They're trying to do better then they are at the moment (which is saying a lot - it may not be completely platform agnostic, but it's getting close).
How is it "getting close"? The iPlayer application is, and always has been Windows only. On non-Windows platforms you have to stream it (probably having to wait while it rebuffers every so often) at a much worse quality, and that's if your platform supports Flash. For platforms that don't support Flash you are SOL.
Sorry, but "you only get decent quality on one platform and crappy quality on a small number of other platforms" does not platform agnostic make. Not even close.
By using H.264 it should be possible to provide iPlayer to any platform capable of decoding video sooner or later.
In theory. I was a little worried that they didn't really make reference to DRM - I sincerely hope they won't be wrapping the H.264 stream in some crazy DRM that would limit it to a few specific platforms which they choose to support.
And they don't consider "works on Windows, Linux and OS X" to be the end of the game. They also support the iPod Touch/iPhone, Nintendo Wii, and Playstation 3 now.
Please provide a link to back this up - the BBC Trust reports on iPlayer have all pretty much universally equated "platform agnostic" to "Windows/Linux/OS X".
I will respectfully disagree with your opinion of the 'license fee system' as my experience has lead me to believe that any service a government takes over and monopolizes ends up 1) delivering unsatisfactory service, 2) costing twice as much, and 3) leaving one with little to no recourse.
The BBC isn't the government, it is a separate organisation with a publicised mandate and its spending is regulated by the BBC Trust. Nor is it a monopoly - the broadcast TV market in the UK is in pretty healthy shape. We have 3 major non-BBC, non-subscription services (ITV, Channel 4 and Five), all of which run several channels (for example, ITV run ITV1, ITV2, ITV3, ITV4, ITV HD and various +1 channels, Channel 4 run C4, E4, Film 4, C4 HD and some +1 channels, Five run Five, Fiver, Five US and some +1 channels) and many minor non-subscription channels (which range from reasonable to absolute rubbish). We also have a large number of subscription channels.
As for cost, the BBC provides more value for money than subscription services for me (this obviously won't be true for everyone though). Almost everything I watch is on the BBC channels, Five, Channel 4, Sky One or Discovery. The only subscription channels in that collection are Sky One and Discovery, and I pay £17/month for the pair (that is for 2 channel packages from BSkyB - the packages include lots of other channels, all pretty much universally things I'm not interested in, but their pricing model means that I can't just pay for the 2 specific channels I want). The licence fee is about £11.63/month and I watch more content on the BBC channels than I do on the subscription channels. The BBC provide 5 TV channels (BBC 1, BBC 2, Three, Four and BBC HD), a large number of regional and national radio stations and an excellent website.
The way I see it, the "guaranteed" income from the TV licence better allows the BBC to do minority programming rather than aiming for the highest viewing figures and the lowest production costs, and allows them to take more risks on projects that purely commercial service providers might not want to take.
I do, however, think that the way the TV licensing is done could be improved quite a bit:
The BBC use the licence fee to provide a lot of non-TV services, for which you don't currently need a licence - for example, radio, the website, iPlayer, etc. It would seem fairer to impose a tax on every household, rather than just the ones with TVs. This would also reduce the administration costs, allowing the licence fee to be reduced and could be bundled in as part of the council tax payments that people already have to make on a per-household basis.
The current licence enforcement assumes that anyone without a licence is guilty of watching TV illegally (which may not be the case - the household may not have a TV, or may meet one of the exclusions which means they do not have to pay). The behaviour of the company contracted to do the enforcement (Capita) is very threatening and (IMHO) bordering on criminal. Bundling the TV licence in with the council tax would remove Capita, their costs and their borderline criminal behaviour from the equation.
Also, rather than funding the BBC entirely from the licence fee, there is something to be said for allowing a commercial arm to operate - fund BBC1, BBC2 and BBC HD from the licence fee. If the BBC find that a programme is extremely popular then it can be moved to a commercial BBC channel, which could support itself through advertising. Some of the advertising revenue can then be reinvested into the non-commercial channels (possibly by having the commercial side of the corporation "buy" the production from the non-commercial side).
Because Windows Media gave them tight DRM, to prevent easy rebroadcast
All the content on iPlayer has already been broadcast to the whole UK and a significant amount of Europe in the clear from the Astra 2D satellite at 28.2E - how does DRM help prevent rebroadcasting when the content has already been broadcast in the clear?
The answer is: it doesn't - the DRM on iPlayer is as pointless and badly thought out as the DRM on FreeSat (for those that don't know, the FreeSat HDTV specification requires that the ~1 metre cable between the receiver and the TV is HDCP encrypted, even though the broadcast itself travelled 72,000Km in the clear to get to the receiver).
The only possible reason I can see for them using DRM in either of these cases is so they can tell media execs that they use DRM, even though it serves no useful purpose to anyone in these cases.
The BBC have NO obligation to anyone, especially people who don't pay licence fee, to produce or adopt open source software.
They do, however, have an obligation to use open standards, since their mandate states that they must be platform agnostic. This is a requirement that they have chosen to ignore when producing iPlayer, and they have received a telling off from the BBC Trust. I hope that this news is a sign that they are going to stop ignoring their mandate.
how about you pick the best codec for the job, no one gives a crap about how open software is if it doesn't do the job as well.
I would take "not quite as good" over "doesn't work at all (because they won't support the platform I use)" any day... Especially since I'm having to pay for it anyway.
The BBC iPlayer, like Apple, is a company that is free to use DRM, just as you are free to choose not to pay for it.
Untrue. If I want to watch *any* TV, I am required to pay the licence fee, whether or not I choose to (or am able to) use iPlayer.
Additionally, the BBC has a mandate to provide a platform agnostic system, and when the BBC Trust approved iPlayer, making it platform agnostic was one of the terms of the approval. The BBC ignored this requirement and the BBC Trust pulled them up on it. The BBC then produced the Flash based iPlayer (streaming only, crappy quality) and declared that it now complied with the "platform agnostic" requirement - the BBC Trust disagreed since the Flash version provides a significantly different service to the Windows version.
Sadly, whilst the BBC Trust has ordered the BBC to comply with the requirement to make it platform agnostic, they have not set a deadline and have only stated they will review the situation on a 12 monthly basis. Also, it appears that the BBC Trust consider "platform agnostic" to mean "works on Windows, Linux and OS X" rather than "uses an open standard which can be implemented on any practicable platform", which is rather sad.
I am a supporter of the licence fee system, but not when my licence fee is used to pay for a system which is artificially restricted to a single platform (Windows) rather than meeting the BBC's mandate of being platform agnostic.
Yep. I saw this on Macgyver once. It apparently worked because it used up all the oxygen.
Explosives won't use up any oxygen since they contain their own oxidiser. The shock wave will, however, remove the fuel/air mix from the vicinity in much the same way as you blow out a candle.
They do it this way because the vast majority of people will just accept it... Most people have quite a high threshold before they are willing to kick up a fuss and complain, so companies will target their first offer just below that threshold for the majority of users.
They don't _have_ to do anything - I can't see a reason why they would give you a better deal if you complain. If you were stupid enough to buy a licence to use some DRM'd media with no contractual guarantee that you would be able to use that media forever more, then it's your own problem - the vendor has no obligation to you.
Personally, I'm all for people getting screwed over as badly as possible with DRM since that's about the only way the DRM-buying public are going to work out that DRM is a Bad Thing and they should avoid it.
If my car was recalled due to a fault by the manufacturer, I would expect them to collect the car, provide an equivalent vehicle while the fault is remedied and then deliver the car. My time is valuable and anyone wanting my custom should respect that.
And while they pick themselves up off the floor from laughing too hard, they will realise you've never had a car recalled before...
End users: It provides software at no cost. Now, some users may need support, which will cost them, but the chances are they don't need support on *all* their software (i.e. they might want to be able to phone someone up when the operating system breaks, but they are happy with having no support for their word processor.
Also, my experience as a software developer tells me that Open Source _code_ is usually of higher quality than proprietary code - it may not be as obvious to the end user as it is to a developer but I do honestly believe that in (most but not all) cases Free software is more secure, stable and feature-rich.
Another bonus, especially for businesses using the software, is that if you find that you need a feature you can go and contract a developer to write it for you instead of being held to ransom (or ignored) by the original vendor you got the software from.
Small to mid-sized computer businesses: Businesses can use Free software to provide solutions to their customers - they can make money by selling the services, rather than the software.
For example, if a customer asks for some kind of system you have 3 options: 1. Write the system from scratch. 2. Licence a proprietary system. 3. Use a Free system. Now, (1) is probably going to be a lot more expensive, so that is out. (2) and (3) are more or less comparable at this point, so long as they both have the features you need. Some time later the customer can come back and ask for some new feature - if you originally picked (2) then you may be screwed, whereas if you picked (3) you can add the feature and charge the customer for your time.
The "services" business model has, since the dawn of time, also had that subscription model that MS wants.
Huge software monopolies (e.g. Microsoft) This is a lot more problematic - the Free software business model prohibits the abuse of a monopoly position, purely because someone else is always free to compete with an identical (or improved) product but with a lower cost or more favourable contractual terms. If you are producing Free software, you can't just put all the competition out of business and then stop improving your product for years (much as MS did for things like IE) - you will always have competition and staying ahead of the competition takes constant effort, but is good for the consumers as they see constant improvements instead of stagnation.
If Microsoft completely embrace the Free software business model, they _will_ lose their monopoly position, so I can't see them doing that until they have already seriously lost that position anyway. Similarly, from a business perspective they need to be careful with interoperability since they don't want to promote the idea of replacing Microsoft products with competing ones. But what they do want is to enable Microsoft products to interoperate with the competing products in situations where people would be using the competing products anyway (and thus would avoid the MS products if they didn't interoperate).
Microsoft's monopoly position sucks for MS's competitors, MS's customers and MS's competitors' customers (who struggle to interoperate with MS's software and customers). However, their monopoly position is good for _them_ and they will protect it at all costs - to do so, they need to walk a very fine line.
However, even if MS decided to 100% embrace Free software (which, as mentioned above, they won't), they would still have a hard fight convincing the Free software community to accept them. This is because they have spent years time and time again making promises to the Free software community and then stabbing them in the back at the first opportunity - it will take them a lot of time and effort to prove that this isn't just another example of this behaviour (if indeed it isn't).
A philosophy is not an answer.
Pure philosophy is not the answer, but that philosophy has survived for a long time because it gives real, solid benefits for a lot of people.
This is meant on an entirely serious note... should we bring back public floggings for some offenses? I think that would be a lot more effective than the figurative slap on the wrist that is so often employed.
I'm of the opinion that instead of slapping teenagers with an ASBO, there's a lot to be said for putting them in stocks in the middle of the town. (yes, I'm being serious).
But of course, that would be humiliating and we can't possibly humiliate someone in front of their friends when they break the law...
Also, on a less serious note, it would improve the economy by allowing grocery shops to sell off their rotten fruit for the purpose of chucking at the damned yoofs.:)
Reading from DRAM is destructive - if you don't try to read then your data might be safe for a while, but if you can't refresh it after a read then the data will be trashed.
I'm not entirely convinced by the article's assertion that the hard disk will still be writing data after the DRAM refresh stops (remember - it doesn't matter that you are still DMAing data to the hard drive if the drive is never going to write it), but I wouldn't want to test it on my data.
Alice has a LAN with a computer on 192.168.0.1/24 and the router on 192.168.0.254/24. Alice's router's public address is 1.2.3.4/24 and the router's MAC address is c0:ff:ee:00:11:22.
Eve is on the same public subnet, with the address 1.2.3.100/24 (this is common when you are using cable instead of ADSL). Eve can send a packet addressed to 192.168.0.1 at MAC address c0:ff:ee:00:11:22. It will arrive at Alice's router, which will forward it to her computer.
It doesn't matter whether or not Alice's router is doing NAT since NAT only affects outgoing connections and this is an inbound connection - Alice's router is behaving as a normal IP router in this case. Most consumer NAT routers will do nothing to prevent this attack since they have no built in firewall (try it if you don't believe me).
A system behind a NAT device could sit forever because no incoming traffic would come to it without it making a connection request first.
Untrue.
For untargetted attacks, yes you'd be relatively safe. However, if someone is on the same global scope subnet (as is quite common in the case of cable connections), they can send packets into your network by addressing them to your internal (site-local scope) IP address and your router's MAC address.
What you need is a stateful firewall, which will actually block incoming connections - many NAT routers have no firewall and the only security you get is on the assumption that the router will never receive a packet destined for a private address.
The average DSL user, at least, is sitting behind a device which at the very least does NAT and probably has a firewall enabled as well.
I'm not convinced that is the case - lots of ISPs provide "free" USB ADSL modems (not network routers) - this sort of device will appear as an unfirewalled network interface. This might be changing now, with more people using 802.11, but I'm sure a lot of people are still using USB ADSL modems.
It's been some time since I had a cable connection and modem, but I'd be surprised if they weren't the same, these days.
Cable modems are usually just network bridges - if you want firewalling, NAT, etc. you need a separate router.
Whether you agree with them of not, hippies' (sometimes overzealous) efforts to bring to everyone's attention the effect humans have on the world is not ignorable.
So what's their solution? Kill off the whole human race?
Sure, no power generation method is perfect, but we should be selecting the best options rather than rejecting all of them.
Is the government not supposed to represent the people anymore? If it's as you say, and people don't care about the privacy of their data, the government shouldn't care either.
As well as respecting the majority's wishes, the government is required to protect minority groups too... I guess the people who give a damn about their data security are a minority group.
Also, whilst the majority of people don't seem to give a damn about protecting their data themselves, they are going to give a damn when it is used by criminals.
Also, "protecting people" from themselves is the job of a socialist government.
We're not talking about protecting people from themselves - we're talking about protecting people from organisations with poor security.
like doing business with companies with a history private data loss.
As I have repeatedly said before, very few of these companies have a *history* of data loss - there are just a lot of companies having a single incident. Just looking at a company's history does very little to tell you how secure your data is going to be.
Instead of paying the high up front cost for better security, companies will save the money and pay the fine. How does your plan get around that?
Because the fine can be be high enough that it is worth their while paying the ongoing security costs rather than risk the fine. This is much like insurance - you can opt to take out insurance, or you can opt to risk an enormous payout at some point in the future, most organisations take out insurance policies for lots of stuff so clearly they don't all choose to save money in the short term at the risk of a large cost later.
Is your argument really that insubstantial that you have to resort to hurling insults?
It's exactly the same idea if consumers drive the companies out of business for losing data, but without "big brother" looking out for everybody.
But that's just never going to happen - the majority of people are never going to consider the security of their data. Those of us who do care about security should not have to rely on everyone else to punish these organisations. The government's job is to protect people, or do you subscribe to the idea that we should abolish government sponsored law enforcement and just have vigilante justice instead?
It's a hell of a lot better motivation than a puny fine.
Who said anything about puny? I don't subscribe to the idea of shutting down a company for a single transgression, but I do think that fines should be big enough to make it worth the company's while to fix their security. This probably means you have to scale the fine according to the organisation involved, since a fine that would bankrupt a small company would be laughed off by a large international corporation.
Do you know why? It's because companies that lose data are never punished.
You seem to be changing your argument - you originally argued that companies shouldn't be fined because it is the data owner's responsibility to make sure the organisations they give the data to have good security practices. My argument was that finding out how good an organisation's security is before an incident occurs isn't really feasible for most people. You now seem to have changed to being pro-punishment, and thus now support my side of the debate - so which is it?
Not only is it hard to determine how good the security practices are of an organisation which has had no problems in the past, I also don't believe that you can claim that an organisation has got bad security because they had a single problem in the past - they may have learnt from their mistakes and thus have better security than organisations with a clean history. Sure, if an organisation has a history of regular security problems then they shouldn't be trusted, but that really isn't the case with most of these "data loss" stories.
How will the government fining companies for data loss change that?
Ah, and now you've gone back to your original argument that punishing organisations won't help - please make up your mind.
Fining organisations large amounts if they have poor security encourages them to adopt better security practices because it becomes cheaper to do so than pay the fine. If more organisations adopt better security practices because of the threat of large fines, customers won't _have_ to have a crystal ball to tell them which organisations to avoid.
I will admit that giving PII to a survey company is a bit crazy, but these data loss cases frequently involve organisations that have good reason to have this data - for example, you can't buy goods over the Internet without handing over various pieces of PII (credit card number, name, address, etc.), and you are legally required to submit information to government departments who then go and "lose" the data.
Would you have even taken your car there in the first place if you knew they had a history of having cars stolen out of the garage?
Most of the organisations who are losing data _don't_ have a history of losing data - there are just an awful lot of separate companies that have got crap security procedures which are being publicised for the first time.
Short of performing a full security audit on any company you hand any data to (clearly not feasible), what can you do? I certainly don't have a crystal ball that tells me which company will be the next to screw up.
You wouldn't give your car keys to a known car thief
But you would give your car keys to the garage who's servicing the car. If they fail to secure the keys properly and someone steals your car then why shouldn't the garage be held responsible?
Since most phone companies are on VoIP any way it should be pretty simple to convert over.
This really isn't the case I'm afraid. There is a migration towards VoIP, but the vast majority of the service providers aren't there yet. Many of the networks are starting to move to a halfway-house solution by moving their signalling networks over to SIGTRAN (basically SS7 over IP), whilst keeping the traditional voice circuits. I imagine that once there are a lot more SIGTRAN networks (and therefore more widespread IP infrastructure within the telephone networks), full VoIP will follow in the form of SIP, but I expect it'll be years before the majority of PSTN calls are handled entirely by an IP network.
An interesting project to keep an eye on is BT's 21CN (21st Century Network), which is an ongoing effort by BT to move their entire PSTN over to IMS (which means phone calls will be handled by SIP) - it is already in use in parts of Wales.
(I used to work on PSTN protocols - mainly SIGTRAN, which I have to say is not an especially well designed stack in my opinion).
So how much do you pay per month for your PSTN gateway, is it cheaper than Skype's pricing?
VoipUser provide free PSTN->IP gatewaying (non-geographic numbers) - I use that for running some services, such as voicemail. SIPGate also provide free PSTN->SIP gatewaying (geographic numbers) and charge for SIP->PSTN calls through a pay-as-you-go style system - look at their website for information about their tariffs.
If you use Skype, you are tied into using their software (which is only available on certain platforms) and Skype branded hardware (if you want a hardware phone). For talking to other people using VoIP, you can only talk to other Skype customers. If you want to gateway to the PSTN, you are tied into using Skype's own gateway. If you're not happy with the service, too bad - there's only one company that runs Skype servers, and that's Skype themselves. If you're not happy with the PSTN pricing, too bad - you're stuck using whatever pricing Skype decide on.
On the other hand, if you choose to use the industry standard protocol - SIP - you get to choose what software you want, and you can also pick from a vast selection of hardware phones and ATAs made by many manufacturers. You can place calls to any one connected to any SIP server on the internet (you can even set up your own server, and in certain network environments, you don't even need to use a server). If you want to call someone on the PSTN, there are literally hundreds of gateways - if you don't like the service or the pricing you can just change the gateway you're using.
For example buying an "unlocked" VoIP phone/system that isn't locked into Skype or any specific system, but which is open to any VoIP server.
The industry standard protocol is SIP (even the PSTN is starting to run on SIP in some parts of the world - it really is *the* standard). If you choose to use SIP, you can basically talk to pretty much anyone except Skype customers, because everyone except Skype uses the standard protocol. Skype chose to use a proprietary protocol for which they have released no specifications. As such there are basically two incompatible systems: there's Skype and there's everyone else.
Anyone know of any good VoIP-to-PSTN services that are cheaper/better than SkypeOut/In or whatever it's being called now?
There are literally hundreds of SIP-PSTN gateways - shop around for the best deals depending on what kind of calls you plan on making. I'm in the UK and use VoipUser to gateway a number of DDIs to my SIP server and SIPGate offer a reasonably priced outbound gateway.
Slashdot Mirror
They're trying to do better then they are at the moment (which is saying a lot - it may not be completely platform agnostic, but it's getting close).
How is it "getting close"? The iPlayer application is, and always has been Windows only. On non-Windows platforms you have to stream it (probably having to wait while it rebuffers every so often) at a much worse quality, and that's if your platform supports Flash. For platforms that don't support Flash you are SOL.
Sorry, but "you only get decent quality on one platform and crappy quality on a small number of other platforms" does not platform agnostic make. Not even close.
By using H.264 it should be possible to provide iPlayer to any platform capable of decoding video sooner or later.
In theory. I was a little worried that they didn't really make reference to DRM - I sincerely hope they won't be wrapping the H.264 stream in some crazy DRM that would limit it to a few specific platforms which they choose to support.
And they don't consider "works on Windows, Linux and OS X" to be the end of the game. They also support the iPod Touch/iPhone, Nintendo Wii, and Playstation 3 now.
Please provide a link to back this up - the BBC Trust reports on iPlayer have all pretty much universally equated "platform agnostic" to "Windows/Linux/OS X".
H.264 and AAC are open standards
Yes. The current iPlayer, however, is not.
it is just not free to implement.
It is free to implement in Europe, which is probably all the BBC cares about for a UK-only service like iPlayer.
I will respectfully disagree with your opinion of the 'license fee system' as my experience has lead me to believe that any service a government takes over and monopolizes ends up 1) delivering unsatisfactory service, 2) costing twice as much, and 3) leaving one with little to no recourse.
The BBC isn't the government, it is a separate organisation with a publicised mandate and its spending is regulated by the BBC Trust. Nor is it a monopoly - the broadcast TV market in the UK is in pretty healthy shape. We have 3 major non-BBC, non-subscription services (ITV, Channel 4 and Five), all of which run several channels (for example, ITV run ITV1, ITV2, ITV3, ITV4, ITV HD and various +1 channels, Channel 4 run C4, E4, Film 4, C4 HD and some +1 channels, Five run Five, Fiver, Five US and some +1 channels) and many minor non-subscription channels (which range from reasonable to absolute rubbish). We also have a large number of subscription channels.
As for cost, the BBC provides more value for money than subscription services for me (this obviously won't be true for everyone though). Almost everything I watch is on the BBC channels, Five, Channel 4, Sky One or Discovery. The only subscription channels in that collection are Sky One and Discovery, and I pay £17/month for the pair (that is for 2 channel packages from BSkyB - the packages include lots of other channels, all pretty much universally things I'm not interested in, but their pricing model means that I can't just pay for the 2 specific channels I want). The licence fee is about £11.63/month and I watch more content on the BBC channels than I do on the subscription channels. The BBC provide 5 TV channels (BBC 1, BBC 2, Three, Four and BBC HD), a large number of regional and national radio stations and an excellent website.
The way I see it, the "guaranteed" income from the TV licence better allows the BBC to do minority programming rather than aiming for the highest viewing figures and the lowest production costs, and allows them to take more risks on projects that purely commercial service providers might not want to take.
I do, however, think that the way the TV licensing is done could be improved quite a bit:
The BBC use the licence fee to provide a lot of non-TV services, for which you don't currently need a licence - for example, radio, the website, iPlayer, etc. It would seem fairer to impose a tax on every household, rather than just the ones with TVs. This would also reduce the administration costs, allowing the licence fee to be reduced and could be bundled in as part of the council tax payments that people already have to make on a per-household basis.
The current licence enforcement assumes that anyone without a licence is guilty of watching TV illegally (which may not be the case - the household may not have a TV, or may meet one of the exclusions which means they do not have to pay). The behaviour of the company contracted to do the enforcement (Capita) is very threatening and (IMHO) bordering on criminal. Bundling the TV licence in with the council tax would remove Capita, their costs and their borderline criminal behaviour from the equation.
Also, rather than funding the BBC entirely from the licence fee, there is something to be said for allowing a commercial arm to operate - fund BBC1, BBC2 and BBC HD from the licence fee. If the BBC find that a programme is extremely popular then it can be moved to a commercial BBC channel, which could support itself through advertising. Some of the advertising revenue can then be reinvested into the non-commercial channels (possibly by having the commercial side of the corporation "buy" the production from the non-commercial side).
Because Windows Media gave them tight DRM, to prevent easy rebroadcast
All the content on iPlayer has already been broadcast to the whole UK and a significant amount of Europe in the clear from the Astra 2D satellite at 28.2E - how does DRM help prevent rebroadcasting when the content has already been broadcast in the clear?
The answer is: it doesn't - the DRM on iPlayer is as pointless and badly thought out as the DRM on FreeSat (for those that don't know, the FreeSat HDTV specification requires that the ~1 metre cable between the receiver and the TV is HDCP encrypted, even though the broadcast itself travelled 72,000Km in the clear to get to the receiver).
The only possible reason I can see for them using DRM in either of these cases is so they can tell media execs that they use DRM, even though it serves no useful purpose to anyone in these cases.
The BBC have NO obligation to anyone, especially people who don't pay licence fee, to produce or adopt open source software.
They do, however, have an obligation to use open standards, since their mandate states that they must be platform agnostic. This is a requirement that they have chosen to ignore when producing iPlayer, and they have received a telling off from the BBC Trust. I hope that this news is a sign that they are going to stop ignoring their mandate.
how about you pick the best codec for the job, no one gives a crap about how open software is if it doesn't do the job as well.
I would take "not quite as good" over "doesn't work at all (because they won't support the platform I use)" any day... Especially since I'm having to pay for it anyway.
The BBC iPlayer, like Apple, is a company that is free to use DRM, just as you are free to choose not to pay for it.
Untrue. If I want to watch *any* TV, I am required to pay the licence fee, whether or not I choose to (or am able to) use iPlayer.
Additionally, the BBC has a mandate to provide a platform agnostic system, and when the BBC Trust approved iPlayer, making it platform agnostic was one of the terms of the approval. The BBC ignored this requirement and the BBC Trust pulled them up on it. The BBC then produced the Flash based iPlayer (streaming only, crappy quality) and declared that it now complied with the "platform agnostic" requirement - the BBC Trust disagreed since the Flash version provides a significantly different service to the Windows version.
Sadly, whilst the BBC Trust has ordered the BBC to comply with the requirement to make it platform agnostic, they have not set a deadline and have only stated they will review the situation on a 12 monthly basis. Also, it appears that the BBC Trust consider "platform agnostic" to mean "works on Windows, Linux and OS X" rather than "uses an open standard which can be implemented on any practicable platform", which is rather sad.
I am a supporter of the licence fee system, but not when my licence fee is used to pay for a system which is artificially restricted to a single platform (Windows) rather than meeting the BBC's mandate of being platform agnostic.
Yep. I saw this on Macgyver once. It apparently worked because it used up all the oxygen.
Explosives won't use up any oxygen since they contain their own oxidiser. The shock wave will, however, remove the fuel/air mix from the vicinity in much the same way as you blow out a candle.
They do it this way because the vast majority of people will just accept it...
Most people have quite a high threshold before they are willing to kick up a fuss and complain, so companies will target their first offer just below that threshold for the majority of users.
They don't _have_ to do anything - I can't see a reason why they would give you a better deal if you complain. If you were stupid enough to buy a licence to use some DRM'd media with no contractual guarantee that you would be able to use that media forever more, then it's your own problem - the vendor has no obligation to you.
Personally, I'm all for people getting screwed over as badly as possible with DRM since that's about the only way the DRM-buying public are going to work out that DRM is a Bad Thing and they should avoid it.
If my car was recalled due to a fault by the manufacturer, I would expect them to collect the car, provide an equivalent vehicle while the fault is remedied and then deliver the car. My time is valuable and anyone wanting my custom should respect that.
And while they pick themselves up off the floor from laughing too hard, they will realise you've never had a car recalled before...
what exactly does open source deliver?
It depends who you are:
End users:
It provides software at no cost. Now, some users may need support, which will cost them, but the chances are they don't need support on *all* their software (i.e. they might want to be able to phone someone up when the operating system breaks, but they are happy with having no support for their word processor.
Also, my experience as a software developer tells me that Open Source _code_ is usually of higher quality than proprietary code - it may not be as obvious to the end user as it is to a developer but I do honestly believe that in (most but not all) cases Free software is more secure, stable and feature-rich.
Another bonus, especially for businesses using the software, is that if you find that you need a feature you can go and contract a developer to write it for you instead of being held to ransom (or ignored) by the original vendor you got the software from.
Small to mid-sized computer businesses:
Businesses can use Free software to provide solutions to their customers - they can make money by selling the services, rather than the software.
For example, if a customer asks for some kind of system you have 3 options:
1. Write the system from scratch.
2. Licence a proprietary system.
3. Use a Free system.
Now, (1) is probably going to be a lot more expensive, so that is out. (2) and (3) are more or less comparable at this point, so long as they both have the features you need. Some time later the customer can come back and ask for some new feature - if you originally picked (2) then you may be screwed, whereas if you picked (3) you can add the feature and charge the customer for your time.
The "services" business model has, since the dawn of time, also had that subscription model that MS wants.
Huge software monopolies (e.g. Microsoft)
This is a lot more problematic - the Free software business model prohibits the abuse of a monopoly position, purely because someone else is always free to compete with an identical (or improved) product but with a lower cost or more favourable contractual terms. If you are producing Free software, you can't just put all the competition out of business and then stop improving your product for years (much as MS did for things like IE) - you will always have competition and staying ahead of the competition takes constant effort, but is good for the consumers as they see constant improvements instead of stagnation.
If Microsoft completely embrace the Free software business model, they _will_ lose their monopoly position, so I can't see them doing that until they have already seriously lost that position anyway. Similarly, from a business perspective they need to be careful with interoperability since they don't want to promote the idea of replacing Microsoft products with competing ones. But what they do want is to enable Microsoft products to interoperate with the competing products in situations where people would be using the competing products anyway (and thus would avoid the MS products if they didn't interoperate).
Microsoft's monopoly position sucks for MS's competitors, MS's customers and MS's competitors' customers (who struggle to interoperate with MS's software and customers). However, their monopoly position is good for _them_ and they will protect it at all costs - to do so, they need to walk a very fine line.
However, even if MS decided to 100% embrace Free software (which, as mentioned above, they won't), they would still have a hard fight convincing the Free software community to accept them. This is because they have spent years time and time again making promises to the Free software community and then stabbing them in the back at the first opportunity - it will take them a lot of time and effort to prove that this isn't just another example of this behaviour (if indeed it isn't).
A philosophy is not an answer.
Pure philosophy is not the answer, but that philosophy has survived for a long time because it gives real, solid benefits for a lot of people.
This is meant on an entirely serious note... should we bring back public floggings for some offenses? I think that would be a lot more effective than the figurative slap on the wrist that is so often employed.
I'm of the opinion that instead of slapping teenagers with an ASBO, there's a lot to be said for putting them in stocks in the middle of the town. (yes, I'm being serious).
But of course, that would be humiliating and we can't possibly humiliate someone in front of their friends when they break the law...
Also, on a less serious note, it would improve the economy by allowing grocery shops to sell off their rotten fruit for the purpose of chucking at the damned yoofs. :)
However, we've recently seen that RAM holds state well enough to preserve crypto keys thru a power cycle.
Reading from DRAM is destructive - if you don't try to read then your data might be safe for a while, but if you can't refresh it after a read then the data will be trashed.
I'm not entirely convinced by the article's assertion that the hard disk will still be writing data after the DRAM refresh stops (remember - it doesn't matter that you are still DMAing data to the hard drive if the drive is never going to write it), but I wouldn't want to test it on my data.
I don't think you understood what I was saying.
Alice has a LAN with a computer on 192.168.0.1/24 and the router on 192.168.0.254/24. Alice's router's public address is 1.2.3.4/24 and the router's MAC address is c0:ff:ee:00:11:22.
Eve is on the same public subnet, with the address 1.2.3.100/24 (this is common when you are using cable instead of ADSL). Eve can send a packet addressed to 192.168.0.1 at MAC address c0:ff:ee:00:11:22. It will arrive at Alice's router, which will forward it to her computer.
It doesn't matter whether or not Alice's router is doing NAT since NAT only affects outgoing connections and this is an inbound connection - Alice's router is behaving as a normal IP router in this case. Most consumer NAT routers will do nothing to prevent this attack since they have no built in firewall (try it if you don't believe me).
A system behind a NAT device could sit forever because no incoming traffic would come to it without it making a connection request first.
Untrue.
For untargetted attacks, yes you'd be relatively safe. However, if someone is on the same global scope subnet (as is quite common in the case of cable connections), they can send packets into your network by addressing them to your internal (site-local scope) IP address and your router's MAC address.
What you need is a stateful firewall, which will actually block incoming connections - many NAT routers have no firewall and the only security you get is on the assumption that the router will never receive a packet destined for a private address.
The average DSL user, at least, is sitting behind a device which at the very least does NAT and probably has a firewall enabled as well.
I'm not convinced that is the case - lots of ISPs provide "free" USB ADSL modems (not network routers) - this sort of device will appear as an unfirewalled network interface. This might be changing now, with more people using 802.11, but I'm sure a lot of people are still using USB ADSL modems.
It's been some time since I had a cable connection and modem, but I'd be surprised if they weren't the same, these days.
Cable modems are usually just network bridges - if you want firewalling, NAT, etc. you need a separate router.
For some of the more radical ones, it is. Really.
Doesn't seem to be a whole lot of point in saving the planet if there's no one around to experience it...
Whether you agree with them of not, hippies' (sometimes overzealous) efforts to bring to everyone's attention the effect humans have on the world is not ignorable.
So what's their solution? Kill off the whole human race?
Sure, no power generation method is perfect, but we should be selecting the best options rather than rejecting all of them.
Is the government not supposed to represent the people anymore? If it's as you say, and people don't care about the privacy of their data, the government shouldn't care either.
As well as respecting the majority's wishes, the government is required to protect minority groups too... I guess the people who give a damn about their data security are a minority group.
Also, whilst the majority of people don't seem to give a damn about protecting their data themselves, they are going to give a damn when it is used by criminals.
Also, "protecting people" from themselves is the job of a socialist government.
We're not talking about protecting people from themselves - we're talking about protecting people from organisations with poor security.
like doing business with companies with a history private data loss.
As I have repeatedly said before, very few of these companies have a *history* of data loss - there are just a lot of companies having a single incident. Just looking at a company's history does very little to tell you how secure your data is going to be.
Instead of paying the high up front cost for better security, companies will save the money and pay the fine. How does your plan get around that?
Because the fine can be be high enough that it is worth their while paying the ongoing security costs rather than risk the fine. This is much like insurance - you can opt to take out insurance, or you can opt to risk an enormous payout at some point in the future, most organisations take out insurance policies for lots of stuff so clearly they don't all choose to save money in the short term at the risk of a large cost later.
Are you really this dense?
Is your argument really that insubstantial that you have to resort to hurling insults?
It's exactly the same idea if consumers drive the companies out of business for losing data, but without "big brother" looking out for everybody.
But that's just never going to happen - the majority of people are never going to consider the security of their data. Those of us who do care about security should not have to rely on everyone else to punish these organisations. The government's job is to protect people, or do you subscribe to the idea that we should abolish government sponsored law enforcement and just have vigilante justice instead?
It's a hell of a lot better motivation than a puny fine.
Who said anything about puny? I don't subscribe to the idea of shutting down a company for a single transgression, but I do think that fines should be big enough to make it worth the company's while to fix their security. This probably means you have to scale the fine according to the organisation involved, since a fine that would bankrupt a small company would be laughed off by a large international corporation.
Do you know why? It's because companies that lose data are never punished.
You seem to be changing your argument - you originally argued that companies shouldn't be fined because it is the data owner's responsibility to make sure the organisations they give the data to have good security practices. My argument was that finding out how good an organisation's security is before an incident occurs isn't really feasible for most people. You now seem to have changed to being pro-punishment, and thus now support my side of the debate - so which is it?
Not only is it hard to determine how good the security practices are of an organisation which has had no problems in the past, I also don't believe that you can claim that an organisation has got bad security because they had a single problem in the past - they may have learnt from their mistakes and thus have better security than organisations with a clean history. Sure, if an organisation has a history of regular security problems then they shouldn't be trusted, but that really isn't the case with most of these "data loss" stories.
How will the government fining companies for data loss change that?
Ah, and now you've gone back to your original argument that punishing organisations won't help - please make up your mind.
Fining organisations large amounts if they have poor security encourages them to adopt better security practices because it becomes cheaper to do so than pay the fine. If more organisations adopt better security practices because of the threat of large fines, customers won't _have_ to have a crystal ball to tell them which organisations to avoid.
I will admit that giving PII to a survey company is a bit crazy, but these data loss cases frequently involve organisations that have good reason to have this data - for example, you can't buy goods over the Internet without handing over various pieces of PII (credit card number, name, address, etc.), and you are legally required to submit information to government departments who then go and "lose" the data.
Would you have even taken your car there in the first place if you knew they had a history of having cars stolen out of the garage?
Most of the organisations who are losing data _don't_ have a history of losing data - there are just an awful lot of separate companies that have got crap security procedures which are being publicised for the first time.
Short of performing a full security audit on any company you hand any data to (clearly not feasible), what can you do? I certainly don't have a crystal ball that tells me which company will be the next to screw up.
You wouldn't give your car keys to a known car thief
But you would give your car keys to the garage who's servicing the car. If they fail to secure the keys properly and someone steals your car then why shouldn't the garage be held responsible?
Since most phone companies are on VoIP any way it should be pretty simple to convert over.
This really isn't the case I'm afraid. There is a migration towards VoIP, but the vast majority of the service providers aren't there yet. Many of the networks are starting to move to a halfway-house solution by moving their signalling networks over to SIGTRAN (basically SS7 over IP), whilst keeping the traditional voice circuits. I imagine that once there are a lot more SIGTRAN networks (and therefore more widespread IP infrastructure within the telephone networks), full VoIP will follow in the form of SIP, but I expect it'll be years before the majority of PSTN calls are handled entirely by an IP network.
An interesting project to keep an eye on is BT's 21CN (21st Century Network), which is an ongoing effort by BT to move their entire PSTN over to IMS (which means phone calls will be handled by SIP) - it is already in use in parts of Wales.
(I used to work on PSTN protocols - mainly SIGTRAN, which I have to say is not an especially well designed stack in my opinion).
So how much do you pay per month for your PSTN gateway, is it cheaper than Skype's pricing?
VoipUser provide free PSTN->IP gatewaying (non-geographic numbers) - I use that for running some services, such as voicemail. SIPGate also provide free PSTN->SIP gatewaying (geographic numbers) and charge for SIP->PSTN calls through a pay-as-you-go style system - look at their website for information about their tariffs.
If you use Skype, you are tied into using their software (which is only available on certain platforms) and Skype branded hardware (if you want a hardware phone). For talking to other people using VoIP, you can only talk to other Skype customers. If you want to gateway to the PSTN, you are tied into using Skype's own gateway. If you're not happy with the service, too bad - there's only one company that runs Skype servers, and that's Skype themselves. If you're not happy with the PSTN pricing, too bad - you're stuck using whatever pricing Skype decide on.
On the other hand, if you choose to use the industry standard protocol - SIP - you get to choose what software you want, and you can also pick from a vast selection of hardware phones and ATAs made by many manufacturers. You can place calls to any one connected to any SIP server on the internet (you can even set up your own server, and in certain network environments, you don't even need to use a server). If you want to call someone on the PSTN, there are literally hundreds of gateways - if you don't like the service or the pricing you can just change the gateway you're using.
For example buying an "unlocked" VoIP phone/system that isn't locked into Skype or any specific system, but which is open to any VoIP server.
The industry standard protocol is SIP (even the PSTN is starting to run on SIP in some parts of the world - it really is *the* standard). If you choose to use SIP, you can basically talk to pretty much anyone except Skype customers, because everyone except Skype uses the standard protocol. Skype chose to use a proprietary protocol for which they have released no specifications. As such there are basically two incompatible systems: there's Skype and there's everyone else.
Anyone know of any good VoIP-to-PSTN services that are cheaper/better than SkypeOut/In or whatever it's being called now?
There are literally hundreds of SIP-PSTN gateways - shop around for the best deals depending on what kind of calls you plan on making. I'm in the UK and use VoipUser to gateway a number of DDIs to my SIP server and SIPGate offer a reasonably priced outbound gateway.