Actually, plenty of companies are able to run a credit check without your SSN, they just require more extensive address information and other information to ensure they identify your credit record properly, plus the transaction takes longer. This whole "we require your SSN to run a credit check" is bogus even if the credit check is justified.
In fact, isn't it illegal to require the SSN in many states?
The damage to the company is the same regardless of whether she distributed 1,000s of copies for free or charged for them. There is still a percentage of those copies (not 100%) that constitute lost sales for the company and recording artist.
Maybe she distributed 10,000 copies of each of the 24 songs? Remember the burden of proof is lower in civil court, so if RIAA could show that an average song was downloaded 100 times a day on the P2P network she used, and she had her songs up for 90 days, they don't have to prove that the songs were downloaded 9,000 times each from her share, just that the most likely were.
Well she shared 24 songs, but one thing I've always noticed is that no one on either side of this case has published any figures for how many different people downloaded each song off of her share while she was running it. If it was only once each, then this was excessive. If she had it up for several months and distributed 10,000 copies a day, that comes out to less than a buck a copy. I'm figuring somewhere in between, but who knows how many?
The problem here is that even though she didn't take any profit from the share, if she did share 1,000s of copies of each song, that's still legitimate damage against the record company. I don't make the RIAAs claim that every illegal copy is a lost sale, but if you figure about 20% of those downloaders would have bought it on iTunes or somewhere, there's a real loss there. And if the quantities are that high, statutory/punitive damages start to creep into the constitutional range.
But this is all speculation because there's no evidence I've seen that says songs X, y and Z were downloaded n,p and q times each.
Especially since all they need to do is create their own damn account and Friend you on facebook (assuming you'd accept). On Slashdot, they can see all your posts whether you're their friend or not, just by having an account. So not only is the request intrusive, they don't even need it.
I always though that statutory damages are not meant as a punishment, but as a means to give the copyright holder fair compensation in situations where the actual damage is impossible to establish. Actually, the statutory damages have a range from compensatory for inadvertent, small cases, to high punitive damages for commercial piracy. If you're sharing 200 files on a P2P network for months at a time, there's a good chance you've distributed 100's or 1000's of copies of each file.
Since she never saw any profit from her sharing/distribution, I think the commercial/punitive damages are excessive, but the number of copies she probably distributed mean that "commercial" rates were at least plausible.
And in civil court you just need a preponderance of evidence, not evidence "beyond a reasonable doubt", so the standard for proof for the RIAA was much lower.
Actually, the giver pays gift tax in the US. It's not part of the income tax code, it's part of the estate tax code to close a loophole where people would give away their belongings before they died to avoid paying estate taxes.
And there are yearly and lifetime exemptions that are high enough to make the question of gift taxes irrelevant for most people.
If teams are being measured on how quickly they close tickets as the only metric, that is what they will target in their efforts. So you will end up with a bunch of dissatisfied customers who had their tickets closed without getting their problem solved. This metric is the biggest reason call center service is so lousy for so many companies.
If your company wants to measure turnaround time, a less-direct approach is better. Something like number of tickets closed in a month with separate categories for tickets based on whether they had to be escalated or not. In addition to this, you need to measure the number of repeat calls from customers. There's always a few cranks that call over every little thing, but if you have a large number of customers calling back within a few days of their ticket closing, problems aren't getting solved the first time. This is better than just "reducing calls". A large number of calls is more likely to indicate a problem in design or production of the product rather than a problem in the call center. But repeat calls, or
A customer satisfaction survey is also useful. In general you'll only get a self-selected response from the customers who are extremely happy or extremely dissatisfied, but even the ratio between the number of responses in those two groups tells you a lot. And if you get comments back from the customers, that's even better.
A large percentage (too large) of people spend time trying to game any system. This can range legal activities like taking SAT prep classes to lobbying the government for favorable laws to illegal acts like adulterating toothpaste with ethylene glycol to reduce costs or shoplifting and returning merchandise for credit.
So think of ways someone could circumvent your metrics to boost their numbers without providing the desired customer service. For example, the repeat calls metric could be gamed if a call center operator doesn't notify (or blocks auto-notification) the customer that their first ticket has been closed. That could delay the customer calling back for status until the metric time had passed. You'd have to check the logs on the customer record to see if their email address was erased or if there was some other activity that shows a scam. Before you reward your "outstanding" employees, you need to do some cross-checking of the metrics to make sure they're real.
I think it's the other way around. First, you get malicious javascript loaded on http://10.0.0.1/myscript.js when you visit the exploit site. Then when you connect to http://10.0.0.1/myscript.js on a different non-routable subnet you end up running the malicious script instead of the local version, which could include doing fun stuff against the HTTP server you are connecting to.
"If you hear hoofbeats, look for horses, not zebras" Unless of course, you live in Africa. Then it could be anything from antelope to wildebeest. Not to mention zebras.
Statistical medicine is all well and good for making sure you get the best probability of curing the problem on the first shot, but too many doctors seem to get fixated on the initial diagnosis (or lack thereof) and don't continue the investigation for less likely scenarios.
In the case of the original article, this looks more like a case where the pathologist missed the granuloma that the student spotted. So it was more a case of hearing the hoofbeats, but not getting a good view to see if the animal had stripes. Apparently spotting a granuloma is a black art comparable to scanning a mammogram.
This is an excellent time to document your IT support policies and processes for handling requests (or create them if there is no such policy) and get them approved by the relevant managers. Then when someone asks you for something informally, just tell them to please follow the documented process. If you start building a backlog of requests, you can point to the backlog as justification for hiring additional IT people. You'll still get "emergency" requests, but the process for those should include approval by managers to justify the emergency. If too many people abuse the emergency process, managers will be active in assisting you to filter out the BS.
Or else they'll abdicate and you can just reject emergency requests unilaterally. In which case, you've become BOFH despite your best efforts.
And get a private DSL line. I'm surprised no one has mentioned this. Much more convenient than enrolling in a different college.
Or if they haven't implemented VOIP service in the dorms, maybe you can get DSL inside the dorms.
In either case, ideally you should have a separate computer for your private access vs. the campus access, but that isn't a requirement. If you want to use the same computer for internet access and accessing the school network, do a dual-boot system, where the DSL is in one environment and the campus connection is in the other. Or have the DSL on both so you can access the campus remotely over the DSL, but the key is to have a separate DSL image without the "spyware". Basically, image your current HD onto a new disk then keep both disks as bootable in the system. Install all the campus stuff on one of the partitions. Depending on your environment there are different ways to hide the alternate partition from the campus partition.
Unfortunately, I don't think "honor code" and "public university" go very well together. Although I'll be the first to admit I don't know that any public university has actually tried it.
Perhaps Microsoft SMS? That's an integral part of their enterprise network management solution, and it does scan software installs and can automatically install updates.
And even if the exhaust flow is expanded (and therefore slowed-down), it's still a "mighty wind" when compared with the vacuum. Instead of dissipating in an atmosphere, it will continue expanding until it hits something solid.
Of course, what is the point of preserving a site that nobody can really go to anyway? Sure, if someone went there, they could 'ruin' the artifacts that remain, but who cares? It's not like anyone can visit the site and appreciate it. The best you could hope for would be to preserve it for future generations' camera equipped robotic lunar rovers.
So you're predicting that the demise of the human race before anyone ever gets back to the moon is virtually certain? Just because it seems beyond anyone right now doesn't make it impossible for someone (China? The UN?) in the future. Even then, there's always the possibility that some aliens might find it. And in the meantime, we wouldn't have to worry about damage in the first place if we weren't already capable of sending robotic rovers there.
... Besides, it's stupid to think that Armstrong and Aldrin wouldn't have messed up the first footprint since it was, you know, right at the bottom of the ladder and in a high traffic area.
Not to mention the rocket blast when the upper portion of the LEM returned to orbit.
On the other hand, we're talking about a bunch of teams including amateurs and semi-pros that may have less than perfect aim over distance of 230,000 miles or so. It would be a shame if someone crashed into the base of one of the LEMS or one of the moon buggies. Best way would probably be to require the pictures to be taken from lunar orbit or from a distance of no less than 10 km. That would prevent attempts to land virtually on top of one of the historic sites.
And for that matter why doesn't IANA tell us what they aren't? Most people have the courtesy to be specific enough to use IANAL or IANAD, but IANA is just meaningless.
Which is really nice to have as a fallback position if this motion fails. But this motion could cut the time spent at trial (and the costs to Thomas) if they don't have to go through the whole argument about the evidence.
Why not think of Verilog as a programming language? It has to be the right one though. For example, compare it to Prolog. When you describe the hardware in VHDL or Verilog you are essentially describing the logical rules embodied in the hardware, rather than the process that the logic actually represents. Prolog is a lot closer to this model than a procedural or OO language like C or C++. The key is to step away from a flow-control process model to a set-based logic model mapping inputs to outputs. That doesn't mean you aren't programming, just that you're modelling your program using a different paradigm.
Slashdot Mirror
Actually, plenty of companies are able to run a credit check without your SSN, they just require more extensive address information and other information to ensure they identify your credit record properly, plus the transaction takes longer. This whole "we require your SSN to run a credit check" is bogus even if the credit check is justified.
In fact, isn't it illegal to require the SSN in many states?
The damage to the company is the same regardless of whether she distributed 1,000s of copies for free or charged for them. There is still a percentage of those copies (not 100%) that constitute lost sales for the company and recording artist.
How many copies of each song?
Maybe she distributed 10,000 copies of each of the 24 songs? Remember the burden of proof is lower in civil court, so if RIAA could show that an average song was downloaded 100 times a day on the P2P network she used, and she had her songs up for 90 days, they don't have to prove that the songs were downloaded 9,000 times each from her share, just that the most likely were.
Well she shared 24 songs, but one thing I've always noticed is that no one on either side of this case has published any figures for how many different people downloaded each song off of her share while she was running it. If it was only once each, then this was excessive. If she had it up for several months and distributed 10,000 copies a day, that comes out to less than a buck a copy. I'm figuring somewhere in between, but who knows how many?
The problem here is that even though she didn't take any profit from the share, if she did share 1,000s of copies of each song, that's still legitimate damage against the record company. I don't make the RIAAs claim that every illegal copy is a lost sale, but if you figure about 20% of those downloaders would have bought it on iTunes or somewhere, there's a real loss there. And if the quantities are that high, statutory/punitive damages start to creep into the constitutional range.
But this is all speculation because there's no evidence I've seen that says songs X, y and Z were downloaded n,p and q times each.
Especially since all they need to do is create their own damn account and Friend you on facebook (assuming you'd accept). On Slashdot, they can see all your posts whether you're their friend or not, just by having an account. So not only is the request intrusive, they don't even need it.
I always though that statutory damages are not meant as a punishment, but as a means to give the copyright holder fair compensation in situations where the actual damage is impossible to establish.
Actually, the statutory damages have a range from compensatory for inadvertent, small cases, to high punitive damages for commercial piracy. If you're sharing 200 files on a P2P network for months at a time, there's a good chance you've distributed 100's or 1000's of copies of each file.
Since she never saw any profit from her sharing/distribution, I think the commercial/punitive damages are excessive, but the number of copies she probably distributed mean that "commercial" rates were at least plausible.
And in civil court you just need a preponderance of evidence, not evidence "beyond a reasonable doubt", so the standard for proof for the RIAA was much lower.
Actually, the giver pays gift tax in the US. It's not part of the income tax code, it's part of the estate tax code to close a loophole where people would give away their belongings before they died to avoid paying estate taxes.
And there are yearly and lifetime exemptions that are high enough to make the question of gift taxes irrelevant for most people.
Gah...bad edit in P2. Just ignore the fragment at the end, pls.
If teams are being measured on how quickly they close tickets as the only metric, that is what they will target in their efforts. So you will end up with a bunch of dissatisfied customers who had their tickets closed without getting their problem solved. This metric is the biggest reason call center service is so lousy for so many companies.
If your company wants to measure turnaround time, a less-direct approach is better. Something like number of tickets closed in a month with separate categories for tickets based on whether they had to be escalated or not. In addition to this, you need to measure the number of repeat calls from customers. There's always a few cranks that call over every little thing, but if you have a large number of customers calling back within a few days of their ticket closing, problems aren't getting solved the first time. This is better than just "reducing calls". A large number of calls is more likely to indicate a problem in design or production of the product rather than a problem in the call center. But repeat calls, or
A customer satisfaction survey is also useful. In general you'll only get a self-selected response from the customers who are extremely happy or extremely dissatisfied, but even the ratio between the number of responses in those two groups tells you a lot. And if you get comments back from the customers, that's even better.
A large percentage (too large) of people spend time trying to game any system. This can range legal activities like taking SAT prep classes to lobbying the government for favorable laws to illegal acts like adulterating toothpaste with ethylene glycol to reduce costs or shoplifting and returning merchandise for credit.
So think of ways someone could circumvent your metrics to boost their numbers without providing the desired customer service. For example, the repeat calls metric could be gamed if a call center operator doesn't notify (or blocks auto-notification) the customer that their first ticket has been closed. That could delay the customer calling back for status until the metric time had passed. You'd have to check the logs on the customer record to see if their email address was erased or if there was some other activity that shows a scam. Before you reward your "outstanding" employees, you need to do some cross-checking of the metrics to make sure they're real.
I think it's the other way around. First, you get malicious javascript loaded on http://10.0.0.1/myscript.js when you visit the exploit site.
Then when you connect to http://10.0.0.1/myscript.js on a different non-routable subnet you end up running the malicious script instead of the local version, which could include doing fun stuff against the HTTP server you are connecting to.
"If you hear hoofbeats, look for horses, not zebras"
Unless of course, you live in Africa. Then it could be anything from antelope to wildebeest. Not to mention zebras.
Statistical medicine is all well and good for making sure you get the best probability of curing the problem on the first shot, but too many doctors seem to get fixated on the initial diagnosis (or lack thereof) and don't continue the investigation for less likely scenarios.
In the case of the original article, this looks more like a case where the pathologist missed the granuloma that the student spotted. So it was more a case of hearing the hoofbeats, but not getting a good view to see if the animal had stripes. Apparently spotting a granuloma is a black art comparable to scanning a mammogram.
This is an excellent time to document your IT support policies and processes for handling requests (or create them if there is no such policy) and get them approved by the relevant managers. Then when someone asks you for something informally, just tell them to please follow the documented process. If you start building a backlog of requests, you can point to the backlog as justification for hiring additional IT people. You'll still get "emergency" requests, but the process for those should include approval by managers to justify the emergency. If too many people abuse the emergency process, managers will be active in assisting you to filter out the BS.
Or else they'll abdicate and you can just reject emergency requests unilaterally. In which case, you've become BOFH despite your best efforts.
And get a private DSL line. I'm surprised no one has mentioned this. Much more convenient than enrolling in a different college.
Or if they haven't implemented VOIP service in the dorms, maybe you can get DSL inside the dorms.
In either case, ideally you should have a separate computer for your private access vs. the campus access, but that isn't a requirement. If you want to use the same computer for internet access and accessing the school network, do a dual-boot system, where the DSL is in one environment and the campus connection is in the other. Or have the DSL on both so you can access the campus remotely over the DSL, but the key is to have a separate DSL image without the "spyware". Basically, image your current HD onto a new disk then keep both disks as bootable in the system. Install all the campus stuff on one of the partitions. Depending on your environment there are different ways to hide the alternate partition from the campus partition.
Unfortunately, I don't think "honor code" and "public university" go very well together. Although I'll be the first to admit I don't know that any public university has actually tried it.
Perhaps Microsoft SMS? That's an integral part of their enterprise network management solution, and it does scan software installs and can automatically install updates.
And even if the exhaust flow is expanded (and therefore slowed-down), it's still a "mighty wind" when compared with the vacuum. Instead of dissipating in an atmosphere, it will continue expanding until it hits something solid.
Of course, what is the point of preserving a site that nobody can really go to anyway? Sure, if someone went there, they could 'ruin' the artifacts that remain, but who cares? It's not like anyone can visit the site and appreciate it. The best you could hope for would be to preserve it for future generations' camera equipped robotic lunar rovers.
So you're predicting that the demise of the human race before anyone ever gets back to the moon is virtually certain? Just because it seems beyond anyone right now doesn't make it impossible for someone (China? The UN?) in the future. Even then, there's always the possibility that some aliens might find it. And in the meantime, we wouldn't have to worry about damage in the first place if we weren't already capable of sending robotic rovers there.
... Besides, it's stupid to think that Armstrong and Aldrin wouldn't have messed up the first footprint since it was, you know, right at the bottom of the ladder and in a high traffic area.
Not to mention the rocket blast when the upper portion of the LEM returned to orbit.
On the other hand, we're talking about a bunch of teams including amateurs and semi-pros that may have less than perfect aim over distance of 230,000 miles or so. It would be a shame if someone crashed into the base of one of the LEMS or one of the moon buggies. Best way would probably be to require the pictures to be taken from lunar orbit or from a distance of no less than 10 km. That would prevent attempts to land virtually on top of one of the historic sites.
And for that matter why doesn't IANA tell us what they aren't? Most people have the courtesy to be specific enough to use IANAL or IANAD, but IANA is just meaningless.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
"As the Americans learned so painfully in earth's final century." Or at least during the Cheney administration.
Which is really nice to have as a fallback position if this motion fails. But this motion could cut the time spent at trial (and the costs to Thomas) if they don't have to go through the whole argument about the evidence.
Also during the Clinton/Lewinsky scandal, didn't Maryland go after Lewinsky's "friend" that recorded their conversations without Lewinsky's knowledge?
Hey people. We hashed this one out back in February.
The blogosphere's just been celebrating Groundhog Day for the past 4 months, I guess.
Why not think of Verilog as a programming language? It has to be the right one though. For example, compare it to Prolog. When you describe the hardware in VHDL or Verilog you are essentially describing the logical rules embodied in the hardware, rather than the process that the logic actually represents. Prolog is a lot closer to this model than a procedural or OO language like C or C++. The key is to step away from a flow-control process model to a set-based logic model mapping inputs to outputs. That doesn't mean you aren't programming, just that you're modelling your program using a different paradigm.