Matters may have been quite different if Windows checked the mouse's Vendor ID and refused to activate by default a standard mouse or keyboard with a vendor's ID other than Microsoft's.
Or if the Phoenix or Asus BIOS image was designed to only recognize keyboard or mice with a certain vendor id.
Yes, the third party KB and Mouse vendors could have eventually developed their own software (software not popular or included by default as most users' setups), but it would be so inconvenient to computer users, that the manufacturer would be likely to spoof Microsoft's ID.
Banning hardware for interoperating based on Vendor ID, when there is no technical reason for it (e.g. the profile is the same, the same 'standard' mouse/kb driver without the arbitrary restriction is just fine for the other vendor.).
Is a sure path to seeing vendors want to spoof each other.
The USB-IF and Apple are dragging themselves into a trap. Palm is just the first high-profile vendor to be doing this. You can be sure there will be other devices doing the same, eventually.
If Apple and USB Interoperability Forum have worked to make the system deliberately incompatible, Palm has the legal right to circumvent that, and to sue Apple and USB-IF if they continue the cat-and-mouse game.
Unless Apple considers it a DRM/Access control technology that effectively controls the sync capability and helps protect the copyright works against being synced to non-Apple-authorized devices.
When it comes to Access control and Rights management type technologies, the DMCA helps assure against other companies having a "right" to circumvent.
Of course Apple can figure out a way of stopping third-party sync. Microsoft's been doing something like that for almost 20 years, with various technologies, Office Doc files, login/authentication protocols (e.g. AD), etc.
If you would like to claim otherwise... show me how I can view a web site that requires ActiveX in Linux, without cheating by using something like MSIE in VMware or Wine. (Way beyond the technical capabilities of the average person)
The iPod/iPhone can probably be detected by more than the device ID.
If Apple's smart, they have a unique apple-signed digital certificate private key stored on each portable device. And that the 'certificate' also contains an Apple copyright statement, forbidding a third party from extracting the certificate from their device's ROM chips.
They could provide new firmware for the iPod/iPhone, and a new version of iTunes, that requires 'sync' traffic to be encrypted, and signed by the portable device's unique key.
Or take the easy way, and just introduce proprietary extensions to the protocol, that won't be revealed to third parties.
Are you sure of that? Not a single one of the major record companies has gone out of business.. not a single one of them appears to be in any immediate danger.
More likely they get bought out. The content they own and their rights to it are valuable assets, and they basically have a perpetual income stream off royalties from sold music, whether the music is sold as CDs or MP3s on iTunes, they profit.
It's not as if people will stop listening to their music, or if movies/etc will stop needing music to incorporate into movies.
I thought the entire point of a "corporation" was that it was a quick trick, a hack in our terms, to create a legal entity for business that, magically, was suddenly beholden to all the laws a person was.
The mistake of this hack is not only did they make them beholden to all the laws a normal citizen has...
They gave them all the rights a normal citizen has too, even though these rights aren't in the constitution.. mea culpa... 14th ammendment... equal protection under the law.
Which gives rise to some truly ridiculous concepts such as corporate citizenship.
Yes... if a corporation commit a crime or accused of a crime, their corporate charter should be placed "in jail", pending trial.
And they can no longer do business "as that person", while the corporation is imprisoned. No writing checks in the name of the corporation, no access to bank accounts in the name of the corporation (immediate and automatic freezing of all assets in the hands of third parties).
No ability to accept payments made out to the corporation's name.
No ability to open new accounts in corporation's name.
The only way they get to resume business pending trial is to get a partner to post bail. Assuming the court doesn't deny bail due to flight risk.
Also, the bail may be set astronomically high based on the whims of the prosecution.
If actually convicted of criminal charges, it gets oh so much worse...
Use of AV software does more than reduce the spread rate, it also reduces the size of the pool.
The total number of systems that can possibly be infected.
If only 10,000 PCs in the world can be infected, it doesn't matter if the progression is geometric, the number will never reach billions. The sequence of progression is irrelevent
If you want to make a difference -- reduce the window of opportunity; PATCH NOW. The rate is wholly irrelevant.
No, it's not irrelevent. You see, worm spread is not generally a geometric progression, there are dependencies and other factors that slow it down; the geometric progression is an upper bound for the expected rate of spread (assuming no intelligence is involved in the selection of IP addresses to probe).
In the first hour: maybe 2 machines are infected. Maybe 6 are even infected in the second hour.
But by the third and fourth hour, the probability that multiple infected machines are scanning some of the same IP addresses is higher. The rate that unique IPs are scanned drops, due to multiple hosts querying the same IPs.
Also, infected hosts get turned off and on much like uninfected hosts do, just b/c a host is infected, doesn't mean it will run 24 hours scanning, sometimes the infection will be detected and cleansed entirely, too.
Even if it were a geometric progression, the rate of infection still matters.
You could determine the number of infected hosts after n hours by S[n] = r*(1-r^n)/(1-r)
Where 'r' is the proportion of hosts each host infects every hour, VS the previous hour.
If it's 2 new hosts per hour, then yes 33.5 million hosts are infected after 24 hours. (2*(1-2^24)/(1-2))
On the other hand, if only 0.25 hosts are infected per hour, so r=1.25 (an 8-fold reduction in the spread rate), then a total of 1,053 hosts are infected after 24 hours. 1.25* ( (1 - 1.25^24)/(1-1.25) )
The "90% windows machine" rate of IPs is a fairly unlikely assumption. There are commonly other things like internet routers, that utilize IP addresses for routing, network ID, subnet broadcast addresses, NAT'ed IP addresses, and firewalls, that ward off infections, and even make probing slower. There's a large proporition of IPs that probing will be fruitless than have been accounted for; 75% of IPs may be assigned to organizations and routed, but that doesn't necessarily mean workstations or individual computers. Routers, virtual hosts, and others, very likely utilize more than 10% of the IP space.
IP usage model doesn't account for the popularity of broadband routers that NAT user IP addresses and 'protect' windows machines from probing. Or of corporations that utilize corporate firewalls.
but left the activation key sticker on the machine, only to be asked to install some version (any version) of MS Windows because they do not have original installation media, and yet believe that the activation key sticker is a license to any version of Windows since they can not use the computer without an operating system installed.
It's the OEM versions of Windows that have these stickers.. The license is permanently tied to the computer and cannot be re-assigned to another computer (per the OEM EULA).
The purchaser has failed to live up to their obligations under the license, and surrender the media when surrendering the sticker.
Anyways, the sticker is confusing. Basically, Microsoft should either stop making the dubm stickers, or print a unique URL on each sticker to permit download the License and backup media corresponding to that copy of Windows (for a nominal download fee, to pay for bandwidth, of course).
Yeah, it would... but when someone brought in a vehicle reported stolen, i'd also expect that dealer to contact law enforcement immediately, when the dealer discovered the report.
Okay.. let's say the dealer refuses to repair a problem, e.g. "bad brake lights" or "randomly shoots fireballs out the exhaust pipe". And for some reason, that problem constitutes a safety hazard on the road.
Damaged cars can indeed "spread their damage" when they are operated, and the malfunction causes an accident on the road.
I don't think it works very well, when the bad guys have an understanding of the herd's defenses.
If Microsoft's security software becomes de-facto standard, the blackhats will design their attacks specifically to circumvent or disable Microsoft's security products.
It's hard to elude a slew of thousands of different security products used by different people, but if everyone's using the same one, a bad guy really just has one type of defense to defeat, then...
And once the exploit sedates the MS security product, all the malware has free reign...
Based on this logic, Books and MP3s are a commercial medium, the same as gift cards for example. They are made for the sole purpose of being sold and making as much money for the publishers/records as possible... it is hard to count a title as expression when it is made by hundreds of different people....
That's such a stereotype, and like all stereotypes, wrong so often.
Some of the best video games of all time were a concept of one person (eg Tetris), who in many cases wasn't paid to develop said concept, done for fun.
There are many games free and clearly not built to earn as much money as possible. Nethack, anyone?
The obvious reason is Dialup modem pools/DSL MUX gear doesn't have the capability to do it. More importantly, SSL is pretty expensive, due to the CPU horsepower required, it would slow things down, or customers (and you) would have to buy equipment with expensive crypto offload chips -- customers don't tend to like paying more, having slow connections, or having to replace equipment.
Even more importantly, your dial-up PPP or PPPoE is not a TCP connection. SSL can only be used with TCP connections (can't be used with datagram protocols), so the protocol doesn't fit. There is no standard "encrypted ethernet" protocol, really, the only real option would be PPP ECP.
It sounds like an unfair dismissal lawsuit waiting to happen.
And you ought to have filed a police report, regarding the theft, if that is what happened, including your boss' complicitness.
Last I checked, stealing is still a crime.
Since the bank couldn't seal the matter, is it possible another e-mail user could look up the e-mail address in question, sue Google over mails to "their friend" bouncing, and seek injunctive relief in the form of re-activating the recipient's account?
(P.S. But if you had pulled a 3.5" SATA drive out of the server (a backup disk) and left it on the desk, they'd leave that alone, as it doesn't look very high tech.
The police would've come by with a warrant to pick up all computing equipment in the house.
They'd take the server... and all your desktops, and your laptops...
They'd also make sure to take all the computer monitors, printers, mice, keyboards, bluetooth headsets, cameras, flash cards, MP3 players, iPods...
And just to make 100% sure you couldn't borrow a laptop from a friend and blog about it, they'd take any routers, switches, and definitely the cable modem.
You'd be lucky if they left you a TV and an analog telephone, because all the cell phones would definitely be confiscated as well (Some people use those for microblogging).
It's more like a Fifth ammendment rights violation:
nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
In this case, he is being deprived of his e-mail mailbox, without due process, which though virtual is still property.
They need the contact info so they can name him in the lawsuit in order to get their pet judge to sign the gag order, and fine him for the pain and suffering caused to their customers, by his e-mail address actually being a valid one.
Gag orders are tough when you don't know who you are trying to get silenced, and since you can't exactly gag people whose identity you don't know (no way to deliver service to them, when they ignore email).
"Rocky Mountain Bank had asked to court to keep its suit under seal...
What cause of action exactly allows you to sue someone else and seek relief (in a manner that injures the other party) for damages that you caused to yourself?
Matters may have been quite different if Windows checked the mouse's Vendor ID and refused to activate by default a standard mouse or keyboard with a vendor's ID other than Microsoft's.
Or if the Phoenix or Asus BIOS image was designed to only recognize keyboard or mice with a certain vendor id.
Yes, the third party KB and Mouse vendors could have eventually developed their own software (software not popular or included by default as most users' setups), but it would be so inconvenient to computer users, that the manufacturer would be likely to spoof Microsoft's ID.
Banning hardware for interoperating based on Vendor ID, when there is no technical reason for it (e.g. the profile is the same, the same 'standard' mouse/kb driver without the arbitrary restriction is just fine for the other vendor.). Is a sure path to seeing vendors want to spoof each other.
The USB-IF and Apple are dragging themselves into a trap. Palm is just the first high-profile vendor to be doing this. You can be sure there will be other devices doing the same, eventually.
This is a Pre telling a competitors service that it is an iPhone. Is that legal?
No more legal than faking a MS Internet Explorer User agent string, to visit a website that displays broken pages to certain browsers.
(Once upon a time, it was necessary to fake user agent to visit certain MS web sites, if you were using particular browsers)
If Apple and USB Interoperability Forum have worked to make the system deliberately incompatible, Palm has the legal right to circumvent that, and to sue Apple and USB-IF if they continue the cat-and-mouse game.
Unless Apple considers it a DRM/Access control technology that effectively controls the sync capability and helps protect the copyright works against being synced to non-Apple-authorized devices.
When it comes to Access control and Rights management type technologies, the DMCA helps assure against other companies having a "right" to circumvent.
Of course Apple can figure out a way of stopping third-party sync. Microsoft's been doing something like that for almost 20 years, with various technologies, Office Doc files, login/authentication protocols (e.g. AD), etc.
If you would like to claim otherwise... show me how I can view a web site that requires ActiveX in Linux, without cheating by using something like MSIE in VMware or Wine. (Way beyond the technical capabilities of the average person)
The iPod/iPhone can probably be detected by more than the device ID.
If Apple's smart, they have a unique apple-signed digital certificate private key stored on each portable device. And that the 'certificate' also contains an Apple copyright statement, forbidding a third party from extracting the certificate from their device's ROM chips.
They could provide new firmware for the iPod/iPhone, and a new version of iTunes, that requires 'sync' traffic to be encrypted, and signed by the portable device's unique key.
Or take the easy way, and just introduce proprietary extensions to the protocol, that won't be revealed to third parties.
Are you sure of that? Not a single one of the major record companies has gone out of business.. not a single one of them appears to be in any immediate danger.
More likely they get bought out. The content they own and their rights to it are valuable assets, and they basically have a perpetual income stream off royalties from sold music, whether the music is sold as CDs or MP3s on iTunes, they profit.
It's not as if people will stop listening to their music, or if movies/etc will stop needing music to incorporate into movies.
I thought the entire point of a "corporation" was that it was a quick trick, a hack in our terms, to create a legal entity for business that, magically, was suddenly beholden to all the laws a person was.
The mistake of this hack is not only did they make them beholden to all the laws a normal citizen has...
They gave them all the rights a normal citizen has too, even though these rights aren't in the constitution.. mea culpa... 14th ammendment... equal protection under the law.
Which gives rise to some truly ridiculous concepts such as corporate citizenship.
Yes... if a corporation commit a crime or accused of a crime, their corporate charter should be placed "in jail", pending trial.
And they can no longer do business "as that person", while the corporation is imprisoned. No writing checks in the name of the corporation, no access to bank accounts in the name of the corporation (immediate and automatic freezing of all assets in the hands of third parties).
No ability to accept payments made out to the corporation's name.
No ability to open new accounts in corporation's name.
The only way they get to resume business pending trial is to get a partner to post bail. Assuming the court doesn't deny bail due to flight risk.
Also, the bail may be set astronomically high based on the whims of the prosecution.
If actually convicted of criminal charges, it gets oh so much worse...
Use of AV software does more than reduce the spread rate, it also reduces the size of the pool. The total number of systems that can possibly be infected. If only 10,000 PCs in the world can be infected, it doesn't matter if the progression is geometric, the number will never reach billions. The sequence of progression is irrelevent
If you want to make a difference -- reduce the window of opportunity; PATCH NOW. The rate is wholly irrelevant.
No, it's not irrelevent. You see, worm spread is not generally a geometric progression, there are dependencies and other factors that slow it down; the geometric progression is an upper bound for the expected rate of spread (assuming no intelligence is involved in the selection of IP addresses to probe).
In the first hour: maybe 2 machines are infected. Maybe 6 are even infected in the second hour.
But by the third and fourth hour, the probability that multiple infected machines are scanning some of the same IP addresses is higher. The rate that unique IPs are scanned drops, due to multiple hosts querying the same IPs. Also, infected hosts get turned off and on much like uninfected hosts do, just b/c a host is infected, doesn't mean it will run 24 hours scanning, sometimes the infection will be detected and cleansed entirely, too.
Even if it were a geometric progression, the rate of infection still matters.
You could determine the number of infected hosts after n hours by S[n] = r*(1-r^n)/(1-r)
Where 'r' is the proportion of hosts each host infects every hour, VS the previous hour.
If it's 2 new hosts per hour, then yes 33.5 million hosts are infected after 24 hours. (2*(1-2^24)/(1-2))
On the other hand, if only 0.25 hosts are infected per hour, so r=1.25 (an 8-fold reduction in the spread rate), then a total of 1,053 hosts are infected after 24 hours. 1.25* ( (1 - 1.25^24) /(1-1.25) )
The "90% windows machine" rate of IPs is a fairly unlikely assumption. There are commonly other things like internet routers, that utilize IP addresses for routing, network ID, subnet broadcast addresses, NAT'ed IP addresses, and firewalls, that ward off infections, and even make probing slower. There's a large proporition of IPs that probing will be fruitless than have been accounted for; 75% of IPs may be assigned to organizations and routed, but that doesn't necessarily mean workstations or individual computers. Routers, virtual hosts, and others, very likely utilize more than 10% of the IP space.
IP usage model doesn't account for the popularity of broadband routers that NAT user IP addresses and 'protect' windows machines from probing. Or of corporations that utilize corporate firewalls.
This must be a result of the internet being a series of tubes, instead of being like the telephone.
You're going to be effected when someone sneezes into the tube enormous amounts of material, enormous amounts of material.
but left the activation key sticker on the machine, only to be asked to install some version (any version) of MS Windows because they do not have original installation media, and yet believe that the activation key sticker is a license to any version of Windows since they can not use the computer without an operating system installed.
It's the OEM versions of Windows that have these stickers.. The license is permanently tied to the computer and cannot be re-assigned to another computer (per the OEM EULA).
The purchaser has failed to live up to their obligations under the license, and surrender the media when surrendering the sticker.
Anyways, the sticker is confusing. Basically, Microsoft should either stop making the dubm stickers, or print a unique URL on each sticker to permit download the License and backup media corresponding to that copy of Windows (for a nominal download fee, to pay for bandwidth, of course).
Yeah, it would... but when someone brought in a vehicle reported stolen, i'd also expect that dealer to contact law enforcement immediately, when the dealer discovered the report.
Okay.. let's say the dealer refuses to repair a problem, e.g. "bad brake lights" or "randomly shoots fireballs out the exhaust pipe". And for some reason, that problem constitutes a safety hazard on the road.
Damaged cars can indeed "spread their damage" when they are operated, and the malfunction causes an accident on the road.
Pirates aren't complaining. They'll circumvent this just as easily as any of the WGA checks, most likely.
This will hurt joe clueless user who for some reason got a Windows install (maybe even a genuine one) that won't pass WGA.
In other words, like almost all anti-piracy measures, it will hurt the paying customers, and have very little effect on the pirates, in the long run.
I don't think it works very well, when the bad guys have an understanding of the herd's defenses.
If Microsoft's security software becomes de-facto standard, the blackhats will design their attacks specifically to circumvent or disable Microsoft's security products.
It's hard to elude a slew of thousands of different security products used by different people, but if everyone's using the same one, a bad guy really just has one type of defense to defeat, then...
And once the exploit sedates the MS security product, all the malware has free reign...
Based on this logic, Books and MP3s are a commercial medium, the same as gift cards for example. They are made for the sole purpose of being sold and making as much money for the publishers/records as possible... it is hard to count a title as expression when it is made by hundreds of different people....
That's such a stereotype, and like all stereotypes, wrong so often.
Some of the best video games of all time were a concept of one person (eg Tetris), who in many cases wasn't paid to develop said concept, done for fun.
There are many games free and clearly not built to earn as much money as possible. Nethack, anyone?
The obvious reason is Dialup modem pools/DSL MUX gear doesn't have the capability to do it. More importantly, SSL is pretty expensive, due to the CPU horsepower required, it would slow things down, or customers (and you) would have to buy equipment with expensive crypto offload chips -- customers don't tend to like paying more, having slow connections, or having to replace equipment.
Even more importantly, your dial-up PPP or PPPoE is not a TCP connection. SSL can only be used with TCP connections (can't be used with datagram protocols), so the protocol doesn't fit. There is no standard "encrypted ethernet" protocol, really, the only real option would be PPP ECP.
In practice, there really is no option.
It sounds like an unfair dismissal lawsuit waiting to happen.
And you ought to have filed a police report, regarding the theft, if that is what happened, including your boss' complicitness. Last I checked, stealing is still a crime.
Since the bank couldn't seal the matter, is it possible another e-mail user could look up the e-mail address in question, sue Google over mails to "their friend" bouncing, and seek injunctive relief in the form of re-activating the recipient's account?
"Confidential e-mail" is an oxymoron.
Report it as spam. Since it's not solicited, and they don't provide you a means to stop the mails, it in fact is spam.
Go to spamcop.net and upload the messages, reporting spam from their domain name.
Report it to abuse@ their domain. Lookup their contact information, call the technical contacts for the domain.
Eventually, someone has got to notice..
(P.S. But if you had pulled a 3.5" SATA drive out of the server (a backup disk) and left it on the desk, they'd leave that alone, as it doesn't look very high tech.
The police would've come by with a warrant to pick up all computing equipment in the house.
They'd take the server... and all your desktops, and your laptops...
They'd also make sure to take all the computer monitors, printers, mice, keyboards, bluetooth headsets, cameras, flash cards, MP3 players, iPods...
And just to make 100% sure you couldn't borrow a laptop from a friend and blog about it, they'd take any routers, switches, and definitely the cable modem.
You'd be lucky if they left you a TV and an analog telephone, because all the cell phones would definitely be confiscated as well (Some people use those for microblogging).
It's more like a Fifth ammendment rights violation:
nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
In this case, he is being deprived of his e-mail mailbox, without due process, which though virtual is still property.
They need the contact info so they can name him in the lawsuit in order to get their pet judge to sign the gag order, and fine him for the pain and suffering caused to their customers, by his e-mail address actually being a valid one.
Gag orders are tough when you don't know who you are trying to get silenced, and since you can't exactly gag people whose identity you don't know (no way to deliver service to them, when they ignore email).
"Rocky Mountain Bank had asked to court to keep its suit under seal ...
What cause of action exactly allows you to sue someone else and seek relief (in a manner that injures the other party) for damages that you caused to yourself?
To this problem. Although it might not go over too well with the customers, either...
I'm not sure where anyone ever got the idea it was OK to put confidential information into an e-mail message, because it's simply not.