Who needs labels anymore anyway? If someone is interested enough in truly making music, they should find a way to do it and make money off it.
Like picking a label that is not evil. Many artists do not enjoy the day-to-day work of finding distribution channels, doing promotion, calling magazines, radio stations, TV stations, etc. Labels CAN provide a valuable service. Nowhere near as valuable as they are making themselves out to be today (with some notable exceptions -- magnatune.com seems to be a decent label, for instance.)
It isn't like labels are really promoting anything worthwhile anyway. They're more like a marketing machine. Miley Cyrus or Cute Cookie Cutter Female Singer #324,234,465 hardly qualify as "artists".
And some truly good artists ALSO are represented by these so-called machines. Stands to argue that those artists produce something worthwhile.
What's needed is iTunes that let's anyone on and you screw all to the record companies by finding a way to record your music w/o them.
You/CAN/ get your music on iTunes. There are even services that do it for you. You can also use some of the alternate download shops or labels that engage in such.
Home recording is hella cheap compared to a couple decades ago
And still, as a rule, hella crappy too. It's great for a jam session, it sucks if you want to do any well-engineered album.
Again, labels/can/ provide valuable services. The trick is to not let them treat you like a piece of property, keep your options open, and never, ever give perpetual exclusive licenses to your work to anybody.
I'm not arguing that Mozilla is going wrong at all. They should be noting and warning about self-signed certs. I was commenting on what you seemed to give as advice on how to proceed. I'll give you a.), but remain attached to c.). You are not required to understand everything you do. This may be a bit of a user interface issue (the message could give some more advice on how to proceed in that case, for instance), but you do not need to understand the nature of self-signed certs -- you merely need to understand that the vendor of the browser you are using suggests that it may be bad. It is up to you what to do with that information.
As for my analogies, I am SURE I can find some that are even farther off the mark. Don't tempt me. You seem to have misunderstood my argument, so they may have indeed been either too subtle or too blunt:> The general pattern was quite simply "If you can't understand what is, then you should not be using." driven to the extreme, and assuming you may have heard of but have no idea what it is other than that has some loose association with .
That's a pretty bad point. Are you suggesting that if you can't understand what a certificate is, you shouldn't be using SSL ? If you can't understand what HTTP is, you shouldn't browse the web ? If you can't understand what BGP is, you shouldn't be using HTTP ?
If you can't understand what a self-signed certificate ist, you should only be accepting them once you either a.) learned how to understand it or b.) somebody you trust tells you to or c.) you do not implicitly care about the implications since you are not going to be transmitting private data, anyway.
I originally meant to post this as a comment to the blog post, but apparently the author does not care about testing their commenting feature. This alone should already tell you stories about how much thought he puts into this stuff.
-+- Why in the world are you singling out Mozilla in this ? Every browser has this policy.
Every browser has avenues to add new root certs, too (I can just create my own CA, offer the certificate file on the web, and let users install that; all future communication with a site that has a certificate signed by that CA will not be bothered with these error messages). This may not be 100% convenient, you are correct. But it's not as if it was hard to do if you want to give your users the option of using encrypted sessions.
Oh, and there IS a way to get your shiny new non-profit CA into the main Firefox builds. All you need to do is comply with their procedures and requirements -- which include policies on how you verify the identity of the certificates you sign, how revocations work, etc., and requiring specific minimum requirements in these. If you think you can run a proper CA for free for everybody with proper identity checking and day-to-day operations, do it and get it added !
The default position Mozilla takes is quite simply that the CA should verify the identity of the entity the certificate is being issued to. You may not think that it is important for this to be such a prominent user interface feature, but many people do. Every user can add an exception for your site, you can add a CA of your own, you can get certified by a nonprofit CA (good luck finding one; I agree that most of them are scumbag operations that try to extract as much money from you as possible, but I have yet to see a proposal which both ensures identity checking and revocation management while being completely free... Maybe you'll find a way).
This has nothing to do with network neutrality. Nothing at all. A more proper comparison would be comparing this situation with that of 2nd-level domain names. You can't get a.com domain for free, either. Nor a.net or.org or most of the country TLDs. You can open up your own Registrar (but will still have to pay dues for domains registered), just as you can open up your own CA. It'll be a rocky road, and it'll not be free -- least of all in work required.
My sites work just fine with SSL certs signed by my very own CA. Firefox displays them just fine (either by adding the root cert of my CA to it, or by simply adding an exception). All other browsers work fine, too. If you have visitors or customers that require validation of your certificate by a third party, you are SOL. But then again, you also would be were the warning worded differently (and there SHOULD be a warning for a certificate that is not signed by a trusted CA or one which you explicitly told the browser to trust. No matter what. Self-signed certs are alright for encryption, sure, but I want my browser to have a default setting of warning me when something is happening that very well could be an attack; especially when I have taken care to add a specific trusted CA (say, the one by my university). -+-
...you'd see a metric shit-ton of comments pointing out that -eeeeeeeeeeverybody- can take pictures of, and store into database the information relevant to, your license plates...
There is a SLIGHT difference between Google and the police in that Google is a private company that does not have the right to shoot you, subdue you, imprison you, or make your life hell when they so deem fit. Google does not have the authority of the state.
how your car is out in public and you have no expectation of privacy there.. blablabla. No.. if Google did this, it'd be all good*.
No, it wouldn't be. And you are bending your argument just a LITTLE in your favour here. You are alluding to StreetView of course, which, for a time, had some license plates readable. Mind you, these were not actually made searchable nor OCRed upon nor is there time data available nor is data on it checked against other databases. This is quite a lot different from what these little softballs are doing, and YOU know it.
Heck, if an insurance company gave everybody who cooperated with their employees tracking their license plates in exchange for a 5% discount (that is.. raise the rates for everybody else), the vast majority would go for it.
Just as the vast majority of people will happily accept all of their buying habits etc. being tracked in exchange for "points", "rebates", etc. Of course the difference is that this is voluntary. You can choose not to participate.
( * okay, granted, there were actually a few people who felt Google was in the wrong with that private road thing (pending court decision, was it?).. but then the sheer number of comments saying that they should have made it gated if they didn't want anybody trespassing.. errrrr. )
Oh, you are looking at the sheer number of, pardon my cussing, dumb fuckwads who do not think twice about what they are saying ? Welcome to anonymous internet discussion. Trolls are a-that-a-way.
"They [...] cost $25K". So two of those could employ an additional actual flesh and blood cop. Or two depending on just how bad their pay is. I'd go for the two additional cops.
Like, for instance, this oft-repeated point. No thought behind it. No, a cop does not just cost his salary (and mind you, this salary is YEARLY -- I have no idea what the lifespan of these devices is, but I do hope they are getting more than a year's worth out of them at that price); you also have to train said cop (that's freaking expensive), equip him (that's freaking expensive !), possibly get a car for him (holy shit that's expensive !), keep training them (again, expensive), pay insurance on them (not that expensive, but still significant), provide infrastructure for them within the organization (expensive !), etc.
So no, one or two of these does not get you another flesh and blood cop. 6 or 7 might, but just for a year or so.
If that means they catch more people who break the law* and that ends up in a net positive exceeding the 25k (presumably a one-time purchase, but who am I kidding) by a healthy margin, maybe they could also afford an additional copper or two. If nothing else, they might not have to send rookies out to collect on some fine and put those rookies to work patrolling the streets instead, and seasoned cops don't have to waste time in their patrols doing 'quick' checks on plates in the area that seem out of place.
You know when something went wrong when law enforcement becomes something about profit margins. This is a very, very dangerous road to take. When a cop doesn't just have to weigh the situation, but also next year's budget for donuts (sorry cops, that one was just too easy;), they might be more inclined to fine you for a trumped-up, non-provable charge. Or fine you more for a lesser infraction. O
I don't see a problem with the current use of these camera systems, assuming it is implemented reasonably. By "reasonably", I mean something like the following: Each camera is connected to a database of the plates of known "offenders", such as stolen cars, fugitives, or more trivial things like cars with lapsed registration, insurance, or failed emissions tests. It scans all the licence plates it sees and checks them against the database - if there is a match, the police or Motor Vehicle Administration enforcement can take action. Otherwise, the scanned plate is not stored and certainly the time and place at which is was scanned is not stored.
Nice fairy tale. Now tell me, Peter Pan, how do you verify that this data is not stored ? That the database, at a remote location, does not log accesses ? (and be they for statistics or just abuse monitoring) Do you take the officer's word for it ? Does that officer have a degree in computer science, or at the very least training in database administration ? Who told him that the database does not log ?
As long as technology like this is used only for identifying stolen cars, cars with expired registrations, insurance, etc. I'm perfectly fine with it. I like the idea of making sure cars are properly registered, insured, inspected, etc. because I'm the only safe driver out there and everybody else is a terrible driver! Seriously, though, driving is a privilege, and if you want that privilege then you need to make sure your car is safe (inspected) and insured in the event of an accident with another drive.
So you have no qualms with this technology because it has one good use you can think of and they can claim they need it for unsupervised and without any rules about other uses. Since you don't have anything to hide, you are in the clear. Check.
Where I get concerned is if, as the submission mentions, is if the police, feds, etc. decide to start using this to track people randomly.
Once the data exists, it will be abused. Period. The only way for data such as collected license plate locations & times not to be abused is not to collect them. Period. Even if the most well-meaning person enacted the most well-meaning law stipulating the exact conditions under which any collected data may be used and excluding every other use, even then, the data will be abused. Legally. It'll take a while for the data collected to become really valuable to some other scumbag legislator or some other scumbag criminal, or, hell, just some other part of law enforcement. What will happen then is that a new law will be enacted extending the cases where that data may be used. The original well-meaning legislator is never consulted, nor are any concerns from that camp looked at.
Since you already agreed that it was a good idea for this data to be collected, you also accept any and all other abuses of that data, now and in the future.
I recall reading an article about this technology a few years ago and it indicated that license plate data wasn't archived in any way.
Yes, and we ALL know just how verifiable that is, and how much truth there is to it. Scan a license plate. Ask the computer whether there are any outstanding warrants for it. Now, tell me, why would that computer, probably not located in the vehicle mind you, why would that computer not log any accesses ? And if the police department says it doesn't ordinarily log such accesses, why do you have any reason to believe them ? More importantly, do you know that they are the only ones who COULD be logging this data ? The article mentioned the DHS. What is to stop them from tampering with the system ? (This would be fairly trivial to automate on a grand scale and collect in a giant, centralized database. The least you'd get is tons of location information for license plates, as accurate as a police precinct. Juicy data !)
The camera just snaps a picture of the plate, uses image recognition to determine the numbers & letters, then does a quick database search to see if it's stolen, etc. then discards the data if no match is found.
The camera and the on-board unit may discard it, sure. Do you REALLY think that "a quick database search" is not logged ? I have a bridge to sell you.
One issue I recall in the article I read was that it wasn't 100% accurate, so if a potential match was found it would display it for the officer in the car to make the final determination. If the technology still isn't 100% accurate then simply storing results wouldn't be all that useful since you couldn't rely on it.
Of course it will be useful. Have you not watched the news lately ? The "terorist watchlist" has one million names on it, many of which variations of spellings, lots of which generic names, and the majority of which on people that are not terrorists. You can't rely on that list. At all. It is not well maintained, it contains many errors, mistakes, omissions, spiteful entries, no oversight, e
Anyway, I can chime in on one aspect that most slashdotters are probably unaware of. Beer Pong is extremely competitive. When you go to tournaments, it has nothing to do with getting drunk.
You are 100% correct. It has everything to do with getting drunk... FOR MONEY !:-)
Make that shot and win that money. World series is 50k. Smaller local tournaments are 500-6,000 in prize money for 1st.
Face it, in the end it is still about being drunk, but at least you can afford a few rounds for your friends:P
And just to nitpick, you cannot be sure that the DNS checker is actually telling you the truth. The first thing a competent attacker could do is capture the various domains that run the popular checkers and make them appear to return a "everything is OK"-answer.
It's not like it's a disease, bad in anyway, or meaning that one does not enjoy being outside.
It's probably different for everyone - for me it means that I don't like being in crowds and
am more likely to relax being alone or with (a few) close friends.
You know what would be great ? All us introverts should get together some time. No party people allowed. And then we'll have a party.
In other news, I may need medication:P
Just from experience, wouldn't it be a wonderful world with bug-free firmware? Sadly, when I was having lunch with software 'engineers', it was enlightening to listen to them share their latest bug fixes. For stuff I never thought would have a bug. Hubs, switches, routers, oh my...
Great. You found engineers who made mistakes on all manner of electronics ! woohoo !
So it's not possible that even a CD player might be shipped with a defect?
OF COURSE it's possible. But you claim that it is the case in everything BUT the very best players. Which is as laughable as saying that anything but the iPhone works flawlessly as a telephone.
Of course not, and certainly there could never be any combination of data on a Red Book CD that would result in difficulty for the occasional bug... Naw.
Read the books. Really read them. You can do lots of cool stuff with TOCs, subchannel data, etc. But, and listen now, because this is important, the audio data within a track is at no point any more or less hard to decode than at any other point in the track.
Can't be. Now, badly mastered CDs were pretty common at the beginning, like some early DVDs. Most of the complaints were more on the order of program quality, things like noise floor, hearing the brass section re-enter and close the stage door, things you might never hear on analog recordings.
ALL OF WHICH, without fail, ALL OF WHICH, do not concern the decoding engine. At all. In any way. If you CANNOT hear defects such as this (which are not defects, but rather mixing/sound engineering mistakes pressed that way onto the disc), your setup is broken.
And I'm not referring to physical defects. Different problems.
Yes, you noted. Problems which do not concern the decoder. You know what might concern the decoder ? Faulty error detection/correction data, a bad 8-to-14 modulation, etc. -- but these are things that will cause problems on every player, even the very very best. It's the kind of problem you recall discs for.
I'm also not equaing CDs and MDs. I know the difference, and MD have different issues being lossy. Just don't get me started on MD and MP3. My MD player is still head and shoulders better quality than any MP3 I've heard. It just is.
Yeah, yeah, in that case you have never heard any high-bitrate MP3, or you are trusting your well-marketed-to instincts. You know how to test this properly, to see whether your "knowledge" of this fact is actually accurate and not just make-belief ? Test it in a true blind ABX fashion. Anything less than that and your statement is, sorry to say, useless.
But I did refer a little to the differences in CD players - not really elaborating on DACs. I remember when Burr-Brown was the be-all/end-all of DACs, and the whole BBD thing. I got into BBDs for pitch-shifting. A few players were mass-produced with sockets for the DACs, letting the brand choose something different, usually for S/N ratio.
You are correct, we did not at all go into DACs, and there are, admittedly, some differences there. However, to be perfectly frank, the differences between most modern DACs are so miniscule as to be objectively inaudible. Even IF their prices differ by $1000.
And then, after all this, you've got people (http://www.6moons.com/industryfeatures/eac/eac_2.html) who think there is variability in CDs, bringing out jitter, physical mastering issues, and their own software techniques to decode a CD. What, there's more than one way???
No, there isn't, really. That site lists a few interesting things if you do not, at all, think about them. Quite frankly the claims there are laughable if you ever worked with discrete electronics. EAC is an EXCELLENT program (though not at all perfect; i
Again, the claim that CD software is always going to decode the data flawlessly is yet to be proven.
No, it has to be disproven. And in this case, it has to be disproven for the vast majority of models, since apparently only the very best players can properly decode an audio CD, as per the post.
It should, but again some makers would cheat as much as possible on the processor, RAM, whatever to get the unit out the door for a profit.
Read the CD specs some time. RAM is not much of a concern, neither is the processor -- if you want to get ANYTHING out of the signal, AT ALL. You can use a shoddy laser, but that's not just gonna be shoddy on some "hard to decode" sequences of audio, but everywhere. It'll also result in audible skipping. Another thing I have seen is an improperly shock-isolated drive, i.e. one that would starts skipping at even slight vibrations -- like those caused by a drumbeat as rendered by the speakers. But again, that is not decoding logic.
What the hell are you gonna cheat on, on CDs ? Really, what ? Look at the specs, there is not much to cheat on to make it fail on just some "very hard" sequences... There is nothing "really hard" or "really easy", it is the exact same difficulty.
This is MUCH less common nowadays, since the hardware is pretty cheap, and processors are vastly better than back in the late 80s. My first player was a Sony, and it was fine. The next, a Denon, was not my friend, though most of the problems were with the UI.
I'm going to have to look harder for the problem passages I worked with back around 1992. We were discussing it on minidisc.org, but I can't find the emails yet. Another archive I have to get and load.
As I noted, you ARE gonna find problematic passages on Minidiscs. MD is not CD. MD is lossily compressed with a bad, bad codec; though I assume you know that and mean something else.
Yes, I have emails from 1990 and before.
As do I. Also lots of FidoNet stuff.
Don't ask. I have spam samples from then to about 2004, when spam stopped being cool and started being nasty.
That late, eh ?:)
The only DIFFERENCES to observe in CD players are in laser/lense quality, drive/tray durability, and error correction. That last one is interesting on scratched and some burned discs; earlier models, in particular, would play improperly "corrected" samples in their garbled form, which would cause some nasty noise (about the effect you get when you play a CD-ROM in a very old audio CD player); now those samples are just silently skipped. Some firmwares try to interpolate missing samples, but that's not staying true to the original (kinda like MP3Pro sounding "crisper" than MP3 at low bitrates -- and, as it turns out, the original material). If skipping is the problem, however, it's because the CD has faults, not because the decoding logic has a hard time with some sequences of bits and not others.
[quote] Huh? You mean Stargate Atlantis is being broadcast on changing resolutions in midstream? [/quote]
[ ] You understand the difference between quality and resolution
[quot] Sometimes, you see something in HD that is fairly sharp, like a recent movie that is upconverted. [/quote]
If it's a recent movie, it'll probably not be upconverted, but rather scanned at that resolution (or digitally shot in HD). Upconverting does squat for actual picture quality; if you think it does, you can just enable a sharpener filter on your SD content. It'll not get you better quality, but some people get the illusion that it is (just like some people oversaturate their TV sets to no end because it just "looks better").
[quote]Then you get a dark, still scene. The background degenerates into a flat matte. When the characters move, you see a few artifacts and blocking. Woopsie, somebody doesn't have enough TV for this. I've seen the same DVD scene on three TVs, and made note of the scene change. On the 52" Sony LCD Proj set, it blocked a bit, consistently. On the Sharp Aquos 37" LCD, no blocking. On the 13" SDTV, the DVD player fritzed out and blacked for about 5 frames I think. On my.[/quote]
So... Your TV Set is to blame for your crappy DVD player, eh ? Come on, you start off as trying to come off as objective ("The display is to blame !"), then you find a glitch on the SDTV set and suddenly it is to blame because you bought a $20 DVD player ?
[quote]Those terrible artifacts may not be the signal.[/quote]
Blocking. Riiight.
First off, if you take SD-quality input and scale it to a higher resolution, some blocking will happen. How much depends on the quality of the ASIC converting those resolutions. Have you ever used a computer LCD screen that is 1280x1024 and fed it a 800x600 signal ? Yeah. That kind of blocking. Now, if you take that 800x600 signal and let it be rescaled by your graphics hardware with a decent algorithm (which take processing power), it still doesn't look as sharp as 1280x1024 would, but at least there won't be visible blocking -- it'll be a bit smushy though. So what you describe is to be expected if your TV set is not made to convert your chosen resolution with decent quality (and one might argue, any non-HD quality-signal).
If, however, you see MPEG2-Blocking (which is a rather distinct look), then yes, it is the freaking signal. No maybes or buts about it.
[quote]Your set may have a hard time decoding and displaying some uniquely challenging data.[/quote]
It's not so much about the data.
[quote]This is not new - I have a CD of a symphony that has a passage that is rarely decoded cleanly by any player but the very best.[/quote]
Now you are going into "crazy audiophile" territory. If you think your CD player cannot "decode" one passage of a CD but decodes another passage fine, and assuming that you did not scratch the CD to get just this effect (in which case you are hearing the error correction at work -- which does differ, but really, if your CD is scratched too bad you will not be hearing the original signal, ever), you have a very tenuous grasp of what is stored on a CD. There is no inherent difference between a silent passage on a CD and one that is fully dynamic with lots of intstruments. For the sake of simplicity, let's say you feed your set with an optical audio link. The "quality" of the CD player now really does not come into play. They don't just "miss" a few bits.
[quote]Not the mostg expensive, but the best.[/quote]
Next I suppose you'll give a well-founded argument as to what constitutes the "best" cd player.
[quote]And I have another that cannot be played back cleanly by my MiniDisc player/recorder - it has a clearly heard problem with the program material.[/quote]
This is actually possible, seeing as how MD uses ATRAC as a lossily-compressed format. However, unless you have done a blind ABX-study on this, I'll still not believe you; just as I won't believe any utte
Hmm, that's interesting. Well okay, I didn't claim it was "impossible" either.
True:)
Still, even if your cracking scenario comes to pass, the copy protection can't be said to have been "utterly" broken.
I'd argue that it could be, considering the expense it cost to set the system up to be "uncrackable":)
There is a significant delay between release and cracking,
For software like AutoCAD, which easily gets used for years and years, this is insignificant. People don't upgrade AutoCAD because a new version is out, but because they need a new feature. This can happen surprisingly seldomly.
and if the crackers have broken it for black market sales, this means they won't release it onto P2P networks for free.
They might not, but their customers or their customers' employees might and will -- much like commercial movie pirates selling cheaply pressed DVDs of telesync/cam recodordings of current movies in certain asian markets do not release their stuff on P2P, but their customers certainly do.
I imagine most likely not all versions of AutoCAD or other such software have been cracked either, only some of them. So the protection does cut down on a considerable amount of piracy in any case.
And at license costs of several thousand to seveal dozen thousand dollars for a single license and the very, very specialized fields in which you actually need this very, very specialized software, there are actually real losses to be found. However, if you want to find a way, you usually will. If it's cheaper to pay a black market guy the development hours he has to spend cracking a certain version of something than it is to buy is (not the case with virtually all over-the-counter software), shrewd businessmen might consider it.
I think in the case of videogames, publishers only really want a window of a few weeks where they can sell their game without competing against pirates, since those first weeks have a disproportionate amount of sales. So the weaker protections they use aren't totally futile for them either, provided that that delay does happen (which admittedly is not always the case).
s/not always/almost never/... The cracking groups have a copy of the game at about the time the discs leave the pressing plant (which is a decent while before official release date). Either they have a contact at the pressing plant, or somebody in the chain from the pressing plant to the retail outlet. The more "elite" groups will have contacts higher up the chain, the less "elite" groups will likely just get their wares a few days before release when shipments arrive at their stores' local distribution center.
Since almost all copy protections are bought from third parties, you usually have a variation of SafeDisc, SecuRom, Starforce, etc. -- all of which these groups have working cracks for for previous games using them. It's a matter of tweaking it for the new release -- in the worst case (for the publisher), this is an automated process or takes 20 minutes. But even if it's an entirely new protection... The race is on. Their top reverse engineers will work tirelessly, day and night, until it is broken -- just to be able to claim that they were the first to do so. There are some exceptionally bright people working in that field (if you dismiss this out of hand, please just study some of the more elaborate cracks and circumventions, and what was necessary to create them in skill and creativity. For WinZip it's trivial (essentially exchangin a return 1; instead of a return 0;, or if you want a key generator, reverse engineering a simple formula; in the case of the more advanced disc protection systems, you'll not be able to use your regular debugger in any standard configuration until you figure out how the system is thwarting those attem
I suspect it has something to do with the "If it's worth doing, it's worth doing well" kind of thinking. Obviously these people think it's worth doing (they are doing it, and I would say usually without monetary compensation, at least as long as we are not talking about commercial outfits), so they are going to do it well; Commercial developers sometimes have the same ethic, but even nearly always; It's "just a job", and it's "OK as long as it makes money". This isn't the tenor everywhere, but it is often enough.
Sceners seem to not think of ordinary users as their audience, either. Their audience is other sceners (read some NFO files some time, it's enlightening); as such when they screw up showing off their stuff to their peers, they social dynamic is a lot different than if you think of your audience as just a blob of people who buy stuff. Of course, some game companies treat their customers quite differently than others, and some scene groups really couldn't give a rats ass about what other scene groups think. I use "scene" here loosely, anyway.
As for why some commercial developers put the sort of crap on the plate of their users as they often do, I have no idea. They might just not care, or maybe some suit in some key position decided to make the deadline, no matter what. That's what happens when you are answerable to your shareholders, but not your users.
There is no copy protection scheme that has not been utterly broken.
I don't think this is true.
I do:)
Some high-priced software (e.g. CAD toolkits) ship with a USB dongle containing a CPU and part of the executable in encrypted form. In the course of the program's normal execution, some data is sent to the dongle, processed, and sent back. The dongle is designed to self-destruct when cracked open. This scheme is highly resistant to cracks, provided the part of the executable is well-chosen to not be recreatable, and typical attackers cannot obtain a large supply of dongles.
It is resistant and resilient, yes. I would not call it impossible, having seen what has been cracked in the past and what a decent financial incentive will do for the motivation to crack.
I have seen some of these systems first-hand over the years, always getting more and more intricate. Without fail, they have also gotten more and more burdensome on the regular users of the software. Want that "old" (2 years) dongle supported ? Forget it. Want that parallel port dongle working on your shiny new laptop ? Forget it. Want to exchange a broken one for a new one a month after the "service contract" that was tacked onto the "purchase price" expires ? Tough noogies. Architects and engineers put up with it in large part because there are few or no alternatives that do not do the exact same thing.
Yet, you usually find a cracked version of AutoCAD in certain circles, anyway. In the above scenario, it really just takes ONE cracked dongle to get at the executable code. As for crackers not obtaining a ready supply thereof... Why would that be ? These companies usually outsource to companies dedicated to making those dongles. Those companies, in turn, want to sell their dongles to other companies to secure their products. Naturally, those companies would like some samples, and possibly some development samples. If the stakes are high enough (a $20k software component that you can sell on the black market for $1k-$2k a piece if you crack it properly), why not set up a front company, get some of those samples, and work on those. You don't need to work on a "real" dongle until you have perfected your method, and you can get more than one "real" dongle by getting another one from the originating software company for the legitimately-purchased license (I assume these crackers will have access to a company with a service contract like that). They won't just say "no" when you say you lost your dongle on a trainride.
Not that I'm saying it's necessarily reasonable for consumer videogames to use such an elaborate scheme
It'll come. Right now Blizzard is marketing electronic devices designed to improve the security of their World of Warcraft logins by augmenting the regular username/password tuple with one-time-passwords generated by an electronic device. People are eating it up because they want to protect their accounts. I don't think it'll stay confined to securing online accounts... 3-4 years down the road, you'll see some high-priced games sporting activation smartcards (or something equivalent). I think. It's madness.
It is crackable. The more user-friendly something is, the easier it is to crack.
This type of behavior is wrong on so many levels so I wonder what would be the danger of having ICANN police this type of behavior?
You want to give ICANN a police force ? Are you nuts ?
It seems that ISPs are doing more and more to circumvent "standards" for their own gain.
And on their own networks with their own customers. Don't like it ? Don't buy their service. It is that simple.
Would it be too much to ask ICANN to come up with a set of rules that ALL ISPs must adhere to or risk losing their netblock? I'm not even sure ICANN would do anything but I'm just posing the question.
Yes, it would be too much to ask. ICANN can regulate registries. This has NOTHING to do with registries. This is a DNS resolver on a private network. If it wants to return 127.0.0.1 all day, it damn well better be allowed to. Ever wondered how DNS blacklists work ? Want them blocked too ?
What about the Nintendo Gamecube? It has funny-sized (smaller than CDs) discs, they spin backwards from CDs and DVDs. Hard to read apart from a Gamecube, hard to write. I can't think of a second example copy protection scheme that has been so successful, but I thought the Gamecube was fairly immune to "backup" copies.
There are modchips for the GC. 'nuff said.
More expense is spent on stuff that is on nonstandard media (all those cartdridge-based systems are not copyable to dvd either !), but ultimately it's possible (be it by changing the drive, the firmware, or emulating the cartdridge circuitry.
Speaking of interesting methods : the CPS2 protection was remarkably long-lived as well (though counterfitters had it worked out long before the method became public).
Really all I was saying is try small changes and adapt--that if a small group of people looked at this full-time with the ability to make interface changes, it should be a pretty easy arms race to win.
Thank you, that was funny. It made me laugh.:-)
"easy enough arms race to win" bwahahaha... haha... *breathe*
There are a million little changes you could make. A few would be effective, keep them. A few would not--get rid of them. Experiment a little.
What do you think the ISP's mail departments have been doing for the last 10 years ? Sitting on their asses ?
All of the experimenting should be done at a level that involves minimal changes to the operational path of the mail system.. Mostly monitoring and evaluating.
You just said yourself they should be able to change the interface at will. Probably without even looking at usability (there is usually a pretty darn good reason for why an interface looks the way it does...)
It simply is not that easy. People are looking at their anti-spam, scam, fraud, etc. measures. They are trying things. Some work, some don't. None have proven to scale or work long-term.
As for the examples I provided, some were ridiculous some were better... none were good, just saying that stuff can be done--I'm just one guy in 5 minutes.
Yes, you are just one guy in 5 minutes. Do you honestly, seriously think that nobody else came up with the same ideas ?
The trick would be to put a small team on it full-time and come up with better ideas. As spammers come up with counters (such as some of the ones you pointed out), Google adapts, each time possibly gathering more info about the spammers and bot-nets.
Fool's errand.
First of all, I'm pretty sure they DO have a team looking at it full-time. They are coming up with ideas. Many of them decent, but the entirety of which does not prevent abuse completely. Info about spammers is easy to gather -- there are countless databases. Bot-net-info ? What kind ? What IPs they have ? Changes daily, numbers in the millions. What software they use ? Can't tell that from a SMTP or HTTP session. Also, even spammers can code. They change their systems. Bot-nets are surprisingly resilient these days. It's not at all easy to shut one down when done properly...
As you pointed out, they aren't stupid and probably already are doing a lot of stuff like this, so when you put it that way you're right--my point is kind of pointless...
:-)
I would love to see an idea that effectively prevents spam, or even cuts it in half, without false positives, and one which scales to hundreds of millions of users. It just isn't that easy.
It is a real shame that Game DRM hasn't gotten the same bad publicity and force for change movement against it that music has.
It has, gamers just care even less. Go to any bigger LAN party and ask about it. They are ok with it. They just want to play. They'd sell their own grandmother for it.
mp3's have, despite the music companies best efforts, proven to be what buyers want - not "you can only listen to this track on 2 machines" DRM files. That has been enforced by media coverage and scrutiny - pointing out and badgering the music labels that people don't want DRM junk.
Thing is, every "copy-protected" game out there has a corresponding crack and scene release. Every. Single. One. In the last 25 years. Every. Single. One. With no quality degradation, usually quite the opposite. Buyers use these as a matter of course. It's broken, of course, but you can still get your fix.
This unfortunately hasn't happened with PC games - I guess they are less "mainstream" as far as media coverage is concerned.
Just look at consoles. There is no good reason I should not use a backup-copy of my Xbox or Playstation games -- especially when kids are playing with them. Have you ever seen a kids-owned Playstation-collection ? Most of the discs will have so many scratches that data errors occur, some of them unfixable. An easy fix would be to use a backup copy to play and keep the original safe. Of course you can't do that since that would make you an evil pirate who costs them money (you having bought the game, that is).
Hell, modded Playstations/XBoxes are the BEST thing you can do if you have kids. Really.
Games not only have the usual "key & cd/dvd in the drive" requirements,
CD in drive is already a huge hassle. Keys I can understand for, say, online play. But even then they better not have problems like 0 vs O, l vs. 1, _ vs. -, etc. (and you just know that if you google for " serial" your first hit gets you a working key anyway)
but I have encountered a number, which I paid hard money for, that refuse to install if I have CloneCD installed
Yeah, you evil pirate. Never ever make a backup, you evil pirate. Give us more of your money though.
- others that refuse to install if I have Daemon Tools installed - both programs that I legitimately use (and not for games, just to avoid having to take tens of cd's around with me).
Yeah, they are EXTRAORDINARILY useful for all kinds of things not related to games, and even for things related to games. I have had a CD image of Diablo II for ages, just to avoid having to put that disc in the drive every time I wanted to play (they recently removed the CD check. After 10 years.)
I bought HL2
Poor sucker.
- but haven't been able to play it for a couple years as I am behind a tight firewall and so can't register it. Consequently I haven't bought Ep2 or 3.
I have not bought HL2. I was excited about the game, and was ready to plunk down the cash for it. I would have been a customer coming back for more in ep 2 an ep 3. And then I saw steam in action. Regardless to say, I have not bought Half Life 2. I have not bought all that comes with it, Portal, TF2, CS, etc. I have not bought any "Steam"-powered games. I will never do so, even if I really, really, really like the game. I'd rather pirate it than buy it -- but even that I have not done. Valve can go die in a corner for all I care, they're done.
(I have no beef with checking CD keys when playing online; I do have a beef with "activating" a single player game, with forced updates, with a system you CANNOT cache (try setting up a 2000 people LAN party with, say, 10mbit/s of bandwidth. Try doing this around release time of HL2. Now try setting up a cache server for steam so that not every single one of your guests is gonna go
There wouldn't be any need for anti-piracy schemes if people were trustworthy and didn't steal software.
You crack me up. No, really, you do.
Do you know who gets hit by those anti-piracy "measures" ? Not the pirates, that much I can promise you. It's the regular customers who have to deal with this, I'm sorry to say, shit. Pirates get a pre-cracked bug-fixed ISO downloads that just work. They also get game updates working sooner than those sorry fools who bought the game at an online download store (the legitimate kind, that is).
This anti-piracy bullshit does absolutely nothing to prevent, you know, piracy. It is not necessary.
People use pirated software -> companies lose money
BS argument #1. Let me bring a BS argument of my own ! People share software -> other people like it and buy that software, having had the opportunity to test it -> company makes more money than it is allegedly "losing". This argument is just about as full of holes as yours is.
-> companies invest in trying to avoid illegitimate usage of their software
By being good corporate citizens, offering excellent support for their legitimate customers, offering a better experience than "pirates" ever could and focusing on their legitimate customers instead of wasting countless development and testing hours on stuff that provably does not work and only annoys regular customers ?
-> copy-protection schemes are put in place
And usually cracked a few days BEFORE the game hits store shelves. Excellent.
-> problems with copy-protection schemes arise
PREDICTABLE problems. KNOWN problems. You don't think the QA department knows about these problems ? CARES ?
-> people who don't give a shit about the fact that the software was a result of an investment in both equipment, marketing and man hours still keep finding ways to pirate the software.
Why do you care about these people ? They are not gonna buy your software anyway. They might if they get a better experience for a reasonable price, they might not. In the meantime you are losing gazillions of customers to DRM issues, fixes for direct2drive issues that only exist because nobody bothered to check that the protection doesn't blow up on those releases, etc. -- good going.
People are gonna copy your stuff. You cannot make them not do it. This is a known fact, a fact that has been known for over 20 years. There is no copy protection scheme that has not been utterly broken.
So everyone uses cracks to go around copy protection schemes when they're not supposed to,
And scratching their heads asking "why did I pay for this shit, again ?" And making a mental note not to buy it the next time. Or, if they really want to play it and really don't want to deal with this... shit... Pirate it straight away. At least you know the scene guys have quality control -- when their releases don't work, they get nuked. That is a very sad state of affairs. Pragmatically, you are better off using a pirated version.
and then when that company uses that crack to fix a problem, everyone is outraged.
Not so much that they are using the crack, moreso that they are banning people who previously talked about that same crack, should not actually be NEEDING that crack if they had ANY developers left (you see, disabling this "copy protection" is as easy as, you know, not applying the copy protection installer to the executable you get out of the compiler), etc.
So it's OK if you steal from a company,
Who said that ?
but it's NOT OK if a company uses, to fix their own product and provide the support everyone cries for,
Slashdot Mirror
Who needs labels anymore anyway? If someone is interested enough in truly making music, they should find a way to do it and make money off it.
Like picking a label that is not evil. Many artists do not enjoy the day-to-day work of finding distribution channels, doing promotion, calling magazines, radio stations, TV stations, etc. Labels CAN provide a valuable service. Nowhere near as valuable as they are making themselves out to be today (with some notable exceptions -- magnatune.com seems to be a decent label, for instance.)
It isn't like labels are really promoting anything worthwhile anyway. They're more like a marketing machine. Miley Cyrus or Cute Cookie Cutter Female Singer #324,234,465 hardly qualify as "artists".
And some truly good artists ALSO are represented by these so-called machines. Stands to argue that those artists produce something worthwhile.
What's needed is iTunes that let's anyone on and you screw all to the record companies by finding a way to record your music w/o them.
You /CAN/ get your music on iTunes. There are even services that do it for you. You can also use some of the alternate download shops or labels that engage in such.
Home recording is hella cheap compared to a couple decades ago
And still, as a rule, hella crappy too. It's great for a jam session, it sucks if you want to do any well-engineered album.
Again, labels /can/ provide valuable services. The trick is to not let them treat you like a piece of property, keep your options open, and never, ever give perpetual exclusive licenses to your work to anybody.
Naturally, Slashdot stripped out my tag symbols ... bah. Insert UNDERLYING TECH and DEPENDANT TECH where appropriate.
I'm not arguing that Mozilla is going wrong at all. They should be noting and warning about self-signed certs. I was commenting on what you seemed to give as advice on how to proceed. I'll give you a.), but remain attached to c.). You are not required to understand everything you do. This may be a bit of a user interface issue (the message could give some more advice on how to proceed in that case, for instance), but you do not need to understand the nature of self-signed certs -- you merely need to understand that the vendor of the browser you are using suggests that it may be bad. It is up to you what to do with that information.
As for my analogies, I am SURE I can find some that are even farther off the mark. Don't tempt me. You seem to have misunderstood my argument, so they may have indeed been either too subtle or too blunt :> The general pattern was quite simply "If you can't understand what is, then you should not be using ." driven to the extreme, and assuming you may have heard of but have no idea what it is other than that has some loose association with .
That's a pretty bad point. Are you suggesting that if you can't understand what a certificate is, you shouldn't be using SSL ? If you can't understand what HTTP is, you shouldn't browse the web ? If you can't understand what BGP is, you shouldn't be using HTTP ?
If you can't understand what a self-signed certificate ist, you should only be accepting them once you either a.) learned how to understand it or b.) somebody you trust tells you to or c.) you do not implicitly care about the implications since you are not going to be transmitting private data, anyway.
I originally meant to post this as a comment to the blog post, but apparently the author does not care about testing their commenting feature. This alone should already tell you stories about how much thought he puts into this stuff.
-+-
Why in the world are you singling out Mozilla in this ? Every browser has this policy.
Every browser has avenues to add new root certs, too (I can just create my own CA, offer the certificate file on the web, and let users install that; all future communication with a site that has a certificate signed by that CA will not be bothered with these error messages). This may not be 100% convenient, you are correct. But it's not as if it was hard to do if you want to give your users the option of using encrypted sessions.
Oh, and there IS a way to get your shiny new non-profit CA into the main Firefox builds. All you need to do is comply with their procedures and requirements -- which include policies on how you verify the identity of the certificates you sign, how revocations work, etc., and requiring specific minimum requirements in these. If you think you can run a proper CA for free for everybody with proper identity checking and day-to-day operations, do it and get it added !
The default position Mozilla takes is quite simply that the CA should verify the identity of the entity the certificate is being issued to. You may not think that it is important for this to be such a prominent user interface feature, but many people do. Every user can add an exception for your site, you can add a CA of your own, you can get certified by a nonprofit CA (good luck finding one; I agree that most of them are scumbag operations that try to extract as much money from you as possible, but I have yet to see a proposal which both ensures identity checking and revocation management while being completely free ... Maybe you'll find a way).
This has nothing to do with network neutrality. Nothing at all. A more proper comparison would be comparing this situation with that of 2nd-level domain names. You can't get a .com domain for free, either. Nor a .net or .org or most of the country TLDs. You can open up your own Registrar (but will still have to pay dues for domains registered), just as you can open up your own CA. It'll be a rocky road, and it'll not be free -- least of all in work required.
My sites work just fine with SSL certs signed by my very own CA. Firefox displays them just fine (either by adding the root cert of my CA to it, or by simply adding an exception). All other browsers work fine, too. If you have visitors or customers that require validation of your certificate by a third party, you are SOL. But then again, you also would be were the warning worded differently (and there SHOULD be a warning for a certificate that is not signed by a trusted CA or one which you explicitly told the browser to trust. No matter what. Self-signed certs are alright for encryption, sure, but I want my browser to have a default setting of warning me when something is happening that very well could be an attack; especially when I have taken care to add a specific trusted CA (say, the one by my university).
-+-
First off, nice rant :)
...you'd see a metric shit-ton of comments pointing out that -eeeeeeeeeeverybody- can take pictures of, and store into database the information relevant to, your license plates...
There is a SLIGHT difference between Google and the police in that Google is a private company that does not have the right to shoot you, subdue you, imprison you, or make your life hell when they so deem fit. Google does not have the authority of the state.
how your car is out in public and you have no expectation of privacy there.. blablabla. No.. if Google did this, it'd be all good*.
No, it wouldn't be. And you are bending your argument just a LITTLE in your favour here. You are alluding to StreetView of course, which, for a time, had some license plates readable. Mind you, these were not actually made searchable nor OCRed upon nor is there time data available nor is data on it checked against other databases. This is quite a lot different from what these little softballs are doing, and YOU know it.
Heck, if an insurance company gave everybody who cooperated with their employees tracking their license plates in exchange for a 5% discount (that is.. raise the rates for everybody else), the vast majority would go for it.
Just as the vast majority of people will happily accept all of their buying habits etc. being tracked in exchange for "points", "rebates", etc.
Of course the difference is that this is voluntary. You can choose not to participate.
( * okay, granted, there were actually a few people who felt Google was in the wrong with that private road thing (pending court decision, was it?).. but then the sheer number of comments saying that they should have made it gated if they didn't want anybody trespassing.. errrrr. )
Oh, you are looking at the sheer number of, pardon my cussing, dumb fuckwads who do not think twice about what they are saying ? Welcome to anonymous internet discussion. Trolls are a-that-a-way.
"They [...] cost $25K". So two of those could employ an additional actual flesh and blood cop. Or two depending on just how bad their pay is. I'd go for the two additional cops.
Like, for instance, this oft-repeated point. No thought behind it. No, a cop does not just cost his salary (and mind you, this salary is YEARLY -- I have no idea what the lifespan of these devices is, but I do hope they are getting more than a year's worth out of them at that price); you also have to train said cop (that's freaking expensive), equip him (that's freaking expensive !), possibly get a car for him (holy shit that's expensive !), keep training them (again, expensive), pay insurance on them (not that expensive, but still significant), provide infrastructure for them within the organization (expensive !), etc.
So no, one or two of these does not get you another flesh and blood cop. 6 or 7 might, but just for a year or so.
If that means they catch more people who break the law* and that ends up in a net positive exceeding the 25k (presumably a one-time purchase, but who am I kidding) by a healthy margin, maybe they could also afford an additional copper or two. If nothing else, they might not have to send rookies out to collect on some fine and put those rookies to work patrolling the streets instead, and seasoned cops don't have to waste time in their patrols doing 'quick' checks on plates in the area that seem out of place.
You know when something went wrong when law enforcement becomes something about profit margins. This is a very, very dangerous road to take. When a cop doesn't just have to weigh the situation, but also next year's budget for donuts (sorry cops, that one was just too easy ;), they might be more inclined to fine you for a trumped-up, non-provable charge. Or fine you more for a lesser infraction. O
I don't see a problem with the current use of these camera systems, assuming it is implemented reasonably. By "reasonably", I mean something like the following: Each camera is connected to a database of the plates of known "offenders", such as stolen cars, fugitives, or more trivial things like cars with lapsed registration, insurance, or failed emissions tests. It scans all the licence plates it sees and checks them against the database - if there is a match, the police or Motor Vehicle Administration enforcement can take action. Otherwise, the scanned plate is not stored and certainly the time and place at which is was scanned is not stored.
Nice fairy tale. Now tell me, Peter Pan, how do you verify that this data is not stored ? That the database, at a remote location, does not log accesses ? (and be they for statistics or just abuse monitoring) Do you take the officer's word for it ? Does that officer have a degree in computer science, or at the very least training in database administration ? Who told him that the database does not log ?
As long as technology like this is used only for identifying stolen cars, cars with expired registrations, insurance, etc. I'm perfectly fine with it. I like the idea of making sure cars are properly registered, insured, inspected, etc. because I'm the only safe driver out there and everybody else is a terrible driver! Seriously, though, driving is a privilege, and if you want that privilege then you need to make sure your car is safe (inspected) and insured in the event of an accident with another drive.
So you have no qualms with this technology because it has one good use you can think of and they can claim they need it for unsupervised and without any rules about other uses. Since you don't have anything to hide, you are in the clear. Check.
Where I get concerned is if, as the submission mentions, is if the police, feds, etc. decide to start using this to track people randomly.
Once the data exists, it will be abused. Period. The only way for data such as collected license plate locations & times not to be abused is not to collect them. Period.
Even if the most well-meaning person enacted the most well-meaning law stipulating the exact conditions under which any collected data may be used and excluding every other use, even then, the data will be abused. Legally. It'll take a while for the data collected to become really valuable to some other scumbag legislator or some other scumbag criminal, or, hell, just some other part of law enforcement. What will happen then is that a new law will be enacted extending the cases where that data may be used. The original well-meaning legislator is never consulted, nor are any concerns from that camp looked at.
Since you already agreed that it was a good idea for this data to be collected, you also accept any and all other abuses of that data, now and in the future.
I recall reading an article about this technology a few years ago and it indicated that license plate data wasn't archived in any way.
Yes, and we ALL know just how verifiable that is, and how much truth there is to it. Scan a license plate. Ask the computer whether there are any outstanding warrants for it. Now, tell me, why would that computer, probably not located in the vehicle mind you, why would that computer not log any accesses ? And if the police department says it doesn't ordinarily log such accesses, why do you have any reason to believe them ? More importantly, do you know that they are the only ones who COULD be logging this data ? The article mentioned the DHS. What is to stop them from tampering with the system ?
(This would be fairly trivial to automate on a grand scale and collect in a giant, centralized database. The least you'd get is tons of location information for license plates, as accurate as a police precinct. Juicy data !)
The camera just snaps a picture of the plate, uses image recognition to determine the numbers & letters, then does a quick database search to see if it's stolen, etc. then discards the data if no match is found.
The camera and the on-board unit may discard it, sure. Do you REALLY think that "a quick database search" is not logged ? I have a bridge to sell you.
One issue I recall in the article I read was that it wasn't 100% accurate, so if a potential match was found it would display it for the officer in the car to make the final determination. If the technology still isn't 100% accurate then simply storing results wouldn't be all that useful since you couldn't rely on it.
Of course it will be useful. Have you not watched the news lately ? The "terorist watchlist" has one million names on it, many of which variations of spellings, lots of which generic names, and the majority of which on people that are not terrorists. You can't rely on that list. At all. It is not well maintained, it contains many errors, mistakes, omissions, spiteful entries, no oversight, e
Anyway, I can chime in on one aspect that most slashdotters are probably unaware of.
Beer Pong is extremely competitive. When you go to tournaments, it has nothing to do with getting drunk.
You are 100% correct. It has everything to do with getting drunk ... FOR MONEY ! :-)
Make that shot and win that money. World series is 50k. Smaller local tournaments are 500-6,000 in prize money for 1st.
Face it, in the end it is still about being drunk, but at least you can afford a few rounds for your friends :P
Incidentally this is a leading cause for rising elephant populations, too. One of those butterfly wingflapping thingies.
And just to nitpick, you cannot be sure that the DNS checker is actually telling you the truth. The first thing a competent attacker could do is capture the various domains that run the popular checkers and make them appear to return a "everything is OK"-answer.
It's not like it's a disease, bad in anyway, or meaning that one does not enjoy being outside. It's probably different for everyone - for me it means that I don't like being in crowds and am more likely to relax being alone or with (a few) close friends.
You know what would be great ? All us introverts should get together some time. No party people allowed. And then we'll have a party. In other news, I may need medication :P
Hi,
What?
I believe I said, what.
Just from experience, wouldn't it be a wonderful world with bug-free firmware? Sadly, when I was having lunch with software 'engineers', it was enlightening to listen to them share their latest bug fixes. For stuff I never thought would have a bug. Hubs, switches, routers, oh my...
Great. You found engineers who made mistakes on all manner of electronics ! woohoo !
So it's not possible that even a CD player might be shipped with a defect?
OF COURSE it's possible. But you claim that it is the case in everything BUT the very best players. Which is as laughable as saying that anything but the iPhone works flawlessly as a telephone.
Of course not, and certainly there could never be any combination of data on a Red Book CD that would result in difficulty for the occasional bug... Naw.
Read the books. Really read them. You can do lots of cool stuff with TOCs, subchannel data, etc. But, and listen now, because this is important, the audio data within a track is at no point any more or less hard to decode than at any other point in the track.
Can't be. Now, badly mastered CDs were pretty common at the beginning, like some early DVDs. Most of the complaints were more on the order of program quality, things like noise floor, hearing the brass section re-enter and close the stage door, things you might never hear on analog recordings.
ALL OF WHICH, without fail, ALL OF WHICH, do not concern the decoding engine. At all. In any way. If you CANNOT hear defects such as this (which are not defects, but rather mixing/sound engineering mistakes pressed that way onto the disc), your setup is broken.
And I'm not referring to physical defects. Different problems.
Yes, you noted. Problems which do not concern the decoder. You know what might concern the decoder ? Faulty error detection/correction data, a bad 8-to-14 modulation, etc. -- but these are things that will cause problems on every player, even the very very best. It's the kind of problem you recall discs for.
I'm also not equaing CDs and MDs. I know the difference, and MD have different issues being lossy. Just don't get me started on MD and MP3. My MD player is still head and shoulders better quality than any MP3 I've heard. It just is.
Yeah, yeah, in that case you have never heard any high-bitrate MP3, or you are trusting your well-marketed-to instincts. You know how to test this properly, to see whether your "knowledge" of this fact is actually accurate and not just make-belief ? Test it in a true blind ABX fashion. Anything less than that and your statement is, sorry to say, useless.
But I did refer a little to the differences in CD players - not really elaborating on DACs. I remember when Burr-Brown was the be-all/end-all of DACs, and the whole BBD thing. I got into BBDs for pitch-shifting. A few players were mass-produced with sockets for the DACs, letting the brand choose something different, usually for S/N ratio.
You are correct, we did not at all go into DACs, and there are, admittedly, some differences there. However, to be perfectly frank, the differences between most modern DACs are so miniscule as to be objectively inaudible. Even IF their prices differ by $1000.
And then, after all this, you've got people (http://www.6moons.com/industryfeatures/eac/eac_2.html) who think there is variability in CDs, bringing out jitter, physical mastering issues, and their own software techniques to decode a CD. What, there's more than one way???
No, there isn't, really. That site lists a few interesting things if you do not, at all, think about them. Quite frankly the claims there are laughable if you ever worked with discrete electronics. EAC is an EXCELLENT program (though not at all perfect; i
Again, the claim that CD software is always going to decode the data flawlessly is yet to be proven.
No, it has to be disproven. And in this case, it has to be disproven for the vast majority of models, since apparently only the very best players can properly decode an audio CD, as per the post.
It should, but again some makers would cheat as much as possible on the processor, RAM, whatever to get the unit out the door for a profit.
Read the CD specs some time. RAM is not much of a concern, neither is the processor -- if you want to get ANYTHING out of the signal, AT ALL. You can use a shoddy laser, but that's not just gonna be shoddy on some "hard to decode" sequences of audio, but everywhere. It'll also result in audible skipping. Another thing I have seen is an improperly shock-isolated drive, i.e. one that would starts skipping at even slight vibrations -- like those caused by a drumbeat as rendered by the speakers. But again, that is not decoding logic.
What the hell are you gonna cheat on, on CDs ? Really, what ? Look at the specs, there is not much to cheat on to make it fail on just some "very hard" sequences ... There is nothing "really hard" or "really easy", it is the exact same difficulty.
This is MUCH less common nowadays, since the hardware is pretty cheap, and processors are vastly better than back in the late 80s. My first player was a Sony, and it was fine. The next, a Denon, was not my friend, though most of the problems were with the UI.
Denon of http://www.amazon.com/Denon-AKDL1-Dedicated-Link-Cable/dp/B000I1X6PM/ fame ? No wonder. Oh, and shoddy UIs say nothing about the decoding logic.
I'm going to have to look harder for the problem passages I worked with back around 1992. We were discussing it on minidisc.org, but I can't find the emails yet. Another archive I have to get and load.
As I noted, you ARE gonna find problematic passages on Minidiscs. MD is not CD. MD is lossily compressed with a bad, bad codec; though I assume you know that and mean something else.
Yes, I have emails from 1990 and before.
As do I. Also lots of FidoNet stuff.
Don't ask. I have spam samples from then to about 2004, when spam stopped being cool and started being nasty.
That late, eh ? :)
The only DIFFERENCES to observe in CD players are in laser/lense quality, drive/tray durability, and error correction. That last one is interesting on scratched and some burned discs; earlier models, in particular, would play improperly "corrected" samples in their garbled form, which would cause some nasty noise (about the effect you get when you play a CD-ROM in a very old audio CD player); now those samples are just silently skipped. Some firmwares try to interpolate missing samples, but that's not staying true to the original (kinda like MP3Pro sounding "crisper" than MP3 at low bitrates -- and, as it turns out, the original material). If skipping is the problem, however, it's because the CD has faults, not because the decoding logic has a hard time with some sequences of bits and not others.
[quote]
Huh? You mean Stargate Atlantis is being broadcast on changing resolutions in midstream?
[/quote]
[ ] You understand the difference between quality and resolution
[quot]
Sometimes, you see something in HD that is fairly sharp, like a recent movie that is upconverted.
[/quote]
If it's a recent movie, it'll probably not be upconverted, but rather scanned at that resolution (or digitally shot in HD). Upconverting does squat for actual picture quality; if you think it does, you can just enable a sharpener filter on your SD content. It'll not get you better quality, but some people get the illusion that it is (just like some people oversaturate their TV sets to no end because it just "looks better").
[quote]Then you get a dark, still scene. The background degenerates into a flat matte. When the characters move, you see a few artifacts and blocking. Woopsie, somebody doesn't have enough TV for this. I've seen the same DVD scene on three TVs, and made note of the scene change. On the 52" Sony LCD Proj set, it blocked a bit, consistently. On the Sharp Aquos 37" LCD, no blocking. On the 13" SDTV, the DVD player fritzed out and blacked for about 5 frames I think. On my.[/quote]
So ... Your TV Set is to blame for your crappy DVD player, eh ? Come on, you start off as trying to come off as objective ("The display is to blame !"), then you find a glitch on the SDTV set and suddenly it is to blame because you bought a $20 DVD player ?
[quote]Those terrible artifacts may not be the signal.[/quote]
Blocking. Riiight.
First off, if you take SD-quality input and scale it to a higher resolution, some blocking will happen. How much depends on the quality of the ASIC converting those resolutions. Have you ever used a computer LCD screen that is 1280x1024 and fed it a 800x600 signal ? Yeah. That kind of blocking. Now, if you take that 800x600 signal and let it be rescaled by your graphics hardware with a decent algorithm (which take processing power), it still doesn't look as sharp as 1280x1024 would, but at least there won't be visible blocking -- it'll be a bit smushy though. So what you describe is to be expected if your TV set is not made to convert your chosen resolution with decent quality (and one might argue, any non-HD quality-signal).
If, however, you see MPEG2-Blocking (which is a rather distinct look), then yes, it is the freaking signal. No maybes or buts about it.
[quote]Your set may have a hard time decoding and displaying some uniquely challenging data.[/quote]
It's not so much about the data.
[quote]This is not new - I have a CD of a symphony that has a passage that is rarely decoded cleanly by any player but the very best.[/quote]
Now you are going into "crazy audiophile" territory. If you think your CD player cannot "decode" one passage of a CD but decodes another passage fine, and assuming that you did not scratch the CD to get just this effect (in which case you are hearing the error correction at work -- which does differ, but really, if your CD is scratched too bad you will not be hearing the original signal, ever), you have a very tenuous grasp of what is stored on a CD. There is no inherent difference between a silent passage on a CD and one that is fully dynamic with lots of intstruments. For the sake of simplicity, let's say you feed your set with an optical audio link. The "quality" of the CD player now really does not come into play. They don't just "miss" a few bits.
[quote]Not the mostg expensive, but the best.[/quote]
Next I suppose you'll give a well-founded argument as to what constitutes the "best" cd player.
[quote]And I have another that cannot be played back cleanly by my MiniDisc player/recorder - it has a clearly heard problem with the program material.[/quote]
This is actually possible, seeing as how MD uses ATRAC as a lossily-compressed format. However, unless you have done a blind ABX-study on this, I'll still not believe you; just as I won't believe any utte
How nice of you to comment on your own website, not in the comment section where we might also read it unhassled.
May your DNS be poisoned.
Hmm, that's interesting. Well okay, I didn't claim it was "impossible" either.
True :)
Still, even if your cracking scenario comes to pass, the copy protection can't be said to have been "utterly" broken.
I'd argue that it could be, considering the expense it cost to set the system up to be "uncrackable" :)
There is a significant delay between release and cracking,
For software like AutoCAD, which easily gets used for years and years, this is insignificant. People don't upgrade AutoCAD because a new version is out, but because they need a new feature. This can happen surprisingly seldomly.
and if the crackers have broken it for black market sales, this means they won't release it onto P2P networks for free.
They might not, but their customers or their customers' employees might and will -- much like commercial movie pirates selling cheaply pressed DVDs of telesync/cam recodordings of current movies in certain asian markets do not release their stuff on P2P, but their customers certainly do.
I imagine most likely not all versions of AutoCAD or other such software have been cracked either, only some of them. So the protection does cut down on a considerable amount of piracy in any case.
And at license costs of several thousand to seveal dozen thousand dollars for a single license and the very, very specialized fields in which you actually need this very, very specialized software, there are actually real losses to be found. However, if you want to find a way, you usually will. If it's cheaper to pay a black market guy the development hours he has to spend cracking a certain version of something than it is to buy is (not the case with virtually all over-the-counter software), shrewd businessmen might consider it.
I think in the case of videogames, publishers only really want a window of a few weeks where they can sell their game without competing against pirates, since those first weeks have a disproportionate amount of sales. So the weaker protections they use aren't totally futile for them either, provided that that delay does happen (which admittedly is not always the case).
s/not always/almost never/ ... The cracking groups have a copy of the game at about the time the discs leave the pressing plant (which is a decent while before official release date). Either they have a contact at the pressing plant, or somebody in the chain from the pressing plant to the retail outlet. The more "elite" groups will have contacts higher up the chain, the less "elite" groups will likely just get their wares a few days before release when shipments arrive at their stores' local distribution center.
Since almost all copy protections are bought from third parties, you usually have a variation of SafeDisc, SecuRom, Starforce, etc. -- all of which these groups have working cracks for for previous games using them. It's a matter of tweaking it for the new release -- in the worst case (for the publisher), this is an automated process or takes 20 minutes. But even if it's an entirely new protection ... The race is on. Their top reverse engineers will work tirelessly, day and night, until it is broken -- just to be able to claim that they were the first to do so. There are some exceptionally bright people working in that field (if you dismiss this out of hand, please just study some of the more elaborate cracks and circumventions, and what was necessary to create them in skill and creativity. For WinZip it's trivial (essentially exchangin a return 1; instead of a return 0;, or if you want a key generator, reverse engineering a simple formula; in the case of the more advanced disc protection systems, you'll not be able to use your regular debugger in any standard configuration until you figure out how the system is thwarting those attem
I suspect it has something to do with the "If it's worth doing, it's worth doing well" kind of thinking. Obviously these people think it's worth doing (they are doing it, and I would say usually without monetary compensation, at least as long as we are not talking about commercial outfits), so they are going to do it well; Commercial developers sometimes have the same ethic, but even nearly always; It's "just a job", and it's "OK as long as it makes money". This isn't the tenor everywhere, but it is often enough.
Sceners seem to not think of ordinary users as their audience, either. Their audience is other sceners (read some NFO files some time, it's enlightening); as such when they screw up showing off their stuff to their peers, they social dynamic is a lot different than if you think of your audience as just a blob of people who buy stuff. Of course, some game companies treat their customers quite differently than others, and some scene groups really couldn't give a rats ass about what other scene groups think. I use "scene" here loosely, anyway.
As for why some commercial developers put the sort of crap on the plate of their users as they often do, I have no idea. They might just not care, or maybe some suit in some key position decided to make the deadline, no matter what. That's what happens when you are answerable to your shareholders, but not your users.
There is no copy protection scheme that has not been utterly broken.
I don't think this is true.
I do :)
Some high-priced software (e.g. CAD toolkits) ship with a USB dongle containing a CPU and part of the executable in encrypted form. In the course of the program's normal execution, some data is sent to the dongle, processed, and sent back. The dongle is designed to self-destruct when cracked open. This scheme is highly resistant to cracks, provided the part of the executable is well-chosen to not be recreatable, and typical attackers cannot obtain a large supply of dongles.
It is resistant and resilient, yes. I would not call it impossible, having seen what has been cracked in the past and what a decent financial incentive will do for the motivation to crack.
I have seen some of these systems first-hand over the years, always getting more and more intricate. Without fail, they have also gotten more and more burdensome on the regular users of the software. Want that "old" (2 years) dongle supported ? Forget it. Want that parallel port dongle working on your shiny new laptop ? Forget it. Want to exchange a broken one for a new one a month after the "service contract" that was tacked onto the "purchase price" expires ? Tough noogies.
Architects and engineers put up with it in large part because there are few or no alternatives that do not do the exact same thing.
Yet, you usually find a cracked version of AutoCAD in certain circles, anyway. In the above scenario, it really just takes ONE cracked dongle to get at the executable code. As for crackers not obtaining a ready supply thereof ... Why would that be ? These companies usually outsource to companies dedicated to making those dongles. Those companies, in turn, want to sell their dongles to other companies to secure their products. Naturally, those companies would like some samples, and possibly some development samples. If the stakes are high enough (a $20k software component that you can sell on the black market for $1k-$2k a piece if you crack it properly), why not set up a front company, get some of those samples, and work on those. You don't need to work on a "real" dongle until you have perfected your method, and you can get more than one "real" dongle by getting another one from the originating software company for the legitimately-purchased license (I assume these crackers will have access to a company with a service contract like that). They won't just say "no" when you say you lost your dongle on a trainride.
Not that I'm saying it's necessarily reasonable for consumer videogames to use such an elaborate scheme
It'll come. Right now Blizzard is marketing electronic devices designed to improve the security of their World of Warcraft logins by augmenting the regular username/password tuple with one-time-passwords generated by an electronic device. People are eating it up because they want to protect their accounts. I don't think it'll stay confined to securing online accounts ... 3-4 years down the road, you'll see some high-priced games sporting activation smartcards (or something equivalent). I think. It's madness.
It is crackable. The more user-friendly something is, the easier it is to crack.
This type of behavior is wrong on so many levels so I wonder what would be the danger of having ICANN police this type of behavior?
You want to give ICANN a police force ? Are you nuts ?
It seems that ISPs are doing more and more to circumvent "standards" for their own gain.
And on their own networks with their own customers. Don't like it ? Don't buy their service. It is that simple.
Would it be too much to ask ICANN to come up with a set of rules that ALL ISPs must adhere to or risk losing their netblock? I'm not even sure ICANN would do anything but I'm just posing the question.
Yes, it would be too much to ask. ICANN can regulate registries. This has NOTHING to do with registries. This is a DNS resolver on a private network. If it wants to return 127.0.0.1 all day, it damn well better be allowed to. Ever wondered how DNS blacklists work ? Want them blocked too ?
What about the Nintendo Gamecube? It has funny-sized (smaller than CDs) discs, they spin backwards from CDs and DVDs. Hard to read apart from a Gamecube, hard to write. I can't think of a second example copy protection scheme that has been so successful, but I thought the Gamecube was fairly immune to "backup" copies.
There are modchips for the GC. 'nuff said.
More expense is spent on stuff that is on nonstandard media (all those cartdridge-based systems are not copyable to dvd either !), but ultimately it's possible (be it by changing the drive, the firmware, or emulating the cartdridge circuitry.
Speaking of interesting methods : the CPS2 protection was remarkably long-lived as well (though counterfitters had it worked out long before the method became public).
There is no copy protection scheme that has not been utterly broken.
Yes there is - make a product so shitty nobody wants to pirate it, let alone buy it. I hear EA is using this scheme these days.
Doesn't work. People are pirating reality show games. 'nuff said.
Really all I was saying is try small changes and adapt--that if a small group of people looked at this full-time with the ability to make interface changes, it should be a pretty easy arms race to win.
Thank you, that was funny. It made me laugh. :-)
"easy enough arms race to win" bwahahaha ... haha ... *breathe*
There are a million little changes you could make. A few would be effective, keep them. A few would not--get rid of them. Experiment a little.
What do you think the ISP's mail departments have been doing for the last 10 years ? Sitting on their asses ?
All of the experimenting should be done at a level that involves minimal changes to the operational path of the mail system.. Mostly monitoring and evaluating.
You just said yourself they should be able to change the interface at will. Probably without even looking at usability (there is usually a pretty darn good reason for why an interface looks the way it does ...)
It simply is not that easy. People are looking at their anti-spam, scam, fraud, etc. measures. They are trying things. Some work, some don't. None have proven to scale or work long-term.
As for the examples I provided, some were ridiculous some were better... none were good, just saying that stuff can be done--I'm just one guy in 5 minutes.
Yes, you are just one guy in 5 minutes. Do you honestly, seriously think that nobody else came up with the same ideas ?
The trick would be to put a small team on it full-time and come up with better ideas. As spammers come up with counters (such as some of the ones you pointed out), Google adapts, each time possibly gathering more info about the spammers and bot-nets.
Fool's errand.
First of all, I'm pretty sure they DO have a team looking at it full-time. They are coming up with ideas. Many of them decent, but the entirety of which does not prevent abuse completely. Info about spammers is easy to gather -- there are countless databases. Bot-net-info ? What kind ? What IPs they have ? Changes daily, numbers in the millions. What software they use ? Can't tell that from a SMTP or HTTP session. Also, even spammers can code. They change their systems. ...
Bot-nets are surprisingly resilient these days. It's not at all easy to shut one down when done properly
As you pointed out, they aren't stupid and probably already are doing a lot of stuff like this, so when you put it that way you're right--my point is kind of pointless...
:-)
I would love to see an idea that effectively prevents spam, or even cuts it in half, without false positives, and one which scales to hundreds of millions of users. It just isn't that easy.
It is a real shame that Game DRM hasn't gotten the same bad publicity and force for change movement against it that music has.
It has, gamers just care even less. Go to any bigger LAN party and ask about it. They are ok with it. They just want to play. They'd sell their own grandmother for it.
mp3's have, despite the music companies best efforts, proven to be what buyers want - not "you can only listen to this track on 2 machines" DRM files. That has been enforced by media coverage and scrutiny - pointing out and badgering the music labels that people don't want DRM junk.
Thing is, every "copy-protected" game out there has a corresponding crack and scene release. Every. Single. One. In the last 25 years. Every. Single. One. With no quality degradation, usually quite the opposite. Buyers use these as a matter of course. It's broken, of course, but you can still get your fix.
This unfortunately hasn't happened with PC games - I guess they are less "mainstream" as far as media coverage is concerned.
Just look at consoles. There is no good reason I should not use a backup-copy of my Xbox or Playstation games -- especially when kids are playing with them. Have you ever seen a kids-owned Playstation-collection ? Most of the discs will have so many scratches that data errors occur, some of them unfixable. An easy fix would be to use a backup copy to play and keep the original safe. Of course you can't do that since that would make you an evil pirate who costs them money (you having bought the game, that is).
Hell, modded Playstations/XBoxes are the BEST thing you can do if you have kids. Really.
Games not only have the usual "key & cd/dvd in the drive" requirements,
CD in drive is already a huge hassle. Keys I can understand for, say, online play. But even then they better not have problems like 0 vs O, l vs. 1, _ vs. -, etc. (and you just know that if you google for " serial" your first hit gets you a working key anyway)
but I have encountered a number, which I paid hard money for, that refuse to install if I have CloneCD installed
Yeah, you evil pirate. Never ever make a backup, you evil pirate. Give us more of your money though.
- others that refuse to install if I have Daemon Tools installed - both programs that I legitimately use (and not for games, just to avoid having to take tens of cd's around with me).
Yeah, they are EXTRAORDINARILY useful for all kinds of things not related to games, and even for things related to games. I have had a CD image of Diablo II for ages, just to avoid having to put that disc in the drive every time I wanted to play (they recently removed the CD check. After 10 years.)
I bought HL2
Poor sucker.
- but haven't been able to play it for a couple years as I am behind a tight firewall and so can't register it. Consequently I haven't bought Ep2 or 3.
I have not bought HL2. I was excited about the game, and was ready to plunk down the cash for it. I would have been a customer coming back for more in ep 2 an ep 3. And then I saw steam in action. Regardless to say, I have not bought Half Life 2. I have not bought all that comes with it, Portal, TF2, CS, etc. I have not bought any "Steam"-powered games. I will never do so, even if I really, really, really like the game. I'd rather pirate it than buy it -- but even that I have not done. Valve can go die in a corner for all I care, they're done.
(I have no beef with checking CD keys when playing online; I do have a beef with "activating" a single player game, with forced updates, with a system you CANNOT cache (try setting up a 2000 people LAN party with, say, 10mbit/s of bandwidth. Try doing this around release time of HL2. Now try setting up a cache server for steam so that not every single one of your guests is gonna go
There wouldn't be any need for anti-piracy schemes if people were trustworthy and didn't steal software.
You crack me up. No, really, you do.
Do you know who gets hit by those anti-piracy "measures" ? Not the pirates, that much I can promise you. It's the regular customers who have to deal with this, I'm sorry to say, shit. Pirates get a pre-cracked bug-fixed ISO downloads that just work. They also get game updates working sooner than those sorry fools who bought the game at an online download store (the legitimate kind, that is).
This anti-piracy bullshit does absolutely nothing to prevent, you know, piracy. It is not necessary.
People use pirated software -> companies lose money
BS argument #1. Let me bring a BS argument of my own ! People share software -> other people like it and buy that software, having had the opportunity to test it -> company makes more money than it is allegedly "losing". This argument is just about as full of holes as yours is.
-> companies invest in trying to avoid illegitimate usage of their software
By being good corporate citizens, offering excellent support for their legitimate customers, offering a better experience than "pirates" ever could and focusing on their legitimate customers instead of wasting countless development and testing hours on stuff that provably does not work and only annoys regular customers ?
-> copy-protection schemes are put in place
And usually cracked a few days BEFORE the game hits store shelves. Excellent.
-> problems with copy-protection schemes arise
PREDICTABLE problems. KNOWN problems. You don't think the QA department knows about these problems ? CARES ?
-> people who don't give a shit about the fact that the software was a result of an investment in both equipment, marketing and man hours still keep finding ways to pirate the software.
Why do you care about these people ? They are not gonna buy your software anyway. They might if they get a better experience for a reasonable price, they might not. In the meantime you are losing gazillions of customers to DRM issues, fixes for direct2drive issues that only exist because nobody bothered to check that the protection doesn't blow up on those releases, etc. -- good going.
People are gonna copy your stuff. You cannot make them not do it. This is a known fact, a fact that has been known for over 20 years. There is no copy protection scheme that has not been utterly broken.
So everyone uses cracks to go around copy protection schemes when they're not supposed to,
And scratching their heads asking "why did I pay for this shit, again ?" And making a mental note not to buy it the next time. Or, if they really want to play it and really don't want to deal with this ... shit ... Pirate it straight away. At least you know the scene guys have quality control -- when their releases don't work, they get nuked.
That is a very sad state of affairs. Pragmatically, you are better off using a pirated version.
and then when that company uses that crack to fix a problem, everyone is outraged.
Not so much that they are using the crack, moreso that they are banning people who previously talked about that same crack, should not actually be NEEDING that crack if they had ANY developers left (you see, disabling this "copy protection" is as easy as, you know, not applying the copy protection installer to the executable you get out of the compiler), etc.
So it's OK if you steal from a company,
Who said that ?
but it's NOT OK if a company uses, to fix their own product and provide the support everyone cries for,
Credit where credit is due, huh ?