That depends upon your point of view. Television marketers are tearing their hair out trying to figure out why males age 18-34 are becoming a non-existent part of their weekly television audience. Those 20 lost hours translate into millions of dollars in lost advertising revenue so from their point of view (the marketers) any medium, such as games, which displaces 20 hours of television and doesn't replace them with another advertising friendly activity, is absolutely evil.
dont worry about Ghibli, they make plenty of money in Japan so they really are not all that concerned with the US revenues. They will take what they can get for sure profit is profit, but it doesn't worry them that much. Miyazaki has basically said as much in interviews. Why do you think that Mirimax handles their US distribution for them? They dont want to hassle with doing the foreign distribution themselves even though that might net them a bit more profit. They would rather get started on their next project.
The problem in the United States is distribution and promotion. The bad anime, Pokemon and the like, is promoted like crazy as part of a general marketing fad with tons of cheesy merchandising tie-ins, while truly artistic and meritorious achievements such as Ghost in the Shell (Kôkaku kidôtai), Princesss Mononoke (Mononoke-hime), Spirited Away (Sen to Chihiro no kamikakushi), and Howl's Moving Castle (Hauru no ugoku shiro) get short changed big time on promotion and distribution. There is a large audience in the United States for quality anime, but the problem is that the audience is not concentrated in any one geographic area except in very large cities and metropolitan areas. Thus, these films generally only open in very large cities (1 million+ population) on a very limited number of screens, usually in smaller or special interest theatres, and with very limited promotion and marketing.
If the other side is being a blowhard most judges will issue a summary judgement in your favor and dismiss the case with prejudice (nobody likes an a-hole litigator). People and companies that waste the courts time are not popular with judges, clerks, and other court workers.
Spyware and Spammers are getting exactly what they have coming to them when they get deleted or blocked. If we choose to blacklist them or delete them for abusive behavior on our networks and computers, which are after all our property, then that is our choice and our right. If other people choose to agree with us and honor our blacklist then that is also their choice and their right. If I were one of those anti-spyware authors or spamhaus I would tell the spyware vendors and spammers, none too politely, to take their cease and desist letter and stick it where the sun doesn't shine.
That is not necessarily true. The pieces that Dell brings to the table are, as you mention, comparative advantages in their supply chain, superior marketing and brand awareness, and a hyper efficient delivery and distribution system. One company does the R&D and licenses the design/specifications, another company does the actual fabrication/manufacturing, and the third company, Dell in this case, does the marketing, branding, and distribution. Each of these companies is specialized in their particular area of expertise delivering maximum efficiency through comparative advantages wrought by their specialization. The end result is generally reasonable quality products delivered to consumers at reasonable prices. In previous decades large, vertically integrated firms controlled all aspects of design, manufacturing, distribution, marketing, and branding and the result was a few large firms delivering products of comparative quality but at much higher prices than consumers pay today in inflation adjusted dollars. The good news is that there many levels of markets from mass to niche and everything in between which serve all types of customer from custom projects to mass produced goods and services. Dell is just another link in the chain.
It's important to note that no conventional design test has ever failed. US worked on the first try, Soviet bombs worked on the first try and every indication is every other nuclear power's tests worked on the first try.
That is true, but due to the relative inefficiency of these early bombs the large amount of fissile material, well above the theoretical minimal afforded by such innovations as neutron generators and beryllium reflectors, required to fuel the blast requires years of intensive refining in large industrial-like complexes of reactors, storage pools, centrifuges, gas separators, and the like. It would be very difficult if not impossible to conceal such an operation from the intelligence agencies of the world (i.e. everyone will know what you are doing and where you are doing it). The other major drawback to the early bomb designs was that their tremendous size and weight made them difficult to deliver, not to mention concealment, a must for terrorists attempting to smuggle it.
The thing that is really keeping it from happening, I think, isn't the fact that making a bomb is hard, but making a bomb that can go supercritical with a small amount of fuel is very hard.
That is quite correct. However, we must not relax our guard. It would be most unwise to underestimate the damage caused by a bomb which fails to go critical, but none the less contaminates an area of vital social and economic importance such as a port or a major metropolitan area.
After reading the article I was reminded of the common practice in the late 1980s and early 1990s, before cell phones were nearly as common as they are now, of people registering long distance phone companies with names like "it doesn't matter" and "makes no difference" so that when an unsuspecting pay phone user, at an airport say after a long flight, was asked which long distance company's services they wanted they would get stuck with one of these unscrupulous operators who would then proceed to charge them out the nose, ~$5.00+ per minute, for the call (especially on those card phones which took credit).
Since when did it become about branding yourself with something, over choosing the best technology for the job?
Specialization is a natural tendency in any industry as it matures and the body of knowledge continues to increase. People chose to specialize because there are not enough hours in the day to learn and work on every platform or language that comes along. You make the best choice that you can on language or platform and outsource the stuff that is not part of your specialty or the core competency of the company.
The first rule of security is that the computer is only as secure as its physical location. It is really astounding that people configure a server as the electronic equivalent of Fort Knox and then keep it in room where everyone, including the janitor, has access. Is it any wonder that we hear about these smash and grab thefts so often?
I remember my early days in CS when my simple first year lab assignments, written in C++, wouldn't port between the CodeWarrior compiler on the Macs in the labs and my Visual C++ compiler at home. The problem is not in the language per se, but more often with differences in the ways that compilers handle certain situations such as the classic:
What happens when you call an overridden virtual method from a virtual base class's constructor?
C++ is a powerful language, but it is too easy to shoot yourself in the foot if you do not fully understand the language and the ins and outs of your compiler. That is why I now tend to avoid it, if possible, in favor of more modern languages such as Java or C#. You give up some fine grained control and speed but frequently the gain in productivity is worth the small price that you pay (you can often do in a few lines of Java what might have taken 50 or 100 lines of C++).
The problem is with code that depends upon services and libraries provided by the platform in question and which vary from platform to platform such as graphical user interface and threading code. Since many applications provide either graphical user interface or threading or both and make use of other features which may not be common across platforms it is not generally possible to separate certain important parts of the code from the target system. This means that while some parts of the code, which are not dependant upon system specific resources, may be reused there are still major portions that will have to be rewritten (i.e. ported) to new platforms. Graphical user interface code especially tends to be verbose and tedious to rewrite multiple times on different platforms. Perhaps this helps you to have a better understanding of why porting is an issue.
Oh come on, you know what I mean. While the term is still used today for its original purpose in reference to robbery on the high seas, it should be quite clear from the context of this discussion concerning the MPAA, Microsoft, RIAA, et al that the term is being used here to refer to the theft of intellectual property protected by copyright.
Yes, recall that the two parties have never before exchanged public keys and they are NOT using a mutually trusted third party escrow service. Thus the attack proceeds as follows:
1. A sends public key to B
2. M intercepts transmission from A to B and substitutes his public key for the public key of A
3. B receives M's public key (believing it to be the public key of A) and sends his own public key plus the hash of their concatenation.
4. M intercepts transmission from B to A and substitutes his public key for the public key of B and adds the true public key of A and recomputes the hash of the concatenation of his public key with the true public key of A which was stored during the original substitution from step 2.
5. A replies to B with the public key of M (which he believes to be the public key of B) and the hash of the concatenation of their public keys. and the same type of substitution as in step 4 is performed again by M to "confirm" the transmission of the true public key from B to A.
the attack then proceeds as it otherwise would and the session is still compromised. As you can see the hashing and concatenation does nothing to mitigate the attack because the basis for the attack remains intact, namely the fact that the true public keys have not been previously exchanged and therefore cannot be confirmed in the absence of a trusted third party or a chain of trust which is traceable to a mutually trusted third party.
Doesn't anybody else here think that occasionally someone from the "usual suspects" (Microsoft, RIAA, MPAA, etc) might read what some of their "opponents" are saying about them?
Perhaps they do, but the truth hurts and these organizations REALLY want to believe that it is possible to use technology to solve what is essentially a social problem (i.e. the Piracy Problem). So their judgment will remain clouded by their desire to achieve mutually exclusive objectives.
sure it would, that is the whole point behind the man-in-the-middle attack. It was discovered as a weakness in key exchange protocols such as diffie-hellman which rely upon exchange of public keys between previously unknown parties who do not use a trusted third party to manage public keys. The premise of the man-in-the-middle attack is that an intermediary intercepts the public keys (which must be transmitted in the clear) during the exchange protocol before they reach the intended recipients and substitutes his own public key instead. Then when the symmetric key is computed by the recipients during the key exchange (using the man-in-the-middle's public key) all three of them, both recipients and the man-in-the-middle, will have the secret symmetric key and the entire session will be compromised. Moreover, the recipients will have no idea that the man-in-the-middle exists because they had not previously exchanged public keys. The solution to this problem in practice has been to have a trusted third party repository for public keys, such as Thawte, which signs public key requests with its own private key to verify the origin of each public key. However, this requires central registration and management of keys, something which is unlikely to be palatable to P2P users for obvious reasons and thus the man-in-the-middle problem will persist when computing session keys for encryption on P2P networks. Man in the Middle is somewhat difficult to implement in practice, but not impossible (ISPs would make the perfect men-in-the-middle), so this is not merely a theoretical possibility.
This is the sort of tort reform that we need, reducing the burden of frivolous law suits. Not some bullshit capping of damages.
Capping of damages benefits all of us more in the long run in terms of more predictable insurance costs than it hurts us. In terms of probability the vast majority of us are better off with damage caps rather then paying higher insurance rates our entire lives to preserve the outside chance that we may win the legal lottery if our number comes up. However, what the civil system in this country REALLY needs is LOSER PAYS for plaintiffs - meaning that if you initiate the lawsuit and loose you have to pay restitution (damages) to the defendant plus all attorney fees, court costs, etc. That would really make ambulance chaser attorneys think twice before rolling the dice on a frivolous lawsuit.
Yes, but the percentage cut is generally fixed. For example, when Barrett-Jackson auctions collectible automobiles the fixed rate is purchase price * 8%. However, it appears from what has been said here that eBay will employ a sliding scale percentage cut based upon the final auction value. I didn't independently check this policy so I could be mistaken, but if it is true then it is most decidedly unfair to the seller.
Official Financial Related E-Mail is Dangerous
on
eBay Begins A Change
·
· Score: 1
The use of email to exchange non-public information is an extremely bad idea. The suits at eBay have either not listened to their IT people or not thought this through or both. The phishers and scam artists will definitely try to take advantage of this new policy and the risk to consumers will increase. The email system was designed for informal communications and thus includes no built-in mechanisms for encryption or authentication. This means that nobody should discuss anything that they wouldn't normally discuss in a public forum where other people can overhear the conversation. It seems clear that communications between people and their financial service providers are most decidedly NOT public and must therefore be conducted using a medium which ensures some reasonable degree of privacy, security, and nonrepudiation. Unfortunately, email is not such a medium and cannot be used for confidential communications unless both parties can agree to use some sort of external cryptography solution on top of the email in which case it is no longer standard email. If eBay intends to have discussions involving non-public information with customers using email then they will be targeted by social engineers and their customers will get burned.
No amount of "managed code" will protect the user from pressing the wrong buttons.
ahh...but that is where you are wrong. The whole point of managed code is that it compiles to an intermediate language runtime which is run in a virtual machine. It is not possible to execute native assembly in this environment (or at least it is not possible to execute native assembly without going THROUGH the virtual machine and therefore the security layers) and therefore all methods can be checked for permissions right down to the instruction level and because there is no direct access to the native assembly which is running on the hardware there can be no exploit which bypasses the security layer of the virtual machine and therefore the operating system. Now, having said this there are still bad things which could happen if the program was executing with root level privileges, but at that point they have pretty much sunk your battleship no matter what platform you are running on. So don't run untrusted programs (programs not signed with the cryptographic keys of a party that you trust) when you are logged into the root account.
That depends upon your point of view. Television marketers are tearing their hair out trying to figure out why males age 18-34 are becoming a non-existent part of their weekly television audience. Those 20 lost hours translate into millions of dollars in lost advertising revenue so from their point of view (the marketers) any medium, such as games, which displaces 20 hours of television and doesn't replace them with another advertising friendly activity, is absolutely evil.
dont worry about Ghibli, they make plenty of money in Japan so they really are not all that concerned with the US revenues. They will take what they can get for sure profit is profit, but it doesn't worry them that much. Miyazaki has basically said as much in interviews. Why do you think that Mirimax handles their US distribution for them? They dont want to hassle with doing the foreign distribution themselves even though that might net them a bit more profit. They would rather get started on their next project.
The problem in the United States is distribution and promotion. The bad anime, Pokemon and the like, is promoted like crazy as part of a general marketing fad with tons of cheesy merchandising tie-ins, while truly artistic and meritorious achievements such as Ghost in the Shell (Kôkaku kidôtai), Princesss Mononoke (Mononoke-hime), Spirited Away (Sen to Chihiro no kamikakushi), and Howl's Moving Castle (Hauru no ugoku shiro) get short changed big time on promotion and distribution. There is a large audience in the United States for quality anime, but the problem is that the audience is not concentrated in any one geographic area except in very large cities and metropolitan areas. Thus, these films generally only open in very large cities (1 million+ population) on a very limited number of screens, usually in smaller or special interest theatres, and with very limited promotion and marketing.
they wouldn't all fit in the courtroom at one time anyway.
We could just go back to the days when everyone openly carried a gun. People tend to be more courteous when everyone is armed to the teeth.
you forgot about the Gulag...
If the other side is being a blowhard most judges will issue a summary judgement in your favor and dismiss the case with prejudice (nobody likes an a-hole litigator). People and companies that waste the courts time are not popular with judges, clerks, and other court workers.
Spyware and Spammers are getting exactly what they have coming to them when they get deleted or blocked. If we choose to blacklist them or delete them for abusive behavior on our networks and computers, which are after all our property, then that is our choice and our right. If other people choose to agree with us and honor our blacklist then that is also their choice and their right. If I were one of those anti-spyware authors or spamhaus I would tell the spyware vendors and spammers, none too politely, to take their cease and desist letter and stick it where the sun doesn't shine.
Jargon - Yet another result of marketing BS trivializing the momentous and complicating the obvious...
That is not necessarily true. The pieces that Dell brings to the table are, as you mention, comparative advantages in their supply chain, superior marketing and brand awareness, and a hyper efficient delivery and distribution system. One company does the R&D and licenses the design/specifications, another company does the actual fabrication/manufacturing, and the third company, Dell in this case, does the marketing, branding, and distribution. Each of these companies is specialized in their particular area of expertise delivering maximum efficiency through comparative advantages wrought by their specialization. The end result is generally reasonable quality products delivered to consumers at reasonable prices. In previous decades large, vertically integrated firms controlled all aspects of design, manufacturing, distribution, marketing, and branding and the result was a few large firms delivering products of comparative quality but at much higher prices than consumers pay today in inflation adjusted dollars. The good news is that there many levels of markets from mass to niche and everything in between which serve all types of customer from custom projects to mass produced goods and services. Dell is just another link in the chain.
As awful as it sounds, cracking down on the students may have been necessary.
They machine gunned crowds of unarmed civilians and ran them over with tanks...Would you consider that to be a prudent and necessary step?
It's important to note that no conventional design test has ever failed. US worked on the first try, Soviet bombs worked on the first try and every indication is every other nuclear power's tests worked on the first try.
That is true, but due to the relative inefficiency of these early bombs the large amount of fissile material, well above the theoretical minimal afforded by such innovations as neutron generators and beryllium reflectors, required to fuel the blast requires years of intensive refining in large industrial-like complexes of reactors, storage pools, centrifuges, gas separators, and the like. It would be very difficult if not impossible to conceal such an operation from the intelligence agencies of the world (i.e. everyone will know what you are doing and where you are doing it). The other major drawback to the early bomb designs was that their tremendous size and weight made them difficult to deliver, not to mention concealment, a must for terrorists attempting to smuggle it.
The thing that is really keeping it from happening, I think, isn't the fact that making a bomb is hard, but making a bomb that can go supercritical with a small amount of fuel is very hard.
That is quite correct. However, we must not relax our guard. It would be most unwise to underestimate the damage caused by a bomb which fails to go critical, but none the less contaminates an area of vital social and economic importance such as a port or a major metropolitan area.
After reading the article I was reminded of the common practice in the late 1980s and early 1990s, before cell phones were nearly as common as they are now, of people registering long distance phone companies with names like "it doesn't matter" and "makes no difference" so that when an unsuspecting pay phone user, at an airport say after a long flight, was asked which long distance company's services they wanted they would get stuck with one of these unscrupulous operators who would then proceed to charge them out the nose, ~$5.00+ per minute, for the call (especially on those card phones which took credit).
Since when did it become about branding yourself with something, over choosing the best technology for the job?
Specialization is a natural tendency in any industry as it matures and the body of knowledge continues to increase. People chose to specialize because there are not enough hours in the day to learn and work on every platform or language that comes along. You make the best choice that you can on language or platform and outsource the stuff that is not part of your specialty or the core competency of the company.
The first rule of security is that the computer is only as secure as its physical location. It is really astounding that people configure a server as the electronic equivalent of Fort Knox and then keep it in room where everyone, including the janitor, has access. Is it any wonder that we hear about these smash and grab thefts so often?
I remember my early days in CS when my simple first year lab assignments, written in C++, wouldn't port between the CodeWarrior compiler on the Macs in the labs and my Visual C++ compiler at home. The problem is not in the language per se, but more often with differences in the ways that compilers handle certain situations such as the classic:
What happens when you call an overridden virtual method from a virtual base class's constructor?
C++ is a powerful language, but it is too easy to shoot yourself in the foot if you do not fully understand the language and the ins and outs of your compiler. That is why I now tend to avoid it, if possible, in favor of more modern languages such as Java or C#. You give up some fine grained control and speed but frequently the gain in productivity is worth the small price that you pay (you can often do in a few lines of Java what might have taken 50 or 100 lines of C++).
The problem is with code that depends upon services and libraries provided by the platform in question and which vary from platform to platform such as graphical user interface and threading code. Since many applications provide either graphical user interface or threading or both and make use of other features which may not be common across platforms it is not generally possible to separate certain important parts of the code from the target system. This means that while some parts of the code, which are not dependant upon system specific resources, may be reused there are still major portions that will have to be rewritten (i.e. ported) to new platforms. Graphical user interface code especially tends to be verbose and tedious to rewrite multiple times on different platforms. Perhaps this helps you to have a better understanding of why porting is an issue.
Oh come on, you know what I mean. While the term is still used today for its original purpose in reference to robbery on the high seas, it should be quite clear from the context of this discussion concerning the MPAA, Microsoft, RIAA, et al that the term is being used here to refer to the theft of intellectual property protected by copyright.
Is there anything wrong with this?
Yes, recall that the two parties have never before exchanged public keys and they are NOT using a mutually trusted third party escrow service. Thus the attack proceeds as follows:
1. A sends public key to B
2. M intercepts transmission from A to B and substitutes his public key for the public key of A
3. B receives M's public key (believing it to be the public key of A) and sends his own public key plus the hash of their concatenation.
4. M intercepts transmission from B to A and substitutes his public key for the public key of B and adds the true public key of A and recomputes the hash of the concatenation of his public key with the true public key of A which was stored during the original substitution from step 2.
5. A replies to B with the public key of M (which he believes to be the public key of B) and the hash of the concatenation of their public keys. and the same type of substitution as in step 4 is performed again by M to "confirm" the transmission of the true public key from B to A.
the attack then proceeds as it otherwise would and the session is still compromised. As you can see the hashing and concatenation does nothing to mitigate the attack because the basis for the attack remains intact, namely the fact that the true public keys have not been previously exchanged and therefore cannot be confirmed in the absence of a trusted third party or a chain of trust which is traceable to a mutually trusted third party.
Doesn't anybody else here think that occasionally someone from the "usual suspects" (Microsoft, RIAA, MPAA, etc) might read what some of their "opponents" are saying about them?
Perhaps they do, but the truth hurts and these organizations REALLY want to believe that it is possible to use technology to solve what is essentially a social problem (i.e. the Piracy Problem). So their judgment will remain clouded by their desire to achieve mutually exclusive objectives.
This wouldn't work with public key encryption.
sure it would, that is the whole point behind the man-in-the-middle attack. It was discovered as a weakness in key exchange protocols such as diffie-hellman which rely upon exchange of public keys between previously unknown parties who do not use a trusted third party to manage public keys. The premise of the man-in-the-middle attack is that an intermediary intercepts the public keys (which must be transmitted in the clear) during the exchange protocol before they reach the intended recipients and substitutes his own public key instead. Then when the symmetric key is computed by the recipients during the key exchange (using the man-in-the-middle's public key) all three of them, both recipients and the man-in-the-middle, will have the secret symmetric key and the entire session will be compromised. Moreover, the recipients will have no idea that the man-in-the-middle exists because they had not previously exchanged public keys. The solution to this problem in practice has been to have a trusted third party repository for public keys, such as Thawte, which signs public key requests with its own private key to verify the origin of each public key. However, this requires central registration and management of keys, something which is unlikely to be palatable to P2P users for obvious reasons and thus the man-in-the-middle problem will persist when computing session keys for encryption on P2P networks. Man in the Middle is somewhat difficult to implement in practice, but not impossible (ISPs would make the perfect men-in-the-middle), so this is not merely a theoretical possibility.
This is the sort of tort reform that we need, reducing the burden of frivolous law suits. Not some bullshit capping of damages.
Capping of damages benefits all of us more in the long run in terms of more predictable insurance costs than it hurts us. In terms of probability the vast majority of us are better off with damage caps rather then paying higher insurance rates our entire lives to preserve the outside chance that we may win the legal lottery if our number comes up. However, what the civil system in this country REALLY needs is LOSER PAYS for plaintiffs - meaning that if you initiate the lawsuit and loose you have to pay restitution (damages) to the defendant plus all attorney fees, court costs, etc. That would really make ambulance chaser attorneys think twice before rolling the dice on a frivolous lawsuit.
Yes, but the percentage cut is generally fixed. For example, when Barrett-Jackson auctions collectible automobiles the fixed rate is purchase price * 8%. However, it appears from what has been said here that eBay will employ a sliding scale percentage cut based upon the final auction value. I didn't independently check this policy so I could be mistaken, but if it is true then it is most decidedly unfair to the seller.
The use of email to exchange non-public information is an extremely bad idea. The suits at eBay have either not listened to their IT people or not thought this through or both. The phishers and scam artists will definitely try to take advantage of this new policy and the risk to consumers will increase. The email system was designed for informal communications and thus includes no built-in mechanisms for encryption or authentication. This means that nobody should discuss anything that they wouldn't normally discuss in a public forum where other people can overhear the conversation. It seems clear that communications between people and their financial service providers are most decidedly NOT public and must therefore be conducted using a medium which ensures some reasonable degree of privacy, security, and nonrepudiation. Unfortunately, email is not such a medium and cannot be used for confidential communications unless both parties can agree to use some sort of external cryptography solution on top of the email in which case it is no longer standard email. If eBay intends to have discussions involving non-public information with customers using email then they will be targeted by social engineers and their customers will get burned.
No amount of "managed code" will protect the user from pressing the wrong buttons.
ahh...but that is where you are wrong. The whole point of managed code is that it compiles to an intermediate language runtime which is run in a virtual machine. It is not possible to execute native assembly in this environment (or at least it is not possible to execute native assembly without going THROUGH the virtual machine and therefore the security layers) and therefore all methods can be checked for permissions right down to the instruction level and because there is no direct access to the native assembly which is running on the hardware there can be no exploit which bypasses the security layer of the virtual machine and therefore the operating system. Now, having said this there are still bad things which could happen if the program was executing with root level privileges, but at that point they have pretty much sunk your battleship no matter what platform you are running on. So don't run untrusted programs (programs not signed with the cryptographic keys of a party that you trust) when you are logged into the root account.