The problem with these arguments is that they assume two things:
1) Your goals and my goals are the same (or even compatible) 2) My short-term goals and my long-term goals are the same (or even compatible)
Security through obscurity IS good--for vendors, short-term. It is also somewhat good for customers, short-term. A bug no one knows about is a bug that no one is exploiting.
But it also means that a cracker can exploit it tomorrow. That's why for customers LONG-TERM non-obscurity is best. And that's why companies who pay attention to the long-term use non-obscurity. -- Give us our karma back! Punish Karma Whores through meta-mod!
There used to be a link around here somewhere for people who wanted to do book reviews. Where is it? -- Give us our karma back! Punish Karma Whores through meta-mod!
I'm not bitching or moaning. I'm weighing utility vs cost. Is this interview worth the amount of work? Not to me. Probably not to a lot of people, that's why I asked the question.
I might make the same comment to you re: killfiles. If you want killfiles, go ahead and implement them. Or is that "too much work"? -- Give us our karma back! Punish Karma Whores through meta-mod!
Same in Netscape. But I refuse to go to "Edit...Preferences...Netscape....Colors...click click *think* select" just to read a single website. -- Give us our karma back! Punish Karma Whores through meta-mod!
Semantics is EXACTLY the problem. Your definition of "ownership" has a wart stuck on the side. The definition of ownership is something like "having full control of an item". But your wart says "or partial control each by different parties". In the case of Office 2000, you can control some of the use of the CD, Microsoft controls the rest of the use (copying, multiple installs, etc).
Trouble is, that your definition is self-defeating in the case where the multiple owners do not have aligned goals. For instance, you want to share with your friends, MS wants to maximize profit. The only way to make this work is to have a contract among the multiple owners (known as a "license") that lays out what each party can do.
That why I said in another post that copying CDs isn't stealing on the part of the recipient, it's breaking a contract on the part of the donater. And THAT difference isn't just semantics. For one thing it shifts the crime to another person. For another, it brings the entire who-owns-what-and-why issue out into the open. -- Give us our karma back! Punish Karma Whores through meta-mod!
When Ford builds a car and sells it to me, I own it. I can resell it to anyone I want without consulting Ford. I can break it into "functional parts" (the engine, the chassis, the radio, etc) and sell those individually. The car is MINE. There is no ephemeral "ownership by Ford" of any of the physical parts of a car that has been sold to me. How is a CD different? -- Give us our karma back! Punish Karma Whores through meta-mod!
So who owned it? My friend? Or the "copyright holder"? If it was the copyright holder, what did my friend pay for?
I suppose you could respond "My friend had a contract (called a "license") with the copyright holder than he wouldn't make copies". But then it's my friend who did something illegal (breaking a contract, not stealing) while I am just a fortunate beneficiary (still not a theif). -- Give us our karma back! Punish Karma Whores through meta-mod!
Why oh why do so many tech sites (/. fortunately excepted) insist on using white text on a black background? Attn Webmasters: This is unreadable!
Now, to the point. It's great that NVidia apologized. It's even greater that they admitted wrongdoing. But the question is: What steps are being taken to ensure it never happens again? -- Give us our karma back! Punish Karma Whores through meta-mod!
The reason for a boycott is to show a company that they will actually make MORE money if the accede to your demands. The problem is, the RIAA WON'T make more money this way. How could they possibly be making more money than they already are?
Let's say they adopt some kind of downloadable, micropayment system where you pay $1/song. That's slightly LESS than you are paying for songs right now PLUS they don't force you to buy the whole CD to get the one song. So they lose money there.
Even worse (for them), suppose we got what we really wanted: IP reform. We'd be able to trade songs with each other legally--and the RIAA would lose even more money.
No, boycott will do nothing because our demands essentially castrate the RIAA. They are fighting for their lives. -- Give us our karma back! Punish Karma Whores through meta-mod!
If someone who "own's a CD" of Autocad or Microsoft Office "give's you a copy" then by this logic you are not "stealing" either
Correct. I'm glad you are catching on. Stealing is when you take something from someone without their permission. This person gave me the CD, therefore I didn't take it without permission.
Or can you explain how this would be "stealing" (don't explain how it's illegal, I know that already, explain how it is stealing) -- Give us our karma back! Punish Karma Whores through meta-mod!
All of the MP3's that I have were either burned by me from CD's I own OR given to me by people who own the CD's. Some of them are illegal (under existing laws) but NONE of them are "stolen". -- Give us our karma back! Punish Karma Whores through meta-mod!
I was about to post something cautioning people about a boycott. It was going to say something about "don't skew the 'napster users don't buy CDs' polls--make sure people know it a BOYCOTT".
Then I realized: While it isn't my goal to reduce the profits of the RIAA, that is an inevitable outcome of what my goal IS. So screw it, I don't care if study after study finds that "Napster users buy fewer CD's". Good! That means they are sharing! It's not a bug, it's a feature! -- Give us our karma back! Punish Karma Whores through meta-mod!
1) Using legal means to keep information from spreading 2) Using non-legal (but not necessarily illegal) means to keep information from spreading 3) Giving away physical matter. 4) Charging money for anything at all. 5) "Must" vs "should" Let's stick with the pharm example. Let's say DrugCo works 20 years and perfects an anti-aging cream (a real one).
No one is saying they MUST immediately hire a dozen planes so they can shower the populace with free bottles of the miracle drug, although clearly this would be nice. They can sell the physical cream and bottles it comes in.
No one is saying they MUST print the formula on the side of the bottle. Then can sell or not sell the formula all they want.
What we ARE saying is that I own the knowledge that is in my head. So if a copy of the formula makes it's way into my head (through whatever means) then I should have no legal restraints on what I can do with it (beyond the legal restraints I have on the rest of my knowledge). This might include telling other drug companies, starting my own drug company or just saying "Hm, so that's how they do it" and forgetting the whole thing.
In other words, if YOU want to turn knowledge into money by keeping the knowledge a secret, then YOU are responsible for the keeping the secret.
This same argument could have been posted to the "Napster isn't releasing their source code" story. Napster is in the business of trading secrets that have already been revealed (we call those secrets "music"). This should be perfectly legal. But Napster's secret (the source code) hasn't yet been revealed. No big deal, it will be eventually (or we will stop caring). Napster apparently sees value in keeping their secret where Metallica didn't. Fine. -- Give us our karma back! Punish Karma Whores through meta-mod!
Thanks for the tip, gnus is pretty cool. Only one thing I can't figure out (and I've been all over info): I can list "all groups" (A A) but when I try to search them for a regexp (A M) it just searches the contents of.newsrc. How do I save the "all groups" info out.newsrc for searching? Or don't I want to do that? -- Give us our karma back! Punish Karma Whores through meta-mod!
...so could someone explain how this works? Specifically, what about the "last mile"? I think I understand that "once in a while" a router will send some extra info with a packet saying who IT got the packet from. But if I'm spoofing, won't the FIRST router be wrong to begin with? Or does my connection to the first router have to be legitimate in order to insert fake packets?
In any case, this doesn't really solve the problem. The black hats can still crack large numbers of machines (as long as, if they are spoofing to do so, they do it in under 20,000 packets) each of which can launch a non-spoofed DoS attack. No sysadmin is going to trace each of these DoS'ers back individually. And it can't be automated, remember, because the large set of machines is not spoofing. -- Give us our karma back! Punish Karma Whores through meta-mod!
Remembering the halcyon days of yesteryear (1993-5) when I frequented a number of idyllic newgroups, I fired up a tin on my home Linux box. WTF? I couldn't make hide or hair of this piece of crap software (and I used it for about a week). It took, literally, several minutes to start up, I could never remember how to move from group view to subject view to message view (and back) and I had no idea how to subscribe/unsubscribe. Also, no one ever responded to my posts--leading me to wonder if they were actually being posted (I realize that if they weren't it might not be the fault of my reader).
I remember using (and liking) nn back in the day but didn't find it on my machine. What good non-graphical (nostalgia value, mostly) newsreaders are there for Linux? Or was I just misusing tin? How about for the Mac (for my wife)? -- Give us our karma back! Punish Karma Whores through meta-mod!
"However, the information on the CD is copyrighted by them, and you use it with their permission."
Yes, under current law. No one is disputing what the current law says. You said that "surely" no one would object to a ban on ACD circumvention. *I* do object because it makes moral things illegal (or just more illegal in some cases).
As for your website example: So...you came up with an example where I would agree circumventing an ACD would be wrong. Point? I didn't say it was bad in all cases, I said I didn't necessarily agree it was good in all cases. -- Give us our karma back! Punish Karma Whores through meta-mod!
1) Linus doesn't have "the copyright to Linux". Parts of the Linux source code are copyrighted to Linus, parts to other people.
2) I make no claims to the source code of Win95--because it wasn't sold to me.
3) What WAS sold to me was a device (implemented in software). Once the device is in my hands, I consider that it is MINE to use, misuse, break, destroy, etc in exactly the same way a car is mine. -- Give us our karma back! Punish Karma Whores through meta-mod!
...is that there were people willing to spend actual money on buying a device that would run a process that was intended to use just your spare CPU cycles. For their next hoax, I propose the create a Screensaver On A PCI Card. "Get 18 Million Triangle/sec!" -- Give us our karma back! Punish Karma Whores through meta-mod!
"Sure, but you have permission to break your own access control device."
That depends on your definition of "your own". *I* consider my copy of Windows 95 to be MINE in totality. Therefore I can circumvent MY access control device and install on multiple machines. The DMCA thinks otherwise. -- Give us our karma back! Punish Karma Whores through meta-mod!
No, you need to read more. I said "no facility for remotely starting a local bulk load". If I am on machine A, I have no way to tell Oracle on machine B to bulk load a file directly from B's harddrive. If you wish to claim that is possible, you are going to have to provide a URL for proof.
"...600 mhz p3, 128 mb ram Dell inspiron 3800. Your desktop is probably about as powerful, yes?"
Nope. I finished testing a year ago (started 18 months ago) with a spare desktop. If I recall, it was a PII 300 with 64 MB. Also, totally unoptimized (i.e. no kernel tweaks, etc). Just a straight RedHat install with a straight Oracle install on top. -- Give us our karma back! Punish Karma Whores through meta-mod!
"But surely you want it to be made illegal to circumvent an access control device, be it some form of encryption or a defense system on your computer."
Not in all cases. Let's say I buy a car. Should it be illegal for me to "circumvent the access control device" by welding the doors shut and removing the windows (a la the General Lee)? No, because it is MY car.
I happen to believe the same should apply to software. Once I've bought it, any "access control devices" are MY property to do with as I please. This doesn't just mean disable the licensing module. It also means decrypting (via a new system) data that I have already bought and decrypted via the "approved" system (i.e. decoding DVDs with DeCSS). -- Give us our karma back! Punish Karma Whores through meta-mod!
Oracle on NT a. '~crash by mistyping...' The answer to that of course, is to not mistype mission critical data, you should be using scripts for bulk trtansfer anyway.
Who said anything about typing "mission critical data"? As I said originally, I was typing field names into a GUI. My point was not "I'm going to need to type field names all the time so it better robust". My point was "if something so simple can go so wrong, what ELSE is broken".
"As an NT engineer, I can do ANYTHING from my laptop, from ANYWHERE in the world. Using only MS tools and a few scripts I wrote in vbscript. I concede that sometimes it would be nice to have a 'true' terminal connection to the server, but you don't 'need' it."
Oracle provides no facility for remotely starting a "local" bulk load (that I could find, anyway). This means that you must be running locally to load from a local disk. On Linux this is easy: telnet. On NT this requires time and/or money (which is what "MS tools and scripts I wrote" translates to).
"Only 20mb a minute? bwahahahaha I can reload data into my NT, MS SQL server at over 150MB PER MINUTE."
Different hardware. I was using a simple desktop for benchmarking (to get comparisons, not absolute numbers). In any case I wasn't using bulk loading to restore--Oracle has an actual backup/restore mechanism that doesn't require reinsertion of data. -- Give us our karma back! Punish Karma Whores through meta-mod!
I've only used this a couple of times, but both times it was an absolute GODSEND. Available from emacs, it windows itself, shows both source files and what the final will look like. Easy to use. -- Give us our karma back! Punish Karma Whores through meta-mod!
Slashdot Mirror
The problem with these arguments is that they assume two things:
1) Your goals and my goals are the same (or even compatible)
2) My short-term goals and my long-term goals are the same (or even compatible)
Security through obscurity IS good--for vendors, short-term. It is also somewhat good for customers, short-term. A bug no one knows about is a bug that no one is exploiting.
But it also means that a cracker can exploit it tomorrow. That's why for customers LONG-TERM non-obscurity is best. And that's why companies who pay attention to the long-term use non-obscurity.
--
Give us our karma back! Punish Karma Whores through meta-mod!
There used to be a link around here somewhere for people who wanted to do book reviews. Where is it?
--
Give us our karma back! Punish Karma Whores through meta-mod!
This is really neat. Thanks for taking the time to type it out.
--
Give us our karma back! Punish Karma Whores through meta-mod!
I'm not bitching or moaning. I'm weighing utility vs cost. Is this interview worth the amount of work? Not to me. Probably not to a lot of people, that's why I asked the question.
I might make the same comment to you re: killfiles. If you want killfiles, go ahead and implement them. Or is that "too much work"?
--
Give us our karma back! Punish Karma Whores through meta-mod!
Same in Netscape. But I refuse to go to "Edit...Preferences...Netscape....Colors...click click *think* select" just to read a single website.
--
Give us our karma back! Punish Karma Whores through meta-mod!
Semantics is EXACTLY the problem. Your definition of "ownership" has a wart stuck on the side. The definition of ownership is something like "having full control of an item". But your wart says "or partial control each by different parties". In the case of Office 2000, you can control some of the use of the CD, Microsoft controls the rest of the use (copying, multiple installs, etc).
Trouble is, that your definition is self-defeating in the case where the multiple owners do not have aligned goals. For instance, you want to share with your friends, MS wants to maximize profit. The only way to make this work is to have a contract among the multiple owners (known as a "license") that lays out what each party can do.
That why I said in another post that copying CDs isn't stealing on the part of the recipient, it's breaking a contract on the part of the donater. And THAT difference isn't just semantics. For one thing it shifts the crime to another person. For another, it brings the entire who-owns-what-and-why issue out into the open.
--
Give us our karma back! Punish Karma Whores through meta-mod!
When Ford builds a car and sells it to me, I own it. I can resell it to anyone I want without consulting Ford. I can break it into "functional parts" (the engine, the chassis, the radio, etc) and sell those individually. The car is MINE. There is no ephemeral "ownership by Ford" of any of the physical parts of a car that has been sold to me. How is a CD different?
--
Give us our karma back! Punish Karma Whores through meta-mod!
So who owned it? My friend? Or the "copyright holder"? If it was the copyright holder, what did my friend pay for?
I suppose you could respond "My friend had a contract (called a "license") with the copyright holder than he wouldn't make copies". But then it's my friend who did something illegal (breaking a contract, not stealing) while I am just a fortunate beneficiary (still not a theif).
--
Give us our karma back! Punish Karma Whores through meta-mod!
Why oh why do so many tech sites (/. fortunately excepted) insist on using white text on a black background? Attn Webmasters: This is unreadable!
Now, to the point. It's great that NVidia apologized. It's even greater that they admitted wrongdoing. But the question is: What steps are being taken to ensure it never happens again?
--
Give us our karma back! Punish Karma Whores through meta-mod!
The reason for a boycott is to show a company that they will actually make MORE money if the accede to your demands. The problem is, the RIAA WON'T make more money this way. How could they possibly be making more money than they already are?
Let's say they adopt some kind of downloadable, micropayment system where you pay $1/song. That's slightly LESS than you are paying for songs right now PLUS they don't force you to buy the whole CD to get the one song. So they lose money there.
Even worse (for them), suppose we got what we really wanted: IP reform. We'd be able to trade songs with each other legally--and the RIAA would lose even more money.
No, boycott will do nothing because our demands essentially castrate the RIAA. They are fighting for their lives.
--
Give us our karma back! Punish Karma Whores through meta-mod!
If someone who "own's a CD" of Autocad or Microsoft Office "give's you a copy" then by this logic you are not "stealing" either
Correct. I'm glad you are catching on. Stealing is when you take something from someone without their permission. This person gave me the CD, therefore I didn't take it without permission.
Or can you explain how this would be "stealing" (don't explain how it's illegal, I know that already, explain how it is stealing)
--
Give us our karma back! Punish Karma Whores through meta-mod!
All of the MP3's that I have were either burned by me from CD's I own OR given to me by people who own the CD's. Some of them are illegal (under existing laws) but NONE of them are "stolen".
--
Give us our karma back! Punish Karma Whores through meta-mod!
I was about to post something cautioning people about a boycott. It was going to say something about "don't skew the 'napster users don't buy CDs' polls--make sure people know it a BOYCOTT".
Then I realized: While it isn't my goal to reduce the profits of the RIAA, that is an inevitable outcome of what my goal IS. So screw it, I don't care if study after study finds that "Napster users buy fewer CD's". Good! That means they are sharing! It's not a bug, it's a feature!
--
Give us our karma back! Punish Karma Whores through meta-mod!
You are mixing several concepts:
1) Using legal means to keep information from spreading
2) Using non-legal (but not necessarily illegal) means to keep information from spreading
3) Giving away physical matter.
4) Charging money for anything at all.
5) "Must" vs "should"
Let's stick with the pharm example. Let's say DrugCo works 20 years and perfects an anti-aging cream (a real one).
No one is saying they MUST immediately hire a dozen planes so they can shower the populace with free bottles of the miracle drug, although clearly this would be nice. They can sell the physical cream and bottles it comes in.
No one is saying they MUST print the formula on the side of the bottle. Then can sell or not sell the formula all they want.
What we ARE saying is that I own the knowledge that is in my head. So if a copy of the formula makes it's way into my head (through whatever means) then I should have no legal restraints on what I can do with it (beyond the legal restraints I have on the rest of my knowledge). This might include telling other drug companies, starting my own drug company or just saying "Hm, so that's how they do it" and forgetting the whole thing.
In other words, if YOU want to turn knowledge into money by keeping the knowledge a secret, then YOU are responsible for the keeping the secret.
This same argument could have been posted to the "Napster isn't releasing their source code" story. Napster is in the business of trading secrets that have already been revealed (we call those secrets "music"). This should be perfectly legal. But Napster's secret (the source code) hasn't yet been revealed. No big deal, it will be eventually (or we will stop caring). Napster apparently sees value in keeping their secret where Metallica didn't. Fine.
--
Give us our karma back! Punish Karma Whores through meta-mod!
Thanks for the tip, gnus is pretty cool. Only one thing I can't figure out (and I've been all over info): I can list "all groups" (A A) but when I try to search them for a regexp (A M) it just searches the contents of .newsrc. How do I save the "all groups" info out .newsrc for searching? Or don't I want to do that?
--
Give us our karma back! Punish Karma Whores through meta-mod!
...so could someone explain how this works? Specifically, what about the "last mile"? I think I understand that "once in a while" a router will send some extra info with a packet saying who IT got the packet from. But if I'm spoofing, won't the FIRST router be wrong to begin with? Or does my connection to the first router have to be legitimate in order to insert fake packets?
In any case, this doesn't really solve the problem. The black hats can still crack large numbers of machines (as long as, if they are spoofing to do so, they do it in under 20,000 packets) each of which can launch a non-spoofed DoS attack. No sysadmin is going to trace each of these DoS'ers back individually. And it can't be automated, remember, because the large set of machines is not spoofing.
--
Give us our karma back! Punish Karma Whores through meta-mod!
Remembering the halcyon days of yesteryear (1993-5) when I frequented a number of idyllic newgroups, I fired up a tin on my home Linux box. WTF? I couldn't make hide or hair of this piece of crap software (and I used it for about a week). It took, literally, several minutes to start up, I could never remember how to move from group view to subject view to message view (and back) and I had no idea how to subscribe/unsubscribe. Also, no one ever responded to my posts--leading me to wonder if they were actually being posted (I realize that if they weren't it might not be the fault of my reader).
I remember using (and liking) nn back in the day but didn't find it on my machine. What good non-graphical (nostalgia value, mostly) newsreaders are there for Linux? Or was I just misusing tin? How about for the Mac (for my wife)?
--
Give us our karma back! Punish Karma Whores through meta-mod!
"However, the information on the CD is copyrighted by them, and you use it with their permission."
Yes, under current law. No one is disputing what the current law says. You said that "surely" no one would object to a ban on ACD circumvention. *I* do object because it makes moral things illegal (or just more illegal in some cases).
As for your website example: So...you came up with an example where I would agree circumventing an ACD would be wrong. Point? I didn't say it was bad in all cases, I said I didn't necessarily agree it was good in all cases.
--
Give us our karma back! Punish Karma Whores through meta-mod!
1) Linus doesn't have "the copyright to Linux". Parts of the Linux source code are copyrighted to Linus, parts to other people.
2) I make no claims to the source code of Win95--because it wasn't sold to me.
3) What WAS sold to me was a device (implemented in software). Once the device is in my hands, I consider that it is MINE to use, misuse, break, destroy, etc in exactly the same way a car is mine.
--
Give us our karma back! Punish Karma Whores through meta-mod!
...is that there were people willing to spend actual money on buying a device that would run a process that was intended to use just your spare CPU cycles. For their next hoax, I propose the create a Screensaver On A PCI Card. "Get 18 Million Triangle/sec!"
--
Give us our karma back! Punish Karma Whores through meta-mod!
"Sure, but you have permission to break your own access control device."
That depends on your definition of "your own". *I* consider my copy of Windows 95 to be MINE in totality. Therefore I can circumvent MY access control device and install on multiple machines. The DMCA thinks otherwise.
--
Give us our karma back! Punish Karma Whores through meta-mod!
'~no local bulk load in Oracle'
RTFM. Need I really say more?
No, you need to read more. I said "no facility for remotely starting a local bulk load". If I am on machine A, I have no way to tell Oracle on machine B to bulk load a file directly from B's harddrive. If you wish to claim that is possible, you are going to have to provide a URL for proof.
"...600 mhz p3, 128 mb ram Dell inspiron 3800. Your desktop is probably about as powerful, yes?"
Nope. I finished testing a year ago (started 18 months ago) with a spare desktop. If I recall, it was a PII 300 with 64 MB. Also, totally unoptimized (i.e. no kernel tweaks, etc). Just a straight RedHat install with a straight Oracle install on top.
--
Give us our karma back! Punish Karma Whores through meta-mod!
"But surely you want it to be made illegal to circumvent an access control device, be it some form of encryption or a defense system on your computer."
Not in all cases. Let's say I buy a car. Should it be illegal for me to "circumvent the access control device" by welding the doors shut and removing the windows (a la the General Lee)? No, because it is MY car.
I happen to believe the same should apply to software. Once I've bought it, any "access control devices" are MY property to do with as I please. This doesn't just mean disable the licensing module. It also means decrypting (via a new system) data that I have already bought and decrypted via the "approved" system (i.e. decoding DVDs with DeCSS).
--
Give us our karma back! Punish Karma Whores through meta-mod!
Oracle on NT a. '~crash by mistyping...' The answer to that of course, is to not mistype mission critical data, you should be using scripts for bulk trtansfer anyway.
Who said anything about typing "mission critical data"? As I said originally, I was typing field names into a GUI. My point was not "I'm going to need to type field names all the time so it better robust". My point was "if something so simple can go so wrong, what ELSE is broken".
"As an NT engineer, I can do ANYTHING from my laptop, from ANYWHERE in the world. Using only MS tools and a few scripts I wrote in vbscript. I concede that sometimes it would be nice to have a 'true' terminal connection to the server, but you don't 'need' it."
Oracle provides no facility for remotely starting a "local" bulk load (that I could find, anyway). This means that you must be running locally to load from a local disk. On Linux this is easy: telnet. On NT this requires time and/or money (which is what "MS tools and scripts I wrote" translates to).
"Only 20mb a minute? bwahahahaha I can reload data into my NT, MS SQL server at over 150MB PER MINUTE."
Different hardware. I was using a simple desktop for benchmarking (to get comparisons, not absolute numbers). In any case I wasn't using bulk loading to restore--Oracle has an actual backup/restore mechanism that doesn't require reinsertion of data.
--
Give us our karma back! Punish Karma Whores through meta-mod!
I've only used this a couple of times, but both times it was an absolute GODSEND. Available from emacs, it windows itself, shows both source files and what the final will look like. Easy to use.
--
Give us our karma back! Punish Karma Whores through meta-mod!