In copyrighting the law, what are they trying to prevent that could be construed as a bad thing? I mean, it's not as if a rival legislature would rise up and "steal" laws and pass them off as their own or something. This is totally confusing.
Mind you, I think that here in the UK, regulations enforced by laws are heavily copyrighted to the extent that if you are building a house and stipulate to the builders that they cold be sued for not building it according to the regulations, many smaller builders will refuse to do the work simply because they cannot pay the thousands of pounds necessary for a current copy of the regulations they would need to follow.
I believe somebody once tried to sell a copy of the UK building regulations and got heavily spanked for doing so. No amount of tea would calm me down after that.
Encryption must be dead. I mean, if even banks don't think to routinely encrypt sensitive data, what hope is there?
Surely it's not that hard to get into the groove of encrypting stuff like this? I would have thought that by the year 2008, all servers, however mundane, would have their drives encrypted to at least remove the possibility of them turning up on eBay with their data hanging out.
Yes, encryption won't protect from an inside job, and yes, most people forget passwords and put them onto stickies, but beejus - just having real serious personal data lying around in plain text all over the place is hopeless. Come to think of it, the news report said they were scans of balance transfer applications, so that means the hard copies could even now be being tossed into a garbage truck and strewn around town on the way to landfill.
I hate having to deal with time-cards and I hate being told I can't do something
Speaking as somebody who has never been in a job that offered overtime - I agree. Seems a major PITA to claim for extra hours worked, then try to work out how much your salary is lower because of it (I assume employers factor in overtime claims when calculating the base salary). Also seems to make it pretty hard to compare jobs at different employers.
Can anyone explain why an unauthorised body using the five rings logo (which is surely a device long out of copyright anyway) would possibly damage the Olympic "brand"? If all it takes is for somebody to use a logo in the wrong way, what does that say about the strength of the idea behind it?
If we are reduced to having to treat the Olympics like Nike, Coke or Kleenex, does that not conclusively prove the ideal of noble competition amongst amateurs is dead? Might it in fact be a vehicle for ego, profit, propaganda and lies instead? The IOC sure are making it appear like that.
(To paraphrase Burroughs) The IOC are perpetrating the last and greatest betrayal of the last and greatest of human dreams.
I don't have any way of verifying this story, but I worked with an old guy once who told me that he had been at a startup in the UK that was, by the sound of it, creating a kind of IMDB in about 1994. They had a team of researchers and a bunch of seed capital to create a large film database. Everything was ticking along for about 18 months and they had researched thousands of films.
Then one day, the database shut down and they traced it to some bad hardware. They replaced the hardware and restored the database from the previous night's backup. Nothing doing - the backup tape (he said it was DAT) was corrupt. So they tried the other one. Nada. Same corruption. So they tried the off-site one. Same thing. Turned out all the backups they had made seem to have transferred the same corruption resulting in nothing significant recoverable.
Had they tried a test restore at some point, they might have found out. As it was, a week after the crash, they shut the business down.
Which reminds me of another (maybe apocryphal) story: the head of IT as a large company was fond of organising disaster recovery practices by walking into the data centre, physically removing a (pre-ordained) server and leaving a note in its place with the words "The server crashed" written on it. The support staff (and presumably management) knew that this would happen, but not when, or which machine (or dependent services) would be affected. Interesting test I would say.
How is increasing the copyright term for something written by a dead guy going to affect the people downloading the matrix off bittorrent?
Bingo. Nail, head, direct hit.
There will come a time when everything is under copyright forever. But nobody will give a shit.
The really worrying thing is whether by that time we will have become so accustomed to trivially breaking copyright law that it will have become a gateway to breaking other laws. Tax evasion? Pah! Parking? Fake numberplates. Exams? Cheat, because everyone else does... etc.
I work for a large online business, and recently had to re-design parts of our checkout process to accommodate the "Versified by Visa" and "MasterCard SecureCode" systems. The whole thing is confusing and error-prone. Several parts of the "guidelines" (for which read "commands") from Visa and MasterCard are plainly crafted by people who've never had to sell anything on-line in their lives. Pop-up windows, erosions of brand equity, sudden re-orientations, confusing distractions - all right at the crucial point of purchase (in our case for average orders worth several hundreds of dollars). And all that is ignoring the fact that the consumer has to remember YET ANOTHER PIN NUMBER.
Needless to say, we are only going to implement it when we are forced to at gunpoint. Yes, there are theoretical advantages in decreased charge-backs, but if that takes place against lower conversion, we might have to bring the lawyers in.
Personally, I see these schemes as a symptom of the actions of robotic "security analysts" - morons who see customers as "actors" in use cases. Where the only response to attack is to "increase security" by piling more responsibility on people who already have more than enough passwords, convoluted signups and "for your protection" bullshit to cope with. Is it a coincidence that we're seeing more fraud while such "security measures" increase?
How about Visa and MasterCard get off their corpulent, gaseous arses and actually DO SOMETHING about credit card fraud that doesn't simply pass the buck?
Will the public ever tire of this kind of crap? I'm willing to sit with the next guy and admire some cool-looking input/manipulation device just like I'm willing to flick though the National Enquirer for laffs, but there IS a limit.
Do they think this is impressive? Do they think it has an actual use? I suppose they do, but right here, right now: this. is. shit.
I'll take a guess that it's nothing to do with any of that. The name "Kindle" gives you a clue if you know anything about the historical relationship between publishers and distributors. Burning books. Basically, publishers hate (and I mean hate) distributors. Not only does distribution means high costs, it means massive restrictions on what publishers can publish. Poetry? Philosophy? Not a hope in hell: if it doesn't sell within a week, those tiny shelves need to be stacked with some crap that does. Lowest common denominator wins every time.
The kindle is ray of hope that publishers have been waiting for the past three hundred years: a way of getting stuff to their readers without the damn logjam that is distribution.
I much prefer to spend my time working deep in the algorithms of my software, because coding those is a pleasure for me. Anything else just doesn't hold my interest.
This guy got modded troll. Seems like the mods haven't read this book, published by one of the most respected web application developers in the world. Are they trolls too for saying exactly what this guy is saying (amongst other things)?
Users, on the other hand, focus less on the architecture of the software they are using than on the front end.
By "focus less" I assume you mean "neither know no care."
To a user of something like a word processor, a web site, or an air conditioning control console, the UI IS the application. There is no architectural consideration of any kind.
(1) "Usability" is in the mind of the user. If you learned how to use some other system first and now expect that any other way of doing things isn't "usable" enough, that's just plain old resistance to change. It says more about you than it does about the usability of the software in question.
That is of course true if you are talking about design by the decree of an individual, but that is not "design" in the way most practitioners define it. The currently accepted approach is User Centred Design, which basically means that the cumulative indications of many target users are derived through various research techniques. The outcome of this research is modulated by the designer in coming up with the design, but fundamentally, the designer's own opinions are irrelevant.
The upshot of this is that (for example) if a CLUI is found to be the way to go, then a CLUI is shall be. If it's voice-control the users need, then that's cool too. Notice I said "need" there, not "want." Here by dragons.
I am a UI designer by trade, and many is the time I have thought about wading in to a F/LOSS project in order to improve the usability of the interface (last one I considered was IPCop). While I agree with most of TFA, it doesn't seem to emphasise the real point for me, which is that UI design for free software requires radically different skills *from the designer* to that which are necessary in the commercial world.
Because people are so tolerant of awful UI, good UI designers are all about persuasion, charm, leadership and inclusiveness without losing focus. To achieve this commercially is not easy, but at least somebody has hired you in an expectation that you will do this work. Grabbing a bunch of elite coders and trying to persuade them to change their stuff is a massive challenge, even if you have VoIP, virtual whiteboards, etc. I would not expect maintainers to understand, appreciate or tolerate my intervention, mainly down to the reasons the article cites, and I'm not sure I'd be able to persuade them otherwise. Usability is not obvious and often requires a leap of faith, an abandonment of the wrong kind of complexity, and very often a lot of pain.
Still, the more we have these discussions, the better, and I hope the article gets read by a lot of Slashdotters for that reason.
Oh, lemme guess: a different strong password for every system you log into! That's SUCH a good idea! So good in fact, that NOBODY DOES THAT.
This is why we so badly need OpenID to work. Because - surprise! - Joe Sixpack doesn't do security like you want to do security. OpenID recognises this and ADDS security to Joe's behaviour.
"I want onetime passwords right now, that my phone can remember, attached to the specific counterparties, money quantities and transaction description. So later I've got my own complete, authoritave record."
So start using OpenID!:-) Ok, people aren't supporting what you describe quite yet, but it's right there in the protocol. OpenID can let you do it.
"Although, most idiots today use the same username and password for everything anyway."
Who is the more idiotic, the person who uses the same password for everything, or the person that can't understand why they do, and allows the situation to get worse?
OpenID is doing something about "most idiots." You, on the other hand, are not.
"Most people seem to user the same user+pass everywhere anyway, and if you had one password compromised on a keylogger or public terminal you probably had them ALL compromised."
That is pretty much why I like OpenID. It recognises the simple fact that you just outlined. It's not for banking, or launching missiles, it's for trivial stuff you want, but need to authenticate to. Bingo. OpenID allows for people to do what they want (use a single password), and steps up the security for that.
That OpenID gets a bad press from "security professionals" is not surprising, because such people have proven time and time again that they have no clue about how real people approach security. For every 20-character, mixed-case, changed-every-week password out there, there is a nice little sticky note on somebody's monitor sitting their blowing all that "security" away.
The solution is OpenID, at least for most systems that do not need high security.
"How in the freaking hell is a single sign on going to make it better?"
OpenID recognises two things:
1. The fact that the vast majority of people use (or try to use) the same password for every system they have. For the systems they can't use their preferred password for, they write the password on a sticky note, and put it on their monitor.
2. The fact that most people have a handful of important accounts (banking, mainly), and then a long tail of fairly trivial stuff. Somebody might cause you a lot of embarrassment if they got control of your Facebook account, but it's pretty easy to recover. Cases of insidious and subtle compromises leading to significant damage are in fact very rare.
In my view, OpenID is the intelligent solution to the long tail of personal security issues we see today. It is not a solution for high-security, but then high security is needed in only a small fraction of web use. What's stupid is perpetuating a multiplicity of accounts using the same password.
Incidentally, MS won't support OpenID because they have Passport. It's a corporate pride thing and has nothing to do with the quality, or otherwise, of OpenID.
Slashdot Mirror
In copyrighting the law, what are they trying to prevent that could be construed as a bad thing? I mean, it's not as if a rival legislature would rise up and "steal" laws and pass them off as their own or something. This is totally confusing.
Mind you, I think that here in the UK, regulations enforced by laws are heavily copyrighted to the extent that if you are building a house and stipulate to the builders that they cold be sued for not building it according to the regulations, many smaller builders will refuse to do the work simply because they cannot pay the thousands of pounds necessary for a current copy of the regulations they would need to follow.
I believe somebody once tried to sell a copy of the UK building regulations and got heavily spanked for doing so. No amount of tea would calm me down after that.
SecureROM
Agreed - there's no way I'm going to buy this game.
Encryption must be dead. I mean, if even banks don't think to routinely encrypt sensitive data, what hope is there?
Surely it's not that hard to get into the groove of encrypting stuff like this? I would have thought that by the year 2008, all servers, however mundane, would have their drives encrypted to at least remove the possibility of them turning up on eBay with their data hanging out.
Yes, encryption won't protect from an inside job, and yes, most people forget passwords and put them onto stickies, but beejus - just having real serious personal data lying around in plain text all over the place is hopeless. Come to think of it, the news report said they were scans of balance transfer applications, so that means the hard copies could even now be being tossed into a garbage truck and strewn around town on the way to landfill.
Sigh.
Seems like Apple's iPhone latest speed claims might be rather off as well.
http://flickr.com/photos/gilgongo/752902874/
3 bars, any position, paid 12 pence. Magic.
I hate having to deal with time-cards and I hate being told I can't do something
Speaking as somebody who has never been in a job that offered overtime - I agree. Seems a major PITA to claim for extra hours worked, then try to work out how much your salary is lower because of it (I assume employers factor in overtime claims when calculating the base salary). Also seems to make it pretty hard to compare jobs at different employers.
Can anyone explain why an unauthorised body using the five rings logo (which is surely a device long out of copyright anyway) would possibly damage the Olympic "brand"? If all it takes is for somebody to use a logo in the wrong way, what does that say about the strength of the idea behind it?
If we are reduced to having to treat the Olympics like Nike, Coke or Kleenex, does that not conclusively prove the ideal of noble competition amongst amateurs is dead? Might it in fact be a vehicle for ego, profit, propaganda and lies instead? The IOC sure are making it appear like that.
(To paraphrase Burroughs) The IOC are perpetrating the last and greatest betrayal of the last and greatest of human dreams.
I don't have any way of verifying this story, but I worked with an old guy once who told me that he had been at a startup in the UK that was, by the sound of it, creating a kind of IMDB in about 1994. They had a team of researchers and a bunch of seed capital to create a large film database. Everything was ticking along for about 18 months and they had researched thousands of films.
Then one day, the database shut down and they traced it to some bad hardware. They replaced the hardware and restored the database from the previous night's backup. Nothing doing - the backup tape (he said it was DAT) was corrupt. So they tried the other one. Nada. Same corruption. So they tried the off-site one. Same thing. Turned out all the backups they had made seem to have transferred the same corruption resulting in nothing significant recoverable.
Had they tried a test restore at some point, they might have found out. As it was, a week after the crash, they shut the business down.
Which reminds me of another (maybe apocryphal) story: the head of IT as a large company was fond of organising disaster recovery practices by walking into the data centre, physically removing a (pre-ordained) server and leaving a note in its place with the words "The server crashed" written on it. The support staff (and presumably management) knew that this would happen, but not when, or which machine (or dependent services) would be affected. Interesting test I would say.
It's probably unanswerable, but I wonder how much energy it takes to make these cells, and how long it takes for them to offset that?
How is increasing the copyright term for something written by a dead guy going to affect the people downloading the matrix off bittorrent?
Bingo. Nail, head, direct hit.
There will come a time when everything is under copyright forever. But nobody will give a shit.
The really worrying thing is whether by that time we will have become so accustomed to trivially breaking copyright law that it will have become a gateway to breaking other laws. Tax evasion? Pah! Parking? Fake numberplates. Exams? Cheat, because everyone else does... etc.
I work for a large online business, and recently had to re-design parts of our checkout process to accommodate the "Versified by Visa" and "MasterCard SecureCode" systems. The whole thing is confusing and error-prone. Several parts of the "guidelines" (for which read "commands") from Visa and MasterCard are plainly crafted by people who've never had to sell anything on-line in their lives. Pop-up windows, erosions of brand equity, sudden re-orientations, confusing distractions - all right at the crucial point of purchase (in our case for average orders worth several hundreds of dollars). And all that is ignoring the fact that the consumer has to remember YET ANOTHER PIN NUMBER.
Needless to say, we are only going to implement it when we are forced to at gunpoint. Yes, there are theoretical advantages in decreased charge-backs, but if that takes place against lower conversion, we might have to bring the lawyers in.
Personally, I see these schemes as a symptom of the actions of robotic "security analysts" - morons who see customers as "actors" in use cases. Where the only response to attack is to "increase security" by piling more responsibility on people who already have more than enough passwords, convoluted signups and "for your protection" bullshit to cope with. Is it a coincidence that we're seeing more fraud while such "security measures" increase?
How about Visa and MasterCard get off their corpulent, gaseous arses and actually DO SOMETHING about credit card fraud that doesn't simply pass the buck?
I've worked in the tech sector all my life and never heard of anyone claiming "overtime." Is this some US thing?
I thought overtime was for people working in factories in the 19th century - not Apple employees.
Will the public ever tire of this kind of crap? I'm willing to sit with the next guy and admire some cool-looking input/manipulation device just like I'm willing to flick though the National Enquirer for laffs, but there IS a limit.
Do they think this is impressive? Do they think it has an actual use? I suppose they do, but right here, right now: this. is. shit.
I'll take a guess that it's nothing to do with any of that. The name "Kindle" gives you a clue if you know anything about the historical relationship between publishers and distributors. Burning books. Basically, publishers hate (and I mean hate) distributors. Not only does distribution means high costs, it means massive restrictions on what publishers can publish. Poetry? Philosophy? Not a hope in hell: if it doesn't sell within a week, those tiny shelves need to be stacked with some crap that does. Lowest common denominator wins every time.
The kindle is ray of hope that publishers have been waiting for the past three hundred years: a way of getting stuff to their readers without the damn logjam that is distribution.
I much prefer to spend my time working deep in the algorithms of my software, because coding those is a pleasure for me. Anything else just doesn't hold my interest.
This guy got modded troll. Seems like the mods haven't read this book, published by one of the most respected web application developers in the world. Are they trolls too for saying exactly what this guy is saying (amongst other things)?
Like I said in a previous post. Here be dragons.
Users, on the other hand, focus less on the architecture of the software they are using than on the front end.
By "focus less" I assume you mean "neither know no care."
To a user of something like a word processor, a web site, or an air conditioning control console, the UI IS the application. There is no architectural consideration of any kind.
Most UI designers I've met are not good graphic designers, and most good graphic designers I've met are not good UI designers.
Spot on. I am a UI designer. I have no clue how to use Photoshop, and I don't need to know because that's what the graphic designers use.
I just wish the "creatives" hadn't hijacked the word "design" (and "creative" for that matter).
I don't really think it's possible to quantify "usability" when to most people it's best rendered as "similarity to Microsoft products."
We designers have a mantra for that, usually attributed to Henry Ford:
"If I'd asked my customers what they wanted, they would have said a faster horse."
You may like to ponder that in the light of that statement you made.
(1) "Usability" is in the mind of the user. If you learned how to use some other system first and now expect that any other way of doing things isn't "usable" enough, that's just plain old resistance to change. It says more about you than it does about the usability of the software in question.
That is of course true if you are talking about design by the decree of an individual, but that is not "design" in the way most practitioners define it. The currently accepted approach is User Centred Design, which basically means that the cumulative indications of many target users are derived through various research techniques. The outcome of this research is modulated by the designer in coming up with the design, but fundamentally, the designer's own opinions are irrelevant.
The upshot of this is that (for example) if a CLUI is found to be the way to go, then a CLUI is shall be. If it's voice-control the users need, then that's cool too. Notice I said "need" there, not "want." Here by dragons.
I am a UI designer by trade, and many is the time I have thought about wading in to a F/LOSS project in order to improve the usability of the interface (last one I considered was IPCop). While I agree with most of TFA, it doesn't seem to emphasise the real point for me, which is that UI design for free software requires radically different skills *from the designer* to that which are necessary in the commercial world.
Because people are so tolerant of awful UI, good UI designers are all about persuasion, charm, leadership and inclusiveness without losing focus. To achieve this commercially is not easy, but at least somebody has hired you in an expectation that you will do this work. Grabbing a bunch of elite coders and trying to persuade them to change their stuff is a massive challenge, even if you have VoIP, virtual whiteboards, etc. I would not expect maintainers to understand, appreciate or tolerate my intervention, mainly down to the reasons the article cites, and I'm not sure I'd be able to persuade them otherwise. Usability is not obvious and often requires a leap of faith, an abandonment of the wrong kind of complexity, and very often a lot of pain.
Still, the more we have these discussions, the better, and I hope the article gets read by a lot of Slashdotters for that reason.
"single point of failure!!"
OK. And your solution to this is what, exactly?
Oh, lemme guess: a different strong password for every system you log into! That's SUCH a good idea! So good in fact, that NOBODY DOES THAT.
This is why we so badly need OpenID to work. Because - surprise! - Joe Sixpack doesn't do security like you want to do security. OpenID recognises this and ADDS security to Joe's behaviour.
There is a lot more to this than you realise.
"I want onetime passwords right now, that my phone can remember, attached to the specific counterparties, money quantities and transaction description. So later I've got my own complete, authoritave record."
So start using OpenID! :-) Ok, people aren't supporting what you describe quite yet, but it's right there in the protocol. OpenID can let you do it.
"Although, most idiots today use the same username and password for everything anyway."
Who is the more idiotic, the person who uses the same password for everything, or the person that can't understand why they do, and allows the situation to get worse?
OpenID is doing something about "most idiots." You, on the other hand, are not.
"Most people seem to user the same user+pass everywhere anyway, and if you had one password compromised on a keylogger or public terminal you probably had them ALL compromised."
That is pretty much why I like OpenID. It recognises the simple fact that you just outlined. It's not for banking, or launching missiles, it's for trivial stuff you want, but need to authenticate to. Bingo. OpenID allows for people to do what they want (use a single password), and steps up the security for that.
That OpenID gets a bad press from "security professionals" is not surprising, because such people have proven time and time again that they have no clue about how real people approach security. For every 20-character, mixed-case, changed-every-week password out there, there is a nice little sticky note on somebody's monitor sitting their blowing all that "security" away.
The solution is OpenID, at least for most systems that do not need high security.
"How in the freaking hell is a single sign on going to make it better?"
OpenID recognises two things:
1. The fact that the vast majority of people use (or try to use) the same password for every system they have. For the systems they can't use their preferred password for, they write the password on a sticky note, and put it on their monitor.
2. The fact that most people have a handful of important accounts (banking, mainly), and then a long tail of fairly trivial stuff. Somebody might cause you a lot of embarrassment if they got control of your Facebook account, but it's pretty easy to recover. Cases of insidious and subtle compromises leading to significant damage are in fact very rare.
In my view, OpenID is the intelligent solution to the long tail of personal security issues we see today. It is not a solution for high-security, but then high security is needed in only a small fraction of web use. What's stupid is perpetuating a multiplicity of accounts using the same password.
Incidentally, MS won't support OpenID because they have Passport. It's a corporate pride thing and has nothing to do with the quality, or otherwise, of OpenID.