Let me rephrase: I am suggesting that TI's real concern might be that their -existing- software will be modified. That is cracked in order to give you features you did not buy.
Why would they put in significant features that aren't enabled? The margins are slim enough that not putting the features in in the first place increases profit.
One idea is for the test makers to force test takers to use school issued calculators for the duration of the test.
Easier for the test makers to just specify that only calculators that can't be updated (or otherwise programmed to any great extent) can be used. At the level we're talking, students should be doing the complicated stuff themselves any so that they know what the the elaborate devices are doing for them later on in life.
Do you really think the people authoring and operating malware as sophisticated as this are going to be thwarted by something as mundane as checking an IP address? Not likely.
The effective systems seem to be the ones that use a second factor (sending an SMS to your phone is an excellent example) to verify significant state changes. Logging in is not a significant state change, nor in many ways is paying a regular bill. What's significant is making a payment to a new account, and that has the benefit of being pretty rare which helps people remain appropriately cautious when they receive the callback verification message. (Changing the number to send the SMS to would probably need to be another significant change.)
The net effect is that even if the computer/browser is compromised, the attacker still can't get funds away from you since they can't divert any to an account they control without your knowing about it and manually approving being electronically robbed! (OK, they could use someone else's compromised account that you already trust and so on, but that's getting really elaborate and likely to get spotted early.) Having the hacker seeing how much you're into your overdraft is a much lesser problem.
If a program is written in such a fashion that the average citizen cannot understand it, let alone fix its bugs, their freedom to tinker is damaged.
But the average person can't program because they're no good at putting ideas together in a logical fashion. They just don't think in terms that fit with the mindset necessary to successfully program. The barrier is not legal or social, but rather a fact of nature, so using a FSF doublespeak sloganeering to reason about this won't help.
Now I'm not saying such a system would work for the courts, just affirming what the parent is saying that assholes are the problem and that complex rules don't seem to help.
Actually, it does work. It's done by using laws that state that people must behave "reasonably" (which has a technical legal meaning) rather than trying to enumerate all possible ways that people can be bad. Over time, courts fill out the boundary with case law, of course, but by keeping statute simple, things work out reasonably practical (and determinations will often come down to "was he being a bigger dick than the other guy?").
Though you can also blame T-Mobile for locking down the Sidekick in such a way that there is no other viable backup solution!
That's definitely the real issue, and such crappiness also used to happen before there were cloud storage providers. Lay the blame where it belongs: with the people who were selling the overall service that the end-user was getting without taking adequate measures to ensure its reliability.
Google care to about the extent that you're paying them (modulo the contract terms, which are usually not very good for cheap contracts TBH) and to about the extent that giving you crappy service would result in bad publicity.
In other words, normal for an external contractor.
You can have cloud infrastructure providers who provide stronger guarantees of service. They'll be more expensive because you are paying for those guarantees. A lot of people seem to prefer cheaper contracts and to either bear the risk themselves (or potentially by insurance) or to use multiple cheap providers and hope that the risks are independent. (For example, if a mysterious alien race destroyed all power generation capacity in the US, you'd be screwed even with multiple distributed providers, but the probability of that actually happening is low.)
If your data is important then you take it's storage seriously. Sometimes that means you host it yourself, sometimes it means you get someone else to host it for you.
Sometimes it also means getting multiple someones to host it for you and checking that they're not actually sharing the same hardware on the backend.
How much effort you put into this depends on how much you really care. If you're not willing to at least put some money in, frankly you're not going to get a good service and shouldn't be too surprised if things go "Poof!" at an awkward time. All a data cloud does is allow you to avoid having to have one provisioned datacenter yourself (a nice benefit for many people).
It varies by jurisdiction; I believe that in Germany it's considered impossible for an end-user to violate a patent. It's necessary also to distinguish between practice and what the law says, since it's possible for a user's actions to be against the law and for prosecuting authorities to say that they won't take action for reasons of public policy.
Well there is one difference. Cloud computing and virtual servers are to computers what keychains are to keys, it enables you to lose everything at once.
It's not really a difference. With home-grown datacenters you still have that risk unless you do something like building multiple redundant buildings in different locales and managing some kind of replication and backup strategy. But then all of that stuff is the same with going to a Cloud provider, except you're not having to futz around with the physical facilities yourself.
There's no magic. All we're seeing is stupid people getting burned because they didn't use basic due diligence.
If all I'm saying is "I'm a video game web forum" then my visitors don't need anything more than "I'm using the same self-signed certificate I used the last time".
Frankly, a video game web forum doesn't need encryption except for the matter of identifying users, and something like OpenID could be used for that.
How do you forge a bit? Isn't that like forging an electron, the number 3 or a number with 100,000 digits?
Don't be silly. Forging bits is a bit like forging ink drops: nonsense. But money and documents can be forged nonetheless, and so can forging of digital entities (e.g., forging a digital signature).
OTOH, the issue isn't creating a new recording and claiming it is a real one (which is what forging is about) but rather unauthorized creation of perfect copies of a real entity. There's no attempt to pretend that it is authentic (or otherwise).
The "whole web" is not just S3 - it's your computer, and every other one on the internet. The original plan was to have all computers serve as both clients and servers in a true peer-to-peer network.
The original plan for the web also assumed that everyone was a good person, a scientist working at a major lab or university, and that they had a (relatively) powerful computer on their desk. It's not exactly worked out that way! It's turned out that making all machines fully addressable isn't possible (well, not with IPv4), and that too many machine owners don't have the skills to keep all their systems secure enough to stop malicious people from causing damage. Inevitably, this leads to the current client/server technical model, though in terms of information creation and consumption, things are far more democratic than was feared. (OK, lots of stuff on Facebook, Twitter and Myspace is total dross, but for many people those are a definite solution to the sorts of information publication activities they want to partake in.)
Don't be too beholden to "original plan"s. Changing things for good reasons happens a lot.
Meanwhile, though, S3's storage is pretty expensive for that sort of data on a consumer level, at $150 per month for 1TB of storage. For those prices, on any sort of lengthy term, I can easily justify the time and expense of putting together my own network backup solution (parking a cheap NAS box over at a friend's house, for instance), and still have enough cash left over to build a second one so that the same friend can back his stuff up to a NAS box at my house.
So don't buy storage space on S3. Simple. End of story.
Of course, if you're making use of more of S3's functionality (e.g., the data's online and so accessible from anywhere) then the price starts to look a lot better, and the fact that its a replicated geographically-distributed data store so you don't have a huge worry about the data becoming inaccessible when Bad Things Happen... that's when it goes from looking expensive to cheap and easy. But not everyone needs that, and it is up to you to make your own mind up; we can't do it for you.
Seriously, this is the stupidest fucking story I've ever read. AT&T oversold their infrastructure, and now they have three choices:
1: Do nothing[...] 2: Raise prices to drive down demand [...] 3: Invest [...]
They could also stop allowing new iPhones to be connected and throttle bandwidth to existing devices to allow them to all get at least a fair share.
Not that I believe they'll do that. My bet is on #1 with a little #3 - doing (almost) nothing and and keeping investment as low as it is possible to get away with. It's short-sighted and just what Wall Street likes (plenty of dividends and/or capital gains), so that's what will happen.
It seems like one way out for Microsoft would be to make one more revision to the CRT's malloc/free machinery, and have it *directly* calls GlobalAlloc and GlobalFree, then put the optimizations that used to be in malloc() into GlobalAlloc, the latest version of which is automatically used by all applications.
Not really. Memory management code typically works in two stages, using a coarse and fairly slow allocator provided by the OS (GlobalAlloc and GlobalFree in this case) that will provide new pages to the fine-grained allocator (what malloc et al provides an interface to) which does small block reuse and the like so turning a slow coarse thing into a much faster fine-grained thing. It is a good thing that stuff works this way, because OSes really shouldn't have to operate at the fine-grained level (doing context switches for every tiny object allocation would suck mightily) but it does mean that you have these memory management arenas hanging around in user space.
On all Unixes, there's (usually[*]) one memory allocator and it works pretty well. On Windows... they've got a problem. (If only they'd factored out the memory manager into a separate system DLL that is only ever updated rarely and not redistributed, this problem would have never happened...)
[* Some apps do use custom stuff that external code needs to care about. If they do, they expose an interface to let the third-party code deal with things sanely. ]
actually...the max energy density is 1 planck energy unit in a sphere of diameter of 1 planck length
Sure, but in what reference frame? Lorenz contraction (or the GR equivalent) makes things tricky. And in fact, this is one of the areas where combining GR and QM becomes awkward; trying to combine the two always goes wonky because the theories aren't compatible and once we know how to do the combination... that's the Theory of Everything.
They look very real and If I did use those banks, I would have been tempted to click...
But if you're a pedant about spelling and grammar, you'd have noticed that the messages had obvious errors in (for some reason, criminals just can't seem to comprehend how to write coherent English) and been alert anyway. If a large business is going to send you communications, they will take care to ensure that it is spelt correctly and that the sentences are constructed in the right way; they have whole marketing departments that are fixated on that sort of thing...
It's actually a lot cheaper to build a (multi-) million-dollar supercomputer to filter/analyze day to day internet traffic than to actually send goons out with $5 wrenches to beat the information out of hundreds of millions of people (on a daily basis).
They mostly do traffic analysis, watching not what you're saying but where you're saying it and who you're saying it to, and such things are much harder to defeat (TOR is immediately suspicious, and apparently fairly easy to watch in practice). They only send the goons out when they really want to decrypt a message, and by that point they're probably doing a lot of physical surveillance too.
I heard that relatively small colliders were likely going to pass the LHC's top energy using a waveform collapsing technique. Or did that turn out to be bogus?
As I understand it (IANAPP) it's not bogus, but it's very difficult to do. It's also much more difficult to use that technique (plasma wakefield acceleration, according to wikipedia) to accelerate antimatter since creating an anti-matter plasma is stupidly difficult anyway, so it's better suited for accelerators that use a stationary target.
What [WB] have done is to persuade MySpace to refuse to stream his work.
What matters is whether they've done so under oath. If not, what WB said doesn't count for jack shit in terms of takedown-ness. If they did say it under oath, it's (potentially) a crime. (No, I'm not sure which particular one.)
This is why you should not send false takedown notices.
Not all places allow time off for good behavior. I don't know much about the penal code in UK where he was being held, but it is seems he got no extra time added to his sentence as a result of this.
Given the length of his original sentence, the usual level of time-off-for-good-behaviour would be 1/3. He won't be eligible for that now. Any charges from this will be processed at the normal rate for such things; no idea what the baseline tariff for such an additional crime is.
If anyone is an idiot in this situation, I think the prison officials absolutely deserve that title.
Sure, but doesn't mean that the perp should be unpunished. Someone else screwing up doesn't give you a free pass to do wrong...
I understand there is an obvious clause in the US patent system, but it is so hard to meet that criteria that it basically doesn't exist.
The problem with software patents is exactly that the USPTO seems to have a wildly different standard of obviousness to everyone else. This has lead to far too many software patents being issued, and that's made waters far too muddy for anyone trying to develop software; it's become impossible to determine yourself whether or not you infringe any relevant patents (and the courts are a bad and expensive way to do it).
If a strong obviousness test had been implemented all along, then the whole situation would have been different. (Maybe not better - we don't live in that world - but definitely less legally treacherous.)
Slashdot Mirror
In Europe the Mac is still an obscure machine for desktop publishing.
But their laptops are definitely taking over, at least in academic settings.
Let me rephrase: I am suggesting that TI's real concern might be that their -existing- software will be modified. That is cracked in order to give you features you did not buy.
Why would they put in significant features that aren't enabled? The margins are slim enough that not putting the features in in the first place increases profit.
One idea is for the test makers to force test takers to use school issued calculators for the duration of the test.
Easier for the test makers to just specify that only calculators that can't be updated (or otherwise programmed to any great extent) can be used. At the level we're talking, students should be doing the complicated stuff themselves any so that they know what the the elaborate devices are doing for them later on in life.
Do you really think the people authoring and operating malware as sophisticated as this are going to be thwarted by something as mundane as checking an IP address? Not likely.
The effective systems seem to be the ones that use a second factor (sending an SMS to your phone is an excellent example) to verify significant state changes. Logging in is not a significant state change, nor in many ways is paying a regular bill. What's significant is making a payment to a new account, and that has the benefit of being pretty rare which helps people remain appropriately cautious when they receive the callback verification message. (Changing the number to send the SMS to would probably need to be another significant change.)
The net effect is that even if the computer/browser is compromised, the attacker still can't get funds away from you since they can't divert any to an account they control without your knowing about it and manually approving being electronically robbed! (OK, they could use someone else's compromised account that you already trust and so on, but that's getting really elaborate and likely to get spotted early.) Having the hacker seeing how much you're into your overdraft is a much lesser problem.
If a program is written in such a fashion that the average citizen cannot understand it, let alone fix its bugs, their freedom to tinker is damaged.
But the average person can't program because they're no good at putting ideas together in a logical fashion. They just don't think in terms that fit with the mindset necessary to successfully program. The barrier is not legal or social, but rather a fact of nature, so using a FSF doublespeak sloganeering to reason about this won't help.
Now I'm not saying such a system would work for the courts, just affirming what the parent is saying that assholes are the problem and that complex rules don't seem to help.
Actually, it does work. It's done by using laws that state that people must behave "reasonably" (which has a technical legal meaning) rather than trying to enumerate all possible ways that people can be bad. Over time, courts fill out the boundary with case law, of course, but by keeping statute simple, things work out reasonably practical (and determinations will often come down to "was he being a bigger dick than the other guy?").
What is your suggestion for people who don't know how to back up their own data?
Learn to do it yourself or hire someone who does know how.
Though you can also blame T-Mobile for locking down the Sidekick in such a way that there is no other viable backup solution!
That's definitely the real issue, and such crappiness also used to happen before there were cloud storage providers. Lay the blame where it belongs: with the people who were selling the overall service that the end-user was getting without taking adequate measures to ensure its reliability.
Yep, but consider this:
Google doesn't care about your university.
You did. Or at least should've ;)
Google care to about the extent that you're paying them (modulo the contract terms, which are usually not very good for cheap contracts TBH) and to about the extent that giving you crappy service would result in bad publicity.
In other words, normal for an external contractor.
You can have cloud infrastructure providers who provide stronger guarantees of service. They'll be more expensive because you are paying for those guarantees. A lot of people seem to prefer cheaper contracts and to either bear the risk themselves (or potentially by insurance) or to use multiple cheap providers and hope that the risks are independent. (For example, if a mysterious alien race destroyed all power generation capacity in the US, you'd be screwed even with multiple distributed providers, but the probability of that actually happening is low.)
If your data is important then you take it's storage seriously. Sometimes that means you host it yourself, sometimes it means you get someone else to host it for you.
Sometimes it also means getting multiple someones to host it for you and checking that they're not actually sharing the same hardware on the backend.
How much effort you put into this depends on how much you really care. If you're not willing to at least put some money in, frankly you're not going to get a good service and shouldn't be too surprised if things go "Poof!" at an awkward time. All a data cloud does is allow you to avoid having to have one provisioned datacenter yourself (a nice benefit for many people).
noncommercial use of patents is free.
[citation needed]
It varies by jurisdiction; I believe that in Germany it's considered impossible for an end-user to violate a patent. It's necessary also to distinguish between practice and what the law says, since it's possible for a user's actions to be against the law and for prosecuting authorities to say that they won't take action for reasons of public policy.
Well there is one difference. Cloud computing and virtual servers are to computers what keychains are to keys, it enables you to lose everything at once.
It's not really a difference. With home-grown datacenters you still have that risk unless you do something like building multiple redundant buildings in different locales and managing some kind of replication and backup strategy. But then all of that stuff is the same with going to a Cloud provider, except you're not having to futz around with the physical facilities yourself.
There's no magic. All we're seeing is stupid people getting burned because they didn't use basic due diligence.
If all I'm saying is "I'm a video game web forum" then my visitors don't need anything more than "I'm using the same self-signed certificate I used the last time".
Frankly, a video game web forum doesn't need encryption except for the matter of identifying users, and something like OpenID could be used for that.
How do you forge a bit? Isn't that like forging an electron, the number 3 or a number with 100,000 digits?
Don't be silly. Forging bits is a bit like forging ink drops: nonsense. But money and documents can be forged nonetheless, and so can forging of digital entities (e.g., forging a digital signature).
OTOH, the issue isn't creating a new recording and claiming it is a real one (which is what forging is about) but rather unauthorized creation of perfect copies of a real entity. There's no attempt to pretend that it is authentic (or otherwise).
The "whole web" is not just S3 - it's your computer, and every other one on the internet. The original plan was to have all computers serve as both clients and servers in a true peer-to-peer network.
The original plan for the web also assumed that everyone was a good person, a scientist working at a major lab or university, and that they had a (relatively) powerful computer on their desk. It's not exactly worked out that way! It's turned out that making all machines fully addressable isn't possible (well, not with IPv4), and that too many machine owners don't have the skills to keep all their systems secure enough to stop malicious people from causing damage. Inevitably, this leads to the current client/server technical model, though in terms of information creation and consumption, things are far more democratic than was feared. (OK, lots of stuff on Facebook, Twitter and Myspace is total dross, but for many people those are a definite solution to the sorts of information publication activities they want to partake in.)
Don't be too beholden to "original plan"s. Changing things for good reasons happens a lot.
Meanwhile, though, S3's storage is pretty expensive for that sort of data on a consumer level, at $150 per month for 1TB of storage. For those prices, on any sort of lengthy term, I can easily justify the time and expense of putting together my own network backup solution (parking a cheap NAS box over at a friend's house, for instance), and still have enough cash left over to build a second one so that the same friend can back his stuff up to a NAS box at my house.
So don't buy storage space on S3. Simple. End of story.
Of course, if you're making use of more of S3's functionality (e.g., the data's online and so accessible from anywhere) then the price starts to look a lot better, and the fact that its a replicated geographically-distributed data store so you don't have a huge worry about the data becoming inaccessible when Bad Things Happen... that's when it goes from looking expensive to cheap and easy. But not everyone needs that, and it is up to you to make your own mind up; we can't do it for you.
Seriously, this is the stupidest fucking story I've ever read. AT&T oversold their infrastructure, and now they have three choices:
1: Do nothing[...]
2: Raise prices to drive down demand [...]
3: Invest [...]
They could also stop allowing new iPhones to be connected and throttle bandwidth to existing devices to allow them to all get at least a fair share.
Not that I believe they'll do that. My bet is on #1 with a little #3 - doing (almost) nothing and and keeping investment as low as it is possible to get away with. It's short-sighted and just what Wall Street likes (plenty of dividends and/or capital gains), so that's what will happen.
It seems like one way out for Microsoft would be to make one more revision to the CRT's malloc/free machinery, and have it *directly* calls GlobalAlloc and GlobalFree, then put the optimizations that used to be in malloc() into GlobalAlloc, the latest version of which is automatically used by all applications.
Not really. Memory management code typically works in two stages, using a coarse and fairly slow allocator provided by the OS (GlobalAlloc and GlobalFree in this case) that will provide new pages to the fine-grained allocator (what malloc et al provides an interface to) which does small block reuse and the like so turning a slow coarse thing into a much faster fine-grained thing. It is a good thing that stuff works this way, because OSes really shouldn't have to operate at the fine-grained level (doing context switches for every tiny object allocation would suck mightily) but it does mean that you have these memory management arenas hanging around in user space.
On all Unixes, there's (usually[*]) one memory allocator and it works pretty well. On Windows... they've got a problem. (If only they'd factored out the memory manager into a separate system DLL that is only ever updated rarely and not redistributed, this problem would have never happened...)
[* Some apps do use custom stuff that external code needs to care about. If they do, they expose an interface to let the third-party code deal with things sanely. ]
actually...the max energy density is 1 planck energy unit in a sphere of diameter of 1 planck length
Sure, but in what reference frame? Lorenz contraction (or the GR equivalent) makes things tricky. And in fact, this is one of the areas where combining GR and QM becomes awkward; trying to combine the two always goes wonky because the theories aren't compatible and once we know how to do the combination... that's the Theory of Everything.
They look very real and If I did use those banks, I would have been tempted to click...
But if you're a pedant about spelling and grammar, you'd have noticed that the messages had obvious errors in (for some reason, criminals just can't seem to comprehend how to write coherent English) and been alert anyway. If a large business is going to send you communications, they will take care to ensure that it is spelt correctly and that the sentences are constructed in the right way; they have whole marketing departments that are fixated on that sort of thing...
It's actually a lot cheaper to build a (multi-) million-dollar supercomputer to filter/analyze day to day internet traffic than to actually send goons out with $5 wrenches to beat the information out of hundreds of millions of people (on a daily basis).
They mostly do traffic analysis, watching not what you're saying but where you're saying it and who you're saying it to, and such things are much harder to defeat (TOR is immediately suspicious, and apparently fairly easy to watch in practice). They only send the goons out when they really want to decrypt a message, and by that point they're probably doing a lot of physical surveillance too.
I heard that relatively small colliders were likely going to pass the LHC's top energy using a waveform collapsing technique. Or did that turn out to be bogus?
As I understand it (IANAPP) it's not bogus, but it's very difficult to do. It's also much more difficult to use that technique (plasma wakefield acceleration, according to wikipedia) to accelerate antimatter since creating an anti-matter plasma is stupidly difficult anyway, so it's better suited for accelerators that use a stationary target.
What [WB] have done is to persuade MySpace to refuse to stream his work.
What matters is whether they've done so under oath. If not, what WB said doesn't count for jack shit in terms of takedown-ness. If they did say it under oath, it's (potentially) a crime. (No, I'm not sure which particular one.)
This is why you should not send false takedown notices.
Not all places allow time off for good behavior. I don't know much about the penal code in UK where he was being held, but it is seems he got no extra time added to his sentence as a result of this.
Given the length of his original sentence, the usual level of time-off-for-good-behaviour would be 1/3. He won't be eligible for that now. Any charges from this will be processed at the normal rate for such things; no idea what the baseline tariff for such an additional crime is.
If anyone is an idiot in this situation, I think the prison officials absolutely deserve that title.
Sure, but doesn't mean that the perp should be unpunished. Someone else screwing up doesn't give you a free pass to do wrong...
I understand there is an obvious clause in the US patent system, but it is so hard to meet that criteria that it basically doesn't exist.
The problem with software patents is exactly that the USPTO seems to have a wildly different standard of obviousness to everyone else. This has lead to far too many software patents being issued, and that's made waters far too muddy for anyone trying to develop software; it's become impossible to determine yourself whether or not you infringe any relevant patents (and the courts are a bad and expensive way to do it).
If a strong obviousness test had been implemented all along, then the whole situation would have been different. (Maybe not better - we don't live in that world - but definitely less legally treacherous.)