See, my business makes extensive use of OSS -- and contributes back our fixes, bug reports, etc. Granted, that requires having a developer on staff who knows C and is familiar with The Way Things Are Done in the OSS community to generate said fixes -- but it's a lot cheaper than going the proprietary route for everything. (At least, I hope it is -- and, as that developer, it gets me paid).
What incentive is there to sponsor this kind of product?
Getting your desired features added exactly as you want them, and not having to pay for all the functionality that's already finished (as you would if you were hiring it done ground-up) or feaures funded by someone else.
"Hey, can you help me find someone who will give us money to give free help to people charging admission to shows?"
Running a movie theatre is a low-margin business -- typically one loses money on the tickets and needs to make it up elsewhere (concession stand, ads, etc). If one can get the software to run the business (ie. by paying an open source project to add the features needed to make it adequate for one's needs) for less than the cost of comparable commercial solutions -- well, then you're ahead.
It makes sense, then, that someone with a vested interest in not giving money to the commercial vendors of such software will find such a project as this interesting, and potentially a worthy recipient of (some level of) funding. Ideally, you'd want to target folks who are heavily hit by the pricing model of the commercial competitors -- say, those who own a number of theatres, or those whose theatres have multiple entrances or ticket booths if that's how the commercial software is priced -- or those who need features the commercial competitors don't currently provide.
Transferring calls to a second line? Voicemail to email? What else?
I'm planning on sorting calls between the phones for the three members of my household based on caller ID. (No caller ID or calling from a number that doesn't match a list of known patterns? You go straight to the menu system, and unless you have a passcode [given to friends and family], you go to voicemail).
There are also scripts available for wasting telephone salestypes' time, and quite a bit of other miscellany.
I'm tempted to get a TDM400P instead, though, so I can do faxing (which gets hosed up pretty badly due to the jitter on IP-based protocols) reliably -- that way I can use the system to prototype the new faxemail gateway I intend to build for work. Except that those cost about twice as much.
What's wrong with capital punishment and ownership of weapons by the law-abiding public? ("Weapons in every house" is a pretty serious overstatement, unless you count kitchen knives). The latter is pretty damned near necessary in the rural regions, anyhow; I have friends (in rural Texas) who literally have alligators and water snakes in their back yards.
Getting back to topic, a National ID is just one more step away from a group of independent states who are members of a federation with strictly limited powers, and one more step towards a strong central government which flaunts the document supposedly limiting its extent. Look: You out in the rest of the world don't like the US federal government getting too much power, especially when it's mismanaged as badly as it is. Us here in the US don't like our Federal government taking too much power, either, when that power would better be left closer to home where we have more influence -- in our state governments.
What security protocols do they follow for protecting signaling/bearer traffic? big black hole getting meaningful information - but was _assured_ they used 256 bit encryption with a xx bit nonce.
Perhaps they were discussing digest authentication used for signaling? (It's not strong by any means -- requests can be read and modified in flight even though the password is protected from interception; it's literally the exact same mechanism used for HTTP Digest authentication).
Yes, it has encryption -- but it's a closed, proprietary solution that's virtually impossible to integrate with anything else.
Convincing all the SIP implementations to support SRTP is the Right Thing as a long-term solution -- heck, just implementing SRTP support for Asterisk would be a big improvement. As an immediate-term solution (particularly for companies using VoIP to connect with remote users or branch offices), running over a VPN (particularly with IAX trunking if you're connecting branch offices, such as to reduce the number of packets sent and so the damage done by per-packet VPN overhead) works well too.
There are standards for running encryption on top of SIP (see SRTP), but almost nobody implements them. Much more common is to avoid running SIP on the open Internet -- my company uses SIP for VoIP, but we only run it within a closed LAN or tunneled through OpenVPN.
You don't have a guarantee, but as long as your belief that they are is reasonable, the liability's not on you -- if they provided permission without authorization, and it was reasonable for you to believe them (ie. it looks legitimate on its face), they, and not you, are liable if it turns out they didn't in fact have such authority.
No. His argument is that it's feasible by hacking up the BIOS and leaving the games as they were. I don't know enough about Sony's architecture to comment on whether this is feasible -- but on your old DOS-based PCs, for instance (where it was quite easy to hook in on BIOS calls), such a thing was extremely straightforward.
The relevant laws are against unauthorized access. By inviting you to hack their box, they authorized you. No reason to be paranoid.
Re:Great. So when can we start warezing games?
on
PSP UMD Format Cracked
·
· Score: 2, Interesting
Bah! I think the applicability of this to warezing games is unfortunate -- it makes Sony consider this a Very Bad Thing, for one, and so inclines them towards fixing it quickly.
Me, I just want to be able to reverse-engineer and twiddle my legitimately-purchased games... disable the %$#$@ timed minigames, that sort of thing. (Not that I own a PSP -- just a PS2 -- and I consider the timed minigames in FFX2 annoying enough to prevent me from playing more than ~15 minutes in, when the first one [a race to a summit?] exists).
I post as AC because I don't have a slashdot account. Does this somehow diminish the value of my opinion?
Yes. An opinion is more worthwhile if it has an individual willing to stand behind it and defend it -- ideally not just in the forum it's posted, but out of it as well. Note my email address above? It's given because any statement I make in slashdot is a statement I'm willing to be personally identified with. If you can't say that about the positions you take -- or are too lazy to take the effort to make said statement -- then is it really so unreasonable for your opinions to be given less consideration?
That's interesting. I wonder what the legal position would be if it was transparently obvious that, rather than being an honest mistake or result of one lazy/crooked employee, the inclusion of GPLed code was quite deliberate, as a consequence of (what would be obvious when one or more violations was investigated) unofficial company policy to infringe licenses.
I'd hope that the court would rule that damages would be calculated based on the reasonable cost to purchase a non-GPL license for such functionality, trebled on account of the violation being deliberate.
If I recall the GUID standard, it's not purely random -- it also incorporates the time and the IP adddress of the machine running it. As long as you only have one CPU generating GUIDs, and a 1:1 CPU-to-IP mapping, thus, you'll never get an overlap.
See, the more CPUs there are out there, the more a reduction in power for each of them matters.
The other thing, though, is economic forces: If power becomes scarce, it'll cost more; consequently, there'll be more incentive for folks to run fewer (and lower power) CPUs, use virtualization and thin-client computing to reduce the number of full-duty systems they need to purchase, etc. Further, there'll be more incentive to pay the hefty fixed costs associated with increased energy production.
In short, the market will keep things in balance -- capitalism may have its issues, but this is exactly the kind of thing it excels at.
PJ quit precisely because she had nothing to do with the insurance issue going on at OSRM, but people were using her connection to OSRM to imply that she did
Eh? I think the general implication that someone who is paid to do something they love (be it coding or promoting the use of Free software in business[*]) is in it for the money is... unfortunate.
Granted, OSRM does consulting and training as well as selling insurance -- but their consulting and training is still risk-management-related, so the insurance isn't the only part of the company which stands to benefit from a public perception of risk -- indeed, I don't know any part of the company that wouldn't. That's still fine: As you say, anyone who's followed PJ knows her motivations aren't monitary in nature. If taking a public position that happens to coincide with the position of one's employers were evidence of being a shill, the only people not to be such would be folks with cause to hate their jobs!
[*] -...and selling insurance is a good way to do this, by showing that your organization is willing to put real money down backing the safety of doing business with Free software.
How is it a smear? There's nothing wrong with making money selling insurance, and I think it's unfortunate that PJ was unable to continue her job at OSRM without it being used in attempts to taint her public image.
"Locked" into SkypeOut? How is $13 prepaid for 176 days "Locked" into SkypeOut?
Because you can't switch to a different termination provider without switching to a different technology. It has nothing to do with their pricing model.
Like learning server repair, hardware installation, troubleshooting, and SIP routing. Woot! Woot!
What SIP routing? I go either over the VPN or out to POTS (well, sort of -- our upstream is actually doing VoIP themselves and our pricing rate with them reflects it, but as far as we're concerned it's POTS); no SIP routing involved in either case. As for hardware installation and troubleshooting, what do you think our IT staff is paid for?
Thank GOD that stuff isn't in Skype. If it were Dvorak would be right on the money. Skype isn't for call center managment.
So, because it can't do advanced things, that makes it better? I miss your argument here.
Explain again how you won't have down time if someone does a DDOS attack on your Asterisk box? Oh wait, youre going to send your "significant" number of users with their handsets down to the POTS closet to make calls? Yeah buddy, have them line up outside.... better yet, there's payphones down the street.
No, my Asterisk box isn't going to be subject to DDOS attacks because it isn't connected to the external network -- we do our own termination into POTS. The only way to get to it from the outside is through our VPN, and that's heavily secured.
Unless your running a call center, your argument is moot. Skype isn't meant for a call center. Small businesses eat it up. I've seen it, and I agree. I'm eating it up too.. got a big bowl if it right here.:-)
Here's a hint for you: I am a small business. Our support staff is two people, our dev staff about 15 (much more if you count the remote employees) -- but we want to look professional to the outside world, and we want room to grow without needing to throw out our existing phone system and switch to a completely different technology once our support line is a call center rather than 1 or 2 people answering the phones.
Running our own phone system lets us look professional. Someone calls in and the receptionist (CEO's wife) isn't there? They get a nice, professionally recorded menu which will either route them to sales or support, or save their message in a mailbox to be routed by the receptionist when she's back. It's simple, sure -- took almost no time to set up -- but it gives our customers just a little bit more reassurance that the folks they're dealing with are professional in their approach.
From a cost perspective, running Skype, versus hiring a consultant to setup and an engineer to maintain Asterisk, well the choice is clear.
No, it's not so clear. Being locked into SkypeOut has a price (versus 3rd-party termination resellers or running your own connection into POTS). Paying for your voicemail adds up, particularly when you have a substantial number of users. Getting Asterisk set up and configured isn't necessarily expensive -- heck, if you're anything like my company, you already have capable IT staff who treat an opportunity to maintain an Asterisk server as a chance to add to their list of marketable skills. If you're not, and you have only modest needs, you're only going to need maintenance work when something goes wrong or you want more features (most of which wouldn't even be an option if you were limited to Skype).
Further, having your own Asterisk server will let you do lots of nifty things (advanced call queueing for the support line; automatically recording customer calls to support for "quality assurance" and billing purposes; allowing the CRM system to log and initiate calls; an IVR system for routing incoming calls when the receptionist is away; recognition of incoming fax calls with conversion of faxes to emails; and more) that you just can't get with Skype. (Also, having a hardphone means you can reboot your computer, or let IT take it down to be reinstalled, without losing phone calls). Further, running your own connection into POTS means your phone system doesn't get temporarily hosed when you come under a DOS attack or someone gets a worm or fires up BitTorrent on the company network. All this downtime can be expensive, especially when you have folks on staff talking to customers or investors.
And the thing is -- if you have this system set up for phone interaction with your customers (which is where it's *really* important), you get free calls to your satellite offices (encrypted if you run a VPN, which you're going to do anyhow, right?) in the bargain free. Howdaya beat it?
Yes -- but if you're a small company, one of the things you want to do (frequently) is sound like a bigger company. Having a high-end, full-featured phone system (ideally with professionally recorded prompts, which isn't really all that expensive) is a good way to help with this -- and Asterisk makes it cheap to do.
If you want real privacy, use SpeakFreely with your own choice of encryption library.
Or you can do what I do -- SIP running over OpenVPN in UDP mode. There's some per-packet overhead, but using Speex as the underlying codec, bandwidth usage is still quite low.
Slashdot Mirror
See, my business makes extensive use of OSS -- and contributes back our fixes, bug reports, etc. Granted, that requires having a developer on staff who knows C and is familiar with The Way Things Are Done in the OSS community to generate said fixes -- but it's a lot cheaper than going the proprietary route for everything. (At least, I hope it is -- and, as that developer, it gets me paid).
What incentive is there to sponsor this kind of product?
Getting your desired features added exactly as you want them, and not having to pay for all the functionality that's already finished (as you would if you were hiring it done ground-up) or feaures funded by someone else.
"Hey, can you help me find someone who will give us money to give free help to people charging admission to shows?"
Running a movie theatre is a low-margin business -- typically one loses money on the tickets and needs to make it up elsewhere (concession stand, ads, etc). If one can get the software to run the business (ie. by paying an open source project to add the features needed to make it adequate for one's needs) for less than the cost of comparable commercial solutions -- well, then you're ahead.
It makes sense, then, that someone with a vested interest in not giving money to the commercial vendors of such software will find such a project as this interesting, and potentially a worthy recipient of (some level of) funding. Ideally, you'd want to target folks who are heavily hit by the pricing model of the commercial competitors -- say, those who own a number of theatres, or those whose theatres have multiple entrances or ticket booths if that's how the commercial software is priced -- or those who need features the commercial competitors don't currently provide.
Transferring calls to a second line? Voicemail to email? What else?
I'm planning on sorting calls between the phones for the three members of my household based on caller ID. (No caller ID or calling from a number that doesn't match a list of known patterns? You go straight to the menu system, and unless you have a passcode [given to friends and family], you go to voicemail).
There are also scripts available for wasting telephone salestypes' time, and quite a bit of other miscellany.
I'm tempted to get a TDM400P instead, though, so I can do faxing (which gets hosed up pretty badly due to the jitter on IP-based protocols) reliably -- that way I can use the system to prototype the new faxemail gateway I intend to build for work. Except that those cost about twice as much.
What's wrong with capital punishment and ownership of weapons by the law-abiding public? ("Weapons in every house" is a pretty serious overstatement, unless you count kitchen knives). The latter is pretty damned near necessary in the rural regions, anyhow; I have friends (in rural Texas) who literally have alligators and water snakes in their back yards.
Getting back to topic, a National ID is just one more step away from a group of independent states who are members of a federation with strictly limited powers, and one more step towards a strong central government which flaunts the document supposedly limiting its extent. Look: You out in the rest of the world don't like the US federal government getting too much power, especially when it's mismanaged as badly as it is. Us here in the US don't like our Federal government taking too much power, either, when that power would better be left closer to home where we have more influence -- in our state governments.
The word was "core", not "common" -- none of these viruses are common, but the others that exist are just riffs on them.
So -- they have primarily harmless payloads and are rarely if ever seen in the wild. No need to worry -- at least not until more show up.
There's controversy on the point.
/. to go as far as telling you what to think, as opposed to just giving you data you can form your own conclusions from?
Do you need
What security protocols do they follow for protecting signaling/bearer traffic? big black hole getting meaningful information - but was _assured_ they used 256 bit encryption with a xx bit nonce.
Perhaps they were discussing digest authentication used for signaling? (It's not strong by any means -- requests can be read and modified in flight even though the password is protected from interception; it's literally the exact same mechanism used for HTTP Digest authentication).
Yes, it has encryption -- but it's a closed, proprietary solution that's virtually impossible to integrate with anything else.
Convincing all the SIP implementations to support SRTP is the Right Thing as a long-term solution -- heck, just implementing SRTP support for Asterisk would be a big improvement. As an immediate-term solution (particularly for companies using VoIP to connect with remote users or branch offices), running over a VPN (particularly with IAX trunking if you're connecting branch offices, such as to reduce the number of packets sent and so the damage done by per-packet VPN overhead) works well too.
There are standards for running encryption on top of SIP (see SRTP), but almost nobody implements them. Much more common is to avoid running SIP on the open Internet -- my company uses SIP for VoIP, but we only run it within a closed LAN or tunneled through OpenVPN.
You don't have a guarantee, but as long as your belief that they are is reasonable, the liability's not on you -- if they provided permission without authorization, and it was reasonable for you to believe them (ie. it looks legitimate on its face), they, and not you, are liable if it turns out they didn't in fact have such authority.
By hacking up the game code
No. His argument is that it's feasible by hacking up the BIOS and leaving the games as they were. I don't know enough about Sony's architecture to comment on whether this is feasible -- but on your old DOS-based PCs, for instance (where it was quite easy to hook in on BIOS calls), such a thing was extremely straightforward.
The relevant laws are against unauthorized access. By inviting you to hack their box, they authorized you. No reason to be paranoid.
Bah! I think the applicability of this to warezing games is unfortunate -- it makes Sony consider this a Very Bad Thing, for one, and so inclines them towards fixing it quickly.
Me, I just want to be able to reverse-engineer and twiddle my legitimately-purchased games... disable the %$#$@ timed minigames, that sort of thing. (Not that I own a PSP -- just a PS2 -- and I consider the timed minigames in FFX2 annoying enough to prevent me from playing more than ~15 minutes in, when the first one [a race to a summit?] exists).
I post as AC because I don't have a slashdot account. Does this somehow diminish the value of my opinion?
Yes. An opinion is more worthwhile if it has an individual willing to stand behind it and defend it -- ideally not just in the forum it's posted, but out of it as well. Note my email address above? It's given because any statement I make in slashdot is a statement I'm willing to be personally identified with. If you can't say that about the positions you take -- or are too lazy to take the effort to make said statement -- then is it really so unreasonable for your opinions to be given less consideration?
Is it? That makes considerably more sense, but I didn't realize it was so.
That's interesting. I wonder what the legal position would be if it was transparently obvious that, rather than being an honest mistake or result of one lazy/crooked employee, the inclusion of GPLed code was quite deliberate, as a consequence of (what would be obvious when one or more violations was investigated) unofficial company policy to infringe licenses.
I'd hope that the court would rule that damages would be calculated based on the reasonable cost to purchase a non-GPL license for such functionality, trebled on account of the violation being deliberate.
If I recall the GUID standard, it's not purely random -- it also incorporates the time and the IP adddress of the machine running it. As long as you only have one CPU generating GUIDs, and a 1:1 CPU-to-IP mapping, thus, you'll never get an overlap.
See, the more CPUs there are out there, the more a reduction in power for each of them matters.
The other thing, though, is economic forces: If power becomes scarce, it'll cost more; consequently, there'll be more incentive for folks to run fewer (and lower power) CPUs, use virtualization and thin-client computing to reduce the number of full-duty systems they need to purchase, etc. Further, there'll be more incentive to pay the hefty fixed costs associated with increased energy production.
In short, the market will keep things in balance -- capitalism may have its issues, but this is exactly the kind of thing it excels at.
Granted, OSRM does consulting and training as well as selling insurance -- but their consulting and training is still risk-management-related, so the insurance isn't the only part of the company which stands to benefit from a public perception of risk -- indeed, I don't know any part of the company that wouldn't. That's still fine: As you say, anyone who's followed PJ knows her motivations aren't monitary in nature. If taking a public position that happens to coincide with the position of one's employers were evidence of being a shill, the only people not to be such would be folks with cause to hate their jobs!
[*] - ...and selling insurance is a good way to do this, by showing that your organization is willing to put real money down backing the safety of doing business with Free software.
How is it a smear? There's nothing wrong with making money selling insurance, and I think it's unfortunate that PJ was unable to continue her job at OSRM without it being used in attempts to taint her public image.
Running our own phone system lets us look professional. Someone calls in and the receptionist (CEO's wife) isn't there? They get a nice, professionally recorded menu which will either route them to sales or support, or save their message in a mailbox to be routed by the receptionist when she's back. It's simple, sure -- took almost no time to set up -- but it gives our customers just a little bit more reassurance that the folks they're dealing with are professional in their approach.
From a cost perspective, running Skype, versus hiring a consultant to setup and an engineer to maintain Asterisk, well the choice is clear.
No, it's not so clear. Being locked into SkypeOut has a price (versus 3rd-party termination resellers or running your own connection into POTS). Paying for your voicemail adds up, particularly when you have a substantial number of users. Getting Asterisk set up and configured isn't necessarily expensive -- heck, if you're anything like my company, you already have capable IT staff who treat an opportunity to maintain an Asterisk server as a chance to add to their list of marketable skills. If you're not, and you have only modest needs, you're only going to need maintenance work when something goes wrong or you want more features (most of which wouldn't even be an option if you were limited to Skype).
Further, having your own Asterisk server will let you do lots of nifty things (advanced call queueing for the support line; automatically recording customer calls to support for "quality assurance" and billing purposes; allowing the CRM system to log and initiate calls; an IVR system for routing incoming calls when the receptionist is away; recognition of incoming fax calls with conversion of faxes to emails; and more) that you just can't get with Skype. (Also, having a hardphone means you can reboot your computer, or let IT take it down to be reinstalled, without losing phone calls). Further, running your own connection into POTS means your phone system doesn't get temporarily hosed when you come under a DOS attack or someone gets a worm or fires up BitTorrent on the company network. All this downtime can be expensive, especially when you have folks on staff talking to customers or investors.
And the thing is -- if you have this system set up for phone interaction with your customers (which is where it's *really* important), you get free calls to your satellite offices (encrypted if you run a VPN, which you're going to do anyhow, right?) in the bargain free. Howdaya beat it?
Yes -- but if you're a small company, one of the things you want to do (frequently) is sound like a bigger company. Having a high-end, full-featured phone system (ideally with professionally recorded prompts, which isn't really all that expensive) is a good way to help with this -- and Asterisk makes it cheap to do.
If you want real privacy, use SpeakFreely with your own choice of encryption library.
Or you can do what I do -- SIP running over OpenVPN in UDP mode. There's some per-packet overhead, but using Speex as the underlying codec, bandwidth usage is still quite low.