They do... they provide corrupted songs to make it harder to find a good copy. It makes swarming capable systems about as inconveniant as the original Napster.
80. (1) Subject to subsection (2), the act of reproducing all or any substantial part of
(a) a musical work embodied in a sound recording,
(b) a performer's performance of a musical work embodied in a sound recording, or
(c) a sound recording in which a musical work, or a performer's performance of a musical work, is embodied
onto an audio recording medium for the private use of the person who makes the copy does not constitute an infringement of the copyright in the musical work, the performer's performance or the sound recording.
(2) Subsection (1) does not apply if the act described in that subsection is done for the purpose of doing any of the following in relation to any of the things referred to in paragraphs (1)(a) to (c):
(a) selling or renting out, or by way of trade exposing or offering for sale or rental;
(b) distributing, whether or not for the purpose of trade;
(c) communicating to the public by telecommunication; or
(d) performing, or causing to be performed, in public.
IANAL, but to me it sounds like I'm fine if I only share works that I have a right to distribute, I'm not breaking the law at all.
That's the ideal, but most students won't secure their computer if you don't make them, and they wouldn't even remove a worm if they weren't spontaneously rebooting. A bunch of infected computers like that long term could make it impossible to provide Internet access.
Having someone to hold the hand of everyone on the network costs a fortune.
I agree that's what the goal should be, but I don't think it's practical. Alternatively, you could disable the ability of computers to send packets to each other on the switch, and provide e-mail with webmail. I think that's probably easiest. Then the limited number of students that brought in infected computers could probably be dealt with individually.
I'm just a bit pissed at NYU ITS at the moment. They dropped the ball. Big time.
I like your idea because it won't break anything. Any of the gateways involved can be old versions without causing problems, and the client side can benefit without server support.
Something that might cause problems might be overzealous blocking of non certed gateways, but at least there's a way out now. If you want to run a mail server on your cable modem, you can get a cert rather than begging every ISP on the planet to believe you.
By default (on OpenBSD) sshd uses an unprivileged child process to deal with incoming connections, and the OpenSSH project is maintained by paranoid people that spend more time auditing code than writing code.
I highly doubt Apple charged them a cent for the OS license. Apple can get a tax writeoff for the sticker price of 1100 copies of OS X server unlimited client, but they can print the CD's for next to nothing. Donating them makes a LOT of sense.
Besides, if VT had to pay for the OS they would just take the hardware and use Linux.
>> "Of course, the bang/buck ratio could be an issue for some debate but there's little doubt that in comparison to other commercial unices it's an absolute bargain."
Apple may have given them a price break for the PR and tax writeoff.
Also, G5's are expensive in comparison with Athlon's and Pentiums, but against Xeons and Opterons it's different. And a lot of these clusters are being built with the higher end parts to reduce the TCO.
With IBM's XLC compiler, I don't see the G5 having much trouble keeping up if they stick to floats. Opteron's memory architechture gives it the edge in a lot of areas, but as the saying goes "The G5 is a floating point monster.".
They paid for the network and it's their property. They can do whatever they want with.
The requirement that you take precautions to keep your computer from being vulnerable is reasonable. Or if you like, they can just revoke your access for running a server. IIRC, most of these worms use tftp to distribute the worm binary. Then you need too figure out how to clean your computer without net access or their help, and the burden for getting back access would be higher.
They don't even need to change the policy to do that. Which would you prefer?
Tell them they will be disconnected if they let themselves be infected. Unplug them from the switch if they are.
Provide everything needed to repair and secure computers on CD, so people can upgrade before they plug in and repair without being connected. Include detailed instructions.
The problem is that the chip can't be fully tested until it's mounted in it's packaging, because the heat would not be dissipated fast enough to avoid damage. At least it used to be that way with the Pentium Pro's...
Also, having the processor cores on different die(s?) would dramatically reduce the efficiency of communication between them, and would dramatically reduce the density of the resulting system.
>> "She could, indeed have ripped and encoded it herself, even though it matches the MD5 hash of other people's mp3 file. That doesn't mean she downloaded it."
Correct. But if she's sharing it, one can be reasonably sure of what it is.
>> "there are likely a larger number of possible MD5 hashes of an mp3 file."
A larger number of possible hashes. Not a larger number of likely hashes. Most encoder programs use a library by someone else, and there's only a few of those that are popular.
GCC has limitations in some areas that may have limited the optimizations. This isn't just an issue on PPC. They may be fixable, but IBM would have to ask permission and convince people. Not worth the effort.
Right... but let's say that most differences are a result of reading beginning and ending at different points, which as I understand it is what leads to slightly diffferent rips. I'm assuming that the rate of actual misread bits is low, which is supported by the dude that did the experiment that resulted in identical rips on the same equipment.
Now, let's say the error on either side is plus or minus half a second... that's one second on either side, two seconds total, 44100 samples per second, 88200 samples total.
That's 88200 different MD5 digests for a given song. The individual hashes are vastly different but there's a small number of them. When you get a suspect file's MD5 digest, you just check it against all likely digests.
Who cares if it takes a few hundred terabytes of storage to store all the likely digests for all songs you're looking for? That'll cost less than the laywers.
That's one reason short passwords are insecure. The digest is not reversible, but the digests for common passwords are known. That, of course suggests the solution... add salt like they do with stored password hashes. The watermark technology pioneered by the RIAA could add salt pretty easily.
I still think IBM may buy them. They won't be willing to buy anything more than the devestated remains of SCO for pennies on the dollar, but they still might do it.
IANAL, so this is a question. I don't know the answer.
If he does fire you for not working hard enough, would you be able to sue him for wrongful termination? Presumeably, you would make sure there's a paper trail that provides good evidence that you were working hard, and medical evidence that sick days were stress related (eg: blood pressure of 140/100 when you're usually 105/75).
>> "I'm not sure. I have some doubts about the ripping process being as exact as you say."...yeah, me too. Hence my "unless something gets corrupted" disclaimer. But it's mostly the same, I think most differences have to do with length, so there aren't all that many different possibilities.
>> "It is also possible that, as someone else suggested, the magical mp3 fairy left those files behind on her hard drive. In fact, I would propose that the mp3 fairy theory is even more likely."
For loose definitions of "fairy", yes. eg child, friend, etc
>> "The only way that the MD5 hashes could be identical is if the two files are absolutely identical in every single bit."
Try the following: Install some CD ripping/encoding software. Leave it at the defaults. Use CDDB to generate the ID3 tags. Unless something gets corrupted, that *will* produce an identical file, down to the last bit.
I think the article is stupid, but Apple has won a LOT of support through standardization. Not only of what they look like, but how they're laid out. They've got very, very specific GUI guidelines, and that's a Very Good Thing. They're purely voluntary, but they create a consistancy between software included with the OS and 3rd party software that is unmatched elsewhere.
If KDE (or whoever) were to come out with similar guidelines and most people were to follow them, Linux would benefit. Every non-OS X UNIX would benefit.
It already is a consideration in many settings. Rackmount systems are the first to notice because of the density. As I understand it, any processor over 50 watts is pushing it for 1U applications. I think Sun is going to use mobile Athlon 64's for just that reason.
With Prescott set to top 100 watts, I think we've hit the limit of what desktop users are willing to tolerate. We're into "can't run it on summer afternoons" territory already. I've been using my laptop at home because of it.
(Un?)fortunately, as hackers our favorite way to combat this stuff is to a) write a program so slick that it's impossible to stop, or b) shake our fists at the sky with dramatic readings of source code and t-shirts and so forth.
There need to be lawsuits. The ACLU doesn't do everything right, but they'll go all out for what they believe in and they'll do it in court. Unfortunately, that's how it works in the US.
Slashdot Mirror
They do... they provide corrupted songs to make it harder to find a good copy. It makes swarming capable systems about as inconveniant as the original Napster.
The Copyright Act
check out part VIII.
IANAL, but to me it sounds like I'm fine if I only share works that I have a right to distribute, I'm not breaking the law at all.
Retailers will probably keep the CD's all priced the same.
If they don't, then the others will probably respond in kind.
A large expulsion of matter can change the trajectory too.
The Oort cloud has trillions potential comets, and their orbits are occasionally disturbed enough to send a few sunward.
Comets die when they don't have enough volatile material to throw out a cloud when they approach the sun.
That's the ideal, but most students won't secure their computer if you don't make them, and they wouldn't even remove a worm if they weren't spontaneously rebooting. A bunch of infected computers like that long term could make it impossible to provide Internet access.
Having someone to hold the hand of everyone on the network costs a fortune.
I agree that's what the goal should be, but I don't think it's practical. Alternatively, you could disable the ability of computers to send packets to each other on the switch, and provide e-mail with webmail. I think that's probably easiest. Then the limited number of students that brought in infected computers could probably be dealt with individually.
I'm just a bit pissed at NYU ITS at the moment. They dropped the ball. Big time.
I like your idea because it won't break anything. Any of the gateways involved can be old versions without causing problems, and the client side can benefit without server support.
Something that might cause problems might be overzealous blocking of non certed gateways, but at least there's a way out now. If you want to run a mail server on your cable modem, you can get a cert rather than begging every ISP on the planet to believe you.
That's an open port done right.
By default (on OpenBSD) sshd uses an unprivileged child process to deal with incoming connections, and the OpenSSH project is maintained by paranoid people that spend more time auditing code than writing code.
I highly doubt Apple charged them a cent for the OS license. Apple can get a tax writeoff for the sticker price of 1100 copies of OS X server unlimited client, but they can print the CD's for next to nothing. Donating them makes a LOT of sense.
Besides, if VT had to pay for the OS they would just take the hardware and use Linux.
>> "Of course, the bang/buck ratio could be an issue for some debate but there's little doubt that in comparison to other commercial unices it's an absolute bargain."
Apple may have given them a price break for the PR and tax writeoff.
Also, G5's are expensive in comparison with Athlon's and Pentiums, but against Xeons and Opterons it's different. And a lot of these clusters are being built with the higher end parts to reduce the TCO.
With IBM's XLC compiler, I don't see the G5 having much trouble keeping up if they stick to floats. Opteron's memory architechture gives it the edge in a lot of areas, but as the saying goes "The G5 is a floating point monster.".
Isn't IBM releasing xlc soon?
hmmm...
They paid for the network and it's their property. They can do whatever they want with.
The requirement that you take precautions to keep your computer from being vulnerable is reasonable. Or if you like, they can just revoke your access for running a server. IIRC, most of these worms use tftp to distribute the worm binary. Then you need too figure out how to clean your computer without net access or their help, and the burden for getting back access would be higher.
They don't even need to change the policy to do that. Which would you prefer?
Tell them they will be disconnected if they let themselves be infected. Unplug them from the switch if they are.
Provide everything needed to repair and secure computers on CD, so people can upgrade before they plug in and repair without being connected. Include detailed instructions.
The problem is that the chip can't be fully tested until it's mounted in it's packaging, because the heat would not be dissipated fast enough to avoid damage. At least it used to be that way with the Pentium Pro's...
Also, having the processor cores on different die(s?) would dramatically reduce the efficiency of communication between them, and would dramatically reduce the density of the resulting system.
>> "She could, indeed have ripped and encoded it herself, even though it matches the MD5 hash of other people's mp3 file. That doesn't mean she downloaded it."
Correct. But if she's sharing it, one can be reasonably sure of what it is.
>> "there are likely a larger number of possible MD5 hashes of an mp3 file."
A larger number of possible hashes. Not a larger number of likely hashes. Most encoder programs use a library by someone else, and there's only a few of those that are popular.
GCC has limitations in some areas that may have limited the optimizations. This isn't just an issue on PPC. They may be fixable, but IBM would have to ask permission and convince people. Not worth the effort.
Right... but let's say that most differences are a result of reading beginning and ending at different points, which as I understand it is what leads to slightly diffferent rips. I'm assuming that the rate of actual misread bits is low, which is supported by the dude that did the experiment that resulted in identical rips on the same equipment.
Now, let's say the error on either side is plus or minus half a second... that's one second on either side, two seconds total, 44100 samples per second, 88200 samples total.
That's 88200 different MD5 digests for a given song. The individual hashes are vastly different but there's a small number of them. When you get a suspect file's MD5 digest, you just check it against all likely digests.
Who cares if it takes a few hundred terabytes of storage to store all the likely digests for all songs you're looking for? That'll cost less than the laywers.
That's one reason short passwords are insecure. The digest is not reversible, but the digests for common passwords are known. That, of course suggests the solution... add salt like they do with stored password hashes. The watermark technology pioneered by the RIAA could add salt pretty easily.
I still think IBM may buy them. They won't be willing to buy anything more than the devestated remains of SCO for pennies on the dollar, but they still might do it.
Hmm... If they just dismiss inquiries that they don't consider legitimate, how can you be held responsible for failing to purchase a license?
IANAL, so this is a question. I don't know the answer.
If he does fire you for not working hard enough, would you be able to sue him for wrongful termination? Presumeably, you would make sure there's a paper trail that provides good evidence that you were working hard, and medical evidence that sick days were stress related (eg: blood pressure of 140/100 when you're usually 105/75).
>> "I'm not sure. I have some doubts about the ripping process being as exact as you say." ...yeah, me too. Hence my "unless something gets corrupted" disclaimer. But it's mostly the same, I think most differences have to do with length, so there aren't all that many different possibilities.
>> "It is also possible that, as someone else suggested, the magical mp3 fairy left those files behind on her hard drive. In fact, I would propose that the mp3 fairy theory is even more likely."
For loose definitions of "fairy", yes. eg child, friend, etc
>> "The only way that the MD5 hashes could be identical is if the two files are absolutely identical in every single bit."
Try the following: Install some CD ripping/encoding software. Leave it at the defaults. Use CDDB to generate the ID3 tags. Unless something gets corrupted, that *will* produce an identical file, down to the last bit.
I would vote for KDE too.
I think the article is stupid, but Apple has won a LOT of support through standardization. Not only of what they look like, but how they're laid out. They've got very, very specific GUI guidelines, and that's a Very Good Thing. They're purely voluntary, but they create a consistancy between software included with the OS and 3rd party software that is unmatched elsewhere.
If KDE (or whoever) were to come out with similar guidelines and most people were to follow them, Linux would benefit. Every non-OS X UNIX would benefit.
It already is a consideration in many settings. Rackmount systems are the first to notice because of the density. As I understand it, any processor over 50 watts is pushing it for 1U applications. I think Sun is going to use mobile Athlon 64's for just that reason.
With Prescott set to top 100 watts, I think we've hit the limit of what desktop users are willing to tolerate. We're into "can't run it on summer afternoons" territory already. I've been using my laptop at home because of it.
Preaching to the choir, man. :)
(Un?)fortunately, as hackers our favorite way to combat this stuff is to a) write a program so slick that it's impossible to stop, or b) shake our fists at the sky with dramatic readings of source code and t-shirts and so forth.
There need to be lawsuits. The ACLU doesn't do everything right, but they'll go all out for what they believe in and they'll do it in court. Unfortunately, that's how it works in the US.
It doesn't matter. The DeCSS code is everywhere now.
But the implications are worrying.