A little follow-up on the topic of writing code that's exposed in the web:
The natural tendency for most programmers is to think of how to make the code work, and to test that it works, given proper inputs. You'll be way ahead of the game both for security and avoiding bugs if you instead think about how your code can be made to FAIL, and test what it does with IMPROPER inputs. That's a major change of how we think for veteran programmers; a newbie may have an advantage if they can establish that mindset early.
Agreed, forums, including Stackoverflow, can certainly provide hints of where to start looking. Then as you said, refer to the documentation to understand exactly what the function does, and precisely what arguments ot takes and how it interprets them.
ALSO after you know a language well, perhaps you've served as a subject matter expert reviewing the certification test for the language, such forums can be a source of creative new ideas, and people may have benchmarked different ways of doing things, etc. Forums can help me find ways to improve my code, if I take the time to thoroughly understand the suggestions I find there. For example "every third day" can be written succinctly as:/* Every third day. */ ( int( time() / (24*60*60) ) % 3 == 0 )
That's an idea you might not think of off the top of your head, but might find on Stackoverflow.
However, if I get an idea from Stackoverflow and don't take time to understand it and verify it, you know what my code does? Neither do I. I didn't take time to find out.:)
* That "every third day" code is off the top of my head, untested and may contain a bug.
As noted in the manual, you not want a log entry every time a someone runs a script which includes a deprecated function; that could be a million times per day, if you have a million visitors. Like most languages, you'll want to set the reporting level higher during development, to see all the notices, then lower on production so you're not spammed by warning you've chosen to disregard.
> But giving the MAFIAA my money? That would be immoral AND stupid (not because I spend a little money, because it's against my own future freedom).
When you boycott a company, for moral reasons or any other, you don't use their products. Stealing the product isn't a boycott. If you ignore the 99.99% of music that's not produced by RIAA, and instead steal the RIAA music, that's not because it "would be immoral" to listen to most music, it's because you a) like what RIAA provides you, and b) would rather steal things than pay for it.
If I'm wrong, I'm very much looking forward to you explaining why it's "stupid AND immoral" to listen to Leannasaurus Rex or the other 14 million bands that aren't represented by the RIAA. So tell me, why exactly is it "stupid AND immoral" to listen to Leannasaurus Rex?
Unless I'm mis-reading your post, you've brought up three different issues:
a) What is the best way to update a PHP script? b) How do Wordpress and Drupal update by default? c) How do you update the PHP interpreter without breaking scripts?
> a) What is the best way to update a PHP script?
Probably the best way is to use a revision control system such as "git", "cvs", "svn", or "hg". You can look at the Wordpress SVN here:
On an up-to-date server, you can run "svn update" to retrieve all of the updates that you're missing. An an older system, you can pull only the specific changes you want, such as security patches: https://core.trac.wordpress.or...
b) How do Wordpress and Drupal update by default?
In a stupid way. The script itself downloads the new version from the Wordpress web site. For this to work, the script (and therefore all scripts on the server) needs to have permission to overwrite files on the server. That's bad because in most cases that means *any* script can change *any* file on the site. Any little security hole in any script allows the bad guy to write whatever he wants, including his own software, and run it on your server. That's a bad idea. It's *possible* to set this up to be reasonably secure, but nobody does. PHP makes the more secure configuration much more difficult than it needs to be.
> c) How do you update the PHP interpreter without breaking scripts?
Most of the time, a function will be deprecated several years before it's removed or disabled by default. Use http://php.net/manual/ to understand the PHP you're writing rather than copying and pasting shit from Stackoverflow that might have been halfway correct six years ago. The manual will let you know if a function is deprecated, and point to the newer approach you should use instead. Aside from using good documentation (not forums) as your primary learning tool and avoiding deprecated functions, you can make your software easier to update and fix later. That's mostly about modularity - keep unrelated things separate. Ideally each function you write would be no longer than about 4-12 lines. A simple, short function is easier to update later. Related functions can be group into classes ( http://php.net/manual/en/langu... ). It's much easier to fix your file uploader if it's all together in a file called "fileuploader.php" rather than being sprayed through "mega_forum_script.php" (8MB).
> *super novice programmer here*... PHP
You have a much harder road ahead of you than us oldtimers who learned in the 1980s and 1990s. Your newbie code will be exposed in the internet, where it'll be attacked several times per hour. That's very high risk. Minimize your exposure by trying to avoid working with confidential data for now. Recognize your limitations and don't try to write a security system or shopping cart with credit card payments right now. When you *do* have to work on something that could cause damage when attacked, consider asking a programmer who is trained in security to do code review. (I've been programming professionally for 20 years, mostly doing security-related code, and I still ask my peers to review my work - there's no shame in that.)
The suspect said he went to bed at 1:00 AM with the4 victim alive, then woke up at 8:30 to find him dead. The water meter indicates the drowning occurred between 1:00 AM and 3:00 AM.
ANY recording of the suspect's voice between 1:00 AM and 8:30 would probably indicate that the suspect is lying. Even if he checked the weather forecast at 4:00 that would indicate he wasn't asleep as claimed.
On the other hand, if records or witness testimony indicates that the habitually suspect uses the Echo several times per hour and he did NOT use it between 1:00 and 8:30, that would be consistent with his claim that he was asleep, somewhat corroborating his story.
As indicated in the subject line of this thread, just Myspace alone offers 53 million free songs by 14 million artists. The vast majority of music is free. Contrary to your belief, apparently, you will in fact NOT die from lack of Justin Bieber.
> it's impossible for them to change that policy at their whim with an updated TOS.
Well yes, it is. That's kinda the point of getting a DRM-free mp3 when you pay your dollar - you can copy that mp3 to any of your devices and nobody can take it away from you. It's *exactly* the same as downloading an mp3 via Bittorrent, except you're not a crook.
> Yes, because iTunes is the only digital distribution platform and has every recording ever made
Apple, Google and Amazon are the top three, probably accounting for 90% of all downloads and yeah they all do DRM-free mp3 and sometimes other formats like flaac.
Face it, your excuse is well passed it's "use by" date. Time to either a) pay your dollar or b) admit you're just a crook, simple as that. Same as shoplifting.
> Or, maybe they want DRM-free recordings in the quality/format that *they* choose and which can't be "disappeared" from their "library" at the whim of some corporation
iTunes sold DRM-encumbered music for six years. For the last eight years, it's been standard MP3 that you can save to any storage you prefer. So your excuse is nearly a decade out of date.
> It's getting harder for people who don't like paying for movies, music, and applications
Uh oh, someone told the truth. Around here we're supposed to pretend that it's something else, other than being cheap.
Maybe that first sentence can be edited to say "people who get no value from the work of record companies". Obviously these people don't want what record companies offer them. That's why they are listening to the 53 million songs by 14 million artists that are available on Myspace, while ignoring the few thousand released by the major labels recently.
What's that? These people are doing the opposite, unlawfully downloading the few songs that the major labels released this week, while ignoring the 53 million songs they can legally get for free, the ones that aren't produced by the major labels? I wonder why they insist on getting the major label music and ignore the vast majority of music, which isn't produced by major labels. I guess they actually DO really want something that the major labels offer, they're just crooks who decide to take it illegally rather than spend the $1 to buy it on itunes or Amazon or whatever.
> There aren't any rooftops in the world too large to be called "gardens".
Maybe a few. Boeing's Everett Factory has a 99 acre roof (building several 767 airliners at once requires a fair bit of room). Tesla's factory will 125 acres, and the Talsmeer Flower Auction is a tad larger. Down the list at #16, an Amazon warehouse is 22 acres - still small farm.
So there are about 20 or so roofs in the world big enough to be a farm.
I'm curious which ISP that is. Most don't allow servers* on a home internet plan. Some block ports 25 and 80, some just disallow it by written policy but don't enforce it.
* Where "servers" means business-type use, not just anything that accepts a connection.
> Yeah, because collective, public ownership is exactly the same as corporate ownership.
Indeed it IS exactly the same. Corporate and collective are synonyms.
The difference between the two approaches you're thinking of is that you'd prefer to FORCE people to pay for my idea, while the public corporation gives them the CHOICE. With the approach you think of when you say "corporation", you can choose to help pay to expand my internet-related service and then share in the profits. Somehow you think it's better if politicians choose what you fund, take your money, and put it toward the projects they choose.
Literally the only difference is you choosing which cooperative (corporate) endeavours you wish to be paet of versus politicians forcing you to be part of the ones they choose.
When a residential user reads Slashdot over a gigabit connection, here's what happens:
1) The browser requests the 150KB web page. 2) At 1Gbps, that 150KB is transferred in 0.00015 seconds. 3) The user reads the page for 15 seconds. 4) GOTO 1 for next web page.
So it's 0.00015 seconds using the connection to fetch a page, 15 seconds looking at the page, 0.00015 loading, 15 seconds reading. You're actually using the connection only 0.001% of the time. During the 99.999% of the time that you're not loading a page, 10,000 of your neighbors are loading their pages. So you can pay a very small percentage of the cost to build and maintain the infrastructure, plus the cost of having you as a customer - costs to send an installer out initially, cost to print and mail your bill each month, etc.
On the other end, Slashdot has their server connected to a business class connection. It's usage pattern is much different:
You load the page (0.00015 seconds) I load the page (0.00015 seconds) APK loads the page (0.00015 seconds) Beau HD loads the page (0.00015 seconds)
The usage is pretty much constant. The capacity isn't divided between 10,000 users, so the cost isn't divided between 10,000 users.
I buy both kinds of connections. At home, I browse Slashdot just like you do, using a high-speed connection for a fraction of a second to load the page. At my data center, I pay $65/Mbps and use it constantly, serving web pages to hundreds of thousands of people.
Neither type of connection is "good" or "bad", they are different types of service useful for different things.
> Sure they may be based on linux but they do not share the philosophy.
That's an interesting comment. Certainly it doesn't match Stallman's GNU philosophy, but Linus's Linux philosophy - maybe not so much conflict there. You pop open a terminal and there's Linux, with the standard Linux tools.
My wife switched from a Linux desktop to a Chromebook, which would also run Ubuntu. To my surprise, she never had any reason to boot Ubuntu - Chrome was all she needed. As someone else said, for her the computer is the web. Battery life was great, it would sleep and wake quickly and without glitches so she'd charge it maybe once a week. Just close the lid when she's not using it and the battery would last a week.
> Should any company have this much capitalisation when there are people living homeless on the streets?
I totally agree. A bunch of people shouldn't be allowed to pool their money and build a $9 billion semiconductor foundry until everyone has good jobs first. Nobody should be putting money into building factories while other people a aren't working. What good does building a billion dollar shipping port do for all those people needing work? How could investors spending $1.5 billion constructing a hospital complex possibly benefit the surrounding community?
Well come to think of it, a company with a billion dollars of capital, or a trillion dollars, is probably paying a few people. Maybe Microsoft does write $10 billion in pay checks every year. Maybe it's kinda good to have hospitals, including specialist facilities that attract people from all over the world to come get treatment in your city (and pay for it in your city).
Maybe when TSMC invested $9.3 billion in their latest fab, most of that $9.3 billion ended up as some schmuck's paycheck - from the construction workers who framed the buildings to the people pulling cable through it and the engineers designing the various machinery that fabs the wafers.
It occurs to me that Ethiopia, Niger, and Bangladesh don't have any big companies doing big projects, and they're among the poorest countries in the world. The big companies are in the United States, the UK, Singapore, Hong Kong, Ireland both nominally and actually - which happen to be the richest countries in the world. Maybe having big, big companies building really big projects has SOME advantages.
But what's missing is that Joe Blow like you and I should be able to get a piece of the action. Instead of some king or whatever owning a semiconductor fab or a shipping port facility by spending a billion of THEIR money to build it, we should all be allowed to get a little piece of the ownership, and a little piece of the profit, by chipping in a little bit of the money to build it. I should be able to chip in $29, and you chip in $290 or whatever. A million people could each put in a little bit and we'll split the profits fairly, based on how much we put in. THAT would be cool. It should be open to any member of the public who wants to participate. We could call it a "public company". Wouldn't it be cool if you could own a piece of TSMC right now for $29? Maybe you could pitch in $60 and become an owner of Microsoft.
You can get your share of TSMC profits for $29, of course, or buy a share of Microsoft for $60. Half the people on Slashdot do. Some people don't realize that they can, because nobody ever explained it to them in an understandable way. Some people know that they CAN, but prefer to instead spend that $60 buying something FROM Microsoft, such as an XBox controller, rather than using their $60 buy MICROSOFT. That's fine if that's what they want to do, of course. A few people are really silly - they decide to spend their money buying FROM Microsoft, then whine and complain that I decided to invest my money buying Microsoft - becoming an owner. They keep whining and they keep being broke buying Xbox and Starbucks lattes. That works fine for me because instead of buying lattes for a month I bought Starbucks stock - the silly people are paying ME $8 for a cup flavored water and milk. Kinda makes me wanna shout at them though "buy the company, not the coffee, and you won't be broke anymore dummy."
If you insist. You suggest that Uber in California is an example of regulators "engage licensees to find ways to do things safely"? I suppose if running undercover stings to arrest Uber drivers is engaging with them to find ways to do things safely:
> In California, you can tint a car's back windows
And I can have solid sheets of aluminum, no back windows at all, on my plane if I choose.
I can call up my local FAA or ATF field office and discuss my *particular plans* with the officer in charge and we'll find a way to do it safely. For example, the ATF may waive/reduce a safety distance requirement when I explain that the shells I'm using don't so much explode as pop open, releasing a cluster of inner effects.
Try calling up California DOT and getting someone with authority to even LISTEN to what you want to do that's outside the rules, let alone figure out compensating safety controls with you and issue a waiver. Maybe tell them you want to tint the front windows darker, but you'll only drive in the day time. That's reasonable. See how far you get with that.
Those lawyers you mentioned have been arguing about what is and isn't a "bonafide sale" since at least the 1800s. Why? Because it matters. This looks a heck lot more like paying $1 to stream than a bonafide sale.
In general, judges tend to not like smartasses who try to make claims like this that they know, and everybody knows, are bullshit.
Their legal argument is better than I expected it to be. However, there are two big problems with their argument:
As another commenter pointed out, they claim to sell the video for $20, then immediately buy it back for $19, they also stream it the customer (bandwidth costs) and edit it (server farm / cpu costs). It's quite obvious they're charging $1 to stream it to you, the "sell it for $20 and buy it back for $19" is a gimmick, it's bullshit. Nobody is buying movies from them, they're paying $1 to stream it.
Their fair use argument regarding DMCA is bogus. They claim that bleeping some words is "transformative", but the relevant portion of the fair use test is if they transform it to a different type of work that DOES NOT COMPETE with the protected work. For example, one may make a sculpture from CDs, or use book pages as wallpaper - nobody is going to buy your wallpaper *instead of* the original book. People WILL choose to stream from Vidangel *instead of* an authorized source such as Netflix or Amazon.
Lastly, the transformative aspect is only *one* part of the four-prong test for fair use. Other considerations include "is it commercial?" They are indeed selling the streaming, doing it commercially, so on that basis it's unlikely to be fair use. It's not educational, etc. It really doesn't match the definition of fair use well.
When you donate property, the deduction from taxable income is the fair market value of the item. That's why the charity gives you a receipt listing the value of the item. Most of the time, that makes sense. Our family donated a $10,000 car. We could have sold the car and donated the $10,000, which the charity would use to buy a car (perhaps our car). Why jump through hoops buying and selling when we can just give the charity what they need?
When Microsoft gives Windows to schools (allows schools to force students to use Windows), Microsoft deducts the "fair market value" of 10,000 copies of Windows.
You may recall the Clintons donated their used underwear and listed the value at $2 - $15 per pair. The reason they listed the value was because the Clintons were treating each pair of used underwear as a tax deduction of $2-$15. The Salvation Army says they're worth max $1/pair, so that's probably tax fraud.
That sounds good to me. What that means, of course, is that the attack wouldn't work for a site you already have an account with (barring combining it with probably two other attacks, plus the MITM, for a total of four simultaneous successful attacks).
I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it:) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.
There's nothing theoretically preventing a master key from working just fine, only PRACTICAL problems of a) keeping the government key secret (while it's used) and b) selecting ciphers and implementations that won't be hacked ten years from now. The practical issues mean it's impractical to have a government master key.
Stallman was talking about how horrible ChromeOS would be before it was even released.
http://m.theregister.co.uk/201...
A little follow-up on the topic of writing code that's exposed in the web:
The natural tendency for most programmers is to think of how to make the code work, and to test that it works, given proper inputs. You'll be way ahead of the game both for security and avoiding bugs if you instead think about how your code can be made to FAIL, and test what it does with IMPROPER inputs. That's a major change of how we think for veteran programmers; a newbie may have an advantage if they can establish that mindset early.
Agreed, forums, including Stackoverflow, can certainly provide hints of where to start looking. Then as you said, refer to the documentation to understand exactly what the function does, and precisely what arguments ot takes and how it interprets them.
ALSO after you know a language well, perhaps you've served as a subject matter expert reviewing the certification test for the language, such forums can be a source of creative new ideas, and people may have benchmarked different ways of doing things, etc. Forums can help me find ways to improve my code, if I take the time to thoroughly understand the suggestions I find there. For example "every third day" can be written succinctly as: /* Every third day. */
( int( time() / (24*60*60) ) % 3 == 0 )
That's an idea you might not think of off the top of your head, but might find on Stackoverflow.
However, if I get an idea from Stackoverflow and don't take time to understand it and verify it, you know what my code does? Neither do I. I didn't take time to find out. :)
* That "every third day" code is off the top of my head, untested and may contain a bug.
> Wait... the PHP interpreter doesn't tell you this?
Of course it does. It issues a warning at level E_DEPRECATED. The manual answers your question here:
http://php.net/manual/en/error...
And here:
http://php.net/manual/en/error...
As noted in the manual, you not want a log entry every time a someone runs a script which includes a deprecated function; that could be a million times per day, if you have a million visitors. Like most languages, you'll want to set the reporting level higher during development, to see all the notices, then lower on production so you're not spammed by warning you've chosen to disregard.
> But giving the MAFIAA my money? That would be immoral AND stupid (not because I spend a little money, because it's against my own future freedom).
When you boycott a company, for moral reasons or any other, you don't use their products. Stealing the product isn't a boycott. If you ignore the 99.99% of music that's not produced by RIAA, and instead steal the RIAA music, that's not because it "would be immoral" to listen to most music, it's because you a) like what RIAA provides you, and b) would rather steal things than pay for it.
If I'm wrong, I'm very much looking forward to you explaining why it's "stupid AND immoral" to listen to Leannasaurus Rex or the other 14 million bands that aren't represented by the RIAA. So tell me, why exactly is it "stupid AND immoral" to listen to Leannasaurus Rex?
Unless I'm mis-reading your post, you've brought up three different issues:
a) What is the best way to update a PHP script?
b) How do Wordpress and Drupal update by default?
c) How do you update the PHP interpreter without breaking scripts?
> a) What is the best way to update a PHP script?
Probably the best way is to use a revision control system such as "git", "cvs", "svn", or "hg". You can look at the Wordpress SVN here:
https://core.trac.wordpress.or...
The system tracks all changes:
https://core.trac.wordpress.or...
On an up-to-date server, you can run "svn update" to retrieve all of the updates that you're missing. An an older system, you can pull only the specific changes you want, such as security patches:
https://core.trac.wordpress.or...
b) How do Wordpress and Drupal update by default?
In a stupid way. The script itself downloads the new version from the Wordpress web site. For this to work, the script (and therefore all scripts on the server) needs to have permission to overwrite files on the server. That's bad because in most cases that means *any* script can change *any* file on the site. Any little security hole in any script allows the bad guy to write whatever he wants, including his own software, and run it on your server. That's a bad idea. It's *possible* to set this up to be reasonably secure, but nobody does. PHP makes the more secure configuration much more difficult than it needs to be.
> c) How do you update the PHP interpreter without breaking scripts?
Most of the time, a function will be deprecated several years before it's removed or disabled by default. Use http://php.net/manual/ to understand the PHP you're writing rather than copying and pasting shit from Stackoverflow that might have been halfway correct six years ago. The manual will let you know if a function is deprecated, and point to the newer approach you should use instead. Aside from using good documentation (not forums) as your primary learning tool and avoiding deprecated functions, you can make your software easier to update and fix later. That's mostly about modularity - keep unrelated things separate. Ideally each function you write would be no longer than about 4-12 lines. A simple, short function is easier to update later. Related functions can be group into classes ( http://php.net/manual/en/langu... ). It's much easier to fix your file uploader if it's all together in a file called "fileuploader.php" rather than being sprayed through "mega_forum_script.php" (8MB).
> *super novice programmer here* ... PHP
You have a much harder road ahead of you than us oldtimers who learned in the 1980s and 1990s. Your newbie code will be exposed in the internet, where it'll be attacked several times per hour. That's very high risk. Minimize your exposure by trying to avoid working with confidential data for now. Recognize your limitations and don't try to write a security system or shopping cart with credit card payments right now. When you *do* have to work on something that could cause damage when attacked, consider asking a programmer who is trained in security to do code review. (I've been programming professionally for 20 years, mostly doing security-related code, and I still ask my peers to review my work - there's no shame in that.)
The suspect said he went to bed at 1:00 AM with the4 victim alive, then woke up at 8:30 to find him dead. The water meter indicates the drowning occurred between 1:00 AM and 3:00 AM.
ANY recording of the suspect's voice between 1:00 AM and 8:30 would probably indicate that the suspect is lying. Even if he checked the weather forecast at 4:00 that would indicate he wasn't asleep as claimed.
On the other hand, if records or witness testimony indicates that the habitually suspect uses the Echo several times per hour and he did NOT use it between 1:00 and 8:30, that would be consistent with his claim that he was asleep, somewhat corroborating his story.
> It's like cheap but without any alternatives.
As indicated in the subject line of this thread, just Myspace alone offers 53 million free songs by 14 million artists. The vast majority of music is free. Contrary to your belief, apparently, you will in fact NOT die from lack of Justin Bieber.
> it's impossible for them to change that policy at their whim with an updated TOS.
Well yes, it is. That's kinda the point of getting a DRM-free mp3 when you pay your dollar - you can copy that mp3 to any of your devices and nobody can take it away from you. It's *exactly* the same as downloading an mp3 via Bittorrent, except you're not a crook.
> Yes, because iTunes is the only digital distribution platform and has every recording ever made
Apple, Google and Amazon are the top three, probably accounting for 90% of all downloads and yeah they all do DRM-free mp3 and sometimes other formats like flaac.
Face it, your excuse is well passed it's "use by" date. Time to either a) pay your dollar or b) admit you're just a crook, simple as that. Same as shoplifting.
> Or, maybe they want DRM-free recordings in the quality/format that *they* choose and which can't be "disappeared" from their "library" at the whim of some corporation
iTunes sold DRM-encumbered music for six years. For the last eight years, it's been standard MP3 that you can save to any storage you prefer. So your excuse is nearly a decade out of date.
> It's getting harder for people who don't like paying for movies, music, and applications
Uh oh, someone told the truth. Around here we're supposed to pretend that it's something else, other than being cheap.
Maybe that first sentence can be edited to say "people who get no value from the work of record companies". Obviously these people don't want what record companies offer them. That's why they are listening to the 53 million songs by 14 million artists that are available on Myspace, while ignoring the few thousand released by the major labels recently.
What's that? These people are doing the opposite, unlawfully downloading the few songs that the major labels released this week, while ignoring the 53 million songs they can legally get for free, the ones that aren't produced by the major labels? I wonder why they insist on getting the major label music and ignore the vast majority of music, which isn't produced by major labels. I guess they actually DO really want something that the major labels offer, they're just crooks who decide to take it illegally rather than spend the $1 to buy it on itunes or Amazon or whatever.
Solar farm
> There aren't any rooftops in the world too large to be called "gardens".
Maybe a few. Boeing's Everett Factory has a 99 acre roof (building several 767 airliners at once requires a fair bit of room). Tesla's factory will 125 acres, and the Talsmeer Flower Auction is a tad larger. Down the list at #16, an Amazon warehouse is 22 acres - still small farm.
So there are about 20 or so roofs in the world big enough to be a farm.
I'm curious which ISP that is. Most don't allow servers* on a home internet plan. Some block ports 25 and 80, some just disallow it by written policy but don't enforce it.
* Where "servers" means business-type use, not just anything that accepts a connection.
> Yeah, because collective, public ownership is exactly the same as corporate ownership.
Indeed it IS exactly the same. Corporate and collective are synonyms.
The difference between the two approaches you're thinking of is that you'd prefer to FORCE people to pay for my idea, while the public corporation gives them the CHOICE. With the approach you think of when you say "corporation", you can choose to help pay to expand my internet-related service and then share in the profits. Somehow you think it's better if politicians choose what you fund, take your money, and put it toward the projects they choose.
Literally the only difference is you choosing which cooperative (corporate) endeavours you wish to be paet of versus politicians forcing you to be part of the ones they choose.
When a residential user reads Slashdot over a gigabit connection, here's what happens:
1) The browser requests the 150KB web page.
2) At 1Gbps, that 150KB is transferred in 0.00015 seconds.
3) The user reads the page for 15 seconds.
4) GOTO 1 for next web page.
So it's 0.00015 seconds using the connection to fetch a page, 15 seconds looking at the page, 0.00015 loading, 15 seconds reading. You're actually using the connection only 0.001% of the time. During the 99.999% of the time that you're not loading a page, 10,000 of your neighbors are loading their pages. So you can pay a very small percentage of the cost to build and maintain the infrastructure, plus the cost of having you as a customer - costs to send an installer out initially, cost to print and mail your bill each month, etc.
On the other end, Slashdot has their server connected to a business class connection. It's usage pattern is much different:
You load the page (0.00015 seconds)
I load the page (0.00015 seconds)
APK loads the page (0.00015 seconds)
Beau HD loads the page (0.00015 seconds)
The usage is pretty much constant. The capacity isn't divided between 10,000 users, so the cost isn't divided between 10,000 users.
I buy both kinds of connections. At home, I browse Slashdot just like you do, using a high-speed connection for a fraction of a second to load the page. At my data center, I pay $65/Mbps and use it constantly, serving web pages to hundreds of thousands of people.
Neither type of connection is "good" or "bad", they are different types of service useful for different things.
> Sure they may be based on linux but they do not share the philosophy.
That's an interesting comment. Certainly it doesn't match Stallman's GNU philosophy, but Linus's Linux philosophy - maybe not so much conflict there. You pop open a terminal and there's Linux, with the standard Linux tools.
My wife switched from a Linux desktop to a Chromebook, which would also run Ubuntu. To my surprise, she never had any reason to boot Ubuntu - Chrome was all she needed. As someone else said, for her the computer is the web. Battery life was great, it would sleep and wake quickly and without glitches so she'd charge it maybe once a week. Just close the lid when she's not using it and the battery would last a week.
> Should any company have this much capitalisation when there are people living homeless on the streets?
I totally agree. A bunch of people shouldn't be allowed to pool their money and build a $9 billion semiconductor foundry until everyone has good jobs first. Nobody should be putting money into building factories while other people a aren't working. What good does building a billion dollar shipping port do for all those people needing work? How could investors spending $1.5 billion constructing a hospital complex possibly benefit the surrounding community?
Well come to think of it, a company with a billion dollars of capital, or a trillion dollars, is probably paying a few people. Maybe Microsoft does write $10 billion in pay checks every year. Maybe it's kinda good to have hospitals, including specialist facilities that attract people from all over the world to come get treatment in your city (and pay for it in your city).
Maybe when TSMC invested $9.3 billion in their latest fab, most of that $9.3 billion ended up as some schmuck's paycheck - from the construction workers who framed the buildings to the people pulling cable through it and the engineers designing the various machinery that fabs the wafers.
It occurs to me that Ethiopia, Niger, and Bangladesh don't have any big companies doing big projects, and they're among the poorest countries in the world. The big companies are in the United States, the UK, Singapore, Hong Kong, Ireland both nominally and actually - which happen to be the richest countries in the world. Maybe having big, big companies building really big projects has SOME advantages.
But what's missing is that Joe Blow like you and I should be able to get a piece of the action. Instead of some king or whatever owning a semiconductor fab or a shipping port facility by spending a billion of THEIR money to build it, we should all be allowed to get a little piece of the ownership, and a little piece of the profit, by chipping in a little bit of the money to build it. I should be able to chip in $29, and you chip in $290 or whatever. A million people could each put in a little bit and we'll split the profits fairly, based on how much we put in. THAT would be cool. It should be open to any member of the public who wants to participate. We could call it a "public company". Wouldn't it be cool if you could own a piece of TSMC right now for $29? Maybe you could pitch in $60 and become an owner of Microsoft.
You can get your share of TSMC profits for $29, of course, or buy a share of Microsoft for $60. Half the people on Slashdot do. Some people don't realize that they can, because nobody ever explained it to them in an understandable way. Some people know that they CAN, but prefer to instead spend that $60 buying something FROM Microsoft, such as an XBox controller, rather than using their $60 buy MICROSOFT. That's fine if that's what they want to do, of course. A few people are really silly - they decide to spend their money buying FROM Microsoft, then whine and complain that I decided to invest my money buying Microsoft - becoming an owner. They keep whining and they keep being broke buying Xbox and Starbucks lattes. That works fine for me because instead of buying lattes for a month I bought Starbucks stock - the silly people are paying ME $8 for a cup flavored water and milk. Kinda makes me wanna shout at them though "buy the company, not the coffee, and you won't be broke anymore dummy."
> How about my other two examples?
If you insist. You suggest that Uber in California is an example of regulators "engage licensees to find ways to do things safely"? I suppose if running undercover stings to arrest Uber drivers is engaging with them to find ways to do things safely:
www.scpr.org/news/2016/11/14/65778/uber-lyft-drivers-nabbed-in-lapd-stings-funded-by.amp
> In California, you can tint a car's back windows
And I can have solid sheets of aluminum, no back windows at all, on my plane if I choose.
I can call up my local FAA or ATF field office and discuss my *particular plans* with the officer in charge and we'll find a way to do it safely. For example, the ATF may waive/reduce a safety distance requirement when I explain that the shells I'm using don't so much explode as pop open, releasing a cluster of inner effects.
Try calling up California DOT and getting someone with authority to even LISTEN to what you want to do that's outside the rules, let alone figure out compensating safety controls with you and issue a waiver. Maybe tell them you want to tint the front windows darker, but you'll only drive in the day time. That's reasonable. See how far you get with that.
Those lawyers you mentioned have been arguing about what is and isn't a "bonafide sale" since at least the 1800s. Why? Because it matters. This looks a heck lot more like paying $1 to stream than a bonafide sale.
In general, judges tend to not like smartasses who try to make claims like this that they know, and everybody knows, are bullshit.
Their legal argument is better than I expected it to be. However, there are two big problems with their argument:
As another commenter pointed out, they claim to sell the video for $20, then immediately buy it back for $19, they also stream it the customer (bandwidth costs) and edit it (server farm / cpu costs). It's quite obvious they're charging $1 to stream it to you, the "sell it for $20 and buy it back for $19" is a gimmick, it's bullshit. Nobody is buying movies from them, they're paying $1 to stream it.
Their fair use argument regarding DMCA is bogus. They claim that bleeping some words is "transformative", but the relevant portion of the fair use test is if they transform it to a different type of work that DOES NOT COMPETE with the protected work. For example, one may make a sculpture from CDs, or use book pages as wallpaper - nobody is going to buy your wallpaper *instead of* the original book. People WILL choose to stream from Vidangel *instead of* an authorized source such as Netflix or Amazon.
Lastly, the transformative aspect is only *one* part of the four-prong test for fair use. Other considerations include "is it commercial?" They are indeed selling the streaming, doing it commercially, so on that basis it's unlikely to be fair use. It's not educational, etc. It really doesn't match the definition of fair use well.
When you donate property, the deduction from taxable income is the fair market value of the item. That's why the charity gives you a receipt listing the value of the item. Most of the time, that makes sense. Our family donated a $10,000 car. We could have sold the car and donated the $10,000, which the charity would use to buy a car (perhaps our car). Why jump through hoops buying and selling when we can just give the charity what they need?
When Microsoft gives Windows to schools (allows schools to force students to use Windows), Microsoft deducts the "fair market value" of 10,000 copies of Windows.
You may recall the Clintons donated their used underwear and listed the value at $2 - $15 per pair. The reason they listed the value was because the Clintons were treating each pair of used underwear as a tax deduction of $2-$15. The Salvation Army says they're worth max $1/pair, so that's probably tax fraud.
That sounds good to me. What that means, of course, is that the attack wouldn't work for a site you already have an account with (barring combining it with probably two other attacks, plus the MITM, for a total of four simultaneous successful attacks).
I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it :) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.
There's nothing theoretically preventing a master key from working just fine, only PRACTICAL problems of a) keeping the government key secret (while it's used) and b) selecting ciphers and implementations that won't be hacked ten years from now. The practical issues mean it's impractical to have a government master key.