Phones should be locked down as you describe, but obviously anything running software that can be modified is, to some extent, at risk of security breaches.
As for malicious activity, occasionally people do try it. It's a pretty dumb thing to do, though, as the switchboards at various network providers and regulators' offices will light up like Christmas trees within minutes. Lots of people will start looking for you, and you are, after all, broadcasting pretty clearly where they can find you...
Note that GP said "put others at risk". It makes for a world of difference.
Every mobile radio/telephone company in the world has a substantial operations/engineering team in every region where it operates. If you don't think a single rogue device can screw up the entire network across a fairly large area, you've never spent a week in one of those teams' control rooms. I've tracked fleets of operations guys driving around in specially equipped cars all over a big chunk of city, trying to find the one broken unit that was transmitting noise on basically every channel the network is allowed to use, and therefore doing a pretty effective job of blocking network connectivity for everyone else.
And if you think that doesn't put others at risk of more than not calling home before dinner, consider the impact of not being able to make 911/999/112 calls anywhere within a radius of several miles. That includes what happens if you're the emergency services using those same network channels (or private channels close enough to be affected) to communicate during a major incident that you did know about.
It's actually a great credit to the testing and regulation procedures for the entire mobile industry that this doesn't happen very often and most people don't realise how fragile the networks are.
I think we might be talking at cross-purposes, but...
A lot of IT work is indistinguishable from fucking off without monitoring.
Then what is the value of that work? It should be possible to tell whether someone is doing their job properly from the observable results they achieve. If their job has no observable benefits, why didn't you declare them redundant and save their salary already? (Note that "observable" does not mean "visible": invisible things such as keeping outage levels down due to effective maintenance and preemptive action are still observable, because if the employee stopped doing this you would see the negative effects.)
If someone isn't getting the results they should be, then some action by management is necessary. Even then, I don't consider covert surveillance to be justified unless nothing more honest, such as a simple face-to-face discussion with the manager, would be sufficient. Employees are still people, and even in the work place, intrusive monitoring and invasions of privacy should only be used as a last resort when clearly justified.
But it's still usually a bad idea
on
Employee Monitoring
·
· Score: 4, Insightful
When it comes to being employed, though, bosses and managers have always watched their employees to some degree -- that is, of course, the purpose of being the boss.
No, it's not. The purpose of being a boss is to set direction for and co-ordinate those who work under you, so that the individual contributions all advance the overall plans.
There is a certain type of person who does think that being the boss is primarily a power trip/disciplinary role. Such people usually live in middle management in large companies, because they are basically a waste of space. Small companies can't afford to have the dead weight, and large companies won't promote them to a level where they can do any serious damage but usually have too much bureaucracy to effectively detect and fire them.
Trust is a prerequisite for any employment relationship. If you don't trust the people working for you to do what they are supposed to without routine monitoring, then you have bigger problems than whether the monitoring itself is justified. Indeed, one could make a reasonable argument that routine monitoring implies a breakdown in the fundamental trust relationship between employer and employee, which would itself be immediate grounds for a constructive dismissal lawsuit in this country.
I can understand running automated tools to prevent, say, leakage of sensitive data. I can understand running automated tools to scan incoming data for viruses. This sort of thing is, sadly, reasonable for protection and sometimes necessary for legal/regulatory compliance in the modern world. However, it should rarely if ever disrupt an employee going about their business, and no-one else should be directly involved unless a problem is detected.
I can understand general performance monitoring. Recognising staff who do well is valuable. Helping (not attacking) staff who underperform is valuable. Firing staff who underperform and cannot improve is, unfortunately, sometimes necessary. But none of this stuff requires intrusive, minute-by-minute monitoring and recording of the kind we're discussing here.
The only time direct, intrusive monitoring is used should be when there is already a credible level of evidence of serious wrong-doing, and confronting the employee about that wrong-doing directly would prevent proper investigation. And in those circumstances, I tend to ask why the company is letting some next-line-up manager or IT/HR goon do the intrusive work. If it's that serious, the higher-ups should be calling the authorities, or at the very least passing a case file to internal security/legal staff who are required to handle the investigation with suitable discretion and a lot of accountability.
That must be the reason every mainland country in Europe associates "Brittish soccer fans" with the worst kind of hooligans?
Sure, and the French go around with stripey T-shirts and wearing necklaces made of onion, while the Germans live on a diet of beer and 15 different kinds of sausage.
Or maybe decades-old stereotypes that apply to a tiny fraction of the population aren't very helpful.
I agree completely that the law should not give Big Media the choice in the first place. As the other part of my post did point out, changes are likely in this area sooner rather than later as well.
It is also worth remembering that even if there were technically possible techniques for detecting infringing content using deep packet inspection, it would be absurdly expensive for ISPs to implement them.
If you're familiar with high-end network infrastructure products, you'll know that they are not cheap. This kind of DPI would require intercepting every packet and performing tests on it that would not be possible in real time. That would require a huge number of access points and dedicated hardware tools to operate on the scale of an ISP offering typical "up to 8MB/s" broadband to 400,000+ customers today. I'm not sure anyone in the industry currently makes enough hardware to do that, and even if one of the big suppliers could produce the required hardware in that kind of volume, the cost of buying it would make Google wince, never mind a typical UK ISP.
Bottom line: detailed analysis of every packet going over a major ISP's network to match the content against a database of infringing material is not practical, and it is not going to be any time soon. Any scheme that operates in practice is going to be based on some sort of very crude approximation (such as looking for certain filenames in certain specific places, as we've seen before) in the first instance.
I'm cancelling a couple of moderations to post this, but I think it needs to be said.
Making a personal copy for format shifting is illegal [tortuous] in the UK. Ditto for downloading a rip.
A specific format-shifting exemption is definitely on the way. It was recommended by Gowers and has basically been accepted by everyone in government, it just hasn't been put into law yet.
Also, at least one big name music label is on record saying they won't prosecute people for format shifting. They know MP3 players and similar devices are big business, and going after people who buy your music through legit channels with the sole aim of transferring that music to their portable player is just shooting yourself in the foot for no reason.
Yes, I've always quite liked the idea of inviting, say, 200 randomly selected people who would be eligible for jury service to form the Upper House for a couple of years each, maybe alternating so 100 people change over each year. You'd have to deal with compensation issues that don't arise so much with the short timescales in court or you'd risk winding up with only those who would be earning more in the House taking up the positions, but I'm sure some reasonable system could be devised.
As for voting more, I agree that it does not automatically result in more democracy. However, the point of the system I described would be to maintain the likelihood of a decisive majority on the leading House to propose new legislation with a clear direction, but to keep a proportionate system in the checking House so that any bill that actually got through and onto the books would at least not be so offensive to (the representatives of) the majority of the population that they wished to block it. That is considerably more of a check and balance than we have today.
I don't doubt you, but I'm not sure what you're describing is typical, either in terms of the PhD or in terms of the success you've had with books.
It's also worth keeping in mind that while comparing PhD funding to a starting salary gives some frame of reference, it's not terribly realistic by the time your 3+ years are up: I had more than doubled my salary in that time, for example, and having a PhD is unlikely to get you much of an increase on the basic starting salary at most places. Even if you did get paid something close to a starting salary to enjoy yourself for 3 years, you would still be 3 years behind a salary curve that should be increasing significantly for at least 5 or 6 years once you start work, which probably works out at a six figure opportunity cost if you were going to follow a career in something like software development either way.
I guess I'm basically just supporting the original claim by stygianguest that "Most people going to industry won't bother doing a PhD, as it costs 3-5 years and generally doesn't pay off." As various friends have said, you do a PhD because you want to study a subject in detail for personal satisfaction, not because it's going to help your career in most industries (sciences being the notable exception).
Not having a single identifying number is not a bug, it's a feature.
So some people keep saying, but I fail to see why.
I would agree that not having all the personal data in one place provide a useful firewall between government departments and, potentially, other organisations that used the same scheme. There is no need for people in one organisation ever to access potentially sensitive information in another organisation.
But what is the problem with using the same key to identify the records in different databases? Why is it helpful for us to use an NI number, a Unique Taxpayer Reference, various other credentials for accessing DirectGov services on-line, many equivalent details all over again if you access any government services on behalf of a business, etc?
Going beyond government services, why is it helpful for us to use N different bank cards, M different physical tokens and P different pieces of "memorable" information to identify ourselves, when what actually counts is just proving that we are authorised to make a certain transaction on a certain account? You have to provide supporting ID to open any of these accounts anyway under the money laundering prevention rules, so it's not as if you are somhow running multiple lives that protect you from some sort of potential abuse if the system goes wrong.
Our society's current identification systems are ludicrously overcomplicated, to the point where many of them offer little real benefit, yet the cumulative cost both to our economy and in terms of wasted time in our lives is huge. Would it not, being pragmatic, make many people's lives better if we did have a single, centralised, purely-identification system with:
a single physical token (smart card or similar),
a single set of associated memorable information (PINs, passwords, or similar),
a single point of contact in the event of problems or security breaches (cancel and reset everything in one go in the event of a wallet being stolen or similar), and
a reasonably robust way to prove identity in the event of ID theft (perhaps based on some form of web of trust, removing any dependence on other forms of ID completely)?
What, specifically, is the danger in such a scheme? Remember, I'm working on the basis that there are sufficient statutory safeguards against scope creep. I'm also working on the premise that the centralised database contain nothing except an individual's name and contact details, plus the information required to confirm the validity of their physical token and PINs/passwords/whatever, and that the only facility offered by such a service to third parties is to answer the question "Is the person claiming to be X and providing these credentials who they say they are?"
It might be useful for citizens (and, if necessary, visitors) to have a common identity number for all government services. Don't we effectively have that with our National Insurance numbers already, other than only issuing them in the teens rather than at birth? Being identifiable when claiming some entitlement (whether it is a state pension from the government or withdrawing cash from your bank account) is necessary, so we might as well minimise the hassle.
It might be useful to have a single identity card that could be used for many purposes, instead of carrying around lots of different credentials. We've known for some time that the most practically effective security system for everyday identification is to combine a physical token and a simple bit of knowledge, such as a card and a PIN. As long as there is a constitution-level law (i.e., only modifiable by referendum) that says no-one is ever required to produce that card on demand, there is little danger here, and it might be convenient and safer than what we have now.
Unfortunately, the proposals under the ID Card and National Identity Register scheme went way beyond these potentially useful steps and the limited risks associated with them. For example, there was no guarantee proposed to ensure that we would never be required to carry ID just to exercise a lawful right to leave our homes.
Moreover, the authorities weren't just issuing a unique ID and a method of demonstrating it, which is the potentially useful part. They were also collecting additional sensitive information (including the biometrics) in a central database, and they were going to make lots of information more widely available via that central database than it was before. There is a big difference between government departments using a common ID but otherwise keeping their own sensitive information about someone to themselves, and having some big central store that grows arbitrarily and offers "efficiency savings" if more and more data is just put in there by default.
It's not that the ID Card scheme had no merit at all. It's just that it came with a lot of unwelcome baggage, and without sufficient safeguards to prevent abuse, and with a high cost without demonstrating that any real benefits would be worth it. No system like this would ever be perfect, so you're always looking for an acceptable balance, something that works better than whatever alternatives are available. In this case, the balance was far too far toward the danger side.
It's great to see civil liberties given a serious place on the agenda, I agree. However, I think the real proof of the coalition government's credentials will be in how many of the numerous minor abuses and infringements introduced under Labour will also be repealed.
It's easy to grab headlines with ID cards and the like. Only a handful of FUD-buyers ever thought those were a good idea, so it's likely to be popular with the electorate. It's also something that both parties in the coalition had in their manifestos, so it makes a good first move to prove that they can still achieve their goals in a coalition government.
However, will they also fix the problems with the Regulation of Invetigatory Powers Act (the one that says you can go to jail if you don't hand over passwords, even if you don't have such passwords)?
What about the Civil Contingencies Act (Blair's "Enabling Act", where ministers can basically suspend all kinds of freedom based on an arbitrary emergency)?
Will they defend our privacy against infringements by foreign governments, particularly the US?
Will they restrict the use of "anti-terror" powers to the very small group of organisations who might genuinely need to use such powers for their stated purpose? There is nothing done at local government level that requires such intrusive authority, for example, yet numerous local government organisations have powers to spy on people today.
My hope is that the comments made by Nick Clegg a few days ago, about asking the people which laws they wanted gone, were not just a cheap sound-bite. If they really mean that, and they follow through, I suspect this will be the best government we have had in my lifetime.
Important to note that the lib dems were against ID cards on principle - I recall a few years ago the then current leader stating he'd go to jail rather than carry one
For the avoidance of doubt, the then-current leader is still the leader, Nick Clegg, and is also now the Deputy Prime Minister.
The big picture matters when it comes to government and electoral reform. For example, an elected second chamber based on PR, and an elected first chamber using AV rather than FPTP, would still be a big step up for democracy compared to what we have today.
As others have noted, the point of AV is not to achieve proportional representation, it is to negate tactical voting. Right now, anyone who claims to know what effect that would have in the long term is deluding themselves. There is no way to predict what would happen to turnout, what would happen in formerly marginal constituencies, or how smaller or single-issue parties would fare if voting for them as first choice did not mean you couldn't also express a preference between the big parties.
For all the problems of Blair and Brown, I think a lot of the lasting damage done by the Labour administration was caused by a succession of bad Home Secretaries, each more authoritarian, more fear-mongering, and less connected with real life than the last, whose distorted world views could direct affect everyone. Smith followed Straw, Blunkett, Clarke, and Reid, remember.
Not sure about the funding in the rest of Europe, but in the UK anyone moderately competent can get funding to do a PhD, which means that they get a non-taxable stipend for the three years that works out close to after-tax amount of an entry-level graduate salary.
I'm in Cambridge, UK, and though I work in industry I still have plenty of ties to the university. I'm afraid I don't recognise the picture you are painting.
In the current academic year, the basic research council funding for a PhD is £13,290.
Under the current tax system, that is equivalent to a gross salary of just under £16,500.
The average starting salary in IT was probably higher than that a decade ago, and much higher if you're talking about working in London and/or working for a big name company that goes after the academic high-flyers.
I also think various friends who are doing PhDs, several of them in Computer Science, would laugh at your description of "spending three years being paid to have fun". Relatively few of my friends have actually completed their PhDs within the "normal" three-year/ten-term window, and many have found themselves writing up and jumping through the final hoops for several months afterwards, while trying to do a full time job as well; funding doesn't extend just because the research/write-up does!
Large successful free software projects contain the work of HUNDREDS of developers. Relicensing requires consent of everyone in the project. This means there is a real-world dollar cost to to track down developers who have quit the project, moved on, or simply _died_ (in which case the copyright belongs to their estate, which may be a murky issue).
Sure. But the GPLv3 has been around for nearly three years now in its final form, and the thinking behind it was clear well before that. If, as GPL evangelists frequently claim, copyright and patents are horribly broken as an incentive to develop works and we would be better off sharing everything GPLv3-style, then why isn't the world full of new and exciting creations that have been in the GPLv3 era for their entire lifetime and used that licence from the start? There is no shortage of serious work supported either by a traditional copyright model or by the GPLv2 within the same time frame, is there?
So your position would suggest: [...] b) you have already arrived at a strong anti-GPL opinion... and you are warping facts to support it.
I don't have a strong anti-GPL opinion. It's true that I don't believe we are ready to do away with copyright just yet, but I think the GPL has created an interesting culture with considerable potential, and I have no problem at all if some people choose to contribute their code to that culture on those terms whether for philosophical or practical reasons. I don't see that this has to be some sort of either-or battle where only one model can be useful.
I do have a fairly strong anti-GPLv3 opinion, because I think they threw the baby out with the bathwater. I fear that will be harmful to a valuable culture that has already built up around earlier versions of the GPL, and reduce the future benefits by dividing the community.
Last summer CNet reported that 50% of GPL projects hosted by google code were GPLv3. That works out to at least 56,000 projects.
And how many of those are actually stable, shipping, useful software? How many users does that represent, in total?
Finally, if industry is accepting the GPL because it is pragmatic, then that is a good thing. I'm sorry that you can't see beyond the end of your nose to see that v3 addresses pragmatic issues.
I never said it didn't. But if it really goes as far as some in this discussion are suggesting — and not being a lawyer, I'm not sure whether it really does or not, so I'm taking their word for it — then I think it has moved beyond pragmatism into the world of wishful thinking.
I don't really understand what is pragmatic about the kinds of cases I described. Code that is designed to run on specific hardware and requires specialist software or hardware to build/install is probably of most interest to others who also work on that hardware and already have access to the corresponding build/install systems. Those others are probably the most likely to contribute something of value back to the community as well. In trying to make everyone open up everything to everyone else, GPLv3 appears to get in the way of people opening up most of what they do to share with those who would most benefit from it, with the result that no-one can share anything with anyone in these fields under GPLv3.
It's like the FSF presented the industry with an all-or-nothing proposition, and since it had no choice, the industry said "Well, too bad, we'll have nothing then."
Personally, I use filesharing all the time, but I use it to download large open source Linux ISOs. How will Eircom legally differentiate between that content, and the content that some ragamuffin may be downloading illegally, without infringing privacy laws?
Well, since the article talks about searching for people who are sharing (not just downloading) specific works over P2P networks where the copyright is known to be held by the record companies, presumably they are only planning to go after those they've caught in the act.
I'm not a fan of either "three strikes" laws that impose penalties without a proper court hearing or going after people based on an IP address alone, but as the recent round of proposals have gone, this one seems to be about as reasonable as you're going to get in who it claims to be targetting.
In the kinds of situations I described, it is not unusual for the build tools and libraries/APIs dealing with the proprietary hardware to be under NDA as well, either explicitly in their own right or implicitly because by revealing details of them you would be implying protected details about the underlying hardware.
In the GPLv2 days, this wasn't necessarily a problem, as long as you weren't directly linking to non-GPL'd code and you released the source code and build scripts for any parts of your system that were derived from GPL'd material. However, according to the arguments made by several posters in this discussion about GPLv3, it sounds like this is no longer sufficient for compliance (assuming those other arguments are correct and I am not misunderstanding).
And the GPLv3 already fixes it, and anything else that gives out source while not giving you everything you need to build it.
Which may explain the almost complete absence of GPLv3 code in the software world.
In the embedded world, for example, your chances of getting permission to release the specs for any major chip to meet these requirements to the letter are probably zero. Several of the major players in the industry design chips but outsource the manufacture, and the whole ecosystem is so locked down under NDAs that anyone trying to get detailed specs out in public would wish it was only Microsoft's entire legal team suing them. That means GPLv3 software is basically useless in most of the embedded development world.
Much the same probably applies to systems software, so many of those working on OSS operating systems, device drivers, etc. are similarly unable to work with GPLv3 code.
The original GPL was a reasonable idea and made a lot of sense to a lot of people. GPLv3 is RMS and co's attempt to turn that popularity into a vehicle for their minority views on software development, and I guess we can see now how little of the community's support of the GPL was really down to believing in the FSF's political stance, and how much was just pragmatism.
Shareholders in publicly traded companies are irrelevant, because they do not make the day-to-day operational decisions.
Make it a personal liability issue for whichever executives do make those decisions, and you'll see results far faster than any measures based around fearing consequences on the stock market.
I agree except for one detail: just because the business nerds assign monetary values to everything, that does not mean the legal system has to. Throwing a few company directors in jail on criminal charges when their companies flagrantly infringe the privacy of others would probably be a better deterrent than some fine that is, again, just numbers on a spreadsheet that they pass to their legal and accounting people to deal with.
I came here to make exactly that point. On-line privacy is Pandora's box: once opened, you can never put whatever was inside back again.
There is merit in considering whether the status quo is really the way we want to continue. It is possible that our current views on privacy and sharing of personal data are unsustainable in the face of modern technology. It might be true that society needs to grow up and stop pretending everyone is perfect when they apply for a job, or that everyone accused of a crime probably did it just because of the accusation. Perhaps we do need to consider censorship and regulation of parts of the Internet, on a global scale, to protect minors from content they are not ready to experience yet.
However, if you're going to experiment in these areas, the way to do it is slowly and progressively, on a relatively small scale, and with well-informed test subjects who have volunteered in the full knowledge of what they are doing. There are parallels here with, say, researching nuclear power, or experimental tests of novel medical techniques. You don't start by building a power station big enough to destroy half a country if it goes wrong, or injecting your entire population with that new vaccine on the first trial.
Sites like Facebook, on the other hand, prey on the young and naive, and suck in as many people and as much data as they can, as fast as they can. But worse, as we have seen all too often recently, they are quite willing to make promises about privacy to those people one minute, and break them the next. There is no excuse for that sort of behaviour, and it's not some commendable way of "pushing boundaries", it's just abuse and should be penalised accordingly.
One comment I saw recently summed it all up: these are difficult questions, and it is going to take at least a generation to resolve them... not least because one generation has now given up any chance of ever doing so.
Phones should be locked down as you describe, but obviously anything running software that can be modified is, to some extent, at risk of security breaches.
As for malicious activity, occasionally people do try it. It's a pretty dumb thing to do, though, as the switchboards at various network providers and regulators' offices will light up like Christmas trees within minutes. Lots of people will start looking for you, and you are, after all, broadcasting pretty clearly where they can find you...
Note that GP said "put others at risk". It makes for a world of difference.
Every mobile radio/telephone company in the world has a substantial operations/engineering team in every region where it operates. If you don't think a single rogue device can screw up the entire network across a fairly large area, you've never spent a week in one of those teams' control rooms. I've tracked fleets of operations guys driving around in specially equipped cars all over a big chunk of city, trying to find the one broken unit that was transmitting noise on basically every channel the network is allowed to use, and therefore doing a pretty effective job of blocking network connectivity for everyone else.
And if you think that doesn't put others at risk of more than not calling home before dinner, consider the impact of not being able to make 911/999/112 calls anywhere within a radius of several miles. That includes what happens if you're the emergency services using those same network channels (or private channels close enough to be affected) to communicate during a major incident that you did know about.
It's actually a great credit to the testing and regulation procedures for the entire mobile industry that this doesn't happen very often and most people don't realise how fragile the networks are.
I think we might be talking at cross-purposes, but...
A lot of IT work is indistinguishable from fucking off without monitoring.
Then what is the value of that work? It should be possible to tell whether someone is doing their job properly from the observable results they achieve. If their job has no observable benefits, why didn't you declare them redundant and save their salary already? (Note that "observable" does not mean "visible": invisible things such as keeping outage levels down due to effective maintenance and preemptive action are still observable, because if the employee stopped doing this you would see the negative effects.)
If someone isn't getting the results they should be, then some action by management is necessary. Even then, I don't consider covert surveillance to be justified unless nothing more honest, such as a simple face-to-face discussion with the manager, would be sufficient. Employees are still people, and even in the work place, intrusive monitoring and invasions of privacy should only be used as a last resort when clearly justified.
When it comes to being employed, though, bosses and managers have always watched their employees to some degree -- that is, of course, the purpose of being the boss.
No, it's not. The purpose of being a boss is to set direction for and co-ordinate those who work under you, so that the individual contributions all advance the overall plans.
There is a certain type of person who does think that being the boss is primarily a power trip/disciplinary role. Such people usually live in middle management in large companies, because they are basically a waste of space. Small companies can't afford to have the dead weight, and large companies won't promote them to a level where they can do any serious damage but usually have too much bureaucracy to effectively detect and fire them.
Trust is a prerequisite for any employment relationship. If you don't trust the people working for you to do what they are supposed to without routine monitoring, then you have bigger problems than whether the monitoring itself is justified. Indeed, one could make a reasonable argument that routine monitoring implies a breakdown in the fundamental trust relationship between employer and employee, which would itself be immediate grounds for a constructive dismissal lawsuit in this country.
I can understand running automated tools to prevent, say, leakage of sensitive data. I can understand running automated tools to scan incoming data for viruses. This sort of thing is, sadly, reasonable for protection and sometimes necessary for legal/regulatory compliance in the modern world. However, it should rarely if ever disrupt an employee going about their business, and no-one else should be directly involved unless a problem is detected.
I can understand general performance monitoring. Recognising staff who do well is valuable. Helping (not attacking) staff who underperform is valuable. Firing staff who underperform and cannot improve is, unfortunately, sometimes necessary. But none of this stuff requires intrusive, minute-by-minute monitoring and recording of the kind we're discussing here.
The only time direct, intrusive monitoring is used should be when there is already a credible level of evidence of serious wrong-doing, and confronting the employee about that wrong-doing directly would prevent proper investigation. And in those circumstances, I tend to ask why the company is letting some next-line-up manager or IT/HR goon do the intrusive work. If it's that serious, the higher-ups should be calling the authorities, or at the very least passing a case file to internal security/legal staff who are required to handle the investigation with suitable discretion and a lot of accountability.
That must be the reason every mainland country in Europe associates "Brittish soccer fans" with the worst kind of hooligans?
Sure, and the French go around with stripey T-shirts and wearing necklaces made of onion, while the Germans live on a diet of beer and 15 different kinds of sausage.
Or maybe decades-old stereotypes that apply to a tiny fraction of the population aren't very helpful.
I agree completely that the law should not give Big Media the choice in the first place. As the other part of my post did point out, changes are likely in this area sooner rather than later as well.
It is also worth remembering that even if there were technically possible techniques for detecting infringing content using deep packet inspection, it would be absurdly expensive for ISPs to implement them.
If you're familiar with high-end network infrastructure products, you'll know that they are not cheap. This kind of DPI would require intercepting every packet and performing tests on it that would not be possible in real time. That would require a huge number of access points and dedicated hardware tools to operate on the scale of an ISP offering typical "up to 8MB/s" broadband to 400,000+ customers today. I'm not sure anyone in the industry currently makes enough hardware to do that, and even if one of the big suppliers could produce the required hardware in that kind of volume, the cost of buying it would make Google wince, never mind a typical UK ISP.
Bottom line: detailed analysis of every packet going over a major ISP's network to match the content against a database of infringing material is not practical, and it is not going to be any time soon. Any scheme that operates in practice is going to be based on some sort of very crude approximation (such as looking for certain filenames in certain specific places, as we've seen before) in the first instance.
I'm cancelling a couple of moderations to post this, but I think it needs to be said.
Making a personal copy for format shifting is illegal [tortuous] in the UK. Ditto for downloading a rip.
A specific format-shifting exemption is definitely on the way. It was recommended by Gowers and has basically been accepted by everyone in government, it just hasn't been put into law yet.
Also, at least one big name music label is on record saying they won't prosecute people for format shifting. They know MP3 players and similar devices are big business, and going after people who buy your music through legit channels with the sole aim of transferring that music to their portable player is just shooting yourself in the foot for no reason.
Yes, I've always quite liked the idea of inviting, say, 200 randomly selected people who would be eligible for jury service to form the Upper House for a couple of years each, maybe alternating so 100 people change over each year. You'd have to deal with compensation issues that don't arise so much with the short timescales in court or you'd risk winding up with only those who would be earning more in the House taking up the positions, but I'm sure some reasonable system could be devised.
As for voting more, I agree that it does not automatically result in more democracy. However, the point of the system I described would be to maintain the likelihood of a decisive majority on the leading House to propose new legislation with a clear direction, but to keep a proportionate system in the checking House so that any bill that actually got through and onto the books would at least not be so offensive to (the representatives of) the majority of the population that they wished to block it. That is considerably more of a check and balance than we have today.
I don't doubt you, but I'm not sure what you're describing is typical, either in terms of the PhD or in terms of the success you've had with books.
It's also worth keeping in mind that while comparing PhD funding to a starting salary gives some frame of reference, it's not terribly realistic by the time your 3+ years are up: I had more than doubled my salary in that time, for example, and having a PhD is unlikely to get you much of an increase on the basic starting salary at most places. Even if you did get paid something close to a starting salary to enjoy yourself for 3 years, you would still be 3 years behind a salary curve that should be increasing significantly for at least 5 or 6 years once you start work, which probably works out at a six figure opportunity cost if you were going to follow a career in something like software development either way.
I guess I'm basically just supporting the original claim by stygianguest that "Most people going to industry won't bother doing a PhD, as it costs 3-5 years and generally doesn't pay off." As various friends have said, you do a PhD because you want to study a subject in detail for personal satisfaction, not because it's going to help your career in most industries (sciences being the notable exception).
Not having a single identifying number is not a bug, it's a feature.
So some people keep saying, but I fail to see why.
I would agree that not having all the personal data in one place provide a useful firewall between government departments and, potentially, other organisations that used the same scheme. There is no need for people in one organisation ever to access potentially sensitive information in another organisation.
But what is the problem with using the same key to identify the records in different databases? Why is it helpful for us to use an NI number, a Unique Taxpayer Reference, various other credentials for accessing DirectGov services on-line, many equivalent details all over again if you access any government services on behalf of a business, etc?
Going beyond government services, why is it helpful for us to use N different bank cards, M different physical tokens and P different pieces of "memorable" information to identify ourselves, when what actually counts is just proving that we are authorised to make a certain transaction on a certain account? You have to provide supporting ID to open any of these accounts anyway under the money laundering prevention rules, so it's not as if you are somhow running multiple lives that protect you from some sort of potential abuse if the system goes wrong.
Our society's current identification systems are ludicrously overcomplicated, to the point where many of them offer little real benefit, yet the cumulative cost both to our economy and in terms of wasted time in our lives is huge. Would it not, being pragmatic, make many people's lives better if we did have a single, centralised, purely-identification system with:
What, specifically, is the danger in such a scheme? Remember, I'm working on the basis that there are sufficient statutory safeguards against scope creep. I'm also working on the premise that the centralised database contain nothing except an individual's name and contact details, plus the information required to confirm the validity of their physical token and PINs/passwords/whatever, and that the only facility offered by such a service to third parties is to answer the question "Is the person claiming to be X and providing these credentials who they say they are?"
It might be useful for citizens (and, if necessary, visitors) to have a common identity number for all government services. Don't we effectively have that with our National Insurance numbers already, other than only issuing them in the teens rather than at birth? Being identifiable when claiming some entitlement (whether it is a state pension from the government or withdrawing cash from your bank account) is necessary, so we might as well minimise the hassle.
It might be useful to have a single identity card that could be used for many purposes, instead of carrying around lots of different credentials. We've known for some time that the most practically effective security system for everyday identification is to combine a physical token and a simple bit of knowledge, such as a card and a PIN. As long as there is a constitution-level law (i.e., only modifiable by referendum) that says no-one is ever required to produce that card on demand, there is little danger here, and it might be convenient and safer than what we have now.
Unfortunately, the proposals under the ID Card and National Identity Register scheme went way beyond these potentially useful steps and the limited risks associated with them. For example, there was no guarantee proposed to ensure that we would never be required to carry ID just to exercise a lawful right to leave our homes.
Moreover, the authorities weren't just issuing a unique ID and a method of demonstrating it, which is the potentially useful part. They were also collecting additional sensitive information (including the biometrics) in a central database, and they were going to make lots of information more widely available via that central database than it was before. There is a big difference between government departments using a common ID but otherwise keeping their own sensitive information about someone to themselves, and having some big central store that grows arbitrarily and offers "efficiency savings" if more and more data is just put in there by default.
It's not that the ID Card scheme had no merit at all. It's just that it came with a lot of unwelcome baggage, and without sufficient safeguards to prevent abuse, and with a high cost without demonstrating that any real benefits would be worth it. No system like this would ever be perfect, so you're always looking for an acceptable balance, something that works better than whatever alternatives are available. In this case, the balance was far too far toward the danger side.
It's great to see civil liberties given a serious place on the agenda, I agree. However, I think the real proof of the coalition government's credentials will be in how many of the numerous minor abuses and infringements introduced under Labour will also be repealed.
It's easy to grab headlines with ID cards and the like. Only a handful of FUD-buyers ever thought those were a good idea, so it's likely to be popular with the electorate. It's also something that both parties in the coalition had in their manifestos, so it makes a good first move to prove that they can still achieve their goals in a coalition government.
However, will they also fix the problems with the Regulation of Invetigatory Powers Act (the one that says you can go to jail if you don't hand over passwords, even if you don't have such passwords)?
What about the Civil Contingencies Act (Blair's "Enabling Act", where ministers can basically suspend all kinds of freedom based on an arbitrary emergency)?
Will they defend our privacy against infringements by foreign governments, particularly the US?
Will they restrict the use of "anti-terror" powers to the very small group of organisations who might genuinely need to use such powers for their stated purpose? There is nothing done at local government level that requires such intrusive authority, for example, yet numerous local government organisations have powers to spy on people today.
My hope is that the comments made by Nick Clegg a few days ago, about asking the people which laws they wanted gone, were not just a cheap sound-bite. If they really mean that, and they follow through, I suspect this will be the best government we have had in my lifetime.
Important to note that the lib dems were against ID cards on principle - I recall a few years ago the then current leader stating he'd go to jail rather than carry one
For the avoidance of doubt, the then-current leader is still the leader, Nick Clegg, and is also now the Deputy Prime Minister.
The big picture matters when it comes to government and electoral reform. For example, an elected second chamber based on PR, and an elected first chamber using AV rather than FPTP, would still be a big step up for democracy compared to what we have today.
As others have noted, the point of AV is not to achieve proportional representation, it is to negate tactical voting. Right now, anyone who claims to know what effect that would have in the long term is deluding themselves. There is no way to predict what would happen to turnout, what would happen in formerly marginal constituencies, or how smaller or single-issue parties would fare if voting for them as first choice did not mean you couldn't also express a preference between the big parties.
For all the problems of Blair and Brown, I think a lot of the lasting damage done by the Labour administration was caused by a succession of bad Home Secretaries, each more authoritarian, more fear-mongering, and less connected with real life than the last, whose distorted world views could direct affect everyone. Smith followed Straw, Blunkett, Clarke, and Reid, remember.
Not sure about the funding in the rest of Europe, but in the UK anyone moderately competent can get funding to do a PhD, which means that they get a non-taxable stipend for the three years that works out close to after-tax amount of an entry-level graduate salary.
I'm in Cambridge, UK, and though I work in industry I still have plenty of ties to the university. I'm afraid I don't recognise the picture you are painting.
In the current academic year, the basic research council funding for a PhD is £13,290.
Under the current tax system, that is equivalent to a gross salary of just under £16,500.
The average starting salary in IT was probably higher than that a decade ago, and much higher if you're talking about working in London and/or working for a big name company that goes after the academic high-flyers.
I also think various friends who are doing PhDs, several of them in Computer Science, would laugh at your description of "spending three years being paid to have fun". Relatively few of my friends have actually completed their PhDs within the "normal" three-year/ten-term window, and many have found themselves writing up and jumping through the final hoops for several months afterwards, while trying to do a full time job as well; funding doesn't extend just because the research/write-up does!
Large successful free software projects contain the work of HUNDREDS of developers. Relicensing requires consent of everyone in the project. This means there is a real-world dollar cost to to track down developers who have quit the project, moved on, or simply _died_ (in which case the copyright belongs to their estate, which may be a murky issue).
Sure. But the GPLv3 has been around for nearly three years now in its final form, and the thinking behind it was clear well before that. If, as GPL evangelists frequently claim, copyright and patents are horribly broken as an incentive to develop works and we would be better off sharing everything GPLv3-style, then why isn't the world full of new and exciting creations that have been in the GPLv3 era for their entire lifetime and used that licence from the start? There is no shortage of serious work supported either by a traditional copyright model or by the GPLv2 within the same time frame, is there?
So your position would suggest: [...] b) you have already arrived at a strong anti-GPL opinion... and you are warping facts to support it.
I don't have a strong anti-GPL opinion. It's true that I don't believe we are ready to do away with copyright just yet, but I think the GPL has created an interesting culture with considerable potential, and I have no problem at all if some people choose to contribute their code to that culture on those terms whether for philosophical or practical reasons. I don't see that this has to be some sort of either-or battle where only one model can be useful.
I do have a fairly strong anti-GPLv3 opinion, because I think they threw the baby out with the bathwater. I fear that will be harmful to a valuable culture that has already built up around earlier versions of the GPL, and reduce the future benefits by dividing the community.
Last summer CNet reported that 50% of GPL projects hosted by google code were GPLv3. That works out to at least 56,000 projects.
And how many of those are actually stable, shipping, useful software? How many users does that represent, in total?
Finally, if industry is accepting the GPL because it is pragmatic, then that is a good thing. I'm sorry that you can't see beyond the end of your nose to see that v3 addresses pragmatic issues.
I never said it didn't. But if it really goes as far as some in this discussion are suggesting — and not being a lawyer, I'm not sure whether it really does or not, so I'm taking their word for it — then I think it has moved beyond pragmatism into the world of wishful thinking.
I don't really understand what is pragmatic about the kinds of cases I described. Code that is designed to run on specific hardware and requires specialist software or hardware to build/install is probably of most interest to others who also work on that hardware and already have access to the corresponding build/install systems. Those others are probably the most likely to contribute something of value back to the community as well. In trying to make everyone open up everything to everyone else, GPLv3 appears to get in the way of people opening up most of what they do to share with those who would most benefit from it, with the result that no-one can share anything with anyone in these fields under GPLv3.
It's like the FSF presented the industry with an all-or-nothing proposition, and since it had no choice, the industry said "Well, too bad, we'll have nothing then."
Personally, I use filesharing all the time, but I use it to download large open source Linux ISOs. How will Eircom legally differentiate between that content, and the content that some ragamuffin may be downloading illegally, without infringing privacy laws?
Well, since the article talks about searching for people who are sharing (not just downloading) specific works over P2P networks where the copyright is known to be held by the record companies, presumably they are only planning to go after those they've caught in the act.
I'm not a fan of either "three strikes" laws that impose penalties without a proper court hearing or going after people based on an IP address alone, but as the recent round of proposals have gone, this one seems to be about as reasonable as you're going to get in who it claims to be targetting.
In the kinds of situations I described, it is not unusual for the build tools and libraries/APIs dealing with the proprietary hardware to be under NDA as well, either explicitly in their own right or implicitly because by revealing details of them you would be implying protected details about the underlying hardware.
In the GPLv2 days, this wasn't necessarily a problem, as long as you weren't directly linking to non-GPL'd code and you released the source code and build scripts for any parts of your system that were derived from GPL'd material. However, according to the arguments made by several posters in this discussion about GPLv3, it sounds like this is no longer sufficient for compliance (assuming those other arguments are correct and I am not misunderstanding).
And the GPLv3 already fixes it, and anything else that gives out source while not giving you everything you need to build it.
Which may explain the almost complete absence of GPLv3 code in the software world.
In the embedded world, for example, your chances of getting permission to release the specs for any major chip to meet these requirements to the letter are probably zero. Several of the major players in the industry design chips but outsource the manufacture, and the whole ecosystem is so locked down under NDAs that anyone trying to get detailed specs out in public would wish it was only Microsoft's entire legal team suing them. That means GPLv3 software is basically useless in most of the embedded development world.
Much the same probably applies to systems software, so many of those working on OSS operating systems, device drivers, etc. are similarly unable to work with GPLv3 code.
The original GPL was a reasonable idea and made a lot of sense to a lot of people. GPLv3 is RMS and co's attempt to turn that popularity into a vehicle for their minority views on software development, and I guess we can see now how little of the community's support of the GPL was really down to believing in the FSF's political stance, and how much was just pragmatism.
Shareholders in publicly traded companies are irrelevant, because they do not make the day-to-day operational decisions.
Make it a personal liability issue for whichever executives do make those decisions, and you'll see results far faster than any measures based around fearing consequences on the stock market.
I agree except for one detail: just because the business nerds assign monetary values to everything, that does not mean the legal system has to. Throwing a few company directors in jail on criminal charges when their companies flagrantly infringe the privacy of others would probably be a better deterrent than some fine that is, again, just numbers on a spreadsheet that they pass to their legal and accounting people to deal with.
I came here to make exactly that point. On-line privacy is Pandora's box: once opened, you can never put whatever was inside back again.
There is merit in considering whether the status quo is really the way we want to continue. It is possible that our current views on privacy and sharing of personal data are unsustainable in the face of modern technology. It might be true that society needs to grow up and stop pretending everyone is perfect when they apply for a job, or that everyone accused of a crime probably did it just because of the accusation. Perhaps we do need to consider censorship and regulation of parts of the Internet, on a global scale, to protect minors from content they are not ready to experience yet.
However, if you're going to experiment in these areas, the way to do it is slowly and progressively, on a relatively small scale, and with well-informed test subjects who have volunteered in the full knowledge of what they are doing. There are parallels here with, say, researching nuclear power, or experimental tests of novel medical techniques. You don't start by building a power station big enough to destroy half a country if it goes wrong, or injecting your entire population with that new vaccine on the first trial.
Sites like Facebook, on the other hand, prey on the young and naive, and suck in as many people and as much data as they can, as fast as they can. But worse, as we have seen all too often recently, they are quite willing to make promises about privacy to those people one minute, and break them the next. There is no excuse for that sort of behaviour, and it's not some commendable way of "pushing boundaries", it's just abuse and should be penalised accordingly.
One comment I saw recently summed it all up: these are difficult questions, and it is going to take at least a generation to resolve them... not least because one generation has now given up any chance of ever doing so.