Cute approach, but it does have one significant shortcoming. Namely, if someone ever does compromise your password and your method, they'll have continuous access to your system until you detect their presence. This makes password changes less useful. You're using the MD5 entropy as a substitute for true randomness and it doesn't quite work.
Of course, in practice, unless you do something silly like posting your method on a publicly accessible message board, no one's likely to figure out where you're pulling your new passwords from....:-) But really, for a small personal system, it sounds like an acceptable approach, but why not just roll 1d4, add 6, and roll Nd50 to generate a truly random password?
Pragmatically, what you say is correct. If the appellate courts won't recognize a right, you cannot exercise it. Whether that means you have a right in the first place is a philosophical and/or linguistic question. Still, one need not look further than the civil rights era or World War II era Japanese interment rulings to find cases where the system failed to protect rights that citizens pretty clearly had.
That is why I generally distinguish (at least in my own head) between legally protected rights and moral (inalienable?) rights. I don't believe anyone should take the court's word as to whether we have (or should have) a particular right. Courts screw up, even the Supreme Court, and there are recourses, albeit difficult ones.
Anyway, I don't know much about the particulars of this circuit other than the reputation for being out in left field, I just bristle at the implication that courts have a special place to declare what rights we have that is somehow above scrutiny. From your reply, I don't think you feel that way, but I inferred it from your original post.
Sometimes it's better not to bring public attention to the tribulations of a project. It sounds like a pretty small project at that, so it may not help to tame the "problem" developers to bring them under public scrutiny as being such. I don't really see why it matters which project it is or who is involved -- there are plenty of different ways to deal with personnel (or personal) problems and the slashdot crowd probably has lots of experience with lots of them. I think it'll be an interesting and perhaps even helpful thread, even without public exposure for the project that inspired the question.
No, the FBI and law enforcement in general don't have a great reputation for having a good sense of proportionality. Whether that's a fair reputation, I don't know. However, I have a feeling that if their casinos ARE illegal, their pro-active invitation to the FBI to investigate like this will work very much in their favor. It probably substantially increases the odds that they receive a stern warning to shut down the casinos and submit to another investigation to show that they have done so, rather than having the FBI show up at their server room door with (or without) a warrant and shutting the whole thing down to investigate. Basically, it demonstrates good faith and is a bow to the authority of the FBI to enforce gambling laws. If there's anything that law enforcement typically DOES have, it's an appreciation for being shown respect.
Yeah, yeah, I know. I was trying to avoid touching this point other than tangentially.
I agree that it's a somewhat flawed analogy, but it's not quite that simple or as "horrible" as you make it out. If you steal a Corvette from the dealer, you will be charged with a theft appropriate to the retail value of the car, which is substantially higher than either the dealer's or manufacturer's cost to acquire or produce that item. There's an assumption being made that the car would have sold at the retail price or it'd have been valued at the lower prices.
There's a similar assumption being made with valuating piracy. Is the cost zero? Absolutely not. That's a ridiculous characterization. Is it MSRP x number of instances? No, that's also ridiculous. It's somewhere in between. You can argue that any method is flawed, but at least the latter is straightforward to calculate and of probably the right order of magnitude.
It is nearly impossible to prove that piracy costs money since you can't prove the sale wouldn't have happened anyway.
I think that's why they simply use the rule "number of copies" x "retail price." This is not quite the real true value, but I think it's consistent with a physical theft of unsold merchandise. I think the theft would be valued at the selling price rather than the wholesale price that the merchant paid to acquire them. The argument that software piracy has no monetary damage because it's "number of copies x "marginal cost of production" (or whatever) and the second number is $0 is not really consistent with ordinary theft. (Note of course that it's not quite same thing, but it's similar)
I'm not saying I agree with the numbers you come up with through this method as the most honest, fair numbers to use, but I do note that people wouldn't argue that, say, stealing a new Corvette is only a $5000 theft since that's all it costs (marginally) to build the car. Insert whatever number you want for the $5000, I have no idea what it really is, except that it's far below the MSRP).
First of all, as someone with both EECS and physics undergrad degrees, who's worked professionally as a hardware/software engineer, and is currently in a physics PhD program, I think I have some idea of how the world works as it pertains to my post.
Second, I never argued that a science (computer, physical, medical, whatever) should not have a practical component at all -- I don't have any idea where you got that. My point was that at the undergrad level, the amount of time available for it is limited. The best use of that time is to focus on the particular skills that can be used to demonstrate the fundamentals of the curriculum rather than futilely trying to create experts of the practical side at the expense of the theoretical background. This is, for example, why many CS programs use/used "impractical" languages (scheme, lisp, etc) rather than spending a long time on the "more practical" languages.
Third, notice that all your counterexamples are NOT undergraduate level. Masters degrees are typically 2-3 years focussed research and medical, well, you're lucky if you are out of school and done with your residency much before you're 30. I'll grant that some sciences have a more standard set of experimental techniques, but still, it's pretty rare to get a job that's much more than basically a lab tech or the equivalent apprenticeship with a bachelor's degree in these fields.
Anyway, I completely agree that someone who wants to come out ahead should do a lot of work above and beyond the curriculum. However, I disagree that this means there's anything wrong with the curriculum itself.
I think the solution then is to not offer what you types call a "pure" comp.sci degree. Because no other science is purely book work.
Almost any science program focuses on the science itself, not the huge variety of practical engineering-type yak-shaving techniques that you may end up spending most of your time actually doing. There's so much actual science to be learned that you just can't fit in specific classes to cover all the practical details you may need experience in. I don't see that computer science needs to be treated differently in this regard.
For example, even a physics undergrad degree program doesn't typically include the engineering training that you'd need to design a cryostat or a particle detector. It includes the background science on these, but when it comes time in your career to actually do this, there's still a lot of specifics left to learn. There are so many different specifics that you may need, depending on what area of physics you go into, it's just not reasonable to include them in the degree.
What you get instead are lab classes and undergraduate thesis projects. The former expose you to a random smattering of specific techniques, but typically no actual instrument design. These usually try to cover a broad range of techniques, but there's still only time to do a few. Your undergrad thesis project probably concerns an area you're likely to go into, so it's a good opportunity to learn some specific techniques in more depth, but even that is usually a very limited project.
I don't see why "computer science" should be treated much differently from other sciences. It has the same issue with squeezing both the theoretical background and practical issues into a reasonable program. There is such a huge number of technologies / languages / code management tools / etc out there, that no matter what subset they choose, it's going to be the wrong set for a large number of graduates.
I agree with whoever it was who suggested having separate degrees for CS and software engineering. What's the problem with a computer science degree aimed at those who really want the background and a software engineering degree that offers a mix of computer science courses and specific practical issues? The world needs both programmers and computer scientists, and they have pretty different educational needs.
Well, I wasn't really talking about this specific situation so much as responding to the parent's reference to actual guilt. Even in the civil arena, though, guilt exists as a concept, but the language is different. If you've broken the law (you filthy tortfeasor), you're actually guilty (of the tort) and may be found legally liable.
Still, I stand by the modified statement: Ideally, the accuser wouldn't accuse unless the accused were actually liable. Obviously, we can't achieve the ideal because, as you say, the full evidence may not be available until the process is begun. Still, litigants should have a pretty high degree of good faith belief that they are suing the right person before they initiate an action. It's often the case (or, more precisely, it seems often given the biased cross section presented on slashdot or on the news) that a wronged party takes the position that they're entitled to relief from somebody so they just go after someone who they think they can recover from. That covers **AA type lawsuits as well as a lot of others... If you're suing the wrong party more than very occasionally, odds are good that you're abusing the system.
I'm not sure this ruling was a great example of what you're happy that the courts are "starting to realize." The judge ruled that the license agreement didn't say what the DVD producers thought it said and that since their lawyers wrote it, it was to be construed in favor of the other party when it was unclear. I'm glad he didn't go the other way -- I'm sure there were ways to construe things the other way around, but still, this wasn't really a big DMCA slap-down so much as a license agreement slapdown.
Still, mark one up for the good guys. We'll take what they can get!
But without my work, they have no business. The value of their system isn't really the search engine so much as the database behind it. There's nothing wrong with doing it with permission and the actual monetary value of any individual, as pointed out, is really almost nothing. However, an author ought to be able to opt out. As others have said, the school could just require students to opt in -- that'd probably work for a private school/university, but I think it'd be a thorny requirement for a public one -- particularly a high school-level one. (I don't know if they're serving this market though, so don't try to "correct" me please...)
Ideally, the accuser would make sure the accused was actually guilty before accusing. Nobody is legally guilty until the courts say so, but actual guilt has nothing to do with legal guilt (except, perhaps, that it's easier to find someone legally guilty if they're actually guilty).
Then stipulate in your license with your client not to allow indexing. After all, you are granting them a license to use it so you are free to add such a term.
The amount of money is irrelevant. I'd be more concerned about a company I know is making profit off my (and other students) work than a hypothetical student who may make a better grade by using my work.
Trying to define morality as you are doing takes all the meaning out of it. Your approach makes any prescriptive statement a moral one, but it does not match with what people mean when they say it. Not every prescription that has a moral basis is itself a moral prescription. Here, that basis is the assumption that one is interested in self-preservation. Sure, whether that is a laudable interest is a moral question. However, once you take that goal as a basis, statements about what you should do to further that goal can be completely amoral.
To use the example of the day, "you should not eat sand," usully means, "if you want to preserve your health, you should not eat sand." The latter statement is clearly amoral, and that is what the utterer of the former usually means. As evidence of this, consider how one might normally argue with it. Would one argue that one should eat sand because we are all sinners and should bring harm to ourselves as penance or would one argue something about how sand is mostly inert and therefore not actually a harmful addition, in moderation, to an otherwise balanced diet?
Sure, you can talk about the morality of the basis (and we often do, say, for sex or drugs), but it is far from automatic that a discussion is really a stealthy moral one.
Yeah, I realized this later last night but kept mum in the hopes that it would just blow over... At least it got caught by a nice guy rather than an angry math nazi.;-) Please just promise you won't tell my advisor (for my CMB-related thesis, too... but it's ok, I'm an experimentalist so I'm doing pretty well to even know to worry about these distinctions;-) )
Yeah, well, the moron part comes along because I was trying to wow everyone with my technical prowess and then I went and got it wrong. The only thing worse than a geek showing off is a geek showing off when he's wrong...:-)
Oh wait, I'm a moron. They're not a complete basis, except for the angular dependence of solutions to Laplace's equation so the restriction on the function is substantially tighter than I suggested. Never mind. Please mod me -1: hasn't done real math in too long.
Spherical harmonics form a "complete basis" for functions on a sphere. This means you can represent any suitably smooth function as a sum of these harmonics. Here, "suitably smooth" is my stand-in for a precise mathematical requirement -- probably continuous and continuously differentiable, but I don't remember for sure off-hand. Basically, as long as your function doesn't have discrete jumps in it, you can expand it in spherical harmonics.
It may be export controlled, but it's not nearly as tightly controlled as the actual explosives necessary to do something "fun" with it, which was my point.
Slashdot Mirror
We're talking about law here. Don't try to bring right and wrong into it, it'll only confuse the real issues. :-)
Cute approach, but it does have one significant shortcoming. Namely, if someone ever does compromise your password and your method, they'll have continuous access to your system until you detect their presence. This makes password changes less useful. You're using the MD5 entropy as a substitute for true randomness and it doesn't quite work.
:-) But really, for a small personal system, it sounds like an acceptable approach, but why not just roll 1d4, add 6, and roll Nd50 to generate a truly random password?
Of course, in practice, unless you do something silly like posting your method on a publicly accessible message board, no one's likely to figure out where you're pulling your new passwords from....
Pragmatically, what you say is correct. If the appellate courts won't recognize a right, you cannot exercise it. Whether that means you have a right in the first place is a philosophical and/or linguistic question. Still, one need not look further than the civil rights era or World War II era Japanese interment rulings to find cases where the system failed to protect rights that citizens pretty clearly had.
That is why I generally distinguish (at least in my own head) between legally protected rights and moral (inalienable?) rights. I don't believe anyone should take the court's word as to whether we have (or should have) a particular right. Courts screw up, even the Supreme Court, and there are recourses, albeit difficult ones.
Anyway, I don't know much about the particulars of this circuit other than the reputation for being out in left field, I just bristle at the implication that courts have a special place to declare what rights we have that is somehow above scrutiny. From your reply, I don't think you feel that way, but I inferred it from your original post.
Right, because the other courts are infallible in this regard.
Sometimes it's better not to bring public attention to the tribulations of a project. It sounds like a pretty small project at that, so it may not help to tame the "problem" developers to bring them under public scrutiny as being such. I don't really see why it matters which project it is or who is involved -- there are plenty of different ways to deal with personnel (or personal) problems and the slashdot crowd probably has lots of experience with lots of them. I think it'll be an interesting and perhaps even helpful thread, even without public exposure for the project that inspired the question.
No, the FBI and law enforcement in general don't have a great reputation for having a good sense of proportionality. Whether that's a fair reputation, I don't know. However, I have a feeling that if their casinos ARE illegal, their pro-active invitation to the FBI to investigate like this will work very much in their favor. It probably substantially increases the odds that they receive a stern warning to shut down the casinos and submit to another investigation to show that they have done so, rather than having the FBI show up at their server room door with (or without) a warrant and shutting the whole thing down to investigate. Basically, it demonstrates good faith and is a bow to the authority of the FBI to enforce gambling laws. If there's anything that law enforcement typically DOES have, it's an appreciation for being shown respect.
Yeah, yeah, I know. I was trying to avoid touching this point other than tangentially.
I agree that it's a somewhat flawed analogy, but it's not quite that simple or as "horrible" as you make it out. If you steal a Corvette from the dealer, you will be charged with a theft appropriate to the retail value of the car, which is substantially higher than either the dealer's or manufacturer's cost to acquire or produce that item. There's an assumption being made that the car would have sold at the retail price or it'd have been valued at the lower prices.
There's a similar assumption being made with valuating piracy. Is the cost zero? Absolutely not. That's a ridiculous characterization. Is it MSRP x number of instances? No, that's also ridiculous. It's somewhere in between. You can argue that any method is flawed, but at least the latter is straightforward to calculate and of probably the right order of magnitude.
I'm not saying I agree with the numbers you come up with through this method as the most honest, fair numbers to use, but I do note that people wouldn't argue that, say, stealing a new Corvette is only a $5000 theft since that's all it costs (marginally) to build the car. Insert whatever number you want for the $5000, I have no idea what it really is, except that it's far below the MSRP).
Cute? Come on, Tom, don't be a dick.
First of all, as someone with both EECS and physics undergrad degrees, who's worked professionally as a hardware/software engineer, and is currently in a physics PhD program, I think I have some idea of how the world works as it pertains to my post.
Second, I never argued that a science (computer, physical, medical, whatever) should not have a practical component at all -- I don't have any idea where you got that. My point was that at the undergrad level, the amount of time available for it is limited. The best use of that time is to focus on the particular skills that can be used to demonstrate the fundamentals of the curriculum rather than futilely trying to create experts of the practical side at the expense of the theoretical background. This is, for example, why many CS programs use/used "impractical" languages (scheme, lisp, etc) rather than spending a long time on the "more practical" languages.
Third, notice that all your counterexamples are NOT undergraduate level. Masters degrees are typically 2-3 years focussed research and medical, well, you're lucky if you are out of school and done with your residency much before you're 30. I'll grant that some sciences have a more standard set of experimental techniques, but still, it's pretty rare to get a job that's much more than basically a lab tech or the equivalent apprenticeship with a bachelor's degree in these fields.
Anyway, I completely agree that someone who wants to come out ahead should do a lot of work above and beyond the curriculum. However, I disagree that this means there's anything wrong with the curriculum itself.
For example, even a physics undergrad degree program doesn't typically include the engineering training that you'd need to design a cryostat or a particle detector. It includes the background science on these, but when it comes time in your career to actually do this, there's still a lot of specifics left to learn. There are so many different specifics that you may need, depending on what area of physics you go into, it's just not reasonable to include them in the degree.
What you get instead are lab classes and undergraduate thesis projects. The former expose you to a random smattering of specific techniques, but typically no actual instrument design. These usually try to cover a broad range of techniques, but there's still only time to do a few. Your undergrad thesis project probably concerns an area you're likely to go into, so it's a good opportunity to learn some specific techniques in more depth, but even that is usually a very limited project.
I don't see why "computer science" should be treated much differently from other sciences. It has the same issue with squeezing both the theoretical background and practical issues into a reasonable program. There is such a huge number of technologies / languages / code management tools / etc out there, that no matter what subset they choose, it's going to be the wrong set for a large number of graduates.
I agree with whoever it was who suggested having separate degrees for CS and software engineering. What's the problem with a computer science degree aimed at those who really want the background and a software engineering degree that offers a mix of computer science courses and specific practical issues? The world needs both programmers and computer scientists, and they have pretty different educational needs.
I'm not sure about even that -- how many remote exploits did MS-DOS 2.0 have?
Well, I wasn't really talking about this specific situation so much as responding to the parent's reference to actual guilt. Even in the civil arena, though, guilt exists as a concept, but the language is different. If you've broken the law (you filthy tortfeasor), you're actually guilty (of the tort) and may be found legally liable.
Still, I stand by the modified statement: Ideally, the accuser wouldn't accuse unless the accused were actually liable. Obviously, we can't achieve the ideal because, as you say, the full evidence may not be available until the process is begun. Still, litigants should have a pretty high degree of good faith belief that they are suing the right person before they initiate an action. It's often the case (or, more precisely, it seems often given the biased cross section presented on slashdot or on the news) that a wronged party takes the position that they're entitled to relief from somebody so they just go after someone who they think they can recover from. That covers **AA type lawsuits as well as a lot of others... If you're suing the wrong party more than very occasionally, odds are good that you're abusing the system.
I'm not sure this ruling was a great example of what you're happy that the courts are "starting to realize." The judge ruled that the license agreement didn't say what the DVD producers thought it said and that since their lawyers wrote it, it was to be construed in favor of the other party when it was unclear. I'm glad he didn't go the other way -- I'm sure there were ways to construe things the other way around, but still, this wasn't really a big DMCA slap-down so much as a license agreement slapdown.
Still, mark one up for the good guys. We'll take what they can get!
But without my work, they have no business. The value of their system isn't really the search engine so much as the database behind it. There's nothing wrong with doing it with permission and the actual monetary value of any individual, as pointed out, is really almost nothing. However, an author ought to be able to opt out. As others have said, the school could just require students to opt in -- that'd probably work for a private school/university, but I think it'd be a thorny requirement for a public one -- particularly a high school-level one. (I don't know if they're serving this market though, so don't try to "correct" me please...)
Ideally, the accuser would make sure the accused was actually guilty before accusing. Nobody is legally guilty until the courts say so, but actual guilt has nothing to do with legal guilt (except, perhaps, that it's easier to find someone legally guilty if they're actually guilty).
Then stipulate in your license with your client not to allow indexing. After all, you are granting them a license to use it so you are free to add such a term.
Except google.com will completely respect your robots.txt file if you prefer not to be indexed.
The amount of money is irrelevant. I'd be more concerned about a company I know is making profit off my (and other students) work than a hypothetical student who may make a better grade by using my work.
and I think that's promiscuously inappropriate use of the friend feature, so I'm marking you a foe. Nothing personal, you rogue!!
Trying to define morality as you are doing takes all the meaning out of it. Your approach makes any prescriptive statement a moral one, but it does not match with what people mean when they say it. Not every prescription that has a moral basis is itself a moral prescription. Here, that basis is the assumption that one is interested in self-preservation. Sure, whether that is a laudable interest is a moral question. However, once you take that goal as a basis, statements about what you should do to further that goal can be completely amoral.
To use the example of the day, "you should not eat sand," usully means, "if you want to preserve your health, you should not eat sand." The latter statement is clearly amoral, and that is what the utterer of the former usually means. As evidence of this, consider how one might normally argue with it. Would one argue that one should eat sand because we are all sinners and should bring harm to ourselves as penance or would one argue something about how sand is mostly inert and therefore not actually a harmful addition, in moderation, to an otherwise balanced diet?
Sure, you can talk about the morality of the basis (and we often do, say, for sex or drugs), but it is far from automatic that a discussion is really a stealthy moral one.
Yeah, I realized this later last night but kept mum in the hopes that it would just blow over... At least it got caught by a nice guy rather than an angry math nazi. ;-) Please just promise you won't tell my advisor (for my CMB-related thesis, too... but it's ok, I'm an experimentalist so I'm doing pretty well to even know to worry about these distinctions ;-) )
Yeah, well, the moron part comes along because I was trying to wow everyone with my technical prowess and then I went and got it wrong. The only thing worse than a geek showing off is a geek showing off when he's wrong... :-)
Oh wait, I'm a moron. They're not a complete basis, except for the angular dependence of solutions to Laplace's equation so the restriction on the function is substantially tighter than I suggested. Never mind. Please mod me -1: hasn't done real math in too long.
Spherical harmonics form a "complete basis" for functions on a sphere. This means you can represent any suitably smooth function as a sum of these harmonics. Here, "suitably smooth" is my stand-in for a precise mathematical requirement -- probably continuous and continuously differentiable, but I don't remember for sure off-hand. Basically, as long as your function doesn't have discrete jumps in it, you can expand it in spherical harmonics.
It may be export controlled, but it's not nearly as tightly controlled as the actual explosives necessary to do something "fun" with it, which was my point.