With very few exceptions, I don't think refinements to the details like exactly what counts as a catch have changed how the game is played much. A receiver tries to catch a ball today the same way they tried to catch it in 1970. The skill hasn't changed. It's possible that an attempted catch might be ruled a fumble today and incomplete 40 years ago, but that changes what the officials do. The player will still do the exact same thing - reach out and try to get control of the ball.
Of course there are exceptions, primarily changes related to player safety, where it's now against the rules to do certain dangerous things.
I guess my fingers didn't believe it could be true and autocorrected what I told them to type. It's interesting that the Microsoft announcement is MORE support for Mac and LESS support for Windows.
You seem to be confusing two totally different things. Mac users had a perfectly working version of Skype. Microsoft broke what had already been working, by changing the network protocol and turning off the existing servers. Skype worked fine on Mac, then one day Microsoft starting rejecting EXISTING clients, and it's still broken today.
You seem to be confusing that vs writing NEW versions of applications for unpatched operating systems. Apple is saying "if you want the new features in new versions of the application software, download the OS update." What Microsoft did was cut off existing versions that worked just fine.
Another point that may be confusing if you're unfamiliar of anything outside of Microsoft's ass crack - updating OSX means downloading a free update, not paying hundreds of dollars and completely wiping the machine like you tend to do in Windows. My 2008 Mac Pro has the latest version of OSX and the Apple applications. I didn't pay them a thousand dollars to update the OS, the Office suite, the mail client, etc. I just click "yes" to install the free update. It's not that hard.
> can't help but think "bug bounties" aren't proper capitalism since there's little competition.
I'm not sure quite what you mean here. Just the other day I looked over a list of bug bounty programs to see if it might mange sense for me to analyze some of the software specifically for the purpose of collecting bounties. There were quite a few companies offering bounties, competing for my services analyzing their software. Based on what I saw, there is a reasonable amount if competition on that side, many buyers of bugs.
One company I saw has a bug bounty program sells software that I use on a daily basis and occasionally debug. I've sent them patches and suggestions before, outside of any bug-bounty program. Looking at the rewards offered, it seemed to me that it _might_ make sense for me to analyze certain software for security bugs. The price offered, based on the number of other programmers competing for the money, seemed just about right, maybe slightly low. On the other hand, the rewards are enough that it DEFINITELY makes sense for me to spend the time and hassle reporting bugs that I happen to notice while I'm using and configuring the software. So based on what I saw, there is enough competition on both sides to have prices tend toward reasonable numbers.
I noticed that a lot of companies don't have bug-bounty programs yet, though many do. It reminds me of 15 years ago when a lot of sites had referral programs, but most did not. That changed when third parties including CCBill made it easy to add a referral program. I suspect many more companies will add bug-bounty programs when they don't have to develop and manage the system themselves. If they can just buy or subscribe to an easy-to-use software package for running it, and maybe let the third party vendor handle payments, it will become much more common.
I use a few Java programs on my desktop, which has 16GB of RAM. One program I use is a little editor / mini-IDE for microcontrollers which have 4k of memory. While writing these 4K programs, Java will largely lock up the machine for 30 seconds, probably while it's doing GC.
You seem to be suggesting that 16GB of RAM isn't enough to edit kilobytes of text. Is that what Java fans generally think? In the meantime, I'm programming in simple, effective languages that work quite well with 250,000 times less memory.
Yahoo, or any other email provider, doesn't need access to the private key to SEND encrypted email. Someone who wishes to receive encrypted email publishes their PUBLIC key. The message is encrypted with the public key. Yahoo can automatically check popular key servers and if the recipient publishes a private key, offer a one-click option to encrypt the email. Because the recipient publishes a key, that pretty much advertises that they know how to read a message sent with their key. They don't need Yahoo's help on the receiving side. So sending encrypted email is no problem. There are some details to get right, but no fundamental problem.
Now let's consider reading encrypted email via webmail. It has been pointed out that the obvious implementation would be to use JavaScript to do the decryption. Maybe the Yahoo team will come up with something more clever, but let's assume they don't. In that case, it's been pointed out that Yahoo could replace the encryption JavaScript for targeted users, at specific times. That's true until someone releases a browser plug-in that checks the hash of the script, but there is still a big gain. Until then, Yahoo could be ordered to intercept SPECIFIC, TARGETED users. As opposed to today, when Yahoo can be ordered to provide a tap for NSA to collect ALL emails. Getting rid of that bulk collection capability is a big win.
Note that if the FISA court did order Yahoo to switch out the JavaScript, the likelihood that would be detected would be proportional to how often they did it. If they did it once, they'd almost surely get away with it. If they did it all the time, they'd almost surely be caught. So they'd want to use it rarely, saving it for high value targets in order to keep it secret. That's actually exactly what I WANT for a widely deployed technology. The ideal, I think, would be that the technical details are such so that the government can't read everyone's email, but in special cases a proper court can authorize reading Osama bin Laden's email and the technology allows that to happen only rarely. So this actually comes pretty close to the ideal, assuming that NSA wants to keep the Yahoo hack secret and therefore rarely uses it.
There is an interesting philosophical question when it comes to US citizens.
> if there is enough evidence to arrest them I'm sure the foreign government will do so.
Suppose Richard Reid, the shoe bomber, had escaped to Iran. Should we not declare that we don't want him on any US-bound airliners? I know I don't want a known terrorist on the same plane _I_ am on. Would Iran arrest him for us? Maybe.
We do know that at least SOME of the people on the no fly lists HAVE been arrested for terrorism related offenses. They did their time and got out, or one juror felt there wasn't proof beyond a reasonable doubt. There might still be enough evidence to say we don't want them flying on on an airliner, without even going through US security first.
Again, the other list, the terrorism watch list, is much more concerning to me, especially because of the number of people on it.
You ask "why would they" sign up for a notification service that costs $120 / year. I suppose it's like just about any other online purchase - it comes down to the reputation of the seller. Why would you buy a computer on Dell.com, when you can't see the product before you buy it? You'd make that decision based on Dell's reputation, and any previous dealings you had with the company.
The companies who were our customers knew we had a very solid reputation for providing excellent security solutions, and on forums other professionals they know would report that our service worked well for them. When we identify a compromised account, we tell the owner of the sites which account(s) are known to be compromised and where we found the compromised account information if it's being publicly traded on a cracker board. Also we provide tools they can use to analyze activity on the account and see for themselves that people in Russia and China are trying to use the account or whatever.
A customer uses this service and tools and it works well for them. Six months later, someone in a Slashdot posts asks "how can I can tell if my site's password database has been compromised?" Other Slashdot users reply "the tools 'raymorris' supplies worked well for me". So pretty much like any other online purchase.
That's true, and funny. It does remind me of another, more well-known "almost got it" attack. For MD5 collisions you keep adding data to the end, getting closer and closer to a match. In fact, that's how the whole hack works. You can't know what will match, but you can generate something that is closer to match. Keep getting closer to match until you happen to actually match.
We used to provide a similar service to web sites. We had many millions of compromised accounts. We didn't offer any services to consumers. The companies who were our customers knew we had a very solid reputation for providing excellent security solutions, and on forums other webmasters they know would report that our service worked well for them. That was sufficient that most customers would add that service or not based on what I recommended for their particular site. In general, on a site making over $5,000 / month it might make sense to spend $5 / month on the extra security. For sites making less than $1,000 / month, I'd suggest they put their limited resources elsewhere and check back in a year. In between, it depends on the type of site. Some are attacked more than others, and a compromise is likely to be more costly on some than on others.
A Billion dollar security firm won't sign up for a $120 per year service to see the data behind the breach? It must be highway robbery unlike most AV products which charge the same $$$ per year for little in return.
Indeed, we used to operate a similar service, and many companies were excited to sign up at just $49 / year. Often, the bad guys get the entire password database, so being alerted to that right away is valuable. I designed our system many years ago and it was somewhat expensive to operate. Crackers compromise new sites every day, so you have to be constantly finding and processing newly compromised accounts. Over time, it became more costly to cover a smaller percentage of compromised accounts, so we advised more and more sites not to buy it, until at some point we just stopped offering the service pending a redesign.
Using different types of resources that are available now, it's possible to run such a system more efficiently. I have a design in mind, but I haven't implemented it yet. If I do, it will likely be priced pretty close to $120 / year. We won't make crazy profits at that price point because it'll cost us $2,800 / year to operate. We'll need about 25 sites to sign up just to break even, and that doesn't include the time spent developing the new system. For a site with $300,000 / year in revenue, $120 will be a great value. For a site with $3,000 / year in revenue, it wouldn't make sense for them to get it.
He went on about it for a while, so it's not a case of mispeaking, of saying the wrong word. When he said commercial companies aren't allowed to use open source software, I think he meant exactly what he said. That's a lie, of course, but it certainly seems he knew what he was saying.
A vote might well go 48% - 52% or something like that. BallmeBallmeer can swing it from 48/52 to 51/49. Ballmer's 3% share is enough to swing many, if not most, votes.
> If you don't have enough evidence to arrest somebody, how do you justify putting them on the [no fly] list in the first place?
That's a question I'd like answered. I did find out that about 280 people on the list are US residents or citizens, so that gives us some sense of the level of threat required. Many more people have the same name as someone on the list, and therefore have to go through extra hassle. The number of people on the no fly list doubled in 2012.
> That is right up there with seizing and selling off assets before you even get a conviction
If there is actual evidence then arresting them makes even more sense. The only reason to put them on a no-fly list would be if you are trying to arrest them, and just want to ensure they don't blow up a plane before you get a chance to do so.
Doing a few minutes of research, I learned that the no fly list doesn't actually stop them from flying. It's a list of people not allowed to fly INTO the US, or out of the US. It doesn't apply to domestic flights. I would say that a nation has the right to deny entry for any reason whatsoever. I don't have to justify why I don't invite someone into my house, and the US doesn't have to justify why we don't invite a certain person into the country. Not letting people leave is a little different. However, it seems that most often no-fly people are indeed arrested if they try to leave the country, so apparently there is cause for arrest - law enforcement would have preferred to wait longer before arresting them.
Based on what I've learned this morning, it seems the process needs improvement, particularly in regard to false positives, but there probably are about 280 people who really SHOULD be on that list. The other list, the terrorism watch list, is much, much larger.
PS, you are correct that he's a major shareholder. He controls more shares than Bill Gates, enough to swing any shareholder vote, thereby giving him de facto control of the board of directors and the company.
Quoting Ballmer:
If you use any open-source software, you have to make the rest of your software open source
He went on to claim software written for or by the government shouldn't be open source because commercial companies are not allowed to use open source software.
The parent company says open source is "a cancer". The subsidiary he works for says open source is what MS does, sign a NDA and you can see the documentation. Also, the subsidiary says, open source is when MS buys a trade group to have their patented format voted as a standard.
Under DMCA, trading in circumventing protection measures is unlawful. The scope has some mechanism that controls access to the copyright protected software on the scope. Circumventing that is a DMCA violation, absent an exclusion.
That has nothing whatsoever to do with the copyright of the owner's manual. The circumvention is unlawful because DMCA says circumvention is unlawful, period. It's not that it is unlawful because it uses a number that is also mentioned in the owner's manual. The owner's manual doesn't matter - circumvention is unlawful because DMCA says so.
DMCA isn't that long of a law, if you care to simply read it and see what it says. You seem to be perfectly capable of reading and thinking about what you read.
If you were a lawyer, you might start by reading the law (statute).
102 . Subject matter of copyright: In general...
b) In no case does copyright protection... extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery from http://www.copyright.gov/title...
Also 499 U.S. 340, 345 "[n]o author may copyright his ideas or the facts he narrates."
If the wording of the statutes are unclear, you would look at how the court has interpreted it. Feist v Rural was a Supreme Court case in which someone made an unauthorized copy of somebody else's phone directory. A list of phone numbers is simply facts, not a work of original authorship, the defendant claimed, and the court agreed. http://en.wikipedia.org/wiki/F...
Most hardware sold last year can run QT, and does not run Microsoft.net. "already been fought, and won, by Microsoft". How exactly is having a minority (and falling) market share "won"?
Copyright doesn't give them control over a fact. "The SKU for feature X isyyyyyyyy" is a fact, and therefore not protectable. If hackaday had copied and pasted paragraphs of prose from the manual, that would have been copyright infringement because copyright protects a unique expression.
If the manual had a table of SKU numbers and the article had a list, there's no copyright infringement because it's a different, unique expression.
I hate to say it, and I know this will go against the common feeling here, but I think TFS misses the point. Misses by some distance, actually. Timothy McVeigh wasn't, to my knowledge, associated with any recognized terrorists organizations. That doesn't mean he shouldn't have been on a list of people the FBI is concerned about. Whether or not they are known to be a member of a known terrorist group isn't the important question. (Note also the difference between "we don't know which group they are affiliated with" vs "we know they aren't communicating with any group"). If someone is acting like a terrorist, such as buying explosives on the black market, the government should probably make a note of that fact, regardless of what groups they are associated with or not associated with.
The information in the report that is more concerning to me is that they have added 430,000 names to the "terrorist-related" database in the last four years. That sounds like far too many people. I was surprised the report said they REMOVED 50,000 names in those same four years. That's good news. I'm also concerned about the EFFECTS of being in this database. If there were that many people on the no-fly list, that would be troubling, but I don't think that's the case. If a listed person flies to the middle east and back and that triggers a notification to authorities so they can include that information in their larger understanding of what's going on, that's less troubling.
We should be asking "how is this list used?" and "what ARE the criteria to be put on this list?" Those, I think, are more important questions than "how many act alone or in small groups, as opposed to recognized organizations?"
Given Obama's approval ratings, the odds strongly favor the republicans in 2016. Hopefully you'll like Jeb Bush better than you liked GW Bush. As for me, I'm not real confident in any of the major contenders, so I'm aiming to minimize the damage they are allowed to do. Maybe the next president will be stay busy covering up the fact that they're getting sexual favors from the subordinates and not have time to screw things up too much.
There is a lot of crap worth complaining about, and I think you've missed it if you're complaining about CCE. How exactly is CCE a "fuck due process law"? A defendant is indicted, tried by jury. The jury concludes the evidence shows that beyond a reasonable doubt, the defendant directed multiple felonies. Where exactly is due process missing?
With very few exceptions, I don't think refinements to the details like exactly what counts as a catch have changed how the game is played much. A receiver tries to catch a ball today the same way they tried to catch it in 1970. The skill hasn't changed. It's possible that an attempted catch might be ruled a fumble today and incomplete 40 years ago, but that changes what the officials do. The player will still do the exact same thing - reach out and try to get control of the ball.
Of course there are exceptions, primarily changes related to player safety, where it's now against the rules to do certain dangerous things.
I guess my fingers didn't believe it could be true and autocorrected what I told them to type.
It's interesting that the Microsoft announcement is MORE support for Mac and LESS support for Windows.
You seem to be confusing two totally different things. Mac users had a perfectly working version of Skype. Microsoft broke what had already been working, by changing the network protocol and turning off the existing servers. Skype worked fine on Mac, then one day Microsoft starting rejecting EXISTING clients, and it's still broken today.
You seem to be confusing that vs writing NEW versions of applications for unpatched operating systems. Apple is saying "if you want the new features in new versions of the application software, download the OS update." What Microsoft did was cut off existing versions that worked just fine.
Another point that may be confusing if you're unfamiliar of anything outside of Microsoft's ass crack - updating OSX means downloading a free update, not paying hundreds of dollars and completely wiping the machine like you tend to do in Windows. My 2008 Mac Pro has the latest version of OSX and the Apple applications. I didn't pay them a thousand dollars to update the OS, the Office suite, the mail client, etc. I just click "yes" to install the free update. It's not that hard.
So with this latest announcement, Microsoft is saying they'll support Windows more and Mac less. What a strange world.
> can't help but think "bug bounties" aren't proper capitalism since there's little competition.
I'm not sure quite what you mean here. Just the other day I looked over a list of bug bounty programs to see if it might mange sense for me to analyze some of the software specifically for the purpose of collecting bounties. There were quite a few companies offering bounties, competing for my services analyzing their software. Based on what I saw, there is a reasonable amount if competition on that side, many buyers of bugs.
One company I saw has a bug bounty program sells software that I use on a daily basis and occasionally debug. I've sent them patches and suggestions before, outside of any bug-bounty program. Looking at the rewards offered, it seemed to me that it _might_ make sense for me to analyze certain software for security bugs. The price offered, based on the number of other programmers competing for the money, seemed just about right, maybe slightly low. On the other hand, the rewards are enough that it DEFINITELY makes sense for me to spend the time and hassle reporting bugs that I happen to notice while I'm using and configuring the software. So based on what I saw, there is enough competition on both sides to have prices tend toward reasonable numbers.
I noticed that a lot of companies don't have bug-bounty programs yet, though many do. It reminds me of 15 years ago when a lot of sites had referral programs, but most did not. That changed when third parties including CCBill made it easy to add a referral program. I suspect many more companies will add bug-bounty programs when they don't have to develop and manage the system themselves. If they can just buy or subscribe to an easy-to-use software package for running it, and maybe let the third party vendor handle payments, it will become much more common.
I use a few Java programs on my desktop, which has 16GB of RAM. One program I use is a little editor / mini-IDE for microcontrollers which have 4k of memory. While writing these 4K programs, Java will largely lock up the machine for 30 seconds, probably while it's doing GC.
You seem to be suggesting that 16GB of RAM isn't enough to edit kilobytes of text. Is that what Java fans generally think? In the meantime, I'm programming in simple, effective languages that work quite well with 250,000 times less memory.
There are two ways this can work well.
Yahoo, or any other email provider, doesn't need access to the private key to SEND encrypted email. Someone who wishes to receive encrypted email publishes their PUBLIC key. The message is encrypted with the public key. Yahoo can automatically check popular key servers and if the recipient publishes a private key, offer a one-click option to encrypt the email. Because the recipient publishes a key, that pretty much advertises that they know how to read a message sent with their key. They don't need Yahoo's help on the receiving side. So sending encrypted email is no problem. There are some details to get right, but no fundamental problem.
Now let's consider reading encrypted email via webmail. It has been pointed out that the obvious implementation would be to use JavaScript to do the decryption. Maybe the Yahoo team will come up with something more clever, but let's assume they don't. In that case, it's been pointed out that Yahoo could replace the encryption JavaScript for targeted users, at specific times. That's true until someone releases a browser plug-in that checks the hash of the script, but there is still a big gain. Until then, Yahoo could be ordered to intercept SPECIFIC, TARGETED users. As opposed to today, when Yahoo can be ordered to provide a tap for NSA to collect ALL emails. Getting rid of that bulk collection capability is a big win.
Note that if the FISA court did order Yahoo to switch out the JavaScript, the likelihood that would be detected would be proportional to how often they did it. If they did it once, they'd almost surely get away with it. If they did it all the time, they'd almost surely be caught. So they'd want to use it rarely, saving it for high value targets in order to keep it secret. That's actually exactly what I WANT for a widely deployed technology. The ideal, I think, would be that the technical details are such so that the government can't read everyone's email, but in special cases a proper court can authorize reading Osama bin Laden's email and the technology allows that to happen only rarely. So this actually comes pretty close to the ideal, assuming that NSA wants to keep the Yahoo hack secret and therefore rarely uses it.
Here's an open FPGA design:
Put a buttload of OR gates in parallel.
Follow them with a buttload of AND gates
There just isn't that much design in a basic FPGA to open up, not that I can see.
There is an interesting philosophical question when it comes to US citizens.
> if there is enough evidence to arrest them I'm sure the foreign government will do so.
Suppose Richard Reid, the shoe bomber, had escaped to Iran. Should we not declare that we don't want him on any US-bound airliners? I know I don't want a known terrorist on the same plane _I_ am on. Would Iran arrest him for us? Maybe.
We do know that at least SOME of the people on the no fly lists HAVE been arrested for terrorism related offenses. They did their time and got out, or one juror felt there wasn't proof beyond a reasonable doubt. There might still be enough evidence to say we don't want them flying on on an airliner, without even going through US security first.
Again, the other list, the terrorism watch list, is much more concerning to me, especially because of the number of people on it.
You ask "why would they" sign up for a notification service that costs $120 / year. I suppose it's like just about any other online purchase - it comes down to the reputation of the seller. Why would you buy a computer on Dell.com, when you can't see the product before you buy it? You'd make that decision based on Dell's reputation, and any previous dealings you had with the company.
The companies who were our customers knew we had a very solid reputation for providing excellent security solutions, and on forums other professionals they know would report that our service worked well for them. When we identify a compromised account, we tell the owner of the sites which account(s) are known to be compromised and where we found the compromised account information if it's being publicly traded on a cracker board. Also we provide tools they can use to analyze activity on the account and see for themselves that people in Russia and China are trying to use the account or whatever.
A customer uses this service and tools and it works well for them. Six months later, someone in a Slashdot posts asks "how can I can tell if my site's password database has been compromised?" Other Slashdot users reply "the tools 'raymorris' supplies worked well for me". So pretty much like any other online purchase.
That's true, and funny. It does remind me of another, more well-known "almost got it" attack. For MD5 collisions you keep adding data to the end, getting closer and closer to a match. In fact, that's how the whole hack works. You can't know what will match, but you can generate something that is closer to match. Keep getting closer to match until you happen to actually match.
We used to provide a similar service to web sites. We had many millions of compromised accounts. We didn't offer any services to consumers. The companies who were our customers knew we had a very solid reputation for providing excellent security solutions, and on forums other webmasters they know would report that our service worked well for them. That was sufficient that most customers would add that service or not based on what I recommended for their particular site. In general, on a site making over $5,000 / month it might make sense to spend $5 / month on the extra security. For sites making less than $1,000 / month, I'd suggest they put their limited resources elsewhere and check back in a year. In between, it depends on the type of site. Some are attacked more than others, and a compromise is likely to be more costly on some than on others.
A Billion dollar security firm won't sign up for a $120 per year service to see the data behind the breach? It must be highway robbery unlike most AV products which charge the same $$$ per year for little in return.
Indeed, we used to operate a similar service, and many companies were excited to sign up at just $49 / year. Often, the bad guys get the entire password database, so being alerted to that right away is valuable. I designed our system many years ago and it was somewhat expensive to operate. Crackers compromise new sites every day, so you have to be constantly finding and processing newly compromised accounts. Over time, it became more costly to cover a smaller percentage of compromised accounts, so we advised more and more sites not to buy it, until at some point we just stopped offering the service pending a redesign.
Using different types of resources that are available now, it's possible to run such a system more efficiently. I have a design in mind, but I haven't implemented it yet. If I do, it will likely be priced pretty close to $120 / year. We won't make crazy profits at that price point because it'll cost us $2,800 / year to operate. We'll need about 25 sites to sign up just to break even, and that doesn't include the time spent developing the new system. For a site with $300,000 / year in revenue, $120 will be a great value. For a site with $3,000 / year in revenue, it wouldn't make sense for them to get it.
He went on about it for a while, so it's not a case of mispeaking, of saying the wrong word. When he said commercial companies aren't allowed to use open source software, I think he meant exactly what he said. That's a lie, of course, but it certainly seems he knew what he was saying.
A vote might well go 48% - 52% or something like that. BallmeBallmeer can swing it from 48/52 to 51/49. Ballmer's 3% share is enough to swing many, if not most, votes.
> If you don't have enough evidence to arrest somebody, how do you justify putting them on the [no fly] list in the first place?
That's a question I'd like answered. I did find out that about 280 people on the list are US residents or citizens, so that gives us some sense of the level of threat required. Many more people have the same name as someone on the list, and therefore have to go through extra hassle. The number of people on the no fly list doubled in 2012.
> That is right up there with seizing and selling off assets before you even get a conviction
If there is actual evidence then arresting them makes even more sense. The only reason to put them on a no-fly list would be if you are trying to arrest them, and just want to ensure they don't blow up a plane before you get a chance to do so.
Doing a few minutes of research, I learned that the no fly list doesn't actually stop them from flying. It's a list of people not allowed to fly INTO the US, or out of the US. It doesn't apply to domestic flights. I would say that a nation has the right to deny entry for any reason whatsoever. I don't have to justify why I don't invite someone into my house, and the US doesn't have to justify why we don't invite a certain person into the country. Not letting people leave is a little different. However, it seems that most often no-fly people are indeed arrested if they try to leave the country, so apparently there is cause for arrest - law enforcement would have preferred to wait longer before arresting them.
Based on what I've learned this morning, it seems the process needs improvement, particularly in regard to false positives, but there probably are about 280 people who really SHOULD be on that list. The other list, the terrorism watch list, is much, much larger.
PS, you are correct that he's a major shareholder. He controls more shares than Bill Gates, enough to swing any shareholder vote, thereby giving him de facto control of the board of directors and the company.
> wasn't talking about open source in general
Quoting Ballmer:
If you use any open-source software, you have to make the rest of your software open source
He went on to claim software written for or by the government shouldn't be open source because commercial companies are not allowed to use open source software.
The parent company says open source is "a cancer".
The subsidiary he works for says open source is what MS does, sign a NDA and you can see the documentation.
Also, the subsidiary says, open source is when MS buys a trade group to have their patented format voted as a standard.
That's the difference.
Under DMCA, trading in circumventing protection measures is unlawful.
The scope has some mechanism that controls access to the copyright protected software on the scope. Circumventing that is a DMCA violation, absent an exclusion.
That has nothing whatsoever to do with the copyright of the owner's manual. The circumvention is unlawful because DMCA says circumvention is unlawful, period. It's not that it is unlawful because it uses a number that is also mentioned in the owner's manual. The owner's manual doesn't matter - circumvention is unlawful because DMCA says so.
DMCA isn't that long of a law, if you care to simply read it and see what it says. You seem to be perfectly capable of reading and thinking about what you read.
> IANAL
If you were a lawyer, you might start by reading the law (statute). ... ... extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery
102 . Subject matter of copyright: In general
b) In no case does copyright protection
from http://www.copyright.gov/title...
Also 499 U.S. 340, 345 "[n]o author may copyright his ideas or the facts he narrates."
If the wording of the statutes are unclear, you would look at how the court has interpreted it. Feist v Rural was a Supreme Court case in which someone made an unauthorized copy of somebody else's phone directory. A list of phone numbers is simply facts, not a work of original authorship, the defendant claimed, and the court agreed.
http://en.wikipedia.org/wiki/F...
The court ruled "In no event may copyright extend to the facts themselves".
http://caselaw.lp.findlaw.com/...
Most hardware sold last year can run QT, and does not run Microsoft.net. "already been fought, and won, by Microsoft". How exactly is having a minority (and falling) market share "won"?
Here's a copy of QT that will run on most of the hardware sold last year:
http://qt-project.org/doc/qt-5...
Where's the .Net that will run on more than a small portion of currently sold hardware?
Copyright doesn't give them control over a fact. "The SKU for feature X isyyyyyyyy" is a fact, and therefore not protectable. If hackaday had copied and pasted paragraphs of prose from the manual, that would have been copyright infringement because copyright protects a unique expression.
If the manual had a table of SKU numbers and the article had a list, there's no copyright infringement because it's a different, unique expression.
I hate to say it, and I know this will go against the common feeling here, but I think TFS misses the point. Misses by some distance, actually.
Timothy McVeigh wasn't, to my knowledge, associated with any recognized terrorists organizations. That doesn't mean he shouldn't have been on a list of people the FBI is concerned about. Whether or not they are known to be a member of a known terrorist group isn't the important question. (Note also the difference between "we don't know which group they are affiliated with" vs "we know they aren't communicating with any group"). If someone is acting like a terrorist, such as buying explosives on the black market, the government should probably make a note of that fact, regardless of what groups they are associated with or not associated with.
The information in the report that is more concerning to me is that they have added 430,000 names to the "terrorist-related" database in the last four years. That sounds like far too many people. I was surprised the report said they REMOVED 50,000 names in those same four years. That's good news. I'm also concerned about the EFFECTS of being in this database. If there were that many people on the no-fly list, that would be troubling, but I don't think that's the case. If a listed person flies to the middle east and back and that triggers a notification to authorities so they can include that information in their larger understanding of what's going on, that's less troubling.
We should be asking "how is this list used?" and "what ARE the criteria to be put on this list?"
Those, I think, are more important questions than "how many act alone or in small groups, as opposed to recognized organizations?"
Given Obama's approval ratings, the odds strongly favor the republicans in 2016. Hopefully you'll like Jeb Bush better than you liked GW Bush. As for me, I'm not real confident in any of the major contenders, so I'm aiming to minimize the damage they are allowed to do. Maybe the next president will be stay busy covering up the fact that they're getting sexual favors from the subordinates and not have time to screw things up too much.
There is a lot of crap worth complaining about, and I think you've missed it if you're complaining about CCE.
How exactly is CCE a "fuck due process law"? A defendant is indicted, tried by jury. The jury concludes the evidence shows that beyond a reasonable doubt, the defendant directed multiple felonies. Where exactly is due process missing?