firstly it's Copy Control. That said, I agree with you and made a similar post below but I think there has to be better ways to do this than supressing my freedom to use my computer as I see fit. Possible solutions: Everything goes to a subscription based service where client and server interact in a way that is not possible without the server side (ie, you need to interact with something that the copyright owner controls). Totally secure computers that are virtually tamper proof, ie. Secure-X-Box 2002 from m$oft.
bah.. the most obvious flaw is sumed up in two words "compliant software". This compliant software is protected by licenses and NDA's.. nothing technical! Any moron can reverse engine "windows secure media player" and get the keys to access the data off the drive. Once you have the data you can resave it without the copy control. Trivial. Getting around it is hardly what we're talking about here.
average users don't go to corps to ask what computer they should buy, they go to their geek mates who usually say "xyz harddrives are lame.. don't buy it" and when they ask why they get an earful of geek speak that they immediately take to mean you know what you're talking about. Convincing average joe that copy control is bad would be easy as pie. Just tell them it will kill napster and the movie/music companies are behind it. Trivial.
Copy control is lame, no doubt, but is it on the right track? Would it really be so bad for unauthorized copying to be hard (in the strict computer science sense of the word) or even impossible? Every time someone "pirates" a piece of software because it is too expensive, the economic system crumbles. If people were required to actually pay (like we are for material possessions) then wouldn't there be demand for lower priced software? Even, free software? The most common thing I hear when people are bitching about the quality of Free Software is "you can't complain about something that is free". Well people do complain.. they still compare Free Software to Commerical software because they can get Commercial software for free. Copy control is definitely not the solution but perhaps some solution is still needed?
Maybe this is just a social issue. Maybe the people who say "violating proprietory copyright is wrong" the loudest should be the Free Software community. After all, they have just as much to loose as the commercial software companies. Is this about education? Do people need to be told (again) about network effects? Even if you didn't pay for the (commercial) software, you are contributing to the popularity of the software and the standards and formats that it uses. It is ironic that, even without buying copy controlled harddrives, unauthorized copying gives control to the copyright holder. Just by using the product you are giving the copyright holder a little more control over the market and by not paying for it you are relinquishing your (consumer) control over prices and indeed, quality.
So to go out on a limb. I say that the elimination of piracy would help Free Software. Surely there's a way that it can be done that is fair and not so Orwellian as copy control.
Re:It's more than just drugs
on
"Traffic"
·
· Score: 3
I have to agree with the other posts here. The act of attacking you is a crime, not matter what his state of mind. He must take responsibility for his actions and the drugs are no excuse. This is a case of one guy ruining it for everybody else. I have my own reasons for not taking drugs but as the old saying goes, I may not agree with you but I'll fight to the death to protect your right to do it.
It's more than just drugs
on
"Traffic"
·
· Score: 2
You can put this down as "victimless crimes" or more precisely "consentual crimes". Every crime that doesn't result in harm to another human being (or his/her property) should be eliminated. How can a free society permit government to dictate what we can or can't do with our own bodies, minds and souls? If my actions upset you then don't watch! One day I will be tried for a consentual crime and on that day I will preach until it is thrown out of court or I am put away for contempt.
and once again. I tell you that the programmer has no idea what can cause a security fault so he has no idea how to fix it! It's not his job. We don't expect him to know anything about the lowdown on computer security. Hell, computer security is an emerging field. To be an expert in it you have to read and read a lot. I personally would prefer my programmers spending their time fixing (and indeed preventing) the bugs that users are going to report. Not the ones that some security egghead is going to find three years after we've shipped the product.
actually I did try to run it. It just compiled and then I got busy with 2.4.0. From what I've read here I'd say I wasn't too successful and it probably wouldn't run without X. However I would like to see it and the qt-em demo is very encouraging. I've read a lot of stuff (in relation to gtk+) about "replacing X" and apparently most people just can't see why you would want to. I can think of a number of reasons, but my biggest complaint is setup. Getting X to work is a bitch. Framebuffer in the kernel is the way to go and with video card companies starting to offer drivers it is definitely the way to go. I think it's plausible to write graphical versions of the linux startup scripts. So the first thing init does (or your replace init) is start the GUI, then the rest of the scripts run in graphical format (ie, they display icons and status bars instead of printing text). Qt-Embedded will run from a read only filesystem so you can even do your fsck in graphics mode. Perhaps you can even launch some applications while that's going on (but you can't save your work until the filesystem is remounted read/write). You could then go about making the entire distribution GUI bound. So you can change your tcp/ip settings with a "network manager" and point and click to mount filesystems. This is what people are talking about when they say "Linux isn't ready for the desktop." Not a lack of applications, but a lack of respect for the GUI based users. If you have to start up a command line (or subject the user to a text mode) then you've failed.
Well I had this really funny idea. Let's go download Qt-Embedded and see if KDE will compile (it does!).. so I download the 14 meg and start the compile. 20 minutes later I bother to read through the requirements. Pretty basic.. all I need is a linux kernel with a framebuffer. oh crap. I have a look at my kernel (2.2.18.. or something) and the framebuffer support is lame. VESA or matrox.. hello. So just at a laugh, I go and grab the 2.4.0 release and what do I find? YES! There are framebuffer drivers for my NVIDIA Riva TNT2! You know it. So I forget all about Qt-Embedded, do a make config; make bzlilo; make modules; make modules_install and reboot. It hangs. I try a couple more recompiles with various options turned on and off. Finally I slap myself in the head and say "Duh! This is my Celeron box, not my PIII" and quickly change the processor option. It works, everything works. Then I spend a few minutes fixing up all my scripts. Modules arn't in the same place anymore (2.4.0 has sperate directories for kernel and pcmcia modules which modprobe just doesn't know what to do with.. shouldn't make modules_install set this up?) and that kerneld starting up can just piss off, I'm using kmod! So finally I boot up in my new framebuffer console and have a play with fbset. Turns out Qt-Embedded is just beautiful. It can run in any old framebuffer mode and starts up in under a second (I tried to time it, too fast). Just for a laugh I did a boot init=/usr/src/qt-2.2.4/examples/launcher/start_dem o to see how fast a "qt embedded desktop" would boot. Ok, enough rambling.. linux 2.4.0 rox!
I can go one better than that. I got paid by cheque, late, and when I went to cash it, it bounced! When I told the boss he say "Holy shit!" and immediately got on the phone to the accountant. He didn't even know that he had spent all the money. All pay cheques were delayed for a week whilst they secured more money to burn.
we had a new guy (a project manager who it turned out didn't know squat) come in about the same time my friend had just been fired. We asked him "are you on a three month trial period at reduced salary?" and he replied in the affirmative. We then informed him that he would never get off it. He didn't believe us and ended up quitting after three months.
walk into the company (if they don't have security, don't try it if they have security) and take a computer. When you are asked why you are there, say you are taking property in lieu of payment and the property will be sold. Do it fast, you have to be in and out. No one will stop you. If they try, just say "do you want a law suit too?" I've had a lawyer inform me that I was within my rights to do this, but you may wish to confirm this.
Yes. I know guys who were brought in as consultants and recommended the company move all their web hosting to linux (we had some linux and some M$).. the boss declined and he quit because his recommendations were not being taken seriously (this guy was hired to work out how we can cut costs and improve uptime). He reported the company to m$ antipiracy and they came in and gave us all new licenses at a steep price.
Some of the guy's at our office (web hosting) took all the porn customers because the new owner of the company didn't want to be involved in "that kind of business". They did this while they were still working at our company and made a fortune. They also did hardware sales, networking and consulting -- all in their spare time. One of the guys was fired (or quit, depending who you ask) and went to work for one of the clients that they had taken from the company and then quit there and started running the office. Recently they sold the hardware sales part of the business to our company! They also took a lot of the customers that were not porn related.
heh.. I was fired from a job as a security auditor at an ISP once. They disabled my account and then a week later noticed that I was still doing work. They asked me why I was still working and I told them I had received no notice that I was fired (they emailed it). They asked me how my account was still active and I said I had a cron job that readded me to the password file (which I did) for security reasons.
I worked at a company that was so fucked up it could quite easily have been a dot com. They hired people just so they would look like they were growing so a major investor would keep giving them money (which they then blew). My job was very secure at this company and basically consisted of reading slashdot and playing The Sims. Many times I got in trouble for showing up late and my most common response of "so am I fired?" went unheard. It was a great time in my life and I was going insane following the office politics and I only hoped that things would return to normality eventually. Unfortunately, I had managed to get a friend of mine hired when I joined the company. He was not nearly as valued as I was (he spent the majority of his time warezing and was constantly getting bitched at for using too much bandwidth) and not nearly as good as avoiding the bosses. So finally one day his "three month trial period" was up and he marched into the boss' office and demanded his pay rise (off the trial period wage). They didn't want to give it to him, probably because all he did was warez all day, but they didn't want to fire him either. He came back and told me he was going to call a meeting and do everything in his power to get fired so he could get a payout and go get a real job somewhere. Well I knew this was going to be more amuzing than Sims/Slashdot so we arranged a little plan. Just before the boss' showed up in the conference room he dialed my extension and put the conference room phone on speaker phone. I then pressed the "mute" button on my end, creating a one way connection that was better than a hidden microphone. A bunch of the guys then crowded around my desk and listened to him abuse the bosses, telling them nothing but the trueth: that their company sucked and they had no idea how to make money. I quit a few months later. The strain of playing The Sims and reading Slashdot all day was just too much and I felt myself wanting to do some real work -- always a good time to quit.
indeed, and this is exactly the point that security experts who are in touch with reality try to bring to the public interest. Consider the analogy of a door (on a house or a car). Now if I believe that no one can open the door without my key I am not going to stem that belief just because you tell me that my door is "not secure". It is not until you demonstrate that the door is openable without the key that I am willing to change by belief in the security of my door. However, it is not only the security expert who can demonstrate the insecurity of your door. Indeed, the house/car robber can do the same. Is it not in our interest to aid the security expert to be the first to find the insecurity in our doors?
no.. you're hounding and annoying. I don't need you to teach me to speak english, I'm a native speaker -- the english language, by definition, is every utterance that comes out of my mouth. Now if I was a native french speaker, and I said something in english that you failed to comprehend then you would be "helping" me. I mean really, neither of us speak "the queen's english", so where exactly is it that you are getting this definition of what is "correct" english and what is not?
Finally, I find your remarks insulting and harassing. Please discontinue them.
I tried it.. it's very hard to get it working. About the best thing you can do is reduce the limit on cs so that it doesn't extend as far as the stack. This doesn't "solve" buffer overflows, it just makes it hard to get code to execute.
why do you need to be able to write to your own code section? Besides, we're not saying that the data segment descriptors would not have read/write access to the code segment (although write access might be protected by page tables, as it is now), we're saything that the code segment descriptor would have no access to the data section (and the stack, bss, etc).
firstly it's Copy Control. That said, I agree with you and made a similar post below but I think there has to be better ways to do this than supressing my freedom to use my computer as I see fit. Possible solutions: Everything goes to a subscription based service where client and server interact in a way that is not possible without the server side (ie, you need to interact with something that the copyright owner controls). Totally secure computers that are virtually tamper proof, ie. Secure-X-Box 2002 from m$oft.
bah.. the most obvious flaw is sumed up in two words "compliant software". This compliant software is protected by licenses and NDA's.. nothing technical! Any moron can reverse engine "windows secure media player" and get the keys to access the data off the drive. Once you have the data you can resave it without the copy control. Trivial. Getting around it is hardly what we're talking about here.
average users don't go to corps to ask what computer they should buy, they go to their geek mates who usually say "xyz harddrives are lame.. don't buy it" and when they ask why they get an earful of geek speak that they immediately take to mean you know what you're talking about. Convincing average joe that copy control is bad would be easy as pie. Just tell them it will kill napster and the movie/music companies are behind it. Trivial.
Hello? I think you should have been more worried about Mr Al ClipperChip Gore.
Copy control is lame, no doubt, but is it on the right track? Would it really be so bad for unauthorized copying to be hard (in the strict computer science sense of the word) or even impossible? Every time someone "pirates" a piece of software because it is too expensive, the economic system crumbles. If people were required to actually pay (like we are for material possessions) then wouldn't there be demand for lower priced software? Even, free software? The most common thing I hear when people are bitching about the quality of Free Software is "you can't complain about something that is free". Well people do complain.. they still compare Free Software to Commerical software because they can get Commercial software for free. Copy control is definitely not the solution but perhaps some solution is still needed?
Maybe this is just a social issue. Maybe the people who say "violating proprietory copyright is wrong" the loudest should be the Free Software community. After all, they have just as much to loose as the commercial software companies. Is this about education? Do people need to be told (again) about network effects? Even if you didn't pay for the (commercial) software, you are contributing to the popularity of the software and the standards and formats that it uses. It is ironic that, even without buying copy controlled harddrives, unauthorized copying gives control to the copyright holder. Just by using the product you are giving the copyright holder a little more control over the market and by not paying for it you are relinquishing your (consumer) control over prices and indeed, quality.
So to go out on a limb. I say that the elimination of piracy would help Free Software. Surely there's a way that it can be done that is fair and not so Orwellian as copy control.
I have to agree with the other posts here. The act of attacking you is a crime, not matter what his state of mind. He must take responsibility for his actions and the drugs are no excuse. This is a case of one guy ruining it for everybody else. I have my own reasons for not taking drugs but as the old saying goes, I may not agree with you but I'll fight to the death to protect your right to do it.
You can put this down as "victimless crimes" or more precisely "consentual crimes". Every crime that doesn't result in harm to another human being (or his/her property) should be eliminated. How can a free society permit government to dictate what we can or can't do with our own bodies, minds and souls? If my actions upset you then don't watch! One day I will be tried for a consentual crime and on that day I will preach until it is thrown out of court or I am put away for contempt.
get a fucking job moron.
and once again. I tell you that the programmer has no idea what can cause a security fault so he has no idea how to fix it! It's not his job. We don't expect him to know anything about the lowdown on computer security. Hell, computer security is an emerging field. To be an expert in it you have to read and read a lot. I personally would prefer my programmers spending their time fixing (and indeed preventing) the bugs that users are going to report. Not the ones that some security egghead is going to find three years after we've shipped the product.
actually I did try to run it. It just compiled and then I got busy with 2.4.0. From what I've read here I'd say I wasn't too successful and it probably wouldn't run without X. However I would like to see it and the qt-em demo is very encouraging. I've read a lot of stuff (in relation to gtk+) about "replacing X" and apparently most people just can't see why you would want to. I can think of a number of reasons, but my biggest complaint is setup. Getting X to work is a bitch. Framebuffer in the kernel is the way to go and with video card companies starting to offer drivers it is definitely the way to go. I think it's plausible to write graphical versions of the linux startup scripts. So the first thing init does (or your replace init) is start the GUI, then the rest of the scripts run in graphical format (ie, they display icons and status bars instead of printing text). Qt-Embedded will run from a read only filesystem so you can even do your fsck in graphics mode. Perhaps you can even launch some applications while that's going on (but you can't save your work until the filesystem is remounted read/write). You could then go about making the entire distribution GUI bound. So you can change your tcp/ip settings with a "network manager" and point and click to mount filesystems. This is what people are talking about when they say "Linux isn't ready for the desktop." Not a lack of applications, but a lack of respect for the GUI based users. If you have to start up a command line (or subject the user to a text mode) then you've failed.
Well I had this really funny idea. Let's go download Qt-Embedded and see if KDE will compile (it does!).. so I download the 14 meg and start the compile. 20 minutes later I bother to read through the requirements. Pretty basic.. all I need is a linux kernel with a framebuffer. oh crap. I have a look at my kernel (2.2.18.. or something) and the framebuffer support is lame. VESA or matrox.. hello. So just at a laugh, I go and grab the 2.4.0 release and what do I find? YES! There are framebuffer drivers for my NVIDIA Riva TNT2! You know it. So I forget all about Qt-Embedded, do a make config; make bzlilo; make modules; make modules_install and reboot. It hangs. I try a couple more recompiles with various options turned on and off. Finally I slap myself in the head and say "Duh! This is my Celeron box, not my PIII" and quickly change the processor option. It works, everything works. Then I spend a few minutes fixing up all my scripts. Modules arn't in the same place anymore (2.4.0 has sperate directories for kernel and pcmcia modules which modprobe just doesn't know what to do with.. shouldn't make modules_install set this up?) and that kerneld starting up can just piss off, I'm using kmod! So finally I boot up in my new framebuffer console and have a play with fbset. Turns out Qt-Embedded is just beautiful. It can run in any old framebuffer mode and starts up in under a second (I tried to time it, too fast). Just for a laugh I did a boot init=/usr/src/qt-2.2.4/examples/launcher/start_dem o to see how fast a "qt embedded desktop" would boot. Ok, enough rambling.. linux 2.4.0 rox!
heh.. are you in Australia? Then I think it's a good bet. I never knew the nicks that these guys used to post on Slashdot.
It's not like he's passing bad cheques dude. The judge would throw it out.
I can go one better than that. I got paid by cheque, late, and when I went to cash it, it bounced! When I told the boss he say "Holy shit!" and immediately got on the phone to the accountant. He didn't even know that he had spent all the money. All pay cheques were delayed for a week whilst they secured more money to burn.
we had a new guy (a project manager who it turned out didn't know squat) come in about the same time my friend had just been fired. We asked him "are you on a three month trial period at reduced salary?" and he replied in the affirmative. We then informed him that he would never get off it. He didn't believe us and ended up quitting after three months.
walk into the company (if they don't have security, don't try it if they have security) and take a computer. When you are asked why you are there, say you are taking property in lieu of payment and the property will be sold. Do it fast, you have to be in and out. No one will stop you. If they try, just say "do you want a law suit too?" I've had a lawyer inform me that I was within my rights to do this, but you may wish to confirm this.
Yes. I know guys who were brought in as consultants and recommended the company move all their web hosting to linux (we had some linux and some M$).. the boss declined and he quit because his recommendations were not being taken seriously (this guy was hired to work out how we can cut costs and improve uptime). He reported the company to m$ antipiracy and they came in and gave us all new licenses at a steep price.
Some of the guy's at our office (web hosting) took all the porn customers because the new owner of the company didn't want to be involved in "that kind of business". They did this while they were still working at our company and made a fortune. They also did hardware sales, networking and consulting -- all in their spare time. One of the guys was fired (or quit, depending who you ask) and went to work for one of the clients that they had taken from the company and then quit there and started running the office. Recently they sold the hardware sales part of the business to our company! They also took a lot of the customers that were not porn related.
heh.. I was fired from a job as a security auditor at an ISP once. They disabled my account and then a week later noticed that I was still doing work. They asked me why I was still working and I told them I had received no notice that I was fired (they emailed it). They asked me how my account was still active and I said I had a cron job that readded me to the password file (which I did) for security reasons.
I worked at a company that was so fucked up it could quite easily have been a dot com. They hired people just so they would look like they were growing so a major investor would keep giving them money (which they then blew). My job was very secure at this company and basically consisted of reading slashdot and playing The Sims. Many times I got in trouble for showing up late and my most common response of "so am I fired?" went unheard. It was a great time in my life and I was going insane following the office politics and I only hoped that things would return to normality eventually. Unfortunately, I had managed to get a friend of mine hired when I joined the company. He was not nearly as valued as I was (he spent the majority of his time warezing and was constantly getting bitched at for using too much bandwidth) and not nearly as good as avoiding the bosses. So finally one day his "three month trial period" was up and he marched into the boss' office and demanded his pay rise (off the trial period wage). They didn't want to give it to him, probably because all he did was warez all day, but they didn't want to fire him either. He came back and told me he was going to call a meeting and do everything in his power to get fired so he could get a payout and go get a real job somewhere. Well I knew this was going to be more amuzing than Sims/Slashdot so we arranged a little plan. Just before the boss' showed up in the conference room he dialed my extension and put the conference room phone on speaker phone. I then pressed the "mute" button on my end, creating a one way connection that was better than a hidden microphone. A bunch of the guys then crowded around my desk and listened to him abuse the bosses, telling them nothing but the trueth: that their company sucked and they had no idea how to make money. I quit a few months later. The strain of playing The Sims and reading Slashdot all day was just too much and I felt myself wanting to do some real work -- always a good time to quit.
indeed, and this is exactly the point that security experts who are in touch with reality try to bring to the public interest. Consider the analogy of a door (on a house or a car). Now if I believe that no one can open the door without my key I am not going to stem that belief just because you tell me that my door is "not secure". It is not until you demonstrate that the door is openable without the key that I am willing to change by belief in the security of my door. However, it is not only the security expert who can demonstrate the insecurity of your door. Indeed, the house/car robber can do the same. Is it not in our interest to aid the security expert to be the first to find the insecurity in our doors?
no.. you're hounding and annoying. I don't need you to teach me to speak english, I'm a native speaker -- the english language, by definition, is every utterance that comes out of my mouth. Now if I was a native french speaker, and I said something in english that you failed to comprehend then you would be "helping" me. I mean really, neither of us speak "the queen's english", so where exactly is it that you are getting this definition of what is "correct" english and what is not?
Finally, I find your remarks insulting and harassing. Please discontinue them.
I tried it.. it's very hard to get it working. About the best thing you can do is reduce the limit on cs so that it doesn't extend as far as the stack. This doesn't "solve" buffer overflows, it just makes it hard to get code to execute.
why do you need to be able to write to your own code section? Besides, we're not saying that the data segment descriptors would not have read/write access to the code segment (although write access might be protected by page tables, as it is now), we're saything that the code segment descriptor would have no access to the data section (and the stack, bss, etc).
that's the next step, flash kernel + gui into bios.