This is just like an amusement park that allows no food to go through the entry gates (which you have to pay $25 to walk through in the first place) while charging $4.95 for 32 ounces of cola in a "collector's cup".
When you control a place or an event, you control it. If people want to pay less than your price, they can, but they have to leave the event to go do that, consume the product, and then come back and possibly pay for the re-entry right. It's not exactly fair, but it's just the way the system works.
NBC is airing full coverage every Olympic game somewhere here in the USA. Every hour during the day right now, there is coverage on at least one of the NBC-Universal networks which include NBC, MSNBC, CNBC, Bravo, USA and Telemundo. Also, in areas where digital TV service is fully functional, NBC is providing a 24/7 HD feed, but that is only available to you if you have a digital TV decoder.
You don't need to pay NBC to get the digital service, but you do need to provide the hardware to get access to it, and you have to hope that your local station has done the same. DirecTV is also offering the digital feed on their service, but you must have an HD decoder for DirecTV and your local NBC station or stations must have signed off.
Censorship is the intentional destruction of information in order to kill off a taboo topic. That's not what's going on here, NBC is simply letting its business need to sell ad content affect in what ways they're distributing coverage. And part of that means that no Internet coverage from other nation's rightsholders can be tolerated.
If you're not NBC but ESPN, you must comply with NBC's rules and limits on the usage of the TV coverage to put highlights on SportsCenter. In fact, even if you're the sports reporter on an NBC affiliate station, you have to agree to those rules or not use them.
Sports highlights are not free. There are strings attached to their usage usually dictated by the league who wants the right mix of promotion of their sport while also not giving away the store when it comes to their TV rights money.
EAS is trigged by unencrypted slow-modem-like broadcasts over the broadcast airwaves. That is, station A has a machine that listens to station B, and when station B broadcasts an alert that needs to be heard on station A, a magic box interrupts programming to broadcast the alert.
Sure, there's no tech security in the EAS system itself, but there is plenty of physical security at any TV or radio station under the jurisdiction of the FCC. To put it bluntly, if their broadcast signal is overtaken by a hacker by any means, that station is at risk of having its ability to do business taking away from them forever by losing their license.
To create a false EAS message, an attacker would need to know what stations monitors what other stations in the EAS network, and also be able to overtake on of those statioons to get their own broadcast on the air. This just plain isn't likely... not to mention whatever public panic might be created would be mitigated by the real EAS system quickly publishing a "Ignore last message, we've lost control of our system!" message.
And that means it's not the Google exec's fault because they can't control when the article hits the newstands. Playboy had the interview at sat on it, and the actual statements were made before the start of the quiet period.
True, but that's like a fast food employee spitting on somebody's burger because they don't like them. Very unethical and unprofesional to deliver a product that defective when it's your job to do it right even for people you don't like.
The slipperly slope about that seemingly intentional confusion between "copyrighted" and "authorized for free distribution" is very dangerous.
Simplfying the matter that much overlooks the fact that the concept called "public domain" is not only for content that was copyrighted at one time but is no more, but also for content in which there still legally exists a copyright but the owner has publically declared that they will not enforce their copyright, since a binding promise not to use ones rights renders those same rights moot, they still exist but they don't matter.
Additionally, there's works that have been released on public licenses that are not complete public domain waivers, but do waive certain rights in exchange for an agreement to use the software in certain ways. This ranges from the open source licenses, to trial-ware downloads that are free to use for a limited time before the decision whether or not to pay becomes due.
An interesting sidebar to this whole story is that the way that both sides want to call the similar looking animal:
The RIAA wants to say "ferret" because that word is also defined as a verb that means to search for something in a group of others.
The anti-RIAA forces wants to say "weasel" because that word when used as an adjective means a person that is dishonest and/or greedy.
That's a sign of a bad PR person somewhere at the RIAA. No matter how cute the positive association is, you shouldn't put out a PR campaign with a mascot that easy to mock.
It's a difference in business models. Most phone telemarketers were operating legal businesses, so when laws made it imposible for them to operate they simply went out of business.
Meanwhile, spammers are usually already immoral people who have no respect for the law anyway. Viagra, afterall, is illegal to sell without a proper perscription, and a contact via web form is simply not good enough to generate such a perscription. So, their offer is already illegal to begin with... another law on top of that making the communication illegal isn't going to affect them much.
Every VoIP phone that has a real-world phone number also has an SIP address that can be used to send calls to it as well... If those addresses get captured and traded around like e-mail addresses, then all a tele-spammer would need is the bandwidth and they're all set to call you with a spam-like ad.
And the Do Not Call Registry law doesn't even apply because it registers phone numbers, not SIP addresses. So that and any other telephone-based law isn't going to work here.
Oh, I can just see the tin foil hats coming out for that idea... if Google were to do an IM program they'd most definitely want to display AdWords ads based on the conversation.:)
The problem isn't a link within an AIM away note, it's an abuse of a link format within a webpage that is supposed to set an away note.
A URL of the form "aim:goaway?mesage goes here" should work on most machines running AIM to set an away note. Pass too long of a string to that function, and a buffer overflow results.
Well, there still is some level of user involvement left there. Web browsers don't go visiting web pages randomly... the user somehow has to get fooled into visiting an unsafe site for the whole process to start.
There is not going to be an auto-spreading worm based on this hole. From the article: "AIM users would have to click on the URL to trigger the vulnerability..."
AIM-based worms that need user clicks to spread have already existed for a while. I've already seen one that tempts people to a page that offers a malware ActiveX download, and if the user accepts their AIM profile is changed to advertise the malware site without them realizing what they've done.
So, in short, this one's bad, but there's a pretty easy workaround that'll keep you safe: Hover over the hyperlink before you click on it to see the URL. If it's a mile long, don't click on it.
It's somewhat ironic that the competitor Microsoft thought they had killed, Netscape, is now again, in the form of the now open source Mozilla and it's variants, the biggest threat to IE.
And, also, the re-rise of that competitor is bringing out the first major feature additions to IE in years...
The original deal with CNET sold the rights to all of ZD's web properties, including the exclusive right to publish all ZD magazine content on the web. It wasn't until a later deal that Ziff-Davis Media recaptured the web domains and right to web publish their own magazine content.
The first thing you need to do in order to limit the damage of a successful intrusion is realize that an intrusion has happened... all the planning in the world is no good if you miss the signal that says it's time to activate the plan.
Changing the password after the intrusion alarms go off makes sense... but changing a password simply because of a time out doesn't. If anything, it might cut off an attack after they got some of your data but before you notice it happened. In that situation, you might have actually wanted the theives to get the rest so that they do something to you that you notice, rather than just quietly steal away a fraction of your customers.
I used a security failure at my office last week to make exactly this point...
No, nobody broke into the place. It's just that at 8am in the morning (when everybody's supposed to have shown up for work) stood myself (at that time, too new to have been issued keys) the summer intern (who will be never issued keys) and the sales rep (who thought he had been issued keys to open both the building and suite doors, but turns out to have been handed two building keys instead)... it'd fourty-five minutes before the owner would show up and unlock the door so we could all get to work. Two other people who have keys are supposed to start at 8am as well, but they were both on assignment away from the office that day.
Classic Type II security failure... the people who belonged in the office couldn't get in, and therefore about two person-hours of employee time got lost never to be recovered.
The tighter a security policy is, the more things that could just plain go wrong and lead to access being denied to somebody who should be let in, causing a small calamity that is of course a whole lot less of a loss than a break-in, but still red ink that's going to have to go on the balance sheet. Too many such problems, and you can end up having it mounting up more losses to overtight security than if somebody had broken in and stolen what you were protecting in the first place.
Google, Inc. would make more money... but that money would most likely stay in the company since it'd be uncharacteristic for Google to quickly declare that as profits. The more money made in the traditional process would go to the executives and well-connected friends of the company, not the company itself...
If Google had done that, then the stock would have started high and then crased as time moved forward to today. From Google's present owner's point of view that wouldn't be that bad a thing, but it'd be a disaster for everybody who bid what turned out to be an overpriced value to get their shares.
The whole point of the dutch auction setup is to assure that if anybody makes a quick buck out of a market malfunction, it's the people are selling their shares in the first place. Having a stock double or triple on IPO day is a sign that the IPO price setters blew it... they could have charged double or triple in the first place and found people who would have paid it. The quick profits in that situation go to the "IPO Insiders" who bought the shares at the original IPO price and were able to make quick turnaround sales... since the average investor has little chance of getting in on an IPO that way, it's not really fair to the little guys.
What's upside down in this situation is that the "Wall Street" companies usually get to bully the little companies coming forward for IPOs... it's rare that a company the size of Google shows up at the IPO table. As a result, the shoe's on the other foot, Google's bigger.
Really, the IPO process is something that'll make a few people happy and a few people not so happy, and then will just plain be forgotten about. The differences between the dutch auction and the typical IPO process will matter in the days immediately after the stock comes out, but then will just fade into the background as the market determines the actual value of the stock through day-to-day trading activities.
It's an "in your face" shot to the IPO industry that profited on the.com's that ulitimately crashed and burned, but I don't think it'll have any effect on Google's stock in the long term. Most of us normal people invest in the stock market for the long term, and should in general wait for the post-IPO price to become stable before deciding on if we want in on a particular stock.
One rare thing about Google is their "Don't Be Evil." mantra, which somewhat translates to the company turning down the chance to make quick bucks today in the expectation that they'll get that money back in the long run through their near-flawless reputation.
You're missing a key point. Spyware operators can't be put in jail because they're not breaking any laws simply by publishing spyware. Being scum is not a crime.
A virus gets onto a user's computer through security holes, but malware simply walks through the front door stating their evil intents in a clickwrap TOS that the user usually doesn't read. There's no crime in getting people to agree to something stupid in exchange for a silly little app that runs in the corner of their screen.
The "ad companies" we're talking about here are not the ones buying the ads, but the ones selling them.
NBC, and their worldwide counterparts, are paying for exclusive control over what Olympic footage can be seen in their operating zones because any other use of that content ends up devaluing the ads that are shown during their own broadcasts. They get this authority from their payments to the original content creators, the International Olympic Committee who depends on this TV money and other sponsorships to put on the events.
It's an apples and oranges comparison to the idea of a news source getting biased by its sponsors... this is more about copyright allowing an event that the copyright holder doesn't want to show to remain unseen than censorship being created by a sponsor. NBC's trying to use the Olypmics to attract attention to their sponsors' messages, and part of that business plan involves making sure that nobody else is allowed to use that footage, since that would most likely serve to distract from NBC's broadcasts.
Driving -- for the safety of the road. Those drivers who prove themselves unsafe are removed. Marriage -- the license isn't as much a permission as a document proving it happened on the public record. Fishing/hunting -- to count limit the number of people who do so. If requests outnumber the number of animals that are meant to be taken, they won't approve them all and/or stop issuing.
Slashdot Mirror
This is just like an amusement park that allows no food to go through the entry gates (which you have to pay $25 to walk through in the first place) while charging $4.95 for 32 ounces of cola in a "collector's cup".
When you control a place or an event, you control it. If people want to pay less than your price, they can, but they have to leave the event to go do that, consume the product, and then come back and possibly pay for the re-entry right. It's not exactly fair, but it's just the way the system works.
NBC is airing full coverage every Olympic game somewhere here in the USA. Every hour during the day right now, there is coverage on at least one of the NBC-Universal networks which include NBC, MSNBC, CNBC, Bravo, USA and Telemundo. Also, in areas where digital TV service is fully functional, NBC is providing a 24/7 HD feed, but that is only available to you if you have a digital TV decoder.
You don't need to pay NBC to get the digital service, but you do need to provide the hardware to get access to it, and you have to hope that your local station has done the same. DirecTV is also offering the digital feed on their service, but you must have an HD decoder for DirecTV and your local NBC station or stations must have signed off.
Censorship is the intentional destruction of information in order to kill off a taboo topic. That's not what's going on here, NBC is simply letting its business need to sell ad content affect in what ways they're distributing coverage. And part of that means that no Internet coverage from other nation's rightsholders can be tolerated.
If you're not NBC but ESPN, you must comply with NBC's rules and limits on the usage of the TV coverage to put highlights on SportsCenter. In fact, even if you're the sports reporter on an NBC affiliate station, you have to agree to those rules or not use them.
Sports highlights are not free. There are strings attached to their usage usually dictated by the league who wants the right mix of promotion of their sport while also not giving away the store when it comes to their TV rights money.
EAS is trigged by unencrypted slow-modem-like broadcasts over the broadcast airwaves. That is, station A has a machine that listens to station B, and when station B broadcasts an alert that needs to be heard on station A, a magic box interrupts programming to broadcast the alert.
Sure, there's no tech security in the EAS system itself, but there is plenty of physical security at any TV or radio station under the jurisdiction of the FCC. To put it bluntly, if their broadcast signal is overtaken by a hacker by any means, that station is at risk of having its ability to do business taking away from them forever by losing their license.
To create a false EAS message, an attacker would need to know what stations monitors what other stations in the EAS network, and also be able to overtake on of those statioons to get their own broadcast on the air. This just plain isn't likely... not to mention whatever public panic might be created would be mitigated by the real EAS system quickly publishing a "Ignore last message, we've lost control of our system!" message.
And that means it's not the Google exec's fault because they can't control when the article hits the newstands. Playboy had the interview at sat on it, and the actual statements were made before the start of the quiet period.
True, but that's like a fast food employee spitting on somebody's burger because they don't like them. Very unethical and unprofesional to deliver a product that defective when it's your job to do it right even for people you don't like.
The slipperly slope about that seemingly intentional confusion between "copyrighted" and "authorized for free distribution" is very dangerous.
Simplfying the matter that much overlooks the fact that the concept called "public domain" is not only for content that was copyrighted at one time but is no more, but also for content in which there still legally exists a copyright but the owner has publically declared that they will not enforce their copyright, since a binding promise not to use ones rights renders those same rights moot, they still exist but they don't matter.
Additionally, there's works that have been released on public licenses that are not complete public domain waivers, but do waive certain rights in exchange for an agreement to use the software in certain ways. This ranges from the open source licenses, to trial-ware downloads that are free to use for a limited time before the decision whether or not to pay becomes due.
An interesting sidebar to this whole story is that the way that both sides want to call the similar looking animal:
The RIAA wants to say "ferret" because that word is also defined as a verb that means to search for something in a group of others.
The anti-RIAA forces wants to say "weasel" because that word when used as an adjective means a person that is dishonest and/or greedy.
That's a sign of a bad PR person somewhere at the RIAA. No matter how cute the positive association is, you shouldn't put out a PR campaign with a mascot that easy to mock.
It's a difference in business models. Most phone telemarketers were operating legal businesses, so when laws made it imposible for them to operate they simply went out of business.
Meanwhile, spammers are usually already immoral people who have no respect for the law anyway. Viagra, afterall, is illegal to sell without a proper perscription, and a contact via web form is simply not good enough to generate such a perscription. So, their offer is already illegal to begin with... another law on top of that making the communication illegal isn't going to affect them much.
Here's the wide open hole in VoIP phone service:
Every VoIP phone that has a real-world phone number also has an SIP address that can be used to send calls to it as well... If those addresses get captured and traded around like e-mail addresses, then all a tele-spammer would need is the bandwidth and they're all set to call you with a spam-like ad.
And the Do Not Call Registry law doesn't even apply because it registers phone numbers, not SIP addresses. So that and any other telephone-based law isn't going to work here.
Oh, I can just see the tin foil hats coming out for that idea... if Google were to do an IM program they'd most definitely want to display AdWords ads based on the conversation. :)
The problem isn't a link within an AIM away note, it's an abuse of a link format within a webpage that is supposed to set an away note.
A URL of the form "aim:goaway?mesage goes here" should work on most machines running AIM to set an away note. Pass too long of a string to that function, and a buffer overflow results.
Well, there still is some level of user involvement left there. Web browsers don't go visiting web pages randomly... the user somehow has to get fooled into visiting an unsafe site for the whole process to start.
There is not going to be an auto-spreading worm based on this hole. From the article: "AIM users would have to click on the URL to trigger the vulnerability..."
AIM-based worms that need user clicks to spread have already existed for a while. I've already seen one that tempts people to a page that offers a malware ActiveX download, and if the user accepts their AIM profile is changed to advertise the malware site without them realizing what they've done.
So, in short, this one's bad, but there's a pretty easy workaround that'll keep you safe: Hover over the hyperlink before you click on it to see the URL. If it's a mile long, don't click on it.
It's somewhat ironic that the competitor Microsoft thought they had killed, Netscape, is now again, in the form of the now open source Mozilla and it's variants, the biggest threat to IE.
And, also, the re-rise of that competitor is bringing out the first major feature additions to IE in years...
The original deal with CNET sold the rights to all of ZD's web properties, including the exclusive right to publish all ZD magazine content on the web. It wasn't until a later deal that Ziff-Davis Media recaptured the web domains and right to web publish their own magazine content.
The first thing you need to do in order to limit the damage of a successful intrusion is realize that an intrusion has happened... all the planning in the world is no good if you miss the signal that says it's time to activate the plan.
Changing the password after the intrusion alarms go off makes sense... but changing a password simply because of a time out doesn't. If anything, it might cut off an attack after they got some of your data but before you notice it happened. In that situation, you might have actually wanted the theives to get the rest so that they do something to you that you notice, rather than just quietly steal away a fraction of your customers.
I used a security failure at my office last week to make exactly this point...
No, nobody broke into the place. It's just that at 8am in the morning (when everybody's supposed to have shown up for work) stood myself (at that time, too new to have been issued keys) the summer intern (who will be never issued keys) and the sales rep (who thought he had been issued keys to open both the building and suite doors, but turns out to have been handed two building keys instead)... it'd fourty-five minutes before the owner would show up and unlock the door so we could all get to work. Two other people who have keys are supposed to start at 8am as well, but they were both on assignment away from the office that day.
Classic Type II security failure... the people who belonged in the office couldn't get in, and therefore about two person-hours of employee time got lost never to be recovered.
The tighter a security policy is, the more things that could just plain go wrong and lead to access being denied to somebody who should be let in, causing a small calamity that is of course a whole lot less of a loss than a break-in, but still red ink that's going to have to go on the balance sheet. Too many such problems, and you can end up having it mounting up more losses to overtight security than if somebody had broken in and stolen what you were protecting in the first place.
Google, Inc. would make more money... but that money would most likely stay in the company since it'd be uncharacteristic for Google to quickly declare that as profits. The more money made in the traditional process would go to the executives and well-connected friends of the company, not the company itself...
If Google had done that, then the stock would have started high and then crased as time moved forward to today. From Google's present owner's point of view that wouldn't be that bad a thing, but it'd be a disaster for everybody who bid what turned out to be an overpriced value to get their shares.
The whole point of the dutch auction setup is to assure that if anybody makes a quick buck out of a market malfunction, it's the people are selling their shares in the first place. Having a stock double or triple on IPO day is a sign that the IPO price setters blew it... they could have charged double or triple in the first place and found people who would have paid it. The quick profits in that situation go to the "IPO Insiders" who bought the shares at the original IPO price and were able to make quick turnaround sales... since the average investor has little chance of getting in on an IPO that way, it's not really fair to the little guys.
What's upside down in this situation is that the "Wall Street" companies usually get to bully the little companies coming forward for IPOs... it's rare that a company the size of Google shows up at the IPO table. As a result, the shoe's on the other foot, Google's bigger.
Really, the IPO process is something that'll make a few people happy and a few people not so happy, and then will just plain be forgotten about. The differences between the dutch auction and the typical IPO process will matter in the days immediately after the stock comes out, but then will just fade into the background as the market determines the actual value of the stock through day-to-day trading activities.
.com's that ulitimately crashed and burned, but I don't think it'll have any effect on Google's stock in the long term. Most of us normal people invest in the stock market for the long term, and should in general wait for the post-IPO price to become stable before deciding on if we want in on a particular stock.
It's an "in your face" shot to the IPO industry that profited on the
One rare thing about Google is their "Don't Be Evil." mantra, which somewhat translates to the company turning down the chance to make quick bucks today in the expectation that they'll get that money back in the long run through their near-flawless reputation.
You're missing a key point. Spyware operators can't be put in jail because they're not breaking any laws simply by publishing spyware. Being scum is not a crime.
A virus gets onto a user's computer through security holes, but malware simply walks through the front door stating their evil intents in a clickwrap TOS that the user usually doesn't read. There's no crime in getting people to agree to something stupid in exchange for a silly little app that runs in the corner of their screen.
The "ad companies" we're talking about here are not the ones buying the ads, but the ones selling them.
NBC, and their worldwide counterparts, are paying for exclusive control over what Olympic footage can be seen in their operating zones because any other use of that content ends up devaluing the ads that are shown during their own broadcasts. They get this authority from their payments to the original content creators, the International Olympic Committee who depends on this TV money and other sponsorships to put on the events.
It's an apples and oranges comparison to the idea of a news source getting biased by its sponsors... this is more about copyright allowing an event that the copyright holder doesn't want to show to remain unseen than censorship being created by a sponsor. NBC's trying to use the Olypmics to attract attention to their sponsors' messages, and part of that business plan involves making sure that nobody else is allowed to use that footage, since that would most likely serve to distract from NBC's broadcasts.
They all have a purpose...
Driving -- for the safety of the road. Those drivers who prove themselves unsafe are removed.
Marriage -- the license isn't as much a permission as a document proving it happened on the public record.
Fishing/hunting -- to count limit the number of people who do so. If requests outnumber the number of animals that are meant to be taken, they won't approve them all and/or stop issuing.