Slashdot Mirror


User: ledow

ledow's activity in the archive.

Stories
0
Comments
5,597
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,597

  1. Re:No dilemma on Should You Break TOS Because Work Asks You? · · Score: 1

    *Facts* cannot be copyrighted. However, someone else's representation of those facts *can*. You can find out yourself and republish that the weather was cold yesterday, but you can't save the BBC's weather page and put it on your own. Screenscraping is highly dubious at best, as it is using an established source and format for that data. TV listings company regularly sue over people screenscraping their (copyrighted) listings of facts. Assuming the data itself isn't copyrighted (unlikely by the sound of it but you never know), you can't necessarily use any source you like to obtain those facts without opening yourself up to accusations of copyright infringement. If it's prices of certain tickets, fares, products, services, then you are into a massive grey area but it's still not clear that it's legal either, so companies, especially rival companies, or ones planning to use that information as part of their business model, should not be doing it. Their lawyers would throw a fit if they knew. Just off the top of my head, I can name five *recent* cases where this sort of thing has come up and it's gone to court with accusations of copyright infringement, etc. - several online plane ticket companies, several online concert/theatre ticket companies, the aforementioned TV listings, etc. The ones that didn't make it to court either changed their entire website to wipe out that sort of functionality of blacklisted access from the companies in question.

    Republication is just an example, however, copyright applies to lots of action that you think it may not. Technically, even printing an entire downloaded webpage could be classed as infringement. It's quite possible that a court will see "viewing" and "saving" data differently, especially if it's for non-personal use. Don't forget though, even having a picture in your web cache can variously be classed as "downloaded", "a conscious action" and even "creation" of that image. It's a point that you mention yourself. And it is a horribly icky legal quagmire, but that's all the more reason to steer clear. Anyone with brains would take this to the company's legal representative, who would reliably tell you that it's an interesting case and they'll investigate for $X thousand / X amount of hours and would recommend that you don't do anything without checking with them first. Why? Because they're not stupid enough to say it's okay to do it.

  2. Re:No dilemma on Should You Break TOS Because Work Asks You? · · Score: 2, Informative

    Copyright. The copyright holder has the right to do pretty much what they want with their own data. If that means putting up a notice that says "free to view, pay if you want to download", they can do that. Copy an image from a website and then upload it somewhere else, or put it in an advert, or print it out and stick it on your office wall. Chances are you just broke copyright law. You can't do this with anything copyrighted, no matter how easy it is to "technically" do it. Dilbert cartoons, youtube vids, Slashdot comments, it doesn't matter. If it's copyrighted, you *can't* do this.

  3. Re:Why have an ethics dilemma at all? on Should You Break TOS Because Work Asks You? · · Score: 3, Informative

    This is a shortsighted view of the problem here.

    "You're getting paid to do a job, and you're not going to be personally liable should anything go wrong anyway."

    Incorrect. His boss isn't breaking the Terms of Service, he is. When the website in question terminates their access, guess who's gonna get the flak? The person who *implemented* the system, not the one who designed/thought of it, especially if they are non-technical and rely on lower-order technical beings to do things for them.

    Take, for example, a situation that I regularly come across:

    Boss: "It's okay, we'll just copy all these Microsoft CD's and save a fortune on licensing."
    Boss's Boss: "Okay. You know best."
    Boss (to underling): "Copy these CD's"
    Underling in theory: "Okay". Underling in practice: "We *can't* do that."

    When things go wrong, the underling in theory is going to get the blame here, because it's his area of expertise and he *wrote* the system that does it. I get people suggest to me all the time that we could just install another license of Office that we don't own, or we can just copy CD's that have blatant copyright notices on them, or breach a Data Protection Act directive by doing X, or a million and one other things that I *know* we can't do. The people in charge of me barely understand the terms, let alone whether what they are doing is illegal. I have to sit and explain to my boss and my boss's boss why we can't do them. Trust me, if something got noticed, Underling in Theory would get sacked/sued every time.

    "Are you really going to walk out of your job over violating the terms of service of a few web sites?"

    Why not? I get asked to do all sorts of crap and I point it out and say no. If I *chose* to do it instead, then it's a different matter. But when I *refuse* to do something on legal or ethical grounds (we're not just talking ethics here - it also sounds like they have a "subscription" of some kind to the data that they are scraping, or that it's a competitors website) then if you *make* me, I will walk (been there, done that - I've turned down a good career move and more money in order to sleep at night - not that I was being asked to break the law, not that I was being asked to sell my children, but that I was being asked to do things that I didn't agree with [wasting money within a school on useless IT cruft and consultants while the kids didn't have books or paper]). I'll also report you to the BSA or whatever organisation I need to if you really press me, or the local press like I did in the above case (they didn't do anything with it, but I breathed a sigh of relief once I'd sent off the information to them - my part was done and I'd done good by myself - if the press decide to sit on something, that's on *their* conscience, not mine). You don't do illegal stuff if you're honest and your mortgage depends on a wage.

    "It's not your job to worry about the ethics of the situation, that's probably not even your boss's job -- it's somewhere in your corporate legal department, the Board, or an Ethics or HR department perhaps."

    Wrong. Because they won't even *know* what the problem is until it comes up in court and they have it explained to them in excruciating detail. However, someone who decides to do something that's part of their job, within their area of expertise and breaks a law (or even does something a bit stupid) that *they* should know about will get fired/sued by their own company once the shit hits the fan. So your boss *and* you might get sacked - you're still no better off and your employment reference is now a million times worse.

    "just do what you're being paid to do and ask fewer questions."

    It's sad that people think this is a good way to live. He's *being paid* to do his job. Which does not entail questioning his ethics or breaking Terms of Service (even if legally unenforceable) or anything else. His *job* is to stand up and say "Whoa, hold on, we can't do that". If he doesn't do that, he's not doing his job an

  4. Re:Downloading OO does not mean you don't have Off on OpenOffice.org V3.0 Sets Download Record, 80% Windows · · Score: 1

    Like anything else, it's an indicator.

    For instance, I admin school systems - guess how many times we download OpenOffice to install across our entire network, and any other school that might happen to ask for it? Once. From there it's distributed to technicians, schools, parents on CD, etc. And we *do* do it for the price factor. Admittedly, the statistics don't show you much but they are an indicator. What it says is that the "majority" (using a certain measure) of OO users are people who run on Windows but probably don't want to pay for MS Office.

    And I very much doubt anyone who's got MS Office will have OpenOffice if you surveyed the world as a whole, whether it's a free download or not. I'd imagine far less than one percent of MS Office users also have OpenOffice installed. And I would say that the same was true in reverse. If nothing else, novice users are unaware of file associations etc. and they would just think that OO "broke" their Office because it tried to assign itself to ".doc" etc.

    There are, of course, millions of other factors in the "80% Windows" statistic - Linux users are more technically minded, so are more likely to download one copy and distribute. Linux users can get the software through their package managers and OO is included with some distributions which may have a million users so does that count as one download or a million?

    Anyone taking these statistics seriously deserves whatever conclusion they jump to. If you want to know something properly, do a professional survey. However, I don't think that anybody's really intended to take them seriously at all. It's more of an "Oh, that's slightly interesting" statistic.

  5. Re:MD5 is not that broken on Australian Government Censorship 'Worse Than Iran' · · Score: 3, Interesting

    We're a lot more advanced than you might think:

    http://www.win.tue.nl/hashclash/SoftIntCodeSign/

    This generates two programs (actually valid Win32 Executables compiled from source) and modifies them to have the same MD5. So you have "good.exe" and "evil.exe" of your own crafting with identical hashes but VERY different content.

    Let's say you use MD5 to implement a "known good" program list in your software firewall/antivirus program, etc. You've just been compromised because now I can distribute a "good" program that a user allows after they have verified it's authenticity and then I can generate an "evil" program with the same hash that deletes his hard drive.

    MD5 is dead.

  6. Re:Ok, then you do it. on Microsoft to Issue Emergency Patch For File-Sharing Hole · · Score: 0

    Troll?

    The point is that MS didn't make many of those products at all, it just put it's name on them or bought out other products to build upon, and in fact made a bad job of quite a few of them. And a lot of them are or were the laughing stock of their genre for many revisions until they bought enough other companies / actually PUT EFFORT into developing them to make them useful. And an awful lot of them have some terrible problems (usually security ones) and limitations. As examples, let's just take a few of your categories: IE, Frontpage, IIS, Outlook.

    It's because of this "let's do everything with a crappy codebase not designed for it" that they hit such criticism. For example, your first four categories can all be answered with "Linux", or a myriad other OS's. And instead of being a bastardised version of Windows that wasn't suited for the purpose, each targetted version of Linux is ideal and competitive in that space.

    I'm not saying that MS doing all these things is easily replicated, unless of course you were to, say, allow me to have a complete worldwide and at least partially illegal monopoly, to buy decisions and standards and to earn billions of dollars through such questionable channels. Then, probably, it would be much easier for any company with that sort of access to do a MUCH better job.

    All the other channels have equivalents that you'll find in your average Linux (or indeed, Unix) business-based distro, except for the "online" stuff. Not by one company, perhaps, but distributed and developed for free and competitive if not superior.

    It hardly makes MS special that they have lots of software in their portfolio because they DIDN'T invent a lot of those things, or even develop their own versions of them. They bought them, by and large. If the licensing agreements meant that you had to provide attribution for every line of MS code, About dialogs would be ten times as long because of the amount of code they don't develop in-house, but instead buy, license, or just use. Parts of Windows NT were in fact based on BSD code. IE was Spyglass Mosaic that MS licensed. Outlook was MS's own invention, it seems, as was IIS and Frontpage, but how much code was written in-house and how much was libraries, licensed code, etc. from elsewhere? We may never know. A lot of MS games are actually licensed and then have the MS name slapped on them (Ensemble Studios and all their creations, like "Microsoft" Age of Empires, for one example).

    And with the interoperability thing, ever opened an MS Publisher document in a different version of MS Publisher? A lot of MS stuff does *not* interoperate without the right time, effort, patches, etc. applied to the task. The stuff that does won't necessarily interoperate with *anything else* without ten times the effort (e.g. we still don't have any decent AD alternative or stuff that can manage AD fully - there's nothing else that can "be" a complete Windows Domain Controller yet, it's just too hacky and incomplete). The hardest thing to do is to provide *general interoperation*, so that any web server/browser/email client/programming language/server/client can use the full capabilities of the machine. Microsoft fail that. When you have a particular OS and wish to make every bit of software dependent on the OS, it makes stuff *easier*, not harder. You just bodge it because only your apps will ever use that facility.

    I bash Microsoft. So sue me. I don't like their products. I don't need to make something better. It's over on that FTP site that I can download from at any time for free and includes everything I need. No stupid licensing, no interconnectivity problems with the dozens of other OS's available (unless it's *to* a Windows system, and even then you can do most stuff), no stupid "on by default" protocols and options that make things like this so critical. Linux, et al, have their problems, even the same security problems at times. The key is in the stuff that differentiates them from Microsoft, not what they can replicate.

  7. Re:Shout on Handling Caller ID Spoofing? · · Score: 1

    Oh, please do hang up and refuse my business. It actually helps me. I've never had a company do that and I deal with SO many. I once had one threaten too, but then he remembered that one of my first questions was to get his name subtly. Please do hang up, it makes my purchasing decisions *so* much easier (it's part of my job). Long calls cost you money. Guess what? They cost me money and time too and they belong to me, rather than your company and so are much more precious. And irate customers who can't get a satisfactory resolution (even where required by law) and have to take things to more serious venues cost you more. The problem is not your irate customer here, it's the company.

    I'm always very careful to point out that it's the COMPANY I have a problem with, not the person the other end of the phone until that person does do something which they shouldn't do or vice versa. I've never had to ring back, in fact, I've never needed a second phone call (except in the case where the American supplier of my brother's latest PC purchase didn't deliver on time and we redialled the freefone number 487 times, I have the phone bill to prove it, to a "busy" line. We got through eventually, and with some shouting got the PC shipped out in that same hour, with a tracking number so we could check. The PC arrived the next morning. The company went bankrupt the next week. Luckily, neither of us bother with support contracts for personal PC's... That PC is still going strong. We only have it because we shouted - other customers weren't so lucky.).

    And if you think I'm just one of those pain-in-the-butt people who cause problems in order to shout at people, you're wrong. Every single occasion, it's been because of stupid circumstances beyond my control. I hate doing it - shouting at people is for crowd control and emergencies. People in work who've known me for years are shocked when they hear me in full flow because they don't expect it from me, but they admit it gets results.

    Household gas company (actually *British Gas*, the largest supplier in the UK and reknowned for poor customer service) - pre-pay smartcard failed mid-winter just after we'd moved into a new house, we didn't have the electricity switched on by then and because of local bylaws and the size of the house you can't heat it any other way. The card came with an "emergency" credit that lasted all of four hours. They would not provide a replacement card for "anything up to 7 working days, probably an asbolute minimum of 2 days". It was resolved in a matter of hours - MINUTES once through to the right person, who went above and beyond the call of duty to resolve the matter, got a wonderful letter of appraisal and probably got a raise. The circumstance was beyond my control, however. (We did switch gas companies though because I can't guarantee that I'll get hold of that same person if I have a problem in future. Ironically, we now get our gas from an electric company and our electric from a gas company.)

    Bank (which I have never had a customer relationship with) - decided to automatically fax me at home every 8 minutes the internal banking details of all their funds transfers repeatedly over the course of several hours. I don't have a fax machine at home, and the damn thing was on redial-on-fail. Telecoms company intervened (only after the described telephonic persuasion) because the call wasn't traceable via caller ID. I was about two minutes away from hooking up a fax/modem myself and receiving it and that would have been incredibly embarrassing for them.

    As it was, the telecoms company (eventually) captured the fax en-route, phoned the person in charge at the bank with a copy of the fax that they had tried to repeatedly send to me. Within minutes I had a telephone apology from the head of the bank, and was thanked for my "honesty" and was told that the information that was being faxed was highly-sensitive and was being sent to internal numbers with security PIN's that, when dialled externally, connected to

  8. Re:Shout on Handling Caller ID Spoofing? · · Score: 1

    Loud / determined / persistent / annoyed / demanding does not mean abusive.

    This is for AFTER you've been reasonable. Reasonable was phoning the phone company asking for help. The OP can phone again and be reasonable but the chances are he will get every one of the answers in my post. It's only when you start causing a fuss that you get put through. Be reasonable FIRST, by all means (I work that way, because sometimes you hit a nice-but-useless person who will put you straight through to a useful person immediately).

    "Shouting" isn't being abusive. I may have over-exaggerated the fact but basically you don't take no for an answer and keep on and on and on until the poor person on the other end of the phone gives in and gets their supervisor on the line (I actually *know* for a fact that a lot of call centres in my country are NOT allowed to hang up on the customer as a matter of company policy - the customer must hang up first... it causes a lot of problems in a lot of telesales places, and is sometimes an "unofficial" but still pretty prevelant practice).

    If you were to hang up on me (and, like I say, I've done this no end of times to just about every company I've ever had to deal with, at home and at work, and never had anyone even suggest they might hang up on me, let alone actually do it, and my record is currently a 2 hour phone call to get put through to someone... and that was on their "sales" line because their customer service line were too busy to answer) then not only would I be ringing back, but I would have had your name in the first five seconds of the phone call and you WOULD have made things worse for yourself. Some places don't care about such complaints, but I've never dealt with such places.

    I have had a twenty-minute conversation with a customer services agent where I said nothing but "Put me through to your supervisor please" repeatedly after I was told "There is nothing anyone here can do." Twenty minutes later, I'm talking to the supervisor (who, I was told "is on holiday", "isn't in the building", "can't help you", "is in a meeting for the next three hours", etc.) and have the problem fixed the way **I** originally wanted within SECONDS.

    Maybe it's a national thing but in my experience, corporations basically ignore letters that don't have an official letterhead or the word "summons" on them, even sent recorded-delivery. You get a half-arsed, useless reply that doesn't reply to any of your actual questions. And it takes MONTHS for anything to happen. And if anything DOES happen, you'll get a phone call from that same person "who can" to resolve the situation before any written reply could ever appear.

    In the UK, companies are required to give their company address when asked (and there is even a listing from "Companies House" for any company if they don't give it to you). I've had that request refused outright by large companies at least four times - you get a phone number if you're lucky. And yes, I complained AGAIN about that fact at the first opportunity. I was once assured by a head of customer service that, by English law, I couldn't legally return goods for a refund/replacement when they were faulty without a receipt (which is so incorrect, it's laughable). People on phones DO NOT play by the rules unless you cause a fuss, no matter what they might be required to do, no matter how big and fancy the company is. Letters usually do get some kind of half-arsed, legal minimum reply if at all (and I *have* had recorded-delivery letters asking for answers to other more-than-reasonable and legally-required information go unreplied-to).

    But people on phones, when "shouted" at enough, will get you instantaneous feedback on your problems. I get a hundred times the result on a phone than I ever have by letter. I get a hundred times that result again in-person, but I don't do that for anything that isn't worth it. I've never had anyone complain about MY treatment of the agents in question.

    Oh, and if you are in the US, the US really nee

  9. Shout on Handling Caller ID Spoofing? · · Score: 1

    Rule 1: There's no problem so big that it can't be solved by shouting. (In fact, it's pointless numbering it because it's the ONLY rule when dealing with anybody).

      - Shout at the phone company.
      - Shout at the local police (bugger the FBI, the police would be my first port of call)
      - Shout at the FBI.

    They will all tell you there is "nothing" they can do, until you start causing a fuss and they actually SEE what the problem is and start dealing with it. If they don't, then you invoke corollary A...

      - Shout to the press, and let them amplify your voice.

    Get an item in your local paper (at least), raising the parts about little old lady, death threats, innocent party... see how long it takes the phone company to do something then.

    I'd be very surprised if you'd have to go that far. Many's the time that I've been told that there's "nothing" that can be done by a company. Every time, I've got a resolution without even having to hang up the phone (don't fall for the "we'll get someone to call you back"). You just insist they sort the problem out - the first person on the phone will NEVER be able to do anything but there is ALWAYS someone that can, will and does as part of their job.

    Case in point - one winter our pre-pay gas card (that powers all our heating) stopped working and the company told me there was "nothing" that could be done. I'd have to wait X days for a replacement to turn up and pay £8 for it. I start shouting. Nothing offensive, a bit rude at worst and I keep drumming it into the person... "If YOU can't help me, get me someone who can." I wasn't taking no for an answer. Three people and an hour later (after refusing to hang up and wait for them to resolve the problem, be transferred etc.) and I get to someone who not only arranges for a replacement card there but then gets on the phone to the local store (who charge the gas-cards but are otherwise just ordinary stores), TELLS THEM TO STAY OPEN PAST CLOSING TIME until I arrive, and they will give me a new card (with free credit) which I'm supposed to pay £8 for but he makes them waive it. Meanwhile, he gives me his direct phone number, directions to the shop, the shop's phone number and the name of the person he spoke to. He tells me to call him in ten minutes to tell him whether or not I have the card. I run out to the shop, get the card, call him back (and he answers, so he WAS genuine), thank him. Two days later, a small cheque arrives in the post for the hassle.

    Funny, considering according to the first person I spoke to "nobody" could do anything, there was "nothing" that could possibly be done, "even my supervisor can't do that, sir". Absolute tripe. Shout.

    I've had this about once a month for the past five years with banks, shops, call-centres, even furniture stores etc. It's ALWAYS the same story. "My supervisor isn't here." (CRAP!) "Nobody can do that." (Rubbish). "You'll have to call back when X is around." (Tripe). Cause a fuss, don't let them hang up on you, get through to the person who CAN do things (there's ALWAYS one). If all else fails, write a really nasty letter at the same time as you get the local press involved (both bother to threaten - just do it) mentioning that little fact. See how long it takes for a very nice man at the phone company to change her number for free and slip her a small cheque to keep her quiet.

  10. PUE is a rubbish metric for this on Microsoft, Google Battle Over Energy Efficiency · · Score: 5, Interesting

    PUE is a rubbish metric for this. The definition is nothing more than "power at utility meter" / "power used directly by IT kit". There's no account of WHAT that power is doing. Is it running one PC or a thousand? Is it hitting Gigaflops or nanoflops? You could put a laptop without a battery into a datacentre and get a PUE better than someone who has a thousand rackmounts all running at full speed. All PUE measures is the efficiency of the power conversion gear and associated equipment (e.g. UPS, etc.). In fact, UPS is an interesting measure too because the PUE of kit with a UPS would be greatly hindered in PUE stakes even against otherwise identical equipment.

    Now, "Total Teraflops / Power at utility meter" - that's a more accurate metric to be comparing. And I'd guess that there Google's containers would wipe the floor with MS's (unless, of course, some trickery is being done in the TFlops measurement - you would have to carefully define what's needed). And even then, throwing a bucket load of low-power ARM processors running Linux into every square inch possible would probably thrash even Google in those stakes (unless they already do that?).

    If you're going to have a contest over a metric, at least understand the metric and its shortcomings before you start claiming that X is better than Y.

  11. Resolution on DARPA Contract Hints At Real-Time Video Spying · · Score: 4, Insightful

    "The resolution capability of the video systems ranges from four inches to a foot"

    Although impressive to myself, who doesn't keep up with the latest and greatest satellite technology, this is hardly a cause for concern. Imagine yourself from above in four-inch pixels (assuming the accuracy of that statement and that the hardware can *actually* do that in non-laboratory conditions). Maybe a handful of dots total, one or maybe two pixels wide? You'd be able to "spot" a car, but you wouldn't necessarily be able to tell it's make, occupants, etc. You'd be able to spot a person wearing normal clothes in the open air (JUST) but you'd have a hard job telling *how many* people were in that blob of pixels and you'd have no chance at telling *who* they were and if they were adequately camoflauged... no chance. You'd spot more of their shadows, to be honest.

    You *might* be able to spot if a vehicle in the desert does a U-turn if you have an AWFUL lot of processing power and a very limited area to monitor. You might be able to easily spot a rush of tanks on your position. You *might* be able to find some WMD's if they are being moved. But, to be honest, I don't see how this is any better than what the military have now except being "real-time" (which just seems to multiply the costs of everything from the satellite to its maintenance to the radio bandwidth required and the processing power needed with little benefit over "snapshot"-style systems if they are quick enough). Although real-time intelligence like this would have a place, it's hardly Enemy Of The State even if we assume a 2x "liar factor".

    Useful in wartime - no doubt about it. Useful in peacetime - Highly dubious. And for the conspiracy theorists: Useful for spying on the people - No.

  12. It seems a waste on Build a Cheap Media-Reading PC? · · Score: 4, Interesting

    This will be a lot harder than you think. It's not just the problem of keeping that machine running, having software that can use all those arcane formats, fitting it all into a box etc. The problem is that the hardware WILL die, whether it's the computer (which might have to have ISA slots etc. for some peripherals and so will be tricky to replace) or the media readers.

    The method I use for data (and bear in mind that I haven't really bought anything new for a PC in years, so we're talking cheapskate methods) is to get a large hard drive every now and again (Christmas presents, recovered from broken PC's, old ones from work, etc.), and convert the media up to "hard drive" format. Being an emulation fan really helps here... disk images are the way to go. The first time you do it, it's an immense pain because you're swapping media, etc. But then, say your hard drive gets out of date (e.g. IDE vs SATA). You buy a SATA drive and automatically copy across all that old data including your virtual CD ROM images. Then when SATA is out of date, you do the same again.

    Because of the increases in capacity each time, you'll barely notice that you're carrying around 10-15 year old data. I do this properly about every 2 or 3 years (and gradually over time as well), I end up getting a bigger hard drive from somewhere and "upgrading" again. My current PC has six hard drives (two of which are very old ones which I've already copied onto larger ones within the same machine and so can just disconnect them) and about four CD/DVD players (the first was a CD drive, the next was a CD-RW, then a DVD, then a DVD-RW, etc. each one superceding the last). I still have my very first hard drive laying about (it was a 40Mb Connor) and I still have the data that was on that drive on my newest drives.

    Each one of those hard drives in my PC has the complete contents of at least two previous hard drives on it. And I still have the original hard drives (powered off in the base unit, or kept safely somewhere) for extra backup should I need it. It means that I don't lose my files, I never have to "recreate" something I've already done (scripts, programs, documents, etc.) and that I can do a quick search and know that I'm searching in every bit of data I've ever owned. When you KNOW that you saved something but can't remember the filename, when or where, that's a great assurance to have. I also have disk/tape images on every Spectrum game I ever owned, if you want to get silly. It's ridiculous how little space my entire Spectrum software library that took years to build up actually takes on a modern hard drive.

    For peripherals, what I tend to do is wait for a format to establish itself (e.g. USB) and then slowly get all the adaptors I need to run all my old hardware on that format. So I have USB->just-about-everything adaptors. My main PC runs an AT keyboard with a PS/2 adaptor on a USB->PS/2 convertor. Then, when Wireless USB or some other successor comes along, all I need to do is buy a single USB->Wireless USB adaptor and I'm instantly back in business. No new keyboard required, and I have every adaptor necessary to run ANY type of keyboard should I need to. It means that my favourite hardware can last a lifetime (barring failure of the device itself).

    It also makes things incredibly useful when you need to fix/repair/gut older PC's. If someone is still using an old AT PC, I'll have at least one cable/adaptor that will let me pull the data off it somehow, and a few more adaptors to get it working enough with modern hardware (USB, SATA, HDMI, etc.) so that I can get to the point to diagnose the computer if it's broken. If that means a daisy-chain of adaptors because the format is so legacy, so be it. At one point my mouse was a serial one, with a PS/2 adaptor, plugged into USB. I only upgraded because I wanted a scroll wheel. It can happen with everything. For example, I know for a fact that I have enough adaptors to convert a modern PSU (even ones with only SATA connectors but watch out f

  13. Re:*Could* just be random data? on UK Court Rejects Encryption Key Disclosure Defense · · Score: 1

    Silence can be used to "infer" information in a court of law ("No comment" is valid, but the jury are free to take that to mean you did it - this is grossly simplified, there's a lot of caveats).

    However, if from day one you were to DENY having any knowledge of the file/key, then there's not much that can be done. I don't know what that file is. I don't know how it got on my computer. I have no idea who could have put it there. All valid. But "I'm not saying" (or the inference of such by being silent) is just stupid. You might as well stamp "I'm guilty *and* uncooperative" on your head. Sometimes files can get on computers without the owner's knowledge (including, but not limited to, direct attempts at incriminating an innocent person) and to attempt any conviction in that case would be wasteful. However, that type of person would be an idiot to say nothing.

    The fact that the defence in this case rested on self-incrimination probably meant that they were already in a position where they could not deny the existence of, or their knowledge of, the files in question. This means they were caught red-handed and/or they were observed opening the files, or providing the passkey, or it can be proved beyond reasonable doubt that they created the encrypted files and memorised the keys themselves. In that case, all you're doing is obstructing justice, possibly "destroying" or withholding evidence, etc. You'll go down for a long time anyway, and it would have been easier to provide the key and go for plea bargaining to get a lesser sentence.

    I don't pretend to understand self-incrimination laws. But the gross simplifications that most people know of "layman's law" are extremely dangerous and misleading. If they are claiming self-incrimination, it means that they are on their last legal legs. Fortunately, their attempt failed. I can see there being cases where it will / should succeed and also cases where it succeeds where it shouldn't.

    Personally, I see nothing wrong here but I haven't dug up the court transcripts. The defendents are withholding damning evidence that they are clearly in possession of, it seems. Of course they can't actually be forced to give up that evidence but they can be "punished" for not playing ball with the courts, in the same way that a lawyer/policeman burning that evidence would be. The only question in the case is whether the court has reasonable cause to believe the evidence exists and they have access to it. A plea of self-incrimination would be enough for me personally but the courts have to be more rigourous and they still came to the same conclusion.

    The vital parts are:

    1) Do they have access to the key?
    2) Are they intentionally withholding it from a court of law?

    Everything else is bunkum - it doesn't matter if it only protects their private love letters or a handful of MP3's - they should be handing it over or providing a *reason* (not a legal defence on a technicality) why they can't.

  14. Re:What if the actual passphrase was illegal to sa on UK Court Rejects Encryption Key Disclosure Defense · · Score: 1

    The text of a court document which had been deemed protected?

    Anyway, it wouldn't matter. At worst, you would be asked to reveal it in a closed court (i.e. just the judge and lawyers). There's no such thing as a secret in a court case, though they may choose to not disclose the information in public records or with the galleries full of the public if they think it would cause harm (e.g. the name of an underage defendant, or the location of someone who is at risk of vigilantism, trade secrets etc.).

  15. Re:Weasel words on Microsoft's Ethical Guidelines · · Score: 2, Insightful

    More importantly - why bother to write that you'll do something that is a legal obligation anyway (debates about whether MS broke it are irrelevant). If they wrote "Microsoft will not conduct its business in compliance with laws designed to promote fair competition", then they'd be showing intention of breaking the law - there is no other interpretation.

    So what they've stated is basically a statutory requirement of them anyway. This is the sort of things that should warn you off a company - that they "agree" to abide by statutory legal requirements.

    "XYZ Plc. agrees not to mug your granny, charge you false bills, make up their end-of-year returns or sell stolen stock". Of course you bloody do, because you have no legal alternative and to state otherwise would be ludicrous.

    However "XYZ Plc agrees to be a good citizen in the Open Source community" has MUCH, MUCH more weight behind it because it's optional, binding and states an intention, not a requirement.

  16. Re:PDF on OpenOffice.org 3.0 Is Officially Here · · Score: 2, Insightful

    That's not what people want. I get asked endlessly by differnet people in different places for a program which can take in a hundred-page PDF and, for example, change just one word, correct one spelling mistake, etc. Most of the time it's nigh-on impossible to do in a non-technical way when PDF is really no worse a format than a Word document or a Powerpoint presentation. The only real product that can do it reliably is Adobe Acrobat itself, which is prohibitively expensive for such small changes.

    All I want is a program that can take a PDF, change parts of the text, and not have the formatting go to hell. I want "lossless" editing where the PDF I export is identical in quality to the PDF I imported. Inkscape can't do that. OpenOffice's filters look like they can. If they can do that, Adobe will lose an awful lot of money very quickly. There are shareware apps that claim to be able to do it but they inevitably screw even the simplest of documents up.

  17. PDF on OpenOffice.org 3.0 Is Officially Here · · Score: 4, Interesting

    The only thing of any interest, then, is the PDF import/editing/export. Ironic, considering that the ad's on /. for this article seemed to consist mostly of Adobe Acrobat ads...

    But if it really *can* import any PDF, allow basic editing and export, that could really be a boon. Other apps that allow that are either incredibly expensive, horrible to use or just too out-of-date. Does it support "encrypted" PDF's if you have the passwords, etc.? Does it allow image/text editing/extraction from a PDF? If so, then this update would be worth it for that alone.

    The rest is just eye candy and basic bug fixes (e.g. >256 columns in Calc).

  18. Re:I always thought slashdotted was a myth on Pandora Console Ready For Pre-Orders · · Score: 1

    Nope... the run-up to pre-orders (2pm GMT yesterday) was quiet on my site and there was a slight bump in my graphs around and after 2pm, even though gp32x.com had trouble staying up. But the timing of the Slashdot post coincides exactly with a huge surge in traffic to my (pretty unrelated) site. I can't imagine the traffic that's headed their way at the moment.

  19. I always thought slashdotted was a myth on Pandora Console Ready For Pre-Orders · · Score: 4, Interesting

    I always thought that a modern slashdot'ting was a myth due to a poor, database-heavy configuration with insufficient oomph behind the servers. Then some git links to gp32x.com which had one of my GP2X ports as the second item on the front page (outside of the top visible screen). So my two-links-deep, petty news item on something vaguely related to the story (a quick recompile for GP2X) makes my traffic for the month of October (i.e. one day) pass my total traffic for the month of September (30 days) within a matter of hours.

    God knows what temperature gp32x.com is hitting right now. Strangely, though, my adsense hits/clicks read normal. I *knew* I should have released my other port so that I was in the No.1 spot on that site when Slashdot hit...

  20. Re:You're kidding, right? on Best DNS Service With API Access? · · Score: 1

    And the DDoS won't stop the entire service being inaccessible from the outside anyway? DNS is the least of your issues because of DNS caching across the globe. If you're being DDoS'd then you're in trouble anyway... that's not a reason to not run your own DNS or, indeed, to choose an external one. If your DNS host gets DDoS'd, people will still find your IP and get to your services. But if YOU get DDoS'd, there's no service to get to anyway, so it doesn't matter where the DNS is.

    Reliability, reduced support costs, etc. could easily make you choose a third-party over your own DNS but DDoS... that's just picking at straws.

    Personally, I'd roll my own because:

    1) It will mean more control
    2) When something does go wrong YOU can fix it without having to wait.
    3) It provide more incentive to keep the in-house IT teams going.
    4) You're not reliant on a third-party not to go bust, change their API, get DDoS'd, etc.
    5) You can extend it whenever you like, just by slapping in a server someone else in the world and running the same software/config on it.

  21. Re:Authorizing excursions from the sandbox? on Windows 7 Beta Screenshots Leaked · · Score: 1

    "A sandbox per application needs careful design."

    I agree. How many years do you think it should take? We're now on 13 (nearly 14) years of home-based Windows versions that are "designed" for multi-user use and internet access (ha!). There are ways to do everything much more safely than we do currently. I don't pretend to have taken account of everything and there will be things that we can "do" now that we wouldn't be able to do in this theoretical OS (OLE springs to mind) but I'm sure there's a way to do such everything we need to without risk if necessary.

    "To understand the basic problem, first think about this question: How would the user authorize Notepad, Nano, or another text editor to read and write configuration files for an application that belong to the application's virtual user?"

    They don't. When a user wants to edit a configuration file, they first get the file (assuming they have permission to read it which any user authorised to will have) and then that user tells the OS to open that file in program X (a bit like file associations). Then, a *copy* of the config file can go into that program's secured area, run by that program and edited however. It's user-push, not program-pull. The user hands the program the files it needs and ONLY those files. Once the program is done, no doubt it will save the copy (in its "secured" area) and terminate or otherwise inform the OS it's finished with the file, because the user has clicked close for example. The *user* (assuming they have write-permission to the original) then gets the option to copy that file back to the original location (he doesn't need to do anything special, the OS can ask or have been told previously that it's okay, or that it's okay so long as it keeps a backup etc.)

    All this can happen in an enclosed namespace so that Notepad never even knows where the file was stored originally, can't access any other file, and yet has a way to edit priviledged files and return them to the user *IF* the user/OS gives them permission.

    "And how would the system block malware from forging this authorization without blocking legit accessibility tools from helping a user with a disability give the authorization?"

    The authorisation would probably be OUTSIDE the control of any program whatsoever... apart from the specialist OS user itself (the equivalent of SYSTEM users in Windows). That user is the only one with write access to the database that controls what program / user can do what (think /etc/passwd, /etc/group, /etc/shadow etc.). If a user wants to change *their* settings (e.g. password, or control which programs can access their documents etc.) then they can request it of the OS via a library. No program they ever execute will run "as them" (so a malicious program could never access/change a user's password even if executed deliberately by that user)... the OS will control the only programs that can change passwords.

    It's the OS's job to then authenticate that the user that requested such a dangerous change is in fact the user. Passwords entered on keyboard, etc... the usual ways we authenticate a user - but BEYOND an automated program - FORCE password entry on a physical keyboard, FORCE biometrics, FORCE insertion of a particular USB key to authenticate a dialog. Make sure that the only program reading hardware at that point, the only program that can display ANYTHING in the password request area is the OS. If that means freezing ALL tasks that could potentially access the hardware while that goes on, so be it. The OS controls all these things anyway, but we don't enforce its control at the moment. In Windows, anything can pretend to send a key from the keyboard, or click on a Yes button - that's fine when it's an automated batch script to install a program, it's NOT when a password entry for a dangerous action is required. This is Vista's full-screen, greyed-out authentication dialog DONE PROPERLY. This is what Ctrl-Alt-Del is supposed to be u

  22. Re:How would a PC not need antivirus? on Windows 7 Beta Screenshots Leaked · · Score: 1

    I don't know about the Wii internals, but if it does do both of those, I'm impressed.

    Number 1 is pretty constraining, I wouldn't think of using it except in a closed system (e.g. kiosk, controlled network client).

    Number 2 is certainly more along the lines I was thinking - that's why there's an apache user on linux, a sendmail user, a this user, a that user - apache can no more wipe my home directory that a user can wipe apache's dir (or even read from it!).

    Any design of a secure operating system should start there - limit the available filesystem and permissions to that which is necessary. Game X does not need the ability to see into the Windows folder, or to overwrite Program Files or random documents. Why does Game X see ANYTHING but the files it installed/created? It's an enclosed executable, that maybe calls generic Windows library functions (DirectX etc.), it might need some scratch space and possible some permanent storage for saves and configuration files. The only "problem" there is libraries - you don't even need to be able to directly "read" files in order to call library routines in them - the OS is quite capable of acting as a secure mid-layer to sanitise your calls and call the library on your behalf. Assuming the program has been given permission in the first place.

    More importantly - with such seperation, where every program is running in a sanitised file space, with sanitised access to library functions, we automatically know what the program is trying to do. If it wants to talk to the network driver, we *know* that's what it's doing. We know it's trying to access the net, enumerate USB devices itself, access the filesystem at a low-level, print to a local printer, dial out on a serial port, etc. etc. etc.

    If it's not on a list of programs allowed to do those things (ala Zonealarm, etc.), let the OS kill it automatically and immediately if the user wants - because it's reliant on the OS in order to call anything important, the OS can shut it down, stop it spawning child threads, destroy its processes and clear its allocated memory. The seperation means that zero harm will result. And if the user wants to kill that process, let them... it dies... immediately, forcefully, taking all it's children with it, cleaning up after itself and if the user wants they can deny that program running ever again. If that programs wants access to the user's documents - why does it have to have full write access to the originals? Do a copy on write and let the *user* decide if the program is allowed to even read/write/delete that file (why does game X wants to see into my new novel in My Documents - in fact why does Red Alert 3 need to see any part of my filesystem beyond those files it's installed/created itself?).

    Why is it assumed that any random program should be able to read from an Outlook address book? Why is it assumed that a user should be able to run any program from anywhere (even on a network it's a real pig of a job to generate hashes of trusted executables and there are always ways around it)? Execute is a permission, people, Windows viruses routinely spawn children to respawn themselves and it makes them virtually unkillable. Why is it assumed that programs need access to everything? It's "admin access for everyone" and DOS-style single-user, single-program semantics all over again.

    Internet access? Bung IE in a read-only environment and make sure that any compromise leads to access to only a read-only folder of the IE program and a facility to make HTTP requests from a library and to draw on the IE window. It needs to save files in a scratch space that nobody cares about (so deny executable status there) and possibly have a download location - which could be WRITE-ONLY and not allow overwriting of existing downloads (parts of my Opera installation work this way - downloads rarely overwrite each other or have any need to). The IE program itself DOES NOT need to run those downloaded programs. That's for the user or for a library function that IE

  23. Re:The screenshots page has a tojan on Windows 7 Beta Screenshots Leaked · · Score: 2, Informative

    Er... you might want to check your machine.

    Admittedly, I'm running Opera but I didn't see anything of the sort in the page code. Maybe you hit a bad advert or maybe you've got something your end that's doing that?

  24. Screenshots on Windows 7 Beta Screenshots Leaked · · Score: 3, Insightful

    To be honest, I don't care what it looks like. So long as there's a "classic" option, that'll do, but I have much bigger problems that are not addressed by releasing videos/screenshots.

    I don't care what it looks like SO LONG as it has something I need. It doesn't look like it. In fact, it looks like they jiggered the Vista menus and toolbars a bit, renamed a few items, etc. These are changes I expect to see between SVN versions 7348738 and 7348740 of a window manager, not a "show-off" of the next version of Windows.

    The main problem I have with Windows is the laughable security - just look at that warning next to "no anti-virus software found"... those sorts of messages make me crease up.

    Antivirus software is like employing a $30/year, 500lb security guard to sit on the front step of your house and "confront" burglars, but who can't actually do anything to them because he can't stand up (and even if he could, why would he bother at $30/year?), while leaving all your doors and windows open and a ladder up to your bedroom out the back with a large sign that says "Free stuff inside" attached to it. Security Centre and UAC are like a nosey neighbour who you can't get rid of (without a lot of hassle) that likes to tell you that your security guard didn't come into work today or that some people walked out with tons of your gear but he didn't bother to call the police or anything.

    Also, I hate the pathetic attempts to set standards for everyone, rather than letting the users adjust Windows to their liking. Even Vista's "classic" mode isn't like it should be, it's impossible to get things exactly how they were in XP. And somehow the OS thinks it "knows better" than you. I daresay it does most of the time but the point is that sometimes IT DOESN'T and I need to override it, whether that's simple and personal (I don't WANT to know that I don't have antivirus, I don't WANT a new start menu) or complicated and technical (e.g. if I'm setting modelines in X). Don't like the new ribbon? Well.. tough really. We've splatted it over everything from Paint to Wordpad.

    I don't know if the release of Windows 7 is trying to cover for Vista's "mistake" (which, of course, MS has done quite well out of anyway because of the usual reasons) or whether they really think that people will want to upgrade to Vista and then to Windows 7 within the space of three or four years. Tell me that WinFS is in it, tell me it doesn't NEED antivirus or a third-party firewall any more (you could still install it, obviously, but if it didn't need it, who would?), tell me you've condensed all the versions into one quite-cheap version with no artificial limitations, tell me it's got some radical new ideas that nobody's seen before, tell me anything... but don't show me screenshots that I could mock up in seconds using Vista's menu and a quick Photoshop. Don't show me "features" that would take about 20 minutes each to write once the windowing/toolbar code was properly seperated out into new libraries. Don't show me even more of the same rubbish that I can't stand Vista for.

    In the meantime, I've got to print off that antivirus screenshot and pin it on my wall to laugh at occasionally.

  25. Re:A sad day on Comcast Discontinues Customers' USENET Service · · Score: 1

    I was using the early Netscape's, so it's not like I'm a young whippersnapper, but Usenet as a medium died about five years ago, if not more. In the unfiltered Internet, such media are pretty much useless - most of the moderated groups are empty and the unmoderated ones are full of spam. Even an RSS feed of a forum on the relevant topic is smaller, more relevant, quicker, easier and simpler to transfer between and access on different computers (try going on a cybercafe, someone else's computer, or a university setup etc. and getting your newsgroups... without setting up basically a web-interface like Google Groups, it's too much hassle).