Why are we supposed to help the stupid? Let them continue doing stupid things until they get pwnt and it costs them their business.
1. They're on the same Internet we are, flooding the common bandwidth with worms and spam.
2. We may have to actually do business with them (banks, government sites, etc.)
3. It can be very interesting and rewarding to find vulnerabilities. It improves one's ability to create secure code.
As much as we like to separate people into black hats and white hats, if you were trying to jimmy the lock, for whatever reason, you were probably doing something you shouldn't have been.
If I store my stuff in a storage locker and have to use a lock the storage company provides, can I test its security?
If I live in an apartment building, can I check the lock on my door to make sure it's not easy to pick?
In reality, all locks are pretty easy to pick. Locksmiths and law enforcement have tools that can open most locks within minutes or seconds, and anyone with an interest can buy or fashion their own lockpicks relatively easily. On the Internet, security is supposed to mean more than just an easily defeated mechanical lock because the attack surface is world-wide and difficult to monitor. You can't hire cheap security guards to keep hackers out of websites like you can to protect locked doors. Computer and Internet security rely on vigilant eyes finding vulnerabilities in the system and fixing them, and since most companies don't seem to take security very seriously, it makes sense that people should be able to gauge the security of any system they are going to store information in, or in the general case just inspect any Internet host they want for vulnerabilities. As a shared medium, every host connected to the Internet can have a large impact in terms of DoS, worm, or spam attacks. If anything, the problem is that companies and individuals connect their systems to the Internet without realizing this, and want laws to protect them from things that the law can do essentially nothing about.
The way I see it, if a host on the Internet has an open known port (it shows up in/etc/services) that doesn't require authentication (unless one is authorized), it's perfectly legal and ethical to connect to the port to see what services it actually offers, and the terms of service if any. HTTP(S) is such a protocol, and so long as httpd serves pages without a 403 response and robots.txt doesn't exclude certain files to all agents, it's perfectly legal and ethical to browse the entire site, including submitting POSTs and GETs to apparent CGIs. Attempting to discover vulnerabilities is really just a guess at what the host administrator wants the system to do, and using common sense. In general, if a vulnerability can be tested against a honeypot or other test system, that's the ethical way to do it. If that's not possible, preliminary testing should lead to a vulnerability report to the administrator of the site. Using the vulnerability to access other people's data or modify the system is a bad idea, and possibly illegal, even if just as a demonstration. There are usually ways to demonstrate bugs without exposing anything but the bug itself.
The Internet requires smart people looking for vulnerabilities and reporting them in order to function securely. Most companies do not have the money to pay smart people to do nothing but find vulnerabilities, which is unfortunate. The fact that people do it for free or for recognition should be recognized as the useful service that it is. Black hat crackers will always be interested in finding vulnerabilities and exploiting them in secret, or selling them to someone who can exploit them. It's exactly like an immune system that must be trained by infections in order to combat them in the future. Without knowing what attacks look like and how they work, there's no way to defend against them, short of rewriting all the software and proving the Internet and computer systems are perfectly secure by design.
DRM in now way stops artists from building upon the ideas of other artists (copyright may stop this with the extreme measures it has been extended to, but not DRM). Shakespeare did not need to be able to make an exact quality of copy of other artists' works to build off of them. Neither did any of the musicians in history need to be able to make an exact copy of something they heard to use it and build off of it. The idea of art building off of arts means that artists hear/see what other artists have done and use it for inspiration, not that they make an exact copy of it. Artists have never needed to be able to make exact duplicates of other's work to find inspiration from other's work in the past anymore than they do now.
Considering the fact that media companies are pushing technology to both watermark and recognize digital works, it's very likely that at some point these systems will prevent works based on an original from being created. "The song you recorded contains a riff from song X, and will be deleted" or "The picture you have taken has elements from Painting Y and product brand Z is visible, and will be deleted" would be music to the ears of any record or movie company executive. I highly doubt that the implementors of such software will err on the side of caution and fair use, because that would allow for a small loss of profits to their employers.
Like I posted last time this crack was on slashdot, it's futile to revoke a key. Every movie released to HD-DVD before the key is revoked will still be readable with the known key, and within a few days or weeks another software key will be found to read all the newer movies. Additionally, true pirates who recover the key of a particular player are able to keep their discovery secret by not publishing the key, and they will always be able to rip new HD-DVD movies. There's no way to watermark movies based on the player key, because the entire stream must be encrypted with a single master key that the player key decrypts. There's no way for the media companies to discover which keys have been secretly compromised, even when movies are being released on the Internet.
In the best case, AACS will be fundamentally broken because of some oversight and all the player keys will be compromised, making key revocation laughable.
>> "Did you actually remove anything from the "theft victim"?"
> Yes. Their rights over their creation.
They gave most of those rights away when they shared their creation with the world. It's a fact that once something is published, x number of years later it enters the public domain (barring stupid copyright lengthening). It is no longer the "property" of the creator, it is the property of humanity as a whole who agree to respect some artificial limitations in dissemination of that information in the hopes that the exclusive abilities granted to the creator improve science and the arts. Privacy is the only natural right that protects information.
Copyright is not a natural right, it is a granted right and in reality should probably bear a different word than "right." "Patent" would be an appropriate term, but it's already taken. The point is that society as a whole has been restricted in their natural right to observe and recreate information for the sole purpose of benefiting the originator of some information. Since copyright (and patents, and trademarks) are specific limitations on natural rights, they must be treated differently to avoid the assumption that all rights are merely granted by the government. Natural rights are the basis of modern democracy and humanitarianism, and reducing them to the status of granted rights will cause democracy to fail. Copyright cannot be a natural right (e.g. become perpetual and fully criminal to violate) so long as life, liberty, and the pursuit of happiness are also natural rights.
Look at it this way -- if a $10 flu shot saves a week of lost productivity on the assembly line for an uninsured employee, it's a good thing for the economy, right? Industrial output is increased and hospital costs are reduced at the county-run emergency room. However, that $10 flu shot shows up on the businesses balance sheet as an expense, where the lost week of reduced industrial output, and savings at the county-run hospital, do not. Similarly, as a business owner, it's a heck of a lot cheaper for me to dump my toxic waste in the nearest river than to hire some 'expensive' company to haul it away to a certified and tightly-regulated dump site. Of course, if you live downstream from where I'm cheaply dumping my toxic waste, life sucks for you, and for fishermen in the area that depend on the river for their jobs, and for the city or town that eventually has to foot the bill to clean up my mess. Still, it's a good deal for me as the business owner, as it makes my company appear more profitable than it would be if I had to pay for that 'expensive' regulation that forbids me from dumping my waste whenever and wherever I want. In economics, what we're talking about is called spill-over costs, and most of the 'expensive' government regulations business owners complain about when asked why they offshore jobs are all tied to these types of 'business-friendly' spill-over costs.
Health insurance is not cheaper if there's a large pool of unemployed people eager for a job. Fire sick people. Only pay laborers a daily wage, and hire whoever shows up in the morning that can do the job. That's the truly optimal business practice, especially for non-specialist labor. Same with hazardous waste, it's an employee problem, not an employer problem. Especially in the third world you can see this play out logically as companies trash their local environment while exporting their products out of the country.
How's your bandwidth out there? I heard that there were some projects to get high speed Internet access out to the villages, but I've never actually investigated how fast (and cheap) the connections are.
There's no valid way to enforce post-sale contracts, EULAs aren't valid.
I'm afraid you're terribly mistaken. The valid enforcement is called a civil lawsuit and it requires lots of lawyers and money to successfully defend against. Until tort reform makes frivolous lawsuits carry heavy penalties, large companies will continue to bring civil cases against anyone they don't particularly like.
Also, judges have been more than happy to uphold EULAs as binding contracts in all the cases I know of. The way to defeat this is obviously to get some judges to agree to some spyware EULA and then sue them for breaching it (for instance, the EULA could require them to leave the software running and never turn off their computer or disconnect it from the Internet in exchange for a perpetual supply of some tangible goods like a weather display or maybe a screensaver of the Constitution burning) , but so far no one has done so.
LL make their money by selling server space. You can't just connect your own server to SL - it has to be one of theirs. The network is closed. All of the PR and astroturfing that's been coming out of LL recently is aimed at getting more people to invest in SL space: the more investors there are, the more the space will be worth. They're trying to drive a homesteading boom like the one that happened in the early days of the Web, when companies started to go online.
On the other hand, this will be a very concrete experiment with micropayments on an effectively wide open information network. If a fully open client with just a trusted third party to handle financial transactions (or maybe ecash) can support a viable information economy through either donations or some form of copyright respect, then it bodes well for a similar "real life" system of micropayments for information and services. Realistically, since most things digital already happen on the Internet, SL will be as real as it gets in terms of the future information economy.
It's likely that Linden Labs is betting on being the manager of the Linden Dollars in the new economy and making their money that way. Hosting server space is a relatively mundane activity compared to the management of the actual money and objects used in SL. Perhaps they will now act as an object ownership repository, basically just keep a hash of every object along with the name of its original creator for the purpose of micropayments to the real creator. Make all objects fully copyable (to respect the reality of information sharing), but let everyone know who the original creator was. Obviously the problem is formally intractable because anyone can modify an object and claim that they're the inventor, but generally market forces will prevent that from happening. Once enough people have seen the original object, they will be able to spot fakes, and since anyone can copy any object, it will be easy to demonstrate the imitations as cheap knockoffs. Payments would just be donations from people who would like to reward the original artists for their creations, and of course for customizations and other services.
I'd also note that Linden Labs has always claimed that SL would be open sourced at some point, so it's likely that this has been planned out quite a bit in advance.
My first large hard drive was a Seagate 120GB 7200.7 that still works to this day. It's one of my favorite drives and has never let me down.
Someday it will fail. What are you planning to do about it?
There are lots of similar stories if you just do some online searching. Since this isn't just a localized case, I'm justifiably wary of any new technology that Seagate releases. Everytime Seagate implements a new technology in their hard drives, I make sure to wait a few generations before buying it. This way, the price is lower, bugs are fixed, and hopefully I'll be able to keep my data for longer than a few months.
I would expect that there are (failure_rate)*(drives_purchased) stories out there, all true. What made you think that backups were unnecessary?
Suppose by asking certain questions, and doing some initial research and calibration, I can determine your age within two years with 97% certainty. Or marital status, or race, or any of the other protected categories. Have I broken the law? What if I don't actually do the computation? What if my computers do the computation but no human ever sees it? What if I do the computation and no human ever directly sees the result but the computer has enough power to say "No" to a hire in practice, thus still incorporating this potentially "forbidden knowledge" into the hiring decision?
The solution is to limit questions to those that reveal only pertinent information. If your questions "leak" information about the age, sex, religion, etc. of the interviewee, then the questions are too broad and not specific to job duties.
Since you mentioned AI, I think a perfect selection function is that interview questions should not form a turing test of the interviewee. After all, if you can't tell whether you're interviewing a smart human who can do the job and an intelligent AI that can do the job, you clearly aren't discriminating based on any protected information. This disqualifies any questions not specifically within the domain of discourse of the job function. Actually formulating such questions requires proving a negative (that no information leaks), so in practice it would be incredibly difficult or intractable to prove. However, simply asking whether or not a given interview question would differentiate between a human and an AI would probably be a useful guide in choosing appropriate questions.
We're talking in-memory MVCC here. This means you can add 1000 records, do a rollback, and the harddisk hasn't been accessed. Even if you commit, performance will eventually be magnificent compared with on-disk MVCC systems. You can run larger systems on one server with this, than you would be able to run on a cluster with other database systems.
I would hope it opportunistically writes to disk and simply discards what is written in the case of a rollback, otherwise transactions would be delayed by writing everything to disk only after a commit. At least it should be a tunable option, especially if the majority of transactions are large and commit, with only a few small rollbacks.
So, how about if I decide instead of just looking at you for a short period I decide to watch you and follow you around everywhere you are in public? I mean, you are in a Public space, so I have the right to follow you around everywhere you go. And heck, why look at you from a distance, instead I'll just follow you one step behind you so I can watch every detail of what you are doing. Do you not think you would be able to file some sort of harassment suit against me even though all I was doing was simply following you around everywhere you went in public, or get some sort of restraining order to prevent me from being so near you? There is certainly differences between casual observations and direct watching, recording, archiving of everything you do.
Private detectives are not illegal. Law enforcement routinely makes use of tails and legla manned surveillance without warrants. Absolutely nothing prevents anyone from observing what goes on in public places, and even private residences have no true privacy unless the curtains are closed. You can be sure of the law in this case because if anyone had a true right to privacy, celebrities would be suing the hell out of tabloids and paparazzi for the clandestine pictures they publish.
I think most surveillance will in fact occur by private parties posting video to youtube or some other service. There are way more camera phones than there are real surveillance cameras, and each one has an intelligent agent behind it. That beats any government created surveillance network hands down. It's also of the people, for the people, and by the people, which fits into true Democracy a lot better than a nanny state. It probably gives more power to the general public than a lot of the government cares for, so perhaps we should expect "privacy" laws that only makes it illegal for private citizens to record video in public places, leaving the government free to install cameras wherever it wants.
Considering the "brainscan" approach to polygraphs that the future may hold. I am kind of interested in
how a 100% accurate polygraph or lie-detector would affect civilization. How it would affect law enforcement
and judiciary. How would it affect business agreements and politics. If a really good lie detector were
readily available, then what would it do to society, government, economies, education, religion...
Just consider what would happen if you asked a subject whether a statement was true or false and the statement was "This statement is false." There is no absolute truth for all sentences, which means the ultimate lie detector would have to be able to detect whether or not statements had a true or false answer, which means it could also solve the halting problem, which means it's impossible.
There's more to this, such as HDCP, prevention of screenshots, etc.
HDCP is cryptographically broken to begin with, and there are already consumer devices available to output HDMI from a supposedly secure HDCP device.
Memory Curtaining allows a program to protect its memory from being read by other processes and the kernel.
If a driver has to be signed to be loaded (as in 64-bit Windows Vista*) then none of the drivers will be able to look at the curtained memory (unless you're able to pay Microsoft some money/and/ slip the debugging functionality of your driver past their noses). The next version of PowerDVD could require all unsigned drivers to be unloaded.
I'll begin to take this possibility seriously as soon as anyone is able to make perfectly secure software from the kernel all the way down to each device driver loaded in kernel mode. How much do you want to bet that by buying X-brand device with a shoddy driver and plugging it into your Vista media PC you'll suddenly have a huge backdoor to exploit? My guess is that will be one of the first easily available breaks. Memory curtaining is only effective after the program has been loaded and has turned on curtaining for itself. Having a backdoor driver allows the movie player process to be modified before it executes, removing its desire to curtain itself.
If record companies are willing to take the plunge and go all the way in DRM (requiring TC, using the ICT http://en.wikipedia.org/wiki/Image_Constraint_Toke n, revoking keys of cracked players, shutting off most of their current market) it could be the end of piracy and fair use too.
All piracy needs is one cracked player kept in secret. It's nearly impossible to watermark a disc so that one can tell which player key was used to extract the unprotected media, since it would be an obvious thing like a playlist changing based on the vendor ID of the player or something equally transparent. Since there's only enough room on the disc for one encrypted movie, what matters is whether any player can obtain that master key by any means, and it's virtually untraceable. All fair use needs is an exploitable kernel driver or software player, or a combination of a working player and HDCP->HDMI converter, or a cryptographic attack on the player as described in "A Cryptanalysis of the High-bandwidth Digital Content Protection System", or a list of encryption keys extracted from players. Note that fair use is actually harder than piracy, because it assumes the open sharing of knowledge which can be used by the media companies to counteract exploits by revoking drivers and keys for weak players. As usual, normal customers suffer while true pirates have it pretty easy.
Unlike DVDs, HD-DVD's have dual keys, 1 for the title, and 1 for the player. At the most, this guy has managed to make 3 titles playable on a single player. What will happen next is Cyberlink will have it's PowerDVD keys revoked and new keys will be provided with a patch.
And when PowerDVD is re-released it will have to load its brand new decryption key into memory and use it to decrypt the data from the disk. If they're smart-asses, they'll only use the decryption key for key setup or even completely skip the AES 128 key and directly build the AES decryption key schedule by some other obfuscated process. If they really want to get wild, they'll continually decrypt and reencrypt the key schedule so that its never fully intact in memory at any given point in time, and integrate the last decryption steps into the first huffman decoding steps for the mpeg process (since it's just a bunch of XORs) to further annoy crackers. Unfortunately, the fact that unencrypted material ever exists in PowerDVD proves that they must have the entire AES decryption key schedule available for any given decryption, and it will be relatively trivial for crackers to pull the key schedule out and just pick the first 128 (or 192 or 256) bits of the key schedule which is the original AES key. Trying to hide encryption keys within an executable's memory space is probably one of the silliest ever conceived. All an attacker has to do is try every K-bit (K is the size of the key) sequence of memory as a test key at several points in the program. That is in fact what this article's attack accomplished. The key schedule can be dynamically encrypted and decrypted as each word is required, but this is just a stopgap measure and slows encryption down significantly.
so they can use it to gather evidence to prosecute somebody violating the copyright owner?
This is a civil case, so there is no prosecution. It's just two private parties having it out in court. Nothing says they can break the law just to gather evidence in their favor.
You don't think that would be fair use of the copyrighted materials? I don't know what the law says, but I would say it's fair use in the colloquial sense.
Making an exact copy of an entire copyrighted work and giving it to a third party (the expert in this case) is fair use? I'm all for it if you can convince the media companies of your logic, since by extension I can copy my music and give it to some third parties under fair use as well.
Slashdot Mirror
They have interns for that.
I've heard last week on a Microsoft conference here in Europe about the issues here and I can say its all bad news from the security standpoint.
Microsoft is actually admitting how bad their security model is?
Why are we supposed to help the stupid? Let them continue doing stupid things until they get pwnt and it costs them their business.
1. They're on the same Internet we are, flooding the common bandwidth with worms and spam.
2. We may have to actually do business with them (banks, government sites, etc.)
3. It can be very interesting and rewarding to find vulnerabilities. It improves one's ability to create secure code.
As much as we like to separate people into black hats and white hats, if you were trying to jimmy the lock, for whatever reason, you were probably doing something you shouldn't have been.
/etc/services) that doesn't require authentication (unless one is authorized), it's perfectly legal and ethical to connect to the port to see what services it actually offers, and the terms of service if any. HTTP(S) is such a protocol, and so long as httpd serves pages without a 403 response and robots.txt doesn't exclude certain files to all agents, it's perfectly legal and ethical to browse the entire site, including submitting POSTs and GETs to apparent CGIs. Attempting to discover vulnerabilities is really just a guess at what the host administrator wants the system to do, and using common sense. In general, if a vulnerability can be tested against a honeypot or other test system, that's the ethical way to do it. If that's not possible, preliminary testing should lead to a vulnerability report to the administrator of the site. Using the vulnerability to access other people's data or modify the system is a bad idea, and possibly illegal, even if just as a demonstration. There are usually ways to demonstrate bugs without exposing anything but the bug itself.
If I store my stuff in a storage locker and have to use a lock the storage company provides, can I test its security?
If I live in an apartment building, can I check the lock on my door to make sure it's not easy to pick?
In reality, all locks are pretty easy to pick. Locksmiths and law enforcement have tools that can open most locks within minutes or seconds, and anyone with an interest can buy or fashion their own lockpicks relatively easily. On the Internet, security is supposed to mean more than just an easily defeated mechanical lock because the attack surface is world-wide and difficult to monitor. You can't hire cheap security guards to keep hackers out of websites like you can to protect locked doors. Computer and Internet security rely on vigilant eyes finding vulnerabilities in the system and fixing them, and since most companies don't seem to take security very seriously, it makes sense that people should be able to gauge the security of any system they are going to store information in, or in the general case just inspect any Internet host they want for vulnerabilities. As a shared medium, every host connected to the Internet can have a large impact in terms of DoS, worm, or spam attacks. If anything, the problem is that companies and individuals connect their systems to the Internet without realizing this, and want laws to protect them from things that the law can do essentially nothing about.
The way I see it, if a host on the Internet has an open known port (it shows up in
The Internet requires smart people looking for vulnerabilities and reporting them in order to function securely. Most companies do not have the money to pay smart people to do nothing but find vulnerabilities, which is unfortunate. The fact that people do it for free or for recognition should be recognized as the useful service that it is. Black hat crackers will always be interested in finding vulnerabilities and exploiting them in secret, or selling them to someone who can exploit them. It's exactly like an immune system that must be trained by infections in order to combat them in the future. Without knowing what attacks look like and how they work, there's no way to defend against them, short of rewriting all the software and proving the Internet and computer systems are perfectly secure by design.
DRM in now way stops artists from building upon the ideas of other artists (copyright may stop this with the extreme measures it has been extended to, but not DRM). Shakespeare did not need to be able to make an exact quality of copy of other artists' works to build off of them. Neither did any of the musicians in history need to be able to make an exact copy of something they heard to use it and build off of it. The idea of art building off of arts means that artists hear/see what other artists have done and use it for inspiration, not that they make an exact copy of it. Artists have never needed to be able to make exact duplicates of other's work to find inspiration from other's work in the past anymore than they do now.
Considering the fact that media companies are pushing technology to both watermark and recognize digital works, it's very likely that at some point these systems will prevent works based on an original from being created. "The song you recorded contains a riff from song X, and will be deleted" or "The picture you have taken has elements from Painting Y and product brand Z is visible, and will be deleted" would be music to the ears of any record or movie company executive. I highly doubt that the implementors of such software will err on the side of caution and fair use, because that would allow for a small loss of profits to their employers.
Oh crap! What am I going to do with my cluster of 4Mhz XT machines now!?
Anybody have any ideas how to get Apple to acknowledge this error and do something about it???
Reproduce it using officially supported RAM. I'm sure Apple would be more than happy to pay for it if you can demonstrate a real bug.
Revoke the key. It will happen each time.
Like I posted last time this crack was on slashdot, it's futile to revoke a key. Every movie released to HD-DVD before the key is revoked will still be readable with the known key, and within a few days or weeks another software key will be found to read all the newer movies. Additionally, true pirates who recover the key of a particular player are able to keep their discovery secret by not publishing the key, and they will always be able to rip new HD-DVD movies. There's no way to watermark movies based on the player key, because the entire stream must be encrypted with a single master key that the player key decrypts. There's no way for the media companies to discover which keys have been secretly compromised, even when movies are being released on the Internet.
In the best case, AACS will be fundamentally broken because of some oversight and all the player keys will be compromised, making key revocation laughable.
>> "Did you actually remove anything from the "theft victim"?"
> Yes. Their rights over their creation.
They gave most of those rights away when they shared their creation with the world. It's a fact that once something is published, x number of years later it enters the public domain (barring stupid copyright lengthening). It is no longer the "property" of the creator, it is the property of humanity as a whole who agree to respect some artificial limitations in dissemination of that information in the hopes that the exclusive abilities granted to the creator improve science and the arts. Privacy is the only natural right that protects information.
Copyright is not a natural right, it is a granted right and in reality should probably bear a different word than "right." "Patent" would be an appropriate term, but it's already taken. The point is that society as a whole has been restricted in their natural right to observe and recreate information for the sole purpose of benefiting the originator of some information. Since copyright (and patents, and trademarks) are specific limitations on natural rights, they must be treated differently to avoid the assumption that all rights are merely granted by the government. Natural rights are the basis of modern democracy and humanitarianism, and reducing them to the status of granted rights will cause democracy to fail. Copyright cannot be a natural right (e.g. become perpetual and fully criminal to violate) so long as life, liberty, and the pursuit of happiness are also natural rights.
Ah, yes, like Eolas and Microsoft...
Patents cut both ways, and neither way is very fair.
You mean something like this?
Look at it this way -- if a $10 flu shot saves a week of lost productivity on the assembly line for an uninsured employee, it's a good thing for the economy, right? Industrial output is increased and hospital costs are reduced at the county-run emergency room. However, that $10 flu shot shows up on the businesses balance sheet as an expense, where the lost week of reduced industrial output, and savings at the county-run hospital, do not. Similarly, as a business owner, it's a heck of a lot cheaper for me to dump my toxic waste in the nearest river than to hire some 'expensive' company to haul it away to a certified and tightly-regulated dump site. Of course, if you live downstream from where I'm cheaply dumping my toxic waste, life sucks for you, and for fishermen in the area that depend on the river for their jobs, and for the city or town that eventually has to foot the bill to clean up my mess. Still, it's a good deal for me as the business owner, as it makes my company appear more profitable than it would be if I had to pay for that 'expensive' regulation that forbids me from dumping my waste whenever and wherever I want. In economics, what we're talking about is called spill-over costs, and most of the 'expensive' government regulations business owners complain about when asked why they offshore jobs are all tied to these types of 'business-friendly' spill-over costs.
Health insurance is not cheaper if there's a large pool of unemployed people eager for a job. Fire sick people. Only pay laborers a daily wage, and hire whoever shows up in the morning that can do the job. That's the truly optimal business practice, especially for non-specialist labor. Same with hazardous waste, it's an employee problem, not an employer problem. Especially in the third world you can see this play out logically as companies trash their local environment while exporting their products out of the country.
How's your bandwidth out there? I heard that there were some projects to get high speed Internet access out to the villages, but I've never actually investigated how fast (and cheap) the connections are.
If Microsoft has the Courts in its back pocket, this is clearly the best thing they've done with it.
There's no valid way to enforce post-sale contracts, EULAs aren't valid.
I'm afraid you're terribly mistaken. The valid enforcement is called a civil lawsuit and it requires lots of lawyers and money to successfully defend against. Until tort reform makes frivolous lawsuits carry heavy penalties, large companies will continue to bring civil cases against anyone they don't particularly like.
Also, judges have been more than happy to uphold EULAs as binding contracts in all the cases I know of. The way to defeat this is obviously to get some judges to agree to some spyware EULA and then sue them for breaching it (for instance, the EULA could require them to leave the software running and never turn off their computer or disconnect it from the Internet in exchange for a perpetual supply of some tangible goods like a weather display or maybe a screensaver of the Constitution burning) , but so far no one has done so.
LL make their money by selling server space. You can't just connect your own server to SL - it has to be one of theirs. The network is closed. All of the PR and astroturfing that's been coming out of LL recently is aimed at getting more people to invest in SL space: the more investors there are, the more the space will be worth. They're trying to drive a homesteading boom like the one that happened in the early days of the Web, when companies started to go online.
On the other hand, this will be a very concrete experiment with micropayments on an effectively wide open information network. If a fully open client with just a trusted third party to handle financial transactions (or maybe ecash) can support a viable information economy through either donations or some form of copyright respect, then it bodes well for a similar "real life" system of micropayments for information and services. Realistically, since most things digital already happen on the Internet, SL will be as real as it gets in terms of the future information economy.
It's likely that Linden Labs is betting on being the manager of the Linden Dollars in the new economy and making their money that way. Hosting server space is a relatively mundane activity compared to the management of the actual money and objects used in SL. Perhaps they will now act as an object ownership repository, basically just keep a hash of every object along with the name of its original creator for the purpose of micropayments to the real creator. Make all objects fully copyable (to respect the reality of information sharing), but let everyone know who the original creator was. Obviously the problem is formally intractable because anyone can modify an object and claim that they're the inventor, but generally market forces will prevent that from happening. Once enough people have seen the original object, they will be able to spot fakes, and since anyone can copy any object, it will be easy to demonstrate the imitations as cheap knockoffs. Payments would just be donations from people who would like to reward the original artists for their creations, and of course for customizations and other services.
I'd also note that Linden Labs has always claimed that SL would be open sourced at some point, so it's likely that this has been planned out quite a bit in advance.
My first large hard drive was a Seagate 120GB 7200.7 that still works to this day. It's one of my favorite drives and has never let me down.
Someday it will fail. What are you planning to do about it?
There are lots of similar stories if you just do some online searching. Since this isn't just a localized case, I'm justifiably wary of any new technology that Seagate releases. Everytime Seagate implements a new technology in their hard drives, I make sure to wait a few generations before buying it. This way, the price is lower, bugs are fixed, and hopefully I'll be able to keep my data for longer than a few months.
I would expect that there are (failure_rate)*(drives_purchased) stories out there, all true. What made you think that backups were unnecessary?
Suppose by asking certain questions, and doing some initial research and calibration, I can determine your age within two years with 97% certainty. Or marital status, or race, or any of the other protected categories. Have I broken the law? What if I don't actually do the computation? What if my computers do the computation but no human ever sees it? What if I do the computation and no human ever directly sees the result but the computer has enough power to say "No" to a hire in practice, thus still incorporating this potentially "forbidden knowledge" into the hiring decision?
The solution is to limit questions to those that reveal only pertinent information. If your questions "leak" information about the age, sex, religion, etc. of the interviewee, then the questions are too broad and not specific to job duties.
Since you mentioned AI, I think a perfect selection function is that interview questions should not form a turing test of the interviewee. After all, if you can't tell whether you're interviewing a smart human who can do the job and an intelligent AI that can do the job, you clearly aren't discriminating based on any protected information. This disqualifies any questions not specifically within the domain of discourse of the job function. Actually formulating such questions requires proving a negative (that no information leaks), so in practice it would be incredibly difficult or intractable to prove. However, simply asking whether or not a given interview question would differentiate between a human and an AI would probably be a useful guide in choosing appropriate questions.
We're talking in-memory MVCC here. This means you can add 1000 records, do a rollback, and the harddisk hasn't been accessed. Even if you commit, performance will eventually be magnificent compared with on-disk MVCC systems. You can run larger systems on one server with this, than you would be able to run on a cluster with other database systems.
I would hope it opportunistically writes to disk and simply discards what is written in the case of a rollback, otherwise transactions would be delayed by writing everything to disk only after a commit. At least it should be a tunable option, especially if the majority of transactions are large and commit, with only a few small rollbacks.
So, how about if I decide instead of just looking at you for a short period I decide to watch you and follow you around everywhere you are in public? I mean, you are in a Public space, so I have the right to follow you around everywhere you go. And heck, why look at you from a distance, instead I'll just follow you one step behind you so I can watch every detail of what you are doing. Do you not think you would be able to file some sort of harassment suit against me even though all I was doing was simply following you around everywhere you went in public, or get some sort of restraining order to prevent me from being so near you? There is certainly differences between casual observations and direct watching, recording, archiving of everything you do.
Private detectives are not illegal. Law enforcement routinely makes use of tails and legla manned surveillance without warrants. Absolutely nothing prevents anyone from observing what goes on in public places, and even private residences have no true privacy unless the curtains are closed. You can be sure of the law in this case because if anyone had a true right to privacy, celebrities would be suing the hell out of tabloids and paparazzi for the clandestine pictures they publish.
I think most surveillance will in fact occur by private parties posting video to youtube or some other service. There are way more camera phones than there are real surveillance cameras, and each one has an intelligent agent behind it. That beats any government created surveillance network hands down. It's also of the people, for the people, and by the people, which fits into true Democracy a lot better than a nanny state. It probably gives more power to the general public than a lot of the government cares for, so perhaps we should expect "privacy" laws that only makes it illegal for private citizens to record video in public places, leaving the government free to install cameras wherever it wants.
Considering the "brainscan" approach to polygraphs that the future may hold. I am kind of interested in how a 100% accurate polygraph or lie-detector would affect civilization. How it would affect law enforcement and judiciary. How would it affect business agreements and politics. If a really good lie detector were readily available, then what would it do to society, government, economies, education, religion...
Just consider what would happen if you asked a subject whether a statement was true or false and the statement was "This statement is false." There is no absolute truth for all sentences, which means the ultimate lie detector would have to be able to detect whether or not statements had a true or false answer, which means it could also solve the halting problem, which means it's impossible.
There's more to this, such as HDCP, prevention of screenshots, etc.
/and/ slip the debugging functionality of your driver past their noses). The next version of PowerDVD could require all unsigned drivers to be unloaded.
e n, revoking keys of cracked players, shutting off most of their current market) it could be the end of piracy and fair use too.
HDCP is cryptographically broken to begin with, and there are already consumer devices available to output HDMI from a supposedly secure HDCP device.
Memory Curtaining allows a program to protect its memory from being read by other processes and the kernel.
If a driver has to be signed to be loaded (as in 64-bit Windows Vista*) then none of the drivers will be able to look at the curtained memory (unless you're able to pay Microsoft some money
I'll begin to take this possibility seriously as soon as anyone is able to make perfectly secure software from the kernel all the way down to each device driver loaded in kernel mode. How much do you want to bet that by buying X-brand device with a shoddy driver and plugging it into your Vista media PC you'll suddenly have a huge backdoor to exploit? My guess is that will be one of the first easily available breaks. Memory curtaining is only effective after the program has been loaded and has turned on curtaining for itself. Having a backdoor driver allows the movie player process to be modified before it executes, removing its desire to curtain itself.
If record companies are willing to take the plunge and go all the way in DRM (requiring TC, using the ICT http://en.wikipedia.org/wiki/Image_Constraint_Tok
All piracy needs is one cracked player kept in secret. It's nearly impossible to watermark a disc so that one can tell which player key was used to extract the unprotected media, since it would be an obvious thing like a playlist changing based on the vendor ID of the player or something equally transparent. Since there's only enough room on the disc for one encrypted movie, what matters is whether any player can obtain that master key by any means, and it's virtually untraceable. All fair use needs is an exploitable kernel driver or software player, or a combination of a working player and HDCP->HDMI converter, or a cryptographic attack on the player as described in "A Cryptanalysis of the High-bandwidth Digital Content Protection System", or a list of encryption keys extracted from players. Note that fair use is actually harder than piracy, because it assumes the open sharing of knowledge which can be used by the media companies to counteract exploits by revoking drivers and keys for weak players. As usual, normal customers suffer while true pirates have it pretty easy.
Unlike DVDs, HD-DVD's have dual keys, 1 for the title, and 1 for the player. At the most, this guy has managed to make 3 titles playable on a single player. What will happen next is Cyberlink will have it's PowerDVD keys revoked and new keys will be provided with a patch.
And when PowerDVD is re-released it will have to load its brand new decryption key into memory and use it to decrypt the data from the disk. If they're smart-asses, they'll only use the decryption key for key setup or even completely skip the AES 128 key and directly build the AES decryption key schedule by some other obfuscated process. If they really want to get wild, they'll continually decrypt and reencrypt the key schedule so that its never fully intact in memory at any given point in time, and integrate the last decryption steps into the first huffman decoding steps for the mpeg process (since it's just a bunch of XORs) to further annoy crackers. Unfortunately, the fact that unencrypted material ever exists in PowerDVD proves that they must have the entire AES decryption key schedule available for any given decryption, and it will be relatively trivial for crackers to pull the key schedule out and just pick the first 128 (or 192 or 256) bits of the key schedule which is the original AES key. Trying to hide encryption keys within an executable's memory space is probably one of the silliest ever conceived. All an attacker has to do is try every K-bit (K is the size of the key) sequence of memory as a test key at several points in the program. That is in fact what this article's attack accomplished. The key schedule can be dynamically encrypted and decrypted as each word is required, but this is just a stopgap measure and slows encryption down significantly.
so they can use it to gather evidence to prosecute somebody violating the copyright owner?
This is a civil case, so there is no prosecution. It's just two private parties having it out in court. Nothing says they can break the law just to gather evidence in their favor.
You don't think that would be fair use of the copyrighted materials? I don't know what the law says, but I would say it's fair use in the colloquial sense.
Making an exact copy of an entire copyrighted work and giving it to a third party (the expert in this case) is fair use? I'm all for it if you can convince the media companies of your logic, since by extension I can copy my music and give it to some third parties under fair use as well.