That's what I meant -- by putting that suggestion in there, he made himself sound like some warez kiddie. I have no idea who he is or whether that description is in fact accurate, but either way, he seriously undermined the good that this could have done, since it also made it sound like something specifically for other warez kiddies, when in fact it could be very useful for a variety of purposes. If he'd been just a little bit smarter about it, he could have spun this so as to make it an argument for the legitimacy of Napster, but instead, he chose to slap the industries in the face with it, just begging them to turn it into another argument for their side instead.
My other point, though, when I said "...even his saying it does not make it true...", is that despite what he said, this does still open up new legitimate uses for the software, which can be used to strengthen the defense. A program's author is not the final authority on what the program's uses are -- if he were, the MPAA would be forced to agree that DeCSS is not for copying DVDs, simply because Jon Johansen says so. (Yes, I know he's not the actual author, but anyway.)
By the way, you probably used "Extrans" when what you wanted was "Plain Old Text", which is why your italics didn't work. The meanings of those two modes seem to be counter-intuitive to a lot of people -- they are actually the exact opposites of what you might expect.
One would think that that interpretation was obvious, but the article seems to have it completely backwards:
Wrapster joins a growing list of programs allowing the quick, free and wide distribution of illegally copied files. The trend is bad news for record companies, movie studios and software companies that have fought hard to keep their wares from being pirated online.
How hard would it have been for them to say "...of files (incuding illegally copied ones)" instead of "...of illegally copied files"? Care to imagine how many people will get the strange notion that the specific ability to copy files "illegally" is some special feature of the program? (Or, rather, that something like that could possibly be a special feature rather than a side-effect of the way it is used?) By saying something so misleading, they seem to be encouraging people to buy the industries' claims that things like this (not just [N|Wr]apster, but MP3, DeCSS, and, heck, why not mention FTP) are inherently "pirate" or "hacker" tools.
They have extended the "piracy" stigma to cover all of the program's functions, choosing to see this as a bolder move to make the thing even more "dangerous", rather than a retroactive hedge to create new perfectly legitimate uses that can be used to justify its existence as a legitimate tool.
Of course, it doesn't help that
Its author, identified as "Octavian" in the program's "about" file, suggests using the software as a means for trading programs such as Windows 2000. Octavian could not be reached for comment.
That strikes me as kind of dumb, undermining the legitimizing effect of Wrapster, or maybe he really does intend it as a new-and-improved "piracy" tool, but even his saying it does not make it true or change the fact that the "it's a legitimate file-sharing tool" defense has gained some credibility.
I am currently re-reading Cryptonomicon, and I recently came across the bit (about a third of the way through) where Randy and Eb discuss something like this, and I've been thinking about it some more. How does this sound:
In addition to encrypting your real messages, you have your systems set up to send fake messages consisting of random garbage to each other at random intervals. Hence, no monitoring of server logs, or even physical sniffing of transmissions, can prove that a message was ever sent.
That was Eb's idea, but they didn't go further into it. Here's my addition: The problem is that they can still require you to surrender your keys, and when you do, they can see which messages decrypt to meaningful text and which are garbage. However, suppose each person actually has two keys, called, say, the major key and minor key. The minor key is the one that you use publicly, and everything about the major key, including its very existence, is kept secret.
You send messages back and forth using the minor keys when the content is not particularly important (important enough to encrypt normally, but not damaging should it come out in discovery), and use the major key for the things that you really don't want to have discovered. When sub-poenaed to surrender your messages, you surrender your minor key, and explain that, to protect against information leakage, you have been chaffing your communications with garbage and that decrypting all the messages with this key will reveal which ones were real and which were chaff.
What they don't know, and couldn't prove even if they suspected it, is that the set of messages that decrypt to gibberish are further subdivided into the actual garbage and the important messages that were encrypted with the major key. The main point is that you have a plausible explanation for the existence of observed transmissions that cannot be decrypted, so they have no real choice but to believe you when you deny the existence of any other messages.
With all that talk about Arkanoid toward the end there, I have to ask: has anyone else seen a 3D version? I got a crippled (limited to first four levels) version of a Mac game called (I think) "Diamonds 3D" in the shareware bundle that came on a hard drive I bought a while ago. It's basically an expansion of the Arkanoid concept to three dimensions, and it's good enough that I'll probably buy the full version if I ever get around to it.
The three-dimensionalization is done in basically the same way as the various 3D Tetrises that I've seen (3Tris, Block-Out, etc.): you are looking straight down (or forward, or up, if you prefer, but "Remember, the enemy gate is always down.") into a rectangular space, with bricks in various formations that you need to break by hitting them with the ball. At the top is your (conveniently transparent) paddle, which tracks your mouse. You drop the ball down, it bounces around, hits bricks, and comes back up at you, and you need to hit it. The ball's speed and angle are controlled by how fast the paddle is moving when you hit it, and if you were moving too fast, it becomes a blur that you have no hope of catching the next time. When you miss it, it escapes with a sort of neat broken-glass effect, apparently meant to indicate that it shot through your screen. There are various special things, e.g, special diamond bricks that can only be broken after all the normal ones are gone, and different color bricks that can only be broken after you've hit a switch to turn your ball the same color.
By the way, wasn't it a bit weird to describe Arkanoid (as if anyone worthy of reading Slashdot, let alone listening to GiS, would not remember it) with "It's like 'Breakout'."? I remember Breakout as one of the audio-tape-loaded games on the 16K Commodore Pet that used those weird PETSCII graphics and had no physics whatsoever, so the ball would only move at 45-degree angles and could only hit odd- or even-numbered bricks on the respective parity lives. It just seems that that is a bit more obscure than Arkanoid, and therefore doesn't help much as an explanation. Or is "Breakout" also the name of some more recent and/or popular game that I should know of?
Make that, "Since this is POT, [it has all those styles that you demonstrated]"
A lot of people don't seem to get this, but think about how this works: the Slashdot server code doesn't somehow "make" the text display in those styles; it just sends text to your browser, which is the one that displays it. The entire page is one big HTML document and the text of your comment is pasted into the body of that document. If it contains tags, the browser responds to them and displays the text as appropriate.
The "Plain Old Text" mode means that Slashdot does not do any preprocessing (e.g., escaping "<" characters by replacing them with "<" sequences) to the text that you enter before pasting it into the HTML document, so any tags that you type appear directly in the page that the browser receives. The one exception is that it inserts <BR> tags between paragraphs, so you don't have to. Otherwise, what you type is exactly the text that appears in the corresponding part of the HTML page, tags and all, which means that the browser will use those tags as formatting information in displaying the page.
If you use the "Extrans" mode, those special characters are replaced by escape sequences, so any tags you type appear as source rather than being interpreted as formatting information.
Note: all of the above is based on my observing how Slashdot behaves and thinking about the logic of it. It's not like i've read the SLASH source or anything.
Plain Old Text means that tags in the text you enter do get interpreted, because what you type is pasted as "plain old text" into the HTML that gets generated, without any automatic translation. The one thing it does is add a "<BR>" wherever you have a newline, so your paragraphs get separated. If you want special characters like "<", ">", and "&", use the escape sequences "<", ">", and "&".
Extrans is the mode that automatically escapes those special characters, displaying exactly what you type and not interpreting any tags.
Will somone please fix the damn Extrans posting mode!
Will ucblockhead please figure out how the damn Extrans posting mode works! (Oh, and try using "Preview", too.)
The posting modes are tricky, but here's how they work, near as I can tell:
Extrans (Extended Translation) converts everything, including automatically replacing angle brackets with "<" or ">" escapes, so that it all shows up exactly as you type it and nothing gets interpreted as HTML tags.
HTML Formatted is the opposite: it doesn't interfere with what you type, so any tags are interpreted as HTML, and there is no formatting except for your tags. Note that newlines are ignored, which is why people so often complain that their paragraph breaks got lost.
Plain Old Text (which I use and which is probably the one you want) is in between: despite the (perhaps misleading) name, it does interpret HTML tags, but it also adds some formatting information. Specifically, it adds a <BR> tag wherever it sees a newline, so you get a paragraph break wherever you hit return. As far as I can tell, this is the only thing it adds.
I just now noticed that they seem to have fixed a bug that's been irritating me forever: When I would use "&", "<", or ">" escapes to prevent ampersands or angle brackets from being interpreted, it would work, but each I previewed, the text box would get the interpreted results, so the next time through, they would get eaten. This doesn't seem to happen anymore, though. Maybe now I can go play with my user preferences without having to redo the escapes in my sig (painful).
No offence, right? I see you got it straightened out further down. You'll also see me agreeing with you regarding the actual topic of this thread.
If you are living in anything but abject poverty, there are certain people who would be very interested in things like your credit card numbers, bank account numbers, social security numbers, etc., especially in combination.
That's what we have fraud protection for. Consumer protection prevents law breakers from totally wiping you out when you don't want to. If you take the ideas that many of the people here everything will be monitered and tracked.
That only helps if fraud is what you're worried about. I understood "certain people" in the previous post to include, for just one example, direct marketers, who could correlate all that information into massive profiles of what sort of stuff you buy, i.e., what your interests are, so they can bombard you with junk mail and/or spam, and how much money you have / spend, so they can know whether marketing at you is worthwhile.
Parsing your last sentence quoted above as well as I can (though it's not very intelligible), I get the idea that you're aware of the tracking / monitoring potential of this stuff, yet you seem unconcerned about it. In fact, you seem to be saying it as a good thing. Of course you're free to feel that way, but you can't read Slashdot for long without realizing that a lot of us don't like it, and think that protecting our privacy is plenty of reason to want to be able to use cryptography.
My major problem with monitoring / tracking is a matter of simple dignity: advertising in general, but most especially direct marketing, makes me feel that the companies trying to sell me things are treating me as a resource to be exploited. The thought of the marketing being backed by a huge database of everything I've ever bought just makes it worse -- I don't like being viewed as a consumer in a petri dish.
Hiliary Rosen's letter contains this particularly brazen statement:
And whatever the individual's right to use their own music, you cannot exploit that for your company's commercial gain.
Surely I need not spell out the implications to the RIAA if there were in fact any legal doctrine preventing corporations from "exploiting" music owned by individuals.
If the "individuals" you're referring to are the consumers who own legal copies of albums, then the only "exploiting" I can think of that the RIAA might be doing, aside from charging such obscene prices in the first place, is trying to convince me that I'm supposed to buy second and third copies if I want to listen to the same music at home, at work and in the car without having to carry the CD around from place to place, rather than just rip it and play the MP3s off of my Powerbook. If you mean the artists, then the argument's weakened by the fact that the artists sign the rights over to the labels, which brings up a whole other can of worms about the exploitative nature of those contracts.
The original quote seems to be arguing that the fact that the users already own copies / personal-use rights to the music does not entitle MP3.com to redistribute it. I agree that it's a sticky point, but I think (#define IANAL, #include "std_disclaimer.h", etc.) that MP3.com is in the right. If I understand Beam-it correctly, you register the fact that you already own a legitimate copy of the music (Can I assume that you're somhow required to prove it?), and then you, and only you, are able to access it. It doesn't seem that MP3.com is "distributing" it, then, any more than I am when I convert my own collection for my own (personal, exclusive, etc.) use, since nobody is using it who is not entitled to do so.
The fact that MP3.com is making a business out of it, even if they are not selling the music itself, does make it a bit more dubious, but their angle seems to be exclusively a "service". Copyright means that only the owner can make money selling copies of the work, not that only the owner can make a business in any way related to the consumer's use of the material, which seems to be the claim. That sounds more like if they would go after, say, Kenwood, for selling CD players and thus cashing in on the process whereby people listen to their CDs: "Though the individual has the right to listen to the CD he just bought from us, you cannot exploit that for your company's commercial gain by selling him the equipment on which to do so."
[...] it is just not possible to be sure not to damage something.
We seem to be making different assumptions, and I don't really know who is right: was the damage accidental, due to bugs in the software and/or the (granted) impossible task of anticipating every possible configuration, or did the software deliberately wipe out the other configurations so as to make AOL your only ISP? From what I read, I assumed the latter, though I admit I didn't follow this too closely (who cares about AOL anyway?)
Either way, though, I would refer you to a few Jargon File entries:
evil: "does not imply incompetence or bad design, but rather a set of goals or design criteria fatally incompatible with the speaker's."
evil and rude: "Both evil and rude, but with the additional connotation that the rudeness was due to malice rather than incompetence."
rude: "[sense 3] Anything that manipulates a shared resource without regard for its other users in such a way as to cause a (non-fatal) problem."
Basic manners among applications that run together on a system dictate that it is incredibly rude for one piece of software to modify configuration files that belong to another piece of software. You just don't do that. AOL did. Aside from the sheer aesthetics, one reason why this is so bad is precisely because it is a recognized fact that you can't anticipate all possible cases (e.g., those that involve programs that are written after yours), and so doing this is practically guaranteed to cause trouble for someone, somewhere. Hence, even if they didn't do it maliciously, it is still almost inexcusably bad.
It was clearly rude, and intentionally blowing away the other configurations would definitely strike me as evil, though of course I don't know whether or not it was actually intentional.
I gather that the dialog asked "Do you want to make AOL your default ISP?" To me, "default" does not mean the same thing as "only", so, at most, an affirmative reply would authorize them to tell the system to make their configuration the default, while leaving the others intact. That doesn't seem like something that should be very hard, so if that's all they tried to do, and the side effect was "just" a bug, I do think it's one for which they should be accountable. If they were trying to modify the other configurations non-maliciously, e.g., for some sort of integration purposes, and accidentally broke them, then I still think they should be accountable: sure, it's not reasonable to expect anyone to do something that complicated successfully, but any idiot could have told them that, and they should have known better than to try.
Actually, a lot of them are useful programs, either original ones or re-implementations of standard utilities, but with absolutely horrifying things done in the code. Ideally, the obfuscations are not just there for puzzle value, but actually serve to optimize performance.
I wish I could come up with some stuff like this -- I have a few programs that I've written normally, but with some moderately funky techniques, that I've been thinking I might be able to obfuscatify into reasonable entries, but I'm unlikely to get them ready in time. One of these years...
It looked like you were arguing that AOL (and the rest of the industry) has no responsibility for the quality of their software, even when it is flawed to the point of damaging their victim^Wcustomers' systems, since they have EULAs that disclaim all such responsibility.
It's true that the agreements have these disclaimers, but I, along with probably most people here, would argue that this does not excuse them, which also seems to be the main point of the class-action. I would protest that they should be held responsible, regardless of what "contracts" they print on the box, and that their attempts to get out of it should not be considered valid. Of course, the question of the validity of shrink-wrap and click-through contracts would come up again as well.
Anyway, you may have been just a bit too subtle: it took me a while to realize that you (at least seem to) share this opinion of the practice. If I understand it right, you're saying that you want the suit to fail so that the issue will be blown up, leading to a real reform, and not swept under the rug with a quick settlement. But, wouldn't a win in court be good for that purpose? If it's not a settlement, but a real court decision awarding damages for what they have done, wouldn't it establish a precedent effectively invalidating the shrink-wrap and click-through disclaimers?
the government is apparently totally incapable of cracking encryption even given five years with the data to themselves.... 12 bits of encryption... My VAIO could brute-force that in five minutes.
I saw this a few times in the comments on that story too, and I can't get over how totally some people seem to fail to understand encryption. This is at least as dumb as the "factoring large prime numbers" mistake that so many people make when talking about RSA. What makes you think he used such a weak code? Your TI-85 would have been perfectly capable of encrypting with, say, a 4096-bit RSA key (I have no idea what he actually used) -- it may have taken minutes or even hours instead of seconds, but the result is every bit as strong now as it was then. What you're missing is that that is exactly the point of why "they" don't like people having strong encryption: they can't crack it! That's why it's called strong encryption. It's not like, "Gee, this code is really hard, but you'd think in five years they'd manage to figure it out." That's just ridiculous. If the files are encrypted with a 4096-bit RSA public key, then they might as well be random noise, since that number is never going to be factored (barring a breakthrough in quantum computing or number theory).
Sure, distributed.net has done well on some small keys, and is likely to finish RC5-64 in the next couple years, but those efforts are to prove a point about the weakness of small keys. Strong encryption is the kind where, if every particle in the universe were part of one big computer, the code still couldn't be cracked in the lifetime of the universe. In those cases, the only way to get at the data is some kind of "sideband attack", e.g., finding the key written down somewhere (if he'd been that dumb) or getting him to surrender it. If he was smart enough to use a strong code and not leak any sideband information, there's nothing they can do.
We're the most powerful nation in the world and can't crack five-year-old encryption in five years.
Well, that just goes to show what happens when those evil hackers have access to strong encryption. This is why that technology has to be controlled -- to save the government from this kind of embarrassment. Seriously, this is the strangest part of your argument: all this time, whenever a crypto-control story has come up, we have all railed against the government(s) for trying to control the technology and limit us to codes that they can break, and now, when you see an example of what happens when someone uses a strong code, you make fun of them for not being able to crack it. What's that?
Well, I'm not about to hit a www.victoriassecret.com link through the company network. I have my Ricochet modem here on my 'Book, but I haven't installed M13 on it yet, so I can't test it that way.
However, I don't think what you're describing is anything specific to that link. I'm seeing the same behavior with contextual menus in a frame on some of our pages (for an intranet application that I'm working on): the page has a left and right frame. When I try to use it in the right frame, the contextual menu comes up to the left of my mouse, by what looks like exactly the width of the left frame. When I do it in the left frame, it comes up correctly. It looks like it's getting the mouse coordinates relative to the frame I'm in and then forgetting to convert when placing the menu in the parent window's coordinate system.
All right, now I've tried it on the included frame test page (Debug->Viewer Demos->#9 Frames). The behavior seems pretty consistent across all the frames, sub-frames, etc., and I'm pretty sure it's because of a missing coordinate conversion. Spacecraft have been lost this way, you know.
By the way, this is on a G4 Mac with MacOS 9. I've noticed two other things about contextual menus, which are probably Mac-specific: first, it only appears when I Control-click; click-and-hold does not bring it up -- control-click is the standard Mac way for it to work, but Communicator 4.x also had it with click-and-hold, even before contextual menus were added in MacOS 8. Also, I have to click once to bring up the menu, then click the selection -- I can't do it in a single click-and-drag movement; that just selects text on the window.
All in all, though, I'm very impressed with this build. If it could only log in to Slashdot, it would probably become my default browser. As it is, I'll probably be using it a lot for reading Slashdot, because of the incremental rendering of tables -- on a slow modem, multi-hundred-KB pages with TABLE tags wrapped all the way around them are extememly painful otherwise, because nothing can be displayed until everything has loaded. This renders Slashdot just about perfectly, and it finally lets me see comments as they load.
That's exactly the right answer. Copy protection mechanisms have (or should have) no legal status whatsoever, since they simply serve to make the act of copying more difficult. Bootlegging (remember, don't call it "piracy") the content, i.e., violating the copyright by making and distributing unauthorized copies, is already illegal. The act of copying is not necessarily equivalent to bootlegging, because it can be done for legitimate reasons, such as a backup copy under "fair use", and the mere act of breaking the codes is certainly not even equivalent to that, since legitimate reasons include a desire for a DVD player under Linux, or simply a geek's "because it's there" response to an interesting challenge.
Having the ability to commit a crime is not the same as actually committing it. Copy protection mechanisms are an attempt by the content providers to prevent people from having the ability to copy content, and breaking the codes is a way to regain that ability, which is not illegal -- only using it is, and even that only if the use violates the copyright. Punishing someone for "having the ability to copy DVDs" simply because he has broken the code, regardless of whether or not he has actually copied any DVDs, would be like punishing someone for "having the ability to commit murder" simply because he owns a gun (or any deadly weapon, such as a kitchen knife, baseball bat, or even his bare hands), regardless of whether or not anyone has actually been killed.
Who says I'm "only licensed to view it for one day"? Sure, that would have been their intent, but if I bought the physical disk, rather than renting it, what license is there? Even if they put a shrinkwrap license on it, like with software, would it be valid? The part about not reproducing and redistributing it would, I guess, but it seems that the exception for archival copying would still apply. If I own a copy of a work, I'm entitled to have a backup.
They may have sold it to me at a reduced price on the premise that I would only be able to watch it once, but that's their problem; I don't see how I would be bound by that. Try this: what if, instead of ripping it and making a backup, I found a way to prevent the disk from self-destructing (put some kind of coating on it, a player with a special laser that didn't trigger it, or some such thing)? Would I be "stealing" then? Surely they'd like us to think so, and the "best justice money can buy" might agree with them. I realize it would be overly optimistic to think that this would actually work, but I don't see any moral problem in either case.
Oh yeah, you're right that the original form of Moore's Law (about transistor sizes) does not apply to disks, but they seem to be following roughly the same growth curve.
I can't really argue against that -- I clearly paid a heavy premium for an arguably-marginal benefit -- but then I also can hardly complain about the price I paid: $30/GB still seems pretty cheap, when you can almost remember it being that much per MB, even if I could have had it four times cheaper. I guess the value you put on things like that is pretty subjective. For one thing, SCSI has less CPU overhead. Also, I now have a floppy, CD, Zip, and three hard drives in that system -- they can't all be IDE. Plus, I figured that the disk is by far the biggest bottleneck (other than the internet connection) in the system, so why not max it out? It seemed like the right decision at the time, given my priorities, even if it wasn't the best price/performance tradeoff. The thing is, the hard drive bottleneck keeps getting worse, because they keep getting bigger and cheaper, but not much faster.
Anyway, it looks like hard disk storage for a DVD movie would currently be about $30, which is not quite practical, when the movie itself is about $25, but it's even closer than I'd realized: less than one doubling away, rather than the two or three that I'd estimated. Better yet.
What, so the ~20-minute program would be a 12-15 MB download, instead of the current 3-4 MB? I guess it would be nice to have multiple bitrates to choose from, for those who have the bandwidth and want the extra quality, but that would be an unwelcome change, to put it gently, for those of us on slow modems. You wouldn't want to listen to real music this way, but 24 Kbps is fine for voice-quality stuff.
There's no way DVD-R media's going to come down in price for those reasons.
Put it this way: right now, hard drive space is less that $30/GB. That's based on an 18 GB Ultra-2 Wide SCSI drive I bought a few months ago for about $600. It's probably less now, not to mention how much less it would be for bigger, slower IDE drives. I haven't been paying close attention to such things, but I imagine it might be half of that. Hence, storing a 4 GB DVD movie on my hard drive would cost me about $120 worth of disk space on the U2W, or maybe $60 if I bought a cheap IDE drive. If Moore's Law stays with us for another five years, we'll see a little over three more doublings, bringing that down to $6-12 per movie, which is less than buying the movie normally, even if the disposable disk costs ~$5. So, even if removable media prices fail to keep up, ordinary disk space will become cheap enough to make "backing up" of single-use DVDs practical within five years, which is soon enough to matter. If I understand this right, the idea would be for these to replace rental DVDs, so the price would have to be in the same range (though no doubt they'll try to use this as an excuse to jack up the rental prices by another buck or two "in order to serve you better".)
Of course, I love the idea of being able to store my movie collection on a hard drive for the same reason that I like MP3s: not for making bootleg copies (remember, don't call it "piracy"), but for the convenience of having everything in a jukebox-like system, instantly available, without needing to flip disks around, plus track memory, playlist management, etc.
There's a certain almost poetic beauty to the way this idea juxtaposes with the "archival backup" provision of "fair use", isn't there? When I rent an ordinary disk, I clearly don't own it -- I just have possession of it for the period of the rental and I'm entitled to view it, but that's all. However, if I buy a self-destructing disk, then I do own the physical medium. They may be willing to sell it to me for a rental price on the theory that it will self-destruct, but barring some really fancy legal footwork on their part, I don't see how they could justify denying that I am entitled to use it according to "fair use", including the right to "make a backup copy, solely for archival purposes in the event of [must...keep...straight...face] the loss or destruction of the original".
Of course, what they should really do is just grow up and realize that they can't absolutely prevent bootlegging, and that they don't really need to do so, since it won't stop people from buying from them anyway, rather than continue to be such greedy bastards with their increasingly ridiculous attempts to control everything, which only serve to impede other desirable, and perfectly legitimate, uses (see above), but that's been said before.
I tip my virtual hat to whoever it was (on Slashdot) who said something like this: The trouble with Linux is that 98% of users make the other 2% look bad.
[...] 98% seems a little high. Surely it's the other way around? I.e., that 2% of Linux users make the other 98% look bad.
I'm not sure what the original context was, but I assume it was an intentional reversal. The "2% of [X] make the other 98% look bad" expression, while insightful, is old to the point of triteness. This quote seems to be reversing it, in order to cynically argue that, while we'd like to believe that the kiddies and flamers are only a small but vocal minority among a predominantly intelligent and thoughtful group, the truth is that they comprise a larger percentage of us than we'd like to admit, and/or that, in all honesty, most of us are not so much better. (Though surely it's an exaggeration to put the intelligent ones at a vanishingly small 98:2 minority.)
This effectively invokes the old sentiment, only to deny that it applies to the case at hand. Other examples of this device that come to mind would be: "beating ploughshares into swords", "99% inspiration and 1% perspiration", "snatching defeat from the jaws of victory", "Why do today what you can put off until tomorrow?", etc.
Thank you for posting a copy of, and link to, this flamethrower! I saw it once before, when I'd earned it (it was my first semester at Berkeley -- I was young and foolish) by doing a:
_X_ you quoted an article in followup and only added the line "Me, too!!!"
(though, in my defense, it was on a small (~0.5 dozen person) mailing list, and in response to a question about when/where to meet, or some such). Anyway, I foolishly deleted it, and have been kicking myself ever since. I've wanted a copy to use myself, but not badly enough to actually ask the guy who hit me with it in the first place for another.
This is an absolutely great tool, aside from being hilariously funny to "us grown-ups":
*For someone who "should know better", but slips, it makes for a powerful, but not really wounding, admonishment.
*For "newbies", its formulaic nature, as much as its actual content, can help convey the concept that there is a real tradition and etiquette to these things and that this is a response to a real breach of that etiquette, rather than just off-the-cuff flamage. Often, just getting this concept through their skulls is harder, and more important, than teaching them all the details.
*In fact, this would be a good document to show to "newbies" pre-emptively -- not flaminng them, but showing it to them (in person) and explaining that it is a list of grievances that the old-timers frequently have against newcomers, in hopes that they'll get a sense of why these things are bad.
Maybe it should even be displayed prominently among the various FAQs, introductory messages, etc., perhaps even being displayed as a warning when you create a Slashdot account.
On the other hand, it is pretty long, (it fits under the comment length limit, but it still takes a lot of vertical space), and I hope we don't start seeing it posted here too frequently as it could become a major bandwidth-killer.
Thanks for the key, BrightSide, but I hope you're aware that if you make a practice of posting your key with messages to public forums, you open yourself up to spoofing attacks, where someone posts a message as you, with their own key. If you mess up your key management your 4096-bit key won't help you.
By putting a "PGP PUBLIC KEY BLOCK" in his message, isn't BrightSide just telling everyone what his public key is? How does that make him vulnerable? Unless you're completely misundersanding the way a public-key cryptosystem works, I don't see what you could be referring to. In a public-key system, someone generates a public/private key pair, and lets everybody know what the public key is, but keeps the private key secret. Then several thing are possible: anybody can encrypt a message in such a way that only the holder of the private key can decrypt it, the holder can uniquely sign a message in such a way that anyone can verify that he has done so, he can prove that he is the holder without leaking any information about the key itself, etc. The public key is no secret; hence the name. In fact, he wants the knowledge to be as ubiquitous as possible, and tagging it onto his Slashdot posts can only help with that. Basically, the public key block says two things: "Anyone wanting to send me a private message can express it numerically and raise it to the power of [X], mod [Y]", and "Anyone claiming to be me had better be prepared to prove that he knows what the factors of [X] are". In both cases, though, the "me" is only equivalent to "the person who wrote this message"; it does not prove that that person is actually ho he claims to be.
Or do you mean that, if someone compromises his Slashdot account, which is only as secure as the lesser of Slashdot's server and his e-mail account, then that person could post a message with a different key, and then impoersonate him more convincingly? I still don't see how the key helps. If they posted their own key, and later claimed to be him by using that key, he could simply deny owning that key. The spoofer could prove that he is the same person who posted the comment, but not that he is BrightSide.
Or maybe someone could post a comment anonymously, claiming "I'm BrightSide -- I forgot my Slashdot password, but this [...] is my public key. See, it's the same one I posted at http://slashdot.org/comments.pl?sid=00/01/12/21282 07&cid=63". The problem is that a public key is not a proof of identity. The response would be, "Oh yeah? Let's see you sign that message", to which the spoofer could only respond, "Uh, gotta go."
I remember reading the interview with Bill Joy in Linux Magazine a couple months ago, which included discussion of his views on the SCSL vs. GPL licenses. It's been a while since I read it, but I'll summarize as well as I can remember. He stressed the importance of compatibility -- that open protocols and formats are more important than open source code. It's a good point: the most important factor for improving the computing environment for everybody, as well as for preventing monopolistic lock-in effects, is interoperability. As long as the communications protocols, file formats, etc., used by an application are open standards, anyone can make a similar application that uses the same standards, and the applications will be able to work together (share documents, etc.). The actual source code of the original implementation is not necessary. Especially for something like a language implementation, it is essential for all versions to be compatible.
He went further, claiming that the best way to ensure this is for it to be required by the license, and for there to be an authority in charge of making sure that all implementations live up to this requirement. (Sun, of course, volunteers to perform this function.) He considers this an advantage of the SCSL over the GPL, since with the GPL there is nothing to prevent people from making divergent, incompatible implementations, which would lead to a big mess, in which interoperability would suffer.
The counter-argument, of course, is that since the GPL requires modifications to be free, any sufficiently-appealing enhancements in one implementation would be incorporated back into the other versions, keeping them compatible, and enhancements that are not sufficiently appealing would not be a problem anyway, since they would simply be ignored. It was hard to tell whether he failed to get this, or he understood it but did not agree. There were a few comments that seemed to miss the point a bit, but generally it seemed to be the other way. He seemed to believe that the freedom for people to re-integrate each other's changes would not be sufficient, and that there would end up being versions with at least small, subtle incompatibilities, and this would be unacceptable, since even small inconsistencies would be sufficient to turn "write once, run anywhere" into "write once, test/debug/modify everywhere". I don't really know: it does seem to be a valid concern, but then again, you could counter that it's sort of like that already, and that GPL projects do seem to hang together remarkably well in general.
On the other hand, I like RMS's point that "you cannot close them off by denying yourself freedom, any more than you can hide by covering your eyes." That is, even with Sun's licensing policy as it is, nothing stops Microsoft (for example) from making their own version completely from scratch, breaking compatibility by adding their proprietary extensions, and using their weight to push it against Sun's (and other Sun-approved) versions. All Sun could do is stop them from using the trademark. Other than that, the requirement of doing it from scratch would make such an effort more difficult, but not prevent it.
I just noticed the new patent icon, on the Bleem Sues Sony story. Cool! It seems to cover both the stupidity and the malice angles: not only is it absurd to consider silverware a technological breakthrough, but the "Patent Pending" label seems to connote dire consequences for infringement on this "nutrition delivery system".
Clearly, cloning TRex and turning them loose would be a mistake.
Why do you say that? Been watching Jurassic Park too many times? Or maybe Godzilla? Species? Mimic? If you watch enough dumb movies, you might get the idea that resurrecting a species like T. Rex through cloning would cause The End Of The World when they (inevitably) get out of control and eat everybody. Sure, there would be a devastating ecological impact, but nothing that would threaten the survival of humanity. If you dropped a couple of full-grown ones in the middle of a city, they would eat a bunch of people and otherwise cause a big commotion for a few days until they were killed, but that's about it. It's not like they'd breed covertly in the countryside, rising up a few years later by the millions to wreak righteous vengeance upon us for all the species we've destroyed.
It's not even clear that they would cause that much damage to the ecosystem. They're big, tough, and eat a lot, so you'd think they'd screw up the food chain, i.e., displace whoever is currently the top predator, but then maybe they wouldn't even do that well. First of all, the climate is very different from what they were adapted to. Also, the countryside is no longer full of schoolbus-sized, walnut-brained herbivores for them to eat. They'd have a hard time chasing down the much smaller, faster animals that exist now, especially since they'd have to catch so many more of them. I don't know if they'd even be able to survive, so "turning them loose" might be cruel to them, but it wouldn't be dangerous to us. On the other hand, cloning them for scientific purposes would be of great interest, and the amusement park idea actually just might not be too bad either.
That said, what makes cloning the mammoth any better? Did we drive them to extinction? I thought the climate did that. Either way, what unsuspecting ecosystem were you planning to drop them into? Seems the ecological impact would be just as bad -- maybe worse, since they would probably have a better chance of flourishing and thus doing some damage.
Slashdot Mirror
That's what I meant -- by putting that suggestion in there, he made himself sound like some warez kiddie. I have no idea who he is or whether that description is in fact accurate, but either way, he seriously undermined the good that this could have done, since it also made it sound like something specifically for other warez kiddies, when in fact it could be very useful for a variety of purposes. If he'd been just a little bit smarter about it, he could have spun this so as to make it an argument for the legitimacy of Napster, but instead, he chose to slap the industries in the face with it, just begging them to turn it into another argument for their side instead.
My other point, though, when I said "...even his saying it does not make it true...", is that despite what he said, this does still open up new legitimate uses for the software, which can be used to strengthen the defense. A program's author is not the final authority on what the program's uses are -- if he were, the MPAA would be forced to agree that DeCSS is not for copying DVDs, simply because Jon Johansen says so. (Yes, I know he's not the actual author, but anyway.)
By the way, you probably used "Extrans" when what you wanted was "Plain Old Text", which is why your italics didn't work. The meanings of those two modes seem to be counter-intuitive to a lot of people -- they are actually the exact opposites of what you might expect.
David Gould
One would think that that interpretation was obvious, but the article seems to have it completely backwards:
Wrapster joins a growing list of programs allowing the quick, free and wide distribution of illegally copied files. The trend is bad news for record companies, movie studios and software companies that have fought hard to keep their wares from being pirated online.
How hard would it have been for them to say "...of files (incuding illegally copied ones)" instead of "...of illegally copied files"? Care to imagine how many people will get the strange notion that the specific ability to copy files "illegally" is some special feature of the program? (Or, rather, that something like that could possibly be a special feature rather than a side-effect of the way it is used?) By saying something so misleading, they seem to be encouraging people to buy the industries' claims that things like this (not just [N|Wr]apster, but MP3, DeCSS, and, heck, why not mention FTP) are inherently "pirate" or "hacker" tools.
They have extended the "piracy" stigma to cover all of the program's functions, choosing to see this as a bolder move to make the thing even more "dangerous", rather than a retroactive hedge to create new perfectly legitimate uses that can be used to justify its existence as a legitimate tool.
Of course, it doesn't help that
Its author, identified as "Octavian" in the program's "about" file, suggests using the software as a means for trading programs such as Windows 2000. Octavian could not be reached for comment.
That strikes me as kind of dumb, undermining the legitimizing effect of Wrapster, or maybe he really does intend it as a new-and-improved "piracy" tool, but even his saying it does not make it true or change the fact that the "it's a legitimate file-sharing tool" defense has gained some credibility.
David Gould
I am currently re-reading Cryptonomicon, and I recently came across the bit (about a third of the way through) where Randy and Eb discuss something like this, and I've been thinking about it some more. How does this sound:
In addition to encrypting your real messages, you have your systems set up to send fake messages consisting of random garbage to each other at random intervals. Hence, no monitoring of server logs, or even physical sniffing of transmissions, can prove that a message was ever sent.
That was Eb's idea, but they didn't go further into it. Here's my addition: The problem is that they can still require you to surrender your keys, and when you do, they can see which messages decrypt to meaningful text and which are garbage. However, suppose each person actually has two keys, called, say, the major key and minor key. The minor key is the one that you use publicly, and everything about the major key, including its very existence, is kept secret.
You send messages back and forth using the minor keys when the content is not particularly important (important enough to encrypt normally, but not damaging should it come out in discovery), and use the major key for the things that you really don't want to have discovered. When sub-poenaed to surrender your messages, you surrender your minor key, and explain that, to protect against information leakage, you have been chaffing your communications with garbage and that decrypting all the messages with this key will reveal which ones were real and which were chaff.
What they don't know, and couldn't prove even if they suspected it, is that the set of messages that decrypt to gibberish are further subdivided into the actual garbage and the important messages that were encrypted with the major key. The main point is that you have a plausible explanation for the existence of observed transmissions that cannot be decrypted, so they have no real choice but to believe you when you deny the existence of any other messages.
David Gould
With all that talk about Arkanoid toward the end there, I have to ask: has anyone else seen a 3D version? I got a crippled (limited to first four levels) version of a Mac game called (I think) "Diamonds 3D" in the shareware bundle that came on a hard drive I bought a while ago. It's basically an expansion of the Arkanoid concept to three dimensions, and it's good enough that I'll probably buy the full version if I ever get around to it.
The three-dimensionalization is done in basically the same way as the various 3D Tetrises that I've seen (3Tris, Block-Out, etc.): you are looking straight down (or forward, or up, if you prefer, but "Remember, the enemy gate is always down.") into a rectangular space, with bricks in various formations that you need to break by hitting them with the ball. At the top is your (conveniently transparent) paddle, which tracks your mouse. You drop the ball down, it bounces around, hits bricks, and comes back up at you, and you need to hit it. The ball's speed and angle are controlled by how fast the paddle is moving when you hit it, and if you were moving too fast, it becomes a blur that you have no hope of catching the next time. When you miss it, it escapes with a sort of neat broken-glass effect, apparently meant to indicate that it shot through your screen. There are various special things, e.g, special diamond bricks that can only be broken after all the normal ones are gone, and different color bricks that can only be broken after you've hit a switch to turn your ball the same color.
By the way, wasn't it a bit weird to describe Arkanoid (as if anyone worthy of reading Slashdot, let alone listening to GiS, would not remember it) with "It's like 'Breakout'."? I remember Breakout as one of the audio-tape-loaded games on the 16K Commodore Pet that used those weird PETSCII graphics and had no physics whatsoever, so the ball would only move at 45-degree angles and could only hit odd- or even-numbered bricks on the respective parity lives. It just seems that that is a bit more obscure than Arkanoid, and therefore doesn't help much as an explanation. Or is "Breakout" also the name of some more recent and/or popular game that I should know of?
David Gould
Make that, "Since this is POT, [it has all those styles that you demonstrated]"
A lot of people don't seem to get this, but think about how this works: the Slashdot server code doesn't somehow "make" the text display in those styles; it just sends text to your browser, which is the one that displays it. The entire page is one big HTML document and the text of your comment is pasted into the body of that document. If it contains tags, the browser responds to them and displays the text as appropriate.
The "Plain Old Text" mode means that Slashdot does not do any preprocessing (e.g., escaping "<" characters by replacing them with "<" sequences) to the text that you enter before pasting it into the HTML document, so any tags that you type appear directly in the page that the browser receives. The one exception is that it inserts <BR> tags between paragraphs, so you don't have to. Otherwise, what you type is exactly the text that appears in the corresponding part of the HTML page, tags and all, which means that the browser will use those tags as formatting information in displaying the page.
If you use the "Extrans" mode, those special characters are replaced by escape sequences, so any tags you type appear as source rather than being interpreted as formatting information.
Note: all of the above is based on my observing how Slashdot behaves and thinking about the logic of it. It's not like i've read the SLASH source or anything.
#include <std_disclaimer.h>
David Gould
Once again:
Plain Old Text means that tags in the text you enter do get interpreted, because what you type is pasted as "plain old text" into the HTML that gets generated, without any automatic translation. The one thing it does is add a "<BR>" wherever you have a newline, so your paragraphs get separated. If you want special characters like "<", ">", and "&", use the escape sequences "<", ">", and "&".
Extrans is the mode that automatically escapes those special characters, displaying exactly what you type and not interpreting any tags.
Oh, and try "Preview", too.
David Gould
Will somone please fix the damn Extrans posting mode!
Will ucblockhead please figure out how the damn Extrans posting mode works!
(Oh, and try using "Preview", too.)
The posting modes are tricky, but here's how they work, near as I can tell:
Extrans (Extended Translation) converts everything, including automatically replacing angle brackets with "<" or ">" escapes, so that it all shows up exactly as you type it and nothing gets interpreted as HTML tags.
HTML Formatted is the opposite: it doesn't interfere with what you type, so any tags are interpreted as HTML, and there is no formatting except for your tags. Note that newlines are ignored, which is why people so often complain that their paragraph breaks got lost.
Plain Old Text (which I use and which is probably the one you want) is in between: despite the (perhaps misleading) name, it does interpret HTML tags, but it also adds some formatting information. Specifically, it adds a <BR> tag wherever it sees a newline, so you get a paragraph break wherever you hit return. As far as I can tell, this is the only thing it adds.
I just now noticed that they seem to have fixed a bug that's been irritating me forever: When I would use "&", "<", or ">" escapes to prevent ampersands or angle brackets from being interpreted, it would work, but each I previewed, the text box would get the interpreted results, so the next time through, they would get eaten. This doesn't seem to happen anymore, though. Maybe now I can go play with my user preferences without having to redo the escapes in my sig (painful).
No offence, right? I see you got it straightened out further down. You'll also see me agreeing with you regarding the actual topic of this thread.
David Gould
If you are living in anything but abject poverty, there are certain people who would be very interested in things like your credit card numbers, bank account numbers, social security numbers, etc., especially in combination.
That's what we have fraud protection for. Consumer protection prevents law breakers from totally wiping you out when you don't want to. If you take the ideas that many of the people here everything will be monitered and tracked.
That only helps if fraud is what you're worried about. I understood "certain people" in the previous post to include, for just one example, direct marketers, who could correlate all that information into massive profiles of what sort of stuff you buy, i.e., what your interests are, so they can bombard you with junk mail and/or spam, and how much money you have / spend, so they can know whether marketing at you is worthwhile.
Parsing your last sentence quoted above as well as I can (though it's not very intelligible), I get the idea that you're aware of the tracking / monitoring potential of this stuff, yet you seem unconcerned about it. In fact, you seem to be saying it as a good thing. Of course you're free to feel that way, but you can't read Slashdot for long without realizing that a lot of us don't like it, and think that protecting our privacy is plenty of reason to want to be able to use cryptography.
My major problem with monitoring / tracking is a matter of simple dignity: advertising in general, but most especially direct marketing, makes me feel that the companies trying to sell me things are treating me as a resource to be exploited. The thought of the marketing being backed by a huge database of everything I've ever bought just makes it worse -- I don't like being viewed as a consumer in a petri dish.
David Gould
Hiliary Rosen's letter contains this particularly brazen statement:
And whatever the individual's right to use their own music, you cannot exploit that for your company's commercial gain.
Surely I need not spell out the implications to the RIAA if there were in fact any legal doctrine preventing corporations from "exploiting" music owned by individuals.
If the "individuals" you're referring to are the consumers who own legal copies of albums, then the only "exploiting" I can think of that the RIAA might be doing, aside from charging such obscene prices in the first place, is trying to convince me that I'm supposed to buy second and third copies if I want to listen to the same music at home, at work and in the car without having to carry the CD around from place to place, rather than just rip it and play the MP3s off of my Powerbook. If you mean the artists, then the argument's weakened by the fact that the artists sign the rights over to the labels, which brings up a whole other can of worms about the exploitative nature of those contracts.
The original quote seems to be arguing that the fact that the users already own copies / personal-use rights to the music does not entitle MP3.com to redistribute it. I agree that it's a sticky point, but I think (#define IANAL, #include "std_disclaimer.h", etc.) that MP3.com is in the right. If I understand Beam-it correctly, you register the fact that you already own a legitimate copy of the music (Can I assume that you're somhow required to prove it?), and then you, and only you, are able to access it. It doesn't seem that MP3.com is "distributing" it, then, any more than I am when I convert my own collection for my own (personal, exclusive, etc.) use, since nobody is using it who is not entitled to do so.
The fact that MP3.com is making a business out of it, even if they are not selling the music itself, does make it a bit more dubious, but their angle seems to be exclusively a "service". Copyright means that only the owner can make money selling copies of the work, not that only the owner can make a business in any way related to the consumer's use of the material, which seems to be the claim. That sounds more like if they would go after, say, Kenwood, for selling CD players and thus cashing in on the process whereby people listen to their CDs: "Though the individual has the right to listen to the CD he just bought from us, you cannot exploit that for your company's commercial gain by selling him the equipment on which to do so."
David Gould
[...] it is just not possible to be sure not to damage something.
We seem to be making different assumptions, and I don't really know who is right: was the damage accidental, due to bugs in the software and/or the (granted) impossible task of anticipating every possible configuration, or did the software deliberately wipe out the other configurations so as to make AOL your only ISP? From what I read, I assumed the latter, though I admit I didn't follow this too closely (who cares about AOL anyway?)
Either way, though, I would refer you to a few Jargon File entries:
evil: "does not imply incompetence or bad design, but rather a set of goals or design criteria fatally incompatible with the speaker's."
evil and rude: "Both evil and rude, but with the additional connotation that the rudeness was due to malice rather than incompetence."
rude: "[sense 3] Anything that manipulates a shared resource without regard for its other users in such a way as to cause a (non-fatal) problem."
Basic manners among applications that run together on a system dictate that it is incredibly rude for one piece of software to modify configuration files that belong to another piece of software. You just don't do that. AOL did. Aside from the sheer aesthetics, one reason why this is so bad is precisely because it is a recognized fact that you can't anticipate all possible cases (e.g., those that involve programs that are written after yours), and so doing this is practically guaranteed to cause trouble for someone, somewhere. Hence, even if they didn't do it maliciously, it is still almost inexcusably bad.
It was clearly rude, and intentionally blowing away the other configurations would definitely strike me as evil, though of course I don't know whether or not it was actually intentional.
I gather that the dialog asked "Do you want to make AOL your default ISP?" To me, "default" does not mean the same thing as "only", so, at most, an affirmative reply would authorize them to tell the system to make their configuration the default, while leaving the others intact. That doesn't seem like something that should be very hard, so if that's all they tried to do, and the side effect was "just" a bug, I do think it's one for which they should be accountable. If they were trying to modify the other configurations non-maliciously, e.g., for some sort of integration purposes, and accidentally broke them, then I still think they should be accountable: sure, it's not reasonable to expect anyone to do something that complicated successfully, but any idiot could have told them that, and they should have known better than to try.
David Gould
Actually, a lot of them are useful programs, either original ones or re-implementations of standard utilities, but with absolutely horrifying things done in the code. Ideally, the obfuscations are not just there for puzzle value, but actually serve to optimize performance.
I wish I could come up with some stuff like this -- I have a few programs that I've written normally, but with some moderately funky techniques, that I've been thinking I might be able to obfuscatify into reasonable entries, but I'm unlikely to get them ready in time. One of these years...
David Gould
...but then I read your last paragraph.
It looked like you were arguing that AOL (and the rest of the industry) has no responsibility for the quality of their software, even when it is flawed to the point of damaging their victim^Wcustomers' systems, since they have EULAs that disclaim all such responsibility.
It's true that the agreements have these disclaimers, but I, along with probably most people here, would argue that this does not excuse them, which also seems to be the main point of the class-action. I would protest that they should be held responsible, regardless of what "contracts" they print on the box, and that their attempts to get out of it should not be considered valid. Of course, the question of the validity of shrink-wrap and click-through contracts would come up again as well.
Anyway, you may have been just a bit too subtle: it took me a while to realize that you (at least seem to) share this opinion of the practice. If I understand it right, you're saying that you want the suit to fail so that the issue will be blown up, leading to a real reform, and not swept under the rug with a quick settlement. But, wouldn't a win in court be good for that purpose? If it's not a settlement, but a real court decision awarding damages for what they have done, wouldn't it establish a precedent effectively invalidating the shrink-wrap and click-through disclaimers?
David Gould
the government is apparently totally incapable of cracking encryption even given five years with the data to themselves.
I saw this a few times in the comments on that story too, and I can't get over how totally some people seem to fail to understand encryption. This is at least as dumb as the "factoring large prime numbers" mistake that so many people make when talking about RSA. What makes you think he used such a weak code? Your TI-85 would have been perfectly capable of encrypting with, say, a 4096-bit RSA key (I have no idea what he actually used) -- it may have taken minutes or even hours instead of seconds, but the result is every bit as strong now as it was then. What you're missing is that that is exactly the point of why "they" don't like people having strong encryption: they can't crack it! That's why it's called strong encryption. It's not like, "Gee, this code is really hard, but you'd think in five years they'd manage to figure it out." That's just ridiculous. If the files are encrypted with a 4096-bit RSA public key, then they might as well be random noise, since that number is never going to be factored (barring a breakthrough in quantum computing or number theory).
Sure, distributed.net has done well on some small keys, and is likely to finish RC5-64 in the next couple years, but those efforts are to prove a point about the weakness of small keys. Strong encryption is the kind where, if every particle in the universe were part of one big computer, the code still couldn't be cracked in the lifetime of the universe. In those cases, the only way to get at the data is some kind of "sideband attack", e.g., finding the key written down somewhere (if he'd been that dumb) or getting him to surrender it. If he was smart enough to use a strong code and not leak any sideband information, there's nothing they can do.
We're the most powerful nation in the world and can't crack five-year-old encryption in five years.
Well, that just goes to show what happens when those evil hackers have access to strong encryption. This is why that technology has to be controlled -- to save the government from this kind of embarrassment. Seriously, this is the strangest part of your argument: all this time, whenever a crypto-control story has come up, we have all railed against the government(s) for trying to control the technology and limit us to codes that they can break, and now, when you see an example of what happens when someone uses a strong code, you make fun of them for not being able to crack it. What's that?
David Gould
Well, I'm not about to hit a www.victoriassecret.com link through the company network. I have my Ricochet modem here on my 'Book, but I haven't installed M13 on it yet, so I can't test it that way.
However, I don't think what you're describing is anything specific to that link. I'm seeing the same behavior with contextual menus in a frame on some of our pages (for an intranet application that I'm working on): the page has a left and right frame. When I try to use it in the right frame, the contextual menu comes up to the left of my mouse, by what looks like exactly the width of the left frame. When I do it in the left frame, it comes up correctly. It looks like it's getting the mouse coordinates relative to the frame I'm in and then forgetting to convert when placing the menu in the parent window's coordinate system.
All right, now I've tried it on the included frame test page (Debug->Viewer Demos->#9 Frames). The behavior seems pretty consistent across all the frames, sub-frames, etc., and I'm pretty sure it's because of a missing coordinate conversion. Spacecraft have been lost this way, you know.
By the way, this is on a G4 Mac with MacOS 9. I've noticed two other things about contextual menus, which are probably Mac-specific: first, it only appears when I Control-click; click-and-hold does not bring it up -- control-click is the standard Mac way for it to work, but Communicator 4.x also had it with click-and-hold, even before contextual menus were added in MacOS 8. Also, I have to click once to bring up the menu, then click the selection -- I can't do it in a single click-and-drag movement; that just selects text on the window.
All in all, though, I'm very impressed with this build. If it could only log in to Slashdot, it would probably become my default browser. As it is, I'll probably be using it a lot for reading Slashdot, because of the incremental rendering of tables -- on a slow modem, multi-hundred-KB pages with TABLE tags wrapped all the way around them are extememly painful otherwise, because nothing can be displayed until everything has loaded. This renders Slashdot just about perfectly, and it finally lets me see comments as they load.
David Gould
Heh, they should add:
D. No, that's why the codes are there.
That's exactly the right answer. Copy protection mechanisms have (or should have) no legal status whatsoever, since they simply serve to make the act of copying more difficult. Bootlegging (remember, don't call it "piracy") the content, i.e., violating the copyright by making and distributing unauthorized copies, is already illegal. The act of copying is not necessarily equivalent to bootlegging, because it can be done for legitimate reasons, such as a backup copy under "fair use", and the mere act of breaking the codes is certainly not even equivalent to that, since legitimate reasons include a desire for a DVD player under Linux, or simply a geek's "because it's there" response to an interesting challenge.
Having the ability to commit a crime is not the same as actually committing it. Copy protection mechanisms are an attempt by the content providers to prevent people from having the ability to copy content, and breaking the codes is a way to regain that ability, which is not illegal -- only using it is, and even that only if the use violates the copyright. Punishing someone for "having the ability to copy DVDs" simply because he has broken the code, regardless of whether or not he has actually copied any DVDs, would be like punishing someone for "having the ability to commit murder" simply because he owns a gun (or any deadly weapon, such as a kitchen knife, baseball bat, or even his bare hands), regardless of whether or not anyone has actually been killed.
David Gould
Who says I'm "only licensed to view it for one day"? Sure, that would have been their intent, but if I bought the physical disk, rather than renting it, what license is there? Even if they put a shrinkwrap license on it, like with software, would it be valid? The part about not reproducing and redistributing it would, I guess, but it seems that the exception for archival copying would still apply. If I own a copy of a work, I'm entitled to have a backup.
They may have sold it to me at a reduced price on the premise that I would only be able to watch it once, but that's their problem; I don't see how I would be bound by that. Try this: what if, instead of ripping it and making a backup, I found a way to prevent the disk from self-destructing (put some kind of coating on it, a player with a special laser that didn't trigger it, or some such thing)? Would I be "stealing" then? Surely they'd like us to think so, and the "best justice money can buy" might agree with them. I realize it would be overly optimistic to think that this would actually work, but I don't see any moral problem in either case.
Oh yeah, you're right that the original form of Moore's Law (about transistor sizes) does not apply to disks, but they seem to be following roughly the same growth curve.
David Gould
Ahh, you've paid far, far to much money.
I can't really argue against that -- I clearly paid a heavy premium for an arguably-marginal benefit -- but then I also can hardly complain about the price I paid: $30/GB still seems pretty cheap, when you can almost remember it being that much per MB, even if I could have had it four times cheaper. I guess the value you put on things like that is pretty subjective. For one thing, SCSI has less CPU overhead. Also, I now have a floppy, CD, Zip, and three hard drives in that system -- they can't all be IDE. Plus, I figured that the disk is by far the biggest bottleneck (other than the internet connection) in the system, so why not max it out? It seemed like the right decision at the time, given my priorities, even if it wasn't the best price/performance tradeoff. The thing is, the hard drive bottleneck keeps getting worse, because they keep getting bigger and cheaper, but not much faster.
Anyway, it looks like hard disk storage for a DVD movie would currently be about $30, which is not quite practical, when the movie itself is about $25, but it's even closer than I'd realized: less than one doubling away, rather than the two or three that I'd estimated. Better yet.
David Gould
What, so the ~20-minute program would be a 12-15 MB download, instead of the current 3-4 MB? I guess it would be nice to have multiple bitrates to choose from, for those who have the bandwidth and want the extra quality, but that would be an unwelcome change, to put it gently, for those of us on slow modems. You wouldn't want to listen to real music this way, but 24 Kbps is fine for voice-quality stuff.
David Gould
There's no way DVD-R media's going to come down in price for those reasons.
Put it this way: right now, hard drive space is less that $30/GB. That's based on an 18 GB Ultra-2 Wide SCSI drive I bought a few months ago for about $600. It's probably less now, not to mention how much less it would be for bigger, slower IDE drives. I haven't been paying close attention to such things, but I imagine it might be half of that. Hence, storing a 4 GB DVD movie on my hard drive would cost me about $120 worth of disk space on the U2W, or maybe $60 if I bought a cheap IDE drive. If Moore's Law stays with us for another five years, we'll see a little over three more doublings, bringing that down to $6-12 per movie, which is less than buying the movie normally, even if the disposable disk costs ~$5. So, even if removable media prices fail to keep up, ordinary disk space will become cheap enough to make "backing up" of single-use DVDs practical within five years, which is soon enough to matter. If I understand this right, the idea would be for these to replace rental DVDs, so the price would have to be in the same range (though no doubt they'll try to use this as an excuse to jack up the rental prices by another buck or two "in order to serve you better".)
Of course, I love the idea of being able to store my movie collection on a hard drive for the same reason that I like MP3s: not for making bootleg copies (remember, don't call it "piracy"), but for the convenience of having everything in a jukebox-like system, instantly available, without needing to flip disks around, plus track memory, playlist management, etc.
There's a certain almost poetic beauty to the way this idea juxtaposes with the "archival backup" provision of "fair use", isn't there? When I rent an ordinary disk, I clearly don't own it -- I just have possession of it for the period of the rental and I'm entitled to view it, but that's all. However, if I buy a self-destructing disk, then I do own the physical medium. They may be willing to sell it to me for a rental price on the theory that it will self-destruct, but barring some really fancy legal footwork on their part, I don't see how they could justify denying that I am entitled to use it according to "fair use", including the right to "make a backup copy, solely for archival purposes in the event of [must...keep...straight...face] the loss or destruction of the original".
Of course, what they should really do is just grow up and realize that they can't absolutely prevent bootlegging, and that they don't really need to do so, since it won't stop people from buying from them anyway, rather than continue to be such greedy bastards with their increasingly ridiculous attempts to control everything, which only serve to impede other desirable, and perfectly legitimate, uses (see above), but that's been said before.
David Gould
I tip my virtual hat to whoever it was (on Slashdot) who said something like this: The trouble with Linux is that 98% of users make the other 2% look bad.
[...] 98% seems a little high. Surely it's the other way around? I.e., that 2% of Linux users make the other 98% look bad.
I'm not sure what the original context was, but I assume it was an intentional reversal. The "2% of [X] make the other 98% look bad" expression, while insightful, is old to the point of triteness. This quote seems to be reversing it, in order to cynically argue that, while we'd like to believe that the kiddies and flamers are only a small but vocal minority among a predominantly intelligent and thoughtful group, the truth is that they comprise a larger percentage of us than we'd like to admit, and/or that, in all honesty, most of us are not so much better. (Though surely it's an exaggeration to put the intelligent ones at a vanishingly small 98:2 minority.)
This effectively invokes the old sentiment, only to deny that it applies to the case at hand. Other examples of this device that come to mind would be: "beating ploughshares into swords", "99% inspiration and 1% perspiration", "snatching defeat from the jaws of victory", "Why do today what you can put off until tomorrow?", etc.
David Gould
Thank you for posting a copy of, and link to, this flamethrower! I saw it once before, when I'd earned it (it was my first semester at Berkeley -- I was young and foolish) by doing a:
_X_ you quoted an article in followup and only added the line "Me, too!!!"
(though, in my defense, it was on a small (~0.5 dozen person) mailing list, and in response to a question about when/where to meet, or some such). Anyway, I foolishly deleted it, and have been kicking myself ever since. I've wanted a copy to use myself, but not badly enough to actually ask the guy who hit me with it in the first place for another.
This is an absolutely great tool, aside from being hilariously funny to "us grown-ups":
*For someone who "should know better", but slips, it makes for a powerful, but not really wounding, admonishment.
*For "newbies", its formulaic nature, as much as its actual content, can help convey the concept that there is a real tradition and etiquette to these things and that this is a response to a real breach of that etiquette, rather than just off-the-cuff flamage. Often, just getting this concept through their skulls is harder, and more important, than teaching them all the details.
*In fact, this would be a good document to show to "newbies" pre-emptively -- not flaminng them, but showing it to them (in person) and explaining that it is a list of grievances that the old-timers frequently have against newcomers, in hopes that they'll get a sense of why these things are bad.
Maybe it should even be displayed prominently among the various FAQs, introductory messages, etc., perhaps even being displayed as a warning when you create a Slashdot account.
On the other hand, it is pretty long, (it fits under the comment length limit, but it still takes a lot of vertical space), and I hope we don't start seeing it posted here too frequently as it could become a major bandwidth-killer.
David Gould
Thanks for the key, BrightSide, but I hope you're aware that if you make a practice of posting your key with messages to public forums, you open yourself up to spoofing attacks, where someone posts a message as you, with their own key. If you mess up your key management your 4096-bit key won't help you.
By putting a "PGP PUBLIC KEY BLOCK" in his message, isn't BrightSide just telling everyone what his public key is? How does that make him vulnerable? Unless you're completely misundersanding the way a public-key cryptosystem works, I don't see what you could be referring to. In a public-key system, someone generates a public/private key pair, and lets everybody know what the public key is, but keeps the private key secret. Then several thing are possible: anybody can encrypt a message in such a way that only the holder of the private key can decrypt it, the holder can uniquely sign a message in such a way that anyone can verify that he has done so, he can prove that he is the holder without leaking any information about the key itself, etc. The public key is no secret; hence the name. In fact, he wants the knowledge to be as ubiquitous as possible, and tagging it onto his Slashdot posts can only help with that. Basically, the public key block says two things: "Anyone wanting to send me a private message can express it numerically and raise it to the power of [X], mod [Y]", and "Anyone claiming to be me had better be prepared to prove that he knows what the factors of [X] are". In both cases, though, the "me" is only equivalent to "the person who wrote this message"; it does not prove that that person is actually ho he claims to be.
Or do you mean that, if someone compromises his Slashdot account, which is only as secure as the lesser of Slashdot's server and his e-mail account, then that person could post a message with a different key, and then impoersonate him more convincingly? I still don't see how the key helps. If they posted their own key, and later claimed to be him by using that key, he could simply deny owning that key. The spoofer could prove that he is the same person who posted the comment, but not that he is BrightSide.
Or maybe someone could post a comment anonymously, claiming "I'm BrightSide -- I forgot my Slashdot password, but this [...] is my public key. See, it's the same one I posted at http://slashdot.org/comments.pl?sid=00/01/12/2128
David Gould
I remember reading the interview with Bill Joy in Linux Magazine a couple months ago, which included discussion of his views on the SCSL vs. GPL licenses. It's been a while since I read it, but I'll summarize as well as I can remember. He stressed the importance of compatibility -- that open protocols and formats are more important than open source code. It's a good point: the most important factor for improving the computing environment for everybody, as well as for preventing monopolistic lock-in effects, is interoperability. As long as the communications protocols, file formats, etc., used by an application are open standards, anyone can make a similar application that uses the same standards, and the applications will be able to work together (share documents, etc.). The actual source code of the original implementation is not necessary. Especially for something like a language implementation, it is essential for all versions to be compatible.
He went further, claiming that the best way to ensure this is for it to be required by the license, and for there to be an authority in charge of making sure that all implementations live up to this requirement. (Sun, of course, volunteers to perform this function.) He considers this an advantage of the SCSL over the GPL, since with the GPL there is nothing to prevent people from making divergent, incompatible implementations, which would lead to a big mess, in which interoperability would suffer.
The counter-argument, of course, is that since the GPL requires modifications to be free, any sufficiently-appealing enhancements in one implementation would be incorporated back into the other versions, keeping them compatible, and enhancements that are not sufficiently appealing would not be a problem anyway, since they would simply be ignored. It was hard to tell whether he failed to get this, or he understood it but did not agree. There were a few comments that seemed to miss the point a bit, but generally it seemed to be the other way. He seemed to believe that the freedom for people to re-integrate each other's changes would not be sufficient, and that there would end up being versions with at least small, subtle incompatibilities, and this would be unacceptable, since even small inconsistencies would be sufficient to turn "write once, run anywhere" into "write once, test/debug/modify everywhere". I don't really know: it does seem to be a valid concern, but then again, you could counter that it's sort of like that already, and that GPL projects do seem to hang together remarkably well in general.
On the other hand, I like RMS's point that "you cannot close them off by denying yourself freedom, any more than you can hide by covering your eyes." That is, even with Sun's licensing policy as it is, nothing stops Microsoft (for example) from making their own version completely from scratch, breaking compatibility by adding their proprietary extensions, and using their weight to push it against Sun's (and other Sun-approved) versions. All Sun could do is stop them from using the trademark. Other than that, the requirement of doing it from scratch would make such an effort more difficult, but not prevent it.
David Gould
I just noticed the new patent icon, on the Bleem Sues Sony story. Cool! It seems to cover both the stupidity and the malice angles: not only is it absurd to consider silverware a technological breakthrough, but the "Patent Pending" label seems to connote dire consequences for infringement on this "nutrition delivery system".
David Gould
Clearly, cloning TRex and turning them loose would be a mistake.
Why do you say that? Been watching Jurassic Park too many times? Or maybe Godzilla? Species? Mimic? If you watch enough dumb movies, you might get the idea that resurrecting a species like T. Rex through cloning would cause The End Of The World when they (inevitably) get out of control and eat everybody. Sure, there would be a devastating ecological impact, but nothing that would threaten the survival of humanity. If you dropped a couple of full-grown ones in the middle of a city, they would eat a bunch of people and otherwise cause a big commotion for a few days until they were killed, but that's about it. It's not like they'd breed covertly in the countryside, rising up a few years later by the millions to wreak righteous vengeance upon us for all the species we've destroyed.
It's not even clear that they would cause that much damage to the ecosystem. They're big, tough, and eat a lot, so you'd think they'd screw up the food chain, i.e., displace whoever is currently the top predator, but then maybe they wouldn't even do that well. First of all, the climate is very different from what they were adapted to. Also, the countryside is no longer full of schoolbus-sized, walnut-brained herbivores for them to eat. They'd have a hard time chasing down the much smaller, faster animals that exist now, especially since they'd have to catch so many more of them. I don't know if they'd even be able to survive, so "turning them loose" might be cruel to them, but it wouldn't be dangerous to us. On the other hand, cloning them for scientific purposes would be of great interest, and the amusement park idea actually just might not be too bad either.
That said, what makes cloning the mammoth any better? Did we drive them to extinction? I thought the climate did that. Either way, what unsuspecting ecosystem were you planning to drop them into? Seems the ecological impact would be just as bad -- maybe worse, since they would probably have a better chance of flourishing and thus doing some damage.
David Gould