EXTREMELY ANIMATED CAPTION: 'MONTY PYTHON PROUDLY PRESENTS THE INSURANCE SKETCH'
Interior smooth-looking office. Mr Feldman behind a desk, Mr Martin in front of it. Both point to a sign on the desk: 'Life Insurance Ltd'.
Martin: Good morning. I've been in touch with you about the, er, life insurance...
Feldman: Ah yes, did you bring the um... the specimen of your um... and so on, and so on?
Martin: Yes I did. It's in the car. There's rather a lot.
Feldman: Good, good.
Martin: Do you really need twelve gallons?
Feldman: No, no, not really.
Martin: Do you test it?
Feldman: No.
Martin: Well, why do you want it?
Feldman: Well, we do it to make sure that you're serious about wanting insurance, I mean, if you're not, you won't spend a couple of months filling up that enormous churn with mmm, so on and so on...
The term you're looking for is, "Unsanctioned copy." "Unlicensed copy," also works, but is inferior, due to the popular confusion of precisely which license is at issue.
Under no rational analysis can it be said to be, "stealing."
Jumpman was great, but I liked a game called Wizard...
I think I still have an original copy of that somewhere. Wonderful game. And the docs for making user-created levels and mods was amazingly complete, right down to how you could add custom code to each map.
Yes, it was a cheesy thing to write down. But as a sibling poster pointed out, Richard Stallman has been issuing similar, though somewhat more diffuse, warnings for over 20 years.
What really frosts my cookies about the whole thing -- thereby prompting the snark -- is how it seems no one who is in a position to stop this garbage actually bothers to stop it. For this stuff to actually come to fruition, and for each company participating, executive staff had to take it on as a priority, middle management had to budget and schedule the work, software and hardware engineers had to actually implement it, and QA engineers had to create and run a series of tests to make sure it "worked" -- anywhere from dozens to hundreds of people who moved the thing along.
...And somehow, improbable as it may seem, absolutely none of them took a principled look at what they were doing and said, "Fuck this reprehensible shit; I have more important things to do."
Yes, that's a rather asinine subject line for a post anywhere.
But, as it happens, I posted about this on Slashdot almost eight years ago, sounding the warning that all this bullshit was coming down the pike, unless you -- yes, you, Mr. VLSI Designer and Mr. Software Designer -- did something to stop it.
Result: HDCP is now a marketing bullet point instead of a product defect, and the word "security" has been perverted Orwell-style to refer to copy protection and not to system integrity.
Grow a pair, people. DO NOT WORK ON OR FACILITATE THIS GARBAGE.
MS tried to lock down Windows and Office.
result... free alternatives
Do you have any idea how much capital investment it takes to develop an "average" consumer electronic device? A modern semiconductor chip? A "simple" interface like IEEE-1394, or DVI, or HDMI, or DisplayPort?
Any schmoe can download GCC and start writing commercial-grade software. But free alternatives for silicon design and Open Access silicon fabs don't (meaningfully) exist.
It just kills me every time I see HDCP as a marketing bullet point, and not on the defects list where it belongs...
I've heard this kind of lament before: "GCC killed the market for compilers." Complete nonsense, of course. There is still a healthy market for good compilers -- gcc is not the be-all end-all of compilers; and niche platforms, such as 8-bit microcontrollers, are mostly under-served by the Open Source solutions. And, incredibly, people are still paying ridiculous sums for Visual Studio.
What Open Source has essentially done is say, "You must be at least this tall to publish a tools suite." Pretty much the only compilers that died were the bad ones. No one, for example, laments the passing of Whitesmiths.
As for editors, well, it was pretty obvious 20 years ago that the editor that was powerful and platform-independent (so you didn't have to re-learn everything and re-write all your macros on a new platform) was going to win. That pretty much meant either EMACS or VI.
You know, I used to really enjoy playing Team Fortress Classic under the old Half-Life engine. Even the occasional cheater would provide some amusement. Then Valve jammed Steam down everyone's throat, and suddenly I couldn't play anymore. Because I refused to install Steam.
I think I'd enjoy playing Half-Life 2. But I won't install Steam. Same deal for Portal; looks like enormous fun. But I will not install Steam.
You seeing a trend here?
Valve is leaving at least $120 retail on the table. I am paying for entertainment. I am not paying for remote monitoring. I can look after my own machines, thank you. All Valve has to do is delete the Steam requirement, and they can have my money.
The Watchmen sprawls all over the place, and there's no way it would fit in three hours' running time, much less the Hollywood-standard 90 minutes. Something's going to get chopped.
Personally, I nominate for deletion the entire novel-within-the-novel of the shipwrecked castaway. Every time that came up, I found myself flipping forward, looking for the main story to pick up again. In fact, it seemed all the extra characters who we saw passing by the newsstand in New York were just "whales" (q.v. Douglas Adams).
I would be very disappointed if Rorschach's backstory as told to the psychologist were cut. Some amazingly powerful and resonant stuff in there. "Looked at sky through smoke heavy with human fat and God was not there. The cold, suffocating dark goes on forever and we are alone. Live our lives, lacking anything better to do. Devise reason later."
My vague understanding -- and please fact-check me on this -- is that the Bureau of Indian Affairs is supposedly in arrears on payments to Native American nations on land leases, which are believed to total in the billions of dollars. Various lawsuits have been filed to try and get the actual accounting data and come up with an accurate number.
One of the problems was, apparently, that even if you ignored the sloppy accounting, the non-existent security on their networks basically made any figures coming out of the bureau highly suspect. So the judge ordered the entire network off the Internet so that only local malfeasance would further affect the numbers.
It is further alleged that criminal lobbyist Jack Abramoff had a hand in this mess...
Disclaimer: I am nothing more than a happy reader of the site.
This entry at Calculated Risk openly wonders if Moody's jiggered its model expressly so that it would line up with whatever the Standard&Poors ratings were.
Personally, I'm concerned this revelation will result in a concerted effort to blame the whole mess on a computer error, rather than the profoundly bad judgment exhibited by fund managers and investment banks. Expect some hapless programmer to be located and pilloried.
Not that I would spend a great deal of effort defending Ed Zander, former CEO of Motorola, but when I was at Moto last year, Icahn seemed indignant that Motorola was sitting on some $12E+09 in cash, and was busy prancing around and bulk-mailing shareholders to vote him a seat on the board of directors, so that he could give the cash to Moto shareholders as a huge dividend (or something).
Even before Apple's iPhone came out and smacked Moto's RAZR out of the park, it was clear that Moto needed to be doing R&D for the next-gen handsets. Oh, and you might want to keep some cash around in case of a rainy day. Icahn got handed his hat. And Moto did a bunch of weird acquisitions.
These days, it's raining pretty hard at Moto. I'm sure that pile of cash is helping them through the lean times.
All of which is a roundabout way of saying: Carl Icahn is a vocal, over-exposed pain in the ass. Whenever he talks, put your hand over your wallet, and pay very careful attention to what he's doing with his own.
I think, in the long run, this screwup may turn out to be a good thing.
Things that you don't think about tend to fall apart behind your back. SSH/SSL is a best-of-breed cryptographic and authentication solution. It's so good, most of us didn't need to think about it.
Even excellent tools need maintenance now and then. And part of the maintenance overhead for crypto and authentication is to change your keys every so often.
So everyone has to suffer a Flag Day all at the same time, update their software and change out their keys. But I think the result will be more secure hosts and a more secure network, even for machines and networks which didn't "need" the change. Which, IMHO, is a good thing.
I guess the real question is how many compromised keys are out there? Most users do not generate nor use ssh/ssl keys or certificates.
Every Debian-based distro generates SSH host keys upon installation, and turns on sshd by default. So every naively-installed Debian installation out there with a weak key is potentially vulnerable.
A stop-gap solution is to turn off sshd, until you can get the keys regenerated.
Does anyone have any back-of-the-envelope calculations as to how badly this compromises existing keys? That is to say, about how long is the brute-force lifetime shortened? If it's been shortened from the age of the known universe to 300 hours, then that's a problem I need to address fairly immediately. OTOH, if it's been shortened to one-quarter the age of the known universe, then I'm not going to deal with this before I've had more coffee...
I imagine there's some thinly-parsed definition about whether or not you're officially on US soil when you're entering Customs and, therefore, whether the Fifth Amendment could be said to apply.
The next logical question is, if you password-protect and encrypt your hard drive to thwart precisely this kind of unwarranted and unjustifiable privacy invasion, can Customs force you to divulge your passwords?
Slashdot Mirror
Interior smooth-looking office. Mr Feldman behind a desk, Mr Martin in front of it. Both point to a sign on the desk: 'Life Insurance Ltd'.
Martin: Good morning. I've been in touch with you about the, er, life insurance...
Feldman: Ah yes, did you bring the um ... the specimen of your um ... and so on, and so on?
Martin: Yes I did. It's in the car. There's rather a lot.
Feldman: Good, good.
Martin: Do you really need twelve gallons?
Feldman: No, no, not really.
Martin: Do you test it?
Feldman: No.
Martin: Well, why do you want it?
Feldman: Well, we do it to make sure that you're serious about wanting insurance, I mean, if you're not, you won't spend a couple of months filling up that enormous churn with mmm, so on and so on...
Martin: Shall I bring it in?
Feldman: Good Lord no. Throw it away.
Under no rational analysis can it be said to be, "stealing."
Schwab
Schwab
I think I still have an original copy of that somewhere. Wonderful game. And the docs for making user-created levels and mods was amazingly complete, right down to how you could add custom code to each map.
Schwab
Schwab
...Or the in-the-freezer trick.
Schwab
I certainly hope you don't mean to suggest that should be some kind of universal get-out-of-social-responsibility-free card...
Schwab
What really frosts my cookies about the whole thing -- thereby prompting the snark -- is how it seems no one who is in a position to stop this garbage actually bothers to stop it. For this stuff to actually come to fruition, and for each company participating, executive staff had to take it on as a priority, middle management had to budget and schedule the work, software and hardware engineers had to actually implement it, and QA engineers had to create and run a series of tests to make sure it "worked" -- anywhere from dozens to hundreds of people who moved the thing along.
...And somehow, improbable as it may seem, absolutely none of them took a principled look at what they were doing and said, "Fuck this reprehensible shit; I have more important things to do."
I just don't get that.
Schwab
But, as it happens, I posted about this on Slashdot almost eight years ago, sounding the warning that all this bullshit was coming down the pike, unless you -- yes, you, Mr. VLSI Designer and Mr. Software Designer -- did something to stop it.
Result: HDCP is now a marketing bullet point instead of a product defect, and the word "security" has been perverted Orwell-style to refer to copy protection and not to system integrity.
Grow a pair, people. DO NOT WORK ON OR FACILITATE THIS GARBAGE.
Schwab
Do you have any idea how much capital investment it takes to develop an "average" consumer electronic device? A modern semiconductor chip? A "simple" interface like IEEE-1394, or DVI, or HDMI, or DisplayPort?
Any schmoe can download GCC and start writing commercial-grade software. But free alternatives for silicon design and Open Access silicon fabs don't (meaningfully) exist.
It just kills me every time I see HDCP as a marketing bullet point, and not on the defects list where it belongs...
Schwab
These days, with all those toxic fluids dribbling on to the ground, I doubt you'd get past the Environmental Impact Review.
Schwab
What Open Source has essentially done is say, "You must be at least this tall to publish a tools suite." Pretty much the only compilers that died were the bad ones. No one, for example, laments the passing of Whitesmiths.
As for editors, well, it was pretty obvious 20 years ago that the editor that was powerful and platform-independent (so you didn't have to re-learn everything and re-write all your macros on a new platform) was going to win. That pretty much meant either EMACS or VI.
Schwab
I think I'd enjoy playing Half-Life 2. But I won't install Steam. Same deal for Portal; looks like enormous fun. But I will not install Steam.
You seeing a trend here?
Valve is leaving at least $120 retail on the table. I am paying for entertainment. I am not paying for remote monitoring. I can look after my own machines, thank you. All Valve has to do is delete the Steam requirement, and they can have my money.
Schwab
If you're a vi user, this will seem quite natural.
Schwab
Personally, I nominate for deletion the entire novel-within-the-novel of the shipwrecked castaway. Every time that came up, I found myself flipping forward, looking for the main story to pick up again. In fact, it seemed all the extra characters who we saw passing by the newsstand in New York were just "whales" (q.v. Douglas Adams).
I would be very disappointed if Rorschach's backstory as told to the psychologist were cut. Some amazingly powerful and resonant stuff in there. "Looked at sky through smoke heavy with human fat and God was not there. The cold, suffocating dark goes on forever and we are alone. Live our lives, lacking anything better to do. Devise reason later."
Really, really good.
Schwab
One of the problems was, apparently, that even if you ignored the sloppy accounting, the non-existent security on their networks basically made any figures coming out of the bureau highly suspect. So the judge ordered the entire network off the Internet so that only local malfeasance would further affect the numbers.
It is further alleged that criminal lobbyist Jack Abramoff had a hand in this mess...
Schwab
This entry at Calculated Risk openly wonders if Moody's jiggered its model expressly so that it would line up with whatever the Standard&Poors ratings were.
Personally, I'm concerned this revelation will result in a concerted effort to blame the whole mess on a computer error, rather than the profoundly bad judgment exhibited by fund managers and investment banks. Expect some hapless programmer to be located and pilloried.
Schwab
"Well, I isolated a nucleotide today..."
Schwab
Even before Apple's iPhone came out and smacked Moto's RAZR out of the park, it was clear that Moto needed to be doing R&D for the next-gen handsets. Oh, and you might want to keep some cash around in case of a rainy day. Icahn got handed his hat. And Moto did a bunch of weird acquisitions.
These days, it's raining pretty hard at Moto. I'm sure that pile of cash is helping them through the lean times.
All of which is a roundabout way of saying: Carl Icahn is a vocal, over-exposed pain in the ass. Whenever he talks, put your hand over your wallet, and pay very careful attention to what he's doing with his own.
Schwab
I can hardly wait to see the SSH logs on my FreeBSD server at home tonight...
Schwab
Things that you don't think about tend to fall apart behind your back. SSH/SSL is a best-of-breed cryptographic and authentication solution. It's so good, most of us didn't need to think about it.
Even excellent tools need maintenance now and then. And part of the maintenance overhead for crypto and authentication is to change your keys every so often.
So everyone has to suffer a Flag Day all at the same time, update their software and change out their keys. But I think the result will be more secure hosts and a more secure network, even for machines and networks which didn't "need" the change. Which, IMHO, is a good thing.
Schwab
Every Debian-based distro generates SSH host keys upon installation, and turns on sshd by default. So every naively-installed Debian installation out there with a weak key is potentially vulnerable.
A stop-gap solution is to turn off sshd, until you can get the keys regenerated.
Schwab
Schwab
If you manually fix the link, you're taken to a troll page.
The next logical question is, if you password-protect and encrypt your hard drive to thwart precisely this kind of unwarranted and unjustifiable privacy invasion, can Customs force you to divulge your passwords?
Schwab