How in the world can there be a right to repair/improve when anything that modifies the internals of a copyrighted work is a derivative work?
For instance, a modification to a car ECU would not "deal with it through its APIs" (there aren't any API, it's not meant to be accessed by developers!) and would "get its dirty fingers over the ECU internals" (since there is surely no nice external interface to modify the behavior). So there goes the right in that respect.
Similarly for any attempt to improve nearly any non-extensible closed system. In fact, now that I think about it, this means there is a very high incentive for a company that wishes to lock tinkerers out to design things to be as closed and rigid as possible. The lack of configurability will means that anyone wishing to tinker will need to 'modify the internals' and the closed nature of the system means there will no API to deal with. Both of those factors will increase the chance that any aftermarket modification is a derivative work and thus empower the company to bar its distribution without license.
It would be very unfortunate if our system incentivized this sort of engineering by conferring additional rights based on engineering details about API and configurability.
No no no no no. The world has become collectively $1.48 billion poorer by allocating those resources poorly. Sure, those $1.48B did actually go to leasing offices and buying ping pong tables or whatever, and that money went to perfectly good businesses supplying those things, but on a larger scale it was not spent in the best possible way.
Anyway, that's always the nature of progress -- humanity tries things, some succeed, many fail. Iridium spent billions on a satellite network that no one wanted, those billions were wasted because they could have been spent on something that people actually did. Many shops open, only some of them stay open. Many people put oil to canvas or ink to paper, only a few become successful artists and authors.
This is good news. Any system that doesn't produce some faction of failure is almost certainly playing it way too safe and not taking the kind of risks that, overall, increase the average return even if they increase the variance of return.
Could we do a better job not funding idiotic startups? Probably. Should we? Maybe not, if it means losing out on the next Intel or Google.
Since you say that GRSecurity is 'definitely' a derivative work, and since you know about a million times more than I do, let's accept that claim as a fact for a moment.
GRSecurity is primary distributed as a set of patches which modify the Linux kernel's operation in various ways. The end user takes those patches and combines them with the kernel to achieve the desired (or maybe not, doesn't matter). According to your claim, they are not permitted to do so without license from the original work (the kernel).
The implications of this claim seem to be very broad and, to me, undesirable. It would seem to indicate that people would not be free to build and share aftermarket enhancements for any commercial product that contains a creative element (that is eligible for copyright) without license from the company that produced it.
For instance, Subaru sells a car containing an ECU, and no doubt that Subaru retains copyright in the code that runs in that ECU. Joe and his friends develop a software patch for this ECU in order to improve the characteristics of their automobile or to make it compatible with some other usage or accessory. According to your claim, this is a derivative work (it patches the ECU software, the ECU software is copyright) and so if Joe distributes this patch without license from Subaru, he is liable for infringement.
Or for another example, a company sells an electronic microscope to Janice's school. Janice and her friends patch the software running on the microscope to improve the noise reduction algorithm or increase the maximum frame rate. Janice wishes to distribute this improvement to other students. Again, the same story.
So much then for Janice and Joe's right to tinker with the software running on their devices then.
[ For what it's worth, if I were writing the law instead of describing it, I would avoid this entire mess and make it clear that a patch or modification on an existing work that does not itself any part of the original is not derivative. It's just a set of instructions for how the rightful possessor of the originator work can change it, nothing more. ]
If they never officially believed that they supported it, they probably never QAed it. So now they have a choice to greatly expand the amount of QA coverage (since they basically have to run every test case against every combination of formatted drives) or just fix it not to pretend to support the thing they didn't test.
Why is it that American law permits clauses in contracts that deny people access to the law of the land?
That's incendiary phrasing. You could ask why does British law forbid people the right to designate an arbitrator to resolve disputes. Both would be formulations of the question that do not shed light on the tension between two goals: giving people the power to determine their own arrangements versus ensuring that those arrangements are not contrary to public policy. Those two goals are non-orthogonal.
To make it more concrete (and over-simplified), let's say that Alice hires Bob to write and deploy some software. They have a good description of the project and agree on a price of $25,000. Both parties foresee a dispute over whether Alice delivered: Bob fears the software won't be delivered as promised, Alice fears that she'll deliver but Bob will refuse to pay. But both understand that going to court ridiculous because the 'cost' of dispute resolution in the courts will destroy their margin. So they both trust Charles and designate him as an arbitrator and write a clause that says "Charles will be the arbiter of any disputes we have and we are agree not to sue each other over it".
Now, here's the rub, let's suppose both Alice and Bob believe that Charles is not as accurate of a dispute resolver than the courts. This is true even if Bob believes that Charles is partial to Alice instead of being neutral. It might still be rational to him because the expected additional loss (e.g. the conditional probability that there is a dispute and that Charles rules in a biased way against him multiplied by the expected judgement) is actually less than the expected additional loss if it was litigated in court (e.g. the conditional probability that there is a dispute and Bob has to pay a lawyer hourly fees).
So in England, this arrangement is (apparently) not allowed -- Alice and Bob are not free to designate Charles as the binding arbitrator and instead have to resolve any disputes through the expensive court system even when a worse system might be better for them. This has certain perversities: the courts can take a long time, which for a freelancer waiting to get paid can be near fatal. If Bob has in-house counsel, he suffers little from dragging this out and raising every possible legal/factual dispute since he's not paying hourly for the lawyers but Alice is. No matter what happens, both sides will pay more than is reasonable to resolve disputes under a $25,000 contact.
At the same time, the US system has perversities. Maybe the arbitrator is biased and Bob ends up having to pay $25,000 for an unstable software deliverable that doesn't meet any of the requirements. Maybe all the freelancers (or all the purchasers) require a particular set of arbitrators such that you can't buy (or sell) services without being bound by some biased arbitrator.
In the end, the point I'm trying to (at length) get to here is that dispute resolution is a non-trivial thing to deliver, especially for contracts where a lay person would have difficulty assessing the performance of the contract (after all, it's pretty easy to understand whether a fence was installed, not so easy to understand why a custom POS system freezes once a day). And the more you 'over engineer' the dispute resolution to make it more reliable, the more it costs and the more inaccessible you make it to Alice and Bob that have a piddly $25,000 contract.
Really, you want a Federal act about science education? Are you sure partner? Maybe I should rephrase it to avoid arguing against a unicorn, you want James Inhofe, Randy Weber (Chairman House subcommittee on energy) and the rest of them to be in charge of science curriculum?
I am straining my brain to think of any possible way in which this is a good idea.
This is governed by the Administrative Procedures Act, which has specific judicially-enforceable rules about the manner in which the agencies can make rules. Among the more mundane requirements of the APA are things like public notice-and-comment periods. More germanely to the instant case, is that if an agency has formally adopted a rule (with all the rigmarole that goes with it, the agency cannot just turn around and repeal it a good reason. And even if it does, it must go through some of the same procedures.
Part of the motivation for this process is practical: regulated industries ought to have stability in the rules and it's needlessly inefficient to be churning them all the time. That is to say, even if the rule is unfavorable to a particular company, it's better to be able to know and plan than to be facing constant uncertainty. At the same time, part of the motivation is political: Congress sought to limit the Executive branch as part of its prerogative -- a President of either party that can either instantly adopt or repeal new rules would upend the balance of power.
So yeah, the EPA doesn't have authority under the APA to start implementing something contrary to the formal rule that they have adopted.
"The more you know, the more you learn; the more you learn, the more you can do; the more you can do, the more the opportunity." Richard Hamming
Hamming was right. Even at a conservative "interest rate" from this compounding knowledge, an extra hour of work a day will lead, over the course of a decade, to an enormous amount of additional productivity. Far more than you would think just by taking the extra hour as linear addition.
I saw this when I was an academic, you'd have some students stay just a bit longer in the day to get things set up to run an additional experiment or simulation overnight and then immediately have the result first thing in the morning. Meanwhile, others would get in and start the experiment and then be unproductive for a few hours while it ran. I see it in the tech industry, some folks would stay the extra hour to debug or really grok something, then later they'd be able to immediately see what's wrong or what tools could be used.
Burnout is a different thing than compounding productivity gains. I've normally seen burnout where a grad student or an employee is behind and is constantly chasing the puck but not getting more done than anyone else. Occasionally it will be due to working on a team with huge technical debt where there is never an opportunity to get into the virtuous cycle of learning more than enables you to do things more efficiently because you are putting out fires. In other cases I've seen it where people have started into a project that is Not Going To Workâ (possibly because they didn't grok the problem space to begin with) and keep banging their heads against it.
[ And, of course, this probably only applies to those in the "knowledge" business. Flipping burgers or driving a bus for an extra hour isn't going to make you any more productive in the future, sadly. I mean, I wish it were so -- we'd have a single employee making $30/hr easily doing 10x the kitchen work of a random high school student at a fast food joint. ]
Actually, I currently work for zero wages as a volunteer. The fact of the matter is that I can work for an hourly wage of $0 and I can work for any amount in the range $8.90-\infty, but I cannot legally work for any amount between $0 and $8.89.
To be perfectly honest, this doesn't hurt me one whit. When I was working full time, it was a (well-)salaried professional, I don't need a stipend from the volunteer organizations to get by -- even if it was literally just offsetting the cost of volunteering like paying bus fare and a sandwich lunch.
OK, be realistic. The oil-powered plant doesn't rev up and down outside our control and so doesn't cause temporary situations where load and supply don't match well.
Solar is the future, but you don't have to be daft and say that the transient nature of the energy it produces isn't a problem we have to resolve.
the three server flaws require the attacker be authenticated in order to exploit.
That's the good news and the bad news. It's good because it means script kiddies aren't going to be drive-by-exploiting every old unpatched DD-WRT, and that generally many of us will be kinda safe.
It's bad news because it's a huge deal both for VPN providers (kind of the obvious case) but also in the context of giving an attacker with RCE on a single client a huge vector to move laterally throughout a corporate network. I'm sure the original audit focused the majority of attention on the authentication code, but that leaves the rest of the threat model under audited.
On the one hand, yes, it's a deliberate cheat. This is clearly motivated by a desire to excel in synthetic testing with no real world justification at all. It is clearly the duty of people submitting to the test not to do such things.
On the other, it is (IMHO, YMMV, $0.02) the duty of the people performing the test to think about these things and perform an analysis as close to the "real world" scenario as possible. That doesn't excuse cheaters one bit to say that this is a laughable "test".
Moreover, there are two positive improvements from making your test even a little bit more realistic. The lesser of the two is that it deters or at least raises the bar for cheaters. The greater is that the test now accurately reflects the actual outcome and so distinguishes from designs/submissions that are incidentally better at the test even if the designer wasn't cheating. In other words, the larger the variance between the synthetic and the actual, the larger percentage of inputs will randomly perform better at one than the other.
There's no hypocrisy to say that we've learned that both parties need to up their game here -- Audi in the ethics department and the testing agencies in the not-being-a-sucker department.
Did you miss the part where Microsoft patched this 2 months ago and the only people being infected are the ones that are grossly (even negligently) behind?
I honestly don't care about whether you blame the NSA for developing an exploit or not reporting it earlier. At this junction, however, 100% of the blame lies with these IT departments that can't get their shit patched.
I'm not sure how your mortgage is structured, but mine definitely is a fixed-term note that cannot be "called in" or otherwise demanded immediately.
In fact, there's literally not anything that either side can do to modify the exact terms of what is due when, except for my right to accelerate the payments to the bank.
I think the point is that, if you're going to work a lower-wage job that's easily replaceable by anyone else that knows how to drive (or whatever else the next gig economy thing is), the least society could do in terms of non-monetary compensation is to offer you the flexibility that we can afford by having a huge pool of replacements. At this wage
In other words, it's not enough to just look at wages. I'm well-paid but there are other non-monterary components of my jobs.
Now consider people in the same wage range as Uber drivers -- baristas at Starbucks, retail clerks, administrative assistants, office managers. Not quite as low as fast-food but also not excellent salaried jobs like yours.
Those people might in fact value the same kind of flexibility you have, and so far we have not been able to create working structures for them that provide anything like it. The idea that you could drop in to for your retail job whenever you feel like it is absurd.
So it doesn't seem like too much of a stretch to think that they would want what you already have.
...unfortunately taking to the high court will mean loss against a major corporation no matter how fanciful the interpretation has to be by the high court
Actually, in the current term, businesses wins against non-business petitioners a little under 2/3rds of the time[1]. So your conception of "no matter how fanciful" is at least a few orders of magnitudes off of the facts.
[1] Epstein, Landes and Posner, How Business Fares in the Supreme Court, 97 Minn. L. Rev. 1431 (2013) PDF.
I think you're missing something important, which is the value of being able to work whenever you damn-well feel like it and take a vacation whenever you damn-well feel like it and not be accountable to anyone else's schedule.
Let's do an experiment, take a worker in any other sector: retail/food/engineering/medicine, you name it. Now tell that person that they are going to move to a system where they can chose when to go to work and when to leave, with 15-minute granularity and no advance notice whatsoever. Of course, their wages will scale only with the time they actually spend working. Now ask them what that sort of flexibility would be worth to them.
Want to take the afternoon off to watch your nephew's baseball game -- it costs you exactly one afternoon of wages. Want to take the weekend to attend your college friend's wedding -- it costs you exactly one weekend of wages. Want to sign out of your job for 3 months while you backpack SE Asia and then come back and continue like nothing happened -- it costs you exactly 3 months of wages.
I'm quite fortunate that my boss is understanding, and I could probably do the above if we weren't swamped with work and if it wasn't too overlapped with my teammates (6-person team, so 2 of us leaving for the same week would be bad but not fatal). Most workers, especially in retail/food sectors closest in wage level to Uber can't dream of it. If your boss at Starbucks says you work on Saturday, your sister's birthday party will just have to wait (or you can swap).
Hell, even with my understanding boss and cushy job, I would absolutely love an arrangement where I make my pro-rated salary for every week (!) I want to work and can take unlimited pro-rated vacation without a single thought.
Time for a refresher on the current state* of speech restrictions promulgated by government-as-employer. I think most people would understand that, when acting as an employer, the government has significantly more latitude than it would against a private citizen. At the same time, most people would understand that this lattitude has bounds of its own.
So cribbing the major part of the link above (but do read the whole thing), the place that the court put that balance* is that the government may not fire an employee based on the employeeâ(TM)s speech if (all of):
1. the speech is on a matter of public concern
2. the speech is not said by the employee as part of the employeeâ(TM)s job duties
3. the damage caused by the speech to the efficiency of the government agencyâ(TM)s operation does not outweigh the value of the speech to the employee and the public
The application of these three standards to the instant case I think weighs in favor of the employee, but ultimately that's a fact-bound decision that would require reviewing what his or her job duties are, what the topic and contents of the tweets were and what sort of proof the government produces about the harm to the agency.
* Note: This is the current state of the law as it is, not the law as I wish it to be. You could say that this is the praxis of the law, not the truth of it. I have no beef with people that wish argue about what the law ought to be or what is a more correct interpretation of it. They may even be right and the practice of it currently wrong (it's surely happened many times in the past), that does not change what is currently practiced.
Slashdot Mirror
for(size_t i = 0; i
Wtf? Of course you mean
for(auto const & i : itemList )
How in the world can there be a right to repair/improve when anything that modifies the internals of a copyrighted work is a derivative work?
For instance, a modification to a car ECU would not "deal with it through its APIs" (there aren't any API, it's not meant to be accessed by developers!) and would "get its dirty fingers over the ECU internals" (since there is surely no nice external interface to modify the behavior). So there goes the right in that respect.
Similarly for any attempt to improve nearly any non-extensible closed system. In fact, now that I think about it, this means there is a very high incentive for a company that wishes to lock tinkerers out to design things to be as closed and rigid as possible. The lack of configurability will means that anyone wishing to tinker will need to 'modify the internals' and the closed nature of the system means there will no API to deal with. Both of those factors will increase the chance that any aftermarket modification is a derivative work and thus empower the company to bar its distribution without license.
It would be very unfortunate if our system incentivized this sort of engineering by conferring additional rights based on engineering details about API and configurability.
No no no no no. The world has become collectively $1.48 billion poorer by allocating those resources poorly. Sure, those $1.48B did actually go to leasing offices and buying ping pong tables or whatever, and that money went to perfectly good businesses supplying those things, but on a larger scale it was not spent in the best possible way.
Anyway, that's always the nature of progress -- humanity tries things, some succeed, many fail. Iridium spent billions on a satellite network that no one wanted, those billions were wasted because they could have been spent on something that people actually did. Many shops open, only some of them stay open. Many people put oil to canvas or ink to paper, only a few become successful artists and authors.
This is good news. Any system that doesn't produce some faction of failure is almost certainly playing it way too safe and not taking the kind of risks that, overall, increase the average return even if they increase the variance of return.
Could we do a better job not funding idiotic startups? Probably.
Should we? Maybe not, if it means losing out on the next Intel or Google.
Hi Bruce,
Since you say that GRSecurity is 'definitely' a derivative work, and since you know about a million times more than I do, let's accept that claim as a fact for a moment.
GRSecurity is primary distributed as a set of patches which modify the Linux kernel's operation in various ways. The end user takes those patches and combines them with the kernel to achieve the desired (or maybe not, doesn't matter). According to your claim, they are not permitted to do so without license from the original work (the kernel).
The implications of this claim seem to be very broad and, to me, undesirable. It would seem to indicate that people would not be free to build and share aftermarket enhancements for any commercial product that contains a creative element (that is eligible for copyright) without license from the company that produced it.
For instance, Subaru sells a car containing an ECU, and no doubt that Subaru retains copyright in the code that runs in that ECU. Joe and his friends develop a software patch for this ECU in order to improve the characteristics of their automobile or to make it compatible with some other usage or accessory. According to your claim, this is a derivative work (it patches the ECU software, the ECU software is copyright) and so if Joe distributes this patch without license from Subaru, he is liable for infringement.
Or for another example, a company sells an electronic microscope to Janice's school. Janice and her friends patch the software running on the microscope to improve the noise reduction algorithm or increase the maximum frame rate. Janice wishes to distribute this improvement to other students. Again, the same story.
So much then for Janice and Joe's right to tinker with the software running on their devices then.
[ For what it's worth, if I were writing the law instead of describing it, I would avoid this entire mess and make it clear that a patch or modification on an existing work that does not itself any part of the original is not derivative. It's just a set of instructions for how the rightful possessor of the originator work can change it, nothing more. ]
If they never officially believed that they supported it, they probably never QAed it. So now they have a choice to greatly expand the amount of QA coverage (since they basically have to run every test case against every combination of formatted drives) or just fix it not to pretend to support the thing they didn't test.
Indeed. But as I understand, in the UK, even the former arrangement would be unenforceable.
Why is it that American law permits clauses in contracts that deny people access to the law of the land?
That's incendiary phrasing. You could ask why does British law forbid people the right to designate an arbitrator to resolve disputes. Both would be formulations of the question that do not shed light on the tension between two goals: giving people the power to determine their own arrangements versus ensuring that those arrangements are not contrary to public policy. Those two goals are non-orthogonal.
To make it more concrete (and over-simplified), let's say that Alice hires Bob to write and deploy some software. They have a good description of the project and agree on a price of $25,000. Both parties foresee a dispute over whether Alice delivered: Bob fears the software won't be delivered as promised, Alice fears that she'll deliver but Bob will refuse to pay. But both understand that going to court ridiculous because the 'cost' of dispute resolution in the courts will destroy their margin. So they both trust Charles and designate him as an arbitrator and write a clause that says "Charles will be the arbiter of any disputes we have and we are agree not to sue each other over it".
Now, here's the rub, let's suppose both Alice and Bob believe that Charles is not as accurate of a dispute resolver than the courts. This is true even if Bob believes that Charles is partial to Alice instead of being neutral. It might still be rational to him because the expected additional loss (e.g. the conditional probability that there is a dispute and that Charles rules in a biased way against him multiplied by the expected judgement) is actually less than the expected additional loss if it was litigated in court (e.g. the conditional probability that there is a dispute and Bob has to pay a lawyer hourly fees).
So in England, this arrangement is (apparently) not allowed -- Alice and Bob are not free to designate Charles as the binding arbitrator and instead have to resolve any disputes through the expensive court system even when a worse system might be better for them. This has certain perversities: the courts can take a long time, which for a freelancer waiting to get paid can be near fatal. If Bob has in-house counsel, he suffers little from dragging this out and raising every possible legal/factual dispute since he's not paying hourly for the lawyers but Alice is. No matter what happens, both sides will pay more than is reasonable to resolve disputes under a $25,000 contact.
At the same time, the US system has perversities. Maybe the arbitrator is biased and Bob ends up having to pay $25,000 for an unstable software deliverable that doesn't meet any of the requirements. Maybe all the freelancers (or all the purchasers) require a particular set of arbitrators such that you can't buy (or sell) services without being bound by some biased arbitrator.
In the end, the point I'm trying to (at length) get to here is that dispute resolution is a non-trivial thing to deliver, especially for contracts where a lay person would have difficulty assessing the performance of the contract (after all, it's pretty easy to understand whether a fence was installed, not so easy to understand why a custom POS system freezes once a day). And the more you 'over engineer' the dispute resolution to make it more reliable, the more it costs and the more inaccessible you make it to Alice and Bob that have a piddly $25,000 contract.
Really, you want a Federal act about science education? Are you sure partner? Maybe I should rephrase it to avoid arguing against a unicorn, you want James Inhofe, Randy Weber (Chairman House subcommittee on energy) and the rest of them to be in charge of science curriculum?
I am straining my brain to think of any possible way in which this is a good idea.
This is governed by the Administrative Procedures Act, which has specific judicially-enforceable rules about the manner in which the agencies can make rules. Among the more mundane requirements of the APA are things like public notice-and-comment periods. More germanely to the instant case, is that if an agency has formally adopted a rule (with all the rigmarole that goes with it, the agency cannot just turn around and repeal it a good reason. And even if it does, it must go through some of the same procedures.
Part of the motivation for this process is practical: regulated industries ought to have stability in the rules and it's needlessly inefficient to be churning them all the time. That is to say, even if the rule is unfavorable to a particular company, it's better to be able to know and plan than to be facing constant uncertainty. At the same time, part of the motivation is political: Congress sought to limit the Executive branch as part of its prerogative -- a President of either party that can either instantly adopt or repeal new rules would upend the balance of power.
So yeah, the EPA doesn't have authority under the APA to start implementing something contrary to the formal rule that they have adopted.
"The more you know, the more you learn; the more you learn, the more you can do; the more you can do, the more the opportunity." Richard Hamming
Hamming was right. Even at a conservative "interest rate" from this compounding knowledge, an extra hour of work a day will lead, over the course of a decade, to an enormous amount of additional productivity. Far more than you would think just by taking the extra hour as linear addition.
I saw this when I was an academic, you'd have some students stay just a bit longer in the day to get things set up to run an additional experiment or simulation overnight and then immediately have the result first thing in the morning. Meanwhile, others would get in and start the experiment and then be unproductive for a few hours while it ran. I see it in the tech industry, some folks would stay the extra hour to debug or really grok something, then later they'd be able to immediately see what's wrong or what tools could be used.
Burnout is a different thing than compounding productivity gains. I've normally seen burnout where a grad student or an employee is behind and is constantly chasing the puck but not getting more done than anyone else. Occasionally it will be due to working on a team with huge technical debt where there is never an opportunity to get into the virtuous cycle of learning more than enables you to do things more efficiently because you are putting out fires. In other cases I've seen it where people have started into a project that is Not Going To Workâ (possibly because they didn't grok the problem space to begin with) and keep banging their heads against it.
[ And, of course, this probably only applies to those in the "knowledge" business. Flipping burgers or driving a bus for an extra hour isn't going to make you any more productive in the future, sadly. I mean, I wish it were so -- we'd have a single employee making $30/hr easily doing 10x the kitchen work of a random high school student at a fast food joint. ]
Actually, I currently work for zero wages as a volunteer. The fact of the matter is that I can work for an hourly wage of $0 and I can work for any amount in the range $8.90-\infty, but I cannot legally work for any amount between $0 and $8.89.
To be perfectly honest, this doesn't hurt me one whit. When I was working full time, it was a (well-)salaried professional, I don't need a stipend from the volunteer organizations to get by -- even if it was literally just offsetting the cost of volunteering like paying bus fare and a sandwich lunch.
You really sure employees are going to work for a steel mill that pays them "sometimes"?
OK, be realistic. The oil-powered plant doesn't rev up and down outside our control and so doesn't cause temporary situations where load and supply don't match well.
Solar is the future, but you don't have to be daft and say that the transient nature of the energy it produces isn't a problem we have to resolve.
'Probably' isn't relevant here. This isn't a civil case; it's a criminal case where the standard of proof is 'beyond reasonable doubt'.
Some states have a civil speeding infraction as well, with a criminal charge possible for excess or reckless speed. Example: MI, MA
Some states have only criminal speed offenses. Example: CA, IL
the three server flaws require the attacker be authenticated in order to exploit.
That's the good news and the bad news. It's good because it means script kiddies aren't going to be drive-by-exploiting every old unpatched DD-WRT, and that generally many of us will be kinda safe.
It's bad news because it's a huge deal both for VPN providers (kind of the obvious case) but also in the context of giving an attacker with RCE on a single client a huge vector to move laterally throughout a corporate network. I'm sure the original audit focused the majority of attention on the authentication code, but that leaves the rest of the threat model under audited.
On the one hand, yes, it's a deliberate cheat. This is clearly motivated by a desire to excel in synthetic testing with no real world justification at all. It is clearly the duty of people submitting to the test not to do such things.
On the other, it is (IMHO, YMMV, $0.02) the duty of the people performing the test to think about these things and perform an analysis as close to the "real world" scenario as possible. That doesn't excuse cheaters one bit to say that this is a laughable "test".
Moreover, there are two positive improvements from making your test even a little bit more realistic. The lesser of the two is that it deters or at least raises the bar for cheaters. The greater is that the test now accurately reflects the actual outcome and so distinguishes from designs/submissions that are incidentally better at the test even if the designer wasn't cheating. In other words, the larger the variance between the synthetic and the actual, the larger percentage of inputs will randomly perform better at one than the other.
There's no hypocrisy to say that we've learned that both parties need to up their game here -- Audi in the ethics department and the testing agencies in the not-being-a-sucker department.
And by far the biggest energy saver: Teenage daughter moved and and went to college.
So you're paying $X0,000 per year in tuition to save $Y0/mo on power?
Good deal that :-)
Did you miss the part where Microsoft patched this 2 months ago and the only people being infected are the ones that are grossly (even negligently) behind?
I honestly don't care about whether you blame the NSA for developing an exploit or not reporting it earlier. At this junction, however, 100% of the blame lies with these IT departments that can't get their shit patched.
I'm not sure how your mortgage is structured, but mine definitely is a fixed-term note that cannot be "called in" or otherwise demanded immediately.
In fact, there's literally not anything that either side can do to modify the exact terms of what is due when, except for my right to accelerate the payments to the bank.
... that should not be on the internet.
That's 100% correct.
I think the point is that, if you're going to work a lower-wage job that's easily replaceable by anyone else that knows how to drive (or whatever else the next gig economy thing is), the least society could do in terms of non-monetary compensation is to offer you the flexibility that we can afford by having a huge pool of replacements. At this wage
In other words, it's not enough to just look at wages. I'm well-paid but there are other non-monterary components of my jobs.
I mean, your excellent salaried job is excellent.
Now consider people in the same wage range as Uber drivers -- baristas at Starbucks, retail clerks, administrative assistants, office managers. Not quite as low as fast-food but also not excellent salaried jobs like yours.
Those people might in fact value the same kind of flexibility you have, and so far we have not been able to create working structures for them that provide anything like it. The idea that you could drop in to for your retail job whenever you feel like it is absurd.
So it doesn't seem like too much of a stretch to think that they would want what you already have.
...unfortunately taking to the high court will mean loss against a major corporation no matter how fanciful the interpretation has to be by the high court
Actually, in the current term, businesses wins against non-business petitioners a little under 2/3rds of the time[1]. So your conception of "no matter how fanciful" is at least a few orders of magnitudes off of the facts.
[1] Epstein, Landes and Posner, How Business Fares in the Supreme Court, 97 Minn. L. Rev. 1431 (2013) PDF.
I think you're missing something important, which is the value of being able to work whenever you damn-well feel like it and take a vacation whenever you damn-well feel like it and not be accountable to anyone else's schedule.
Let's do an experiment, take a worker in any other sector: retail/food/engineering/medicine, you name it. Now tell that person that they are going to move to a system where they can chose when to go to work and when to leave, with 15-minute granularity and no advance notice whatsoever. Of course, their wages will scale only with the time they actually spend working. Now ask them what that sort of flexibility would be worth to them.
Want to take the afternoon off to watch your nephew's baseball game -- it costs you exactly one afternoon of wages.
Want to take the weekend to attend your college friend's wedding -- it costs you exactly one weekend of wages.
Want to sign out of your job for 3 months while you backpack SE Asia and then come back and continue like nothing happened -- it costs you exactly 3 months of wages.
I'm quite fortunate that my boss is understanding, and I could probably do the above if we weren't swamped with work and if it wasn't too overlapped with my teammates (6-person team, so 2 of us leaving for the same week would be bad but not fatal). Most workers, especially in retail/food sectors closest in wage level to Uber can't dream of it. If your boss at Starbucks says you work on Saturday, your sister's birthday party will just have to wait (or you can swap).
Hell, even with my understanding boss and cushy job, I would absolutely love an arrangement where I make my pro-rated salary for every week (!) I want to work and can take unlimited pro-rated vacation without a single thought.
Time for a refresher on the current state* of speech restrictions promulgated by government-as-employer. I think most people would understand that, when acting as an employer, the government has significantly more latitude than it would against a private citizen. At the same time, most people would understand that this lattitude has bounds of its own.
So cribbing the major part of the link above (but do read the whole thing), the place that the court put that balance* is that the government may not fire an employee based on the employeeâ(TM)s speech if (all of):
The application of these three standards to the instant case I think weighs in favor of the employee, but ultimately that's a fact-bound decision that would require reviewing what his or her job duties are, what the topic and contents of the tweets were and what sort of proof the government produces about the harm to the agency.
* Note: This is the current state of the law as it is, not the law as I wish it to be. You could say that this is the praxis of the law, not the truth of it. I have no beef with people that wish argue about what the law ought to be or what is a more correct interpretation of it. They may even be right and the practice of it currently wrong (it's surely happened many times in the past), that does not change what is currently practiced.