I wonder if it would be possible to have a non-compete agreement that prohibits employees from going to work at companies in the same area which require non-compete agreements but which allows employees to go to work at other companies if those companies do not require non-compete agreements.
The company I worked for in 1980 did away with passwords altogether for awhile.
Instead, when you logged on, the computer (PDP 11/70 with RSTS/E) would access your payroll data and ask you a question from it.
If you were lucky, it asked you something like your current address.
More often, it would ask things like how much was withheld from your paycheck for taxes in March of the previous year or what was your current year-to-date takehome pay.
Hardly anyone could log on without a copy of their payroll records handy.
After a while, it was changed back to doing the username and password.
It may be random looking, but it is necessarily less secure than the sentence with everything spelled out.
In some cases, you might have to do something like that if the maximum password length is too short, but if that is not a problem, than there is no advantage in terms of security to using abbreviations.
By the way, one helpful modification that is not too unnatural is to replace one or more words with their homophones to get:
I borrowed awl the books from the library! and red them both.
You can have easy to remember, well, relatively easy to remember, passwords that would be tough to crack.
My favorite approach is to create nonsense type phrases with some odd punctuation.
For example, something like:
I borrowed all the books from the library! and read them both.
or
An ultranet in a test tube is truly a fine thing to behold?
Or you could also take a favorite quote and modify it somewhat.
For example, instead of
The pen is of no avail against the sword, but the pen and the sword will always prevail over the sword alone.
by Albert Camus, how about
The cat is of no avail against the skunk, but the cat and the skunk will always prevail over the skunk alone.
Of course, you don't want to have to enter passwords like that too often.
it encourages people to write their passwords down and store them in what is probably a very insecure location!
Writing a password down is not that much of a problem. Most people will achieve greater security if they use a password complex enough that they really do need to write it down than if they choose an easy to remember password that they can easily remember.
But your point about the secure location is valid.
He was ordered by the judge at one point to create a working model of the idea for DSC/Alcatel.
My understanding is that the idea was over a better method of how to proceed. But most of what I know about this was from his web site and the rest from a mutual friend of ours who I used to see from time to time.
In 1976 or so, I wrote an IBM 360/370 disassembler for fun. I thought it was a novel idea, but it was Evan who told me that the name for it was a disassembler and that I wasn't the first. Considering that, I'm sure he knew about decompilers as well.
As for his stubborness, Evan is very stubborn or he would have abandoned the lawsuit long ago.
He was quite stubborn when I knew him back in the 70s (I haven't talked to him since 1979 or 1980). For example, he figured that if he took the final and made an A, he should make an A in the course even if the final was the first time he showed up to class. His profs generally didn't see things that way, but he was stubborn enough that it was nearly impossible to convince him otherwise.
However, the difference between success and failure is often nothing other than one's refusal to surrender to the inevitible. There are, of course, some exceptions to that such as the imposition of the legal system.
it is not clear that this is what Mr. Brown had, or that he was capable of creating this kind of software
Actually, Evan is one of the most capable and impressive software developers I've ever known.
If most people had made the statements that Evan made, I would not have believed them. But considering the source, if Evan claimed he could do it, I am quite confident that he could do it.
There is absolutely nothing wrong with using something a bit obscure to help fend off attacks.
The only time that "security through obscurity" is wrong is if that is your entire approach to security.
Even if you have the latest and greatest copy of the most secure software written to perform some service, there is always a possibility that there is something exploitable that is yet unknown.
Port knocking is an excellent way to greatly reduce the probability that someone will be able to use a newly discovered exploit from using it against your server before an update is available to fix the exploit.
Of course, if someone is in the right place and can monitor the network traffic from another computer somewhere along the path, they can discover the port knocking sequence. For that reason, you still need your normal security and you still need to keep the patches up to date.
But the result will still be a vastly improved possibility of avoiding an attack when a vulnerability is found.
Placing something under a GPL license is nothing like making it public domain.
Public domain means that the authors have surrendered their copyrights over the material.
With the GPL, the authors still retain full copyrights to the material. The license defines how you are permitted to use it. If you do not follow the license, you have no permission to use it.
You could do a challenge-response type system that asks the sender to correctly solve a math problem in order for their e-mail to be delivered.
What would you do if in order to send e-mail to your mother, you had to solve something like:
Find, with proof, the smallest positive integer n for which the sum of the digits of 29n is as small as posible.
or
Find a nonzero polynomial f(w,x,y,z) in the four indeterminates w, x, y, and z of minimum degree such that switching any two indeterminates in the polynomial gives the same polynomial except that its sign is reversed. For example, f(z,x,y,w)=-f(w,x,y,z). Prove that the degree of the polynomial is as small as possible.
And no white-lists. One e-mail, solve one problem; two e-mails, solve two problems; three e-mails, solve three problems;... .
This would turn sending e-mail into an adventure.
(The above problems used without permission from the National Security Agency's Mathematical Talent Search for high school students.)
No, because a CD-R is not a "digital audio recording medium" because section 1001(4) clearly defines them in such a way that they are used to make recordings by a "digital audio recording device" which by the definition of 1001(3) does not include computers.
If your analysis of the Audio Home Recording Act were correct, then at least one major label would have already sued the developers of CDex for contributory infringement.
I don't see how the use of CDex would come under the act. The act clearly does not deal with computers or with software running on computers used to record audio.
But making copies without the permission of the copyright owner is covered elsewhere in Title 17.
The legalese is rather tortuous, but I don't believe that 1008 permits making copies of CDs on a computer (or more accureately, prohibits infringement actions for doing so).
My interpretation of that section is that it refers to making live recordings using something like a digital tape recorder.
If you go back to the definitions in section 1001, a digital audio recording device is "any machine or device of a type commonly distributed to individuals for use by individuals, whether or not included with or as part of some other machine or device, the digital recording function of which is designed or marketed for the primary purpose of, and that is capable of, making a digital audio copied recording for private use".
From that, you might be able to argue that a sound card qualifies as a digital recording device.
However, if a sound card does qualify as a digital recording device, then it is illegal under Section 1002 to manufacture, import, or sell any such device in the United States because it does not use any system designed to prevent unauthorized copying.
Also, take a look at 1001 (4) which defines digital audio recording medium. This section explicitly excludes any medium that is primarily marketed and used to store programs and databases. From this, it seems quite clear that a computer hard drive does not qualify as a digital audio recording medium.
Here are the sections involved.
Section 1001 (3):
A ''digital audio recording device'' is any machine or device of a type commonly distributed to individuals for use by individuals, whether or not included with or as part of some other machine or device, the digital recording function of which is designed or marketed for the primary purpose of, and that is capable of, making a digital audio copied recording for private use, except for -
(A) professional model products, and
(B) dictation machines, answering machines, and other audio recording equipment that is designed and marketed primarily for the creation of sound recordings resulting from the fixation of nonmusical sounds.
Section 1001 (4)
(A) A ''digital audio recording medium'' is any material object in a form commonly distributed for use by individuals, that is primarily marketed or most commonly used by consumers for the purpose of making digital audio copied recordings by use of a digital audio recording device.
(B) Such term does not include any material object -
(i) that embodies a sound recording at the time it is first distributed by the importer or manufacturer; or
(ii) that is primarily marketed and most commonly used by consumers either for the purpose of making copies of motion pictures or other audiovisual works or for the purpose of making copies of nonmusical literary works, including computer programs or data bases.
Section 1002 (a)
Prohibition on Importation, Manufacture, and Distribution. -
No person shall import, manufacture, or distribute any digital audio recording device or digital audio interface device that does not conform to -
(1) the Serial Copy Management System;
(2) a system that has the same functional characteristics as the Serial Copy Management System and requires that copyright and generation status information be accurately sent, received, and acted upon between devices using the system's method of serial copying regulation and devices using the Serial Copy Management System; or
(3) any other system certified by the Secretary of Commerce as prohibiting unauthorized serial copying.
And Section 1008:
No action may be brought under this title alleging infringement of copyright based on the manufacture, importation, or distribution of a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium, or based on the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings
On the other hand, if you use a digital recorder to record everyone singing Happy Birthday to you on your birthday, the owner of the copyright to the song would not be allowed to file suit against you for infringement.
Unless you can either provide a reference to the code that makes it legal (and you can't because it just isn't there -- I looked) or a reference to one or more court cases in which the court specifically allowed the copying of music CDs as "fair use", you're just blowing smoke.
In fact, "fair use" allows you to copy small portions of works for certain purposes. Making backup copies is not one of those purposes.
Admittedly, you're not likely to be prosecuted for making a copy of something you own for your own use, but it is, nevertheless, illegal except specifically in the case of making a single backup copy of software.
Here is Title 17, Chapter 1, Section 107 regarding fair use:
Sec. 107. - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -
(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the copyrighted work.
The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors
And this is Title 17, Chapter 1, Section 117(a) which allows you to make a backup copy of software:
Sec. 117. - Limitations on exclusive rights: Computer programs
(a) Making of Additional Copy or Adaptation by Owner of Copy. -
Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
(1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or
(2) that such new copy or adaptation is for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful.
So put up or shut up. Provide one substantial legal reference (in other words, statuatory law or case law) in which "backing up" music is considered to be "fair use" and thus, not a copyright infringement.
The dependent claims are narrower than the independent claims.
Suppose you had a patent for a hard drive, the first claim might merely state that it is a device comprised of one or more platters, one or more read/write heads, and electronic components that is used to record and read information on the platter.
Then when it goes to court because of an infringement, the court might find the first claim too broad because it might also arguably cover the old LP record players and so claim 1 would be struck out.
But if you had a dependent claim, for the sake of argument, say claim 2, that claimed the invention of claim 1 in which the platter is made of a magnetic material, then you would still have a chance. Claim 1 may be gone for being overly broad, but claim 2 would still cover the invention.
Another claim could be the device of claim 1 in which the platter is made out of paper and the read/write heads punch holes in the paper and/or read the punched holes. Yet another claim might be for the device of claim 1 with the platter made out of an optical material and the read/write heads using laser to read and write from the platter.
In other words, the independent claims are the broadest claims and the dependent claims necessarily restrict the areas covered by the independent claims. They cannot broaden the independent claims.
This also brings up an important point. You could have a patent on a device without the rights to build it if there were underlying patents on the previous devices.
Suppose I had a patent on the hard drive but with only the one independent claim of it being comprised of one or more platters and one or more read/write heads and the necessary electronics. Suppose that you saw the advantages of having the platter made out of a magnetic media and patented that.
Then assuming you couldn't get my patent overturned, since I had the patent on the hard drive, you couldn't build a hard drive using magnetic media without paying me royalties. On the other hand, while I could build hard drives with non-magnetic media, if I were to build one with magnetic media, I would infringe on your patent and would have to pay you royalties.
I thought it a bit strange to find out that you could own a patent and not have the right to build, market, or sell the device in the patent.
The "HTML Viewer" claims apply to implementations. You don't have to violate all the claims -- any one will do.
For example, Claims 2 through 15 are dependent on Claim 1. Claim 11 (and other claims that depend on other independent claims) concerns the HTML Viewer.
There are also independent Claims 16, 31, 46, 61, 76, 91, 106, 121, 136, 151, 166, 181, 196,... with a number of dependent claims on each independent claim.
As I understand it, the reason for the dependent claims is in case the an independent claim gets shot down in court, they have the dependent claim to fall back on.
Thus, if claim 1 gets tossed, but the infringer is using an HTML viewer, they may still have a case with claim 11.
I suspect that in most cases, the copyright owners make most of the money on their copyrights in the first five years or so.
By ten years, most of the copyrights are nearly worthless.
I don't see any reason why copyrights should extend past twenty years.
If copyrights are the property of their owners, why not treat them as property and require that property taxes be paid on copyrights and allow the copyright owner to make the material public docmain if the property taxes exceed the income from the copyrights?
Slashdot Mirror
I wonder if it would be possible to have a non-compete agreement that prohibits employees from going to work at companies in the same area which require non-compete agreements but which allows employees to go to work at other companies if those companies do not require non-compete agreements.
The company I worked for in 1980 did away with passwords altogether for awhile.
Instead, when you logged on, the computer (PDP 11/70 with RSTS/E) would access your payroll data and ask you a question from it.
If you were lucky, it asked you something like your current address.
More often, it would ask things like how much was withheld from your paycheck for taxes in March of the previous year or what was your current year-to-date takehome pay.
Hardly anyone could log on without a copy of their payroll records handy.
After a while, it was changed back to doing the username and password.
That used to be a problem, but it shouldn't be a problem now.
It really depends on the hash method used.
I use blowfish which, I believe, allows passwords up to 128 characters.
It may be random looking, but it is necessarily less secure than the sentence with everything spelled out.
In some cases, you might have to do something like that if the maximum password length is too short, but if that is not a problem, than there is no advantage in terms of security to using abbreviations.
By the way, one helpful modification that is not too unnatural is to replace one or more words with their homophones to get:
I borrowed awl the books from the library! and red them both.
Those two are not necessarily related.
You can have easy to remember, well, relatively easy to remember, passwords that would be tough to crack.
My favorite approach is to create nonsense type phrases with some odd punctuation.
For example, something like:
I borrowed all the books from the library! and read them both.
or
An ultranet in a test tube is truly a fine thing to behold?
Or you could also take a favorite quote and modify it somewhat.
For example, instead of
The pen is of no avail against the sword, but the pen and the sword will always prevail over the sword alone.
by Albert Camus, how about
The cat is of no avail against the skunk, but the cat and the skunk will always prevail over the skunk alone.
Of course, you don't want to have to enter passwords like that too often.
Writing a password down is not that much of a problem. Most people will achieve greater security if they use a password complex enough that they really do need to write it down than if they choose an easy to remember password that they can easily remember.
But your point about the secure location is valid.
He was ordered by the judge at one point to create a working model of the idea for DSC/Alcatel.
My understanding is that the idea was over a better method of how to proceed. But most of what I know about this was from his web site and the rest from a mutual friend of ours who I used to see from time to time.
In 1976 or so, I wrote an IBM 360/370 disassembler for fun. I thought it was a novel idea, but it was Evan who told me that the name for it was a disassembler and that I wasn't the first. Considering that, I'm sure he knew about decompilers as well.
As for his stubborness, Evan is very stubborn or he would have abandoned the lawsuit long ago.
He was quite stubborn when I knew him back in the 70s (I haven't talked to him since 1979 or 1980). For example, he figured that if he took the final and made an A, he should make an A in the course even if the final was the first time he showed up to class. His profs generally didn't see things that way, but he was stubborn enough that it was nearly impossible to convince him otherwise.
However, the difference between success and failure is often nothing other than one's refusal to surrender to the inevitible. There are, of course, some exceptions to that such as the imposition of the legal system.
Actually, Evan is one of the most capable and impressive software developers I've ever known.
If most people had made the statements that Evan made, I would not have believed them. But considering the source, if Evan claimed he could do it, I am quite confident that he could do it.
I don't think anyone claimed that port knocking is the solution to all security problems.
Port knocking has one purpose - to hide services from casual or dedicated port scanners.
Anyone who does not know that the service is there because it is obscured by port knocking cannot attack it when a vulnerability is discovered.
As a result, your security is enhanced to some degree.
Another possibility would be to send one or more packets that appear to be legitimate answers to legitimate DNS queries.
One of the packets could even identify the particular IP address of the computer from which the connection will be made.
The first four sites on Arpanet were UCLA, Stanford, UCSB (University of California Santa Barbara), and University of Utah.
There is absolutely nothing wrong with using something a bit obscure to help fend off attacks.
The only time that "security through obscurity" is wrong is if that is your entire approach to security.
Even if you have the latest and greatest copy of the most secure software written to perform some service, there is always a possibility that there is something exploitable that is yet unknown.
Port knocking is an excellent way to greatly reduce the probability that someone will be able to use a newly discovered exploit from using it against your server before an update is available to fix the exploit.
Of course, if someone is in the right place and can monitor the network traffic from another computer somewhere along the path, they can discover the port knocking sequence. For that reason, you still need your normal security and you still need to keep the patches up to date.
But the result will still be a vastly improved possibility of avoiding an attack when a vulnerability is found.
I miswrote what I meant.
When I wrote "use", I was thinking in terms of those rights that the copyright holders control including copying, distributing, and modifying.
Placing something under a GPL license is nothing like making it public domain.
Public domain means that the authors have surrendered their copyrights over the material.
With the GPL, the authors still retain full copyrights to the material. The license defines how you are permitted to use it. If you do not follow the license, you have no permission to use it.
You could do a challenge-response type system that asks the sender to correctly solve a math problem in order for their e-mail to be delivered.
What would you do if in order to send e-mail to your mother, you had to solve something like:
or
And no white-lists. One e-mail, solve one problem; two e-mails, solve two problems; three e-mails, solve three problems; ... .
This would turn sending e-mail into an adventure.
(The above problems used without permission from the National Security Agency's Mathematical Talent Search for high school students.)
No, because a CD-R is not a "digital audio recording medium" because section 1001(4) clearly defines them in such a way that they are used to make recordings by a "digital audio recording device" which by the definition of 1001(3) does not include computers.
I don't see how the use of CDex would come under the act. The act clearly does not deal with computers or with software running on computers used to record audio.
But making copies without the permission of the copyright owner is covered elsewhere in Title 17.
I guess you're not a software developer, are you?
Data files are not software. They are data.
Software is executed by the computer, either directly or indirectly as commands.
Data files are not executed and they are not commands. They are interpreted by software.
That would seem to apply only if you don't read the rest of that chapter. If you do read the rest, it pretty clearly does not apply.
See the post further down for more detail.
The legalese is rather tortuous, but I don't believe that 1008 permits making copies of CDs on a computer (or more accureately, prohibits infringement actions for doing so).
My interpretation of that section is that it refers to making live recordings using something like a digital tape recorder.
If you go back to the definitions in section 1001, a digital audio recording device is "any machine or device of a type commonly distributed to individuals for use by individuals, whether or not included with or as part of some other machine or device, the digital recording function of which is designed or marketed for the primary purpose of, and that is capable of, making a digital audio copied recording for private use".
From that, you might be able to argue that a sound card qualifies as a digital recording device.
However, if a sound card does qualify as a digital recording device, then it is illegal under Section 1002 to manufacture, import, or sell any such device in the United States because it does not use any system designed to prevent unauthorized copying.
Also, take a look at 1001 (4) which defines digital audio recording medium. This section explicitly excludes any medium that is primarily marketed and used to store programs and databases. From this, it seems quite clear that a computer hard drive does not qualify as a digital audio recording medium.
Here are the sections involved.
Section 1001 (3):
Section 1001 (4)
Section 1002 (a)
And Section 1008:
On the other hand, if you use a digital recorder to record everyone singing Happy Birthday to you on your birthday, the owner of the copyright to the song would not be allowed to file suit against you for infringement.
That is not fair use.
Unless you can either provide a reference to the code that makes it legal (and you can't because it just isn't there -- I looked) or a reference to one or more court cases in which the court specifically allowed the copying of music CDs as "fair use", you're just blowing smoke.
In fact, "fair use" allows you to copy small portions of works for certain purposes. Making backup copies is not one of those purposes.
Admittedly, you're not likely to be prosecuted for making a copy of something you own for your own use, but it is, nevertheless, illegal except specifically in the case of making a single backup copy of software.
Here is Title 17, Chapter 1, Section 107 regarding fair use:
And this is Title 17, Chapter 1, Section 117(a) which allows you to make a backup copy of software:
So put up or shut up. Provide one substantial legal reference (in other words, statuatory law or case law) in which "backing up" music is considered to be "fair use" and thus, not a copyright infringement.
Not only is that argument invalid, it is also extremely ignorant.
The law specifically allows you to make a backup copy of software. Not CDs. Not music. Software.
In other words, making a backup copy of music is not protected under copyright law.
The dependent claims are narrower than the independent claims.
Suppose you had a patent for a hard drive, the first claim might merely state that it is a device comprised of one or more platters, one or more read/write heads, and electronic components that is used to record and read information on the platter.
Then when it goes to court because of an infringement, the court might find the first claim too broad because it might also arguably cover the old LP record players and so claim 1 would be struck out.
But if you had a dependent claim, for the sake of argument, say claim 2, that claimed the invention of claim 1 in which the platter is made of a magnetic material, then you would still have a chance. Claim 1 may be gone for being overly broad, but claim 2 would still cover the invention.
Another claim could be the device of claim 1 in which the platter is made out of paper and the read/write heads punch holes in the paper and/or read the punched holes. Yet another claim might be for the device of claim 1 with the platter made out of an optical material and the read/write heads using laser to read and write from the platter.
In other words, the independent claims are the broadest claims and the dependent claims necessarily restrict the areas covered by the independent claims. They cannot broaden the independent claims.
This also brings up an important point. You could have a patent on a device without the rights to build it if there were underlying patents on the previous devices.
Suppose I had a patent on the hard drive but with only the one independent claim of it being comprised of one or more platters and one or more read/write heads and the necessary electronics. Suppose that you saw the advantages of having the platter made out of a magnetic media and patented that.
Then assuming you couldn't get my patent overturned, since I had the patent on the hard drive, you couldn't build a hard drive using magnetic media without paying me royalties. On the other hand, while I could build hard drives with non-magnetic media, if I were to build one with magnetic media, I would infringe on your patent and would have to pay you royalties.
I thought it a bit strange to find out that you could own a patent and not have the right to build, market, or sell the device in the patent.
Not quite.
... with a number of dependent claims on each independent claim.
The "HTML Viewer" claims apply to implementations. You don't have to violate all the claims -- any one will do.
For example, Claims 2 through 15 are dependent on Claim 1. Claim 11 (and other claims that depend on other independent claims) concerns the HTML Viewer.
There are also independent Claims 16, 31, 46, 61, 76, 91, 106, 121, 136, 151, 166, 181, 196,
As I understand it, the reason for the dependent claims is in case the an independent claim gets shot down in court, they have the dependent claim to fall back on.
Thus, if claim 1 gets tossed, but the infringer is using an HTML viewer, they may still have a case with claim 11.
The coding error, if it existed, was minor.
The serious error was in switching to a new system with such clearly inadequate testing.
I suspect that in most cases, the copyright owners make most of the money on their copyrights in the first five years or so.
By ten years, most of the copyrights are nearly worthless.
I don't see any reason why copyrights should extend past twenty years.
If copyrights are the property of their owners, why not treat them as property and require that property taxes be paid on copyrights and allow the copyright owner to make the material public docmain if the property taxes exceed the income from the copyrights?