Why does Nokia care if the file format on the phone is "protected" or not? Is there some kind of phone-to-phone transfer capability that opens up the opportunity for "piracy"?
If I have an MP3 file and Nokia software converts it to "protected AAC", I can [technically] still share the old MP3 copy with half of the planet via P2P, right?
I realize the whole question is academic because the phone is not going to be in the US anytime soon.
Personally, I have no use for a music player in my phone, but I can imagine college students who might want lightweight, multi-function devices. I'd rather have MP3 capability in a PDA.
The battery life on this phone/music toy must be pitiful.
I read the internal memos, and it sure looks like RIAA has been analyzing the packets, and using "reverse engineering" techniques to figure out how to defeat the fast track technology.
Does anyone think the RIAA can be prosecuted under DMCA or any of the various "computer crime" laws? In essense, we have the RIAA accessing other people's data in an unauthorized way.
I wonder if this might be a great use of "weak" encryption; just enough to make use of DMCA.
I intend to write to my Congressional representatives and educate them on the perils of SSSCA, including my plan to boycott all SSSCA-compliant devices (should anyone be dumb enough to manufacture them). They need to be aware that this is not something that will be cheerfully accepted.
Assuming plan A fails and the special interests get their wish, we have to ensure that the SSSCA-compliant devices sit on store shelves, as space-wasters. If we aren't willing to resist the implementation of this stuff, then we deserve the end results.
If anyone has a better idea on defeating SSSCA, let's hear about it.
Hmmm, I wonder if those rumors I heard about the SSSCA virus are true?
I think we need some kind of additional incentive to reward job stability. How about indexing corporate taxes, so that higher rates are paid by the companies with the highest turnover rate. At the end of the year, you calculate "Employment Stability" as the percentage of employees you had on Jan.1 who worked all 12 months and are still with the company. Low percentage = tax surcharge, high percentage = lower taxes. You wouldn't even have to go after the companies directly, you could simply tax CEO bonuses on the same schedule.
As an alternative for our Republican readers, we could skip the tax angle and simply mandate the disclosure of "Employment Stability" statistics so that job applicants would know in advance about their statistical odds of remaining employed. The companies with lousy numbers would face premium salary demands and would therefore have to pay for the privilege of "churnover". Then again, they could limit themselves to hiring only those with nothing to lose (which some companies do anyway).
I was wondering how we would force the terrorists to use crypto software that included gov't back doors. If we could force them to used crippled crypto software, why not just cripple their OS -- send them Windows XP and make them deal with product activation.
These people have not left Bush much of a choice. At this point, the only question is "Can the CIA/NSA track the attackers and supply enough data to nuke their leader?"
An attack this large is going to leave a ton of evidence to be analyzed. Getting away with a crime is inversely proportional to the number of people involved. The very size and nature of this attack eliminates most of the sane/reasonable world as suspects.
Having no reasonable options, Bush is not in a position to do anything other than hunt down the loonies and administer radiation therapy.
Perhaps Bush's real test will come in the form of unrelated international challenges, where the confusion of this attack is used a diversion. If China wanted to invade Taiwan, they won't get a better opportunity than this.
I can imagine Compaq meeting the Pentagon's definition of "support" for 20 years without porting to any new processors or adding any significant functionality. I'm not saying that is what will happen, but having "support" and attacting new customers are two different things. Does Oracle have a 20 year support commitment?
If the VMS market was really worth $4B, I wonder why the Compaq deal was necessary. I was a big VMS fan, but it's been a long time since they had 6,000 mostly-VMS people at a DECUS convention.
Considering how the Alpha was such a big technical breakthrough, it's truly amazing to see just how little DEC and Compaq were able to make of it. The Alpha should have been an Intel-killer from day one.
Back to the main article: I see nothing at all "new" about M$ 64-bit "Advanced Server". As you say, the IA64 will be little more than an Alpha in disguise. If that's true, then the M$ product could be little more than NT/Alpha resurrected. It wouldn't be the first time the put a new face on an old product.
SGI stock quote (August 30, 2001): 47 cents. Are you buying? Perhaps you will make enough money in the stock market to buy an Itanium 3D PDA, with a 64-bit version of WinCE!
If 64-bit computing was so important, people would have bought Alpha processors. Introduced back in the early-1990s, the Alpha was largely ignored (outside of the high-end niche market).
Digital had VMS and Unix for Alpha; M$ had NT. Evidently, the high-end customers discovered that Unix was the best OS for running databases and CPU-intensive apps on a 64-bit platform. Alpha/NT is history and VMS is probably next.
Aside from cannibalizing the revenue stream from DEC VAX processors, the Alpha was not all that successful. Compaq bought Digital, then handed over Alpha to Intel.
M$ has to release a 64-bit OS, just to avoid being identified as obsolescent technology. I predict that it will be quite a while before desktop users actually need 64-bit CPUs, although it would be useful on servers almost immediately. M$ will hold on to the 32-bit desktops, but they will lose the 64-bit server market because they lost it already. When the desktops truly need 64-bit power, the OS will not be M$. If you think M$ licensing is obnoxious now, just wait until they sense a captive 32-bit market that is ready to migrate to 64-bit. M$ will over-estimate the market value of their 64-bit software, and the customers will be screaming for alternatives.
The Digital and M$ 64-bit concept of the 1990s is not all that different from the Intel and M$ concept of 2002. Those who ignore history are condemned to repeat it.
I wonder if an OEM could ship the PCs with alternate OS installed but invisible (as Hitachi did), and then include a self-booting floppy that auto-installs the otherwise-prohibited boot loader.
As an alternative, how about an http shortcut on the desktop to an executable that installs the boot loader?
Admittedly, the OEMs would be squeamish about offending the mighty M$, but IBM might take the approach "M$ has done everything they can to screw us; what have we got to lose?"
There are some distros of Linux that launch out of Windows, essentially replacing it on the fly. Maybe the entire boot loader issue could be solved by putting a pseudo-boot menu in the Windows startup folder. Maybe call it something like a "selector", "enhancer", or (my favorite) "stabilizer". At that point, Windows has already booted, it's just a matter of running an app from startup, right? I think a little creativity could go a long way toward circumventing M$ restrictions.
Unfortunately, I think the real reason behind the lack of multi-boot machines is lack of demand. The average user can barely use Windoze, much less an alternative OS. Even the most anti-M$ OEM would hesitate to put anything on the hard disk that might generate more support calls from the people who think the CD-ROM drive is a cup holder. User ignorance is half the reason behind the M$ monopoly.
Yes, and if they had the Cheyenne mountain complex, they would not care about a feeble defense like DMCA.
It shows how little faith the copyright community has in the ability of commercial software developers to create hacker-proof encryption standards. Surely, the bright people at NSA & CIA have all kinds of encryption that [I hope] works. By comparison, the developers of Adobe e-books and CSS must be some really dim bulbs.
I know the NSA/CIA guys are spending lots of time & money on testing the security of their algorithms. I wonder just how much effort the copyright gods put into testing CSS or e-books before the hackers defeated the encryption.
As we have seen with Sklyarov and countless others, the people who do encryption research are not deterred by US law. They might be annoyed and inconvenienced, but nothing more. The real threat comes from quiet people who are not going to tell anyone about what they do. If you depend on encryption, you have to assume that people are going to attack it on a 24/7 basis. Making it technically difficult is not the best defense, it is the ONLY defense!
I can think of several ways for the "underground internet" to evolve...
Non-conforming countries & territories: Sealand, China, Iraq, North Korea, Denmark. This is possibly the path of least resistance, at least initially.
Gateways to PPTP or 802.X linked networks. This would be OK for a while, until the ISPs start blocking these "hacker" protocols.
New, "stealthy" replacements for PPTP, perhaps something that builds upon the P2P protocols -- this would be difficult to trace or firewall.
The Freenet project (http://www.freenetproject.org) The fact that people are working on a project like this means the "underground internet" concept is closer than you think.
I think it's only a matter of time before one of the biggie ISPs decides to resurrect the "on-line service model", similar to pre-Internet CompuServe or Prodigy. They would create an "alternate internet universe", absent any rules whatsoever, loaded with disclaimers. Anonymity & encryption by design, using proprietary protocols that essentially shield the ISP from knowing whery anything is going -- therefore no real responsibility. "Have your modem dial this number, and whatever happens is your problem." Even before the Internet, online service providers have continuously searched for services where the customers would pay non-commodity prices for something that was "added value". If privacy is going to be in short supply, then we will surely have people trying to sell privacy as a product!
IMHO: The limitation of law is that it depends on voluntary compliance from the majority. A law that is widely disregarded is not useful, and probably unenforceable. Hardly anyone disagrees with the fundamental concept of privacy, so I think laws that limit privacy will be met with technical countermeasures, not voluntary compliance.
Thanks to DMCA and rabid lawyers, we're creating an "underground internet" that generally ignores the law. In a scenario like this, how will anyone know which encryption standards are working and which have been compromised? We can't assume that anyone who cracks and encryption scheme is going to publish the results, but what if no one publishes anything? What happens then?
Imagine the people who design & use encryption standards as the occupants of a castle, and the hackers are trying to use a battering ram to enter the facility. Thanks to DMCA, the walls are padded, so the people inside don't hear the pounding of a battering ram on their door. The king overruled the castle engineers who wanted a thicker door. "No need for that", says the king. "My DMCA padded walls will take care of the noise, therefore I proclaim that the hacker problem is solved!" Of course, when the door gives way, it will be quite a suprise to the occupants!
They can promote.NET/Passport (and sell it), only to the extent that we, the customers, are dumb enough to ignore the security issue.
Unfortunately, the customers are not all that bright. I could make a long list of M$ shortcomings that are tolerated or ignored by real IT professionals (who should know better). [List omitted to conserve bandwidth]
If they use media hype and FUD to successfully release yet another mediocre/unsecure product, how is this any different from their traditional tactics?
It's hard to make a good product and sell it to a few smart people. Why bother doing that when you can make a mediocre product and sell it to millions of dummies?
If they could get past this Sircam thing, maybe they could finish up and release Microsoft Cupholder. Then again, I wonder how they intend to stop Outlook VB script viruses from closing the CD-ROM and spilling my coffee!
Maybe this is too simplistic, but a creative bunch of anti-patent people might produce (and copyright!) a "patent-free" logo to be used on websites and software products that are produced in the absence of software patents (I guess that means no GIF files, for starters). Anything without the logo gets boycotted.
Never, ever underestimate the power of a boycott. Ask the folks at Smith & Wesson. The company made guns for almost 150 years. Everything was OK until the gun industry got whacked with "product liability" lawsuits because of criminals using guns. Somehow this became the manufacturers' problem. To make a long story short, S&W made an ill-fated agreement with the US government. This triggered a massive backlash, which included a boycott led by the NRA. The government agreement was useless in stopping the lawsuits, but the boycott was very effective at killing the company. In fact, S&W was sold for pennies on the dollar to some other company. The CEO who made the deal is now running a lawn mower company, and the NRA may decide to expand the boycott to include the lawn mowers also!
"In most cases, simply having the firewall can be a violation of the contract, assuming that you are only allowed to have one computer connected at a time."
I don't think so. I am an AT&T@Home customer, and my recollection of the AUP was something like "connecting multiple computers requires a home LAN" [duh]. Then it talks about purchasing additional IP addresses. It says absolutely nothing that forbids the use of one IP address for multiple computers. I think they want to pretend it can't be done.
IMHO, their AUP begins and ends with the ONE computer that has a direct connection to the cable modem. Sure, they can block outside access to servers inside my LAN, under the "we can do anything just by issuing a new AUP" clause. If my ONE computer happens to be rewriting/forwarding packets on behalf of an internal class B network in my basement, good for me. I am buying bandwidth, and one IP address. Technically, my inside machines don't have an internet connection, they are connected to a machine that does that "Internet stuff" for them. Sure, the whole process looks transparent, but that's not my problem either.
By the time you read this, the people who want to keep their webservers will have moved them to nonstandard ports.
Yes, M$ does this with every release. Yes, they do it with just about every product. If anything, they do it to purposely break their old versions and encourage upgrades (MS Office). It would be out of character for them to do anything else.
I think the Ximian/Mono people may have better luck. XP will be adopted slowly, thanks to M$ anti-customer business practices. The entire.NET initiative may simply turn out to be another M$ proprietary technology that is best ignored (examples: ASP, ActiveX, WINS). An open standard that is "a better.NET than.NET" would be more or less exempt from the M$ treadmill. I don't see the Apache team scrambling to implement ASP!
For what it's worth, Samba is one of the coolest open source products ever. As time goes by, I find myself doing less and less with file services, but Samba is certainly one of the key products that we all need to limit the influence of the "evil empire".
They might release some kind of "client upgrade", which coincidentally breaks Samba.
I figure the next step would be for the open source people to write their own SMB client that restores Samba connectivity.
Considering that M$ is drowning in security issues over IIS, they would be in even more trouble if their "upgrade" proved to be a security problem. I'm sure any such "upgrades" from M$ will be thoroughly "evaluated" by the hacker community.
For some time now, M$ has treated file and print services as a commodity, almost a giveaway. M$ got into this business by providing the same functionality as Novell at a fraction of the price. It would be a classic blunder for M$ to "embrace and extend" their own file services, just as the concept is becoming irrelevant.
To me, it sounds like their strategy is to try anything to slow down Linux. If this is the best M$ can do, the penguins will be marching into Redmond!
"Held against his will"? Do you honestly think he made this presentation without realizing it was a DMCA challenge? Thanks to forums like this one, DMCA is well known in the geek community all over the world. Although I don't have conclusive proof that Dimitry was aware of the DMCA, I think he is smart enough to know. Besides, since when was ignorance used successfully as a defense?
If he knew about DMCA, then he is not such an "unwilling subject" after all. If he was truly ignorant, then he gets prosecuted like anyone else who violates a law without knowing about the consequences. If the law in question was anything other than DMCA, there would be no debate whatsoever.
The real problem is the DMCA. Releasing him now does not make the law any less asinine, nor does it help the next person who gets singled out for special treatment. Instead, it would facilitate the use of DMCA as an intimidation tactic, without risking the loss of DMCA as a weapon for future intimidation. As far as I'm concerned, the government made this mess, let's watch them try and deal with it. Going after a foreign national certainly raises the stakes; they can't just send him home while he waits for trial. IMHO, we have to let this fiasco run its course in order for there to be any meaningful change in DMCA. If the government is legally entitled to hold him in jail as a result of DMCA, then they should keep him there until they get a clue and bag DMCA entirely. My point is that the best anti-DMCA strategy may be to simply watch the government play by it's own rules, dumb as they may be.
If I decided to take your advice and openly violate the DMCA, I would be fully prepared for a wide range of consequences (even if Dimitry never existed). If I did such a thing, I might be ignored, arrested, prosecuted, fined, jailed, or acquitted, but I would NOT be suprised or unwilling. If I do it, it's because I have a plan. Unless Dimitry is a total fool, he has a plan also.
What we have here is "civil disobedience" -- nothing more, nothing less. If I were jailed as a result of civil disobedience, I would not want to be released until my opponents were thoroughly defeated and humiliated.
Although releasing him immediately would be the right thing to do, we can learn a great deal about the media, the government and its owners as they fumble & bumble with this case.
How long does the gov't intend to hold him without bail?
How zealous is the prosecution going to be?
Will the courts kill DMCA? If not, will they impose any meaningful penalty?
If DMCA is killed, will the politicians and their owners try to fabricate a replacement?
Will the media report any of this, or will they keep quiet? If they start reporting, will they try to put a postive spin on the DMCA?
Will some wise-ass journalist write a story about the Dimitry case and publish exerpts from the forbidden document?
Will the public react (expanding the Adobe boycott, possibly to include RIAA), or will they ignore the whole thing?
If Dimitry is promptly released, we will miss a great opportunity to go on the offensive against DMCA, or at least learn about our enemies and their tactics. I say we leave him in for a while, in the name of science.
You make an excellent point about using open source to "manufacture" experience. There are other ways, but open source is perhaps the best. Not everyone can do this, but one alternative is to market yourself as a lone-gun consultant. Undercut the standard rate, and exist as a bottom-feeder until you have the experience to demand more.
Another intersting point is the academic overuse of NT. This creates certain opportunities for people who have a broader view. If I were starting in IT today, I would market myself as the Anti-Bill: "Hire me, and I'll help you deploy open source alternatives to costly M$ products. If you're tired of M$ licensing and security/stability issues, I have the answer."
The key is to get experience, no matter what it takes. Do open source for free if necessary, but you have to do something other than wave a diploma as if it were a flag of entitlement.
I often wonder why so many students wait until graduation to learn about the need for experience. Having a co-op job is not nearly enough to qualify as the kind of experience that employers want.
The education industry markets itself as the sure-fire path to success in IT. In reality, degrees and certs represent only a fraction of what it takes to launch a career. Paraphrasing the sugar-cereal industry: "A degree is part of a well-balanced resume." Consider our hero, Linus Torvalds. If he blew off his senior year and hit the job market with no degree or certification, would he have a successful career? Sure, it certainly worked for Bill Gates. Could the average person combine open source plus a degree and be successful? Absolutely. Could they skip the degree/certification and still be successful? Maybe, it depends on circumstances. Could they skip the experience and rely on the degree to land job #1? Possible, but unlikely.
Of all the things employers want, the degree requirement is usually spelled out in black and white, while the definition of experience is a little fuzzy. Ironically, the degree is usually negotiable and the experience is not. CS students should know this before graduation, but I guess no one is telling them.
Instead of looking for ways to become more obnoxious, the marketers would have to adopt practices that do not create resentment and technical countermeasures. Sadly, the marketers are pursuing pop-unders and Flash -- business suicide.
The original concept of a banner ad is not all that bad; most people accept them as the cost of viewing the content. Unfortunately, we all ignore the ads because they are seldom tailored to our interests. After I see 1000 or so totally irrelevant ads, I am going to ignore that stupid box at the top of the screen.
The advertisers are trying to track our preferences, but they are not very good at it. When they collect preference data, they sell "targeted" ads at a premium. This makes "untargeted" a relative bargain. It's cheaper to blast out the message to millions of people instead of looking for the subset of the population that actually wants "Herbal Viagara" -- ask any spammer. Contributing to the problem is the marketing mentality "Our target market is the person who doesn't even know they need Herbal Viagara! Anyone who hasn't opted-out in the past 30 days is a potential customer! How do the customers know they don't want it until we tell them about it?"
IMHO, making the banner ads work would require precise targeting, based on the customer's preferences. Unfortunately, this will never happen. As an end user, I assume the marketing industry is looking for more ways to harrass me with obnoxious tactics. Therefore, I do everything in my power to conceal the data that might identify my preferences. After all, I want to avoid telemarketing, spam, and fraud. Since I do not control the data after I release it, my best bet is to supply only the most basic of information, and only when I am prepared to defeat the endless marketing. Ask for my e-mail address? Fine, here is a [quota exceeded] throwaway account. Want my home address? OK, your junk mail will be tossed in the order in which it was received. Want my home phone number? OK, but I'm on the state DNC list; $5,000 fine per violation. Put some crap on my screen? Click-close-byebye. Want to know if I have a lawnmower and if so, what brand? Sorry, data unavailable.
The marketers big mistake is the erroneous assumption that the ad viewer's time is unlimited and free. Ultimately, there is a maximum amount of time any of us will tolerate advertising, and a lesser amount of time where we actually pay attention. I think we're it has become a zero-sum game. As more ads are sold, the audience for each is shrinking. Worse, the audience is pre-conditioned to ignore the ads and defend against obnoxious marketing tactics.
With appropriate technology and business practices, the highly-targeted banner ad would be a sensible part of a profitable/enjoyable web experience. Too bad the marketing industry is so clueless.
I often see lines of pseudo-random text in the spam that probably identify the recipient. If you click on the spamvertized link, their logs pick up the id of the individual spam recipient, so they can target the visitor for additional harrassment (oops, I meant "direct marketing").
Even the non-html spam has this pseudo-random text. I suspect they are using it to ID the spam recipient when complaints are sent to the ISP, who forwards the actual complaint without identifying the person who sent it.
All of this would tend to defeat the checksum algorithm.
I think we need a "spam tax", to be paid by the ISPs who originate the messages, and passed back to the spammers as a marked-up fee. As soon as the cost per message exceeds the cost of snail mail, the game is over. Of course, the overseas providers would not be subject to the tax -- until each government sees the gravy train and jumps onboard. It would be very easy for the ISPs to keep the entire cost fo the "spam tax" limited to the people who send the spam. The only drawback is that once the revenue from the "spam tax" dries up, the same government entities would be looking for ways to replenish the revenue stream by taxing other things on the Internet. If you view taxation as inevitable, it might as well start with the spammers.
Maybe the tax could be disguised as a "fine", similar to a speeding ticket. After all, the government would be invoking a financial penalty for unacceptable behavior, very similar to a traffic violation. Since the actual enforcement would involve complaints from the recipients, it's very much like getting caught speeding.
The greatest part of all is that no one has to enact the "spam tax" to get the benefits. Just the mere possibility of something like this would have the spam-friendly ISPs running for cover.
I think the key to the spam problem is to raise the spammer's cost. I may not have the ideal method, but I think detection or filtering is not going to get the job done -- it's all about cost.
Of all the places that M$ could look for money, school systems are probably the least effective. They generally don't buy anything without budgeting a year in advance. Even then, anything that is not a state or federal mandate can be deleted at a whim. I suspect that a great deal of software is grant-funded. This means an even longer lead time, and the approval process is even more unpredictable. Even if the schools want to cooperate, they will expend most of their energy on reducing license utilization, not buying more licenses. Never underestimate the ability of a school system to pinch pennies.
Besides, M$ should be giving the product away.
Digital used to give away just about all their software to colleges via the "Campuswide Software License Grant" program. For a while, it really worked. DEC expanded their market share in higher ed., and students graduated with DEC experience. It wasn't enough to stop the PC trend, and DEC watered down the program in a desperate search for cash. However, it was a great idea, especially as a tax writeoff. The cool part was that they could write off the full value of what the colleges used (not what they bought or would have bought). If they used 3X as much software as before, the whole program became revenue-neutral compared to the old practice of trying to get blood from a stone.
The alternative is the current M$ strategy, which creates a huge opportunity for open source. Considering the escalating per seat cost of M$, the schools would be better off hiring open source consultants to install & train. The only problem is the availability of educational software (unless WINE becomes a reliable concept).
Apple tried the donation method and failed, but you have to consider that the stuff was pricey (for traditional paying customers), and not all that well suited for business (at the time).
M$ could easily follow the DEC/Apple example, and probably get better results than DEC or Apple did. Not only could they do this, it would not be an anti-trust issue because it's already been done by companies that once had commanding market share in the market where they were giving the product away. Besides, since when was there a limit on charitable corporate donations?
Instead, we can watch the latest example of M$ foolishness. It tells us who we are dealing with and what their priorities are.
Disclaimer: I am not a lawyer or tax advisor. This is not legal or financial advice.
Slashdot Mirror
Why does Nokia care if the file format on the phone is "protected" or not? Is there some kind of phone-to-phone transfer capability that opens up the opportunity for "piracy"?
If I have an MP3 file and Nokia software converts it to "protected AAC", I can [technically] still share the old MP3 copy with half of the planet via P2P, right?
I realize the whole question is academic because the phone is not going to be in the US anytime soon.
Personally, I have no use for a music player in my phone, but I can imagine college students who might want lightweight, multi-function devices. I'd rather have MP3 capability in a PDA.
The battery life on this phone/music toy must be pitiful.
I read the internal memos, and it sure looks like RIAA has been analyzing the packets, and using "reverse engineering" techniques to figure out how to defeat the fast track technology.
Does anyone think the RIAA can be prosecuted under DMCA or any of the various "computer crime" laws? In essense, we have the RIAA accessing other people's data in an unauthorized way.
I wonder if this might be a great use of "weak" encryption; just enough to make use of DMCA.
I intend to write to my Congressional representatives and educate them on the perils of SSSCA, including my plan to boycott all SSSCA-compliant devices (should anyone be dumb enough to manufacture them). They need to be aware that this is not something that will be cheerfully accepted.
Assuming plan A fails and the special interests get their wish, we have to ensure that the SSSCA-compliant devices sit on store shelves, as space-wasters. If we aren't willing to resist the implementation of this stuff, then we deserve the end results.
If anyone has a better idea on defeating SSSCA, let's hear about it.
Hmmm, I wonder if those rumors I heard about the SSSCA virus are true?
As an alternative for our Republican readers, we could skip the tax angle and simply mandate the disclosure of "Employment Stability" statistics so that job applicants would know in advance about their statistical odds of remaining employed. The companies with lousy numbers would face premium salary demands and would therefore have to pay for the privilege of "churnover". Then again, they could limit themselves to hiring only those with nothing to lose (which some companies do anyway).
I was wondering how we would force the terrorists to use crypto software that included gov't back doors. If we could force them to used crippled crypto software, why not just cripple their OS -- send them Windows XP and make them deal with product activation.
These people have not left Bush much of a choice. At this point, the only question is "Can the CIA/NSA track the attackers and supply enough data to nuke their leader?"
An attack this large is going to leave a ton of evidence to be analyzed. Getting away with a crime is inversely proportional to the number of people involved. The very size and nature of this attack eliminates most of the sane/reasonable world as suspects.
Having no reasonable options, Bush is not in a position to do anything other than hunt down the loonies and administer radiation therapy.
Perhaps Bush's real test will come in the form of unrelated international challenges, where the confusion of this attack is used a diversion. If China wanted to invade Taiwan, they won't get a better opportunity than this.
If the VMS market was really worth $4B, I wonder why the Compaq deal was necessary. I was a big VMS fan, but it's been a long time since they had 6,000 mostly-VMS people at a DECUS convention.
Considering how the Alpha was such a big technical breakthrough, it's truly amazing to see just how little DEC and Compaq were able to make of it. The Alpha should have been an Intel-killer from day one.
Back to the main article: I see nothing at all "new" about M$ 64-bit "Advanced Server". As you say, the IA64 will be little more than an Alpha in disguise. If that's true, then the M$ product could be little more than NT/Alpha resurrected. It wouldn't be the first time the put a new face on an old product.
SGI stock quote (August 30, 2001): 47 cents . Are you buying? Perhaps you will make enough money in the stock market to buy an Itanium 3D PDA, with a 64-bit version of WinCE!
If 64-bit computing was so important, people would have bought Alpha processors. Introduced back in the early-1990s, the Alpha was largely ignored (outside of the high-end niche market).
Digital had VMS and Unix for Alpha; M$ had NT. Evidently, the high-end customers discovered that Unix was the best OS for running databases and CPU-intensive apps on a 64-bit platform. Alpha/NT is history and VMS is probably next.
Aside from cannibalizing the revenue stream from DEC VAX processors, the Alpha was not all that successful. Compaq bought Digital, then handed over Alpha to Intel.
M$ has to release a 64-bit OS, just to avoid being identified as obsolescent technology. I predict that it will be quite a while before desktop users actually need 64-bit CPUs, although it would be useful on servers almost immediately. M$ will hold on to the 32-bit desktops, but they will lose the 64-bit server market because they lost it already. When the desktops truly need 64-bit power, the OS will not be M$. If you think M$ licensing is obnoxious now, just wait until they sense a captive 32-bit market that is ready to migrate to 64-bit. M$ will over-estimate the market value of their 64-bit software, and the customers will be screaming for alternatives.
The Digital and M$ 64-bit concept of the 1990s is not all that different from the Intel and M$ concept of 2002. Those who ignore history are condemned to repeat it.
I wonder if an OEM could ship the PCs with alternate OS installed but invisible (as Hitachi did), and then include a self-booting floppy that auto-installs the otherwise-prohibited boot loader.
As an alternative, how about an http shortcut on the desktop to an executable that installs the boot loader?
Admittedly, the OEMs would be squeamish about offending the mighty M$, but IBM might take the approach "M$ has done everything they can to screw us; what have we got to lose?"
There are some distros of Linux that launch out of Windows, essentially replacing it on the fly. Maybe the entire boot loader issue could be solved by putting a pseudo-boot menu in the Windows startup folder. Maybe call it something like a "selector", "enhancer", or (my favorite) "stabilizer". At that point, Windows has already booted, it's just a matter of running an app from startup, right? I think a little creativity could go a long way toward circumventing M$ restrictions.
Unfortunately, I think the real reason behind the lack of multi-boot machines is lack of demand. The average user can barely use Windoze, much less an alternative OS. Even the most anti-M$ OEM would hesitate to put anything on the hard disk that might generate more support calls from the people who think the CD-ROM drive is a cup holder. User ignorance is half the reason behind the M$ monopoly.
I wish they equally militant about terminating their own spammers!
It shows how little faith the copyright community has in the ability of commercial software developers to create hacker-proof encryption standards. Surely, the bright people at NSA & CIA have all kinds of encryption that [I hope] works. By comparison, the developers of Adobe e-books and CSS must be some really dim bulbs.
I know the NSA/CIA guys are spending lots of time & money on testing the security of their algorithms. I wonder just how much effort the copyright gods put into testing CSS or e-books before the hackers defeated the encryption.
As we have seen with Sklyarov and countless others, the people who do encryption research are not deterred by US law. They might be annoyed and inconvenienced, but nothing more. The real threat comes from quiet people who are not going to tell anyone about what they do. If you depend on encryption, you have to assume that people are going to attack it on a 24/7 basis. Making it technically difficult is not the best defense, it is the ONLY defense!
- Non-conforming countries & territories: Sealand, China, Iraq, North Korea, Denmark. This is possibly the path of least resistance, at least initially.
- Gateways to PPTP or 802.X linked networks. This would be OK for a while, until the ISPs start blocking these "hacker" protocols.
- New, "stealthy" replacements for PPTP, perhaps something that builds upon the P2P protocols -- this would be difficult to trace or firewall.
- The Freenet project (http://www.freenetproject.org) The fact that people are working on a project like this means the "underground internet" concept is closer than you think.
- I think it's only a matter of time before one of the biggie ISPs decides to resurrect the "on-line service model", similar to pre-Internet CompuServe or Prodigy. They would create an "alternate internet universe", absent any rules whatsoever, loaded with disclaimers. Anonymity & encryption by design, using proprietary protocols that essentially shield the ISP from knowing whery anything is going -- therefore no real responsibility. "Have your modem dial this number, and whatever happens is your problem." Even before the Internet, online service providers have continuously searched for services where the customers would pay non-commodity prices for something that was "added value". If privacy is going to be in short supply, then we will surely have people trying to sell privacy as a product!
IMHO: The limitation of law is that it depends on voluntary compliance from the majority. A law that is widely disregarded is not useful, and probably unenforceable. Hardly anyone disagrees with the fundamental concept of privacy, so I think laws that limit privacy will be met with technical countermeasures, not voluntary compliance.Imagine the people who design & use encryption standards as the occupants of a castle, and the hackers are trying to use a battering ram to enter the facility. Thanks to DMCA, the walls are padded, so the people inside don't hear the pounding of a battering ram on their door. The king overruled the castle engineers who wanted a thicker door. "No need for that", says the king. "My DMCA padded walls will take care of the noise, therefore I proclaim that the hacker problem is solved!" Of course, when the door gives way, it will be quite a suprise to the occupants!
Unfortunately, the customers are not all that bright. I could make a long list of M$ shortcomings that are tolerated or ignored by real IT professionals (who should know better). [List omitted to conserve bandwidth]
If they use media hype and FUD to successfully release yet another mediocre/unsecure product, how is this any different from their traditional tactics?
It's hard to make a good product and sell it to a few smart people. Why bother doing that when you can make a mediocre product and sell it to millions of dummies?
If they could get past this Sircam thing, maybe they could finish up and release Microsoft Cupholder. Then again, I wonder how they intend to stop Outlook VB script viruses from closing the CD-ROM and spilling my coffee!
Never, ever underestimate the power of a boycott. Ask the folks at Smith & Wesson. The company made guns for almost 150 years. Everything was OK until the gun industry got whacked with "product liability" lawsuits because of criminals using guns. Somehow this became the manufacturers' problem. To make a long story short, S&W made an ill-fated agreement with the US government. This triggered a massive backlash, which included a boycott led by the NRA. The government agreement was useless in stopping the lawsuits, but the boycott was very effective at killing the company. In fact, S&W was sold for pennies on the dollar to some other company. The CEO who made the deal is now running a lawn mower company, and the NRA may decide to expand the boycott to include the lawn mowers also!
I don't think so. I am an AT&T@Home customer, and my recollection of the AUP was something like "connecting multiple computers requires a home LAN" [duh]. Then it talks about purchasing additional IP addresses. It says absolutely nothing that forbids the use of one IP address for multiple computers. I think they want to pretend it can't be done.
IMHO, their AUP begins and ends with the ONE computer that has a direct connection to the cable modem. Sure, they can block outside access to servers inside my LAN, under the "we can do anything just by issuing a new AUP" clause. If my ONE computer happens to be rewriting/forwarding packets on behalf of an internal class B network in my basement, good for me. I am buying bandwidth, and one IP address. Technically, my inside machines don't have an internet connection, they are connected to a machine that does that "Internet stuff" for them. Sure, the whole process looks transparent, but that's not my problem either.
By the time you read this, the people who want to keep their webservers will have moved them to nonstandard ports.
I think the Ximian/Mono people may have better luck. XP will be adopted slowly, thanks to M$ anti-customer business practices. The entire .NET initiative may simply turn out to be another M$ proprietary technology that is best ignored (examples: ASP, ActiveX, WINS). An open standard that is "a better .NET than .NET" would be more or less exempt from the M$ treadmill. I don't see the Apache team scrambling to implement ASP!
For what it's worth, Samba is one of the coolest open source products ever. As time goes by, I find myself doing less and less with file services, but Samba is certainly one of the key products that we all need to limit the influence of the "evil empire".
I figure the next step would be for the open source people to write their own SMB client that restores Samba connectivity.
Considering that M$ is drowning in security issues over IIS, they would be in even more trouble if their "upgrade" proved to be a security problem. I'm sure any such "upgrades" from M$ will be thoroughly "evaluated" by the hacker community.
For some time now, M$ has treated file and print services as a commodity, almost a giveaway. M$ got into this business by providing the same functionality as Novell at a fraction of the price. It would be a classic blunder for M$ to "embrace and extend" their own file services, just as the concept is becoming irrelevant.
To me, it sounds like their strategy is to try anything to slow down Linux. If this is the best M$ can do, the penguins will be marching into Redmond!
If he knew about DMCA, then he is not such an "unwilling subject" after all. If he was truly ignorant, then he gets prosecuted like anyone else who violates a law without knowing about the consequences. If the law in question was anything other than DMCA, there would be no debate whatsoever.
The real problem is the DMCA. Releasing him now does not make the law any less asinine, nor does it help the next person who gets singled out for special treatment. Instead, it would facilitate the use of DMCA as an intimidation tactic, without risking the loss of DMCA as a weapon for future intimidation. As far as I'm concerned, the government made this mess, let's watch them try and deal with it. Going after a foreign national certainly raises the stakes; they can't just send him home while he waits for trial. IMHO, we have to let this fiasco run its course in order for there to be any meaningful change in DMCA. If the government is legally entitled to hold him in jail as a result of DMCA, then they should keep him there until they get a clue and bag DMCA entirely. My point is that the best anti-DMCA strategy may be to simply watch the government play by it's own rules, dumb as they may be.
If I decided to take your advice and openly violate the DMCA, I would be fully prepared for a wide range of consequences (even if Dimitry never existed). If I did such a thing, I might be ignored, arrested, prosecuted, fined, jailed, or acquitted, but I would NOT be suprised or unwilling. If I do it, it's because I have a plan. Unless Dimitry is a total fool, he has a plan also.
What we have here is "civil disobedience" -- nothing more, nothing less. If I were jailed as a result of civil disobedience, I would not want to be released until my opponents were thoroughly defeated and humiliated.
If Dimitry is promptly released, we will miss a great opportunity to go on the offensive against DMCA, or at least learn about our enemies and their tactics. I say we leave him in for a while, in the name of science.
Another intersting point is the academic overuse of NT. This creates certain opportunities for people who have a broader view. If I were starting in IT today, I would market myself as the Anti-Bill: "Hire me, and I'll help you deploy open source alternatives to costly M$ products. If you're tired of M$ licensing and security/stability issues, I have the answer."
The key is to get experience, no matter what it takes. Do open source for free if necessary, but you have to do something other than wave a diploma as if it were a flag of entitlement.
I often wonder why so many students wait until graduation to learn about the need for experience. Having a co-op job is not nearly enough to qualify as the kind of experience that employers want.
The education industry markets itself as the sure-fire path to success in IT. In reality, degrees and certs represent only a fraction of what it takes to launch a career. Paraphrasing the sugar-cereal industry: "A degree is part of a well-balanced resume." Consider our hero, Linus Torvalds. If he blew off his senior year and hit the job market with no degree or certification, would he have a successful career? Sure, it certainly worked for Bill Gates. Could the average person combine open source plus a degree and be successful? Absolutely. Could they skip the degree/certification and still be successful? Maybe, it depends on circumstances. Could they skip the experience and rely on the degree to land job #1? Possible, but unlikely.
Of all the things employers want, the degree requirement is usually spelled out in black and white, while the definition of experience is a little fuzzy. Ironically, the degree is usually negotiable and the experience is not. CS students should know this before graduation, but I guess no one is telling them.
The original concept of a banner ad is not all that bad; most people accept them as the cost of viewing the content. Unfortunately, we all ignore the ads because they are seldom tailored to our interests. After I see 1000 or so totally irrelevant ads, I am going to ignore that stupid box at the top of the screen.
The advertisers are trying to track our preferences, but they are not very good at it. When they collect preference data, they sell "targeted" ads at a premium. This makes "untargeted" a relative bargain. It's cheaper to blast out the message to millions of people instead of looking for the subset of the population that actually wants "Herbal Viagara" -- ask any spammer. Contributing to the problem is the marketing mentality "Our target market is the person who doesn't even know they need Herbal Viagara! Anyone who hasn't opted-out in the past 30 days is a potential customer! How do the customers know they don't want it until we tell them about it?"
IMHO, making the banner ads work would require precise targeting, based on the customer's preferences. Unfortunately, this will never happen. As an end user, I assume the marketing industry is looking for more ways to harrass me with obnoxious tactics. Therefore, I do everything in my power to conceal the data that might identify my preferences. After all, I want to avoid telemarketing, spam, and fraud. Since I do not control the data after I release it, my best bet is to supply only the most basic of information, and only when I am prepared to defeat the endless marketing. Ask for my e-mail address? Fine, here is a [quota exceeded] throwaway account. Want my home address? OK, your junk mail will be tossed in the order in which it was received. Want my home phone number? OK, but I'm on the state DNC list; $5,000 fine per violation. Put some crap on my screen? Click-close-byebye. Want to know if I have a lawnmower and if so, what brand? Sorry, data unavailable.
The marketers big mistake is the erroneous assumption that the ad viewer's time is unlimited and free. Ultimately, there is a maximum amount of time any of us will tolerate advertising, and a lesser amount of time where we actually pay attention. I think we're it has become a zero-sum game. As more ads are sold, the audience for each is shrinking. Worse, the audience is pre-conditioned to ignore the ads and defend against obnoxious marketing tactics.
With appropriate technology and business practices, the highly-targeted banner ad would be a sensible part of a profitable/enjoyable web experience. Too bad the marketing industry is so clueless.
Even the non-html spam has this pseudo-random text. I suspect they are using it to ID the spam recipient when complaints are sent to the ISP, who forwards the actual complaint without identifying the person who sent it.
All of this would tend to defeat the checksum algorithm.
I think we need a "spam tax", to be paid by the ISPs who originate the messages, and passed back to the spammers as a marked-up fee. As soon as the cost per message exceeds the cost of snail mail, the game is over. Of course, the overseas providers would not be subject to the tax -- until each government sees the gravy train and jumps onboard. It would be very easy for the ISPs to keep the entire cost fo the "spam tax" limited to the people who send the spam. The only drawback is that once the revenue from the "spam tax" dries up, the same government entities would be looking for ways to replenish the revenue stream by taxing other things on the Internet. If you view taxation as inevitable, it might as well start with the spammers.
Maybe the tax could be disguised as a "fine", similar to a speeding ticket. After all, the government would be invoking a financial penalty for unacceptable behavior, very similar to a traffic violation. Since the actual enforcement would involve complaints from the recipients, it's very much like getting caught speeding.
The greatest part of all is that no one has to enact the "spam tax" to get the benefits. Just the mere possibility of something like this would have the spam-friendly ISPs running for cover.
I think the key to the spam problem is to raise the spammer's cost. I may not have the ideal method, but I think detection or filtering is not going to get the job done -- it's all about cost.
Besides, M$ should be giving the product away.
Digital used to give away just about all their software to colleges via the "Campuswide Software License Grant" program. For a while, it really worked. DEC expanded their market share in higher ed., and students graduated with DEC experience. It wasn't enough to stop the PC trend, and DEC watered down the program in a desperate search for cash. However, it was a great idea, especially as a tax writeoff. The cool part was that they could write off the full value of what the colleges used (not what they bought or would have bought). If they used 3X as much software as before, the whole program became revenue-neutral compared to the old practice of trying to get blood from a stone.
The alternative is the current M$ strategy, which creates a huge opportunity for open source. Considering the escalating per seat cost of M$, the schools would be better off hiring open source consultants to install & train. The only problem is the availability of educational software (unless WINE becomes a reliable concept).
Apple tried the donation method and failed, but you have to consider that the stuff was pricey (for traditional paying customers), and not all that well suited for business (at the time).
M$ could easily follow the DEC/Apple example, and probably get better results than DEC or Apple did. Not only could they do this, it would not be an anti-trust issue because it's already been done by companies that once had commanding market share in the market where they were giving the product away. Besides, since when was there a limit on charitable corporate donations?
Instead, we can watch the latest example of M$ foolishness. It tells us who we are dealing with and what their priorities are.
Disclaimer: I am not a lawyer or tax advisor. This is not legal or financial advice.