)
It works if you're just the backup admin, and for some reason, someone else left the backup tape vault open despite you telling them not too a thousand times..... and all the tapes melted, so there's no backups for the backup admin to restore.
I wouldn't dream of depriving my great great great great grandchildren's great great great great grandchildren's great great great great grandchildren's great great great great grandchildren's great great great great grandchilren
Of their own Y2K-like issue to serve as a reminder of the types of programming and software design mistakes not to make.
Besides, they'll have to be worrying about IPv6 exhaustion anyways.
And: we have 7990 years to fix this... we should get right on it, with an appropriate timeline to get it done by then.
Maybe so... but by 2038, there will be a lot more old software than there was in 2000.
There are still businesses today, relying on Windows '98, even DOS 5.0 and Netware 3.x, are critical software to some businesses.
Think.. back in 2000, computers had only been in widespread use since the mid-80s.
Approximately 20 years.
The number of software developers, and the number of programs people relied upon was very small back then.
The amount of different business critical software programs in use by different companies,
software written between 1990 and 2030, that is likely to exhibit further date bugs, is likely an order of magnitude (at least) more massive, then the amount of software there could have been Y2K issues with..
Yes... I suppose the question is.. did they specifically pick an arbitrary date, just for the sake of generating revenue, or was there a reasonable technical justification for the limitation?
Did they know about it or not?
And if they did, then why did they not inform their customers of when the software would stop working and need an update?
See... a LOT of software, that relies on dates and times, if still in service, is going to stop working on a certain X date, that X date is Jan 1, 2038.
Until/unless updated.
There are well-understood technical reasons for that, but most software vendors do not bother to disclose "this software will bomb on Jan 1, 2038".
Which is less than 28 years away, at this point.
And the fix is almost certainly not going to be 'free' for most (closed source) custom products.
You have to pay for non-security bugfixes to Windows 2003 now, by buying a contract within 90 days of Jul 12, if you want support.
There are no "bomb on X date" bugs, but who in their right mind doesn't think there will eventually think there will eventually be some nasty bugs found?:)
It's just necessary for the spoofer to first compromise an appropriate router on your network and setup a tunnel..
Either through brute force, or through well-known vulnerabilities in certain router OSes (which are rarely updated, because most sysadmins don't think the router/firewall is a legitimate target, or just don't bother to follow security updates... It's a firewall after all, so "It must be secure!").
Or, analyze what IP address space you are announcing, and announce a more-specific route to their upstream over BGP (assuming their upstream does not apply prefix list or AS path filters), to redirect your prefix to their own router.
E.g. Advertise the/24 of the IP they want to spoof, and include your AS number somewhere in the path, so your own router won't notice what the script kiddie is doing.
Of course if the sender were really paranoid, that SSL connection's IP destination could be a SSL VPN to another anonymizing service, instead of Wikileaks.
And that anonymize service could open yet another SSL connection through the tor network, through a different TOR client, terminating at Wikileaks.
Someone really paranoid will build a chain of encrypted anonymizers, and sign up for accounts on the additional anonymizer services while already anonymous, so a chain is built of services and nested levels of encryption that have to all be compromised, before the sender could ever be identified.
Because it's usually expressed in a more general form...
A user does not have a right to run any (particular) software or do any particular thing on another person's computer (without the owner's authorization/permission)
Using encryption or running encryption software on the computer, is just an example of one of those activities.
It should also be noted... that in a school environment, a student doesn't have a right to eat a peanut butter and jelly sandwich while using the computer.
Or do any of a thousand other things that are restricted by policy.
People also don't have the right to buy peanut butter and jelly; if say, the local grocery store decided not to carry it, they can.
And the user has no recourse, other than going to a different store.
If you read the release notes it states to that effect....
SHOUTcast Radio is a web site which provides a directory of radio stations avalaible on the Internet.
...
Starting from VLC 1.1.0, the SHOUTcast module is not available on the distributed VLC any longer, because AOL Corporation is hindering Open Source Software.
...
Since it is obviously impossible for VLC to comply with such licensing terms, we had to remove the support from the default VLC.
However, we are providing a way to integrate the "icecast directory" that provides an open source equivalent to SHOUTcast. If you know and like a radio station currently listed on the SHOUTcast directory, please make sure this radio is also available on the icecast directory and let the radio owner know about how AOL treats their content.
We want to emphasise the fact that features like SHOUTcast or icecast browsing are now doable using our new extension framework and you will find user-contributed extensions on http://addons.videolan.org/
WELL... if AOL wasn't successful, we wouldn't be talking about them... they would have never gotten so popular.
Obviously their initial great success was so great, that everything nowadays pales in comparison, and seems like a failure compared to AOL's past success.
They may be in the process of failing, but it will take a long time, most likely --- they won't be in real trouble until their level of failure overwhelms their saved up level of past success, strips them of their reserves, and buries them in debt, until they file for Chapter 11...
Sounds like it's time to craft a special rule in the browser, to give the user an er, alternative (fake) user agent string when accessing that one web site:)
With a nice big red dialog box to the user, warning them (in a non-actionable way) about what a d*ck the webmaster is.
That doesn't make any sense... VLC is licensed under the GPL. The nullsoft code is not. VLC devs have no right to license someone else's code under GPL.
The nullsoft code license is more restrictive, making it (therefore) GPL incompatible.
Except there would be a TOS on the shrink wrap that you agree to by opening the dead puppy, that says (1) you are not allowed to throw out puppy contained, whether alive, or dead, AND
(2) you may not start a web site or post on any web site that contains the word 'puppy' or refers to animals such as the one contained herein, received from AOL or any other information services provider.
So someone'd post the website (maybe), but as soon as you got to version 1.1.0, they'd get injuncted to take out the references to AOL dead puppies
Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data,
They have a right to restrict what protocols and port numbers are allowed to be used on their network, as a matter of policy.
They have a right to implement technical measures to assist in enforcing policy, even if those technical measures are so draconian that they prevent some things that are technically allowed by policy.
They have a right to do this, by virtue of it being their network.
does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)?
An individual does not have a right to use encryption.
A user has a right to install encryption software that they own on their computer that they own.
A user does not necessarily have the right to transmit data over a network, that they have encrypted using software.
Especially not if that data also belongs to the school/employer (proprietary sensitive info)
In all cases; a school/employer has a right to say: either you connect using non-SSL, or you choose to refrain from connecting.
Of course from a security POV, SSL is probably better, as long as the organization controls the keys and manages ciphers used
$100 a month is an extreme low-ball estimate on doing it inexpensively.
In all likelihood, the hosting costs alone exceed it, without considering the costs of design of materials or maintaining content.
Which... well, you know... the author of a book will spend as much as they need to spend on hosting. The author of a book on Blender is not expected to be a Web design expert, capable of performing graphical design and all HTML coding for their book's website.
Anyways, the only way the hosting will cost less, is in an aggregate environment, where the author's requirements may not even be met.
Two possible aggregate environments exist... the specific one... pages provided by the publisher or a third-party that provides 'book pages' to many authors.
In this case, the publisher usually takes a cut of the book, price, as they do anyways... part of that can be attributed to the hosting cost.
In any case, the author's other expenses still need to be met, after the publisher gets their cut, for the price to be high enough.
The other way of doing it "cheaply", is the author trying to host the web site on their DSL service they purchase for personal use... (LOL).
Or finding a cut-rate $12/month shared hosting provider that lobs thousands of sites on the same server, and trying to piece together the site theirselves, using templates, and no help from a professional.
In that case, they wind up with a poorly designed web site, that may have performance issues due to other users' activity, or cutthroat bandwidth or disk caps, and might not do the best job of selling books.
Not to mention also security risks, potentially a lack of proper admin monitoring of their web site, and lack of proper automated backups on the server, with disaster recovery by the hosting provider, in case their equipment fails.
You get what you pay for. If you want to make sure you sell and profit, it's worth paying a reasonable price for hosting, if you actually think your book will sell.
If it adds a few $$ to the per unit price tag, that's totally reasonable.
Why not take the book in the article as an example?
Look at its web site
As you can see, there is a web page hosted by the publisher.
Now the expenses the publisher incurs to present this web site includes: servers, bandwidth, electricity, employees to maintain these things, and employees to develop and maintain the site.
A technical book like this one has a useful lifetime of 2 or 3 years at most, before it's outdated, and obsolete (needs to be updated at new costs).
So you can fairly divide all one-time fees by the total number of months the book is expected to sell, to get a pro-rata per-month approximation.
Anyways... having materials prepared for the web site definitely costs money.
Implementation of e-commerce systems to allow purchase online also requires money.
Securing those systems, performing backups, and maintenance also costs money.
£9 for an e-book is borderline ridiculous in my opinion. I guess some people will buy that, though.
You cannot determine proper price of an item based on "per unit" costs, until you also average all one time costs over the total number of expected sales of that unit over time.
And include the opportunity costs of having capital tied up. For instance, if you borrowed $2000 to publish a book, you will be paying interest to the bank for that time, and all that interest expense that occurs until your sales to pay it off is ongoing cost of every unit of the book.
Also, it is still a part of the cost of every book sold (even after the amount is paid off). Eventually and ONLY if you sell a truly massive number of books, do the average per-book costs get close to the marginal cost of producing each unit.
Did it not occur to you that it still takes time and labor to write a book, and all those things still have a price?
You might have only paid once, but chances are with tangible books you only paid once too, to have a batch of books printed.
By the time you sell a copy, the costs are paid upfront already, whether they are costs for tangible goods, costs for labor, or costs for services like electricity, hosting, or internet.
Typesetting is not free. Marketing is not free.
Companies have to be paid to do those things, or the author has to spend additional time to do those things (which has an opportunity cost -- they can't spend that time writing another book).
Webhosting starts at about $100 a month.
For it to be worth the expense, the predicted number of unit sales has to be high enough so that
Number of Units Expected to sell at the price X chosen price
Is large enough to not only meet all those expenses, but to also generate enough profit for the risks involved in incurring the expenses to be worthwhile.
If you spend $2000 publishing an eBook, and only expect to ever sell a maximum of 10 copies, due to the special nature of the book.
Then the minimum acceptable price to sell that book is for $200, and at that price you aren't making a profit, you are basically being charitable.
Re:Blender 2.49 still very much alive
on
Blender 2.49 Scripting
·
· Score: 2, Insightful
Maybe not fun for people who want to use large numbers of other people's code/scripts a lot, and don't do their own scripting.
Very fun and beneficial for people who want to write and use their own scripts.
Of course it's worth it to them to install the bindings and modules they need.
The alternative to providing multiple bindings might be that scripts don't get written/published in the first place, because people have trouble doing exactly what they want in the 'standard' language.
Not perjury... as long as the sender of the letter is "the copyright owner or authorized to act on behalf of the copyright owner of an exclusive right that is allegedly infringed".
It is also not libellious, it is protected by absolute privilege, as a DMCA letter sent to Google is a private communication and part of a legal procedure, not to be published, not intended to defame.
The DMCA allows a claimaint to send the letter if you are the copyright owner and have a good faith belief of the infringement.
Now, if Fox could prove the letter was in error, they could send a counter notice to Google, under the penalty of perjury.
If Fox felt the original letter was in bad faith, and an abuse of process, they could bring that to court, and they might have some claims for loss of revenue possibly tortious interference
Depending on the nature of the thing taken down, and who requested it.
However, it's not like the law changes just because the subject of the DMCA letter is Fox news.
The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain administrative control of Twitter,
The privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.”
Does NOT seem to be a misrepresentation. If they employ any measures at all.
it failed to take reasonable steps to prevent unauthorized administrative control of its system, including:
The FTC's ideas of what "reasonable steps" are sure does make me laugh... I am sure as hell glad the FTC's job is NOT to dictate proper IT security policies. They are clearly carrying around some pretty whacky notions of what security measures are basic and reasonable.
Requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites, or networks
Wait. "Hard to guess" and "Not used for other programs" are separate criteria.
It is not necessary to require that last bit, to have strong security against intruders. It is not reasonable to expect that users of a computer network memorize a separate strong password for each service, change it frequently. The whole notion of "strong password" is a direct contradiction of "remembered (but not written) password". Any password that is not weak, by current security standards, is not able to be memorized by a human.
Enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days
It is well demonstrated that this does not improve security. Instead, it encourages people to choose weaker passwords, or write them down. Password expiration only helps if an account has been compromised, but (for some reason) the hacker has not used the password yet.
The likelihood of this is slim, the security improvement is practically ZERO, and the cost is very high.
Prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts
It is not necessary to 'prohibit employees from storing admin passwords in plain text'. To have security
Your admins must know better. Chances are your company doesn't have a specific policy that says "Admins may not write their passwords on giant signs and carry them down the hall. At a certain point, it's just ridiculous (and doesn't improve security) to say "But you didn't prohibit X?!"
Suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts
This does not improve security. Actually, it increases the chance that an administrative account could be disabled by an attacker, making it more difficult to determine the nature of or respond to an ongoing attack.
A strong password will be secure, even in the face of a brute force attack. A brute force attack can be mitigated using less disruptive techniques, such as automatically banning any IP address for 10 minutes, if a certain number of failed logins are attempted.
Providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users
This is only more secure, if you assume that an administrative login is known, and compromised.
An additional web page for admin logins just creates another potential point of exposure to attack, has to be secured separately from the main login page, and the result is likely a less overall secure system.
Compromise of individual users' Twitter accounts leaks private information, just as badly as a compromise of an administrative login...
Particularly if the use of administrative logins is monitored carefully, and a co
In that case, maybe you want to file a Statutory Invention Registration instead.
It's not a "patent", but it's a defensive publication that will prevent anyone else patenting it...
If the USPTO does their job, that is.
In reality, there's a (small) chance some troll might be able to quote your entire patent and add the phrase "on a computer", to the claims, and get a shiny new patent.
And again a few years later by replacing "on a computer" with "using the internet"
5 years later, someone else might be able to change "with a computer" to "with a mobile phone on the internet", and get a second brand new shiny patent.
And 2 years later, yet another company can change the "with a mobile phone" to "with a handheld tablet". And maybe get yet another brand new shiny patent.
etc... etc.... millions will thank you, the gift that keeps on giving (new patents, that is)
oxygen and is smoking a cigarette and happens to ignite the oxygen coming out of that tank.
Oxygen itself is not a fuel. The cigarette can ignite.
With the assistance of the oxygen, the metal on the tank itself, or other gases in the air could ignite.
But the oxygen itself doesn't "ignite"
"ingition" is the start of a chemical chain reaction involving oxygen and a fuel.
It works if you're just the backup admin, and for some reason, someone else left the backup tape vault open despite you telling them not too a thousand times..... and all the tapes melted, so there's no backups for the backup admin to restore.
Which seems reasonable considering that the product came out 7 years ago, during which time there have been many free patches;
Except I bought. Windows 2003 2 years ago. And I didn't get advantage of those "many 3 patches".
My car, and just about everything important comes with a 5 year or longer warranty.
How come Windows 2003 support only lasts 2 years from the date of purchase?
If it was 7 years from the date you bought the product, I would agree with you.
Thanks for phasing that out, Intel.
Reasonable security standards are one thing.
Security standards designed only to appease security vendors are a waste of shareholder $$$.
I wouldn't dream of depriving my great great great great grandchildren's great great great great grandchildren's great great great great grandchildren's great great great great grandchildren's great great great great grandchilren
Of their own Y2K-like issue to serve as a reminder of the types of programming and software design mistakes not to make.
Besides, they'll have to be worrying about IPv6 exhaustion anyways.
And: we have 7990 years to fix this... we should get right on it, with an appropriate timeline to get it done by then.
No sense in rushing it at this point.
Maybe so... but by 2038, there will be a lot more old software than there was in 2000.
There are still businesses today, relying on Windows '98, even DOS 5.0 and Netware 3.x, are critical software to some businesses.
Think.. back in 2000, computers had only been in widespread use since the mid-80s. Approximately 20 years.
The number of software developers, and the number of programs people relied upon was very small back then.
The amount of different business critical software programs in use by different companies, software written between 1990 and 2030, that is likely to exhibit further date bugs, is likely an order of magnitude (at least) more massive, then the amount of software there could have been Y2K issues with..
Yes... I suppose the question is.. did they specifically pick an arbitrary date, just for the sake of generating revenue, or was there a reasonable technical justification for the limitation?
Did they know about it or not? And if they did, then why did they not inform their customers of when the software would stop working and need an update?
See... a LOT of software, that relies on dates and times, if still in service, is going to stop working on a certain X date, that X date is Jan 1, 2038.
Until/unless updated. There are well-understood technical reasons for that, but most software vendors do not bother to disclose "this software will bomb on Jan 1, 2038".
Which is less than 28 years away, at this point.
And the fix is almost certainly not going to be 'free' for most (closed source) custom products.
[Er.... there are no known "bomb on X date" bugs]... Until the next Y2k-style event that is, when system clock reaches the maximum.
Many 32-bit OSes will be screwed in Jan 2038.
That's right... plausible deniability.
You have to pay for non-security bugfixes to Windows 2003 now, by buying a contract within 90 days of Jul 12, if you want support.
There are no "bomb on X date" bugs, but who in their right mind doesn't think there will eventually think there will eventually be some nasty bugs found? :)
Most likely... unless nobody's submitted any addons yet (perhaps)
It's interesting that the bottom of videolan.org says:
Perhaps this will all get worked out, and Videolan 1.1.1 can come out with SHOUTcast directory support re-added?
Full duplex connections are possible.
It's just necessary for the spoofer to first compromise an appropriate router on your network and setup a tunnel.. Either through brute force, or through well-known vulnerabilities in certain router OSes (which are rarely updated, because most sysadmins don't think the router/firewall is a legitimate target, or just don't bother to follow security updates... It's a firewall after all, so "It must be secure!").
Or, analyze what IP address space you are announcing, and announce a more-specific route to their upstream over BGP (assuming their upstream does not apply prefix list or AS path filters), to redirect your prefix to their own router.
E.g. Advertise the /24 of the IP they want to spoof, and include your AS number somewhere in the path, so your own router won't notice what the script kiddie is doing.
Of course if the sender were really paranoid, that SSL connection's IP destination could be a SSL VPN to another anonymizing service, instead of Wikileaks.
And that anonymize service could open yet another SSL connection through the tor network, through a different TOR client, terminating at Wikileaks.
Someone really paranoid will build a chain of encrypted anonymizers, and sign up for accounts on the additional anonymizer services while already anonymous, so a chain is built of services and nested levels of encryption that have to all be compromised, before the sender could ever be identified.
o.O why? And why I was not told this before?
Because it's usually expressed in a more general form...
A user does not have a right to run any (particular) software or do any particular thing on another person's computer (without the owner's authorization/permission)
Using encryption or running encryption software on the computer, is just an example of one of those activities.
It should also be noted... that in a school environment, a student doesn't have a right to eat a peanut butter and jelly sandwich while using the computer.
Or do any of a thousand other things that are restricted by policy.
People also don't have the right to buy peanut butter and jelly; if say, the local grocery store decided not to carry it, they can. And the user has no recourse, other than going to a different store.
If you read the release notes it states to that effect....
SHOUTcast Radio is a web site which provides a directory of radio stations avalaible on the Internet.
...
Starting from VLC 1.1.0, the SHOUTcast module is not available on the distributed VLC any longer, because AOL Corporation is hindering Open Source Software.
Since it is obviously impossible for VLC to comply with such licensing terms, we had to remove the support from the default VLC.
However, we are providing a way to integrate the "icecast directory" that provides an open source equivalent to SHOUTcast. If you know and like a radio station currently listed on the SHOUTcast directory, please make sure this radio is also available on the icecast directory and let the radio owner know about how AOL treats their content.
We want to emphasise the fact that features like SHOUTcast or icecast browsing are now doable using our new extension framework and you will find user-contributed extensions on http://addons.videolan.org/
(In other words.... *HINT* *HINT*
WELL... if AOL wasn't successful, we wouldn't be talking about them... they would have never gotten so popular.
Obviously their initial great success was so great, that everything nowadays pales in comparison, and seems like a failure compared to AOL's past success.
They may be in the process of failing, but it will take a long time, most likely --- they won't be in real trouble until their level of failure overwhelms their saved up level of past success, strips them of their reserves, and buries them in debt, until they file for Chapter 11...
Sounds like it's time to craft a special rule in the browser, to give the user an er, alternative (fake) user agent string when accessing that one web site :)
With a nice big red dialog box to the user, warning them (in a non-actionable way) about what a d*ck the webmaster is.
That doesn't make any sense... VLC is licensed under the GPL. The nullsoft code is not. VLC devs have no right to license someone else's code under GPL.
The nullsoft code license is more restrictive, making it (therefore) GPL incompatible.
Except there would be a TOS on the shrink wrap that you agree to by opening the dead puppy, that says (1) you are not allowed to throw out puppy contained, whether alive, or dead, AND (2) you may not start a web site or post on any web site that contains the word 'puppy' or refers to animals such as the one contained herein, received from AOL or any other information services provider.
So someone'd post the website (maybe), but as soon as you got to version 1.1.0, they'd get injuncted to take out the references to AOL dead puppies
Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data,
They have a right to restrict what protocols and port numbers are allowed to be used on their network, as a matter of policy.
They have a right to implement technical measures to assist in enforcing policy, even if those technical measures are so draconian that they prevent some things that are technically allowed by policy.
They have a right to do this, by virtue of it being their network.
does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)?
An individual does not have a right to use encryption.
A user has a right to install encryption software that they own on their computer that they own.
A user does not necessarily have the right to transmit data over a network, that they have encrypted using software.
Especially not if that data also belongs to the school/employer (proprietary sensitive info)
In all cases; a school/employer has a right to say: either you connect using non-SSL, or you choose to refrain from connecting.
Of course from a security POV, SSL is probably better, as long as the organization controls the keys and manages ciphers used
$100 a month is an extreme low-ball estimate on doing it inexpensively. In all likelihood, the hosting costs alone exceed it, without considering the costs of design of materials or maintaining content.
Which... well, you know... the author of a book will spend as much as they need to spend on hosting. The author of a book on Blender is not expected to be a Web design expert, capable of performing graphical design and all HTML coding for their book's website.
Anyways, the only way the hosting will cost less, is in an aggregate environment, where the author's requirements may not even be met.
Two possible aggregate environments exist... the specific one... pages provided by the publisher or a third-party that provides 'book pages' to many authors.
In this case, the publisher usually takes a cut of the book, price, as they do anyways... part of that can be attributed to the hosting cost. In any case, the author's other expenses still need to be met, after the publisher gets their cut, for the price to be high enough.
The other way of doing it "cheaply", is the author trying to host the web site on their DSL service they purchase for personal use... (LOL).
Or finding a cut-rate $12/month shared hosting provider that lobs thousands of sites on the same server, and trying to piece together the site theirselves, using templates, and no help from a professional.
In that case, they wind up with a poorly designed web site, that may have performance issues due to other users' activity, or cutthroat bandwidth or disk caps, and might not do the best job of selling books.
Not to mention also security risks, potentially a lack of proper admin monitoring of their web site, and lack of proper automated backups on the server, with disaster recovery by the hosting provider, in case their equipment fails.
You get what you pay for. If you want to make sure you sell and profit, it's worth paying a reasonable price for hosting, if you actually think your book will sell.
If it adds a few $$ to the per unit price tag, that's totally reasonable.
Why not take the book in the article as an example? Look at its web site
As you can see, there is a web page hosted by the publisher.
Now the expenses the publisher incurs to present this web site includes: servers, bandwidth, electricity, employees to maintain these things, and employees to develop and maintain the site.
A technical book like this one has a useful lifetime of 2 or 3 years at most, before it's outdated, and obsolete (needs to be updated at new costs).
So you can fairly divide all one-time fees by the total number of months the book is expected to sell, to get a pro-rata per-month approximation.
Anyways... having materials prepared for the web site definitely costs money.
Implementation of e-commerce systems to allow purchase online also requires money.
Securing those systems, performing backups, and maintenance also costs money.
£9 for an e-book is borderline ridiculous in my opinion. I guess some people will buy that, though.
You cannot determine proper price of an item based on "per unit" costs, until you also average all one time costs over the total number of expected sales of that unit over time.
And include the opportunity costs of having capital tied up. For instance, if you borrowed $2000 to publish a book, you will be paying interest to the bank for that time, and all that interest expense that occurs until your sales to pay it off is ongoing cost of every unit of the book.
Also, it is still a part of the cost of every book sold (even after the amount is paid off). Eventually and ONLY if you sell a truly massive number of books, do the average per-book costs get close to the marginal cost of producing each unit.
Did it not occur to you that it still takes time and labor to write a book, and all those things still have a price?
You might have only paid once, but chances are with tangible books you only paid once too, to have a batch of books printed.
By the time you sell a copy, the costs are paid upfront already, whether they are costs for tangible goods, costs for labor, or costs for services like electricity, hosting, or internet.
Typesetting is not free. Marketing is not free. Companies have to be paid to do those things, or the author has to spend additional time to do those things (which has an opportunity cost -- they can't spend that time writing another book).
Webhosting starts at about $100 a month.
For it to be worth the expense, the predicted number of unit sales has to be high enough so that Number of Units Expected to sell at the price X chosen price
Is large enough to not only meet all those expenses, but to also generate enough profit for the risks involved in incurring the expenses to be worthwhile.
If you spend $2000 publishing an eBook, and only expect to ever sell a maximum of 10 copies, due to the special nature of the book.
Then the minimum acceptable price to sell that book is for $200, and at that price you aren't making a profit, you are basically being charitable.
Maybe not fun for people who want to use large numbers of other people's code/scripts a lot, and don't do their own scripting.
Very fun and beneficial for people who want to write and use their own scripts. Of course it's worth it to them to install the bindings and modules they need.
The alternative to providing multiple bindings might be that scripts don't get written/published in the first place, because people have trouble doing exactly what they want in the 'standard' language.
Not perjury... as long as the sender of the letter is "the copyright owner or authorized to act on behalf of the copyright owner of an exclusive right that is allegedly infringed".
It is also not libellious, it is protected by absolute privilege, as a DMCA letter sent to Google is a private communication and part of a legal procedure, not to be published, not intended to defame.
The DMCA allows a claimaint to send the letter if you are the copyright owner and have a good faith belief of the infringement.
Now, if Fox could prove the letter was in error, they could send a counter notice to Google, under the penalty of perjury.
If Fox felt the original letter was in bad faith, and an abuse of process, they could bring that to court, and they might have some claims for loss of revenue possibly tortious interference
Depending on the nature of the thing taken down, and who requested it.
However, it's not like the law changes just because the subject of the DMCA letter is Fox news.