If the developer has done his job at Apple, then clearly any shareware that he developed did not interfere with his job. This is enough to satisfy a jury or judge that the development of the shareware was not something that competed with his job, or in fact had anything to do with his job.
If the developer's job is clearly unrelated to the shareware developed, there can be no claim on intellectual property leakage.
If the developer can show that his job does not provide him with the privelege of seeing any future marketing plans that may allow him to understand that his shareware is potentially related to future plans of his employer, then the developer is clearly not attempting to compete with his/her employer.
Assuming that all of the above are true, any attempt to wrestle the shareware from the hands of the developer by the employer is, itself, extortion. The employee is the victim.
If the above are all true, Apple would loose in court (and badly). The developer could make millions by suing, and would deserve to.
However, it is probably not that clear. Knowing Apple, I must assume that one or more of the above assertions are not true, giving Apple a true claim to this code. Apple does not generally act like this.
Their only strength was hardware and support. Now they will ship commodity hardware and compete with a company that kicks ass in support (IBM). I kinda feel sorry for them, they should have fired Scott McNealy LOONG time ago.
Not true. It's not like Sun is going to stop doing what it normally does. It is simply expanding it's product offerings in the same way that IBM has.
People that were going to buy AMD or x86 now have the option of going with Sun, where they would have had to chosen a different vendor before.
Perhaps my comment was hasty, but I am a veteran coder from the valley, and I'll tell you what: $252 for a parser? $336 for a Phonetic pattern matcher? My rates were $150+ / hour... From my POV, this is exploitation...
If these rates are cool for you, more power to you. Sorry for getting down on something you like.
In fact, if this is something that you guys enjoy, then my apologies. But I watched systematic exploitation of talent for over a decade, where those being exploited were making MUCH MORE than these little numbers. I just have a soft spot for talent and real trigger for those that take advantage.
BTW: These projects that are listed, how do you claim the money? If you volunteer, are you guaranteed to cash in when you turn in your work? Or are you taking a chance that someone else will also turn in the work and get paid instead?
I just got done taking a look at www.topcoder.com. I must say, outside of a few real competition related challenges, this site appears to me to be a complete exploitation scam to get practically free consulting.
The people who are competing for prizes are, AFAICT, donating their labor to solve real problems for real companies. Take a look at the set of current "competitions" here
Or, how about this quote (trying to lure "customers", ahem... Donations for competitions):
What Our Customers Are Saying
"What makes Topcoder unique among component library vendors is their development strategy. It harnesses the strength of the global development community that has been so effective in creating the GNU tools, Linux kernel, Apache and the rest of the components that have formed the backbone of the modern day Internet, ensuring quality through rigorous peer review and testing while at the same time providing the contributors some additional incentive to participate in the process."
or, this one:
Over 30,000 developers are competing to build your next application. Learn how TopCoder delivers high-quality software at a lower cost than the competition.
So, do you want to work for free, for a chance to win less than you would have made in your job to do the same thing? All for the opportunity to get listed as a good coder on a site that exploits you?
Would someone with appropriate credentials (e.g. Computer Scientist, Security Researcher) please start an online petition requesting that only Open Source Software be allowed to be used in elections.
Without transparency, there is simply no assurance. This issue is incredibly important. I don't know how else a movement to push Open Source in elections can be started, perhaps there is a better way. But for now, perhaps a petition is a decent door-opening move?
Well, a nuclear weapon can kill at most, what, 30 million people? 60? What is the most populated geographic region in the world that a nuke could take out? I am reasonably certain that it couldn't happen by acciedent, however...
A bad virus could kill, what, almost all of us? And it could be an accident... (The movie Andromeda strain comes to mind)... hmmm....
There is a high cost of progress here. However, it is progress. It may be the only way to combat certain viral diseases and deliver gene therepy (introducing custom viruses)...
OSS did not become important (mainstream) because people were working on it to make it mainstream. OSS became important because it matured as people worked on it because it was important to them.
That will never change.
They cannot break our spirit, for we do not care if they like us. They cannot run us out of business, for it is our passion not our livelihood. They cannot deceive us, because it is in the open. They cannot lie about us, for we hide nothing. They cannot fight us, for we are legion.
Someday, the OSS movement will be looked upon as an emergent enlightenment comparable to the expression of the scientific principal and the enlightenment that occured as the result of the unencumbered distribution of scientific knowledge.
Companies like Microsoft will be remembered as malicious entities, profiteering on ignorance, with a great deal to loose from any "enlightenment".
If you were using OS X, you would want Bluetooth in your phone... Believe me.
Windows XP... $399 Good cellphone... $300 Another good cellphone, after you lost your last one at the bar... $300 Re-entering all your phone numbers... Impossible...
Automagic syncing of your addressbook with iSync and Bluetooth... Priceless...
Any watershed advancement like this produces (1) Advantages, (2) Disadvantages and (3) Chaos. Generally, that means (in order) (1) Profits and efficiency if you are on the receiving end of the technology advancements, (2) Unemployment, obsolescence or business/financial ruin if you are on the wrong end of the technology advancement and (3) some degree of Wild-West while laws, regulations and cultural adaptation has not caught up to the new status-quoe.
It Amplifies People a LOT. The issue as always will be the morals of those being Amplified, and will we allow this to cause others to be lost in the "noise."
An interesting observation. I assume that you mean fewer people focusing fewer resources into transportation and therefore able to focus on other things (thereby making other human endeavors more efficient with the same number of people). I agree.
However, this would be a very gradual process (going to autonomous transportation tech). We will probably see it first in commercial vehicles as some sort of driver assist (think cruise-control that can change lanes and slow-down or speed-up based on traffic).
After many years or decades, perhaps, we will see full-scale auto-pilot in vehicles. No doubt, this would have to be accompanied by massive alarms when the unexpected happens, forcing the required human occupant (or remote emergency operators) to take control. I imagine the backlash when accidents occur and deaths insue...
About the same time that we are probably struggling with the idea of machine rights (maybe 50 years from now), it may be that more machine-operated vehicles are in use than human-operated. Because this will no doubt be a slow process of adoption, perhaps we won't really notice the changes that it is making to our societies or economics...
The only way passphrases can be secure is if they are not easily typeable. Adding the "easily remembered, easily typed" constraint on a key is a huge constraint!
Brute force this: "My turtle is 3ke"
Pretty easy to remember, and to type. Completely resistant to dictionairy attacks because of the 3 random characters at the end of the phrase (which are easy to remember). Your search space to find this is essentially the same as that when you are trying to break a variable length passphrase of random characters. You could brute-force it with efficiency on the order of 36^17 ~= 36^16+36^15+36^14+... because it is 16 characters out of a pool of 36, variable length (assuming the brute force starts at length 1 and keeps going). This equates, roughly, to about 87 bits of keying material without taking into account additional bits generated through salting in the key generation function (log2(36^17)).
So, perhaps we should add punctuation "My turtle! is 3ke" - this should change efficiency to something around 64^18. This equates, roughly, to about 108 bits of keying material without salts, much more with salts (log2(64^18). Nothing to scoff at, considering the difficulty of breaking >100 bit symmetric keys.
Conclusion: With proper keygeneration and salting, this technique can easily give high bit keyspaces from small dictionairy-resistant passphrases.
The original point is valid: if most users are going to use easily-typed English words, that's the weak point of the system people are going to attack. [linebreak]
In that sense, for the overwhelming majority of Mac users, it wouldn't matter if the cryptosystem used DES, or even pkzip-encryption; a determined attacker is going to break the system with the password.
Hmmm... This is a good point. However, I believe this is very easily corrected by Apple. Let's discuss this for a moment
The issue is "If users use one or more simple dictionairy words as a passphrase, their passphrases can be in recovered by a dictionairy brute-force attack."
First: A large percentage of those who actually need the protection offered by home-directory encryption already know about the dangers of dictionairy based passwords/passphrases (because of familiarity with security [remember, these are the ones that actually need it] ).
Second: Key generation from passphrases can be extremely secure, so long as dictionairy attacks (and the like) are not effective.
Third: This is the part Apple needs to do. When enabling encryption, Apple should bring up a new password generation/creation dialog that clearly explains to the user the dangers of dictionairy and short passwords. This dialog should do a check on any user-entered password and indicate dangers it sees. This is a simple thing, and if Apple hasn't already thought about this, there is a reasonable chance that they will (with some advice from it's userbase).
Conclusion: For a large class of users who actually needs this type of encryption, their need alone provides them with a level of security awareness that will help them choose passphrases that are immune to dictionairy attacks. The majority of the other class of users will never experience attacks, because no one would bother. For the small population of users who requires this type of security, but does not have the sophistication to know they need to be careful with passphrases, we need education and possibly a password wizard attached to encryption activation.
It seems we were selling personal information to marketing firms. I found that the firms we serviced had no knowledge of that, so I refused to write the code. Of course I got fired,had a company officer watch me pack my things, and escort me to the door, all the while trying to convince me they were doing nothing wrong, and I shouldn't mention this to anyone, blah blah blah.
They were in the wrong to do this and to fire you for it. You could sue.
But regardless of whether you sue or not, how about providing us with the name of the Business, the type of violations they were making and the businesses that they were doing business with that were not made aware that their private customer data was being shared for profit.
This type of personal information peddling is illegal, imoral and can cause very significant damage to innocent people (e.g. Insurance companies dropping people, loss of jobs, etc..).. Whenever anyone discovers this type of thing, it is VERY IMPORTANT to get it out in the open so that it can be dealt with.
Keys and Passphrases are not stored / not hackable
on
Review of Mac OS X 10.3
·
· Score: 4, Informative
I posted this elsewhere, in a deeper comment, but I think it is worthwhile to address this to your original comment to stop the confusion that your comment might have caused.
2048 bit encryption is useless if the key is protected by a short, english passphrase - you may as well just have the short english passphrase as the key. You have to separate key and data to make it worthwhile. [newline]
Unless the keys can be held on removable USB pen drives or similar then a simple brute force attack against the passphrase will give you the key required to decrypt the data. [newline]
This is the problem with many CD encryption programms - sure the disc is encrypted, but the encryption/decryption algorythm is on the disk as well, and so is the key - just obfusicated a little using a simple function that is keyed with a short passphrase that can easily (at least compared to finding the long key) be found.
You are making a common mistake that many people not involved in crypto/security make regarding passwords and encryption. You believe that the AES key is stored somewhere, unlocked by a passphrase. It is not. The AES key is algorithmically derived from the passphrase.
When you enter your passphrase, that passphrase essentially acts as a source for a strong cryptographic hash function. The result of the cryptographic hash is the encryption key. There is never a time that your passphrase, your key or anything related to either is ever stored on the hard-drive.
Brute force against such hash functions with variable-length passphrases is VERY VERY HARD. In fact, there are very few techniques that provide better key retrieval security.
And when exactly does your Mac ask you to enter the AES key? Oh, it doesn't, it asks you to enter a passphrase to unlock the AES key.
You are making a common mistake that many people not involved in crypto/security make regarding passwords and encryption. You believe that the AES key is stored somewhere, unlocked by a passphrase. It is not. The AES key is algorithmically derived from the passphrase.
When you enter your passphrase, that passphrase essentially acts as a source for a strong cryptographic hash function. The result of the cryptographic hash is the encryption key. There is never a time that your passphrase, your key or anything related to either is ever stored on the hard-drive.
Brute force against such hash functions with variable-length passphrases is VERY VERY HARD.
Sun Micrososystem is a company that built it's success through UNIX eliteism. Much like Apple, Sun was a company that you were proud to do business with. They had some of the greatest minds in the industry working for them (Bill Joy, James Gosling,...), they sold the coolest hardware which often was even the fastest hardware (but not neccessarily - it was mostly fast enough). They had great support, etc... It was a COOL company to work for, with, or be a customer of.
Today, they are the same company they were 6 years ago. With the same operating system, the same hardware, but without the cool people and in fact without much at all that is still cool. The fact that they haven't changed with the times is exactly the problem.
In order for Sun to fix itself, it needs:
A super cool, fast and cheap workstation. We are talking a cheap 4-way (or 8-way) Opteron with a 3D display or something similar. It has to be the best bang-for-the-buck on the market with features and "cool factor" that no-one else has. McNeally should walk across the street from the Cupertino campus and ask Jobs how to make this happen.
To re-build their reputation as the price/performance leader. This is what kept their financial engines running strong through the 90s and they need to do it again. Even if they have to sell at cost in order to build the economy of scale, they MUST do this and do it NOW. They should shift to AMD processors in a huge way until their multi-core ultrasparcs hit, they should do whatever is neccessary. Period.
They need to kiss and make-up with IBM. IBM can make a good partner for Sun. But Sun has alienated IBM and now IBM sees them as a pesky competitor instead of a competitive partner as Sun needs them to.
They need a new center of gravity. Java was a perfect center-of-gravity for a long time. But Java is boring now. Nobody cares anymore... Sun has hundreds, if not thousands, of beautiful research projects that are sexy and cool... These generally stay research, which is unfortunate. They need to go harvest a couple of these and revv up their PR engines..
The greatest mistake that Sun can make right now is to assume that they will "pull out" of their death-spiral by making Java Desktops and waiting for the next generation of ultra-sparcs to hit. That is exactly how they can guarantee their own death. To live, they must kill their own business and allow the new, innovate stuff that they have in their labs to rise like a pheonix from the ashes of what was killed.
Please, don't let my wife know about this. Can you imagine?
"What were you doing at that strip-bar, AGAIN?"
My god! What are we in the process of doing to ourselves? Hmmm, then again, maybe I can sign her phone up for it and just keep it to myself.... Hmmm....
All jokes aside, I believe that the truth is, we are morally messy thinking meat. We are not supposed to know some things, for our own good. These types of technologies will someday threaten the very foundations of our society.
All this talk about Apple moving to Intel architecture neglects the most important current fact: As of right now, Apple has the best hardware. The Dual G5 has the best bus, the fastest interconnects, the best peripheral support and the best (in my opinion) Operating System.
Why would Apple be interested in an endeavor that guarantees massive headaches (heterogenous hardware support), sends a mixed signal to the marketplace (about which platform is better) in order to run their OS on a platform that would have no (ZERO, NADA) application support for years and, again, would run slower than what is currently shipping from Apple?
This whole article seems like FUD to try to cloud the issue (that Apple has surpassed WinTel) to me.
When you're buying commercial software you get some or all of....
Go to the URL, find the name and email of the primary author of the software and send him an email. In your email, explain the situation and invite him for a consultation. Offer to pay airfare and expenses and, perhaps, a small consulting fee for the day. Your total expense for this will be insignificant compared to the procurement costs for commercial software.
What you will find is that the person who shows up is an absolute expert in the software (he wrote it), will be happy to work for you as a consultant making your improvements and bugfixes (guaranteed to be competent, since he wrote it) and will probably leave you on that day with a fully operational and configured system at your location, for the cost of his visit.
If you would prefer power-point presentations from a salesman who probably has never really used the software that he is selling outside of presentation environments to be followed by incredibly high licensing costs, delays and lock-in consultants at outrageous prices that cannot even modify the software that you bought, take the proprietary course that you mentioned.
But I sincerely hope, for your sake, that you will give my suggestion a "go around".;-)
It is totally within the power of your ISP to create these types of business relationships and inform you on your billing statement of new "optional" charges.
So long as they inform you, they have no liability. It becomes your problem. If they can show logs that trace transactable actions to your IP address, you will be liable.
I have been anticipating this happening for years. We are lucky that we have been able to avoid it for this long. But make no mistake, this e-commerce approach is absolutely inevitable.
On a positive note, technology countermeasures will spring into existance, and the new "source" of revenue will generate many innovative and cool services that are actually worthwhile.
For one thing, when businesses get really really big and complex, I suppose the left hand doesn't know what the right hands doing, and the business "owners" don't really know what it's doing either. It just sort of runs, but they don't really know how.
Maybe, theoretically, they could issue an order down, like "Hey, only package your chips over here," right? But could it actually work? Maybe not! Maybe that'd cause all these huge social uphevals.
Maybe businesses, once formed, are like parts of a gigantic organic system. You might not be able to just suddenly uproot a major artery, and move it somewhere else, without having major effects on yourself, your environment, and whatever else plays a part (who really knows what, right?).
So, I don't know. Is it really hypocracy? Maybe powerful people aren't really as powerful as we imagine them to be?
You show extremely uncommon insight in these observations. Large corporations in fact act very much like complex organisms. Much like a fractal, individuals make up groups and teams and those combine in other, complex ways to create projects, goals, working groups, divisions, etc... Eventually there is a gestault that forms which is the dynamic organism (corporation) itself.
Executives tend not to understand day-to-day operations and are certainly scared to send down orders that may affect time-tables and the bottom line. In a sense, executives are often rendered helpless to impose such broad orders as "keep all work in the states". When they do such stupid things (and this works both ways, btw - ordering outsourcing does the same thing), the results can be catastrophic and usually are.
An interesting affect of this meta-organsims stuff is that individuals (any) generally CANNOT effectively force change in issues such as outsource or don't outsorce, but other meta-organisms (such as governments) in fact CAN. By placing tarrifs and other economic pressures on the bottom line, government regulations put adaptive, organizational pressure on corporations. The result is that the corporations adapt by naturally optimizing around the new regulatory landscape and the goals of the regulations often end up being achieved.
So wether you agree or don't agree with the idea of regulating such things, there is reason to believe that they are in fact natural and neccessary controls by high-order organisms (such as the state we live in).
I applaud the previous poster's point of view and insight. But, of course, we may both just have the same curious form of dementia;-)
You have very specific skills and experience that places you in a unique position. If this product is truly important to the company that has approached you, then you are in a highly priviledged negotiating position.
In the Silicon Valley, when I did contract or consulting work, my rates ranged from $80 / hour up to $250 / hour depending on what it was doing and how much flexibility (read: responsibility) that I had.
If you are working from home, when you want and not having to deal with the daily grind of their organization, you should probably charge per "milestone" (e.g. put a price on each feature or bug-fix that is requested). This price should reflect the complexity of the feature as well as the market prices that the target company is used to paying. In general, you should never charge less than $2k for any feature or basket of bug fixes, and never more than $15-20k (depending on how large the feature request is). It is really okay to have a chat with the manager who is authorizing each feature, start by asking "what do you expect to pay for X" and be prepared to gently press him/her higher. Your job is to try to find the highest price for each feature that he/she is comfortable with. If you are also comfortable there, do it.
If you are going to spend time at the company, you should charge hourly rates. These rates should be HIGH in comparison to local consulting/contracting rates because of your unique position as author/co-author of the product that they want you to work on. If you are in northern California or the East Coast, for instance, you should not agree to work on the customer premises for less than $100 / hour. And depending on who you would be working for, the duration of the contract, what you will be working on and the demands placed on you, you may be able to push that as high as $200 - $300 / hour. Generally, the shorter the contract, the higher the rate.
Whatever you do, don't take the "donate your time" attitude that you have in developing Open-Source software and direct it at a profitable business. Giving to the community is one thing, and very noble. But when it comes to business, nobility is derived from profit.
An older buddy of mine got scared, called, and said that he would stop sharing files. They told him to delete everything and that he would not be charged. End of story. They never took his name, number, sent him a get-out-of-free card, or anything.
Someone should repeat that expiriment and record the phone call, making sure that somewhere in the exchange validating information is provided by the representative of the RIAA. That phone call (if legit) could provide amnesty for anyone if posted to the Internet. All one would have to do is delete their MP3s and invoke the phone call as their defense.
I agree, the whole thing is fishy if claims have to be signed by the people and can't be processed by a third party, but it's not like MS is being reasonable here.
Because of E-Sign legislation, a digital signature is as valid as a written signature. Believe it or not, the legislation allows for any type of digital signature (the veracity of each to eventually be tested in court, if need be). So, for instance, an email exchange between the consumer and the freepc website should legally constitute a signature, and the complexity (and restrictions) that everyone here is talking about can be avoided.
Correct me if I'm wrong, but I guess 200-400$ aren't that little for a poor Indian. Apart from that fact that I have to wonder whatfor people living in some **** slum need a computer!
I'm not sure how it works in India, but it is probably (please correct me if I'm wrong) similar to the Philippines where the average college graduate makes about $300 / month.
If you assume that the average college graduate in the US makes $3k - $4k / month, then a fair comparison would be a $3500 computer in the U.S. to a $300 computer in the Philippines (or perhaps, India). From an expense point of view, it is likely to be affordable (although certainly a luxury).
But to imagine that these people do not wish to communicate, learn and reach out to the world through the Internet is fairly ignorant. In my experience with families from the third world, a computer (and even a broadband connection, which can be had for pennies on our dollars) is more desirable than a telephone or television.
My conclusion? The simputer may not fit the bill, but the need and economics are right on.
Haul it up to 36k feet, and then it takes a relatively trivial amount of energy to get it to a speed for orbit, since it isn't fighting a stronger force (gravity) at the same time. Also, if you are patient, and can take a week or a month to get the unit up to speed, it will take a very small engine (ie: efficient) to build up the necessary speed.
I know it isn't intuitively obvious, but the center of gravity of the space elevator is already traveling at orbital velocity, otherwise it wouldn't be stationairy relative to a fixed point on earth. Given this, it would take no (ZERO) energy to get a satellite from that point up to speed.
Of course, I am not sure where the actual space elevator station would be located relative to the center of gravity and I suppose that could be an issue. But I would certainly think that having it located at the center of gravity would be convenient;-)
Slashdot Mirror
If the developer has done his job at Apple, then clearly any shareware that he developed did not interfere with his job. This is enough to satisfy a jury or judge that the development of the shareware was not something that competed with his job, or in fact had anything to do with his job.
If the developer's job is clearly unrelated to the shareware developed, there can be no claim on intellectual property leakage.
If the developer can show that his job does not provide him with the privelege of seeing any future marketing plans that may allow him to understand that his shareware is potentially related to future plans of his employer, then the developer is clearly not attempting to compete with his/her employer.
Assuming that all of the above are true, any attempt to wrestle the shareware from the hands of the developer by the employer is, itself, extortion. The employee is the victim.
If the above are all true, Apple would loose in court (and badly). The developer could make millions by suing, and would deserve to.
However, it is probably not that clear. Knowing Apple, I must assume that one or more of the above assertions are not true, giving Apple a true claim to this code. Apple does not generally act like this.
Their only strength was hardware and support. Now they will ship commodity hardware and compete with a company that kicks ass in support (IBM). I kinda feel sorry for them, they should have fired Scott McNealy LOONG time ago.
Not true. It's not like Sun is going to stop doing what it normally does. It is simply expanding it's product offerings in the same way that IBM has.
People that were going to buy AMD or x86 now have the option of going with Sun, where they would have had to chosen a different vendor before.
Perhaps my comment was hasty, but I am a veteran coder from the valley, and I'll tell you what: $252 for a parser? $336 for a Phonetic pattern matcher? My rates were $150+ / hour... From my POV, this is exploitation...
If these rates are cool for you, more power to you. Sorry for getting down on something you like.
In fact, if this is something that you guys enjoy, then my apologies. But I watched systematic exploitation of talent for over a decade, where those being exploited were making MUCH MORE than these little numbers. I just have a soft spot for talent and real trigger for those that take advantage.
BTW: These projects that are listed, how do you claim the money? If you volunteer, are you guaranteed to cash in when you turn in your work? Or are you taking a chance that someone else will also turn in the work and get paid instead?
The people who are competing for prizes are, AFAICT, donating their labor to solve real problems for real companies. Take a look at the set of current "competitions" here
Or, how about this quote (trying to lure "customers", ahem... Donations for competitions):
or, this one:
So, do you want to work for free, for a chance to win less than you would have made in your job to do the same thing? All for the opportunity to get listed as a good coder on a site that exploits you?
If so, be embarrassed... Be very embarrassed.
Would someone with appropriate credentials (e.g. Computer Scientist, Security Researcher) please start an online petition requesting that only Open Source Software be allowed to be used in elections.
Without transparency, there is simply no assurance. This issue is incredibly important. I don't know how else a movement to push Open Source in elections can be started, perhaps there is a better way. But for now, perhaps a petition is a decent door-opening move?
A bit like a nuclear bomb, in its own way...
Well, a nuclear weapon can kill at most, what, 30 million people? 60? What is the most populated geographic region in the world that a nuke could take out? I am reasonably certain that it couldn't happen by acciedent, however...
A bad virus could kill, what, almost all of us? And it could be an accident... (The movie Andromeda strain comes to mind)... hmmm....
There is a high cost of progress here. However, it is progress. It may be the only way to combat certain viral diseases and deliver gene therepy (introducing custom viruses)...
Chilling is right...
OSS did not become important (mainstream) because people were working on it to make it mainstream. OSS became important because it matured as people worked on it because it was important to them.
That will never change.
They cannot break our spirit, for we do not care if they like us. They cannot run us out of business, for it is our passion not our livelihood. They cannot deceive us, because it is in the open. They cannot lie about us, for we hide nothing. They cannot fight us, for we are legion.
Someday, the OSS movement will be looked upon as an emergent enlightenment comparable to the expression of the scientific principal and the enlightenment that occured as the result of the unencumbered distribution of scientific knowledge.
Companies like Microsoft will be remembered as malicious entities, profiteering on ignorance, with a great deal to loose from any "enlightenment".
If you were using OS X, you would want Bluetooth in your phone... Believe me.
Windows XP... $399
Good cellphone... $300
Another good cellphone, after you lost your last one at the bar... $300
Re-entering all your phone numbers... Impossible...
Automagic syncing of your addressbook with iSync and Bluetooth... Priceless...
Any watershed advancement like this produces (1) Advantages, (2) Disadvantages and (3) Chaos. Generally, that means (in order) (1) Profits and efficiency if you are on the receiving end of the technology advancements, (2) Unemployment, obsolescence or business/financial ruin if you are on the wrong end of the technology advancement and (3) some degree of Wild-West while laws, regulations and cultural adaptation has not caught up to the new status-quoe.
It Amplifies People a LOT. The issue as always will be the morals of those being Amplified, and will we allow this to cause others to be lost in the "noise."
An interesting observation. I assume that you mean fewer people focusing fewer resources into transportation and therefore able to focus on other things (thereby making other human endeavors more efficient with the same number of people). I agree.
However, this would be a very gradual process (going to autonomous transportation tech). We will probably see it first in commercial vehicles as some sort of driver assist (think cruise-control that can change lanes and slow-down or speed-up based on traffic).
After many years or decades, perhaps, we will see full-scale auto-pilot in vehicles. No doubt, this would have to be accompanied by massive alarms when the unexpected happens, forcing the required human occupant (or remote emergency operators) to take control. I imagine the backlash when accidents occur and deaths insue...
About the same time that we are probably struggling with the idea of machine rights (maybe 50 years from now), it may be that more machine-operated vehicles are in use than human-operated. Because this will no doubt be a slow process of adoption, perhaps we won't really notice the changes that it is making to our societies or economics...
This is certainly an interesting topic.
The only way passphrases can be secure is if they are not easily typeable. Adding the "easily remembered, easily typed" constraint on a key is a huge constraint!
Brute force this: "My turtle is 3ke"
Pretty easy to remember, and to type. Completely resistant to dictionairy attacks because of the 3 random characters at the end of the phrase (which are easy to remember). Your search space to find this is essentially the same as that when you are trying to break a variable length passphrase of random characters. You could brute-force it with efficiency on the order of 36^17 ~= 36^16+36^15+36^14+... because it is 16 characters out of a pool of 36, variable length (assuming the brute force starts at length 1 and keeps going). This equates, roughly, to about 87 bits of keying material without taking into account additional bits generated through salting in the key generation function (log2(36^17)).
So, perhaps we should add punctuation "My turtle! is 3ke" - this should change efficiency to something around 64^18. This equates, roughly, to about 108 bits of keying material without salts, much more with salts (log2(64^18). Nothing to scoff at, considering the difficulty of breaking >100 bit symmetric keys.
Conclusion: With proper keygeneration and salting, this technique can easily give high bit keyspaces from small dictionairy-resistant passphrases.
The original point is valid: if most users are going to use easily-typed English words, that's the weak point of the system people are going to attack. [linebreak] In that sense, for the overwhelming majority of Mac users, it wouldn't matter if the cryptosystem used DES, or even pkzip-encryption; a determined attacker is going to break the system with the password.
Hmmm... This is a good point. However, I believe this is very easily corrected by Apple. Let's discuss this for a moment
The issue is "If users use one or more simple dictionairy words as a passphrase, their passphrases can be in recovered by a dictionairy brute-force attack."
First: A large percentage of those who actually need the protection offered by home-directory encryption already know about the dangers of dictionairy based passwords/passphrases (because of familiarity with security [remember, these are the ones that actually need it] ).
Second: Key generation from passphrases can be extremely secure, so long as dictionairy attacks (and the like) are not effective.
Third: This is the part Apple needs to do. When enabling encryption, Apple should bring up a new password generation/creation dialog that clearly explains to the user the dangers of dictionairy and short passwords. This dialog should do a check on any user-entered password and indicate dangers it sees. This is a simple thing, and if Apple hasn't already thought about this, there is a reasonable chance that they will (with some advice from it's userbase).
Conclusion: For a large class of users who actually needs this type of encryption, their need alone provides them with a level of security awareness that will help them choose passphrases that are immune to dictionairy attacks. The majority of the other class of users will never experience attacks, because no one would bother. For the small population of users who requires this type of security, but does not have the sophistication to know they need to be careful with passphrases, we need education and possibly a password wizard attached to encryption activation.
It seems we were selling personal information to marketing firms. I found that the firms we serviced had no knowledge of that, so I refused to write the code. Of course I got fired ,had a company officer watch me pack my things, and escort me to the door, all the while trying to convince me they were doing nothing wrong, and I shouldn't mention this to anyone, blah blah blah.
They were in the wrong to do this and to fire you for it. You could sue.
But regardless of whether you sue or not, how about providing us with the name of the Business, the type of violations they were making and the businesses that they were doing business with that were not made aware that their private customer data was being shared for profit.
This type of personal information peddling is illegal, imoral and can cause very significant damage to innocent people (e.g. Insurance companies dropping people, loss of jobs, etc..).. Whenever anyone discovers this type of thing, it is VERY IMPORTANT to get it out in the open so that it can be dealt with.
I posted this elsewhere, in a deeper comment, but I think it is worthwhile to address this to your original comment to stop the confusion that your comment might have caused.
2048 bit encryption is useless if the key is protected by a short, english passphrase - you may as well just have the short english passphrase as the key. You have to separate key and data to make it worthwhile. [newline] Unless the keys can be held on removable USB pen drives or similar then a simple brute force attack against the passphrase will give you the key required to decrypt the data. [newline] This is the problem with many CD encryption programms - sure the disc is encrypted, but the encryption/decryption algorythm is on the disk as well, and so is the key - just obfusicated a little using a simple function that is keyed with a short passphrase that can easily (at least compared to finding the long key) be found.
You are making a common mistake that many people not involved in crypto/security make regarding passwords and encryption. You believe that the AES key is stored somewhere, unlocked by a passphrase. It is not. The AES key is algorithmically derived from the passphrase.
When you enter your passphrase, that passphrase essentially acts as a source for a strong cryptographic hash function. The result of the cryptographic hash is the encryption key. There is never a time that your passphrase, your key or anything related to either is ever stored on the hard-drive.
Brute force against such hash functions with variable-length passphrases is VERY VERY HARD. In fact, there are very few techniques that provide better key retrieval security.
And when exactly does your Mac ask you to enter the AES key? Oh, it doesn't, it asks you to enter a passphrase to unlock the AES key.
You are making a common mistake that many people not involved in crypto/security make regarding passwords and encryption. You believe that the AES key is stored somewhere, unlocked by a passphrase. It is not. The AES key is algorithmically derived from the passphrase.
When you enter your passphrase, that passphrase essentially acts as a source for a strong cryptographic hash function. The result of the cryptographic hash is the encryption key. There is never a time that your passphrase, your key or anything related to either is ever stored on the hard-drive.
Brute force against such hash functions with variable-length passphrases is VERY VERY HARD.
Today, they are the same company they were 6 years ago. With the same operating system, the same hardware, but without the cool people and in fact without much at all that is still cool. The fact that they haven't changed with the times is exactly the problem.
In order for Sun to fix itself, it needs:
- A super cool, fast and cheap workstation. We are talking a cheap 4-way (or 8-way) Opteron with a 3D display or something similar. It has to be the best bang-for-the-buck on the market with features and "cool factor" that no-one else has. McNeally should walk across the street from the Cupertino campus and ask Jobs how to make this happen.
- To re-build their reputation as the price/performance leader. This is what kept their financial engines running strong through the 90s and they need to do it again. Even if they have to sell at cost in order to build the economy of scale, they MUST do this and do it NOW. They should shift to AMD processors in a huge way until their multi-core ultrasparcs hit, they should do whatever is neccessary. Period.
- They need to kiss and make-up with IBM. IBM can make a good partner for Sun. But Sun has alienated IBM and now IBM sees them as a pesky competitor instead of a competitive partner as Sun needs them to.
- They need a new center of gravity. Java was a perfect center-of-gravity for a long time. But Java is boring now. Nobody cares anymore... Sun has hundreds, if not thousands, of beautiful research projects that are sexy and cool... These generally stay research, which is unfortunate. They need to go harvest a couple of these and revv up their PR engines..
The greatest mistake that Sun can make right now is to assume that they will "pull out" of their death-spiral by making Java Desktops and waiting for the next generation of ultra-sparcs to hit. That is exactly how they can guarantee their own death. To live, they must kill their own business and allow the new, innovate stuff that they have in their labs to rise like a pheonix from the ashes of what was killed.http://www.ulocate.com/
Please, don't let my wife know about this. Can you imagine?
"What were you doing at that strip-bar, AGAIN?"
My god! What are we in the process of doing to ourselves? Hmmm, then again, maybe I can sign her phone up for it and just keep it to myself.... Hmmm....
All jokes aside, I believe that the truth is, we are morally messy thinking meat. We are not supposed to know some things, for our own good. These types of technologies will someday threaten the very foundations of our society.
All this talk about Apple moving to Intel architecture neglects the most important current fact: As of right now, Apple has the best hardware. The Dual G5 has the best bus, the fastest interconnects, the best peripheral support and the best (in my opinion) Operating System.
Why would Apple be interested in an endeavor that guarantees massive headaches (heterogenous hardware support), sends a mixed signal to the marketplace (about which platform is better) in order to run their OS on a platform that would have no (ZERO, NADA) application support for years and, again, would run slower than what is currently shipping from Apple?
This whole article seems like FUD to try to cloud the issue (that Apple has surpassed WinTel) to me.
When you're buying commercial software you get some or all of....
;-)
Go to the URL, find the name and email of the primary author of the software and send him an email. In your email, explain the situation and invite him for a consultation. Offer to pay airfare and expenses and, perhaps, a small consulting fee for the day. Your total expense for this will be insignificant compared to the procurement costs for commercial software.
What you will find is that the person who shows up is an absolute expert in the software (he wrote it), will be happy to work for you as a consultant making your improvements and bugfixes (guaranteed to be competent, since he wrote it) and will probably leave you on that day with a fully operational and configured system at your location, for the cost of his visit.
If you would prefer power-point presentations from a salesman who probably has never really used the software that he is selling outside of presentation environments to be followed by incredibly high licensing costs, delays and lock-in consultants at outrageous prices that cannot even modify the software that you bought, take the proprietary course that you mentioned.
But I sincerely hope, for your sake, that you will give my suggestion a "go around".
It is totally within the power of your ISP to create these types of business relationships and inform you on your billing statement of new "optional" charges.
So long as they inform you, they have no liability. It becomes your problem. If they can show logs that trace transactable actions to your IP address, you will be liable.
I have been anticipating this happening for years. We are lucky that we have been able to avoid it for this long. But make no mistake, this e-commerce approach is absolutely inevitable.
On a positive note, technology countermeasures will spring into existance, and the new "source" of revenue will generate many innovative and cool services that are actually worthwhile.
For one thing, when businesses get really really big and complex, I suppose the left hand doesn't know what the right hands doing, and the business "owners" don't really know what it's doing either. It just sort of runs, but they don't really know how.
;-)
Maybe, theoretically, they could issue an order down, like "Hey, only package your chips over here," right? But could it actually work? Maybe not! Maybe that'd cause all these huge social uphevals.
Maybe businesses, once formed, are like parts of a gigantic organic system. You might not be able to just suddenly uproot a major artery, and move it somewhere else, without having major effects on yourself, your environment, and whatever else plays a part (who really knows what, right?).
So, I don't know. Is it really hypocracy? Maybe powerful people aren't really as powerful as we imagine them to be?
You show extremely uncommon insight in these observations. Large corporations in fact act very much like complex organisms. Much like a fractal, individuals make up groups and teams and those combine in other, complex ways to create projects, goals, working groups, divisions, etc... Eventually there is a gestault that forms which is the dynamic organism (corporation) itself.
Executives tend not to understand day-to-day operations and are certainly scared to send down orders that may affect time-tables and the bottom line. In a sense, executives are often rendered helpless to impose such broad orders as "keep all work in the states". When they do such stupid things (and this works both ways, btw - ordering outsourcing does the same thing), the results can be catastrophic and usually are.
An interesting affect of this meta-organsims stuff is that individuals (any) generally CANNOT effectively force change in issues such as outsource or don't outsorce, but other meta-organisms (such as governments) in fact CAN. By placing tarrifs and other economic pressures on the bottom line, government regulations put adaptive, organizational pressure on corporations. The result is that the corporations adapt by naturally optimizing around the new regulatory landscape and the goals of the regulations often end up being achieved.
So wether you agree or don't agree with the idea of regulating such things, there is reason to believe that they are in fact natural and neccessary controls by high-order organisms (such as the state we live in).
I applaud the previous poster's point of view and insight. But, of course, we may both just have the same curious form of dementia
You have very specific skills and experience that places you in a unique position. If this product is truly important to the company that has approached you, then you are in a highly priviledged negotiating position.
In the Silicon Valley, when I did contract or consulting work, my rates ranged from $80 / hour up to $250 / hour depending on what it was doing and how much flexibility (read: responsibility) that I had.
If you are working from home, when you want and not having to deal with the daily grind of their organization, you should probably charge per "milestone" (e.g. put a price on each feature or bug-fix that is requested). This price should reflect the complexity of the feature as well as the market prices that the target company is used to paying. In general, you should never charge less than $2k for any feature or basket of bug fixes, and never more than $15-20k (depending on how large the feature request is). It is really okay to have a chat with the manager who is authorizing each feature, start by asking "what do you expect to pay for X" and be prepared to gently press him/her higher. Your job is to try to find the highest price for each feature that he/she is comfortable with. If you are also comfortable there, do it.
If you are going to spend time at the company, you should charge hourly rates. These rates should be HIGH in comparison to local consulting/contracting rates because of your unique position as author/co-author of the product that they want you to work on. If you are in northern California or the East Coast, for instance, you should not agree to work on the customer premises for less than $100 / hour. And depending on who you would be working for, the duration of the contract, what you will be working on and the demands placed on you, you may be able to push that as high as $200 - $300 / hour. Generally, the shorter the contract, the higher the rate.
Whatever you do, don't take the "donate your time" attitude that you have in developing Open-Source software and direct it at a profitable business. Giving to the community is one thing, and very noble. But when it comes to business, nobility is derived from profit.
An older buddy of mine got scared, called, and said that he would stop sharing files. They told him to delete everything and that he would not be charged. End of story. They never took his name, number, sent him a get-out-of-free card, or anything.
Someone should repeat that expiriment and record the phone call, making sure that somewhere in the exchange validating information is provided by the representative of the RIAA. That phone call (if legit) could provide amnesty for anyone if posted to the Internet. All one would have to do is delete their MP3s and invoke the phone call as their defense.
I agree, the whole thing is fishy if claims have to be signed by the people and can't be processed by a third party, but it's not like MS is being reasonable here.
Because of E-Sign legislation, a digital signature is as valid as a written signature. Believe it or not, the legislation allows for any type of digital signature (the veracity of each to eventually be tested in court, if need be). So, for instance, an email exchange between the consumer and the freepc website should legally constitute a signature, and the complexity (and restrictions) that everyone here is talking about can be avoided.
Correct me if I'm wrong, but I guess 200-400$ aren't that little for a poor Indian. Apart from that fact that I have to wonder whatfor people living in some **** slum need a computer!
I'm not sure how it works in India, but it is probably (please correct me if I'm wrong) similar to the Philippines where the average college graduate makes about $300 / month.
If you assume that the average college graduate in the US makes $3k - $4k / month, then a fair comparison would be a $3500 computer in the U.S. to a $300 computer in the Philippines (or perhaps, India). From an expense point of view, it is likely to be affordable (although certainly a luxury).
But to imagine that these people do not wish to communicate, learn and reach out to the world through the Internet is fairly ignorant. In my experience with families from the third world, a computer (and even a broadband connection, which can be had for pennies on our dollars) is more desirable than a telephone or television.
My conclusion? The simputer may not fit the bill, but the need and economics are right on.
Haul it up to 36k feet, and then it takes a relatively trivial amount of energy to get it to a speed for orbit, since it isn't fighting a stronger force (gravity) at the same time. Also, if you are patient, and can take a week or a month to get the unit up to speed, it will take a very small engine (ie: efficient) to build up the necessary speed.
;-)
I know it isn't intuitively obvious, but the center of gravity of the space elevator is already traveling at orbital velocity, otherwise it wouldn't be stationairy relative to a fixed point on earth. Given this, it would take no (ZERO) energy to get a satellite from that point up to speed.
Of course, I am not sure where the actual space elevator station would be located relative to the center of gravity and I suppose that could be an issue. But I would certainly think that having it located at the center of gravity would be convenient