I agree with your statement that anyone who takes advantage of browser identification to deliberately sully the reputation of a specific browser is a [expletive-deleted].
However, I strongly disagree that anyone who doesn't write their site to serve different pages to different broswers is doing the public a disservice (apparently no pun intended). This is rarely the case. Proper design in the first place should minimize any desire for multiple versions of pages. As you say, "most are too lazy or apathetic to do so however".
Driving to the gas station constitutes an implied contract to purchase gas? I don't think so. Putting the gas into your tank certainly does. Leaving the premises without paying for the gas you put in your tank constitutes theft. No contract is required in this situation.
No. You're wrong. Not only that you seem to be under the impression that the BSA is going after retail users, which they aren't. Most companies aren't going to have the "documentation" or a "license certificate" for each copy of a piece of software. They are likely, assuming they are actually behaving legally, to have a contract for a specific number of seats or installations of a specific piece of software. This allows them to buy one physical copy of the software (or in many cases to download it without ever buying an actual physical copy) and make as many duplicates as their contract allows.
A consumer who buys a CD in a box at the local retailer, on the other hand, has signed no such contract. As such, that consumer (in spite of how many stickers he tears or GUI "buttons" he is alleged to have clicked) retains first sale rights over that media-- just like for any other media he or she might buy. There are no definitive precedents yet for "clickwrap" or "shrinkwrap" "licenses" actually constituting valid contracts. If you know of some, please provide links.
All that said, I strongly urge anyone concerned about this sort of "licensing" headache to simply move away from using software sold by companies who rely on these sorts of tactics, and especially those that are partnering with the BSA.
Except that you forgot to actually read any of the relevant sales tax laws or even the article before you began yammering about how this violates the Constitution, which it does not. The buyer pays a sales tax in the state in which he or she actually lives-- additionally the various laws require the sellers with a presence in that state to collect the tax (in order to make the process remotely efficient). In this case the taxes due to the online business will go to the state in which the buyer lives. Not that this will vastly increase your actual representation, but it does make your argument a complete non-sequitor.
Why would you assume that it's DSL? AOL-TimeWarner owns a rather sizable cable internet business. More likely, they'll use whatever wiring they have to in order to get your account-- hence a generic term like "broadband". Or maybe they're using the word "broadband" to cover the word "cable" since so many people (still) seem to think cable internet is somehow insecure or worse than DSL.
Uh, what the hell are you talking about? We're discussing Bruce Schneier's security qualifications here, not security mantras. Well, I guess I've fed my troll for the day!
And cryptography teaches us that security through obscurity (through a secret) only works when that secret can be easily changed.
And here I thought cryptography taught us how to make information hard to read without a key.:)
But seriously, a password is not "security through obscurity"-- not unless you want to stretch the meaning of the phrase so far as to make it mostly useless. "Security through obscurity" is relying on being overlooked (e.g. "no one will ever guess that I have top-secret info at this weird URL") as a method of keeping stuff away from prying eyes.
As long as this key input method (clicking on various screen areas in a certain order or whatever) is completely transparent in the code it's not any different than using a sequence of typed characters (i.e. reading the code won't tell you anything about the keys themselves except that they consist of clicks on the screen). It's no different than having a virtual keyboard on the screen and using that to "type" in the password.
Funny that Mr. Schneier should be a principal figure in a company called "Counterpane Internet Security, Inc" then. Being a crypto expert is not mutually exclusive to being a security expert. Especially not at the levels of understanding required for top jobs in the industry... It's not the this Schmidt guy is going to be coding router security routines, or even writing the drafts of policy documents.
For those of you not reading the article, it is important to note that Schmidt is already Clarke's deputy. It's not like he's being drafted straight out of Microsoft and into this top post. Besides, do we really think they'd accidentally get someone who was independent thinker in there if they could help it?
I bet you use linux in your dormroom or your bedroom.
Nice try. I use it in the living room! (ok, and in the bedroom, and in the basement, and in my daughter's room, and on a laptop when I'm out of town or out of doors). I'm ashamed to admit I make my living working on the MS Windows platform.
OK. So let's assume your case is fairly common. Did you actually buy the 30-day intro support package and a CD-ROM, or did you download your software at no charge from Red Hat's servers? Have you had an ongoing support relationship with Red Hat after that point? (These are honest questions, I can't tell from your post). At some point we need to realize that Red Hat is a business and they got bills to pay, if the cost to provide support for old releases exceeds the benefits (i.e. revenue) then what do you expect them to do? Keep updating old software so you'll never have to upgrade?
$800/machine does sound pretty expensive. I think I'd opt for a new distribution with a longer support cycle (when the RH version you have finally does fall into disrepair) before I paid that if I were in your shoes. However, it's not like security updates are this huge thing. Half the updates they put out are likely to be for software you don't run. It's also possible to get the updated source code for the packages you do run, compile them in your environment (added bonus of being able to tweak the compile in some cases), package them in RPMs, and distribute on your network. Is that less hassle than paying Red Hat? I bet it is. And that's what they're counting on. That the users who need this service will take on that expense themselves, since it appears to be less than economical for them to do it themselves.
I agree with the notion. But I don't see what right I or anyone else has to demand that Red Hat do work on our behalf without fair compensation. Supporting these old versions of software is work. I'm guessing that most of the people running these old systems haven't signed up for support or RHN or whatever fee-based service it is that RH offers-- if they have under the assumption it would include these old versions then they should tell Red Hat they'll cancel if the support for the old versions is dropped (perhaps Red Hat will realize that it was producing revenue after all). But why shouldn't Red Hat try to limit their expenses in this area? They got mouths to feed over there and they're not the only Linux game in town.
In most cases, security updates for the software is available, just not in a convenient RPM and not from RH, but from the actual author of the software. If you have an older system and aren't interested in using newer versions of all this great Linux software that's been coming out the last year, then I can't imagine there are too many packages on your system that would even require security updates.
So perhaps it's more efficient for those folks out running old RH versions to get the source and compile updates themselves. If you are a business with a large installed base, you can easily create your own RPMs and distribute them the same way you'd do a Red Hat RPM update or other internal-use-only software.
And so you're running a version of RH that's so old that this announcement will cause you problems (or will be that old by the time the support is actually cut off)? The question is: why?
You do realize that even support costs money to provide and it's quite possible that your "few grand" ain't covering the cost of doing so? I'd say that the RH product management team is smart enough to figure out at what point the revenues on supporting old products don't match the cost to provide that support.
In other news: their software is not only GPL-style-free, but available at no charge. It's not like Microsoft or Apple or Adobe or any other proprietary software company's situation, where you have to pay for the upgrade. So except in some very rare cases, I can't see a reason to run a Linux distro that's over a year old. Given the rate at which Linux software is maturing that seems like a good way to handicap yourself. If you really want to live in the past, try Debian.;)
I think we're largely in agreement. It's not like I support the RIAA's position on this, after all.:)
I'm curious about this non-DRMed minidisc hardware... since consumer-grade MD have had copy controls built in for quite some time (while high-end MD never have)... is this really a change?
So at the end of the day tell me what the difference is going to be, except that now there won't be a continuing debate about the merits of DRM in the first place. The DRM laws proposed wouldn't have kept us from using Linux or anything... and they'd be no different than laws requiring VCRs sold to obey the Macrovision coding on tapes.
You praised the electronics companies-- that's what concerns me. They are not your friends. They are colluding with the RIAA (in fact, Sony is already on both sides of that fence) to provide DRM on an accelerated schedule-- that's the reason they don't want the government involved. It also makes it hard for them to patent and monopolize any DRM they end up using if it's some sort of government standard.
This announcement also does a lot to discredit the work of people who are trying to pass amendments to the DMCA or other laws intended to protect traditional Fair Use rights. This is of grave concern, imho. I would rather have a showdown. That way we have a voting record to look at when the next election rolls around.
Not to mention it would be a nice distraction from all this talk of war.;)
Why wait? I paid for the DVDs I have or have borrowed them legitimately from the library or friends. I paid for my computer. I'd like to see the arrest headlines on this one, "Area man arrested for watching legally purchased DVD on computer in bedroom instead of DVD player in living room." I'm pretty sure my local police aren't interested in that kind of attention... or maybe the FBI would like to explain why they're busy arresting film buffs instead of catching terrorists.
Um. if you were paying attention you'd notice that one of those "electronics companies" is the Business Software Alliance. Now forgive me for saying so, but I'll take the RIAA's stupid ideas about how to protect content any day over anything the BSA wants to see happen... because I guarantee the BSA does not care about anything but helping its members make money.
To wit, I have received very threatening letters from the BSA (who is little more than a front for Microsoft, imho), but I've never received anything of the sort from the RIAA. I'm pretty sure the electronics companies don't give a shit about your rights, fair or otherwise, all they care about is selling products. With the possible exception of Apple, none of the companies listed in the story I read were even marginally opposed to DRM. They just don't want to have to adhere to a government standard or wait around for the law to catch up with them.
Companies like Sony, Microsoft, and Intel are very active in research and development and implementation of numerous DRM controls. If Sony cared about your rights, they would neither release region-coded DVDs nor produce region-crippled DVD players. If Microsoft cared about your rights, hell would freeze over. And Intel? They'll do whatever needs doing to make a buck. Even Transmeta is trying to get in on the DRM game... all these companies want a slice.
Excellent response. There are obviously several strains of Libertarian, which is one reason I find the urging to become a Libertarian so frustrating. I find some Libertarians scarier than the Republicans/Democrats.
However, I disagree strongly with your contention that supporting the Greens is to support the erosion of freedom. I've found nothing in the Green platform that promotes anything other than broadening and respecting human rights.
you are either Libertarian, or you support facism in one form or another.
Pure and Utter Bull Shit. If you read some of the more prominent Libertarian "thinkers" like Dr. Mary Ruwart, you'll find that libertarianism is just as easily a new spin on the old concept of feudalism as it is any great philosophy of individual human rights.
In fact, there are libertarians who think laws like the DMCA don't go far enough in protecting the rights of the "owners" of "intellectual property". They seem to think that once one "owns" a piece of property it belongs that person for all time. As such, they support notions like copyright that never expires.
Certainly there are decent libertarians out there who have their hearts in the right place, but this is not a time for such black and white sentiments as "you are either with us, or with the fascists".
I don't think that's just IT or CSci causing those problems. The incidence of creepy male behavior seems pretty universal to all types of men and is hardly limited to men in IT.
Why not? Yeah, I prefer quality stuff, but everyone's got different ideas about what is quality stuff. One of the cool things about the web is how much stuff is out there for any particular taste. But this doesn't happen if we discourage people by making remarks intended to curtail the production of that content. We should encourage more web-posting of stuff, the farther out there the better, imho. If people go around thinking "well, I'm not worthy" then we're going to get stuck with whatever Big Media wants us to see.
I agree. It's obvious that this isn't that simple. The main reason the resentment lingers is that the CEOs are typically perceived as earning those salaries and bonuses whether the company succeeds wildly or fails miserably. Ken Lay is still, if I'm not mistaken, a very wealthy man.
If the gap between the rich and poor is increasing (as most say it is), then this means that Lay's kids can use the latest gizmos for school and play, while the [generic low paying job]er's kids in the next neighborhood are wearing 3rd-hand clothes, playing in piles of polluted dirt, reading 25 year old textbooks with pages missing, wondering if they'll actually get a full meal tonight or if the electricity is going to be cut off. Guess whose children are more likely to do well in school, go on to college, and become CEOs themselves on day.
The other problem is that there is very likely a real limit to the value any specific individual can add to a corporation. Is a CEO really adding 2000 times as much value as a store clerk? I don't know.
Salaries shouldn't be thought of as measures of value-added so much as they are measures of the difficulty to replace the individual in question. Even a lousy CEO is going to be hard to replace. Sure, there are lots of people who want that job... most of them are not remotely capable of it. There are lots of people who are capable of it, but the CEO's job is actually not so simple-- it takes that kind of money to make it worth it to them.
Then, of course, there's good old-fashioned American wealth addiction. People think money is some sort of measurement of something important about them and they think that the more so-called creature comforts and money they can acquire the better their lives will be-- an assumption that is rarely questioned.
Slashdot Mirror
I agree with your statement that anyone who takes advantage of browser identification to deliberately sully the reputation of a specific browser is a [expletive-deleted].
However, I strongly disagree that anyone who doesn't write their site to serve different pages to different broswers is doing the public a disservice (apparently no pun intended). This is rarely the case. Proper design in the first place should minimize any desire for multiple versions of pages. As you say, "most are too lazy or apathetic to do so however".
Forced... because I have a hotmail account?
But is someone forcing you to use Hotmail?
Driving to the gas station constitutes an implied contract to purchase gas? I don't think so. Putting the gas into your tank certainly does. Leaving the premises without paying for the gas you put in your tank constitutes theft. No contract is required in this situation.
No. You're wrong. Not only that you seem to be under the impression that the BSA is going after retail users, which they aren't. Most companies aren't going to have the "documentation" or a "license certificate" for each copy of a piece of software. They are likely, assuming they are actually behaving legally, to have a contract for a specific number of seats or installations of a specific piece of software. This allows them to buy one physical copy of the software (or in many cases to download it without ever buying an actual physical copy) and make as many duplicates as their contract allows.
A consumer who buys a CD in a box at the local retailer, on the other hand, has signed no such contract. As such, that consumer (in spite of how many stickers he tears or GUI "buttons" he is alleged to have clicked) retains first sale rights over that media-- just like for any other media he or she might buy. There are no definitive precedents yet for "clickwrap" or "shrinkwrap" "licenses" actually constituting valid contracts. If you know of some, please provide links.
All that said, I strongly urge anyone concerned about this sort of "licensing" headache to simply move away from using software sold by companies who rely on these sorts of tactics, and especially those that are partnering with the BSA.
Except that you forgot to actually read any of the relevant sales tax laws or even the article before you began yammering about how this violates the Constitution, which it does not. The buyer pays a sales tax in the state in which he or she actually lives-- additionally the various laws require the sellers with a presence in that state to collect the tax (in order to make the process remotely efficient). In this case the taxes due to the online business will go to the state in which the buyer lives. Not that this will vastly increase your actual representation, but it does make your argument a complete non-sequitor.
Why would you assume that it's DSL? AOL-TimeWarner owns a rather sizable cable internet business. More likely, they'll use whatever wiring they have to in order to get your account-- hence a generic term like "broadband". Or maybe they're using the word "broadband" to cover the word "cable" since so many people (still) seem to think cable internet is somehow insecure or worse than DSL.
No, no! It's toast. "To much spare time" *clink* *clink* *gulp*
Uh, what the hell are you talking about? We're discussing Bruce Schneier's security qualifications here, not security mantras. Well, I guess I've fed my troll for the day!
And cryptography teaches us that security through obscurity (through a secret) only works when that secret can be easily changed.
:)
And here I thought cryptography taught us how to make information hard to read without a key.
But seriously, a password is not "security through obscurity"-- not unless you want to stretch the meaning of the phrase so far as to make it mostly useless. "Security through obscurity" is relying on being overlooked (e.g. "no one will ever guess that I have top-secret info at this weird URL") as a method of keeping stuff away from prying eyes.
As long as this key input method (clicking on various screen areas in a certain order or whatever) is completely transparent in the code it's not any different than using a sequence of typed characters (i.e. reading the code won't tell you anything about the keys themselves except that they consist of clicks on the screen). It's no different than having a virtual keyboard on the screen and using that to "type" in the password.
Yeah, and you can blather on about Bruce's qualifications on Slashdot, too, but it doesn't mean you know what you're talking about.
(Score: -1, Doh!)
Funny that Mr. Schneier should be a principal figure in a company called "Counterpane Internet Security, Inc" then. Being a crypto expert is not mutually exclusive to being a security expert. Especially not at the levels of understanding required for top jobs in the industry... It's not the this Schmidt guy is going to be coding router security routines, or even writing the drafts of policy documents.
For those of you not reading the article, it is important to note that Schmidt is already Clarke's deputy. It's not like he's being drafted straight out of Microsoft and into this top post. Besides, do we really think they'd accidentally get someone who was independent thinker in there if they could help it?
I bet you use linux in your dormroom or your bedroom.
Nice try. I use it in the living room! (ok, and in the bedroom, and in the basement, and in my daughter's room, and on a laptop when I'm out of town or out of doors). I'm ashamed to admit I make my living working on the MS Windows platform.
OK. So let's assume your case is fairly common. Did you actually buy the 30-day intro support package and a CD-ROM, or did you download your software at no charge from Red Hat's servers? Have you had an ongoing support relationship with Red Hat after that point? (These are honest questions, I can't tell from your post). At some point we need to realize that Red Hat is a business and they got bills to pay, if the cost to provide support for old releases exceeds the benefits (i.e. revenue) then what do you expect them to do? Keep updating old software so you'll never have to upgrade?
$800/machine does sound pretty expensive. I think I'd opt for a new distribution with a longer support cycle (when the RH version you have finally does fall into disrepair) before I paid that if I were in your shoes. However, it's not like security updates are this huge thing. Half the updates they put out are likely to be for software you don't run. It's also possible to get the updated source code for the packages you do run, compile them in your environment (added bonus of being able to tweak the compile in some cases), package them in RPMs, and distribute on your network. Is that less hassle than paying Red Hat? I bet it is. And that's what they're counting on. That the users who need this service will take on that expense themselves, since it appears to be less than economical for them to do it themselves.
I agree with the notion. But I don't see what right I or anyone else has to demand that Red Hat do work on our behalf without fair compensation. Supporting these old versions of software is work. I'm guessing that most of the people running these old systems haven't signed up for support or RHN or whatever fee-based service it is that RH offers-- if they have under the assumption it would include these old versions then they should tell Red Hat they'll cancel if the support for the old versions is dropped (perhaps Red Hat will realize that it was producing revenue after all). But why shouldn't Red Hat try to limit their expenses in this area? They got mouths to feed over there and they're not the only Linux game in town.
In most cases, security updates for the software is available, just not in a convenient RPM and not from RH, but from the actual author of the software. If you have an older system and aren't interested in using newer versions of all this great Linux software that's been coming out the last year, then I can't imagine there are too many packages on your system that would even require security updates.
So perhaps it's more efficient for those folks out running old RH versions to get the source and compile updates themselves. If you are a business with a large installed base, you can easily create your own RPMs and distribute them the same way you'd do a Red Hat RPM update or other internal-use-only software.
And so you're running a version of RH that's so old that this announcement will cause you problems (or will be that old by the time the support is actually cut off)? The question is: why?
;)
You do realize that even support costs money to provide and it's quite possible that your "few grand" ain't covering the cost of doing so? I'd say that the RH product management team is smart enough to figure out at what point the revenues on supporting old products don't match the cost to provide that support.
In other news: their software is not only GPL-style-free, but available at no charge. It's not like Microsoft or Apple or Adobe or any other proprietary software company's situation, where you have to pay for the upgrade. So except in some very rare cases, I can't see a reason to run a Linux distro that's over a year old. Given the rate at which Linux software is maturing that seems like a good way to handicap yourself. If you really want to live in the past, try Debian.
I think we're largely in agreement. It's not like I support the RIAA's position on this, after all. :)
I'm curious about this non-DRMed minidisc hardware... since consumer-grade MD have had copy controls built in for quite some time (while high-end MD never have)... is this really a change?
So at the end of the day tell me what the difference is going to be, except that now there won't be a continuing debate about the merits of DRM in the first place. The DRM laws proposed wouldn't have kept us from using Linux or anything... and they'd be no different than laws requiring VCRs sold to obey the Macrovision coding on tapes.
;)
You praised the electronics companies-- that's what concerns me. They are not your friends. They are colluding with the RIAA (in fact, Sony is already on both sides of that fence) to provide DRM on an accelerated schedule-- that's the reason they don't want the government involved. It also makes it hard for them to patent and monopolize any DRM they end up using if it's some sort of government standard.
This announcement also does a lot to discredit the work of people who are trying to pass amendments to the DMCA or other laws intended to protect traditional Fair Use rights. This is of grave concern, imho. I would rather have a showdown. That way we have a voting record to look at when the next election rolls around.
Not to mention it would be a nice distraction from all this talk of war.
Why wait? I paid for the DVDs I have or have borrowed them legitimately from the library or friends. I paid for my computer. I'd like to see the arrest headlines on this one, "Area man arrested for watching legally purchased DVD on computer in bedroom instead of DVD player in living room." I'm pretty sure my local police aren't interested in that kind of attention... or maybe the FBI would like to explain why they're busy arresting film buffs instead of catching terrorists.
Um. if you were paying attention you'd notice that one of those "electronics companies" is the Business Software Alliance. Now forgive me for saying so, but I'll take the RIAA's stupid ideas about how to protect content any day over anything the BSA wants to see happen... because I guarantee the BSA does not care about anything but helping its members make money.
To wit, I have received very threatening letters from the BSA (who is little more than a front for Microsoft, imho), but I've never received anything of the sort from the RIAA. I'm pretty sure the electronics companies don't give a shit about your rights, fair or otherwise, all they care about is selling products. With the possible exception of Apple, none of the companies listed in the story I read were even marginally opposed to DRM. They just don't want to have to adhere to a government standard or wait around for the law to catch up with them.
Companies like Sony, Microsoft, and Intel are very active in research and development and implementation of numerous DRM controls. If Sony cared about your rights, they would neither release region-coded DVDs nor produce region-crippled DVD players. If Microsoft cared about your rights, hell would freeze over. And Intel? They'll do whatever needs doing to make a buck. Even Transmeta is trying to get in on the DRM game... all these companies want a slice.
Nice. I may just have to copy that one into a notes file as a good starting place for a discussion document.
Excellent response. There are obviously several strains of Libertarian, which is one reason I find the urging to become a Libertarian so frustrating. I find some Libertarians scarier than the Republicans/Democrats.
However, I disagree strongly with your contention that supporting the Greens is to support the erosion of freedom. I've found nothing in the Green platform that promotes anything other than broadening and respecting human rights.
you are either Libertarian, or you support facism in one form or another.
Pure and Utter Bull Shit. If you read some of the more prominent Libertarian "thinkers" like Dr. Mary Ruwart, you'll find that libertarianism is just as easily a new spin on the old concept of feudalism as it is any great philosophy of individual human rights.
In fact, there are libertarians who think laws like the DMCA don't go far enough in protecting the rights of the "owners" of "intellectual property". They seem to think that once one "owns" a piece of property it belongs that person for all time. As such, they support notions like copyright that never expires.
Certainly there are decent libertarians out there who have their hearts in the right place, but this is not a time for such black and white sentiments as "you are either with us, or with the fascists".
I don't think that's just IT or CSci causing those problems. The incidence of creepy male behavior seems pretty universal to all types of men and is hardly limited to men in IT.
Why not? Yeah, I prefer quality stuff, but everyone's got different ideas about what is quality stuff. One of the cool things about the web is how much stuff is out there for any particular taste. But this doesn't happen if we discourage people by making remarks intended to curtail the production of that content. We should encourage more web-posting of stuff, the farther out there the better, imho. If people go around thinking "well, I'm not worthy" then we're going to get stuck with whatever Big Media wants us to see.
I agree. It's obvious that this isn't that simple. The main reason the resentment lingers is that the CEOs are typically perceived as earning those salaries and bonuses whether the company succeeds wildly or fails miserably. Ken Lay is still, if I'm not mistaken, a very wealthy man.
If the gap between the rich and poor is increasing (as most say it is), then this means that Lay's kids can use the latest gizmos for school and play, while the [generic low paying job]er's kids in the next neighborhood are wearing 3rd-hand clothes, playing in piles of polluted dirt, reading 25 year old textbooks with pages missing, wondering if they'll actually get a full meal tonight or if the electricity is going to be cut off. Guess whose children are more likely to do well in school, go on to college, and become CEOs themselves on day.
The other problem is that there is very likely a real limit to the value any specific individual can add to a corporation. Is a CEO really adding 2000 times as much value as a store clerk? I don't know.
Salaries shouldn't be thought of as measures of value-added so much as they are measures of the difficulty to replace the individual in question. Even a lousy CEO is going to be hard to replace. Sure, there are lots of people who want that job... most of them are not remotely capable of it. There are lots of people who are capable of it, but the CEO's job is actually not so simple-- it takes that kind of money to make it worth it to them.
Then, of course, there's good old-fashioned American wealth addiction. People think money is some sort of measurement of something important about them and they think that the more so-called creature comforts and money they can acquire the better their lives will be-- an assumption that is rarely questioned.