Very interesting. I'm actually going to mention this to one of my friends who is an attorney (in the states) today... it's one of those details probably everyone should be on top of.
My layman's litmus test for the legitimacy of this idea is to compare it (unfavorably) to the case where I give you a 15 page contract to buy gasoline at the gas station. We can even leave aside the additional peculiarities of the EULA (where you have already paid in advance before you see the conditions of the agreement "inside the wrapper"). Any reasonable person who needs to get back on the road, and especially given that the legal consultation necessary to understand the agreement will cost orders of magnitude more than the fuel, cannot get all the way to the fine print on the 13th page, in which you agree to pay me $500,000 for each instance in which you ever tell me a lie, put me up in your bedroom for the night whenever I come over, and promise to speak publicly on a weekly basis about the benefits of huffing diesel fuel.
I don't consider that much less ridiculous than agreeing to give powers for spot "audits" by some 3rd party in my home and/or place of business, on the kinds of terms the BSA threatens.
Frankly, I consider the entire notion of the EULA pernicious. It's a simple "information for cash" transaction. Don't use multiple copies simultaneously, and it's a very clear analogy to material goods. Imagine if I printed a "EULA" on the inside of my front door that "binds" everyone who agrees to stay in my house... paragraph 105: "I can come over to your house anytime and search through everything you own to make sure you haven't stolen any of my stuff."
If I sued you for not letting me in, I wouldn't win, would I?
We have companies in the states who even include gag orders in their EULAs that ostensibly prevent you from disparaging the product... but that's a whole other thread.
IANAL. That said, there is a generally accepted legal theory that two parties cannot enter into a binding agreement if one of them could not be expected to understand that agreement, is not properly represented when entering into that agreement, or the agreement contains "fine print" conditions which defy common sense or expectation, or which are intended to deceive. There are other exceptions as well, but these are the important ones for the moment.
I say all this because the shrink wrap license ("EULA") - through which the BSA claims to derive its authority - is thus on extremely thin legal ice. In fact, I am on a neverending quest to find reference to any (any) case where any of the more onerous terms of a shrinkwrap license have prevailed in court. (UCITA, of course, changes everything - but that's a subject for another post.)
Almost all users of computers never properly understand the "contract" they have supposedly "agreed to" by using their software. They are ignorant of the need to keep and maintain records (as if their word processor was a firearm or motor vehicle), and the idea of granting some organization permission to enter their premises and inspect, demand documentation, and otherwise claim supra-police-like powers just to "insure" that they're not violating their "agreement" must profoundly, breathtakingly, and absolutely fail the test of "reasonable expectation."
In the case of copyright violations, there are criminal and civil penalties. You can sue me for stealing your software. You can also call the police on me, who may choose to arrest me and try me for said same. But enter my place of business uninvited to "inspect" or "audit" on the basis of a shrink wrap license? I don't think it flies.
Let's sum up.
The BSA claims a variety of privileges (from the EULA) which it doesn't really have. It threatens you with actions which are almost certainly illegal. Software users are unaware of their "obligations" under their "licenses" even if you consider them binding (which is asinine), and even when they attempt to follow the rules, there are many cases where it will not be possible to provide documentation "to the satisfaction of the auditor" - whose standard is arbitrary, and purposefully engineered to make it unlikely you can meet it. You are frequently given a very short time in which to reply to the ultimatum - purposefully short, to insure you will not have time to properly inspect your facilities before making a decision. Then there is the oft-cited case of schools and charities which use donated equipment for which the paperwork is not, and probably can never be, in order.
The cost of self-defense is borne by the defender in civil court. Knowing one is on the receiving end of a legally specious and improper legal challenge is one thing. Being able to afford your defense against some of the world's richer companies is quite another.
Most victims who receive this have done everything right, but have not retained all their receipts, and/or cannot afford the considerable manpower and expertise it will take to insure "not one single unlicensed copy of anything" exists on any of the machines in their organization. Consider... will even one violation, even when made by an employee in violation of a company policy, result in punitive damages?
Generally the BSA gets what it wants: a "settlement" in which they are paid not to "report" to federal authorities and/or file a questionable lawsuit. The victim pays again (perhaps many times again) for what they already own.
We have come a long way from the simple world of Best Buy which you describe.
The fact that no one understood their options or the consequences of their choices is the very thing at issue here. Extortion, coercion, and foul play describe these practices perfectly.
Groups like the BSA are not a "price to pay for preventing theft." Their tactics are both immoral and unnecessary. They have no place in the enforcement of copyright. The police are the ones whose job it is to handle software thieves. But then there'd be no money in it for anyone, eh?
The first and foremost way we should have stopped this worm was with firewall rules and the "Server Network Configuration." You don't want to be running anything like this open to the network. Fine.
The bad assumption people are making here is that there's "no reason to break this rule." Well, unfortunately, this is just not so.
In my case, a project involved upsizing a client's access database, and then transferring it from my dev machine to an ISP's SQL Server instance. The client has a dynamic IP address, and they would never even consider the cost of using a VPN. My SQL Server ports were open for only 3 weeks, during the transition period, and would have been shut down next week.
Everyone is saying "it's your fault - you didn't install the patch."
I kept up on service packs (I was up to SP2), and had installed every SQL Server security patch I could find. I had a non-guessable sa password. I got it anyway.
So why is that? I'm not sure. But I have some observations about the manner in which you're supposed to keep SQL Server (and other MS applications for that matter) current which bear seriously on the issue:
First, there's the "fine print" phenomenon on Microsoft patches. Aside from service packs, these are usually just utterly simplistic "unzip and spray files" installers, occasionally with a few scripts thrown in. Install them in the wrong order, or fail to obey some other 8pt type caveat (and there can be dozens) and you render yourself unprotected again, while maintaining the appearance of being protected. It's likely this is why I wasn't protected despite believing I was.
Where is the complete list of all patches, with downloaded links? What part of Microsoft's site is it prominently displayed on? Where's the order they need to be installed in, with concise instructions?
Anywhere? I can't find it today. Maybe it exists and I just didn't notice it. That would be atrocious site design. Or maybe a simple, centralized "MS SQL Server 2000 Security Page" with ordered patch list and instructions doesn't even exist. That's just atrocious.
All I can find is top-level references to service packs and an unqualified link to an all-microsoft download search page. When you select SQL Server 2000 in it, you get everything, not in order, patches thrown together with samples, evaluation downloads, etc.
And I'm supposed to check here... every week? Sounds sensible on the surface, but if they really wanted to prevent trouble:
Two words: WINDOWS UPDATE! What the hell is wrong with these people that if they have a patch for SQL Server 2000, they can't just throw it into Windows Update? It does a little check - do you have SQLSvr installed? Yes? Do you have the patches installed?
IT'S SO BLOODY SIMPLE. Yet they didn't bother.
Compare this to redhat, where there's one tool, up2date, and it works for everything. And you are trivially notified by email when there's an update.
I believe there's a tool that lets you examine your installation to see what service packs are installed and which aren't. I remember vividly running it last summer and discovering that I was up to date. Tellingly, I can't even find it in their site today.
Yes, the service packs. I notice SQL Server 2000 SP3 protects you against this buffer overflow. I also notice this service pack came out last week.
At any rate, we can at least tell people a convenient fix - go install SQL Server 2000 SP3.
What's the bottom line? I had a reason to have the port open. And I had a not-for-nothing false sense of security that I was protected against this vulnerability. And most of all, if this was RedHat (for instance) I would never have had this problem - because I would have been notified the moment the patch was available, and would have installed it in a heartbeat, through their single, consistent, easy-to-use interface; and so would tens of thousands of others.
I had installed the patch (although patches and SPs are notorious in "looking as though they have been installed), and I got it anyway.
As I understand it the July 2002 vulnerability has to do with exploiting a weak or null sa password on open TCP with mixed-mode or SQL Server authentication. So if being patched wasn't enough, my server also had a non-guessable sa password.
The humorous irony is that I had only opened up SQL Server to the internet a few weeks ago to service something specific for a client (who was on a dynamic IP of course), and was about to shut it down again on Monday...
The IBM paper is interesting, but beyond doing these straightforward kinds of measurements, I can think of a lot of better approaches to improving kernel and core application performance, based on research I've seen... When I was doing profiling work on supercomputer stuff a few years back I surveyed the tools and found some systems that use really novel approaches which could definitely be adapted to this purpose. I suppose word doesn't really get out about some of this stuff; anyway, take a look and see for yourself:
S-Check starts with your original source code and points suspected of being bottlenecks. It adds artificial delays at the specific points throughout the parallel code. These delays can be switched ON or OFF. The switched delays generate numerous new versions of the program, with the delays simulating adjustments in code efficiency. S-Check methodically executes the many variants, recording delay settings and corresponding run times. S-Check analyzes the recorded entries against a linear response model using techniques from statistics. The results are a sensitivity analysis from which program problem areas can be identified. This provides a portable, scalable, and generic basis for assaying parallel and network based programs.
"...a heuristic, goal-seeking algorithm was coupled with a dynamic instrumentation package to drive an automated, systematic inquiry into the performance of a parallel application."
The upshot is tools which can instrument a running system on the fly, and use statistical techniques that identify "hot spots" by looking for the amount of "collateral damage" when adding artificial delays to a particular location. You can even go farther, mapping out relationships, etc.
These are approaches that came out of parallel supercomputing, because in that field traditional approaches to benchmarking and profiling are often useless and/or impractical, and the systems (and programming problems) have become so complex that effective hand tuning becomes nearly impossible as well. Of course the kernel isn't so simple either, and these days you have parallelism to boot... I would love to see these techniques solving a wider range of problems.
Oh man. I knew I was done for when you put the the "Bw" in front of your long string of "haha's". You totally schooled me, ergo98.
Oh no - I replied again! I've justified your devilish "last word" insult! Oh woe as me. If only any of it would make me wrong.
Speaking of revisionism, I'm amazed you never gloated about how your Indian friends totally validated your comments as not being racist and ignorant. I'm waiting - I know you'll get to that one soon.
It's quite real. Why? It's obvious you know nothing about India - you've never been there and you've never dealt with them. But don't take my word for it. Why don't you print out your posts and ask some people from that country what they think?:)
Aw, did I make you upset by not flattering your "thoughts" with an enumerated response? So ironic; your urine-stream of invective is not the demeanor of someone secure in their beliefs or sanguine about the issues.:)
I'm sure you'll have no trouble finding work in the American factories where they make planes, trains and automobiles.
it's jsut that you didn't justify anything more. I notice you repeated one of your more glaring racist fallacies again, which is that India can't handle teaching its people CS.
BTW, quite employed. In fact, judging by your level of intelligence, I bet I make a lot more than you do.
Contradictory, incoherent... and you're utterly wrong on pretty much all points. This is your classic "desperation argument." But I won't take any joy when you realize it.
You obviously have no idea how much of the software you use was written in India. Almost every major American software company has outsourced or established offices there.
The two objections I always hear to their eventual dominance that I can think of off the top of my head are:
1) They're not as good, and 2) They're too far away - pitfalls of distributed development, communication problems, etc.
The first is, more or less, a bunch of ignorant (I'll stop short of saying racist) BS, and the 2nd can't account for anywhere near the kind of trouble that a 75% discount can't overcome - or even a 20% discount for that matter.
The reality is that software engineering is by far the most ideal candidate for 3rd world outsourcing to date - because there are no transportation costs, and no real possibility to tax or tariff the "product" as it travels over borders.
You have your opinion, and I have mine (whether I like it or not): if you're a software developer planning on living in the 1st world, your world is ending.
It doesn't look like you read the article - and you obviously haven't been there, or seen it for yourself. While there may be some basis for your economic theory, your notions about the difficulty of system architecture and design making you valuable enough to keep living in the 1st world are utterly mistaken. You (and I) will have to change careers, or move to the 3rd world ourselves, within 15 years. I virtually guarantee it.
In addition, due to other unrelated macroeconomic and political factors, it's getting much harder to "start over" here. Conservative politics and rising higher-educational costs might seem unimportant now, but people always find themselves thinking differently when they land back down at the bottom of the ladder.
As for America as a whole, when in a few more years we find ourselves really on the rocks and try to turn to our vaunted "education and high-skill manpower," we will discover we have neither - the price of the broom-fucking we've given public education (at all levels) over the past 3 decades.
On that, you have a very, very good point. Although to an extent, every time we can collect more evidence of big media outlets blatantly manipulating the news to their own political ends... that may help us someday too.
Oh man. You've got to go back to school or something. The checksums are not on the mp3s, which are only a potential carrier (so the rumor goes?) - the checksums are on the P2P applications.
Any attempt to modify the checksummed P2P applications, whether via a rigged mp3 or network buffer overflow or any other source, would be detected by the PF software. End of story.
When you go into "the firewall MUST allow outbound traffic on that port" I suppose you just didn't read what I wrote thoroughly - since you are "arguing" exactly the point I just made.
Regarding checksumming, you say "I think someone else went down that path." Rubbish. If you, or anyone else, knows a way to evade this kind of checksumming, and not just for one, but for all of these tools at once, then that's news.
What you say, "Perhaps that's where the 95% that is being bandied about comes from - the other 5% have their kit together and are running better monitoring software" - come on! Think it through. It's not just that whoever has personal firewall (or any other monitoring) software wouldn't be affected - it's that they would all notice the attempt to compromise their P2P app - the software will alert them. That would spur an investigation in the community, and real news, etc. etc.
In other words, implicit, prima facie proof that this is a hoax.
What makes this hoax so good, if it is a hoax, is how utterly plausible it seems, even to a well-trained engineer. The only things that don't fit, actually, are their announcement, as many have said, and a small detail about application signatures, which I'll get to in a minute.
If their request looks like a regular query or other baseline P2P activity, it will be like finding a needle in a haystack the size of the empire state building to discover it by packet sniffing.
It gets worse. Fasttrack is encrypted over the wire. If anyone has the keys besides its creators, they're keeping quiet about it. You can't even sniff it, let alone begin the impossible process of distinguishing a few spurious bits of baseline-appearing activity (which could use the very nature of the network itself not to always be directed towards a specific host or set of hosts).
Talk of being protected from this by Symantec or another AV vendor is just talk. There is no mention of protection against this or any similar worm in the published databases. Generally these AV systems can only protect you from A) things they know about, and if we can't find this, neither can they, and B) things that might do harm, i.e. "You didn't just select the Format option, did you?" Further, there is nothing saying these guys would take our side over the RIAA's if there were a dispute about what was a virus and what was "legitimate." Especially if there were a hefty bribe on offer.
The government is not prosecuting over 99% of the people involved with Enron, and those guys turned the lights off in California. What makes you think they'll bite this particular hand that feeds them either?
Protection from personal firewalls is more tricky, and this is where the implicit proof that this is a hoax lies. Most personal firewalls are very dumb - they grant blanket permissions to an application, or not. A few will go farther (like Agnitum's excellent but utterly unstable product) and authorize only specific kinds of activity (so authorizing Winamp to call home to check for an update doesn't authorize it to call anyone else). But regardless, for P2P software, which talks to everybody, these firewalls basically just give up and let them do whatever they want.
But on the upside, almost all of them checksum the applications they are watching... so any virus/worm/whatever which attempted to modify your P2P software would immediately be detected and stopped. Hundreds of thousands of people would have noticed this worm, if it existed.
Halsey Minor, Trip Hawkins, Jane Metcalfe and Louis Rosetto... are "notable"? With that list of posers, burnouts, con men, and also-rans, you know you can safely ignore this for what it is - pure media hype.
Someone stop them before we get another torrent of empty-headed buzzword-filled "articles" describing how this nth attempt at a failed idea (god, how is Blaxxun even still around?) is now suddenly going to "change the world"...
I was really hoping you were making it up. Still disappointed you've given no primary source material to back it up, but at least you're finally not alone in the claim.
A philosophy that is believed by a people with the ability and willingness for self-determination has political force. However a philosophy by itself is not politics, and politics is not fundamentally about philosophy.
Since you haven't answered it, I need merely repeat myself. A childish "counterargument" in a continuing attempt to reject the concept of "inalieable rights" introduced at the founding of our country as "philosophical" and therefore unrelated to "politics" and, we suppsose, government. Shall we split the hair of "at its heart"?
I said legitimacy, and I meant it.
And you were wrong. Still are.
The Nazis were, for instance, legitimate.
And this pretty much sums up how wrong you are.
Where do I imply a connection of any kind between the founding fathers and the KKK?
Oh wait... maybe you'll answer your own question.
The only connection is one of kind
That's it. And why did you make it? I'll repeat myself again. Right, so you're implying a connection between the founding fathers and the KKK. Do you take it to the conclusion you wish you could? No. Because I shut out the pedant's argument of moral relativism at the outset, and you know it...trying to suggest that there is no room between absolute adherence to authority and your straw man of the moment, racist lynch mobs.
Do you need a napkin for the froth at your mouth?
You're not just pissing into your keyboard. I think you're pissing into a cup and drinking it.
But putting words in my mouth that I did not say is of no use.
I can't say I'm surprised you'd stoop to bold-faced lies - even when the evidence making your mendacity obvious is in the preceding text. Come on, don't back away now, stand by your principles.
And you are doing what, exactly?
More lies - but I suppose there's little you wouldn't stoop to, after pronouncing the Nazis a legitimate government.
The person you responded to originally was not me.
I see, you just jumped in for them.
For the rest, you heritage is immaterial - go bait people with it elsewhere.
I also note that you are wrong about the USA being founded as a democracry.
Hmm. The republic/democracy dichotomy. What a totally irrelevant hair to split. Thank you for indicating how desperate you are to justify yourself.
Indians and Black slaves.
The glaring, prima facie stupidity of your "argument" is simply breathtaking. You're trying to score points by brining up slavery and colonialism - when your very argument confers legitimacy on these practices. In fact, by extension, you could be thought to denounce the underground railroad as "illegitimate!"
And then you called it universal.
No, I didn't. Go back and read.
That a right not to be a slave is among them is sheer ignorance of your own history.
Now you're just degenerating into incoherence.
Where did I say anything about anarchy?
Clearly implied - "mob" etc.
When it comes to legitimacy, as explained above legitimacy does not mean that I like them. It means that they are accepted as legitimate.
And that's precisely where you're wrong.
If you want to keep up with the foolish and highly ironic attempts to save face... keep posting, by all means... but come to some other site, just for continued streams of urine interspersed with occasional outbursts of elementary-school legal theory? You're dreaming.
So they connect, but are very hardly the same thing.
A childish "counterargument" in a continuing attempt to reject the concept of "inalieable rights" introduced at the founding of our country as "philosophical" and therefore unrelated to "politics" and, we suppsose, government.
Shall we split the hair of "at its heart"?
That alone makes you so clearly not worth answering that I should stop now. Grimly, though, let's see this through to the end anyway.
A government which is unable to compell the cooperation of the people loses its legitimacy.
You need an english class, too. Unless you are intentionally confusing legitimacy with stability to try to make your argument sound less stupid, which I suspect is the case.
Our world's history demonstrates clearly that a shared sense of basic principles is often less important than a mob.
Right, so you're implying a connection between the founding fathers and the KKK. Do you take it to the conclusion you wish you could? No. Because I shut out the pedant's argument of moral relativism at the outset, and you know it.
Tyrants call any three reformers a mob. Their shills equate any questioning of authority with criminality. And you, whatever your motivation, just couldn't resist falling in that line (as I knew you would) - trying to suggest that there is no room between absolute adherence to authority and your straw man of the moment, racist lynch mobs.
Everything else you say is basically attempting to change the subject. Some of it (discussing the erosion of basic rights, and our need to defend them) is even correct. You also spout some inflammatory and deceptive drivel with no relation to anything we've said: "Carry on as you were. Remain convinced of your own innate superiority and posture away. I don't see any reason to continue to bother with you." Pure infantility. You're just pissing into your keyboard.
None of this does anything to defend your (worthless) earlier assertions: "Yes, freedoms are granted by the government." "You can't just assume you have a right to something and expect to be able to back it up without legal documentation." "And they *can* be taken away by the government." This is bullshit. Amusingly, it makes you a Loyalist, and much worse today.
You have ignored the constantly repeated and headline themes of the founding of our nation, backed up in reams of documentary evidence, not least the Declaration of Independence (already cited) and the U.S. Constitution - that the rights we gave ourselves are not political inventions sprining from the caprices of the moment, but truly inalieable human rights, derived from "natural law," granted by our creator (whether diety or chance), and we have merely made our government a democracy that works (as much as possible) in harmony with these ideas... because it's a good idea to do that.
You will notice I anticipated your quibbling about the UDHR, from what I wrote immediately before I cited it:"If you want to pretend there is no agreement on what a human right is, don't waste our time, or pretend it matters that there is no absolute agreement." Go ahead, keep quibbling. Try to suggest that I meant the UDHR as authoritative, or that it matters that there is no authoritative text.
Let me guess. I suppose you will only try to suggest again that there is no room between recognition of basic human rights and anarchy, but since we actually occupy a living proof you're wrong, I don't expect this to get far. Honest men can debate how long a copyright lasts or how to punish a murderer or whether or not abortion is legal, and there, as in a myriad of different ways, the government serves as yet another iteration in our attempt to crystalize a better way to organize ourselves and live, as people. It is essential to have it, to make rules well, and to follow them. But there are lines a government cannot cross without losing its legitimacy. Period. If you believed otherwise, you would have to, if you were a person of principle, abdicate your U.S. citizenship and swim back to England.
You are saying that there is no arguing with whatever is written in whatever document is held to be the law of the land. However, our history tells us otherwise. Common sense, and a shared sense of basic principles overrides any governmental decree.
You may claim this means moral relativism, or leads to anarchy, but yet I am right, and it has not. Rather, it led to the founding of our country. The principles and mechanisms by which such basic priority operates are fluid and unreliable, but the world is not a CPU.
I'll repeat what Malor said, because it's absolutely correct, and understanding its meaning in the very core of your being is essential to your dignity as a human being."[basic] freedoms ARE NOT GRANTED BY THE GOVERNMENT."
I'll reiterate my earlier point, because I can already hear the pedants clawing at their cages. This does not mean moral relativism. Just merely that we are never "bound" in any legal sense by a "government" which infringes on basic human rights which have been held, across most of earth's cultures, to be fundamental and universal. If you want to pretend there is no agreement on what a human right is, don't waste our time, or pretend it matters that there is no absolute agreement. Take a look at, for instance, The Universal Declaration of Human Rights if you're confused.
Slashdot Mirror
Very interesting. I'm actually going to mention this to one of my friends who is an attorney (in the states) today... it's one of those details probably everyone should be on top of.
My layman's litmus test for the legitimacy of this idea is to compare it (unfavorably) to the case where I give you a 15 page contract to buy gasoline at the gas station. We can even leave aside the additional peculiarities of the EULA (where you have already paid in advance before you see the conditions of the agreement "inside the wrapper"). Any reasonable person who needs to get back on the road, and especially given that the legal consultation necessary to understand the agreement will cost orders of magnitude more than the fuel, cannot get all the way to the fine print on the 13th page, in which you agree to pay me $500,000 for each instance in which you ever tell me a lie, put me up in your bedroom for the night whenever I come over, and promise to speak publicly on a weekly basis about the benefits of huffing diesel fuel.
I don't consider that much less ridiculous than agreeing to give powers for spot "audits" by some 3rd party in my home and/or place of business, on the kinds of terms the BSA threatens.
Frankly, I consider the entire notion of the EULA pernicious. It's a simple "information for cash" transaction. Don't use multiple copies simultaneously, and it's a very clear analogy to material goods. Imagine if I printed a "EULA" on the inside of my front door that "binds" everyone who agrees to stay in my house... paragraph 105: "I can come over to your house anytime and search through everything you own to make sure you haven't stolen any of my stuff."
If I sued you for not letting me in, I wouldn't win, would I?
We have companies in the states who even include gag orders in their EULAs that ostensibly prevent you from disparaging the product... but that's a whole other thread.
IANAL. That said, there is a generally accepted legal theory that two parties cannot enter into a binding agreement if one of them could not be expected to understand that agreement, is not properly represented when entering into that agreement, or the agreement contains "fine print" conditions which defy common sense or expectation, or which are intended to deceive. There are other exceptions as well, but these are the important ones for the moment.
I say all this because the shrink wrap license ("EULA") - through which the BSA claims to derive its authority - is thus on extremely thin legal ice. In fact, I am on a neverending quest to find reference to any (any) case where any of the more onerous terms of a shrinkwrap license have prevailed in court. (UCITA, of course, changes everything - but that's a subject for another post.)
Almost all users of computers never properly understand the "contract" they have supposedly "agreed to" by using their software. They are ignorant of the need to keep and maintain records (as if their word processor was a firearm or motor vehicle), and the idea of granting some organization permission to enter their premises and inspect, demand documentation, and otherwise claim supra-police-like powers just to "insure" that they're not violating their "agreement" must profoundly, breathtakingly, and absolutely fail the test of "reasonable expectation."
In the case of copyright violations, there are criminal and civil penalties. You can sue me for stealing your software. You can also call the police on me, who may choose to arrest me and try me for said same. But enter my place of business uninvited to "inspect" or "audit" on the basis of a shrink wrap license? I don't think it flies.
Let's sum up.
The BSA claims a variety of privileges (from the EULA) which it doesn't really have. It threatens you with actions which are almost certainly illegal. Software users are unaware of their "obligations" under their "licenses" even if you consider them binding (which is asinine), and even when they attempt to follow the rules, there are many cases where it will not be possible to provide documentation "to the satisfaction of the auditor" - whose standard is arbitrary, and purposefully engineered to make it unlikely you can meet it. You are frequently given a very short time in which to reply to the ultimatum - purposefully short, to insure you will not have time to properly inspect your facilities before making a decision. Then there is the oft-cited case of schools and charities which use donated equipment for which the paperwork is not, and probably can never be, in order.
The cost of self-defense is borne by the defender in civil court. Knowing one is on the receiving end of a legally specious and improper legal challenge is one thing. Being able to afford your defense against some of the world's richer companies is quite another.
Most victims who receive this have done everything right, but have not retained all their receipts, and/or cannot afford the considerable manpower and expertise it will take to insure "not one single unlicensed copy of anything" exists on any of the machines in their organization. Consider... will even one violation, even when made by an employee in violation of a company policy, result in punitive damages?
Generally the BSA gets what it wants: a "settlement" in which they are paid not to "report" to federal authorities and/or file a questionable lawsuit. The victim pays again (perhaps many times again) for what they already own.
We have come a long way from the simple world of Best Buy which you describe.
The fact that no one understood their options or the consequences of their choices is the very thing at issue here. Extortion, coercion, and foul play describe these practices perfectly.
Groups like the BSA are not a "price to pay for preventing theft." Their tactics are both immoral and unnecessary. They have no place in the enforcement of copyright. The police are the ones whose job it is to handle software thieves. But then there'd be no money in it for anyone, eh?
Hey, since it's Monday and all, I was just wondering. Could I just skip writing a response, and you just write another ignorant, juvenile post anyway?
Thanks,
Featureless
P.S. - Don't long for a response. You've been filtered.
The bad assumption people are making here is that there's "no reason to break this rule." Well, unfortunately, this is just not so.
In my case, a project involved upsizing a client's access database, and then transferring it from my dev machine to an ISP's SQL Server instance. The client has a dynamic IP address, and they would never even consider the cost of using a VPN. My SQL Server ports were open for only 3 weeks, during the transition period, and would have been shut down next week.
I kept up on service packs (I was up to SP2), and had installed every SQL Server security patch I could find. I had a non-guessable sa password. I got it anyway.
So why is that? I'm not sure. But I have some observations about the manner in which you're supposed to keep SQL Server (and other MS applications for that matter) current which bear seriously on the issue:
Anywhere? I can't find it today. Maybe it exists and I just didn't notice it. That would be atrocious site design. Or maybe a simple, centralized "MS SQL Server 2000 Security Page" with ordered patch list and instructions doesn't even exist. That's just atrocious.
All I can find is top-level references to service packs and an unqualified link to an all-microsoft download search page. When you select SQL Server 2000 in it, you get everything, not in order, patches thrown together with samples, evaluation downloads, etc.
And I'm supposed to check here... every week? Sounds sensible on the surface, but if they really wanted to prevent trouble:
IT'S SO BLOODY SIMPLE. Yet they didn't bother.
Compare this to redhat, where there's one tool, up2date, and it works for everything. And you are trivially notified by email when there's an update.
At any rate, we can at least tell people a convenient fix - go install SQL Server 2000 SP3.
What's the bottom line? I had a reason to have the port open. And I had a not-for-nothing false sense of security that I was protected against this vulnerability. And most of all, if this was RedHat (for instance) I would never have had this problem - because I would have been notified the moment the patch was available, and would have installed it in a heartbeat, through their single, consistent, easy-to-use interface; and so would tens of thousands of others.
I had installed the patch (although patches and SPs are notorious in "looking as though they have been installed), and I got it anyway.
As I understand it the July 2002 vulnerability has to do with exploiting a weak or null sa password on open TCP with mixed-mode or SQL Server authentication. So if being patched wasn't enough, my server also had a non-guessable sa password.
The humorous irony is that I had only opened up SQL Server to the internet a few weeks ago to service something specific for a client (who was on a dynamic IP of course), and was about to shut it down again on Monday...
The IBM paper is interesting, but beyond doing these straightforward kinds of measurements, I can think of a lot of better approaches to improving kernel and core application performance, based on research I've seen... When I was doing profiling work on supercomputer stuff a few years back I surveyed the tools and found some systems that use really novel approaches which could definitely be adapted to this purpose. I suppose word doesn't really get out about some of this stuff; anyway, take a look and see for yourself:
S-Check
S-Check starts with your original source code and points suspected of being bottlenecks. It adds artificial delays at the specific points throughout the parallel code. These delays can be switched ON or OFF. The switched delays generate numerous new versions of the program, with the delays simulating adjustments in code efficiency. S-Check methodically executes the many variants, recording delay settings and corresponding run times. S-Check analyzes the recorded entries against a linear response model using techniques from statistics. The results are a sensitivity analysis from which program problem areas can be identified. This provides a portable, scalable, and generic basis for assaying parallel and network based programs.
Paradyn
(overview)
"...a heuristic, goal-seeking algorithm was coupled with a dynamic instrumentation package to drive an automated, systematic inquiry into the performance of a parallel application."
The upshot is tools which can instrument a running system on the fly, and use statistical techniques that identify "hot spots" by looking for the amount of "collateral damage" when adding artificial delays to a particular location. You can even go farther, mapping out relationships, etc.
These are approaches that came out of parallel supercomputing, because in that field traditional approaches to benchmarking and profiling are often useless and/or impractical, and the systems (and programming problems) have become so complex that effective hand tuning becomes nearly impossible as well. Of course the kernel isn't so simple either, and these days you have parallelism to boot... I would love to see these techniques solving a wider range of problems.
Oh man. I knew I was done for when you put the the "Bw" in front of your long string of "haha's". You totally schooled me, ergo98.
Oh no - I replied again! I've justified your devilish "last word" insult! Oh woe as me. If only any of it would make me wrong.
Speaking of revisionism, I'm amazed you never gloated about how your Indian friends totally validated your comments as not being racist and ignorant. I'm waiting - I know you'll get to that one soon.
So much childish frustration. What is it, ergo98? Stress in the workplace? Haven't had sex in years? Or ever?
Go on, get it all out. It will make you feel better.
It's quite real. Why? It's obvious you know nothing about India - you've never been there and you've never dealt with them. But don't take my word for it. Why don't you print out your posts and ask some people from that country what they think? :)
:)
Aw, did I make you upset by not flattering your "thoughts" with an enumerated response? So ironic; your urine-stream of invective is not the demeanor of someone secure in their beliefs or sanguine about the issues.
I'm sure you'll have no trouble finding work in the American factories where they make planes, trains and automobiles.
it's jsut that you didn't justify anything more. I notice you repeated one of your more glaring racist fallacies again, which is that India can't handle teaching its people CS.
BTW, quite employed. In fact, judging by your level of intelligence, I bet I make a lot more than you do.
Contradictory, incoherent... and you're utterly wrong on pretty much all points. This is your classic "desperation argument." But I won't take any joy when you realize it.
You obviously have no idea how much of the software you use was written in India. Almost every major American software company has outsourced or established offices there.
The two objections I always hear to their eventual dominance that I can think of off the top of my head are:
1) They're not as good, and
2) They're too far away - pitfalls of distributed development, communication problems, etc.
The first is, more or less, a bunch of ignorant (I'll stop short of saying racist) BS, and the 2nd can't account for anywhere near the kind of trouble that a 75% discount can't overcome - or even a 20% discount for that matter.
The reality is that software engineering is by far the most ideal candidate for 3rd world outsourcing to date - because there are no transportation costs, and no real possibility to tax or tariff the "product" as it travels over borders.
You have your opinion, and I have mine (whether I like it or not): if you're a software developer planning on living in the 1st world, your world is ending.
It doesn't look like you read the article - and you obviously haven't been there, or seen it for yourself. While there may be some basis for your economic theory, your notions about the difficulty of system architecture and design making you valuable enough to keep living in the 1st world are utterly mistaken. You (and I) will have to change careers, or move to the 3rd world ourselves, within 15 years. I virtually guarantee it.
In addition, due to other unrelated macroeconomic and political factors, it's getting much harder to "start over" here. Conservative politics and rising higher-educational costs might seem unimportant now, but people always find themselves thinking differently when they land back down at the bottom of the ladder.
As for America as a whole, when in a few more years we find ourselves really on the rocks and try to turn to our vaunted "education and high-skill manpower," we will discover we have neither - the price of the broom-fucking we've given public education (at all levels) over the past 3 decades.
Good luck.
On that, you have a very, very good point. Although to an extent, every time we can collect more evidence of big media outlets blatantly manipulating the news to their own political ends... that may help us someday too.
Oh man. You've got to go back to school or something. The checksums are not on the mp3s, which are only a potential carrier (so the rumor goes?) - the checksums are on the P2P applications.
Any attempt to modify the checksummed P2P applications, whether via a rigged mp3 or network buffer overflow or any other source, would be detected by the PF software. End of story.
When you go into "the firewall MUST allow outbound traffic on that port" I suppose you just didn't read what I wrote thoroughly - since you are "arguing" exactly the point I just made.
Regarding checksumming, you say "I think someone else went down that path." Rubbish. If you, or anyone else, knows a way to evade this kind of checksumming, and not just for one, but for all of these tools at once, then that's news.
What you say, "Perhaps that's where the 95% that is being bandied about comes from - the other 5% have their kit together and are running better monitoring software" - come on! Think it through. It's not just that whoever has personal firewall (or any other monitoring) software wouldn't be affected - it's that they would all notice the attempt to compromise their P2P app - the software will alert them. That would spur an investigation in the community, and real news, etc. etc.
In other words, implicit, prima facie proof that this is a hoax.
Users are hurt that Mozilla is bloated and slow-loading.
So you know how to efficiently crack md5 sums? Now that's news. I eagerly await you explanation.
What makes this hoax so good, if it is a hoax, is how utterly plausible it seems, even to a well-trained engineer. The only things that don't fit, actually, are their announcement, as many have said, and a small detail about application signatures, which I'll get to in a minute.
If their request looks like a regular query or other baseline P2P activity, it will be like finding a needle in a haystack the size of the empire state building to discover it by packet sniffing.
It gets worse. Fasttrack is encrypted over the wire. If anyone has the keys besides its creators, they're keeping quiet about it. You can't even sniff it, let alone begin the impossible process of distinguishing a few spurious bits of baseline-appearing activity (which could use the very nature of the network itself not to always be directed towards a specific host or set of hosts).
Talk of being protected from this by Symantec or another AV vendor is just talk. There is no mention of protection against this or any similar worm in the published databases. Generally these AV systems can only protect you from A) things they know about, and if we can't find this, neither can they, and B) things that might do harm, i.e. "You didn't just select the Format option, did you?" Further, there is nothing saying these guys would take our side over the RIAA's if there were a dispute about what was a virus and what was "legitimate." Especially if there were a hefty bribe on offer.
The government is not prosecuting over 99% of the people involved with Enron, and those guys turned the lights off in California. What makes you think they'll bite this particular hand that feeds them either?
Protection from personal firewalls is more tricky, and this is where the implicit proof that this is a hoax lies. Most personal firewalls are very dumb - they grant blanket permissions to an application, or not. A few will go farther (like Agnitum's excellent but utterly unstable product) and authorize only specific kinds of activity (so authorizing Winamp to call home to check for an update doesn't authorize it to call anyone else). But regardless, for P2P software, which talks to everybody, these firewalls basically just give up and let them do whatever they want.
But on the upside, almost all of them checksum the applications they are watching... so any virus/worm/whatever which attempted to modify your P2P software would immediately be detected and stopped. Hundreds of thousands of people would have noticed this worm, if it existed.
Hence, hoax.
Halsey Minor, Trip Hawkins, Jane Metcalfe and Louis Rosetto... are "notable"? With that list of posers, burnouts, con men, and also-rans, you know you can safely ignore this for what it is - pure media hype.
Someone stop them before we get another torrent of empty-headed buzzword-filled "articles" describing how this nth attempt at a failed idea (god, how is Blaxxun even still around?) is now suddenly going to "change the world"...
I was really hoping you were making it up. Still disappointed you've given no primary source material to back it up, but at least you're finally not alone in the claim.
Subject says it all... not to mention that none of your sources have any such quote. LMAO.
A philosophy that is believed by a people with the ability and willingness for self-determination has political force. However a philosophy by itself is not politics, and politics is not fundamentally about philosophy.
Since you haven't answered it, I need merely repeat myself. A childish "counterargument" in a continuing attempt to reject the concept of "inalieable rights" introduced at the founding of our country as "philosophical" and therefore unrelated to "politics" and, we suppsose, government. Shall we split the hair of "at its heart"?
I said legitimacy, and I meant it.
And you were wrong. Still are.
The Nazis were, for instance, legitimate.
And this pretty much sums up how wrong you are.
Where do I imply a connection of any kind between the founding fathers and the KKK?
Oh wait... maybe you'll answer your own question.
The only connection is one of kind
That's it. And why did you make it? I'll repeat myself again. Right, so you're implying a connection between the founding fathers and the KKK. Do you take it to the conclusion you wish you could? No. Because I shut out the pedant's argument of moral relativism at the outset, and you know it...trying to suggest that there is no room between absolute adherence to authority and your straw man of the moment, racist lynch mobs.
Do you need a napkin for the froth at your mouth?
You're not just pissing into your keyboard. I think you're pissing into a cup and drinking it.
But putting words in my mouth that I did not say is of no use.
I can't say I'm surprised you'd stoop to bold-faced lies - even when the evidence making your mendacity obvious is in the preceding text. Come on, don't back away now, stand by your principles.
And you are doing what, exactly?
More lies - but I suppose there's little you wouldn't stoop to, after pronouncing the Nazis a legitimate government.
The person you responded to originally was not me.
I see, you just jumped in for them.
For the rest, you heritage is immaterial - go bait people with it elsewhere.
I also note that you are wrong about the USA being founded as a democracry.
Hmm. The republic/democracy dichotomy. What a totally irrelevant hair to split. Thank you for indicating how desperate you are to justify yourself.
Indians and Black slaves.
The glaring, prima facie stupidity of your "argument" is simply breathtaking. You're trying to score points by brining up slavery and colonialism - when your very argument confers legitimacy on these practices. In fact, by extension, you could be thought to denounce the underground railroad as "illegitimate!"
And then you called it universal.
No, I didn't. Go back and read.
That a right not to be a slave is among them is sheer ignorance of your own history.
Now you're just degenerating into incoherence.
Where did I say anything about anarchy?
Clearly implied - "mob" etc.
When it comes to legitimacy, as explained above legitimacy does not mean that I like them. It means that they are accepted as legitimate.
And that's precisely where you're wrong.
If you want to keep up with the foolish and highly ironic attempts to save face... keep posting, by all means... but come to some other site, just for continued streams of urine interspersed with occasional outbursts of elementary-school legal theory? You're dreaming.
So they connect, but are very hardly the same thing.
A childish "counterargument" in a continuing attempt to reject the concept of "inalieable rights" introduced at the founding of our country as "philosophical" and therefore unrelated to "politics" and, we suppsose, government.
Shall we split the hair of "at its heart"?
That alone makes you so clearly not worth answering that I should stop now. Grimly, though, let's see this through to the end anyway.
A government which is unable to compell the cooperation of the people loses its legitimacy.
You need an english class, too. Unless you are intentionally confusing legitimacy with stability to try to make your argument sound less stupid, which I suspect is the case.
Our world's history demonstrates clearly that a shared sense of basic principles is often less important than a mob.
Right, so you're implying a connection between the founding fathers and the KKK. Do you take it to the conclusion you wish you could? No. Because I shut out the pedant's argument of moral relativism at the outset, and you know it.
Tyrants call any three reformers a mob. Their shills equate any questioning of authority with criminality. And you, whatever your motivation, just couldn't resist falling in that line (as I knew you would) - trying to suggest that there is no room between absolute adherence to authority and your straw man of the moment, racist lynch mobs.
Everything else you say is basically attempting to change the subject. Some of it (discussing the erosion of basic rights, and our need to defend them) is even correct. You also spout some inflammatory and deceptive drivel with no relation to anything we've said: "Carry on as you were. Remain convinced of your own innate superiority and posture away. I don't see any reason to continue to bother with you." Pure infantility. You're just pissing into your keyboard.
None of this does anything to defend your (worthless) earlier assertions: "Yes, freedoms are granted by the government." "You can't just assume you have a right to something and expect to be able to back it up without legal documentation." "And they *can* be taken away by the government." This is bullshit. Amusingly, it makes you a Loyalist, and much worse today.
You have ignored the constantly repeated and headline themes of the founding of our nation, backed up in reams of documentary evidence, not least the Declaration of Independence (already cited) and the U.S. Constitution - that the rights we gave ourselves are not political inventions sprining from the caprices of the moment, but truly inalieable human rights, derived from "natural law," granted by our creator (whether diety or chance), and we have merely made our government a democracy that works (as much as possible) in harmony with these ideas... because it's a good idea to do that.
You will notice I anticipated your quibbling about the UDHR, from what I wrote immediately before I cited it: "If you want to pretend there is no agreement on what a human right is, don't waste our time, or pretend it matters that there is no absolute agreement." Go ahead, keep quibbling. Try to suggest that I meant the UDHR as authoritative, or that it matters that there is no authoritative text.
Let me guess. I suppose you will only try to suggest again that there is no room between recognition of basic human rights and anarchy, but since we actually occupy a living proof you're wrong, I don't expect this to get far. Honest men can debate how long a copyright lasts or how to punish a murderer or whether or not abortion is legal, and there, as in a myriad of different ways, the government serves as yet another iteration in our attempt to crystalize a better way to organize ourselves and live, as people. It is essential to have it, to make rules well, and to follow them. But there are lines a government cannot cross without losing its legitimacy. Period. If you believed otherwise, you would have to, if you were a person of principle, abdicate your U.S. citizenship and swim back to England.
Sue your teachers.
There is, at its heart, no difference between philosophy and politics.
A government which infringes on basic human rights loses its legitimacy. Ergo the founding of our republic. Need I refer you to the source material?
You are saying that there is no arguing with whatever is written in whatever document is held to be the law of the land. However, our history tells us otherwise. Common sense, and a shared sense of basic principles overrides any governmental decree.
You may claim this means moral relativism, or leads to anarchy, but yet I am right, and it has not. Rather, it led to the founding of our country. The principles and mechanisms by which such basic priority operates are fluid and unreliable, but the world is not a CPU.
I'll repeat what Malor said, because it's absolutely correct, and understanding its meaning in the very core of your being is essential to your dignity as a human being. "[basic] freedoms ARE NOT GRANTED BY THE GOVERNMENT."
I'll reiterate my earlier point, because I can already hear the pedants clawing at their cages. This does not mean moral relativism. Just merely that we are never "bound" in any legal sense by a "government" which infringes on basic human rights which have been held, across most of earth's cultures, to be fundamental and universal. If you want to pretend there is no agreement on what a human right is, don't waste our time, or pretend it matters that there is no absolute agreement. Take a look at, for instance, The Universal Declaration of Human Rights if you're confused.