The music industry is trying to come to terms with the fact that they can't make money the way that they used to. Seeing that their traditional business model is approaching collapse, they need to either protect it or find a new business model. In this case the new business model is to get the government to tax citizens and give the tax revenue to the music industry. By encouraging more piracy, they will be able to demand more tax payer money down the road.
If you think that this is an implausible business model, just look the business of agriculture in most rich countries. Their business is to depend on government enforced price supports and subsidies, and very little about actual farming.
As everyone has pointed out, there is nothing you can do on a machine which the child has physical access to to do what is requested.
But a separate firewall and proxy that can be locked away can do the job. If the DSL modem (or whatever) and a firewall and proxy server (say smoothwall running on old hardware) are in a room that can be locked then you can force all port 80 traffic to go through a proxy that uses something like SquidGuard). You can also have a default deny policy for outbound traffic so that you select what sorts of services are available.
Of course a determined teenager will learn about third party proxies (the same kinds of things people set up to assist those getting around the Great Firewall of China). But, of course, one can log the web traffic to try to detect these and end up playing whack-a-mole.
As for the rightness of doing this sort of thing, I don't find it so clear cut. My daughter is turning nine tomorrow. We've already told her more than she really wanted to know about how babies are made (she did ask). And she knows in principle about contraceptives (she asked about a particular scene in Grease), but we've got a few years before she'll need practical instructions. She is still in the "yuck" phase, but things will change.
I'm not really concerned about anything she might see or read out there now or later. But my concern is about who she interacts with. On the Internet nobody knows your a dog, and so really what I'm concerned about is getting her to follow a "don't meet or give too much information to someone without me or my wife checking it out first" rule. I think that that is a kind of rule that is easily to break once you no longer think of some on-line persona as a friend. Does this mean that I'll be snooping in on her chats and email? I hate the idea of doing that, but I'm not ruling it out either.
An "overloaded" NTP server merely degrades NTP service. It doesn't affect the host adversely, it just means that the NTP server will not respond to all of the UDP requests it gets.
That's not how NTP works. The goal isn't just time synchronization, but getting the correct time as well. So NTP is hierarchical. There are stratum 1 servers that get their time from things like atomic clocks and GPS devices. NTP servers which get their time from stratum 1 servers are stratum 2 servers, and so on. The reason for the pool is set up a bunch of public stratum 3 and 4 servers so that the public stratum 2 and stratum 1 servers don't get more requests than they can respond to.
The hierarchy also helps in other ways. If you manage a network, you can have one or two machines on that network sync to external servers and then just have everything else on your net sync to those one or two NTP servers on your net.
Despite what I said about hierarchy, there is NTP peering (usually on a local net), but that is only a supplement to the hierarchical syncing. You can't build the whole system on peering.
Put a daemon on all linksys/netgear/etc routers and have them log their own ip addresses for a while But where will all of those routers get their time from? If you've got a solution to that problem then there is no need for the pool (unless your solution is the pool).
Why not "own" the method by which machines maintain time by throwing a thousand machines at it A thousand machines all on one bit of network does little good. These need to distributed around the globe.
You are absolutely correct that if network carriers provided NTP services properly on their nets, then the pool wouldn't be necessary. If you go through Usenet archives you can read the history and discussion behind the creation of the pool. Everyone realizes that the pool is an inferior solution that we are stuck with because the network access service providers won't do their job.
The next time I've got a free two hours for self-torture, I'll call Verizon Business customer support and ask them about NTP service. (It will take that long to be transfered to someone who understands the question.)
Please name one ntp server in the pool that it off by more than.5 seconds? The vast majority are accurate to under.1 seconds. I do not believe that the AC who said these aren't accurate understands how NTP works.
I just want to add a "me, too". Collecting the stats and usage reports for my contribution to the pool takes far more resources than actually contributing to the pool. NTP is really light weight. The only "problem" I've seen is that every couple of months, it is useful for me to reset the state of my firewall. I didn't have to do that before joining the pool.
What can happen if a server gets "overloaded" is that the NTP service degrades. NTP sends UDP packets and so if the NTP server has more than it can handle it simply drops some queries. The host machine for the server doesn't show problems in other respects. You really won't notice that NTP service is running (even if overloaded) unless you specifically run some monitoring scripts (which, as I've said, consume far more resources than NTP).
How long has BIND been using the same random number generator? I'm a little bit skeptical that Mr. Klein is the first person to consider the possibility of mimicking its behavior
If you read the PDF, you will see that a good history of this kind of attack (and previous responses to it) are detailed. Apparently there has been is history of research into this kind of attack, with various counter measures. But the new attack (which seems like it would apply to almost all versions of BIND9 takes a different approach at "cracking" the PRNG which looks like it could be run against real-world servers.
I don't pretend to understand everything (or even most things) in the PDF, but it looks like solid research to me.
Has anyone seen the book? I would be interested in it if it provided sufficient technical details about how the spammer operated. (Though, I think I'd be more tempted to steal the book than actually buy it.)
I have never (well, almost never) violated music copyrights. But were I a Canadian and paid this tax, I would treat the tax as a license. Does anyone know the legal status of this? Does anyone know of any research discussion whether people will behave as I said I would?
My impression is that the music industry is again shooting itself in the foot. But that actually depends on whether the tax does change behavior and enforcement.
Many studies on print readability have shown that for English at least once you to more than about 13 words per line both reading speed and comprehension go down. Letter or A4 sized paper is great for handwritten text, but unless you leave wide margins (or use a very large font) it's inappropriate for print.
Book publishers know this. Look at your professionally published books around you. Where you see wide pages, there are either multiple columns per page or wide margins.
The 80 character width design was set up for a reason. Don't reject it without understanding the original reason and considering whether it still applies. It may not apply for code, but these choices should be considered carefully.
A few weeks ago, I started to see how well candidates' sites held up under the
W3C Validator, but I got bored quickly.
I'm hoping someone else has already checked this out.
Without the all the numbers, I can't run the test, but from what I've seen, I wouldn't be surprised either way if there is or isn't a "significant" relation. I think it's going to be one the edge.
I wouldn't be surprised if there were a relation due to where the campaigns get their staffers from. The Republicans are likely to have business people as staffers, while the Democrats are more likely to have people who've been community organizers.
But I don't think that any such effect will be strong enough to show up decisively in this sample.
I can only speculate as to why someone thinks that BSD will succeed where Linux has so far failed.
They may think that the (alleged) advantages of FreeBSD over Linux will carry over to desktops for the masses.
They may think that one day one of these attempts will actually succeed and so would like to have a finger in the pie of mixed metaphors.
FreeBSD is what they do. So when trying to make one of these Unix for the masses distro's that is what they started with.
I'm not optimistic, in particular because many things that end users may want on their systems (e.g., Flash) aren't native to FreeBSD but must run in linux compatibility mode.
I don't want to start a FreeBSD vs Linux flaming session here. As long as most people recognize that a reasonable person (even if incorrect) could believe that FreeBSD has advantages over Linux than those (perceived) advantages may reasonably be seen as giving PC-BSD a better chance.
Many (most) email systems now will allow suffixed addresses, typically using "+" as the separator. Chances are that most of the services that use email address as a username or have the features that allow a third party to detect whether a particular email address is registered will treat "foo@domain.example" as entirely distinct from "foo+bar@domain.example". So most people have easy access to throw away addresses.
Unfortunately this doesn't fully solve the problem. Sites use email addresses as identifiers exactly because people remember their own. Using unique addresses for each service defeats that purpose.
The real solution to the real problem is for people to use proper username and password management tools. With such tools users don't have to remember their usernames and passwords, so schemes that try to verify whether a username is registered on a system won't identify to the world the person behind that username the way an email address might.
Amidst the weird confusion in the article, there are a few good points. They are old news, but that doesn't mean that they shouldn't be pointed out.
If you want hardware upgradability (beyond adding RAM) you need the (expensive) PowerMac. For people who do want to upgrade video cards, add disks etc, the typical Apple product is not for them (unless they are willing to spend what it takes to get a PowerMac. And that is fine with most Apple customers. Others shouldn't get a Mac.
But the author still draws the wrong conclusion from this fact. Many people do get more good years out of their Macs than people do out of PCs. Sure the people reading this may be squeezing the last bit of use out of machines that are nearly a decade old by swapping parts and so on, but that isn't most users. On the whole people replace their Macs less frequently then PCs.
X11 ain't Cocoa. As many have pointed out, there is loads of free software for OS X. But even people like me who have used X Windows for decades, don't look using it on OS X. Maybe if I tinkered, I'd get an X11 setup that didn't annoy me. But I find myself strongly preferring Cocoa apps to X11 ones. For others in my family (who haven't used X11) I don't even bother installing X11 apps on their Macs.
Office Suites. I'm a LaTeX user (and there is great free software of OS X for that), but ever more frequently I have to deal with MS-Word documents. I don't enjoy using OpenOffice on the Mac (it seems to feel much smoother on my Linux box), MS-Office is expensive, and Pages in iWork (family license $99) is great for some sorts of documents, but not all.
Still today we have the announcement of the OOo Cocoa alpha test release. There are a lot of people waiting for this to become something really useful. And I wonder to what extent the author's statement about not enough good free software for OS X is about one particularly product: OOo.
I don't know if anyone has done a count, but it seems like every time I look at a report of a major security problem in some browser it is Javascript or ActiveX or something similar where the browser locally executes code served up by the server.
We all knew back in the early days of Javascript that it would be a security nightmare. But we (collectively) went ahead with it. We put together web pages that depended on it, so browsers had to support it and users had to enable it. Now we've waited so long that it seems impossible to undo what we've done. But maybe it isn't completely impossible to undo. And keep in mind that the longer we wait, the harder it will be to undo.
Wouldn't there be a conflict of interest if the CEO of one of the country's biggest tech companies was helping determine tech policy?
This sort the conflict of interest is how government ends up working after a while. The FAA has become an in-government institution for the protection of the commercial airline industry, the FDA and the whole Department of Agriculture does the same for farming.
Economists call this Regulatory Capture which Wikipedia defines as
a phenomenon in which a government regulatory agency which is supposed to be acting in the public interest becomes dominated by the vested interests of the existing incumbents in the industry that it oversees.
And for another great example, you say:
It'd be a little bit like asking the CEO of an oil company to determine environmental policy.
I take it that you haven't been following Dick Cheney's energy policy proposals over the past six years. It's not a coincidence that they look like they were written by the energy industry from day one.
It only matters what you hear with your music and your listening conditions.
I sometimes like to listen to classical on a cheapish low-end component stereo. At 128bps, the quality is so noticiably bad for me as to make it pretty awful. But I don't have that problem with many other types of music under other listening conditions (car, iPod, computer speakers). So when I get a chance (I'm travelling now), I'll see what 256k does for me under the conditions that matter. The results may mean that I'll buy more classical from iTunes.
But it really shouldn't matter to you what difference I hear. Run your own tests, with your own music under your own listening conditions. If the quality difference isn't big enough for you to clearly hear, stick with what has been working for you.
The unexpected age results (that older people were better at telling the difference for the bitrates) may well be a consequence of music choice. Each subject picked their own music, and it is very clear that these quality differences are more noticable in some types of music than in others. The first time I played an iTunes purchased classical piece on a cheap component stereo system, I thought something was broken. I hadn't noticed a problem with most popular music, but I find some jazz and most classical digitized at 128bps un-listenable on my low-end component stereo.
I'm sure it sounds good to your senior US Senator as well.
There may well be value in a gas/oil pipeline from Siberia, but someone should check the numbers very carefully. Other than gas and oil, trade with Russia just isn't going to be that important. Even if non-energy trade with Russia does grow, it will still probably be cheaper to send cargo ships to Oakland or Seattle.
Slashdot Mirror
... but more evil.
The music industry is trying to come to terms with the fact that they can't make money the way that they used to. Seeing that their traditional business model is approaching collapse, they need to either protect it or find a new business model. In this case the new business model is to get the government to tax citizens and give the tax revenue to the music industry. By encouraging more piracy, they will be able to demand more tax payer money down the road.
If you think that this is an implausible business model, just look the business of agriculture in most rich countries. Their business is to depend on government enforced price supports and subsidies, and very little about actual farming.
See the lyrics to the Stan Rogers song Northwest Passage
As everyone has pointed out, there is nothing you can do on a machine which the child has physical access to to do what is requested.
But a separate firewall and proxy that can be locked away can do the job. If the DSL modem (or whatever) and a firewall and proxy server (say smoothwall running on old hardware) are in a room that can be locked then you can force all port 80 traffic to go through a proxy that uses something like SquidGuard). You can also have a default deny policy for outbound traffic so that you select what sorts of services are available.
Of course a determined teenager will learn about third party proxies (the same kinds of things people set up to assist those getting around the Great Firewall of China). But, of course, one can log the web traffic to try to detect these and end up playing whack-a-mole.
As for the rightness of doing this sort of thing, I don't find it so clear cut. My daughter is turning nine tomorrow. We've already told her more than she really wanted to know about how babies are made (she did ask). And she knows in principle about contraceptives (she asked about a particular scene in Grease), but we've got a few years before she'll need practical instructions. She is still in the "yuck" phase, but things will change.
I'm not really concerned about anything she might see or read out there now or later. But my concern is about who she interacts with. On the Internet nobody knows your a dog, and so really what I'm concerned about is getting her to follow a "don't meet or give too much information to someone without me or my wife checking it out first" rule. I think that that is a kind of rule that is easily to break once you no longer think of some on-line persona as a friend. Does this mean that I'll be snooping in on her chats and email? I hate the idea of doing that, but I'm not ruling it out either.
An "overloaded" NTP server merely degrades NTP service. It doesn't affect the host adversely, it just means that the NTP server will not respond to all of the UDP requests it gets.
That's not how NTP works. The goal isn't just time synchronization, but getting the correct time as well. So NTP is hierarchical. There are stratum 1 servers that get their time from things like atomic clocks and GPS devices. NTP servers which get their time from stratum 1 servers are stratum 2 servers, and so on. The reason for the pool is set up a bunch of public stratum 3 and 4 servers so that the public stratum 2 and stratum 1 servers don't get more requests than they can respond to.
The hierarchy also helps in other ways. If you manage a network, you can have one or two machines on that network sync to external servers and then just have everything else on your net sync to those one or two NTP servers on your net.
Despite what I said about hierarchy, there is NTP peering (usually on a local net), but that is only a supplement to the hierarchical syncing. You can't build the whole system on peering.
I fully agree. I just wish ISPs would actually do it.
You are absolutely correct that if network carriers provided NTP services properly on their nets, then the pool wouldn't be necessary. If you go through Usenet archives you can read the history and discussion behind the creation of the pool. Everyone realizes that the pool is an inferior solution that we are stuck with because the network access service providers won't do their job.
The next time I've got a free two hours for self-torture, I'll call Verizon Business customer support and ask them about NTP service. (It will take that long to be transfered to someone who understands the question.)
Please name one ntp server in the pool that it off by more than .5 seconds? The vast majority are accurate to under .1 seconds. I do not believe that the AC who said these aren't accurate understands how NTP works.
I just want to add a "me, too". Collecting the stats and usage reports for my contribution to the pool takes far more resources than actually contributing to the pool. NTP is really light weight. The only "problem" I've seen is that every couple of months, it is useful for me to reset the state of my firewall. I didn't have to do that before joining the pool.
What can happen if a server gets "overloaded" is that the NTP service degrades. NTP sends UDP packets and so if the NTP server has more than it can handle it simply drops some queries. The host machine for the server doesn't show problems in other respects. You really won't notice that NTP service is running (even if overloaded) unless you specifically run some monitoring scripts (which, as I've said, consume far more resources than NTP).
If you read the PDF, you will see that a good history of this kind of attack (and previous responses to it) are detailed. Apparently there has been is history of research into this kind of attack, with various counter measures. But the new attack (which seems like it would apply to almost all versions of BIND9 takes a different approach at "cracking" the PRNG which looks like it could be run against real-world servers.
I don't pretend to understand everything (or even most things) in the PDF, but it looks like solid research to me.
Has anyone seen the book? I would be interested in it if it provided sufficient technical details about how the spammer operated. (Though, I think I'd be more tempted to steal the book than actually buy it.)
I have never (well, almost never) violated music copyrights. But were I a Canadian and paid this tax, I would treat the tax as a license. Does anyone know the legal status of this? Does anyone know of any research discussion whether people will behave as I said I would?
My impression is that the music industry is again shooting itself in the foot. But that actually depends on whether the tax does change behavior and enforcement.
Many studies on print readability have shown that for English at least once you to more than about 13 words per line both reading speed and comprehension go down. Letter or A4 sized paper is great for handwritten text, but unless you leave wide margins (or use a very large font) it's inappropriate for print.
Book publishers know this. Look at your professionally published books around you. Where you see wide pages, there are either multiple columns per page or wide margins.
The 80 character width design was set up for a reason. Don't reject it without understanding the original reason and considering whether it still applies. It may not apply for code, but these choices should be considered carefully.
A few weeks ago, I started to see how well candidates' sites held up under the W3C Validator, but I got bored quickly. I'm hoping someone else has already checked this out.
Without the all the numbers, I can't run the test, but from what I've seen, I wouldn't be surprised either way if there is or isn't a "significant" relation. I think it's going to be one the edge.
I wouldn't be surprised if there were a relation due to where the campaigns get their staffers from. The Republicans are likely to have business people as staffers, while the Democrats are more likely to have people who've been community organizers. But I don't think that any such effect will be strong enough to show up decisively in this sample.
- They may think that the (alleged) advantages of FreeBSD over Linux will carry over to desktops for the masses.
- They may think that one day one of these attempts will actually succeed and so would like to have a finger in the pie of mixed metaphors.
- FreeBSD is what they do. So when trying to make one of these Unix for the masses distro's that is what they started with.
I'm not optimistic, in particular because many things that end users may want on their systems (e.g., Flash) aren't native to FreeBSD but must run in linux compatibility mode.I don't want to start a FreeBSD vs Linux flaming session here. As long as most people recognize that a reasonable person (even if incorrect) could believe that FreeBSD has advantages over Linux than those (perceived) advantages may reasonably be seen as giving PC-BSD a better chance.
Many (most) email systems now will allow suffixed addresses, typically using "+" as the separator. Chances are that most of the services that use email address as a username or have the features that allow a third party to detect whether a particular email address is registered will treat "foo@domain.example" as entirely distinct from "foo+bar@domain.example". So most people have easy access to throw away addresses. Unfortunately this doesn't fully solve the problem. Sites use email addresses as identifiers exactly because people remember their own. Using unique addresses for each service defeats that purpose.
The real solution to the real problem is for people to use proper username and password management tools. With such tools users don't have to remember their usernames and passwords, so schemes that try to verify whether a username is registered on a system won't identify to the world the person behind that username the way an email address might.
We all knew back in the early days of Javascript that it would be a security nightmare. But we (collectively) went ahead with it. We put together web pages that depended on it, so browsers had to support it and users had to enable it. Now we've waited so long that it seems impossible to undo what we've done. But maybe it isn't completely impossible to undo. And keep in mind that the longer we wait, the harder it will be to undo.
This sort the conflict of interest is how government ends up working after a while. The FAA has become an in-government institution for the protection of the commercial airline industry, the FDA and the whole Department of Agriculture does the same for farming.
Economists call this Regulatory Capture which Wikipedia defines as
And for another great example, you say: I take it that you haven't been following Dick Cheney's energy policy proposals over the past six years. It's not a coincidence that they look like they were written by the energy industry from day one.I sometimes like to listen to classical on a cheapish low-end component stereo. At 128bps, the quality is so noticiably bad for me as to make it pretty awful. But I don't have that problem with many other types of music under other listening conditions (car, iPod, computer speakers). So when I get a chance (I'm travelling now), I'll see what 256k does for me under the conditions that matter. The results may mean that I'll buy more classical from iTunes.
But it really shouldn't matter to you what difference I hear. Run your own tests, with your own music under your own listening conditions. If the quality difference isn't big enough for you to clearly hear, stick with what has been working for you.
The unexpected age results (that older people were better at telling the difference for the bitrates) may well be a consequence of music choice. Each subject picked their own music, and it is very clear that these quality differences are more noticable in some types of music than in others. The first time I played an iTunes purchased classical piece on a cheap component stereo system, I thought something was broken. I hadn't noticed a problem with most popular music, but I find some jazz and most classical digitized at 128bps un-listenable on my low-end component stereo.
I'm sure it sounds good to your senior US Senator as well.
There may well be value in a gas/oil pipeline from Siberia, but someone should check the numbers very carefully. Other than gas and oil, trade with Russia just isn't going to be that important. Even if non-energy trade with Russia does grow, it will still probably be cheaper to send cargo ships to Oakland or Seattle.