I never thought I would say this without irony, but... Thank you, Microsoft.
We got this $(EXPLETIVE) $(EXPLETIVE) piece of $(EXPLETIVE) on the young one's PC, and it was an absolute bear to get rid of. I'm still not entirely sure we eradicated it. It's nice to see some bigger guns applied to the issue.
Sorry. I won't install Steam, either. I've been very consistent on this point. It's the reason I still haven't played Half-Life 2.
It may also be worth pointing out that, since a company the size of EA believes Steam is a reasonable substitute for SecuROM, that Steam may not all the harmless sugardrops and fairydust that its supporters have been adamantly claiming all these years. Which is, pretty much, what I suspected all along...
As you know, GameStop makes a tidy sum reselling used games, and the game developers don't see a penny of it. This has not a few people in the the games industry pissed off beyond the capacity for rational thought. No matter how much irrefutable logic or facts you throw at them, they're absolutely convinced they're "losing money" to this, and want to re-structure the market to prevent it, or at least get a cut of the action.
Once upon a time, there was this brilliant guy named Stephen Wolfram. While working in the physics department of Caltech, he developed a program called SMP -- Symbolic Manipulation Program. Prior to that point, it was culturally understood that university research, and stuff developed pursuant to such research, belonged to the University, or to the public domain, so that it could be used by others to further the pursuit of knowledge.
Wolfram, however, had other ideas.
There was a protracted, expensive legal battle, in which Wolfram argued that -- despite the overt cultural backdrop of sharing knowledge -- since he didn't expressly sign his rights away, it was all his, and Caltech could go pound salt. It ended up with Wolfram resigning from the physics department and taking all his intellectual "property" rights with him.
And that's why, to this day, it costs $2500 to buy a copy of Mathematica. And also why that clause is in your contract with the University.
I run a FreeBSD box at the end of an ADSL line. Normally I would see a handful of SSH attempts. On a bad day I'd see a couple hundred. This last week, I've seen upwards of 1500 per day, all coming from different IP addresses. It's a straight dictionary attack, moving through in dictionary order. I think I'm in the G's right about now...
I long ago installed 'bruteblock' on my box, which plonks an IP address for N minutes after X failed attempts (both configurable). It's very small and efficient. But this obviously does nothing for distributed attacks. I should probably move the SSH port for a couple weeks... *sigh*
I'd like, if I may, to take a stab at recasting HDCP from an unqualified evil to a qualified boon for users.
We've discovered that well-heeled snoops using sophisticated radio equipment can, from a non-trivial distance, pick off the EM signals coming out of your monitor and reconstruct the image you're viewing. HDCP would thwart this, protecting the user's privacy. So HDCP can be seen as a pro-user security measure.
By re-casting HDCP as a system security feature, it then becomes obvious where control of HDCP should lie: In the user's hands. If HDCP were under my control, and didn't cost any extra in terms of CPU cycles or power consumption, I'd turn it on and leave it that way. Extra privacy for free!
But more importantly, by re-casting HDCP as a data security feature, applications attempting to manipulate it are correctly seen as hostile. If J-Random-Videoplayer tries to flip the system HDCP settings one way or another, they should get smacked down with EPERM and go no further. Even better, a dialog should pop up and say, "An unprivileged application is attempting to discover the current settings of display encryption (HDCP). This is a system security setting which should be accessed only by administrative programs. How should the request be handled? ()Report as enabled ()Report as disabled ()Report current setting ()Reject request"
The legal claims section--the only section that counts--was indecipherable by anyone but a patent attorney.
Then it shouldn't be a valid patent. Further evidence that the patent system in the US needs to be scrapped and rebuilt from scratch.
Patents are ensconced in the Constitution, "To promote the progress of science and useful arts." Even after a patent expires, it is supposed to contribute to humanity's corpus of knowledge and science. How does a patent, written in language that can't be understood by an actual person trying to actually get something useful done, serve to promote the progress of science and the useful arts?
Frankly, this should be actionable. There is no excuse for this stupidity any longer.
When I install a new piece of software, the first place I go is to the preferences panel to see if there are any stupid/broken settings that need to be fixed (or, too often, fixed again after an upgrade). I can't remember which version it originally showed up in, but when I saw the checkbox for JavaScript in Acrobat Reader, my jaw hit the floor.
"Are you people fscking morons? Did you learn nothing from the exploits and problems caused by JavaScript in Web browsers? Hell, forget Web browsers; Microsoft Word became a virus/trojan platform because the Special-Needs Children who apparently design all their software thought it would be tEh k00l to embed macros in what is fundamentally a static document."
Every time some would-be clever person adds a macro language or other executable logic to a document format, the result is "unexpected" worms, viruses, and security breaches. Every God-damned time.
This is not an honest mistake. This is negligent engineering, and someone needs to lose a lot of money over it before the lesson sinks in.
Belkin pulled this exact same crap back in the 2002/2003 timeframe, and got thoroughly and properly flayed alive for it. They quickly published an update that removed the "feature," but the fact that the "feature" got all the way through marketing, management, software development, and QA told me that everyone in that company was asleep at the switch, and Belkin got put on my shitlist. I won't even buy their cables anymore if I can avoid it.
Now I get to add DLink to the same list. Unless and until DLink issues a public apology and shows contrition for this, there they shall stay, alongside Belkin.
Why do I get the feeling that the:CueCat could find new life as a support peripheral to some stupid new Facebook "application"? "Here are the barcodes from everything in my room! L0lz!!1!!"
Why do you think they have that "tagging" feature for the photos? Didn't you know all this time that you've been training their face recognition database?
I thought one of the great advantages of LCD and plasma displays was their power efficiency over good old-fashioned CRTs. Was that a fib?
What, in fact, is the typical power consumption of various displays (CRT, plasma, LCD direct-view, LCD projector, white light-source DLP, LED-source DLP, etc.)? Which gadgets should I most concern myself with turning off first?
This is the kind of moron who gets written up on TheDailyWTF, and derisively laughed at for years to come. Such a person is a liability to the firm, and needs to be dismissed.
Seriously, after all these years of success and reliability, anyone claiming Open Source software is an organizational threat is simply in the tank for Microsoft. Firefox, a threat? VIM, a threat? While Internet Explorer and MS Word are paragons of safety? The man is provably out of his fscking mind.
Meanwhile, in the 'unstable' tree, the changelogs aren't getting updated.
In 'aptitude', I pick through the packages with updates available and look at the changelogs to see what got changed to see if it's one I want to take. About a week ago, a bunch of updated packages showed up, but the corresponding changelogs seem to have gone AWOL (examples: there is no changelog for smbclient 2:3.2.3-3, or iceweasel 3.0.3-2).
I've seen this sort of thing before, but never understood why it was happening. Can anyone shed any light?
That mouse you might see on sale for $19.99 might have less than a couple of bucks worth of plastic. But the cost sheet developed by Acme Mouse Incorporated might have a dozen line items consisting of R&D charges which are amortized into product costs based on forecasts. These are very real costs that can't be ignored. You're correct that they're paid upfront, but Acme needs to get the money, and if Acme is in the sole business of selling mice, then they recoup those costs one mouse at a time. The amortized overhead and development costs are as real and genuine as material costs in the eyes of accountants and investors. It's not play money; it's not "soft dollars." If the mouse has $2 in material costs and another $4 in burdened development costs, if they sell the product into distribution for less than $6, they're losing money.
No one is disputing that the NRE costs are significant. NRE is traditionally recouped via amortization into the per-unit sales cost.
Where opinions differ is whether that remains a valid recoupment method in a world where you aren't the exclusive means of production. Sure, you have a bit a paper entitled, "Copyright Law," but de facto you don't control the tens of millions of CPUs out there, each of which is a fully independent factory. This is a component of the reality of the digital market that even software vendors have tried to pretend doesn't exist. And even if the recoupment method remains fundamentally valid, reality still demands that you re-evaluate your sales forecasting methods. This also has yet to be done.
"Give me another reason why I should listen to one word of your defense against this class action suit?"
"Well, Your Honor, all of the persons the plaintiff has named as members of the class are invalid. All our cardmembers, as a provision of the cardmember agreement, must refer to independent Binding Arbitration, and expressly waive their right to participate in a class action. And all those that remain have no standing to file this action."
When you enter a courtroom, you enter another world where such flagrant absurdities are taken seriously. Read your cardmember agreement. Then read Kafka.
Except where National Security(TM) is concerned, there is no valid argument in law to prevent Discovery/Mythbusters from airing facts about the lack of security surrounding RFID, and Discovery/Mythbusters are under no contractual obligation to keep such facts secret.
An expensive lawsuit would almost certainly be filed after the fact, but it stands no chance of success. Discovery could counter-sue for barratry and violations of anti-SLAPP statutes.
HTML is a semantic markup language, not a presentation markup language. Stylesheets allow presentation specification, but the stylesheets were separated from HTML expressly to attempt to preserve HTML's semantic nature.
Thus, we don't even need to get to the copy protection issue -- the mere idea of binding fonts to an HTML page at all is utterly laughable on its face. It belies a fundamental misunderstanding of what HTML is and the set of problems it's intended to address.
If image is more important to you than content, then go play with PDF -- that's what it's for -- and leave HTML alone.
I remember Viewtron when it came out. This was pre-Internet, and everything was working off the "BBS" model. But even then, Viewtron was a complete joke.
First off, it spoke NAPLPS -- basically, Flash before there was Flash. There was no text-only interface. So you got to stare at the screen as it drew almost pretty pictures at you, at 300 bits per second.
Now there was nothing intrinsically wrong with NAPLPS -- it was fairly sophisticated and portable for its day. Dave Hughes was a big champion of it. But since newspapers were vehicles for advertising, and advertising "requires" graphics, you spent a non-trivial amount of time waiting for the ad to render, then the UI, then the information you actually requested. It made the text-only services of the day like CompuServe and The Source seem speedy by comparison.
It still floors me that they plowed over 10 million 1980 dollars in to this thing. On-line sophisticates universally declared it as wretched, and there was no way it would ever have been appealing enough for someone to go out and drop large sums of money on new equipment to get access to it. (By the way, I'm pretty sure the Viewtron client I saw was running on a Commodore-64. Viewtron wouldn't have justified the purchase of the modem, much less the C64.)
Slashdot Mirror
We got this $(EXPLETIVE) $(EXPLETIVE) piece of $(EXPLETIVE) on the young one's PC, and it was an absolute bear to get rid of. I'm still not entirely sure we eradicated it. It's nice to see some bigger guns applied to the issue.
Schwab
It may also be worth pointing out that, since a company the size of EA believes Steam is a reasonable substitute for SecuROM, that Steam may not all the harmless sugardrops and fairydust that its supporters have been adamantly claiming all these years. Which is, pretty much, what I suspected all along...
Schwab
As you know, GameStop makes a tidy sum reselling used games, and the game developers don't see a penny of it. This has not a few people in the the games industry pissed off beyond the capacity for rational thought. No matter how much irrefutable logic or facts you throw at them, they're absolutely convinced they're "losing money" to this, and want to re-structure the market to prevent it, or at least get a cut of the action.
Schwab
Wolfram, however, had other ideas.
There was a protracted, expensive legal battle, in which Wolfram argued that -- despite the overt cultural backdrop of sharing knowledge -- since he didn't expressly sign his rights away, it was all his, and Caltech could go pound salt. It ended up with Wolfram resigning from the physics department and taking all his intellectual "property" rights with him.
And that's why, to this day, it costs $2500 to buy a copy of Mathematica. And also why that clause is in your contract with the University.
Schwab
I long ago installed 'bruteblock' on my box, which plonks an IP address for N minutes after X failed attempts (both configurable). It's very small and efficient. But this obviously does nothing for distributed attacks. I should probably move the SSH port for a couple weeks... *sigh*
Schwab
Schwab
We've discovered that well-heeled snoops using sophisticated radio equipment can, from a non-trivial distance, pick off the EM signals coming out of your monitor and reconstruct the image you're viewing. HDCP would thwart this, protecting the user's privacy. So HDCP can be seen as a pro-user security measure.
By re-casting HDCP as a system security feature, it then becomes obvious where control of HDCP should lie: In the user's hands. If HDCP were under my control, and didn't cost any extra in terms of CPU cycles or power consumption, I'd turn it on and leave it that way. Extra privacy for free!
But more importantly, by re-casting HDCP as a data security feature, applications attempting to manipulate it are correctly seen as hostile. If J-Random-Videoplayer tries to flip the system HDCP settings one way or another, they should get smacked down with EPERM and go no further. Even better, a dialog should pop up and say, "An unprivileged application is attempting to discover the current settings of display encryption (HDCP). This is a system security setting which should be accessed only by administrative programs. How should the request be handled? ()Report as enabled ()Report as disabled ()Report current setting ()Reject request"
Discuss :-).
Schwab
Schwab
Then it shouldn't be a valid patent. Further evidence that the patent system in the US needs to be scrapped and rebuilt from scratch.
Patents are ensconced in the Constitution, "To promote the progress of science and useful arts." Even after a patent expires, it is supposed to contribute to humanity's corpus of knowledge and science. How does a patent, written in language that can't be understood by an actual person trying to actually get something useful done, serve to promote the progress of science and the useful arts?
Schwab
When I install a new piece of software, the first place I go is to the preferences panel to see if there are any stupid/broken settings that need to be fixed (or, too often, fixed again after an upgrade). I can't remember which version it originally showed up in, but when I saw the checkbox for JavaScript in Acrobat Reader, my jaw hit the floor.
"Are you people fscking morons? Did you learn nothing from the exploits and problems caused by JavaScript in Web browsers? Hell, forget Web browsers; Microsoft Word became a virus/trojan platform because the Special-Needs Children who apparently design all their software thought it would be tEh k00l to embed macros in what is fundamentally a static document."
Every time some would-be clever person adds a macro language or other executable logic to a document format, the result is "unexpected" worms, viruses, and security breaches. Every God-damned time.
This is not an honest mistake. This is negligent engineering, and someone needs to lose a lot of money over it before the lesson sinks in.
Schwab
Schwab
Now I get to add DLink to the same list. Unless and until DLink issues a public apology and shows contrition for this, there they shall stay, alongside Belkin.
Schwab
Why do I get the feeling that the :CueCat could find new life as a support peripheral to some stupid new Facebook "application"? "Here are the barcodes from everything in my room! L0lz!!1!!"
Why do you think they have that "tagging" feature for the photos? Didn't you know all this time that you've been training their face recognition database?
Schwab
What, in fact, is the typical power consumption of various displays (CRT, plasma, LCD direct-view, LCD projector, white light-source DLP, LED-source DLP, etc.)? Which gadgets should I most concern myself with turning off first?
Schwab
Seriously, after all these years of success and reliability, anyone claiming Open Source software is an organizational threat is simply in the tank for Microsoft. Firefox, a threat? VIM, a threat? While Internet Explorer and MS Word are paragons of safety? The man is provably out of his fscking mind.
Schwab
*sigh* And guess where it downloads them from?
http://packages.debian.org/changelogs/pool/main/
Challenge: Find the changelogs for samba 2:3.2.3-3 and iceweasel 3.0.3-2.
Schwab
In 'aptitude', I pick through the packages with updates available and look at the changelogs to see what got changed to see if it's one I want to take. About a week ago, a bunch of updated packages showed up, but the corresponding changelogs seem to have gone AWOL (examples: there is no changelog for smbclient 2:3.2.3-3, or iceweasel 3.0.3-2).
I've seen this sort of thing before, but never understood why it was happening. Can anyone shed any light?
Schwab
Schwab
No one is disputing that the NRE costs are significant. NRE is traditionally recouped via amortization into the per-unit sales cost.
Where opinions differ is whether that remains a valid recoupment method in a world where you aren't the exclusive means of production. Sure, you have a bit a paper entitled, "Copyright Law," but de facto you don't control the tens of millions of CPUs out there, each of which is a fully independent factory. This is a component of the reality of the digital market that even software vendors have tried to pretend doesn't exist. And even if the recoupment method remains fundamentally valid, reality still demands that you re-evaluate your sales forecasting methods. This also has yet to be done.
Schwab
"Well, Your Honor, all of the persons the plaintiff has named as members of the class are invalid. All our cardmembers, as a provision of the cardmember agreement, must refer to independent Binding Arbitration, and expressly waive their right to participate in a class action. And all those that remain have no standing to file this action."
When you enter a courtroom, you enter another world where such flagrant absurdities are taken seriously. Read your cardmember agreement. Then read Kafka.
Schwab
An expensive lawsuit would almost certainly be filed after the fact, but it stands no chance of success. Discovery could counter-sue for barratry and violations of anti-SLAPP statutes.
Schwab
Thus, we don't even need to get to the copy protection issue -- the mere idea of binding fonts to an HTML page at all is utterly laughable on its face. It belies a fundamental misunderstanding of what HTML is and the set of problems it's intended to address.
If image is more important to you than content, then go play with PDF -- that's what it's for -- and leave HTML alone.
Schwab
First off, it spoke NAPLPS -- basically, Flash before there was Flash. There was no text-only interface. So you got to stare at the screen as it drew almost pretty pictures at you, at 300 bits per second.
Now there was nothing intrinsically wrong with NAPLPS -- it was fairly sophisticated and portable for its day. Dave Hughes was a big champion of it. But since newspapers were vehicles for advertising, and advertising "requires" graphics, you spent a non-trivial amount of time waiting for the ad to render, then the UI, then the information you actually requested. It made the text-only services of the day like CompuServe and The Source seem speedy by comparison.
It still floors me that they plowed over 10 million 1980 dollars in to this thing. On-line sophisticates universally declared it as wretched, and there was no way it would ever have been appealing enough for someone to go out and drop large sums of money on new equipment to get access to it. (By the way, I'm pretty sure the Viewtron client I saw was running on a Commodore-64. Viewtron wouldn't have justified the purchase of the modem, much less the C64.)
Schwab
"An elephant wearing a hat."