Our money is pretty boring compared to "exciting" foreign
money.
That's a feature, darnit! Even with our new, more open, cleaner
looking bills, US greenbacks are still the most evil looking money in the
world. Black and green with dense and archaic patterns. Thanks to the
slightly colored cloth stock they print on, our money starts out looking
slightly grimy (crisp, but grimy). Can you picture a suitcase of Euros looking
as menacing as a suitcase of US dollars? US bills demand respect.
Our money reminds viewers that it is the root of all evil.
Fundamentally flawed? For a fundamentally flaws model, it works pretty darn
well.
Instead of starting with "what could we have in a perfect world," start with
"how can we make what we have better." People who try to do the perfect
solution immediately tend to fail. Incremental solutions tend to work best.
The "perfect" solution you suggest have lots of issues that would take a
great deal of time and money to sort out. To move video from the centralized
server to me requires high speed bandwidth to every customer. Huge
amounts of bandwidth. (About 600 kilobytes per second for Tivo's medium
quality according to back of the envelope calculations.) While I look forward
to cheap and plentiful bandwidth, it isn't here yet for most people. Also,
when you have a centralized server serving shows on demand, it starts to look
suspiciously like rebroadcasting. Again, a solvable problem, but it would take
alot of work to work it out with television networks and Hollywood. And in
that legal give and take, you're like to see things like "No program can be
kept for more than 6 weeks," and "Programs can only be viewed 5 times per
household."
If it helps, think of the Tivo as the stepping stone to a better designed
future system. But I doubt it. We moved from mainframes to PCs as people
desired more personal control and exclusive use even though it cost us
efficiency in many cases. Tivo is similar, it may be inefficient, but it's
mine.
Explain to me how a company with programmers on its payrool, and
that supports open source can protect itself against code/ideas thieves if they
don't patent their ideas? I just try really hard to understand what is the
right balance between using open source to free users from proprietary software
and still being able to have some ways of making a buck or two by protecting
ideas.
The first part of the answer is: most companies with programmers on the
payroll don't make any money selling the software or enforcing
patents. Most software is developed for in house use or to solve a particular
problem for a specific customer. So only the minority of companies need to
worry about this at all.
If you're releasing under the GPL, your competitors will be unlikely to take
your source. If they do, they either have to release their source back to you
so you can take their improvements, or they're infringing copyright and you can
sue them.
As for "stealing ideas," an even smaller number of companies develop any
ideas worth patenting. Most software which is sold uses well understood,
non-patentable techniques.
As for stealing your ideas, so what? Companies like Cygnus and Red Hat
managed to do alot of business selling a product that wasn't patented. Only
recently did Red Hat start getting defensive patents. There are other things
to sell beyond a monopoly on an idea. Most notably, if you had the idea first
and developed it to fruition first. Who is going to be able to have the first
to market advantage? You. Who is going to be in the best position to push the
idea to its limits and maintain the cutting edge? You.
Will the elimination of software patents reduce the profitability of some
software companies? Certainly. But it will be a very small number of
companies. Those companies will still have some advantages in the market.
And if the market grows and competition increases as a result, maybe it's a
good idea.
Actually, you might be seeing identical prices because capitalism is working.
Given smoothly functioning capitalism, CompUSA, Best Buy, and Circuit City have independent incentive
to set the price as low as possible (given the cost to them to acquire, market, and sell the product). If their price is
high, customers will go to another place for a better price. So in theory all three will logically head toward the equalibrum point just a bit over their cost.
Given that all three have been playing this game for a while, they probably have a good
idea of where that equilibrum point is for new products.
That said, it could also be evidence of price fixing. The problem is determining which is really occuring.
the US copyright laws ensure that an author (not someone else) gets
the exclusive right to decide how his works are used. if you take it upon
yourself to distribute copyrighted works, you deprive the author of the only
thing the copyright laws give him.
My point is not that copyright infringment is acceptable. Quite the
contrary, I believe copyright is a great idea and support it. Copyright
infringement should remain a crime. My point is that copyright infringment is
a very different crime than physical theft. Attempting to compare them is a
mistake.
Relatedly, copyright does not give the author exclusive control over how his
works are used. Copyright grants exclusive rights of reproduction and public
performance. I'm free to take a copy I've legally acquired and loan it out,
give it away, resell it, modify it, replace parts of it, reverse engineer it.
I can even reproduce it in very limited ways (mostly for backups, format
shifting, and other strictly personal uses). It's important to not erroneously
believe that copyright grants too much power. Copyright was a trade off, and
we didn't give everything away to creators. May producers of copyrighted
materials are attempting to claim rights they don't have. They're doing this in
part by manipulating the language, comparing copyright infringement with
physical theft.
Sharing? How about next time you park in the parking lot, someone
"shares" your car and takes it to the local chop shop to "share" the parts with
others. Or someone sticks you up on the street, takes out your wallet and
forces you to "share" your money with him. Copying software illegally is THEFT,
whether or not that person would have gone out and paid for a copy on his own
accord.
That is not a fair comparison. As a rule, making infringing copies of
software requires access to the original. So this is isn't a case of someone
random trying to "share" my car or my wallet without my permission. This is my
chosing to make something of mine available to others to copy. A
better (but less realistic) example would be if I could put my car on the
street and invited anyone who wandered by to push a button to create an instant
copy. Strangers and friends would be able to get a nice car, and I'd get to
keep my original. Totally different. With theft you have taken
something from me and I no longer have it. With copyright infringement, I
still have my original to enjoy.
Now there are arguments against copyright infringement, most importantly
that you make it much harder to fund the creation of new works, but it's a
totally different situation.
By labelling copyright infringement as theft, you are make these two very
different situations appear to be equally bad. They are not, it's important to
keep them different. Labelling it piracy is worse. If people are thinking
about copyright laws in the sense of theft and piracy, we're unable to have
intelligent discussions about the future of copyright. By demanding a more
careful usage of the terms, people hope to keep the two distinct.
Blizzard (through Vivendi) is accountable to its shareholders.
This means, as a corporation, they are legally obligated to protect their
property and assets, and also obligated to select a tested, proven business
model which represents a minimal risk and maximal chance of profit.
Fascinating. The same claims hold true for tobacco companies, Enron, and
drug cartels. Why exactly is this relavent to the discussion? A companiecs
obligation to please the shareholders is not my problem. (And a company
can try untested, unproven business models if it can get shareholder
buy-in. It can be tricky, especially when the risk is high, but it happens.
Ultima Online was a new, risky idea. Energy futures markets were also untested
(Enron).)
If you think Open Source is ALWAYS better than Proprietary, then
why the hell is Blizzard's software so fucking good? Now that they've proven
you wrong, the only way you can rectify the situation is by boycotting the
software.
Sorry, you've apparently completely misread the intentions of
people who support bnetd. The people who support bnetd are people who support
Blizzard's software. There is no claim that Open Source is superior. These
are just people who want to use the product they purchased in a way that
Blizzard doesn't agree with. No wild claims about the superiority of Open
Source, just a desire to run their own servers.
It is not in the Open Source community's best interest to try to
strongarm or coerce companies to open their source (or to allow
interoperability, or any other changes to their business model)
So why not? Because we'll somehow stifle Blizzard's ability to make money,
and thus create new products? Somehow other industries manage to survive with
third party competition for replacement parts. Interoperatability isn't an
open source/closed source issue. It's a competition/monopoly issue. bnetd
isn't a problem because it's open source. bnetd is a problem because it's
competition. As a consumer I win when there is competition for replacement
parts. I can buy replacement parts for my car without involving Subaru. I
own third party memory cards, controllers, and cables for my Playstation 2.
Yet somehow Subaru and Sony survive.
What about the fact that we STILL don't really take advantage of
gfx hardware for 2D presentation? or the fact that fonts still look like
ass?
What are you talking about? Thanks to various bits of acceleration in
XFree86, my desktop is zippy fast. Games and DVDs play as smoothly as I could
want. Ugly fonts? Well, yes, truly free fonts tend to be a bit weaker.
However, you can easily get the fonts Microsoft generously makes available for
free, using the webFonts4Linux
script. They won't be quite as nice as on Windows by default thanks to a
patent on the TrueType hinting engine, you can either build your own FreeType
library to include the patented code, or you can use anti-aliased fonts. KDE
has anti-aliased fonts and Gnome is right on its heels.
If you think we can laugh at others, check those market share
figures. We have a lot of work to do.
First, it doesn't matter what our market share is. So long as the
community continues to grow, there will be a future. Second, The latest market
figures for servers show Linux as gaining market share. On desktops, things
aren't quite so good, but we're definately increasing our numbers. Things are
looking quite good in the long run. Yes, there is a lot of work to do, and we
need to remain honest of how far we have to go. But some cheerleading and
hyping our strengths is key.
Nor should tax dollars be spent on Bic pens, or Bostitch staplers,
or Lockheed jets, or any other product built by an evil moneygrubbing
company!
That's not a fair generalization. The government can easily switch to
another brand of pen, stapler, or jet without worrying interoperatibility with
a existing supplies of paper or the existing air traffic control system. There
aren't alot of security issues for a government office using a monoculture of
Bic and Bostitch. The government is free to disassemble any pens, staplers, or
jets they buy to search it for spying devices, attempt to repair problems, hire
a third party to hire problems, or customize the products for their use. There
isn't alot of risk of a license audit coming from Bic, Bostitch, or Lockheed.
Games with huge numbers of people like EverQuest will suffer from a certain
number of bad apples, just like the real world. They're ultimately going to
need to rely on policing, technology can't solve everything.
Fortunately, many games don't have huge numbers of players. Quake games peak at a few dozen. Even as small scale games grow, there are practical limits that will keep size down.
There is a partial solution I haven't seen implemented yet: trust networks.
To play, you generate a public key and share it with all of the other players.
As you play, you mark other players as being friends. (You can also blacklist
them, but it's easy for the other person to create a new identity, so it's only
a very small part of the solution.) When you mark another player as a friend,
your client provides them with a signature proving that you marked them as
such. Then based on these networks of trust you can make judgements about who
to play with. When you create a game, you might limit it to "my friends, my
friends' friends, and 3rd generation friends if they have at least three
references from 2nd generation friends." Maybe you leave a spot or two open
for anyone to hop in on as a way to make new friends (and if they're a punk,
you and your friends can blacklist him quickly).
This will make it harder for truely new people to make initial friends.
Many gamers will know at least a few real-life friends who can give them a hand
up. For the rest, they'll regrettably have to spend some time learning who
they can trust. It's a shame, but it's just like real-life.
There are few details I'm admittedly handwaving (key revokation, special case exceptions), but they're all solvable problems. I'd really like to see a system like them when I play Quake, Half-Life, Diablo II, or Dungeon Siege online.
Re:Perl's had it's day - It's become like COBOL
on
Apocalypse 5 Released
·
· Score: 2
To move on to languages that learnt from perl, that improved on it,
that don't have to drag around a syntax and culture that values neat tricks and
trying to guess what the programmer really meant over providing the needed
building blocks and letting you build code that does what you say, not what it
thinks it heard you say.
You're not that familiar with Perl culture, are you? Providing needed
building blocks? We've got CPAN, a
frighteningly large library of building blocks.
Sure, Perl values neat tricks. So do C
hackers. Sure, sometimes the tricks are strictly for
entertainment value. What's the harm (assuming you don't do anything
foolish like using it in production code)? Sometimes a little trick will get a
throwaway tool written and used more quickly.
As for the syntax, that's exactly what Larry is working on right now. The
language has become a bit crufty, Perl 6 will try to clean out the cruft. I
have no idea how well it will work, that's to be seen.
Or even, dare I say it, to move on to languages outside the perl
family for some programming and choose the right tool for the job for a change.
Really out of the Perl culture loop, I see. Perl is all about using the
right tool for the job. Part of Perl's strength is as a glue language: use
whatever tool best fits a particular job, but when you've run into several
tools, Perl makes it easy to glue them together. Perl has many ways to call
over programs and process their output. Perl can call libraries written in
other languages. Perl can be embedded into other languages. Perl tries its
hardest to play nice with everyone else. In almost every case, you could
provide a 100% Perl solution, but the Perl culture values the right tool for
the right job, so it makes sense to make using other tools easy.
Sometimes you have a problem where Perl has nothing to add to a particular
solution. The true Perl spirit is to leave Perl out.
True Perl hackers value working solutions over using their favorite tool.
Perl was great, it introduced many people to programming, just like
COBOL did. But now it's time to move on.
COBOL didn't adapt to any significant extent. It was largely limited to its
roots. Perl adapts. Perl has done as well as it has because it's a powerful
and flexible language. Perl looks daunting because of its size, people miss
that Perl is best learned like a human language, slowly and over time. Perl,
like a human language, has adapted to changing times, picked up good ideas, and
generally stayed fluid. When Perl was originally created, the web didn't
exist, yet Perl proved to be an exception language for all sorts of web work.
Why? Because Perl had lots of powerful primatives upon which was quickly built
libraries to support common tasks.
These terms are identical to those terms that are present within the Tivo service license agreement.
They most certainly are not identical. Tivo makes no restrictions on hacking the hardware, ReplayTV does. Also, while Tivo can cancel my service if I actually infringe someone's copyright, with ReplayTV, Sonicblue can cancel my service if I am "alleged to infringe." Tivo's license agreement isn't perfect, but it has limits and yields the customer some reasonable freedom.
I work in the IT department for a newspaper and without ads the
cost of a daily newspaper would go from 75 cents to nearly 20 dollars
iirc.
So the newspaper is deriving $19.25 of income from advertising per copy
sold? Furthermore, the newspaper has expenses on the order of $19.25 to
publish each copy? I don't believe it.
My local newspaper had a average daily paid circulation of 108,246 copies in
the fall of 2000. I'm kinda curious about what expenses they have that total
two million dollars per day. I'm astonished that three quarters of a
billion dollars a year flows through our city's newspaper.
$20 newspapers? I don't think so. Without advertising newspapers would certainly rise in price, but not to $20 an issue.
My advice to people who seek symapthy in dark arts is to, rather
than seeking temporary solice from angry music and simulated blood sport,
endeavor instead to change yourself, your life, your job, etc., so that you are
no longer trapped in systems designed to keep you in misery and
frustration.
"people who seek sympathy in the dark arts"? What is that supposed to mean?
I thought the dark arts generally refered to witchcraft. Given the context, I
guess you mean "people who play gory video games and watch horror movies." I
don't know any who looks to games like Doom for sympathy or support. ("Gee,
something helps console me like fighting off zombies"?) None of them chose their
games because of the "quality" of the gore. The people I know who play games
like Doom play it because they are generally contented, safe, and happy in their
lives. It can be entertaining to safely experience emotions we thankfully don't
get in our day to day lives: fear, sadness, revulsion. Experiencing a bit of
terror every once in a while helps you appreciate life more when you don't need
to experience it.
Obsessing over death, fear and sadness in games, music, literature
and film lowers people and makes them
less.
Obsessing about anything is unhealthy and makes you less. But for a
particular game to chose to focus on part of it doesn't mean that there is an
obsession. All things in balance. Fear, sadness, and death are part of the
human condition, to write them out of our game, music, literature, and film is
to turn our culture into bland, useless waste that fails to better us as human
beings. For every comedy, we need some tragedy. For every Midsummer Night's
Dream, a Hamlet.
Life power, awareness and happiness will similarly increase as you
focus away from sad things.
You know what cheers me up when everything seems like it is going wrong? I
cue up the most depressing music I can find. I wallow in my depression for a
bit and then I get over it. Life has a dark side, ignoring it will detach you
from reality and your fellow human beings.
My business relies on people finding my website, then emailing me
directly. NONE of my prospective clients would try again if they got a "who are
you?" message back that they then had to do something special to reply to so I
would see their message.
That's why I said that the switchover is going to be so hard. It's
possible, but we need to automate the entire process (including the
verification emails) as much as possible.
Also, this filtering does have exceptions. If you're expecting to get lots of new people emailing you, this sort of filter probably isn't a good idea. It's more of a personal solution. Foruntately, if you can get a significant majority of individuals using such a system, spam will be cut down for everyone since it ceases to be worth the effort.
Furthermore, your customers wouldn't try again yet. Spam isn't bad
enough. It will get bad enough. It's not hard to send spam that varies enough
from target to target to make it hard to find. Laws here (whereever here is
for you) won't stop spam coming from "there". As spammers get more clever,
everyone will start getting more spam than legit email. Your customers will
expect to deal with such autoresponders because they'll be running one themselves.
I don't like this solution. However it's clear to me that legal
solutions can't work (the internet is global), and other technological
solutions can be and are worked around. (Address filtering was foiled a long
time ago with random email addresses. Blacklisting IPs filters out legitimate
email in addition to bad email. Keyword and pattern detection is always
playing catchup with the latest fads. I fully expect next generation spammers
to randomly assemble "custom" messages per target (reordering sentences and
paragraphs) to defeat various pattern and quantity detectorys.) Whitelists are
the only sure thing. (And since spammers can randomly attack to find addresses
in whitelists, senders will need to cryptographically sign things that your
whitelist can check.) This system will make getting onto whitelists alot
easier.
Re:The last quote interests me...
on
Hacking Web Services
·
· Score: 2, Interesting
Note that postage is basically a pay-to-play system. Will it
discriminate against people accessing the Internet on Pentium 1s?
I was a bit hand-wavy. (Ooh, look at me, I'm a futurist!)
The key is to just add a very small cost. The advantage using CPU time as the cost is that it's easy to automate. However you have a good point.
If we don't change anything else, yes, mail from slower machines will take longer to be delivered.
A problem that takes my computer a minute might take a lesser machine ten minutes.
However, it's not that terrible, you should be adding friends, coworkers and other people
you want to get email from to your whitelist, so they'll be paying the penalty only once.
In fact, this can be automated as well: anyone who answers the question one can either be added to your whitelist (and if you later decide you change your mind, moved to a blacklist). Or your mail reader could return a ticket to avoid the answer after answering the question once. Again, you could revoke a ticket if you determined someone was harassing you.
The other solution is to skip computers and force human interaction. Each user would generate a simple puzzle that is hard for computers to parse. The sender will get the puzzle back and his email won't go though until he answers it.
You would only need one puzzle, the key is that it needs to be hard to parse with a computer. For example "What is 6 times seven? Add one to the result. Subtract three. Repeat the second step with a tenfold larger number."
Re:The last quote interests me...
on
Hacking Web Services
·
· Score: 5, Interesting
Solving the spam problem technically seems to be impossible though.
People have been trying to do that forever.
The solution exists, it's just that the transition to the solution will be painful, so
we're desperately trying to avoid it.
The solution is whitelists and "postage".
Put all your friends in a whitelist. Main from them is delivered instantly.
Anyone else who emails you gets an autoreponse, "I don't know you. To ensure that you're a real human being, you'll to need to run the postage program to get the result for the code ABAASDFFEFEF".
The program needs to be open source and easily verifyable for security reasons. The program solves some problems that is hard to compute (say 60 seconds), but easy to verify.
One example would be a brute for cypher break on a simple cypher. The senders email client can handle this autoreponse automatically,
shielding the sender from needing to deal with it (Gee, my computer gets slow for a bit when I email someone new).
Spammers, on the other hand, would need to either limit their spamming so they have time to generate valid
responses, or would need to invest in expensive hardware to generate the responses fast enough. End result: It's no longer cheap and easy spam.
There are a few other details to make mailing lists feasible, but it's doable.
However, this effort would require everyone to upgrade their mail clients or to use external programs to manage this. Given that extremely slow adaptation of other email
security features, I'm not optimistic.[B
Of course I'm going to get modded down for "being a racist" or
"being flamebait" because God forbid someone should say that a particular
religion is inferior to other religions and that it should be excluded from the
global debate on how to make the world a better place because it has a truly
horrific history.
And Christianity doesn't? Christianity brought us the Crusades. Hilter
attempted the genecide of Jews to purify the German empire from Christianity.
"Heathens" around the world, be they asian or native american, have died for
failure to convert to Christianity. Assassinations and bombings against doctors
and clinics which perform abortions are done by men and women who believe they
are doing God's work.
Just because someone claims to represent a religion doesn't mean that they
really do. There are extremists prepared to engage in horrific actions in every
religion. The label all of Islam as evil is to label a great many good people.
It's would be more constructive to focus on labelling those extremists which
engage in terrorism and enact opposive governments as evil. Furthermore, people
and religions change. The Catholic church recent apologized for their implicit
support of the holocaust.
Furthermore, if you exclude Islam from the global debate, you give the
extremists more arguments toward extremeism. "See, they refuse to try and reach
a peaceful solution with us. Clearly they plan on 'peace' with us by killing
us. We must fight back now!" When you stop talking with someone, war
When people insult Christianity and Judaism and proudly declare
themselves to hate Christianity or Judaism, you don't see conservative
Christians and Jews lining up to strap C4 to their bodies and suicide bomb their
"enemies."
I didn't think that the middle east unrest was the result of insults and name
calling. I doubt your average suicide bomber's primary goal is to simply
silence open criticism. Sure, they're like to silence criticism, but
that's not why they are willing to die. They're fighting over diverse politic
issues including the ability to form a sovereign state, freedom from undesired
foreign military bases on their land, and fear that they are being marginalized
by the world. Perhaps their beliefes on these matters are wrong, but they can't
be dismissed.
The moment you decide another group of human beings cannot be reasoned with
and you close off dicussions with them, you become the group unwilling to
discuss. At that point there can be only war. Be damn sure you're willing to
pay that price. Are you prepared to fight in an all out war against Islam? Are
you prepared to label the many Muslims in the United States (or whereever you
are) "enemy"?
This demonstrates perfectly how the job of the police has gone from "protecting the law-abiding" to "hunting down criminals." What is the point of locking up some guy for trying to steal a car that was designed to be stolen?
What's the point? There are a certain number of people who want to steal cars. Given the choice between: 1) Criminal steal bait car, gets caught nearly 100% of the time and is off the streets for at least a short time and 2) Criminal steals my car (or my friends car, or my parents car), gets away nearly 100% of the time, and is able to steal another car tomorrow. I'd prefer the bait car, thanks.
Prostitution and drug dealing is arguably different. If the law and the police weren't involved, everyone involved would be willing to allow the action (the sale of sex/drugs) to occur. Car theft is different. As the owner of the car, I never want someone to steal my car. There are no sane arguments for why car theft is good. Catching someone who steals cars is good. These people are predators who know that they are breaking the law and know that they are depriving another human being of their physical property.
Law enforcement is supposed to product the law-abiding. Protect them from what? Criminals. Catching the criminals before they steal from the law-abiding seems like effective, pro-active protection to me.
I for one hope police use bait like this in more cases, I know too many people who have had car windows smashed and car stereos stolen. I know too many people who have had apartments broken into.
Holy moley. I've had more gained more in depth knowledge about their
books from 2 minute conversations with strangers on the bus.
You clearly have a superior bus system to mine.
When I have two minutes conversations with strangers on buses, I only gain in depth knowledge about massive
conspiracies by Major League Baseball to
control our minds with satellites.
There's also the concept of "need to know". If the concept works for world affairs and national security, i'm fairly sure it can work pretty well for plain-jane trucks.
My point isn't that secrecy and obscurity are useless, my point is that they need to be supported with additional protection. Secrecy alone is too easy to defeat. Eventually someone has a valid "need to know", and some of those people will be corruptable.
But if you're relying on it as your sole defense, you're foolish.
Foolish is making assuptions about things that were not asserted.
My apologies if I wasn't clear. That particular point wasn't intended to be directly targeted at the "secret routes of regular trucks hauling dangerous / secret / valuable things" example. My point is that secrecy and obscurity are very weak if they are the only defense employed. As a first layer of defense obscurity is a good tool for weeding out many attackers easily. This applies to computers and real life.
Changing the banner sendmail emits won't even slow a dedicated attacker, but will reduce attacks from script kiddies.
In the example of hauling valuable goods, if someone were to rely strickly on the secrecy of the route, a dedicated thief could eventually find the truck. Varying the route helps, but only increases the difficulty of finding the truck, it doesn't make it impossible. However, I suspect most of these "plain-jane" trucks are not as plain as you claim, and the shipments are further supported by a system to protect it. Off the top of my head, I can think of a number of low cost things that could be done to protect the trucks: Equip the driver's with cell phones, if anything odd happens, call it in. Equip the trucks with GPS systems that constantly call a central base with their location. Put really good locks on the doors. Add a "panic button" that sets off internal sirens (a standard car alarm would work fine) and contacts the central base. Set up a system where the driver is expected to call in its status regularly. If he misses a call, start following up on the situation.
This is more of a general rant than about the specifics of this case, but since the discussion has veered into general free speech issues, I think it's appropriate.
Thanks to the DMCA and similar restrictions, publishing information on cracking dongles (hardware keys for software) is basically illegal. Concrete details on how to crack a dongle definately is. The people putting up information on cracking dongles usually do so for the sole purpose of encouraging others to use illegal copies of software. Clearly the dominant use of this information is criminal.
So what's the harm in censoring this speech?
Well, several years ago I was asked to investigate adding copy protection to a new software product (now defunct). My initial research focused on "respectable" publications on the subject. I found almost nothing useful. If the information I found was to be believed, dongles were practically impossible to defeat. So I extended my search to cracker sites. Now I found something. I discovered that all dongle technologies have been defeated on a case by case basis. I discovered which dongle technologies were trivial to defeat and which were very hard to defeat. I learned specific, concrete weaknesses and arguments for and against dongles. With this information I was able to provide solid information for my employers to use to make a decision.
Let's say that the information on dongle cracking had been removed from the web. Well, my research would have been mostly fruitless. I would have had to largely rely on the misleading claims of the manufacturers themselves and reviews that didn't make serious attempts to defeat the dongles. However, the crackers would still have access to the information, passed around via instant messaging, password protected ftp, email, and other techniques. Dongles would still be insecure, but I wouldn't be able to make reasoned decisions about them.
The problem with security through obscurity is that once the information is revealed, it's nearly impossible to stop. The Radikal magazine information is already available to anyone who really wants it. No amount of censorship will stop someone who wants to see it from getting it. Anyone who downloaded it before it was taken down still has a copy. They can email it to others, print it out, hand out photocopies, make handwritten copies, or distribute it in any number of ways. As a civilization, we've spent a great deal of time and effort to make it easy to duplicate information. Stopping the flow of information people want is impossible in all but the most limited of cases.
Security by obscurity in the physical world is a de facto standard and is paramount to many security issues. For example, like it or not, our goverment uses plain-jane trucks to move radioactive elements, high explosives, deadly biological materials, and large volumes of currency throughout our nation. By not having the routes, the trucking schedules and payload information, a high degree of security is available. This is exactly security through obscurity. Would you want this information to be available? I know I sure wouldn't.
Great, so by relying on everyone involved keeping this a secret, all it takes is for the secret to leak once and these shipments are put in danger. A single person can unravel the whole thing, perhaps under torture, threat, blackmail, bribery, or simple malice. Spies exist.
Keeping the information secret does help. It weeds out many potential criminals. It reduces expenses defending against attacks that can't possibly succeed, but might cost money to stop. But if you're relying on it as your sole defense, you're foolish.
Slashdot Mirror
That's a feature, darnit! Even with our new, more open, cleaner looking bills, US greenbacks are still the most evil looking money in the world. Black and green with dense and archaic patterns. Thanks to the slightly colored cloth stock they print on, our money starts out looking slightly grimy (crisp, but grimy). Can you picture a suitcase of Euros looking as menacing as a suitcase of US dollars? US bills demand respect. Our money reminds viewers that it is the root of all evil.
Fundamentally flawed? For a fundamentally flaws model, it works pretty darn well.
Instead of starting with "what could we have in a perfect world," start with "how can we make what we have better." People who try to do the perfect solution immediately tend to fail. Incremental solutions tend to work best.
The "perfect" solution you suggest have lots of issues that would take a great deal of time and money to sort out. To move video from the centralized server to me requires high speed bandwidth to every customer. Huge amounts of bandwidth. (About 600 kilobytes per second for Tivo's medium quality according to back of the envelope calculations.) While I look forward to cheap and plentiful bandwidth, it isn't here yet for most people. Also, when you have a centralized server serving shows on demand, it starts to look suspiciously like rebroadcasting. Again, a solvable problem, but it would take alot of work to work it out with television networks and Hollywood. And in that legal give and take, you're like to see things like "No program can be kept for more than 6 weeks," and "Programs can only be viewed 5 times per household."
If it helps, think of the Tivo as the stepping stone to a better designed future system. But I doubt it. We moved from mainframes to PCs as people desired more personal control and exclusive use even though it cost us efficiency in many cases. Tivo is similar, it may be inefficient, but it's mine.
The first part of the answer is: most companies with programmers on the payroll don't make any money selling the software or enforcing patents. Most software is developed for in house use or to solve a particular problem for a specific customer. So only the minority of companies need to worry about this at all.
If you're releasing under the GPL, your competitors will be unlikely to take your source. If they do, they either have to release their source back to you so you can take their improvements, or they're infringing copyright and you can sue them.
As for "stealing ideas," an even smaller number of companies develop any ideas worth patenting. Most software which is sold uses well understood, non-patentable techniques.
As for stealing your ideas, so what? Companies like Cygnus and Red Hat managed to do alot of business selling a product that wasn't patented. Only recently did Red Hat start getting defensive patents. There are other things to sell beyond a monopoly on an idea. Most notably, if you had the idea first and developed it to fruition first. Who is going to be able to have the first to market advantage? You. Who is going to be in the best position to push the idea to its limits and maintain the cutting edge? You.
Will the elimination of software patents reduce the profitability of some software companies? Certainly. But it will be a very small number of companies. Those companies will still have some advantages in the market. And if the market grows and competition increases as a result, maybe it's a good idea.
That said, it could also be evidence of price fixing. The problem is determining which is really occuring.
My point is not that copyright infringment is acceptable. Quite the contrary, I believe copyright is a great idea and support it. Copyright infringement should remain a crime. My point is that copyright infringment is a very different crime than physical theft. Attempting to compare them is a mistake.
Relatedly, copyright does not give the author exclusive control over how his works are used. Copyright grants exclusive rights of reproduction and public performance. I'm free to take a copy I've legally acquired and loan it out, give it away, resell it, modify it, replace parts of it, reverse engineer it. I can even reproduce it in very limited ways (mostly for backups, format shifting, and other strictly personal uses). It's important to not erroneously believe that copyright grants too much power. Copyright was a trade off, and we didn't give everything away to creators. May producers of copyrighted materials are attempting to claim rights they don't have. They're doing this in part by manipulating the language, comparing copyright infringement with physical theft.
That is not a fair comparison. As a rule, making infringing copies of software requires access to the original. So this is isn't a case of someone random trying to "share" my car or my wallet without my permission. This is my chosing to make something of mine available to others to copy. A better (but less realistic) example would be if I could put my car on the street and invited anyone who wandered by to push a button to create an instant copy. Strangers and friends would be able to get a nice car, and I'd get to keep my original. Totally different. With theft you have taken something from me and I no longer have it. With copyright infringement, I still have my original to enjoy.
Now there are arguments against copyright infringement, most importantly that you make it much harder to fund the creation of new works, but it's a totally different situation.
By labelling copyright infringement as theft, you are make these two very different situations appear to be equally bad. They are not, it's important to keep them different. Labelling it piracy is worse. If people are thinking about copyright laws in the sense of theft and piracy, we're unable to have intelligent discussions about the future of copyright. By demanding a more careful usage of the terms, people hope to keep the two distinct.
Fascinating. The same claims hold true for tobacco companies, Enron, and drug cartels. Why exactly is this relavent to the discussion? A companiecs obligation to please the shareholders is not my problem. (And a company can try untested, unproven business models if it can get shareholder buy-in. It can be tricky, especially when the risk is high, but it happens. Ultima Online was a new, risky idea. Energy futures markets were also untested (Enron).)
Sorry, you've apparently completely misread the intentions of people who support bnetd. The people who support bnetd are people who support Blizzard's software. There is no claim that Open Source is superior. These are just people who want to use the product they purchased in a way that Blizzard doesn't agree with. No wild claims about the superiority of Open Source, just a desire to run their own servers.
So why not? Because we'll somehow stifle Blizzard's ability to make money, and thus create new products? Somehow other industries manage to survive with third party competition for replacement parts. Interoperatability isn't an open source/closed source issue. It's a competition/monopoly issue. bnetd isn't a problem because it's open source. bnetd is a problem because it's competition. As a consumer I win when there is competition for replacement parts. I can buy replacement parts for my car without involving Subaru. I own third party memory cards, controllers, and cables for my Playstation 2. Yet somehow Subaru and Sony survive.
What are you talking about? Thanks to various bits of acceleration in XFree86, my desktop is zippy fast. Games and DVDs play as smoothly as I could want. Ugly fonts? Well, yes, truly free fonts tend to be a bit weaker. However, you can easily get the fonts Microsoft generously makes available for free, using the webFonts4Linux script. They won't be quite as nice as on Windows by default thanks to a patent on the TrueType hinting engine, you can either build your own FreeType library to include the patented code, or you can use anti-aliased fonts. KDE has anti-aliased fonts and Gnome is right on its heels.
First, it doesn't matter what our market share is. So long as the community continues to grow, there will be a future. Second, The latest market figures for servers show Linux as gaining market share. On desktops, things aren't quite so good, but we're definately increasing our numbers. Things are looking quite good in the long run. Yes, there is a lot of work to do, and we need to remain honest of how far we have to go. But some cheerleading and hyping our strengths is key.
That's not a fair generalization. The government can easily switch to another brand of pen, stapler, or jet without worrying interoperatibility with a existing supplies of paper or the existing air traffic control system. There aren't alot of security issues for a government office using a monoculture of Bic and Bostitch. The government is free to disassemble any pens, staplers, or jets they buy to search it for spying devices, attempt to repair problems, hire a third party to hire problems, or customize the products for their use. There isn't alot of risk of a license audit coming from Bic, Bostitch, or Lockheed.
Games with huge numbers of people like EverQuest will suffer from a certain number of bad apples, just like the real world. They're ultimately going to need to rely on policing, technology can't solve everything.
Fortunately, many games don't have huge numbers of players. Quake games peak at a few dozen. Even as small scale games grow, there are practical limits that will keep size down.
There is a partial solution I haven't seen implemented yet: trust networks. To play, you generate a public key and share it with all of the other players. As you play, you mark other players as being friends. (You can also blacklist them, but it's easy for the other person to create a new identity, so it's only a very small part of the solution.) When you mark another player as a friend, your client provides them with a signature proving that you marked them as such. Then based on these networks of trust you can make judgements about who to play with. When you create a game, you might limit it to "my friends, my friends' friends, and 3rd generation friends if they have at least three references from 2nd generation friends." Maybe you leave a spot or two open for anyone to hop in on as a way to make new friends (and if they're a punk, you and your friends can blacklist him quickly).
This will make it harder for truely new people to make initial friends. Many gamers will know at least a few real-life friends who can give them a hand up. For the rest, they'll regrettably have to spend some time learning who they can trust. It's a shame, but it's just like real-life.
There are few details I'm admittedly handwaving (key revokation, special case exceptions), but they're all solvable problems. I'd really like to see a system like them when I play Quake, Half-Life, Diablo II, or Dungeon Siege online.
You're not that familiar with Perl culture, are you? Providing needed building blocks? We've got CPAN, a frighteningly large library of building blocks.
Sure, Perl values neat tricks. So do C hackers. Sure, sometimes the tricks are strictly for entertainment value. What's the harm (assuming you don't do anything foolish like using it in production code)? Sometimes a little trick will get a throwaway tool written and used more quickly.
As for the syntax, that's exactly what Larry is working on right now. The language has become a bit crufty, Perl 6 will try to clean out the cruft. I have no idea how well it will work, that's to be seen.
Really out of the Perl culture loop, I see. Perl is all about using the right tool for the job. Part of Perl's strength is as a glue language: use whatever tool best fits a particular job, but when you've run into several tools, Perl makes it easy to glue them together. Perl has many ways to call over programs and process their output. Perl can call libraries written in other languages. Perl can be embedded into other languages. Perl tries its hardest to play nice with everyone else. In almost every case, you could provide a 100% Perl solution, but the Perl culture values the right tool for the right job, so it makes sense to make using other tools easy.
Sometimes you have a problem where Perl has nothing to add to a particular solution. The true Perl spirit is to leave Perl out.
True Perl hackers value working solutions over using their favorite tool.
COBOL didn't adapt to any significant extent. It was largely limited to its roots. Perl adapts. Perl has done as well as it has because it's a powerful and flexible language. Perl looks daunting because of its size, people miss that Perl is best learned like a human language, slowly and over time. Perl, like a human language, has adapted to changing times, picked up good ideas, and generally stayed fluid. When Perl was originally created, the web didn't exist, yet Perl proved to be an exception language for all sorts of web work. Why? Because Perl had lots of powerful primatives upon which was quickly built libraries to support common tasks.
Bezos wanted to built a business that hemorraged mooney and was full of deadweight and ineffeciencies? What an interesting business plan.
They most certainly are not identical. Tivo makes no restrictions on hacking the hardware, ReplayTV does. Also, while Tivo can cancel my service if I actually infringe someone's copyright, with ReplayTV, Sonicblue can cancel my service if I am "alleged to infringe." Tivo's license agreement isn't perfect, but it has limits and yields the customer some reasonable freedom.
So the newspaper is deriving $19.25 of income from advertising per copy sold? Furthermore, the newspaper has expenses on the order of $19.25 to publish each copy? I don't believe it.
My local newspaper had a average daily paid circulation of 108,246 copies in the fall of 2000. I'm kinda curious about what expenses they have that total two million dollars per day. I'm astonished that three quarters of a billion dollars a year flows through our city's newspaper.
$20 newspapers? I don't think so. Without advertising newspapers would certainly rise in price, but not to $20 an issue.
"people who seek sympathy in the dark arts"? What is that supposed to mean? I thought the dark arts generally refered to witchcraft. Given the context, I guess you mean "people who play gory video games and watch horror movies." I don't know any who looks to games like Doom for sympathy or support. ("Gee, something helps console me like fighting off zombies"?) None of them chose their games because of the "quality" of the gore. The people I know who play games like Doom play it because they are generally contented, safe, and happy in their lives. It can be entertaining to safely experience emotions we thankfully don't get in our day to day lives: fear, sadness, revulsion. Experiencing a bit of terror every once in a while helps you appreciate life more when you don't need to experience it.
Obsessing about anything is unhealthy and makes you less. But for a particular game to chose to focus on part of it doesn't mean that there is an obsession. All things in balance. Fear, sadness, and death are part of the human condition, to write them out of our game, music, literature, and film is to turn our culture into bland, useless waste that fails to better us as human beings. For every comedy, we need some tragedy. For every Midsummer Night's Dream, a Hamlet.
You know what cheers me up when everything seems like it is going wrong? I cue up the most depressing music I can find. I wallow in my depression for a bit and then I get over it. Life has a dark side, ignoring it will detach you from reality and your fellow human beings.
That's why I said that the switchover is going to be so hard. It's possible, but we need to automate the entire process (including the verification emails) as much as possible.
Also, this filtering does have exceptions. If you're expecting to get lots of new people emailing you, this sort of filter probably isn't a good idea. It's more of a personal solution. Foruntately, if you can get a significant majority of individuals using such a system, spam will be cut down for everyone since it ceases to be worth the effort.
Furthermore, your customers wouldn't try again yet. Spam isn't bad enough. It will get bad enough. It's not hard to send spam that varies enough from target to target to make it hard to find. Laws here (whereever here is for you) won't stop spam coming from "there". As spammers get more clever, everyone will start getting more spam than legit email. Your customers will expect to deal with such autoresponders because they'll be running one themselves.
I don't like this solution. However it's clear to me that legal solutions can't work (the internet is global), and other technological solutions can be and are worked around. (Address filtering was foiled a long time ago with random email addresses. Blacklisting IPs filters out legitimate email in addition to bad email. Keyword and pattern detection is always playing catchup with the latest fads. I fully expect next generation spammers to randomly assemble "custom" messages per target (reordering sentences and paragraphs) to defeat various pattern and quantity detectorys.) Whitelists are the only sure thing. (And since spammers can randomly attack to find addresses in whitelists, senders will need to cryptographically sign things that your whitelist can check.) This system will make getting onto whitelists alot easier.
I was a bit hand-wavy. (Ooh, look at me, I'm a futurist!)
The key is to just add a very small cost. The advantage using CPU time as the cost is that it's easy to automate. However you have a good point.
If we don't change anything else, yes, mail from slower machines will take longer to be delivered. A problem that takes my computer a minute might take a lesser machine ten minutes. However, it's not that terrible, you should be adding friends, coworkers and other people you want to get email from to your whitelist, so they'll be paying the penalty only once. In fact, this can be automated as well: anyone who answers the question one can either be added to your whitelist (and if you later decide you change your mind, moved to a blacklist). Or your mail reader could return a ticket to avoid the answer after answering the question once. Again, you could revoke a ticket if you determined someone was harassing you.
The other solution is to skip computers and force human interaction. Each user would generate a simple puzzle that is hard for computers to parse. The sender will get the puzzle back and his email won't go though until he answers it. You would only need one puzzle, the key is that it needs to be hard to parse with a computer. For example "What is 6 times seven? Add one to the result. Subtract three. Repeat the second step with a tenfold larger number."
The solution exists, it's just that the transition to the solution will be painful, so we're desperately trying to avoid it.
The solution is whitelists and "postage".
Put all your friends in a whitelist. Main from them is delivered instantly.
Anyone else who emails you gets an autoreponse, "I don't know you. To ensure that you're a real human being, you'll to need to run the postage program to get the result for the code ABAASDFFEFEF". The program needs to be open source and easily verifyable for security reasons. The program solves some problems that is hard to compute (say 60 seconds), but easy to verify. One example would be a brute for cypher break on a simple cypher. The senders email client can handle this autoreponse automatically, shielding the sender from needing to deal with it (Gee, my computer gets slow for a bit when I email someone new). Spammers, on the other hand, would need to either limit their spamming so they have time to generate valid responses, or would need to invest in expensive hardware to generate the responses fast enough. End result: It's no longer cheap and easy spam.
There are a few other details to make mailing lists feasible, but it's doable.
However, this effort would require everyone to upgrade their mail clients or to use external programs to manage this. Given that extremely slow adaptation of other email security features, I'm not optimistic.[B
And Christianity doesn't? Christianity brought us the Crusades. Hilter attempted the genecide of Jews to purify the German empire from Christianity. "Heathens" around the world, be they asian or native american, have died for failure to convert to Christianity. Assassinations and bombings against doctors and clinics which perform abortions are done by men and women who believe they are doing God's work.
Just because someone claims to represent a religion doesn't mean that they really do. There are extremists prepared to engage in horrific actions in every religion. The label all of Islam as evil is to label a great many good people. It's would be more constructive to focus on labelling those extremists which engage in terrorism and enact opposive governments as evil. Furthermore, people and religions change. The Catholic church recent apologized for their implicit support of the holocaust.
Furthermore, if you exclude Islam from the global debate, you give the extremists more arguments toward extremeism. "See, they refuse to try and reach a peaceful solution with us. Clearly they plan on 'peace' with us by killing us. We must fight back now!" When you stop talking with someone, war
I didn't think that the middle east unrest was the result of insults and name calling. I doubt your average suicide bomber's primary goal is to simply silence open criticism. Sure, they're like to silence criticism, but that's not why they are willing to die. They're fighting over diverse politic issues including the ability to form a sovereign state, freedom from undesired foreign military bases on their land, and fear that they are being marginalized by the world. Perhaps their beliefes on these matters are wrong, but they can't be dismissed.
The moment you decide another group of human beings cannot be reasoned with and you close off dicussions with them, you become the group unwilling to discuss. At that point there can be only war. Be damn sure you're willing to pay that price. Are you prepared to fight in an all out war against Islam? Are you prepared to label the many Muslims in the United States (or whereever you are) "enemy"?
What's the point? There are a certain number of people who want to steal cars. Given the choice between: 1) Criminal steal bait car, gets caught nearly 100% of the time and is off the streets for at least a short time and 2) Criminal steals my car (or my friends car, or my parents car), gets away nearly 100% of the time, and is able to steal another car tomorrow. I'd prefer the bait car, thanks.
Prostitution and drug dealing is arguably different. If the law and the police weren't involved, everyone involved would be willing to allow the action (the sale of sex/drugs) to occur. Car theft is different. As the owner of the car, I never want someone to steal my car. There are no sane arguments for why car theft is good. Catching someone who steals cars is good. These people are predators who know that they are breaking the law and know that they are depriving another human being of their physical property.
Law enforcement is supposed to product the law-abiding. Protect them from what? Criminals. Catching the criminals before they steal from the law-abiding seems like effective, pro-active protection to me.
I for one hope police use bait like this in more cases, I know too many people who have had car windows smashed and car stereos stolen. I know too many people who have had apartments broken into.
You clearly have a superior bus system to mine. When I have two minutes conversations with strangers on buses, I only gain in depth knowledge about massive conspiracies by Major League Baseball to control our minds with satellites.
I think the fact that Kazaa has 65 year old users is the real news here. Clearly file sharing has become mainstream if grandmothers are using it.
My point isn't that secrecy and obscurity are useless, my point is that they need to be supported with additional protection. Secrecy alone is too easy to defeat. Eventually someone has a valid "need to know", and some of those people will be corruptable.
My apologies if I wasn't clear. That particular point wasn't intended to be directly targeted at the "secret routes of regular trucks hauling dangerous / secret / valuable things" example. My point is that secrecy and obscurity are very weak if they are the only defense employed. As a first layer of defense obscurity is a good tool for weeding out many attackers easily. This applies to computers and real life. Changing the banner sendmail emits won't even slow a dedicated attacker, but will reduce attacks from script kiddies.
In the example of hauling valuable goods, if someone were to rely strickly on the secrecy of the route, a dedicated thief could eventually find the truck. Varying the route helps, but only increases the difficulty of finding the truck, it doesn't make it impossible. However, I suspect most of these "plain-jane" trucks are not as plain as you claim, and the shipments are further supported by a system to protect it. Off the top of my head, I can think of a number of low cost things that could be done to protect the trucks: Equip the driver's with cell phones, if anything odd happens, call it in. Equip the trucks with GPS systems that constantly call a central base with their location. Put really good locks on the doors. Add a "panic button" that sets off internal sirens (a standard car alarm would work fine) and contacts the central base. Set up a system where the driver is expected to call in its status regularly. If he misses a call, start following up on the situation.
This is more of a general rant than about the specifics of this case, but since the discussion has veered into general free speech issues, I think it's appropriate.
Thanks to the DMCA and similar restrictions, publishing information on cracking dongles (hardware keys for software) is basically illegal. Concrete details on how to crack a dongle definately is. The people putting up information on cracking dongles usually do so for the sole purpose of encouraging others to use illegal copies of software. Clearly the dominant use of this information is criminal.
So what's the harm in censoring this speech?
Well, several years ago I was asked to investigate adding copy protection to a new software product (now defunct). My initial research focused on "respectable" publications on the subject. I found almost nothing useful. If the information I found was to be believed, dongles were practically impossible to defeat. So I extended my search to cracker sites. Now I found something. I discovered that all dongle technologies have been defeated on a case by case basis. I discovered which dongle technologies were trivial to defeat and which were very hard to defeat. I learned specific, concrete weaknesses and arguments for and against dongles. With this information I was able to provide solid information for my employers to use to make a decision.
Let's say that the information on dongle cracking had been removed from the web. Well, my research would have been mostly fruitless. I would have had to largely rely on the misleading claims of the manufacturers themselves and reviews that didn't make serious attempts to defeat the dongles. However, the crackers would still have access to the information, passed around via instant messaging, password protected ftp, email, and other techniques. Dongles would still be insecure, but I wouldn't be able to make reasoned decisions about them.
The problem with security through obscurity is that once the information is revealed, it's nearly impossible to stop. The Radikal magazine information is already available to anyone who really wants it. No amount of censorship will stop someone who wants to see it from getting it. Anyone who downloaded it before it was taken down still has a copy. They can email it to others, print it out, hand out photocopies, make handwritten copies, or distribute it in any number of ways. As a civilization, we've spent a great deal of time and effort to make it easy to duplicate information. Stopping the flow of information people want is impossible in all but the most limited of cases.
Great, so by relying on everyone involved keeping this a secret, all it takes is for the secret to leak once and these shipments are put in danger. A single person can unravel the whole thing, perhaps under torture, threat, blackmail, bribery, or simple malice. Spies exist.
Keeping the information secret does help. It weeds out many potential criminals. It reduces expenses defending against attacks that can't possibly succeed, but might cost money to stop. But if you're relying on it as your sole defense, you're foolish.