(for some reason the first time I loaded this page there were no comments, so some of this is duplicate)
Excellent! Very glad to hear it. There are a/ton/ of helpful resources out there for you. Here's a brain-dump of some of the most popular:
* CTFTime : http://ctftime.org/ : Website that tracks team scores, upcoming events, and writeups for previous events. * CapTF : http://captf.com/ : My CTF dump-site that includes a calendar, links to "practice" sites (aka Wargames), and many years worth of CTF events archived * Field Guide : http://trailofbits.github.io/c... : Specifically covering the skills / approaches, the field guide is a good read for anyone getting into this world. * Guide for Running a CTF : https://github.com/pwning/docs... : Written by PPP (CMU's ever-dominant CTF team) along with feedback from the broader CTF community, this guide is more relevant when making a CTF, but can aid in understanding how the good CTFs are designed. * PicoCTF : https://picoctf.com/ : PicoCTF is designed for high school students, but had an awesome difficulty curve, getting up to some relatively advanced challenges by the end of it. It's also extremely well designed, runs for a longer period of time and is a * CSAW : https://ctf.isis.poly.edu/ : One of the best events targeted specifically at College students, unfortunately the qualifier round just finished, and the participants already selected for the final round, but you can always check out the archives of previous challenges to get a feel for the difficulty. Note that the qualifier event is typically intended to be much easier than the in-person finals to better encourage new students to get into the sport. * IRC : irc.freenode.net#pwning : There's a lively and active community in #pwning on freenode that would be happy to help you with questions/advice related to CTFs. * YouTube : There's a couple of different presentations/talks on CTFs over the years. If your'e interested in learning more about attack-defense CTFs and in-particular DEF CON CTF, I gave an old talk that's mostly still relevant (https://www.youtube.com/watch?v=okPWY0FeUoU), though I'd recommend you not focus on A/D at first, but just get into the regular challenge based or jeopardy boards as they're sometimes called.
The best way to prepare for CTF is by... playing CTFs. There's no real magic formula, just go out there and start working on challenges. Old CTFs are great as learning exercises since you can usually cheat and read a writeup, but avoid the temptation as much as possible. If stuck, go off and try another problem first, and only if you're/really/ stuck should you check out a writeup.
This is an important point. I'm no really sure what the GP means. In fact, long ago when I actually understood a very tiny bit about how these things worked I asked a similar question on sci.crypt and got the following responses:
You're getting killed on that price! I pay $12 a month for 20 channels that sounds the same thing! Incidentally, it's with Cox Cable, and it was originally $10 when I first signed up, though the price has gone up slightly. Here's what their website says:
Cox Standard Cable = Cox Limited* + Cox Expanded
Cox Limited* - Some areas call this service Cox Basic.
Includes access to all of your local channels.
Cox Expanded
Includes an additional range of cable networks featuring ESPN, Travel Channel, Discovery Channel, Cartoon Network and so much more. Cox Expanded service is only available with Cox Limited service.
Standard Cable is also referred to as Complete Basic Cable, or Cox Classic Cable in some areas.
PLEASE NOTE: If you have Limited Cable only, you must upgrade to Cox Standard Cable when purchasing the service online. If you have only Limited Cable, please check the box marked "None" to see the savings and total monthly charges for the Cox Connection.
Really interesting how you basically can't upgrade your account at all from that plan via the website. Hey, at least I pay 25% of what I could be from the sound of it!
Actually, there are a couple of ways to prevent an innocent third-party browser from sending referer information, HTTP redirects for one. That combined with the fact that many browser security extensions and firewalls block sending of referers means that you can't distinguish between users intentionally trying not to leak information and an innocent client tricked into visiting without a referer.
As long as you're willing to inconvenience folks by requiring a valid referer, and not just trying to filter anything besides yours while still allowing blanks, then you'll be fine. At least, you will until someone discovers another arbitrary header vulnerability like those found previously in IE's XMLHTTPPC or Flash.;-)
No it can't. The same-origin policy prevents javascript from one website from accessing objects returned from another website. Kinda. It's complicated and there are occasionally ways to hack it, but generally speaking when same-origin is working, the token is a pretty secure mechanism.
The best way to break tokens like that is to find some XSS on the site you're attacking -- that allows you to get javascript running within the domain of the remote site./Then/ you can do what you described above and have your javascript access the token and return it. That's what Samy did with the SamyIsMyHero worm.
While I generally agree with what you wrote, I think you either misspoke or have a misunderstanding of copyright.
Technically, it's illegal to take a fact without citing it
Facts can't be copyrighted. For my citation, see any commonly accepted explanation of copyright ever written. Given that, I have no idea how you can conclude that it's illegal to take a fact without citing it.
Maybe you're not talking about copyright, but rather common courtesy and the standards of research that most professions self-police themselves with? If so, it's got nothing to do with law.
I would have written the exact same sentence if my opponent was in a similar position at a Catholic, Baptist, Buddhist, etc, organization, or was technical staff for Seven-eleven, Sears, or pretty much any non-security company.
Read it again and you'll notice I also included myself in the category of "people you wouldn't expect in the finals of a web hacking competition". So unless you think I was also calling myself stupid, I wasn't belittling anyone. Merely pointing out that neither of us were the first folks you'd expect to see in the semi-finals.
Thanks much. I was serious in the original post -- almost all the competitions were down to the wire, a number of folks could have easily won. I got pretty lucky.
Actually, last year HD Moore did exactly that -- cracked the vmware image using the metasploit framework and won that way. According to the conference organizers anyway.
Besides, I never claimed that I was a "real hacker".:-)
(yes, that's me. Holy crap, I've been slashdotted!)
Partially to promote open-source software, and partially as a free service to help people get crapware off their machines. Incidentally, at least one person comes up with a totally non-functional machine and no windows installers, so we send them home with a working linux laptop and pointers to the local linux user group.
While it's on-campus and focused at students, anyone's welcome to bring their machines to be cleaned. The next one is actually coming up in a few weeks, it'll be announced on the same blog as linked to above.
Not sure when you last tried it, but Marc's constantly updating it. In one of the more recent builds he did add support for quoting using ">" and it works for me. Download the latest stable and check the composition preferences, you should see the option you're looking for.
There's still no way to change from top-posting as far as I know. I've gone back and forth between defaulting top-posting to bottom-posting in thunderbird so many times that now I don't bother with any consistent style and just match whatever is happening with the email thread I'm currently in (what would really be nice would be some intelligence in the client to adjust according to what other folks are doing, and use my default setting if it doesn't know)
Marc's really good with adding new features constantly. And since you don't pay for upgrades, it's well, well worth the cost. I just posted a forum comment to him suggesting he revisit the bottom-posting issue. Check back in the forum every now and then to see if/when he adds it.
When I bought my Treo I seriously considered the Windows versions. (I generally don't like Windows - it as a platform just doesn't suit my tastes) The deal-breaker was the screen resolution, and so I got my 650. I think it was the right choice for me but it's agonizing that they haven't modernized the OS. I want international text support. I want decent multitasking support. (I want my device to be able to fetch my e-mail without crashing the whole device in the middle of whatever I'm doing.)
Me too, that's why I purchased Chatter mail on my treo. Best $40 I've spent on software, ever.
That said though, I definitely agree about the aging OS in Palm. I've been looking forward to whatever linux-based OS they were going to come out with for many, many years now. I've had a Palm Personal, (with and without the upgrade chip), Palm III, Palm V, Palm Vx, Tungsten T2, Treo 650, and now a Treo 680. I've got too much software I know I'd miss if I hopped to any other platform, and the depth of well-done programs out there for the palm is amazing, but they really need to get off their butts with a modern OS.
Oh, not about the singularity, but about the future of Software Archeologists. I always loved the descriptions of Pham Nuwen working with software thousands of years old and having to treat it like an archaeological dig.
Thanks, Cap'n for once again demonstrating why you're on my favorites here.:-)
The other important point I think is that unless the DRM automatically expires itself when the copyright ends (and that's impossible unless the DRM has access to some trusted time source (hah!) and is psychically able to predict copyright term extensions), it's not fulfilling the original balance of copyright, even aside from subsequent fair uses we're figuring out for ourselves.
Too late for this to do any good likely, but somebody with points, please mod up the last two comments! They're great examples of why DRM is intrinsically bad, even when you try to use it for "good" intentions.
Unless DRM magically goes away at the end of a copyright term (good luck automating that given the ever-changing deadline -- Thanks, Disney), you're violating the implicit balance that copyright is supposed to be by definition.
That balance is between the public good and the private incentive to create. DRM strips the benefit to the public.
The license isn't a crowbar, it's a shield. It's a shield for YOUR code you're writing, a shield for the ideal that you don't want your code used unless others can modify it and use it. If someone's use of your code is limited by hardware restrictions and you want to further strengthen that shield by V3, then go for it. If you as an author don't like carrying the ideal that far and you think access to the source is enough, don't use V3 (as you seem to suggest you won't be). There's room for more than one OSS license.
The example you site has nothing to do with the GPLV3. The fault is either with:
1) The company who released hardware built on code that allowed others to change the code in an environment where that's a bad idea. (ie, build your own fricking code, don't rely on others who want their code to be modifiable, not just easy to print out and stare at)
or
2) The moron who loaded code onto a machine that could cause problems, probably violating federal law in using a non-FDA approved device (since I imagine the FDA approval only covers the device with specific code).
The GPLV3 is not evil and didn't cause anyone's heart monitor problems, the above did.
Scroll to the bottom, specifically the section near: "The Foundation will, before it emits a first discussion draft, publicize the process by which it intends to gather opinion and suggestions. The Free Software Foundation recognizes that the reversioning of the GPL is a crucial moment in the evolution of the free software community, and the Foundation intends to meet its responsibilities to the makers, distributors and users of free software. In doing so, we hope to hear all relevant points of view, and to make decisions that reflect the many disparate purposes that the license must serve."
That could very well be. Maybe that's why Maynor only pretended to stick an external card in. Let's look at the video more closely (http://news.com.com/1606-2_3-6101573.html?tag=ne. vid). He holds up an external card, and slides it into the slot on the left side of the laptop.
The left side of which laptop?
Oh, the black mac book. What? What's that you say?
The black mac book doesn't have any slot that would fit an external wireless card on the left side?
Well what do you know, you're right (see last photo on):
Could have been usb maybe, but the card is an odd shape for a usb wifi card. I don't have audio on this machine right now so I can't hear the video, but if he claims it's a pccard or pcmcia, then he definitely wasn't exploiting the card he waved around."
Using software beyond the scope of a particular license may very well be struck down if taken to court, and I certainly agree Microsoft is going to want to sell that argument as hard as they can. But are you willing to go to court to be the test case over it? Because it's gonna be a case by case decision, you can't just say, well clearly all contracts of this nature are unacceptable and unenforcable since it seems reasonable to suggest that some software license restrictions probably ARE valid, whether or not they all are. So who's going to volunteer to be the test cases to find out which is which?
Again, the whole point of this thread was that poster's parents are trying to do the "right thing". If by "right thing" they wanted to steer well clear of getting into legal trouble, then buying an OEM copy against the license restrictions is clearly not their best bet. If by "right thing" they want to do the minimum necessary to have some legal argument that might (or might not) stand up in court, then by all means, suggest they go for the OEM license.
I never sign a copy of the GPL when I use GPL licensed software, but I'm still covered by the terms. Or would you argue that because I didn't sign anything, I don't have to follow the GPL?
Repeat after me: "use constitutes acceptance"
Listen, I don't ~like~ the situation, as I've said many times before, this is one of the many reasons I just don't run microsoft software. But it is what it is.
I suspect if you look very carefully at the results of the WGA software there's probably some wording in it such that just because it says the license is valid, doesn't mean your particular use of it is. That would be where they might get you. Who knows. For the few copies of windows I need to personally run, they're covered under a site-license from the University where I work (including multiple work-at-home copies).
As cliche as it is, it really does serve as extra motivation to move folks to other operating systems. I got my sister and brother in law using Ubuntu. My dad moved himself to a Mac (which, actually, is probably _worse_ from an open/closed perspective in some ways than Microsoft -- but that's a long discussion entirely unrelated to this), and I've been working on getting my little brother to wean himself from photoshop so he can finally ditch windows.
Also, look again at that link I posted -- OEM copies purchased before September 2005 didn't have the same requirements. So it's entirely reasonable that your OEM copy of Windows was purchased before then. I doubt the WGA software can tell the difference, thus the decision to classify the license itself as legal. Again, I'm sure there's some legal loophole that Microsoft has in the fine print of that program that tells you that the results don't really count for anything, or are subject to certain conditions, blah, blah.
Q. Can OEM Microsoft software be purchased by itself or with "some hardware" such as a hard drive, etc.?
A. If it is an OEM Microsoft Desktop Operating System (such as Windows XP Pro or Windows XP Home), then it must also be sold only with a fully-assembled computer system as well (as of September 1, 2005), just like OEM server and application software. Prior to September 1, 2005, an OEM Desktop Operating System license could be sold with specific individual hardware components. These specific hardware components were defined as a nonperipheral computer hardware component... A "nonperipheral computer hardware component" means a component that will be an integral part of the fully assembled computer system on which the individual software license will be installed.." So, prior to September 1, 2005, an OEM Microsoft Desktop Operating System license (such as Windows XP Pro or Windows XP Home) could be sold with a hard drive, motherboard, CPU, memory, etc.
Being that we're past Sept. 1, 2005, it would appear that an OEM copy cannot be purchased (legitimately) without buying a complete system. And incidentally, the OEM license says when you install it you certify that you have the appropriate hardware (post Sep, that'd be a complete system), so you're reponsible for checking that you meet the requirements yourself instead of just trusting a shady vendor selling OEM software.
In the terms of the license agreement, microsoft stipulates you can only use an OEM license with a new system. The loophole of buying a cable or two doesn't cut it as of Sept 2005. Therefore, just because I've given microsoft money for an OEM copy, it doesn't mean I'm allowed to install it. I can give a toyota dealer money for a prius, but that doesn't mean I'm allowed to take a camry off the lot instead. Just because you can technically install an OEM copy on any old machine, doesn't mean you can LEGALLY install it on any old machine.
This is an example of contract law, which is, from what I hear, definitely part of the legal system of pretty much every country out there. And it's a good thing, too. Contract law and copyright law are what makes the GPL, etc, enforceable.
When you agree with a license agreement, you're entering a contract with microsoft. If you don't like the details (I often don't), DONT USE THE SOFTWARE. If more people took the time to read these things and take them seriously, we'd have more reasonable licenses. Until then, manufacturers will continue to say ridiculous things. Fortunately, sometimes the courts rule the some of those things are unenforcable, but I tell 'ya, I'd rather not be the test case. If I don't agree, I don't sign or buy.
More reading on why buying an OEM copy isn't legal without buying a whole system, straight from the horse's mouth:
Slashdot Mirror
(for some reason the first time I loaded this page there were no comments, so some of this is duplicate)
Excellent! Very glad to hear it. There are a /ton/ of helpful resources out there for you. Here's a brain-dump of some of the most popular:
* CTFTime : http://ctftime.org/ : Website that tracks team scores, upcoming events, and writeups for previous events.
* CapTF : http://captf.com/ : My CTF dump-site that includes a calendar, links to "practice" sites (aka Wargames), and many years worth of CTF events archived
* Field Guide : http://trailofbits.github.io/c... : Specifically covering the skills / approaches, the field guide is a good read for anyone getting into this world.
* Guide for Running a CTF : https://github.com/pwning/docs... : Written by PPP (CMU's ever-dominant CTF team) along with feedback from the broader CTF community, this guide is more relevant when making a CTF, but can aid in understanding how the good CTFs are designed.
* PicoCTF : https://picoctf.com/ : PicoCTF is designed for high school students, but had an awesome difficulty curve, getting up to some relatively advanced challenges by the end of it. It's also extremely well designed, runs for a longer period of time and is a
* CSAW : https://ctf.isis.poly.edu/ : One of the best events targeted specifically at College students, unfortunately the qualifier round just finished, and the participants already selected for the final round, but you can always check out the archives of previous challenges to get a feel for the difficulty. Note that the qualifier event is typically intended to be much easier than the in-person finals to better encourage new students to get into the sport.
* IRC : irc.freenode.net#pwning : There's a lively and active community in #pwning on freenode that would be happy to help you with questions/advice related to CTFs.
* YouTube : There's a couple of different presentations/talks on CTFs over the years. If your'e interested in learning more about attack-defense CTFs and in-particular DEF CON CTF, I gave an old talk that's mostly still relevant (https://www.youtube.com/watch?v=okPWY0FeUoU), though I'd recommend you not focus on A/D at first, but just get into the regular challenge based or jeopardy boards as they're sometimes called.
The best way to prepare for CTF is by... playing CTFs. There's no real magic formula, just go out there and start working on challenges. Old CTFs are great as learning exercises since you can usually cheat and read a writeup, but avoid the temptation as much as possible. If stuck, go off and try another problem first, and only if you're /really/ stuck should you check out a writeup.
This is an important point. I'm no really sure what the GP means. In fact, long ago when I actually understood a very tiny bit about how these things worked I asked a similar question on sci.crypt and got the following responses:
http://groups.google.com/group/sci.crypt/browse_thread/thread/d096e5e93192f176/6e0e62f174f8a9e3
You're getting killed on that price! I pay $12 a month for 20 channels that sounds the same thing! Incidentally, it's with Cox Cable, and it was originally $10 when I first signed up, though the price has gone up slightly. Here's what their website says:
Cox Standard Cable = Cox Limited* + Cox Expanded Cox Limited* - Some areas call this service Cox Basic. Includes access to all of your local channels. Cox Expanded Includes an additional range of cable networks featuring ESPN, Travel Channel, Discovery Channel, Cartoon Network and so much more. Cox Expanded service is only available with Cox Limited service. Standard Cable is also referred to as Complete Basic Cable, or Cox Classic Cable in some areas. PLEASE NOTE: If you have Limited Cable only, you must upgrade to Cox Standard Cable when purchasing the service online. If you have only Limited Cable, please check the box marked "None" to see the savings and total monthly charges for the Cox Connection.Really interesting how you basically can't upgrade your account at all from that plan via the website. Hey, at least I pay 25% of what I could be from the sound of it!
Actually, there are a couple of ways to prevent an innocent third-party browser from sending referer information, HTTP redirects for one. That combined with the fact that many browser security extensions and firewalls block sending of referers means that you can't distinguish between users intentionally trying not to leak information and an innocent client tricked into visiting without a referer.
;-)
As long as you're willing to inconvenience folks by requiring a valid referer, and not just trying to filter anything besides yours while still allowing blanks, then you'll be fine. At least, you will until someone discovers another arbitrary header vulnerability like those found previously in IE's XMLHTTPPC or Flash.
No it can't. The same-origin policy prevents javascript from one website from accessing objects returned from another website. Kinda. It's complicated and there are occasionally ways to hack it, but generally speaking when same-origin is working, the token is a pretty secure mechanism.
/Then/ you can do what you described above and have your javascript access the token and return it. That's what Samy did with the SamyIsMyHero worm.
The best way to break tokens like that is to find some XSS on the site you're attacking -- that allows you to get javascript running within the domain of the remote site.
http://en.wikipedia.org/wiki/Same_origin_policy
http://namb.la/popular/tech.html
While I generally agree with what you wrote, I think you either misspoke or have a misunderstanding of copyright.
Technically, it's illegal to take a fact without citing itFacts can't be copyrighted. For my citation, see any commonly accepted explanation of copyright ever written. Given that, I have no idea how you can conclude that it's illegal to take a fact without citing it.
Maybe you're not talking about copyright, but rather common courtesy and the standards of research that most professions self-police themselves with? If so, it's got nothing to do with law.
Whoops, sorry to mis-quote you, thanks for the correction.
;-)
Thanks again for doing such a great job with the contest, it was a lot of fun.
Scheduling permitting, I'll be there next year too now that I have a title to defend.
I would have written the exact same sentence if my opponent was in a similar position at a Catholic, Baptist, Buddhist, etc, organization, or was technical staff for Seven-eleven, Sears, or pretty much any non-security company.
Read it again and you'll notice I also included myself in the category of "people you wouldn't expect in the finals of a web hacking competition". So unless you think I was also calling myself stupid, I wasn't belittling anyone. Merely pointing out that neither of us were the first folks you'd expect to see in the semi-finals.
Thanks much. I was serious in the original post -- almost all the competitions were down to the wire, a number of folks could have easily won. I got pretty lucky.
You forgot the most important line item of all: mountain dew!
/ feb8/images/2007-02-08_12-41-10.jpg (hiding behind the monitor)
And yes, I was drinking dew for the finals:
http://www.rsaconference.com/2007/US/press/photos
Actually, last year HD Moore did exactly that -- cracked the vmware image using the metasploit framework and won that way. According to the conference organizers anyway.
:-)
Besides, I never claimed that I was a "real hacker".
(yes, that's me. Holy crap, I've been slashdotted!)
Florida Free Culture does the same thing every semester at the University of Florida:
- tuesday-wednesday/
http://uf.freeculture.org/2006/09/16/free-your-pc
Partially to promote open-source software, and partially as a free service to help people get crapware off their machines. Incidentally, at least one person comes up with a totally non-functional machine and no windows installers, so we send them home with a working linux laptop and pointers to the local linux user group.
While it's on-campus and focused at students, anyone's welcome to bring their machines to be cleaned. The next one is actually coming up in a few weeks, it'll be announced on the same blog as linked to above.
Not sure when you last tried it, but Marc's constantly updating it. In one of the more recent builds he did add support for quoting using ">" and it works for me. Download the latest stable and check the composition preferences, you should see the option you're looking for.
There's still no way to change from top-posting as far as I know. I've gone back and forth between defaulting top-posting to bottom-posting in thunderbird so many times that now I don't bother with any consistent style and just match whatever is happening with the email thread I'm currently in (what would really be nice would be some intelligence in the client to adjust according to what other folks are doing, and use my default setting if it doesn't know)
Marc's really good with adding new features constantly. And since you don't pay for upgrades, it's well, well worth the cost. I just posted a forum comment to him suggesting he revisit the bottom-posting issue. Check back in the forum every now and then to see if/when he adds it.
Me too, that's why I purchased Chatter mail on my treo. Best $40 I've spent on software, ever.
That said though, I definitely agree about the aging OS in Palm. I've been looking forward to whatever linux-based OS they were going to come out with for many, many years now. I've had a Palm Personal, (with and without the upgrade chip), Palm III, Palm V, Palm Vx, Tungsten T2, Treo 650, and now a Treo 680. I've got too much software I know I'd miss if I hopped to any other platform, and the depth of well-done programs out there for the palm is amazing, but they really need to get off their butts with a modern OS.
Oh, not about the singularity, but about the future of Software Archeologists. I always loved the descriptions of Pham Nuwen working with software thousands of years old and having to treat it like an archaeological dig.
Thanks, Cap'n for once again demonstrating why you're on my favorites here. :-)
The other important point I think is that unless the DRM automatically expires itself when the copyright ends (and that's impossible unless the DRM has access to some trusted time source (hah!) and is psychically able to predict copyright term extensions), it's not fulfilling the original balance of copyright, even aside from subsequent fair uses we're figuring out for ourselves.
Too late for this to do any good likely, but somebody with points, please mod up the last two comments! They're great examples of why DRM is intrinsically bad, even when you try to use it for "good" intentions.
Unless DRM magically goes away at the end of a copyright term (good luck automating that given the ever-changing deadline -- Thanks, Disney), you're violating the implicit balance that copyright is supposed to be by definition.
That balance is between the public good and the private incentive to create. DRM strips the benefit to the public.
The license isn't a crowbar, it's a shield. It's a shield for YOUR code you're writing, a shield for the ideal that you don't want your code used unless others can modify it and use it. If someone's use of your code is limited by hardware restrictions and you want to further strengthen that shield by V3, then go for it. If you as an author don't like carrying the ideal that far and you think access to the source is enough, don't use V3 (as you seem to suggest you won't be). There's room for more than one OSS license.
The example you site has nothing to do with the GPLV3. The fault is either with:
1) The company who released hardware built on code that allowed others to change the code in an environment where that's a bad idea. (ie, build your own fricking code, don't rely on others who want their code to be modifiable, not just easy to print out and stare at)
or
2) The moron who loaded code onto a machine that could cause problems, probably violating federal law in using a non-FDA approved device (since I imagine the FDA approval only covers the device with specific code).
The GPLV3 is not evil and didn't cause anyone's heart monitor problems, the above did.
As for a comment period, check out:
http://www.fsf.org/news/gpl3.html
Scroll to the bottom, specifically the section near: "The Foundation will, before it emits a first discussion draft, publicize the process by which it intends to gather opinion and suggestions. The Free Software Foundation recognizes that the reversioning of the GPL is a crucial moment in the evolution of the free software community, and the Foundation intends to meet its responsibilities to the makers, distributors and users of free software. In doing so, we hope to hear all relevant points of view, and to make decisions that reflect the many disparate purposes that the license must serve."
That could very well be. Maybe that's why Maynor only pretended to stick an external card in. Let's look at the video more closely (http://news.com.com/1606-2_3-6101573.html?tag=ne. vid). He holds up an external card, and slides it into the slot on the left side of the laptop.
The left side of which laptop?
Oh, the black mac book. What? What's that you say?
The black mac book doesn't have any slot that would fit an external wireless card on the left side?
Well what do you know, you're right (see last photo on):
http://store.apple.com/1-800-MY-APPLE/WebObjects/A ppleStore.woa/wo/0.RSLID?mco=A4791B5D&nclm=MacBook
Could have been usb maybe, but the card is an odd shape for a usb wifi card. I don't have audio on this machine right now so I can't hear the video, but if he claims it's a pccard or pcmcia, then he definitely wasn't exploiting the card he waved around."
Yeah, I know. I was just karma whoring for the funny mod-point. :-)
I'll make sure to point that out to HD and try to prod him to find an exploitable one.
Using software beyond the scope of a particular license may very well be struck down if taken to court, and I certainly agree Microsoft is going to want to sell that argument as hard as they can. But are you willing to go to court to be the test case over it? Because it's gonna be a case by case decision, you can't just say, well clearly all contracts of this nature are unacceptable and unenforcable since it seems reasonable to suggest that some software license restrictions probably ARE valid, whether or not they all are. So who's going to volunteer to be the test cases to find out which is which?
Again, the whole point of this thread was that poster's parents are trying to do the "right thing". If by "right thing" they wanted to steer well clear of getting into legal trouble, then buying an OEM copy against the license restrictions is clearly not their best bet. If by "right thing" they want to do the minimum necessary to have some legal argument that might (or might not) stand up in court, then by all means, suggest they go for the OEM license.
I never sign a copy of the GPL when I use GPL licensed software, but I'm still covered by the terms. Or would you argue that because I didn't sign anything, I don't have to follow the GPL?
Repeat after me: "use constitutes acceptance"
Listen, I don't ~like~ the situation, as I've said many times before, this is one of the many reasons I just don't run microsoft software. But it is what it is.
I suspect if you look very carefully at the results of the WGA software there's probably some wording in it such that just because it says the license is valid, doesn't mean your particular use of it is. That would be where they might get you. Who knows. For the few copies of windows I need to personally run, they're covered under a site-license from the University where I work (including multiple work-at-home copies).
As cliche as it is, it really does serve as extra motivation to move folks to other operating systems. I got my sister and brother in law using Ubuntu. My dad moved himself to a Mac (which, actually, is probably _worse_ from an open/closed perspective in some ways than Microsoft -- but that's a long discussion entirely unrelated to this), and I've been working on getting my little brother to wean himself from photoshop so he can finally ditch windows.
Also, look again at that link I posted -- OEM copies purchased before September 2005 didn't have the same requirements. So it's entirely reasonable that your OEM copy of Windows was purchased before then. I doubt the WGA software can tell the difference, thus the decision to classify the license itself as legal. Again, I'm sure there's some legal loophole that Microsoft has in the fine print of that program that tells you that the results don't really count for anything, or are subject to certain conditions, blah, blah.
Microsoft seems to disagree with you there:
0 6/425681.aspx
Excerpted from: http://blogs.msdn.com/mssmallbiz/archive/2005/06/
Q. Can OEM Microsoft software be purchased by itself or with "some hardware" such as a hard drive, etc.?
A. If it is an OEM Microsoft Desktop Operating System (such as Windows XP Pro or Windows XP Home), then it must also be sold only with a fully-assembled computer system as well (as of September 1, 2005), just like OEM server and application software. Prior to September 1, 2005, an OEM Desktop Operating System license could be sold with specific individual hardware components. These specific hardware components were defined as a nonperipheral computer hardware component... A "nonperipheral computer hardware component" means a component that will be an integral part of the fully assembled computer system on which the individual software license will be installed.." So, prior to September 1, 2005, an OEM Microsoft Desktop Operating System license (such as Windows XP Pro or Windows XP Home) could be sold with a hard drive, motherboard, CPU, memory, etc.
Being that we're past Sept. 1, 2005, it would appear that an OEM copy cannot be purchased (legitimately) without buying a complete system. And incidentally, the OEM license says when you install it you certify that you have the appropriate hardware (post Sep, that'd be a complete system), so you're reponsible for checking that you meet the requirements yourself instead of just trusting a shady vendor selling OEM software.
It's not legal because:
0 6/425681.aspx
In the terms of the license agreement, microsoft stipulates you can only use an OEM license with a new system. The loophole of buying a cable or two doesn't cut it as of Sept 2005. Therefore, just because I've given microsoft money for an OEM copy, it doesn't mean I'm allowed to install it. I can give a toyota dealer money for a prius, but that doesn't mean I'm allowed to take a camry off the lot instead. Just because you can technically install an OEM copy on any old machine, doesn't mean you can LEGALLY install it on any old machine.
This is an example of contract law, which is, from what I hear, definitely part of the legal system of pretty much every country out there. And it's a good thing, too. Contract law and copyright law are what makes the GPL, etc, enforceable.
When you agree with a license agreement, you're entering a contract with microsoft. If you don't like the details (I often don't), DONT USE THE SOFTWARE. If more people took the time to read these things and take them seriously, we'd have more reasonable licenses. Until then, manufacturers will continue to say ridiculous things. Fortunately, sometimes the courts rule the some of those things are unenforcable, but I tell 'ya, I'd rather not be the test case. If I don't agree, I don't sign or buy.
More reading on why buying an OEM copy isn't legal without buying a whole system, straight from the horse's mouth:
http://blogs.msdn.com/mssmallbiz/archive/2005/06/