Unfortunately OFCOM's response will be dictated by government legislation produced by a cabinet that will almost certainly decide to ratify this treaty.
Yeh, well, you probably won't read this reply either.
But the point is that this treaty is so badly phrased that it may unintentionally require governments to do this kind of thing. They might sign up for it without realising what they're letting themselves in for, and who knows what would happen then...?
Out of interest... does anyone know what _does_ happen if a country signs a treaty and then realises it has made a mistake and shouldn't have done?
The purpose of treaties is to get widescale buy in, yet not to make the details so inflexible that it causes members too much pain upon implementation.
I'm with you there, but the problem is that this clause is broad in the wrong direction:
effective legal remedies shall be provided against those who [...]
It _requires_ remedies against anyone who produces _any_ of those things. A country that doesn't outlaw, say, the manufacture of general purpose computer devices could be held to have breached the treaty. A simple substition of 'designed for the purposes of' instead of 'capable of' makes the treaty a whole lot _less_ specific. Sure, signatories can still outlaw PCs if they want to, but they don't have to any more.
Of course, our grep is a generalized tool, so not only can we build lists of "TODO" comments, we can hunt down "FIXME" and even "This is an ugly hack" and "I am so ashamed of this".
Sorry, Microsoft thought of this... "3. The method of claim 1, wherein the comment token is associated with a keyword specified by a developer during the interactive code development session."
It seems that what MS have patented is an interesting extension to this... they generate a checklist in a window, and when you tick items off, that removes the comment automatically. And they automatically add syntax errors to it while you type, too.
Yes, they've also claimed what you do, but that's just SOP when filing for patents.
It's probably not the company the data belongs to that's selling it. Most large companies get rid of old PCs by calling in a PC recycling company. These people will say "yes, of course we get rid of your data securely", then do a quick format (essentially just putting a new filesystem over the top of the old one and not wiping the data areas) and sell it on.
Why do they sell it rather than disposing of it through ordinary channels? Because they're not legally allowed to dispose of it in any way that would end up in a landfill site. Which is almost every way that they could dispose of it, other than selling it. They could, I guess, separate out the case from the platters, melt everything down and sell it as scrap metal, but (a) it would be worth even less and (b) would be more difficult to arrange.
The problem is that recycling laws make it almost impossible for these people to do anything else.
From what I can see, it isn't a vanity press (who charge you up-front for the privelege of publishing your book), but they certainly don't seem to be reputable. They do say some things that aren't true in their marketing material, like:
If I publish with BookSurge, can I still sell my book to a 'traditional publisher' or enter it into contests?
You still control all the rights to your book. You may effortlessly transition into a traditional publishing deal. We will only need 30 days to remove your files from our system.
One of the rights that a 'traditional publisher' is likely to be highly interested in is the right to be the first to publish your book. Which you'd no longer be able to give them...
The Standard Bookseller Discount. 40% discount. Pre-paid, non-returnable.
uh-huh? Standard bookseller terms is, I believe 50%. 30 days credit. Sale-or-return.
If it has to be decrypted by the OS when it gets swapped in, it can be decrypted to fish for passwords.
Huh? Not if the key is randomly generated on each boot... then every time you shut down, there's no need to worry about anything that might be in your swap.
Stuff could be extracted if you could stop & inspect a running system, but that requires pretty fancy hardware, I suspect.
I don't believe you _can_ grab the NTLM hash that simply. Don't domain servers use kerberos authentication? At that point, the password ought to be stored encrypted with the server's public key (? not too sure on the details of kerberos, but I think that works), so you would have to crack that public key to get it out... at which point the network has worse problems than you find a coworker's password:)
Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
Indeed, and under Windows (quoted from msdn.microsoft.com):
The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file.
It's a good policy, but what happens if you can't do anything with the hard drive? I possess a single laptop computer, and when its motherboard went faulty a while back, I had no choice but to send it in to be serviced without touching the hard disk.
I tell you, getting a guarantee from the service company that they wouldn't do a 'system restore' or anything else destructive to the hard disk was a nightmare.
"We recommend you perform a backup before sending the computer in."
That's really useful, but the system won't boot and I don't have any others with the right connector for the hard disk.
Yeah, but assuming he'd seen someone using the lock, or the lock was of a standard model which is fixed to a certain number of digits, he could probably know how many digits there were in the pin.
Well, I think what's scaring most people is the idea that the messages can be pulled out of some storage somewhere. If you send a letter by post, you don't expect the post office to be able to produce a copy on request at some later point.
I would have assumed that phone companies didn't keep copies of the messages. It must be a hugely redundant database they've got there.
The idea that the courts determine whether or not someone ACTUALLY IS GUILTY is a stupid and common American fallacy. (I don't know what it's like elsewhere.)
I don't know about the US, but here in the UK, then if a court has found you guilty, then legally speaking you _are_ guilty, until and unless an higher court overturns that finding. It's called a "legal fiction" -- that is, it may not be true, but it is assumed to be for the purposes of running the legal system.
A similar thing is evident in civil procedures, where if you send a claim form to someone by first class post, it is assumed to arrive the next day. Even if it doesn't arrive until two weeks later, the counting of dates for procedure purposes still takes place from the day after it was sent. (Although in practice, the defendant can generally apply for an extension and will almost always get one).
Note to mods: the above should have been moderated Interesting, not Insightful.
WTF's the difference, anyway? The comment was both, in my opinion. The poster expressed his insight into the situation, which might not be entirely relevant to the current market still qualifies as an insight. It was also an interesting one.
I was in my local PC World (UK's leading PC retailer) yesterday. They have recently acquired a stock of dual-layer writers. I asked about dual layer media and the assistant looked blank, pointing to the boxes of single-layer media that had been stacked next to the writers.
"You just use normal media with it."
"No, you see it says 4.7Gb here on the box of blanks, and the writer box says it can do 8.5Gb"
"Oh, don't worry about that. The main thing is it's faster. It does an 8 speed write."
I noticed a move to 7200 as the base in my local retail outlets about 3 months ago. You now can't get small 5400rpm drives (i.e. less than 60Gb), because the retailers decided the price difference (about GBP 5-10) made it pointless stocking them.
As an aside, with my server's onboard ATA33 interface, I've hardly noticed a difference. I'm not sure if the problem's with ATA33 or the ancient implementation of it used in my motherboard (can't remember when I acquired it, but I know it was one of the first to support UDMA).
Since it will be open source, you will be able to read the ranking algorithms and change/abuse them as you see fit.
Actually, this is an interesting idea. Allowing site users to fiddle with the algorithm used to rank their results... if you're not using the same algorithm as everyone else, SEO tactics might actually decrease results!
and I got to watch them forget about search and do a bunch of useless crap instead, then die. I was hoping Google would be different.
And I think it is. In case you hadn't noticed, gmail is about searching... just searching through e-mail, rather than web pages. Same as Google Groups is about searching newsgroups.
It's cheap consumer electronics. Return it and get one that does not have this issue, then resume your life. No story here, move along.
Yes & no. We're not talking about a faulty piece of equipment. We're talking about a problem that:
1. should have been easily found by the vendor exercising the slightest competence 2. could actually cost somebody serious money (either due to unauthorised access to their LAN, or through unauthorised use of their internet connection)
If 2 *actually* happened to you, you probably have a case. Even if it didn't, you *might* be able to make a strong enough case for exemplary damages (or equivalent in your local jurisdiction, if it has one), purely on the basis that 2 *could* have happened.
. Maybe someone could do brisk business selling router "safes" that only have a couple holes for cabling in the back, but require a key to open up to access.
Unfortunately OFCOM's response will be dictated by government legislation produced by a cabinet that will almost certainly decide to ratify this treaty.
They won't have a choice in the matter.
Yeh, well, you probably won't read this reply either.
But the point is that this treaty is so badly phrased that it may unintentionally require governments to do this kind of thing. They might sign up for it without realising what they're letting themselves in for, and who knows what would happen then...?
Out of interest... does anyone know what _does_ happen if a country signs a treaty and then realises it has made a mistake and shouldn't have done?
The purpose of treaties is to get widescale buy in, yet not to make the details so inflexible that it causes members too much pain upon implementation.
I'm with you there, but the problem is that this clause is broad in the wrong direction:
effective legal remedies shall be provided against those who [...]
It _requires_ remedies against anyone who produces _any_ of those things. A country that doesn't outlaw, say, the manufacture of general purpose computer devices could be held to have breached the treaty. A simple substition of 'designed for the purposes of' instead of 'capable of' makes the treaty a whole lot _less_ specific. Sure, signatories can still outlaw PCs if they want to, but they don't have to any more.
Of course, our grep is a generalized tool, so not only can we build lists of "TODO" comments, we can hunt down "FIXME" and even "This is an ugly hack" and "I am so ashamed of this".
Sorry, Microsoft thought of this... "3. The method of claim 1, wherein the comment token is associated with a keyword specified by a developer during the interactive code development session."
It seems that what MS have patented is an interesting extension to this... they generate a checklist in a window, and when you tick items off, that removes the comment automatically. And they automatically add syntax errors to it while you type, too.
Yes, they've also claimed what you do, but that's just SOP when filing for patents.
It's probably not the company the data belongs to that's selling it. Most large companies get rid of old PCs by calling in a PC recycling company. These people will say "yes, of course we get rid of your data securely", then do a quick format (essentially just putting a new filesystem over the top of the old one and not wiping the data areas) and sell it on.
Why do they sell it rather than disposing of it through ordinary channels? Because they're not legally allowed to dispose of it in any way that would end up in a landfill site. Which is almost every way that they could dispose of it, other than selling it. They could, I guess, separate out the case from the platters, melt everything down and sell it as scrap metal, but (a) it would be worth even less and (b) would be more difficult to arrange.
The problem is that recycling laws make it almost impossible for these people to do anything else.
From what I can see, it isn't a vanity press (who charge you up-front for the privelege of publishing your book), but they certainly don't seem to be reputable. They do say some things that aren't true in their marketing material, like:
If I publish with BookSurge, can I still sell my book to a 'traditional publisher' or enter it into contests?
You still control all the rights to your book. You may effortlessly transition into a traditional publishing deal. We will only need 30 days to remove your files from our system.
One of the rights that a 'traditional publisher' is likely to be highly interested in is the right to be the first to publish your book. Which you'd no longer be able to give them...
The Standard Bookseller Discount.
40% discount. Pre-paid, non-returnable.
uh-huh? Standard bookseller terms is, I believe 50%. 30 days credit. Sale-or-return.
It requires one surface that is hotter than the other... but it does make the cool one get hotter as an effect of operation. Probably not smart.
If it has to be decrypted by the OS when it gets swapped in, it can be decrypted to fish for passwords.
Huh? Not if the key is randomly generated on each boot... then every time you shut down, there's no need to worry about anything that might be in your swap.
Stuff could be extracted if you could stop & inspect a running system, but that requires pretty fancy hardware, I suspect.
I suspect Knoppix has wipe(8):
NAME
wipe - securely erase files from magnetic media
SYNOPSIS
wipe [-f][-c][-r][-q][-i]
(That doesn't suggest it should work with devices, but it does...)
I don't believe you _can_ grab the NTLM hash that simply. Don't domain servers use kerberos authentication? At that point, the password ought to be stored encrypted with the server's public key (? not too sure on the details of kerberos, but I think that works), so you would have to crack that public key to get it out... at which point the network has worse problems than you find a coworker's password :)
Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
Indeed, and under Windows (quoted from msdn.microsoft.com):
The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file.
It's a good policy, but what happens if you can't do anything with the hard drive? I possess a single laptop computer, and when its motherboard went faulty a while back, I had no choice but to send it in to be serviced without touching the hard disk.
I tell you, getting a guarantee from the service company that they wouldn't do a 'system restore' or anything else destructive to the hard disk was a nightmare.
"We recommend you perform a backup before sending the computer in."
That's really useful, but the system won't boot and I don't have any others with the right connector for the hard disk.
Yes, but nobody has said that the operating system is.
I have heard that MS went to substantial lengths to ensure that the password of your encrypted files never gets swapped.
Yeah, but assuming he'd seen someone using the lock, or the lock was of a standard model which is fixed to a certain number of digits, he could probably know how many digits there were in the pin.
It doesn't seem so unrealistic to me.
Well, I think what's scaring most people is the idea that the messages can be pulled out of some storage somewhere. If you send a letter by post, you don't expect the post office to be able to produce a copy on request at some later point.
I would have assumed that phone companies didn't keep copies of the messages. It must be a hugely redundant database they've got there.
ANUS LECTOR!
Does that mean somebody who reads arseholes?
The idea that the courts determine whether or not someone ACTUALLY IS GUILTY is a stupid and common American fallacy. (I don't know what it's like elsewhere.)
I don't know about the US, but here in the UK, then if a court has found you guilty, then legally speaking you _are_ guilty, until and unless an higher court overturns that finding. It's called a "legal fiction" -- that is, it may not be true, but it is assumed to be for the purposes of running the legal system.
A similar thing is evident in civil procedures, where if you send a claim form to someone by first class post, it is assumed to arrive the next day. Even if it doesn't arrive until two weeks later, the counting of dates for procedure purposes still takes place from the day after it was sent. (Although in practice, the defendant can generally apply for an extension and will almost always get one).
Note to mods: the above should have been moderated Interesting, not Insightful.
WTF's the difference, anyway? The comment was both, in my opinion. The poster expressed his insight into the situation, which might not be entirely relevant to the current market still qualifies as an insight. It was also an interesting one.
No word on where people got the dual-layer media.
I was in my local PC World (UK's leading PC retailer) yesterday. They have recently acquired a stock of dual-layer writers. I asked about dual layer media and the assistant looked blank, pointing to the boxes of single-layer media that had been stacked next to the writers.
"You just use normal media with it."
"No, you see it says 4.7Gb here on the box of blanks, and the writer box says it can do 8.5Gb"
"Oh, don't worry about that. The main thing is it's faster. It does an 8 speed write."
???
I noticed a move to 7200 as the base in my local retail outlets about 3 months ago. You now can't get small 5400rpm drives (i.e. less than 60Gb), because the retailers decided the price difference (about GBP 5-10) made it pointless stocking them.
As an aside, with my server's onboard ATA33 interface, I've hardly noticed a difference. I'm not sure if the problem's with ATA33 or the ancient implementation of it used in my motherboard (can't remember when I acquired it, but I know it was one of the first to support UDMA).
Since it will be open source, you will be able to read the ranking algorithms and change/abuse them as you see fit.
Actually, this is an interesting idea. Allowing site users to fiddle with the algorithm used to rank their results... if you're not using the same algorithm as everyone else, SEO tactics might actually decrease results!
I'm an AltaVista alumni
I think you mean alumnus. Alumni is plural.
and I got to watch them forget about search and do a bunch of useless crap instead, then die. I was hoping Google would be different.
And I think it is. In case you hadn't noticed, gmail is about searching... just searching through e-mail, rather than web pages. Same as Google Groups is about searching newsgroups.
It's cheap consumer electronics. Return it and get one that does not have this issue, then resume your life. No story here, move along.
Yes & no. We're not talking about a faulty piece of equipment. We're talking about a problem that:
1. should have been easily found by the vendor exercising the slightest competence
2. could actually cost somebody serious money (either due to unauthorised access to their LAN, or through unauthorised use of their internet connection)
If 2 *actually* happened to you, you probably have a case. Even if it didn't, you *might* be able to make a strong enough case for exemplary damages (or equivalent in your local jurisdiction, if it has one), purely on the basis that 2 *could* have happened.
. Maybe someone could do brisk business selling router "safes" that only have a couple holes for cabling in the back, but require a key to open up to access.
:)
That'll work for wireless access points.