It specifically says if you upload a copyrighted file in order to be allowed to download other copyrighted files, the downloads count as financial gain even though you don't get any cash. Welcome to the doublespeak future.
Are you serious? I've never seen a new VCR for anything like that amount. I may have seen them for $100 but I thought they were normally always $150 or over. Am I asleep? I don't know about VCR's that much, I've never actually bought one.
Oh I see. I'd have to say CD players are a heck of a lot less complex than DAT decks. Yeah they have a laser, but the rest is pretty simple. You can get CD Walkmans for under 20 bucks at Circuit City. I stand by the claim that a DAT and a VCR are about equal in complexity. And nobody has ever sold a VCR for that little.
Most renewable copyrights were not renewed
on
Copyright Rumblings
·
· Score: 1
The original copyrights in the US were 14 years renewable once; the length gradually increased til it reached 28 years renewable once. In 1976, it became effectively permanent.
During the time when copyrights needed to be renewed, most were in fact not renewed. The renewal rate varied at different times in history but was generally under 20%. See eldred.cc for details.
DAT is inherently a heck of a lot more complex than analog cassette. It's a helical scan system with all kinds of digital electronics. A DAT deck is at least as complex as a VHS VCR. VCR's are sold in enormous quantities but really never get below $150 or so. But there are tons of analog audio cassette machines available at $25 or less. You can find playback-only cassette walkmans for under $10. No amount of economies of scale can produce a VCR or a DAT deck for that little.
DAT wasn't all that expensive?! Look at where most of the analog cassette players are... walkmans, car radios, portable players, answering machines, etc. Those machines are generally about 200 bucks tops, and most of them are under $100 or even under $50. I've never seen a DAT deck that was under $500 list. Yeah, DAT has better audiophile sound, but most people don't care. Analog cassettes are perfectly listenable and most stereo systems won't get anything extra out of DAT. So hardly anyone was willing to pay for DAT.
Note - above text is pasted from bugtraq
on
Cross-Site-TRACE
·
· Score: 2, Informative
See here.
It's still the best description I've seen of the "problem", but the AC really should have credited the source.
While the music industry (RIAA, MPAA, etc..) is attempting to bring the cross to bear against IP infringments onto tech comapnies, everyone knows that DRM is ultimatly impossible. Not in that you cant make it hard for copiers to copy and distribute them, but in that if someone can hear/see what you have to show them, they can ultimatly record it, or re-create it.
I'm afraid that's wishful thinking. RMS explained in his Slashdot interview almost 2 years ago, discussing the then-ongoing suit against Napster:
If they do not win using present-day law, we can expect to see the record companies purchase new laws they can use to suppress these programs in the future--and trot out famous musicians like Metallica (only famous musicians get much of their income from copyright) who will say that copying music is like killing their baby.
We can also expect to see fierce attempts to catch individuals who use Napster and imprison them. The War on Copying will become more vicious.
The War on Drugs has continued for some 20 years, and we see little prospect of peace, despite the fact that it has totally failed and given the US an imprisonment rate almost equal to Russia. I fear that the War on Copying could go on for decades as well. To end it, we will need to rethink the copyright system, based on the Constitution's view that it is meant to benefit the public, not the copyright owners. Today, one of the benefits the public wants is the use of computers to share copies.
I'm afraid the MPAA is not going to give up as easily as we'd wish, and we're in for a long period of increasing suckage.
I looked at all the news articles and all I saw was that the spammers got an injunction against sending more spam, which they shouldn't have been sending in the first place. I didn't see anything about their having to pay one cent in financial restitution, much less anything like doing jail time.
That's sort of as if the Beltway sniper was served with an injunction against shooting any more people, but otherwise let go unpunished.
A lot of programs are written in C that really don't need to be. CVS is an example. It just doesn't do anything cpu-intensive. It's all intricate control logic--it could have been written as a big shell script without performance suffering too much. All the real work is done by external programs. Even if there are some parts that really need to be written in C, then fine, write those parts in C. Heck, there will even be parts where C isn't fast enough and you have to write in asm. That doesn't make asm appropriate these days for large-scale application writing.
Someone asked what I'd recommend instead of C. I don't know. I don't think there's a One True Language. Lately I'm coding in Python and like it, though it has its own shortcomings. Java is C-like enough to be comfortable for today's C and C++ programmers. I like the Java language but despise the runtime systems that are usually shipped with it. Perl seems like a monstrosity to me (awk with cancer) but with the -T option (taint checking), it, too, saves you from making a lot of bugs that are easy to miss when writing a C program.
If you've ever written setuid code (at least responsibly), you know the feeling of paranoia and vigilance you have to bring to every line of it that you write. I'm very skeptical if you tell me you bring the same paranoia to all the code you write. Of course there's no magic bullet to secure programming, but there are tools available (i.e. languages with fewer exposed sharp edges) that provide various kinds of safety nets that can rescue you a sizeable percentage of the time. It's foolish not to use those tools.
Can a publisher assert copyright infringment charges against a posessor (rather than a publisher) of an unauthorized copy of a copyrighted work?
Apparently so. That's the point of all those BSA audits where they search your company's figarative underwear drawers to make sure there's no infringing software running on anyone's workstation.
It's like saying that since seat belts and airbags can't prevent every fatal accident, you shouldn't wear them. You might as well get on with your life, plan for fatal car crashes and how to deal with them, because anything else is just a pipe dream.
I'd say part of sensible planning is trying to lower the effect of accidents (or bugs), even if you can't prevent all of them. That means wearing the seat belts in your car, and using array checking and garbage collection in your programs.
I looked at the advisory expecting to see the words "buffer overflow", and instead saw "malloc mistake" (same pointer can get freed twice in some circumstances). Both of these amount to the same thing, getting nailed by C's lack of automatic memory protection and garbage collection.
I think it's time to give up on C for most Internet application development, and use languages which eliminate this wide class of bugs. Banning C altogether is of course an overstatement, but C code in an application should be treated like setuid code. There should be as little of it as possible (the occasional optimized inner loop of something, for example), and it needs to be scrutinized very carefully before deployment.
Anyone know what language Subversion is written in?
This is much different than the ordinary civil offense that gets committed when you simply get sent a piece of spam.
Call your state attorney general and describe the situation as identity theft and/or DOS attack, and urge him/her to prosecute the spammer. Say it can be a very visible prosecution that will make the AG enormously popular with computer users.
I just to update my user preferences to fix my email format and there were two boxes that weren't there before, both checked as if I had checked them. One of them said I wanted junk snail mail from ebay and the other said I wanted junk telemarketing phone calls. I unchecked both but haven't flamed ebay yet. I should add though, I don't think I've actually gotten any junk phone calls from ebay.
and yeah, it's work, but nothing like the work of writing them (I co-wrote one). By publishing I mean typesetting the book (with TeX) starting from an author-supplied input file, hiring an artist to do the cover illustration, getting the printing done, etc. It's mostly just grunt work and it really isn't that hard. Publishers who think that doing this legwork somehow is only worthwhile if it translates into a 100+ year monopoly on use of the contents are simply kidding themselves or whoever they're trying to convince.
Here's a review by Rob Slade that's quite a bit more detailed than MasterSLATE's review.
Before seeing Slade's review, I read most of The Art of Deception at the bookstore and decided not to buy it. I agree with most of what Slade says. The book is mostly aimed at PHB types and doesn't say all that much useful to techies. However, as a security implementer, I don't think trying to install paranoia in PHB's is such a bad thing. They are often completely unrealistic about vulnerabilities, so it's good to open their eyes a little.
Or maybe it was 64 bits. Either way it's more than enough to assign a unique number to every individual jacket, wristwatch, or candy bar that leaves a production line.
First of all the $.50/tag price will drop to zero just like for any electronic product. Second, a 1/2" to 4" antenna that can read the tag from 15 feet away is concealable and potentially extremely invasive. Do you really want receivers on every streetcorner, retail store, etc. to be able to take a complete inventory of everything you're wearing or carrying as you walk by?
since cars already have license plates that identify them from a distance. I can't see why anyone would want to read RFID's out of tires on the freeways when they can just read the license plates of the cars instead.
Slashdot Mirror
It specifically says if you upload a copyrighted file in order to be allowed to download other copyrighted files, the downloads count as financial gain even though you don't get any cash. Welcome to the doublespeak future.
Are you serious? I've never seen a new VCR for anything like that amount. I may have seen them for $100 but I thought they were normally always $150 or over. Am I asleep? I don't know about VCR's that much, I've never actually bought one.
Oh I see. I'd have to say CD players are a heck of a lot less complex than DAT decks. Yeah they have a laser, but the rest is pretty simple. You can get CD Walkmans for under 20 bucks at Circuit City. I stand by the claim that a DAT and a VCR are about equal in complexity. And nobody has ever sold a VCR for that little.
During the time when copyrights needed to be renewed, most were in fact not renewed. The renewal rate varied at different times in history but was generally under 20%. See eldred.cc for details.
DAT is inherently a heck of a lot more complex than analog cassette. It's a helical scan system with all kinds of digital electronics. A DAT deck is at least as complex as a VHS VCR. VCR's are sold in enormous quantities but really never get below $150 or so. But there are tons of analog audio cassette machines available at $25 or less. You can find playback-only cassette walkmans for under $10. No amount of economies of scale can produce a VCR or a DAT deck for that little.
DAT wasn't all that expensive?! Look at where most of the analog cassette players are... walkmans, car radios, portable players, answering machines, etc. Those machines are generally about 200 bucks tops, and most of them are under $100 or even under $50. I've never seen a DAT deck that was under $500 list. Yeah, DAT has better audiophile sound, but most people don't care. Analog cassettes are perfectly listenable and most stereo systems won't get anything extra out of DAT. So hardly anyone was willing to pay for DAT.
See here. It's still the best description I've seen of the "problem", but the AC really should have credited the source.
That's sort of as if the Beltway sniper was served with an injunction against shooting any more people, but otherwise let go unpunished.
How is this a win against spam?
The owners will be liable for anything written on bathroom walls in restaurants, libraries, etc. Sheesh.
Someone asked what I'd recommend instead of C. I don't know. I don't think there's a One True Language. Lately I'm coding in Python and like it, though it has its own shortcomings. Java is C-like enough to be comfortable for today's C and C++ programmers. I like the Java language but despise the runtime systems that are usually shipped with it. Perl seems like a monstrosity to me (awk with cancer) but with the -T option (taint checking), it, too, saves you from making a lot of bugs that are easy to miss when writing a C program.
If you've ever written setuid code (at least responsibly), you know the feeling of paranoia and vigilance you have to bring to every line of it that you write. I'm very skeptical if you tell me you bring the same paranoia to all the code you write. Of course there's no magic bullet to secure programming, but there are tools available (i.e. languages with fewer exposed sharp edges) that provide various kinds of safety nets that can rescue you a sizeable percentage of the time. It's foolish not to use those tools.
I'd say part of sensible planning is trying to lower the effect of accidents (or bugs), even if you can't prevent all of them. That means wearing the seat belts in your car, and using array checking and garbage collection in your programs.
I think it's time to give up on C for most Internet application development, and use languages which eliminate this wide class of bugs. Banning C altogether is of course an overstatement, but C code in an application should be treated like setuid code. There should be as little of it as possible (the occasional optimized inner loop of something, for example), and it needs to be scrutinized very carefully before deployment.
Anyone know what language Subversion is written in?
Call your state attorney general and describe the situation as identity theft and/or DOS attack, and urge him/her to prosecute the spammer. Say it can be a very visible prosecution that will make the AG enormously popular with computer users.
I agree it's not so useful for typical PDA applications. This isn't one of those typical applications.
It's a useful approach that I don't think has been widely deployed.
ignore this.
For folks wanting to see the technical side of security, by far the most important book is Security Engineering by Ross Anderson.
I just to update my user preferences to fix my email format and there were two boxes that weren't there before, both checked as if I had checked them. One of them said I wanted junk snail mail from ebay and the other said I wanted junk telemarketing phone calls. I unchecked both but haven't flamed ebay yet. I should add though, I don't think I've actually gotten any junk phone calls from ebay.
and yeah, it's work, but nothing like the work of writing them (I co-wrote one). By publishing I mean typesetting the book (with TeX) starting from an author-supplied input file, hiring an artist to do the cover illustration, getting the printing done, etc. It's mostly just grunt work and it really isn't that hard. Publishers who think that doing this legwork somehow is only worthwhile if it translates into a 100+ year monopoly on use of the contents are simply kidding themselves or whoever they're trying to convince.
Before seeing Slade's review, I read most of The Art of Deception at the bookstore and decided not to buy it. I agree with most of what Slade says. The book is mostly aimed at PHB types and doesn't say all that much useful to techies. However, as a security implementer, I don't think trying to install paranoia in PHB's is such a bad thing. They are often completely unrealistic about vulnerabilities, so it's good to open their eyes a little.
Or maybe it was 64 bits. Either way it's more than enough to assign a unique number to every individual jacket, wristwatch, or candy bar that leaves a production line.
First of all the $.50/tag price will drop to zero just like for any electronic product. Second, a 1/2" to 4" antenna that can read the tag from 15 feet away is concealable and potentially extremely invasive. Do you really want receivers on every streetcorner, retail store, etc. to be able to take a complete inventory of everything you're wearing or carrying as you walk by?
since cars already have license plates that identify them from a distance. I can't see why anyone would want to read RFID's out of tires on the freeways when they can just read the license plates of the cars instead.