Re:Better Business Bureau?
on
Worst Buy
·
· Score: 2
The Better Business Bureau is a scam set up by business interests in order to head off stiffer consumer protection laws. The notion is that they can claim that businesses are self-regulating and thus do not need to be policed for fraud, misrepresentation, and failure to provide the paid-for goods and services.
The way the BBB operates is that if you make a complaint about a business who is a BBB member, they contact that member and ask about that complaint. All that is necessary is that the member say "Yes, we've satisfied that customer," and the complaint is removed from the BBB's records. Note that no proof is required, and the customer is never contacted to see whether he was indeed satisfied -- all that's necessary is that little one-sentence lie from the BBB member.
If you make a complaint about a company that is NOT a member, on the other hand, the BBB contacts said company and states that they have a complaint, and asks if said company wishes to become a BBB member. If the company does not, the complaint remains on the BBB's records. If the company does join the BBB, they are allowed to have the complaint dismissed by simply saying "Oh yeah, we satisfied that customer."
So not only is the BBB a scam, it's also a racketeering operation too, that threatens companies with blacklisting if there's even a single dissatisfied customer (no matter how stupid) if the company refuses to join. No consumer advocate worth his beans trusts the BBB to do anything other than stand up for its aying members.
People wanting something for nothing
on
Worst Buy
·
· Score: 2, Flamebait
So let me get this straight. A video card costs Best Buy around $250 wholesale to stock. They sell it for $329. They accidentally print an ad selling it for $129. And everybody's upset because Best Buy won't sell the card for below what it costs?!
While I think Best Buy has been an utter incompetent at handling this situation, I have no sympathy for the people trying to get something for nothing either.
The copyright act covers the actions in question. It specifies damages of $100,000 per infraction for distributing software without the permission of its author. Note that accepting the GPL is the only thing that gives you permission to distribute GPL'ed software -- otherwise, you're covered by the copyright act, and can be sued for $100,000 for each copy that you've distributed.
There's one group of spammers who insist that "they don't spam" because
they instead have a huge affiliate network to do
it for them. They claim that their official policy
is to not spam and that they kick out any
affliates who spam. So why do I get dozens of their spams,
from a dozen different "independent affiliates",
all with the same basic wording and the exact same
spelling mistakes?
Sigh. My grandmother had a phrase she used for such people:
"Some people just weren't raised right."
The analogy would be that "Gone with the Wind" is "Gone with the Wind", even if you first translate it to Urdu then translate it from Urdu to Navajo. The resulting text won't resemble the original very much from a cosmetic point of view, but it is still "Gone with the Wind", and is still covered by the copyright for "Gone with the Wind".
Remember that civil trials are decided based upon a "preponderance of evidence", NOT upon "behond reasonable doubt" such as is true of criminal cases. If Vivendi introduces evidence that suggests that their code was translated from machine code to assembly code and the assembly code then translated to "C", based upon a strong resemblance of the code, then the bnetd guys have to provide evidence that this did not happen. No evidence means Vivendi wins. That's the biggest difference between a civil trial and a criminal trial. That's why the commercial guys doing reverse engineering are using those numbered/dated/notorized engineering notebooks and "two-box" processes.
If you took "Gone with the Wind" and translated it into a different language, such as Urdu, it would still be "Gone with the Wind" and would still be copyrighted. And if someone else took that Urdu copy of "Gone With The Wind" and translated it into Navajo, it would still be "Gone with the Wind" and would still be copyrighted. Apparently what Blizzard is saying is that the BNETD people took their copyrighted machine code, translated it into disassembled assembly language and translated it to "C" code. The result would still be copyrighted by Blizzard, even though it's in a different language.
The only known way to deal with this is the "two box" paradigm -- one team disassembles the code and writes a functional description, the other team writes code based upon that description. This is an area where the courts tend to favor the copyright holder. Remember, civil court is not "beyond reasonable doubt" -- Blizzard doesn't have to prove beyond all doubt that the BNETD project ripped off code, they just have to provide reasonable evidence that such happened. If there is no refuting evidence (such as numbered/dated log books and reverse engineering documents), the court will rule in favor of Blizzard.
The rest of the complaint is so much piffle. I think it's there to keep the other side's lawyers busy -- even if it's piffle, you have to refute each count in court, and the more allegations, the more it'll cost to do so. But this issue of reverse engineering vs. translation is the one that will get the BNETD people in trouble long after the other issues are completely forgotten.
But the point is that unless there's evidence of a "firewall" between the reverse engineering team and the implementation team, the courts tend to give the copyright holder the benefit of the doubt here. If there is a bug in the copyright holder's product that also occurs in the reverse engineered product, it is pretty much assumed de' facto that unless proven otherwise, you lifted code from the copyright holder's product.
The rest of the arguments in the complaint are just so much drivel, probably there to keep the other side's lawyers busy. This one (the duplicated bug) is the one that's going to be VERY hard to get around.
There's reasons why engineers (real engineers) carry around those numbered/dated notebooks and log everything they do every day in them (and get them notarized from time to time), and there's a reason why commercial reverse engineering projects use the "two-box" paradigm along with those numbered/dated notebooks, and you just found out what that reason is. Welcome to the real world, where legal CYA is as important as code.
They state that there is a bug in their key checking code as included with their software -- and that bnetd duplicates their software to such extent that it duplicates even the bug. To quote from the complaint: "Defendents' copying was so blatant that that Defendants included the programming bug described above in the BNETD code."
It appears that what they're alleging is that their compiled key checking code was de-compiled somehow and incorporated "as is" into the BNETD code. This is why commercial efforts at reverse engineering use a "two box" paradigm -- one team disassembles the product and writes a complete description, the other team takes the complete description and writes a functionally equivalent product. This is the only known way to head off the charge of "duplicating" code. If the BNETD project cannot document that they followed a "two box" paradigm, the Vivendi lawyers have a good chance of winning, whether the BNET programmers actually did lift code or not. This is an area where the benefit of the doubt usually goes to the copyright holder.
The question is not whether the rights of copyright holders should be upheld. The question is whether the free market or big government decides how it will be done.
The high tech industry has long expressed interest in ways to protect copyright holder's rights while not inconveniencing users of their products. The free market, if you let it work, will solve this problem. Let the high tech industry and copyright holders settle their own differences as to how digital rights should be protected, using the normal mechanisms of civil contract law and competition -- don't bring Big Government into play. Government mandates will simply stifle the computer industry under massive government bureaucracy at great taxpayer expense, while being no more effective than free market solutions.
Notes to users: 1. Note careful use of free market arguments. The Washington dudes worship this whole "free market" thing. This is similar to quoting Bible verses to a Bible-thumper -- you're operating on his own territory. 2. Note careful use of phrase "big government". This is a reflexive no-no in today's conservative environment. 3. Note "massive government bureaucracy" and "great taxpayer expense". These bugaboos must always be dredged up. 4. Finally, note that we had to relinquish ground on one point: the need to protect copyright holders' rights. By doing that, we could turn it into a fight over HOW this would be done -- via a massive government bureaucracy, or via the free market solutions of negotiation and contracts between the entertainment and technology industries. Bureaucracy bad. Free market good. Ugh. When you talk to religious zealots, you must speak their language.
Electrical rates and power availability were fine in California when the PUC had full regulatory control over rates and availability. It is only after the power companies succeeded in buying legislation removing said control that everything went to hell there.
They're talking deregulation here in Arizona, but the California fiasco made everybody pause to reconsider. At the moment we have the lowest electrical rates in the Southwest -- and getting rid of that for religious reasons ("competition is always better") doesn't strike everybody as a good deal, in the aftermath of what happened in California.
State law and federal law both allow states to regulate local phone service within their boundaries. For example, in my state of Arizona, the Corporations Commission regulates service and quality for local phone service (for gross definitions of "service" and "quality", such as, "has phone service", and "can get a dial tone and reach other people":-). Apparently the California PUC has decided "Huh, we have been granted the right to regulate phone service, DSL service uses phone wires, thus DSL service is phone service."
Note that this reasoning would NOT, however, cover the ISP (who is more the "long distance provider" of this scenario), but would certainly cover the provisioning of DSL service between the end user and the ISP's DSLAM at the phone company switching station. At least here in Arizona, that part (the end-user provisioning) is already regulated by the Corporations Commission as a seperate service -- the ISP is broken out as a seperate charge from the line provisioning charge.
"I believe, silly me, that competing market and companies ultimately provide best for the consumers."
At least you're honest enough to state that this is a matter of faith (religion) on your part, rather than a factual statement. Many who make this argument are not so honest.
So: Why can't I get DSL service at my apartment, if competition is so great? If the PUC can get me DSL service, and the free market can't -- why in the world do I care about your religion? All I want is DSL service, and if the free market won't provide it, hell yeah, I'll take PUC regulation instead!
Remember these words: We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America. Note the "promote the general welfare" bit in there. In general, a free market does that better than any other method... but when it doesn't, the founders of this country had no problem with government stepping in, whether it was chartering turnpike and canal companies, or creating a U.S. Bank in order to establish a common currency.
"Competition is the natural state of the free market" is a statement of religious belief, not a statement of fact. While I personally believe it to be true, the fact of the matter is that we have not had a free market in this country since the 1790's, when state governments started recognizing corporations (e.g., the Philadelphia and Lancaster Turnpike Company in 1792) and giving their owners favorable treatments under the law (e.g., the grant of limited liability, which allows companies to do things that are illegal without any possibility of the law coming down on the actual owners of the company, who have been granted government immunity).
It is important, in these debates, that we realize which of our beliefs is just that (a religious belief or statement of faith), and which are facts. Otherwise we end up with religious disputes rather than reasoned debate.
The deal with large corporations is that they rarely run outright scams. They generally push the envelope insofar as what constitutes a deceptive claim (or not), but not outright scams, Enron excluded of course:-).
Scam artists who run outright scams (as vs. the Herbalife sort who do sell a product, sorta, kinda) tend to be small fry by nature because if they get big enough to pull in megabucks, they attract regulators like a cow pattie attracts flies. The fact that the online scammers that the FTC is going after are all small fry is a product of the effectiveness of the FTC (and simple bad publicity) at handling outright scams -- bigger fry have already been smacked down.
Yeah, that's a problem. I had a couple of youngsters in jolly olde England who got upset with me because I called them scammer spammers, and they jumped all up and down and turned red in the face and blew a few gaskets trying to harass me. Thus why I am now the official owner of a "sucks" domain:-).
The thing about foreign scams, though, is that they are by nature limited in what they can do to/for you. The foreign scam I detail makes a number of ludicrous claims for their product (claims which are impossible for any product to fulfill, much less a piece of Visual BASIC bloatware being sold for three times what it's worth), but none of this will cause you any physical harm. You might lose your hard drive if the paranoid program decides you aren't a licensed user (the front man for the guys who put out the program is certifiable, often spewing paranoid and delusional rantings about anybody who has ever criticized his behavior or his program), but you aren't going up dead or anything. While I've heard that the FTC is investigating these particular people, I have mixed emotions about that. There's far worse scams out there, some of which could cause physical harm. Bilking the gullible for $100 beyond what the product is worth via deceptive claims and exaggerations is hardly my idea of a top priority for government enforcement -- going after the dangerous scams, or the ones that take people for all their lives savings, has to be top priority.
First, the definition of a one-time pad: a set of random data the same size as the data to be encrypted, which is then XOR'ed (exclusive-or'ed) with the data to be encrypted. Both sides of the transaction must have previously exchanged the entire pad in some way. If the pads are TRULY random (perhaps via generated via quantum decay of atomic particles), then all possible plain-text messages are valid decryptions of the encrypted message, and knowledge of one part of the message (the "known text" attack) gives no knowledge of the contents of other parts of the message, those other parts equally have all possible plain text messages as possible decryptions -- i.e., it is provably secure.
But that's not what these guys have. They have a stream cipher -- linear congruent generators (pseudo-random sequence generators) on both sides of the connection. The "random numbers" are not actually random, because computers are detirministic -- given two computers identical programs, and identical inputs to those programs, you will always get identical outputs. "Breaking" a stream cipher generally consists of identifying the part of the encrypted text that has known text in it, extracting the key value of that part of the output, and using that to predict future or previous parts of the message. Thus design of stream ciphers is difficult, and you're better off using one of the tried-and-true designs of stream ciphers. For AEScrypt, I chose to use AES (Rijndael) as the permutation function, and CFB-128 as the feedback function that hides patterns in the output stream, with a 128-bit 'random' salt value to insure that the generated streams are not identical for two messages encrypted by the same AES key
It appears that their variation is that they have multiple algorithms for producing their stream of pseudo-random numbers. Does that produce more strength? Yes -- but less than you'd think. If you have two different algorithms, for example, that's basically a 1-bit addition to the key strength. If you have 1024 different algorithms, that's basically a 10-bit addition to the key strength. Big friggin' deal, you can already use 256-bit keys with AES, where the heat death of the universe will happen before you crack a message via brute force.
So basically these guys have a really clunky stream cipher, that they're calling a "one time pad". There's a saying in the crypto industry: simpler is better. That is, the more things you add to a cipher, the slower it goes, and the more likely that you made a mistake that ends up with the cipher broken. AES (Rijndael) is a simple and fast cipher that is easy to analyze mathematically. CFB to mask the output of a block cipher being used as an LCG is a simple and well-analyzed function. A LCG (Linear Congruent Generator) based stream cipher with 1024 possible brand-new pseudo-random generators (as vs. well-tested and well-analyzed ones) has 1024 possibilities for a "crack" of one of the generators (i.e., the possibility of predicting future sequences based on known text in a particular place in the message), meaning that all past and future messages using that particular algorithm are cracked.
This is offensive to me, in other words -- offensive from a language viewpoint (calling a LCG a "one time pad"), and offensive from a design viewpoint (adding unnecessary complexity that makes the design hard to analyze mathematically).
The larger the engine, the more heat is produced. Keeping the nozzle from melting down requires more and more exotic materials the bigger the engine gets. The Soviets had trouble coming up with materials that would withstand the heat, and thus could not have increased their engine sizes to Saturn V proportions even if they'd had Werner Von Braun as their chief designer, rather than the squabbling herd of non-entitities that were in charge after "the" Chief Designer died.
The same basic considerations are why the jet engines used in the very successful Su-27 class fighters are more fuel-thirsty for the same thrust as an F-15 class fighter (the two are roughly equivalent). The hotter you can get, the more expansion you can get. If you don't have the expansion, the only way to get the same thrust is to pour more fuel into the nozzle. The Russian designers are confident that their newest engines for the Su-30 class follow-ons to the Su-27 are every bit as good as current Western engines -- but they have not had the money to actually build the things.
There is also, of course, the Russian tendency to improve existing designs rather than embark upon all-new designs. For example, the next-generation Russian air superiority fighter, the Su-34/Su-35, is basically an Su-27 improved with the latest in materials to decrease weight, increase strength, and improve payload and maneuverability (not to mention better engines). The Su-34/Su-35 aren't going to be built because Russia cannot afford them, but show what Russian designers prefer to do rather than embark upon all-new aircraft like the U.S. designers like to do. The N-1 engines were similar in design to other engines used by the Soviets, and thus preferable, in the eyes of Russian designers, to all-new (risky) engine designs.
LOL! Security is a mindset, not a product. All the certificates in the world are no good unless you have the kind of deviant, paranoid mindset that sees a threat behind every innocuous-appearing file on disk. I've seen some of these "certified" people, and yeah, they know the jargon, but they don't have the chops.
But since everybody wants certificates nowdays, I guess I gotta have some of my own.
2.0 was designed from the get-go to run on pretty much any 32-bit hardware out there. IBM had abandoned the notion of trying to hijack the personal computer industry by that time. The problem is that by the time it came out, everybody in the computer industry was operating under the notion that OS/2 was for the PS/2. Which was true, in the beginning.
Regarding IBM and Microsoft and OS/2, I've read some reminiscing by one of the industry pundits who was there at the meeting where IBM blew off Microsoft. Bill Gates showed up with all these charts showing Windows as a little side project on top of IBM/Microsoft OS/2, and IBM blew him off. Yep, that's right, IBM blew off Microsoft -- NOT the other way around. That was apparently when Bill decided that Windows was going to be a totally seperate operating system not reliant upon anything IBM (Chairman Bill does NOT like being blown off by arrogant IBM execs!), and that was when Bill decided he was going to borrow some tactics out of the IBM monopoly handbook, such as bundling, "vaporware", and per-CPU pricing.
Now, I'm not going to argue about whether the Microsoft monopoly on personal computer desktops is good or bad. I'll just point out that an OS/2 monopoly would probably have been even worse -- because IBM is a hardware company as well as a software company, and undoubtedly would have used their hardware muscle to squeeze out the kind of white box clone business that kept Linux alive for many years before the major vendors discovered Linux.
I was there, I was not doing homework, I was operating off of 15 year old memories. The fact that 15 year old memories are not 100% accurate is not surprising. I do remember the long boot times though, at least on the PS/2 Model 50's. Your notion that they booted as fast as DOS is more probably historical revisionism than a 1 year slippage in date in 15-year-old memories.
The ISA machines in the PS/2 lineup came after some of IBM's major customers refused to buy a MCA version of the computer, I remember them later being re-named as PS/1 computers in an attempt to flog the PS/2. The MCA-based PS2 line did NOT survive until the mid 90's -- it was long dead by that time -- by the mid 90's IBM had migrated to PCI like everybody else, and had computers named "PS/2" but they were just generic clone machines.
I see no reason to do research about something I lived through when you're the only anal twit on Slashdot who cares. I'm sure that nobody else here cares that the PS/2 was released in 1987 rather than 1986. The point is that IBM was trying to hijack the personal computer market -- not that it was 1987 rather than 1986.
The PS/2 was a computer that IBM released in, I think 1986. Compaq and a number of other companies had come out with wildly successful clones of the original IBM PC, and IBM realized that they'd given away the personal computer market. So they created a new computer bus -- the MicroChannel Bus -- incompatible with the bus in the original IBM PC (the bus that Compaq and others used). They created a new operating system -- OS/2 -- in conjunction with Microsoft, that ran only on their PS/2 (Personal System/2). Then they dropped all their "old" PC-compatible machines, and you could only buy a PS/2-compatible machine from IBM. They felt that business would buy PS/2 machines from IBM because business bought IBM, and they would not license the patents to their Microchannel bus to other personal computer vendors, so they would have control of the personal computer market once again.
But it didn't work like IBM planned. It was an unmitigated disaster. IBM sold only a few thousand machines, and had been geared up to sell millions. 16-bit OS/2 on a 16 mhz 80286 microprocessor took a half hour to boot, and there were no expansion cards for the new 16-bit MicroChannel Bus. They swiftly rushed their old "PC-compatible" machines back into production (calling them the PS/1 and other names like that to imply that they were only half as good as their PS/2 machines), but the damage was done -- IBM was never again the #1 maker of personal computers. The PS/2 lingered on for another couple of years as IBM continued to try to push it, and was mercifully put out of its misery when the industry migrated from the 80286 (16-bit) processor to the 80386 (32-bit) processor.
Whenever you think about the eventual fate of OS/2, you have to recall how it originated -- and what IBM was trying to do when it created OS/2 in the first place.
Remember, OS/2 was originally released as part of IBM's PS/2 attempt to re-hijack the personal computer industry. The personal computer industry wasn't buying it -- they had no desire to put themselves back into thrall to IBM.
It's hard to believe, in today's day and age when Microsoft is the "evil empire", that there was once a day when Microsoft was the scrappy upstart and IBM was the "evil empire", but that's what the situation was like for most of the 1980's. In the end it did not matter how good OS/2 became... nobody was going to put their company at the mercy of IBM again.
By the time OS/2 Warp (32-bit OS/2) came out, if you mentioned OS/2 to anybody in the computer industry, they'd say something like "You mean that runs on something other than IBM PS/2 computers?". Unlike what somebody else here mentioned, everybody in the computer industry knew what OS/2 was and what it was capable of doing. But a) they didn't know it ran on anything other than IBM equipment, and b) they weren't interested in putting themselves back into thrall to IBM again.
In the end, politics, not technology, doomed OS/2. The politics of Linux are completely different from the politics that doomed OS/2, and I can't think of any lesson from the OS/2 saga that applies to Linux.
This "war" has been going on for as long as the two have existed, and is carried over from the BSD vs. Sys V wars of the late 80's (that Sys V won when BSD-based SunOS, the last major commercial BSD release, was sunsetted and replaced with SysV-based Solaris). FreeBSD is, of course, BSD. Linux started out very Sys V'ish.
There are a number of us who switch back and forth between the two based on what we feel like running at any given time. For example, I did the port of mtx to FreeBSD myself, mostly by reading their scsictl source code.
Lately I've been stymied in doing this by the resolute refusal of the FreeBSD and Reiser people to get along. The Reiser file system is the best filesystem for Linux right now -- it does away with that aweful inode limit for example (I need the ability to put 40,000,000 symlinks onto a single volume, no, that's not a typo, these symlinks are pointing off into a virtualized DVD jukebox). So some of my most important filesystems on my home server are now Reiser'ed. That basically means that it has become excruciatingly difficult to flip back and forth between the two. Other than going back to the pathologically broken ext2 filesystem (which is altogether too shaky for my preference), there's little I can do about that situation. Thus FreeBSD has faded from my horizons lately, even though I've been very frustrated by the Linux 2.4 kernel (well, up until 2.4.18, which so far actually appears to WORK RIGHT, a new thing for 2.4 series kernels!). The fact that my employer can't find any jukebox virtualization software for FreeBSD undoubtedly contributes to this too (we have found at least four different commercial jukebox virtualization packages for Linux).
I love playing with FreeBSD, but sometimes I have to get work done. FreeBSD is Unix. Linux is Linux. They're different operating systems, and have different goals. FreeBSD aims to be a good Unix. Linux aims to be a good general-purpose operating system that happens to be POSIX compliant (well, sort of). I find that when I need to get work done, though, FreeBSD doesn't hack it for me other than as a web server.
1) FreeBSD is user friendly, but it's picky about who its friends are. I like FreeBSD, but that's because I'm a member of the circle of people that FreeBSD is friendly with: computer geeks.
2) The attitude of the FreeBSD elite towards the hoi paloi is well known and noted. FreeBSD zealots have accused both me and David Miller of needing Qualudes in our meals when we point out (with code patches) idiocies in FreeBSD that need fixing (especially irritating when we just finished fixing the same idiocy in Linux... idiocy is idiocy, no matter what OS it is in or who wrote the code, and the migration goes from Linux->FreeBSD as often as it goes from FreeBSD->Linux, there's no reason for FreeBSD zealots to jump down our throats just because we're Linux geeks who found a bug in their precious OS).
3) The so-called stability advantages of FreeBSD are a myth. From FreeBSD 3.3 up to FreeBSD 4.0, both my system at home and my system at work would spontaneously reboot at random intervals under FreeBSD (I mention two different systems because that rules out hardware problems -- hell, they didn't even have the same chipset, one was AMD and one was Intel, the only thing they had in common was that both had an IDE hard drive). In fact, FreeBSD 3.4 led me to switch back to Linux -- I got tired of my system spontaneously rebooting and destroying all my unsaved work.
I love the FreeBSD ports system, and wish there was something similar for "mainstream" Linux distributions. RPM's rock for pre-packaged software (pkg_add etc. are decidedly showing their age as package management tools), but suck for software that you're trying to update from the source stream.
FreeBSD has one advantage: It is an operating system. Linux is not an operating system. Linux is a kernel, surrounded by a hodge-podge of tools tossed into it willy-nilly kitchen sink fashion. In particular, the entire "C" library situation in Linux is tragic. It seems like every other release of a distribution will go to a new incompatible version of the "C" library, to the point where we have over 10mb of "C" libraries loaded in memory to run our normal work load of software compiled against various different versions of those libraries, and the "C" library suffers hugely from code bloat. FreeBSD never seems to have that problem. Of course, FreeBSD doesn't have any precompiled commercial software written for it anyhow...
Basically: I see no religious reasons to use one OS over the other. At various times in each OS's development they have swapped places as to which one was least stable. Neither one is anywhere near perfect. But I expect to be flamed roundly from FreeBSD zealots with attitude for daring to suggest that their precious OS was at anytime unstable, even though they can go to their very own mailing list and see the bug report for the problem -- and see how long it took to solve it.
I currently run Linux. I run Linux for one reason, and one reason only: software availability. Yes, FreeBSD has a Linux emulator. No, it isn't perfect, and I don't have time to play with it nowdays. I am by no means a rabid fan of Linux nowdays -- the whole 2.4 series kernel has been a disaster, for example -- but I need to get work done, and it's "good enough". Purity is for virgins, not software.
Slashdot Mirror
The way the BBB operates is that if you make a complaint about a business who is a BBB member, they contact that member and ask about that complaint. All that is necessary is that the member say "Yes, we've satisfied that customer," and the complaint is removed from the BBB's records. Note that no proof is required, and the customer is never contacted to see whether he was indeed satisfied -- all that's necessary is that little one-sentence lie from the BBB member.
If you make a complaint about a company that is NOT a member, on the other hand, the BBB contacts said company and states that they have a complaint, and asks if said company wishes to become a BBB member. If the company does not, the complaint remains on the BBB's records. If the company does join the BBB, they are allowed to have the complaint dismissed by simply saying "Oh yeah, we satisfied that customer."
So not only is the BBB a scam, it's also a racketeering operation too, that threatens companies with blacklisting if there's even a single dissatisfied customer (no matter how stupid) if the company refuses to join. No consumer advocate worth his beans trusts the BBB to do anything other than stand up for its aying members.
While I think Best Buy has been an utter incompetent at handling this situation, I have no sympathy for the people trying to get something for nothing either.
-E
The copyright act covers the actions in question. It specifies damages of $100,000 per infraction for distributing software without the permission of its author. Note that accepting the GPL is the only thing that gives you permission to distribute GPL'ed software -- otherwise, you're covered by the copyright act, and can be sued for $100,000 for each copy that you've distributed.
Sigh. My grandmother had a phrase she used for such people: "Some people just weren't raised right."
-E
Remember that civil trials are decided based upon a "preponderance of evidence", NOT upon "behond reasonable doubt" such as is true of criminal cases. If Vivendi introduces evidence that suggests that their code was translated from machine code to assembly code and the assembly code then translated to "C", based upon a strong resemblance of the code, then the bnetd guys have to provide evidence that this did not happen. No evidence means Vivendi wins. That's the biggest difference between a civil trial and a criminal trial. That's why the commercial guys doing reverse engineering are using those numbered/dated/notorized engineering notebooks and "two-box" processes.
-E
The only known way to deal with this is the "two box" paradigm -- one team disassembles the code and writes a functional description, the other team writes code based upon that description. This is an area where the courts tend to favor the copyright holder. Remember, civil court is not "beyond reasonable doubt" -- Blizzard doesn't have to prove beyond all doubt that the BNETD project ripped off code, they just have to provide reasonable evidence that such happened. If there is no refuting evidence (such as numbered/dated log books and reverse engineering documents), the court will rule in favor of Blizzard.
The rest of the complaint is so much piffle. I think it's there to keep the other side's lawyers busy -- even if it's piffle, you have to refute each count in court, and the more allegations, the more it'll cost to do so. But this issue of reverse engineering vs. translation is the one that will get the BNETD people in trouble long after the other issues are completely forgotten.
-E
The rest of the arguments in the complaint are just so much drivel, probably there to keep the other side's lawyers busy. This one (the duplicated bug) is the one that's going to be VERY hard to get around.
There's reasons why engineers (real engineers) carry around those numbered/dated notebooks and log everything they do every day in them (and get them notarized from time to time), and there's a reason why commercial reverse engineering projects use the "two-box" paradigm along with those numbered/dated notebooks, and you just found out what that reason is. Welcome to the real world, where legal CYA is as important as code.
-E
It appears that what they're alleging is that their compiled key checking code was de-compiled somehow and incorporated "as is" into the BNETD code. This is why commercial efforts at reverse engineering use a "two box" paradigm -- one team disassembles the product and writes a complete description, the other team takes the complete description and writes a functionally equivalent product. This is the only known way to head off the charge of "duplicating" code. If the BNETD project cannot document that they followed a "two box" paradigm, the Vivendi lawyers have a good chance of winning, whether the BNET programmers actually did lift code or not. This is an area where the benefit of the doubt usually goes to the copyright holder.
-E
The question is not whether the rights of copyright holders should be upheld. The question is whether the free market or big government decides how it will be done.
The high tech industry has long expressed interest in ways to protect copyright holder's rights while not inconveniencing users of their products. The free market, if you let it work, will solve this problem. Let the high tech industry and copyright holders settle their own differences as to how digital rights should be protected, using the normal mechanisms of civil contract law and competition -- don't bring Big Government into play. Government mandates will simply stifle the computer industry under massive government bureaucracy at great taxpayer expense, while being no more effective than free market solutions.
Notes to users: 1. Note careful use of free market arguments. The Washington dudes worship this whole "free market" thing. This is similar to quoting Bible verses to a Bible-thumper -- you're operating on his own territory. 2. Note careful use of phrase "big government". This is a reflexive no-no in today's conservative environment. 3. Note "massive government bureaucracy" and "great taxpayer expense". These bugaboos must always be dredged up. 4. Finally, note that we had to relinquish ground on one point: the need to protect copyright holders' rights. By doing that, we could turn it into a fight over HOW this would be done -- via a massive government bureaucracy, or via the free market solutions of negotiation and contracts between the entertainment and technology industries. Bureaucracy bad. Free market good. Ugh. When you talk to religious zealots, you must speak their language.
-E
They're talking deregulation here in Arizona, but the California fiasco made everybody pause to reconsider. At the moment we have the lowest electrical rates in the Southwest -- and getting rid of that for religious reasons ("competition is always better") doesn't strike everybody as a good deal, in the aftermath of what happened in California.
-E
Note that this reasoning would NOT, however, cover the ISP (who is more the "long distance provider" of this scenario), but would certainly cover the provisioning of DSL service between the end user and the ISP's DSLAM at the phone company switching station. At least here in Arizona, that part (the end-user provisioning) is already regulated by the Corporations Commission as a seperate service -- the ISP is broken out as a seperate charge from the line provisioning charge.
-E
At least you're honest enough to state that this is a matter of faith (religion) on your part, rather than a factual statement. Many who make this argument are not so honest.
So: Why can't I get DSL service at my apartment, if competition is so great? If the PUC can get me DSL service, and the free market can't -- why in the world do I care about your religion? All I want is DSL service, and if the free market won't provide it, hell yeah, I'll take PUC regulation instead!
Remember these words: We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America. Note the "promote the general welfare" bit in there. In general, a free market does that better than any other method... but when it doesn't, the founders of this country had no problem with government stepping in, whether it was chartering turnpike and canal companies, or creating a U.S. Bank in order to establish a common currency.
-E
It is important, in these debates, that we realize which of our beliefs is just that (a religious belief or statement of faith), and which are facts. Otherwise we end up with religious disputes rather than reasoned debate.
-E
Scam artists who run outright scams (as vs. the Herbalife sort who do sell a product, sorta, kinda) tend to be small fry by nature because if they get big enough to pull in megabucks, they attract regulators like a cow pattie attracts flies. The fact that the online scammers that the FTC is going after are all small fry is a product of the effectiveness of the FTC (and simple bad publicity) at handling outright scams -- bigger fry have already been smacked down.
-E
The thing about foreign scams, though, is that they are by nature limited in what they can do to/for you. The foreign scam I detail makes a number of ludicrous claims for their product (claims which are impossible for any product to fulfill, much less a piece of Visual BASIC bloatware being sold for three times what it's worth), but none of this will cause you any physical harm. You might lose your hard drive if the paranoid program decides you aren't a licensed user (the front man for the guys who put out the program is certifiable, often spewing paranoid and delusional rantings about anybody who has ever criticized his behavior or his program), but you aren't going up dead or anything. While I've heard that the FTC is investigating these particular people, I have mixed emotions about that. There's far worse scams out there, some of which could cause physical harm. Bilking the gullible for $100 beyond what the product is worth via deceptive claims and exaggerations is hardly my idea of a top priority for government enforcement -- going after the dangerous scams, or the ones that take people for all their lives savings, has to be top priority.
-E
But that's not what these guys have. They have a stream cipher -- linear congruent generators (pseudo-random sequence generators) on both sides of the connection. The "random numbers" are not actually random, because computers are detirministic -- given two computers identical programs, and identical inputs to those programs, you will always get identical outputs. "Breaking" a stream cipher generally consists of identifying the part of the encrypted text that has known text in it, extracting the key value of that part of the output, and using that to predict future or previous parts of the message. Thus design of stream ciphers is difficult, and you're better off using one of the tried-and-true designs of stream ciphers. For AEScrypt, I chose to use AES (Rijndael) as the permutation function, and CFB-128 as the feedback function that hides patterns in the output stream, with a 128-bit 'random' salt value to insure that the generated streams are not identical for two messages encrypted by the same AES key
It appears that their variation is that they have multiple algorithms for producing their stream of pseudo-random numbers. Does that produce more strength? Yes -- but less than you'd think. If you have two different algorithms, for example, that's basically a 1-bit addition to the key strength. If you have 1024 different algorithms, that's basically a 10-bit addition to the key strength. Big friggin' deal, you can already use 256-bit keys with AES, where the heat death of the universe will happen before you crack a message via brute force.
So basically these guys have a really clunky stream cipher, that they're calling a "one time pad". There's a saying in the crypto industry: simpler is better. That is, the more things you add to a cipher, the slower it goes, and the more likely that you made a mistake that ends up with the cipher broken. AES (Rijndael) is a simple and fast cipher that is easy to analyze mathematically. CFB to mask the output of a block cipher being used as an LCG is a simple and well-analyzed function. A LCG (Linear Congruent Generator) based stream cipher with 1024 possible brand-new pseudo-random generators (as vs. well-tested and well-analyzed ones) has 1024 possibilities for a "crack" of one of the generators (i.e., the possibility of predicting future sequences based on known text in a particular place in the message), meaning that all past and future messages using that particular algorithm are cracked.
This is offensive to me, in other words -- offensive from a language viewpoint (calling a LCG a "one time pad"), and offensive from a design viewpoint (adding unnecessary complexity that makes the design hard to analyze mathematically).
Snake oil. NEXT!
-E
The same basic considerations are why the jet engines used in the very successful Su-27 class fighters are more fuel-thirsty for the same thrust as an F-15 class fighter (the two are roughly equivalent). The hotter you can get, the more expansion you can get. If you don't have the expansion, the only way to get the same thrust is to pour more fuel into the nozzle. The Russian designers are confident that their newest engines for the Su-30 class follow-ons to the Su-27 are every bit as good as current Western engines -- but they have not had the money to actually build the things.
There is also, of course, the Russian tendency to improve existing designs rather than embark upon all-new designs. For example, the next-generation Russian air superiority fighter, the Su-34/Su-35, is basically an Su-27 improved with the latest in materials to decrease weight, increase strength, and improve payload and maneuverability (not to mention better engines). The Su-34/Su-35 aren't going to be built because Russia cannot afford them, but show what Russian designers prefer to do rather than embark upon all-new aircraft like the U.S. designers like to do. The N-1 engines were similar in design to other engines used by the Soviets, and thus preferable, in the eyes of Russian designers, to all-new (risky) engine designs.
-E
But since everybody wants certificates nowdays, I guess I gotta have some of my own.
-- Eric Lee Green, ELGCSP, POOE*
[*ELGCSP -- ELG Certified Security Professional.
POOE -- Piercer Of Overblown Egos.]
[Get your own POOE here!]
Regarding IBM and Microsoft and OS/2, I've read some reminiscing by one of the industry pundits who was there at the meeting where IBM blew off Microsoft. Bill Gates showed up with all these charts showing Windows as a little side project on top of IBM/Microsoft OS/2, and IBM blew him off. Yep, that's right, IBM blew off Microsoft -- NOT the other way around. That was apparently when Bill decided that Windows was going to be a totally seperate operating system not reliant upon anything IBM (Chairman Bill does NOT like being blown off by arrogant IBM execs!), and that was when Bill decided he was going to borrow some tactics out of the IBM monopoly handbook, such as bundling, "vaporware", and per-CPU pricing.
Now, I'm not going to argue about whether the Microsoft monopoly on personal computer desktops is good or bad. I'll just point out that an OS/2 monopoly would probably have been even worse -- because IBM is a hardware company as well as a software company, and undoubtedly would have used their hardware muscle to squeeze out the kind of white box clone business that kept Linux alive for many years before the major vendors discovered Linux.
-E
The ISA machines in the PS/2 lineup came after some of IBM's major customers refused to buy a MCA version of the computer, I remember them later being re-named as PS/1 computers in an attempt to flog the PS/2. The MCA-based PS2 line did NOT survive until the mid 90's -- it was long dead by that time -- by the mid 90's IBM had migrated to PCI like everybody else, and had computers named "PS/2" but they were just generic clone machines.
I see no reason to do research about something I lived through when you're the only anal twit on Slashdot who cares. I'm sure that nobody else here cares that the PS/2 was released in 1987 rather than 1986. The point is that IBM was trying to hijack the personal computer market -- not that it was 1987 rather than 1986.
-E
But it didn't work like IBM planned. It was an unmitigated disaster. IBM sold only a few thousand machines, and had been geared up to sell millions. 16-bit OS/2 on a 16 mhz 80286 microprocessor took a half hour to boot, and there were no expansion cards for the new 16-bit MicroChannel Bus. They swiftly rushed their old "PC-compatible" machines back into production (calling them the PS/1 and other names like that to imply that they were only half as good as their PS/2 machines), but the damage was done -- IBM was never again the #1 maker of personal computers. The PS/2 lingered on for another couple of years as IBM continued to try to push it, and was mercifully put out of its misery when the industry migrated from the 80286 (16-bit) processor to the 80386 (32-bit) processor.
Whenever you think about the eventual fate of OS/2, you have to recall how it originated -- and what IBM was trying to do when it created OS/2 in the first place.
-E
It's hard to believe, in today's day and age when Microsoft is the "evil empire", that there was once a day when Microsoft was the scrappy upstart and IBM was the "evil empire", but that's what the situation was like for most of the 1980's. In the end it did not matter how good OS/2 became... nobody was going to put their company at the mercy of IBM again.
By the time OS/2 Warp (32-bit OS/2) came out, if you mentioned OS/2 to anybody in the computer industry, they'd say something like "You mean that runs on something other than IBM PS/2 computers?". Unlike what somebody else here mentioned, everybody in the computer industry knew what OS/2 was and what it was capable of doing. But a) they didn't know it ran on anything other than IBM equipment, and b) they weren't interested in putting themselves back into thrall to IBM again.
In the end, politics, not technology, doomed OS/2. The politics of Linux are completely different from the politics that doomed OS/2, and I can't think of any lesson from the OS/2 saga that applies to Linux.
-E
There are a number of us who switch back and forth between the two based on what we feel like running at any given time. For example, I did the port of mtx to FreeBSD myself, mostly by reading their scsictl source code.
Lately I've been stymied in doing this by the resolute refusal of the FreeBSD and Reiser people to get along. The Reiser file system is the best filesystem for Linux right now -- it does away with that aweful inode limit for example (I need the ability to put 40,000,000 symlinks onto a single volume, no, that's not a typo, these symlinks are pointing off into a virtualized DVD jukebox). So some of my most important filesystems on my home server are now Reiser'ed. That basically means that it has become excruciatingly difficult to flip back and forth between the two. Other than going back to the pathologically broken ext2 filesystem (which is altogether too shaky for my preference), there's little I can do about that situation. Thus FreeBSD has faded from my horizons lately, even though I've been very frustrated by the Linux 2.4 kernel (well, up until 2.4.18, which so far actually appears to WORK RIGHT, a new thing for 2.4 series kernels!). The fact that my employer can't find any jukebox virtualization software for FreeBSD undoubtedly contributes to this too (we have found at least four different commercial jukebox virtualization packages for Linux).
-E
2) The attitude of the FreeBSD elite towards the hoi paloi is well known and noted. FreeBSD zealots have accused both me and David Miller of needing Qualudes in our meals when we point out (with code patches) idiocies in FreeBSD that need fixing (especially irritating when we just finished fixing the same idiocy in Linux... idiocy is idiocy, no matter what OS it is in or who wrote the code, and the migration goes from Linux->FreeBSD as often as it goes from FreeBSD->Linux, there's no reason for FreeBSD zealots to jump down our throats just because we're Linux geeks who found a bug in their precious OS).
3) The so-called stability advantages of FreeBSD are a myth. From FreeBSD 3.3 up to FreeBSD 4.0, both my system at home and my system at work would spontaneously reboot at random intervals under FreeBSD (I mention two different systems because that rules out hardware problems -- hell, they didn't even have the same chipset, one was AMD and one was Intel, the only thing they had in common was that both had an IDE hard drive). In fact, FreeBSD 3.4 led me to switch back to Linux -- I got tired of my system spontaneously rebooting and destroying all my unsaved work.
I love the FreeBSD ports system, and wish there was something similar for "mainstream" Linux distributions. RPM's rock for pre-packaged software (pkg_add etc. are decidedly showing their age as package management tools), but suck for software that you're trying to update from the source stream.
FreeBSD has one advantage: It is an operating system. Linux is not an operating system. Linux is a kernel, surrounded by a hodge-podge of tools tossed into it willy-nilly kitchen sink fashion. In particular, the entire "C" library situation in Linux is tragic. It seems like every other release of a distribution will go to a new incompatible version of the "C" library, to the point where we have over 10mb of "C" libraries loaded in memory to run our normal work load of software compiled against various different versions of those libraries, and the "C" library suffers hugely from code bloat. FreeBSD never seems to have that problem. Of course, FreeBSD doesn't have any precompiled commercial software written for it anyhow...
Basically: I see no religious reasons to use one OS over the other. At various times in each OS's development they have swapped places as to which one was least stable. Neither one is anywhere near perfect. But I expect to be flamed roundly from FreeBSD zealots with attitude for daring to suggest that their precious OS was at anytime unstable, even though they can go to their very own mailing list and see the bug report for the problem -- and see how long it took to solve it.
I currently run Linux. I run Linux for one reason, and one reason only: software availability. Yes, FreeBSD has a Linux emulator. No, it isn't perfect, and I don't have time to play with it nowdays. I am by no means a rabid fan of Linux nowdays -- the whole 2.4 series kernel has been a disaster, for example -- but I need to get work done, and it's "good enough". Purity is for virgins, not software.