5) I'd trust some Russian kid with my PC more than I would most major game publishers. From Sony rootkits to installers that infect your computer with SecuROM and break your CD burners, I simply don't trust major game houses not to screw up my system.
My solution is to stick to consoles and handhelds for gaming, where the system manufacturer handles the DRM. Copy protection still sucks, but at least it's developed and maintained by the same people who made the system in the first place.
Thanks! Can I make an observation, though? I think, you are, or have been, in all likelihood, a programmer, either now, or at some point in the past, because we all tend to overuse commas, stringing together clauses, separating phrases, and carving up lists, in ways that probably should not be done, even if it feels natural as we write.
And what? A few days ago, my oldest kid was talking about what it'd be like if animals were human-smart, and I remembered that I had a copy of Sterling's "Our Neural Chernobyl" downstairs in the library. Two minutes later and she was curled up in the recliner and happily reading away. I have books in there dating back to my elementary school days. Tonight, I'm sending my son to fetch Hitchhiker's because I think he'll like it and we already own it.
Second, the family library scales immensely in that we can each be reading separate books at the same time. I'm not about to buy a separate Kindle for everyone in the family.
Finally, you're not properly analyzing the "greenness" of the two methods. There is some nasty stuff inside electronics. Not that paper milling is pleasant and eco-friendly, but the point is that Kindles aren't woven from sustainable sawgrass.
eBook readers are nifty. I have a Nook and I enjoy it. By no means is it a magic cure-all, though, or inherently better than what it replaces. It's better in some ways and way worse in others. I buy stuff on my Nook that I wouldn't mind losing forever a year from now, but I'll keep buying my favorite authors' hardcovers because I want to keep that stuff around.
Within the household where I live and with my ISP [...]
Fixed that for you. My TOS doesn't look even remotely like that, and I'm running open (but mostly firewalled) WiFi for any of my neighbors who need it - and with the knowledge and assent of my ISP's owner. Don't generalize your own contractual situation.
You can go even further in that political speech is the root of all other freedoms. Without the right to complain about legislation or suggest actions, citizens are completely powerless.
I'm currently running VMware Player, with a Linux machine on it, and that runs Firefox, which crashes Way Way Too Often, usually because of Flash. I do most of my web browsing there
...followed by...
I'm also running Chrome natively, mostly for a bunch of electronics blogs like Hackaday, and occasionally for Gmail, and it's really bloated
...damn near made my head explode. Chrome is a greater memory hog than running Firefox inside a VM? There's no way you can make me believe that. Unless you're surfing child porn, your browsing setup is way over-paranoid for your stated goals. And if you are chasing unsavory content, then you've built a nice "LOOK AT ME I'M OVER HERE!" system for the authorities to dig through.
The address allocation schemes have carefully been designed to support about as many addresses as there are MAC addresses, that is, in the range of 48 bits.
But while the bottom 64 can be used for MAC-based autoconfig, they don't have to be. There's nothing preventing you from running DHCP and handing out sequentially-numbered addresses if you ever feel the need to.
How does one "ban" jury nullification anyway? I'm not aware of any requirement that you explain your reasons for voting "not guilty" or "not liable" to the judge.
Jury nullification is something which breaks the deal and makes it even harder to obtain justice as the prosecutor/plaintiff has to then worry about the opinions of the jury as to whether or not the defendant should be guilty, not whether or not they did it.
I want this. I want prosecutors to hesitate before bringing charges against someone who may be guilty of breaking a law without actually having done anything wrong.
What will Microsoft et al do without a constant supply of itsy-bitsy hyper-overpriced drives to shove into consoles? Will they be forced to buy cheaper 1TB drives off the shelf of Walmart and partition them down to a size that sounds great to a gamer and laughable to everyone else?
its a foreign car because the profit goes over seas and is invested there.
...after paying for American workers in American buildings on taxable American soil. When Toyota makes a van in Kentucky, all the labor and most of the manufacturing overhead stay in America, while some of the profits go to Japan and some go to stockholders in the form of their semi-annual dividend payments. Of those segments, overhead covers the huge portion of a vehicle's costs. I don't know what Toyota's profit margins are, but I'd bet at least 90% of the dealer price goes to manufacturing overhead.
When GM makes an Escalade in Mexico, that 90% of the overhead goes to Mexican employees and property costs, while the 10% (maybe) profit margin comes back to America.
I'd just as soon pay American employees that 90% overhead, so I bought an American Toyota.
No, not its not. If software wasn't licensed, when you 'Bought it' you could make copy's and sell it legally.
Bullshit. I own books but don't get to legally make and sell copies of them. I own DVDs but don't get to legally make and sell copies of them.
Follow the logic with me,
Too late.
when you own something, you are allowed to do anything with it. That includes making copies(yes, that includes old style media like paintings, you just cant represent them as original when you sell them),
Copy. Rights. Owning a copy of a work doesn't give you any legal right to sell duplicates of it.
you are also allowed to sell anything you own.
That's correct. There is no moral reason why I shouldn't be allowed to sell a copy of software that I bought but no longer need.
Sounds like you're doing some really cool stuff, and I admit that I'm kind of jealous because it seems like a lot of fun. Thanks again for the information!
How do you know whether the data will ever be sent to the DB? That's the problem. You can't simply mock the DB connection and watch for bad inbound queries because there might be an unsafe query that only gets executed once ever 10,000,000 page views. The hard part is telling for sure whether any given piece of data can possibly get passed to a given function, especially when you can pass functions around as arguments to other functions.
At any rate, no, you don't ever have to check the data for single quotes, etc. at all. If data is ever used to create an SQL query that gets executed (or passed back to visitors without being stripped of HTML tags), then you have a security vulnerability, period.
the media never seem to hold the businesses who left the door open to account.
To a point, I understand their logic: you don't blame the victim. But a company publishing SQL injections in 2011 should be dragged through the mud and humiliated. Maybe someone needs to start a newsroom consulting company where reporters call for technical clarification:
Reporter: Hey, Amalgamated Bookends got hacked by someone who replaced the BIOS on their RAID cards with a webserver. Who's in the wrong?
Consultant: Wow! That's a pretty ingenious trick. I hope they catch that hacker!
Reporter: Hey, Shortcake, LTD got hacked by someone who added "?admin=true" to their website's URL. Is that bad?
Consultant: See if Shortcake's sysadmin is somehow related to the owner. It bet it's his nephew.
Thanks for posting, Mark. I'm curious, though: how do you check for stupid mistakes like that in languages that allow first-class functions? For instance, in Python I could write something like:
Your scanner would have to determine that 1) call_func_with_args executes the passed-in function, and 2) there's some possibility that it gets executed with an SQL query as the first argument and unsafe data in the second. That seems on the order of solving the halting problem in trickiness. The article doesn't mention Python, but C# will happily let you pass functions around. How do you handle that?
iPhone and Android suck at ensuring your email and/or text messages get out.
[citation needed]. I have never - not once in 3+ years - ever experienced a delayed email sent from an iOS device. I'm not ever sure under what circumstances that'd be possible.
These movies where the backwoods hicks with a hunting rifle take down the interplanetary killing machine is just about the biggest grasp at unbelievable as possible.
We have nuclear missiles and smart bombs, but lose soldiers to dumb little IEDs.
Applying for a job, sure, I'd lean toward the guy who can at least feign conformity for the length of an interview. I consider that a special case, though.
So everyone else has already commented, but here's my $0.02:
You're probably getting a million emails, texts, IMs, and other alarms per day.
Make them stop.
Don't disable the alarms, but pick something that seems important and noisy and figure out why it keeps wanting to pester you. Fix the root cause. That's one less thing you'll have to deal with tomorrow.
In short, be throughput driven and not interrupt driven. I have coworkers who have to deal with 100 small fires a day - and that's not an exaggeration. When I'm in their office discussing something, we're constantly interrupted by the "new mail deal with me right this moment!" sound. Don't do that! I probably get a Nagios warning once a month or so, typically telling me that the VPN to my house is down because it's raining and my DSL sucks, and that's about all I want to hear from the network.
I hate all forms of corruption, but ill still choose a guy in a suit over a hippy in jeans a t-shirt
I wouldn't. The guy in a suit doesn't have the skills to get away with wearing jeans and a t-shirt. The "hippy" probably gets to dress like that because he's so good at his job that the company is thrilled to have him there.
I don't use non-free software. All titles on my computer have been audited to ensure they are unencumbered by the Debian project volunteers. Just don't add non-free to your sources, and all is good.
I totally respect that and commend you for living up to your own standards, but you're hopelessly naive here. The question is whether you can prove that you possess a valid license for every program on your system. Every. Program.
Do you have a license for/bin/[? You can prove that you're using the version as it was published by the FSF and amended only by people who did so in accordance with the original distribution license so that they were legally entitled to distribute it to you? Failing that, do you have proof of indemnification from Software in the Public Interest so that they'll assume any liability? See, it's possible that you're using an unlicensed/bin/[ and our lawyers are ready to assert that - unless, of course, you can show us some paperwork proving that we're wrong.
Go ahead. We'll wait. And while you're at it, what makes you think you're entitled to possess/bin/bash? No, don't answer now. One potentially infringing application at a time, please!
I'd say the BSA are scum but that does a disservice to scum. Even if you're perfectly up-to-date and legal in your licensing, they'll happily turn it into a few-years-long fiasco. Unless, of course, you're willing to settle up front with them.
And along those lines, why hasn't someone filed RICO charges against them yet?
Slashdot Mirror
And:
5) I'd trust some Russian kid with my PC more than I would most major game publishers. From Sony rootkits to installers that infect your computer with SecuROM and break your CD burners, I simply don't trust major game houses not to screw up my system.
My solution is to stick to consoles and handhelds for gaming, where the system manufacturer handles the DRM. Copy protection still sucks, but at least it's developed and maintained by the same people who made the system in the first place.
Thanks! Can I make an observation, though? I think, you are, or have been, in all likelihood, a programmer, either now, or at some point in the past, because we all tend to overuse commas, stringing together clauses, separating phrases, and carving up lists, in ways that probably should not be done, even if it feels natural as we write.
and ultimately get rid of.
And what? A few days ago, my oldest kid was talking about what it'd be like if animals were human-smart, and I remembered that I had a copy of Sterling's "Our Neural Chernobyl" downstairs in the library. Two minutes later and she was curled up in the recliner and happily reading away. I have books in there dating back to my elementary school days. Tonight, I'm sending my son to fetch Hitchhiker's because I think he'll like it and we already own it.
Second, the family library scales immensely in that we can each be reading separate books at the same time. I'm not about to buy a separate Kindle for everyone in the family.
Finally, you're not properly analyzing the "greenness" of the two methods. There is some nasty stuff inside electronics. Not that paper milling is pleasant and eco-friendly, but the point is that Kindles aren't woven from sustainable sawgrass.
eBook readers are nifty. I have a Nook and I enjoy it. By no means is it a magic cure-all, though, or inherently better than what it replaces. It's better in some ways and way worse in others. I buy stuff on my Nook that I wouldn't mind losing forever a year from now, but I'll keep buying my favorite authors' hardcovers because I want to keep that stuff around.
And what could be better than the feeling of compiling a kernel in your pocket?
I figured you were just happy to see me.
Within the household where I live and with my ISP [...]
Fixed that for you. My TOS doesn't look even remotely like that, and I'm running open (but mostly firewalled) WiFi for any of my neighbors who need it - and with the knowledge and assent of my ISP's owner. Don't generalize your own contractual situation.
You can go even further in that political speech is the root of all other freedoms. Without the right to complain about legislation or suggest actions, citizens are completely powerless.
I'm currently running VMware Player, with a Linux machine on it, and that runs Firefox, which crashes Way Way Too Often, usually because of Flash. I do most of my web browsing there
...followed by...
I'm also running Chrome natively, mostly for a bunch of electronics blogs like Hackaday, and occasionally for Gmail, and it's really bloated
...damn near made my head explode. Chrome is a greater memory hog than running Firefox inside a VM? There's no way you can make me believe that. Unless you're surfing child porn, your browsing setup is way over-paranoid for your stated goals. And if you are chasing unsavory content, then you've built a nice "LOOK AT ME I'M OVER HERE!" system for the authorities to dig through.
You see, I come to this forum to read the posts of low UID users
Are you f'in crazy?
The address allocation schemes have carefully been designed to support about as many addresses as there are MAC addresses, that is, in the range of 48 bits.
But while the bottom 64 can be used for MAC-based autoconfig, they don't have to be. There's nothing preventing you from running DHCP and handing out sequentially-numbered addresses if you ever feel the need to.
How does one "ban" jury nullification anyway? I'm not aware of any requirement that you explain your reasons for voting "not guilty" or "not liable" to the judge.
Jury nullification is something which breaks the deal and makes it even harder to obtain justice as the prosecutor/plaintiff has to then worry about the opinions of the jury as to whether or not the defendant should be guilty, not whether or not they did it.
I want this. I want prosecutors to hesitate before bringing charges against someone who may be guilty of breaking a law without actually having done anything wrong.
What will Microsoft et al do without a constant supply of itsy-bitsy hyper-overpriced drives to shove into consoles? Will they be forced to buy cheaper 1TB drives off the shelf of Walmart and partition them down to a size that sounds great to a gamer and laughable to everyone else?
its a foreign car because the profit goes over seas and is invested there.
...after paying for American workers in American buildings on taxable American soil. When Toyota makes a van in Kentucky, all the labor and most of the manufacturing overhead stay in America, while some of the profits go to Japan and some go to stockholders in the form of their semi-annual dividend payments. Of those segments, overhead covers the huge portion of a vehicle's costs. I don't know what Toyota's profit margins are, but I'd bet at least 90% of the dealer price goes to manufacturing overhead.
When GM makes an Escalade in Mexico, that 90% of the overhead goes to Mexican employees and property costs, while the 10% (maybe) profit margin comes back to America.
I'd just as soon pay American employees that 90% overhead, so I bought an American Toyota.
No, not its not. If software wasn't licensed, when you 'Bought it' you could make copy's and sell it legally.
Bullshit. I own books but don't get to legally make and sell copies of them. I own DVDs but don't get to legally make and sell copies of them.
Follow the logic with me,
Too late.
when you own something, you are allowed to do anything with it. That includes making copies(yes, that includes old style media like paintings, you just cant represent them as original when you sell them),
Copy. Rights. Owning a copy of a work doesn't give you any legal right to sell duplicates of it.
you are also allowed to sell anything you own.
That's correct. There is no moral reason why I shouldn't be allowed to sell a copy of software that I bought but no longer need.
Sounds like you're doing some really cool stuff, and I admit that I'm kind of jealous because it seems like a lot of fun. Thanks again for the information!
How do you know whether the data will ever be sent to the DB? That's the problem. You can't simply mock the DB connection and watch for bad inbound queries because there might be an unsafe query that only gets executed once ever 10,000,000 page views. The hard part is telling for sure whether any given piece of data can possibly get passed to a given function, especially when you can pass functions around as arguments to other functions.
At any rate, no, you don't ever have to check the data for single quotes, etc. at all. If data is ever used to create an SQL query that gets executed (or passed back to visitors without being stripped of HTML tags), then you have a security vulnerability, period.
The plural of anecdote is not data.
Thank you for agreeing with me that mkosmo has no data to support his ridiculous claims that Androids and iPhones aren't good at sending mail.
the media never seem to hold the businesses who left the door open to account.
To a point, I understand their logic: you don't blame the victim. But a company publishing SQL injections in 2011 should be dragged through the mud and humiliated. Maybe someone needs to start a newsroom consulting company where reporters call for technical clarification:
Reporter: Hey, Amalgamated Bookends got hacked by someone who replaced the BIOS on their RAID cards with a webserver. Who's in the wrong?
Consultant: Wow! That's a pretty ingenious trick. I hope they catch that hacker!
Reporter: Hey, Shortcake, LTD got hacked by someone who added "?admin=true" to their website's URL. Is that bad?
Consultant: See if Shortcake's sysadmin is somehow related to the owner. It bet it's his nephew.
Reporter: Hey, Sony...
Consultant: LOL dumbasses
Thanks for posting, Mark. I'm curious, though: how do you check for stupid mistakes like that in languages that allow first-class functions? For instance, in Python I could write something like:
Your scanner would have to determine that 1) call_func_with_args executes the passed-in function, and 2) there's some possibility that it gets executed with an SQL query as the first argument and unsafe data in the second. That seems on the order of solving the halting problem in trickiness. The article doesn't mention Python, but C# will happily let you pass functions around. How do you handle that?
iPhone and Android suck at ensuring your email and/or text messages get out.
[citation needed]. I have never - not once in 3+ years - ever experienced a delayed email sent from an iOS device. I'm not ever sure under what circumstances that'd be possible.
These movies where the backwoods hicks with a hunting rifle take down the interplanetary killing machine is just about the biggest grasp at unbelievable as possible.
We have nuclear missiles and smart bombs, but lose soldiers to dumb little IEDs.
Applying for a job, sure, I'd lean toward the guy who can at least feign conformity for the length of an interview. I consider that a special case, though.
So everyone else has already commented, but here's my $0.02:
You're probably getting a million emails, texts, IMs, and other alarms per day.
Make them stop.
Don't disable the alarms, but pick something that seems important and noisy and figure out why it keeps wanting to pester you. Fix the root cause. That's one less thing you'll have to deal with tomorrow.
In short, be throughput driven and not interrupt driven. I have coworkers who have to deal with 100 small fires a day - and that's not an exaggeration. When I'm in their office discussing something, we're constantly interrupted by the "new mail deal with me right this moment!" sound. Don't do that! I probably get a Nagios warning once a month or so, typically telling me that the VPN to my house is down because it's raining and my DSL sucks, and that's about all I want to hear from the network.
I hate all forms of corruption, but ill still choose a guy in a suit over a hippy in jeans a t-shirt
I wouldn't. The guy in a suit doesn't have the skills to get away with wearing jeans and a t-shirt. The "hippy" probably gets to dress like that because he's so good at his job that the company is thrilled to have him there.
I don't use non-free software. All titles on my computer have been audited to ensure they are unencumbered by the Debian project volunteers. Just don't add non-free to your sources, and all is good.
I totally respect that and commend you for living up to your own standards, but you're hopelessly naive here. The question is whether you can prove that you possess a valid license for every program on your system. Every. Program.
Do you have a license for /bin/[? You can prove that you're using the version as it was published by the FSF and amended only by people who did so in accordance with the original distribution license so that they were legally entitled to distribute it to you? Failing that, do you have proof of indemnification from Software in the Public Interest so that they'll assume any liability? See, it's possible that you're using an unlicensed /bin/[ and our lawyers are ready to assert that - unless, of course, you can show us some paperwork proving that we're wrong.
Go ahead. We'll wait. And while you're at it, what makes you think you're entitled to possess /bin/bash? No, don't answer now. One potentially infringing application at a time, please!
I'd say the BSA are scum but that does a disservice to scum. Even if you're perfectly up-to-date and legal in your licensing, they'll happily turn it into a few-years-long fiasco. Unless, of course, you're willing to settle up front with them.
And along those lines, why hasn't someone filed RICO charges against them yet?