Vocal Support does not equal Popular
on
RIAA vs Linux and DVDs
·
· Score: 2, Informative
Grave mistake though it was, Prohabition was still an issue whose passage was sufficiently popular to overcome the step hurdles against amending the constitution.
Put down the moonshine and re-study your history. The Prohibition movement was far from a majority; they were an extremely vocal minority, sufficiently large and well organized to be able to swing elections, and motivated by a religious belief that the ends justified the means, pushed a large variety of bad science about the degree of harm of alcohol. The analogy to the prohibition may not be that bad after all, although the religious right in general and the intelligent design movement in particular are probably closer to the prohibition movement than the copyright forces.
They gave the ESRB an F for ratings accuracy because M games have gotten racier.
No, they gave an F because of the content of the Hot Coffee mod being on the disk. Of course, the detail that it wasn't accessible without a 3rd party patch (for the PC) or 3rd party "cheat code" hardware escapes them. The latter should concern parents more than the former... but frankly, I consider the sex depicted to be less offensive than the rest of the GTA game. Telling dumb oversexed teenage guys that "Failure to satisfy a woman is a CRIME!" is a message their (similarly afflicted) girlfriends are less likely to regret than anything else they might learn in the game.
no sexual relationship with the person you are going to marry before you marry them can, and does, cause divorces
Not as many as the lack of a sexual relationship after marriage. =)
It has been shown that the divorce rate among the most fundamentalist christians is TWICE that of the divorce rate among atheists and agnostics - and that the divorce rate between the two is pretty much linearaly related to the level of fundamentalism the couple is involved in.
My prejudices find that plausible, but I feel obligated to ask: source, please?
The good thing about small claims court is that lawyers are not allowed.
IANAL, but this is misleading. First, the rules vary from state to state. For example, NY used to require an attorney represent a corporation going to Small Claims Court (either as plaintiff or defendant), and allowed but did not require it for individuals. Other states allow private individuals to choose whether or not to have an attorney represent them; all, however, allow pro se representation in Small Claims — individuals never need a lawyer.
While it seems California does not allow attorney representation in SCC, they may consult with you before and after. Some states that don't allow attorney representation will permit having the attorney in the courtroom to advise; it doesn't look like CA allows that, however.
Second, while California does not allow a lawyer to be hired to represent a side in court, if a corporation has a lawyer already as an employee, they may send the lawyer (as an employee) as the representative. What are the odds that Sony has a lawyer employed? Hmmm....
You actually have to have been damaged in a way that cost you money in order to collect in small claims court.
Note that, if you do the system reinstallation yourself, you can usually try and collect reimbursement for that time at your normal hourly wage. This is easier if you do computer work on the side, but is still possible -- after all, this took your time, which has a demonstrated cash value.
If you win your case, you've not only made SONY liable for your damages (plus your court costs) you've also cost them probably more than your damages especially if they send one of their legal department lawyers.
Well... no. Corporate lawyers as I understand are usually salaried; they'd be paid regardless. Sony's really only out travel expenses. This only seriously costs Sony if enough people do it that Sony needs to hire more lawyers.
Let's see: someone tells you that the software you are blithely putting on other people's computers has a security flaw, one that potentially leaves millions of machines vulnerable to attack, and that's not considered "serious"?
In their defense, the ignoramuses at Sony may not have been told that in so many words. Their level of understanding has been clearly shown by the much hyped and once again relevant quote:
Most people, I think, don't even know what a Rootkit is, so why should they care about it?
Perhaps what he meant was: "I don't even know what a Rootkit is, so why should I care about it?"
F-Secure may have assumed someone around Sony ought to have half a clue about security, and would not need the term "rootkit" defined or the nasty security implications spelled out. Of course, this doesn't excuse the ignoramuses at Sony for being ignoramuses.
Clearly the implication is that Batman is the only man Superman is really afraid of.
Perhaps not the only, but definitely the most prominent. Also, in JLA#3 during the Hyperclan saga, there's a classic exchange about Batman, while he's off quietly picking off Hyperclan stragglers:
Protex: "He's just one man!"
Superman: "The most dangerous man on Earth..."
...a special top-level-domain for porn, something like the.xxx domain that was proposed (and rejected IIRC) [...] would have almost no technical issues and be just as easy to block as this braindead proposal.
Well... not quite. Blocking *.xxx names from a DNS server would not prevent one from accessing questionable sites directly by IP address. Of course, with many wesites sharing IP addresses via virtual servers, that access doesn't work so well these days... and requiring such sharing (with the default IP address site being clean) might not be too onerous a regulatory measure. And there's the additional problem that ISPs would have pressure to block DNS queries to XXX, which in the future would relegate a complete DNS feed to the same bin as a complete NNTP feed is these days: rare, premium pay, and mostly the province of perverts. But these are fairly minor socio-technical issues.
The real problem with the Orem loon's suggestion is that of those 65000 "channels" she refers to, a lot already have dedicated traffic, and we need some for on-the fly outgoing connections. (Although removing all outgoing port connections would clean up the internet completely....) Still, the Port 30 suggestion above is about as good as this could hope for.
It was short sighted of the Bush administration to block the XXX domain. I suspect the main problem is that they don't want ANY sexually explict material out there, and the XXX domain would "legitimize" it. On the other hand, considering how whitehouse.com looked for a couple years, I can only imaging what whitehouse.xxx would turn out to be like. Maybe that worry was really behind their objection....
An article predicting the current problem (as a minor aside!) was published in Rolling Stone magazine back in 1972; the RIAA has had more than thirty years warning about this.
Since huge quantities of information can be computer-digitalized and transmitted, music researchers could, for example, swap records over the Net with "essentially perfect fidelity." So much for record stores (in present form). From SPACEWAR:
Fanatic Life and Symbolic Death Among the Computer Bums.
"A failure to plan on your part does not constitute an
emergency on my part."
It's a lot more likely that the dinosaurs are millions of years old, rather than that the entire Earth was created only 8K years ago and God put the fossils there to confound the unbelievers.
It was a trademark issue. I can't see any trademark-related reason why Apple can't start a wholly-owned label called "iTunes Records" or the like as long as no Apple logo appears on the packaging.
The settlement agreement over the original trademark issue included terms saying Apple Computer would not enter the music business. AppleComp paid additional money out to AppleCorp in the early 90s, when they started producing computers that could play music from the speakers. The lawyers are currently talking; rumors about the settlement say it may involve BILLIONS in cash, large blocks of AppleComp stock, and a possible seat on Apple's board for McCartney, but only time (and a careful examination of the Apple quarterly SEC reports) will tell.
Starting their own record label might be possible after the new agreement, but before then it would be a blatant violation of the existing agreement about not entering the music business.
I've NEVER had a problem with Usenet.
You know why? Because it's also a community, like any other.
Actually, it's a LOT of communities... plus a lot of noise in the signal from Spam. It's a pity no-one assassinated Cantor and Siegel in a timely fashion; it's far too late to do any good now.
They believe demand will be constant no matter what price is or quality of the product.
...that is, that they have a product with a high degree of price inelasticity of demand (although record execs don't hvae the sophisticated vocabulary). The problem is they don't realize the cross elasticity of substitute products.
OK, so assume that RIAA member company Three Initial Recording (TIR) have a lock-in recording contract with the hottest band around, the Hong Kong Cavaliers. TIR makes a fistful of buckaroos from every one of HKC CDs they sell. But music from iTunes is a really close substitute, if not a superior replacement; changes in prices of one will affect the sales of the other pretty easily. Raising prices so as not to undercut sales makes sense to TIR.
The problem is, there are other substitutable choices besides CD and iTunes. TIR considers DRM-Rootkitted music disks: consumers don't like those much, but most are easily confused sheep, so the substitutibility is fairly good until ingenious folk at Sysinternals notice. Maybe they try it, maybe not.
There's live concert performances... but that's not a good substitute for most working stiffs who want to listen to the band at any given time of day, and the HKC can only do so many concerts; TIR can live with that.
There's music from other bands; although some folk feel there is no alternative to the HKC's unique sound, others are just as happy listening to Electric Mayhem, who are signed with another RIAA member. Well, it's within the cartel. But the band Disaster Area tends to have a wide overlap in the fan base, and they've not only working with an independent studio, they took pot shots with a sniper rifle at the last TIR contract rep who tried to persuade them to join up. Hmm...
And really, any form of entertainment might be a substitute; cheap, safe, designer hallucinogens might leave everyone just sitting around giggling at their fingers, but the War on Drugs makes most people stay away. Movies are another alternative, but the MPAA has enough overlap and common interest that they're not likely to be a deliberate threat. Books... well, nobody reads those any more. Video games are a growing problem, but they look to be gelling into a cartel pretty soon.
But that leaves the big one: there's pirate copies of the music, in all of their many forms. Recorded live in concert while in the audience. Sketchy dealers on NY sidewalks selling counterfeit CDs. Music ripped to MP3/Ogg/FOO format and traveling over the internet by FTP, HTTP, NNTP, KaZaa, BitTorrent, and the six surviving Gopher sites. Yes, it's illegal... but cheaper, all the way down to free. The extra costs are only to the pirate's self respect (which there's less to lose of each time they give in) and if they get caught. And almost EVERYBODY is doing it.
Some flexibility in pricing might help both Apple and the RIAA, especially if they put more of the long tail up on iTunes (which would probably be the best way to grow revenue), with opportunities for having sales, and making a litte more on the megahits. (Yeah, bands with gold albums probably ought to be going for $1.25 IMHO). But my back-of-the-hand guess is that if the average price (weighted by number of sales) of iTunes song starts rising, there will be more "sales" really lost to piracy, as opposed to the RIAA claimed losses. And with those short-term real losses come longer term erosion to the foundation social mores (EG: piracy=theft=bad) that the music industry is reliant on. And that is something TIR and the other RIAA members aren't factoring in on their economics.
Bush administration evil... but... music industry evil.... can't side with Bush... but can't side with Sony..... aaaghhh!!!
There's evil, and there's evil. At least one version of the story of the Irish Jack O'Lantern has the devil refusing to let Jack into hell because Jack is a bastard so evil that even the devil himself can't stand him.
If it's not only bad enough to worry us, but the oh-so-corporate-freindly Bush administration, someone at Sony may need to find a turnip.
This odd 90 days which the Police told Tony Blair that they can break any encryption in. They can't - it's impossible!
Well... yes, and no. 90 days gives sufficient time for an dedicated attack that should break anything that will be breakable: the human-factors attacks.
- There'll be multiple encrypted files, particularly if they are encrypting their communications (guilty or not guilty). Each one would need 90 days.
Very few of even the most paranoid cypherpunks I know use multiple keys; I don't know any who use more than five. If you crack one file, you've probably figured out the key the suspect uses for at least 20% of the data.
- They'll not know the encryption algorithm in all cases, so would need to try every one. Each one would need 90 days.
Not necessarily. There would be a few leading suspects; generally starting with any crypto software with signs of ever being installed on the hard drive, along with a couple really widely used ones. (GPG/PGP, OS X's FileVault, a couple others). Unless you're dealing with the hacker equivalent of the Unibomber-- a lone genius working in isolation-- you're probably dealing with a widely shared algorithm. Furthermore, while many of the messages can't be decrypted, many standard encryption methods put enough metadata in to allow identifying the algorithm.
- There are HUNDREDS of encryption algorithms that use such large keys that you can't realistically expect to crack the password in 90 years, let alone 90 days.
True. But most people don't use raw keys; memorizing a pair of 600 hexit prime numbers is a bit of a challenge. Most people use a password. Clever ones use a passphrase. And 90 days gives you time for a seriousdictionary attack. Of course, 90 days isn't enough time for breaking the password of a professional paranoid; but the cops are looking for something the suspect could have memorized... which may limit the scope. In 90 days, a high-end single-CPU ought to be able to crack any 8 character password. A phrase dictionary could tie up a few more machines trying for something longer. A search of every piece of paper in the suspects entire apartment might also be fruitful... but I don't think either US or UK powers allow that without SOME other evidence.
And it's still possible to take one and write your own with an even longer key. (The details of which would be secret so they couldn't crack it in the first place anyway).
Actually, this might be what the police are hoping for. Most crypto systems developed by amateurs are "easily" broken by professionals. Of course, by "easily', I mean "in a month or so".
Myself, when I'm feeling paranoid, I use GPG from a bootable CD on a non-networked PC, a 4096 bit keypair with the private key stored on a USB flash drive I carry (two backup copies exist, located... er, hither and yonder), with the passphrase to access the private key being a simple number.
Of course, by "simple", I mean "a prime number 25 base-sixteen hexits long". I estimate a dedicated planet-wide effort might crack it in 100 years... most of which time should be devoted to developing a quantum computer for a direct assault on the RSA algorithm.
Scientology being taught in schools is the last thing scientologists want.
Depends on whether or not they can keep an exclusive license for producing the educational materials, and still maintain their current prices. I'm sure the CoS would be delighted to have using their materials remain expensive, and become mandatory for every high school kid.
that's about 3.25/hour. The lag for me was in waiting for the images
That's not even enough to get kids in the US to do it for pocket money. I'd bet it's also set up as contract work, so Amazon doesn't need to pay the Social Security contribution or take out any other taxes; contractors are required to handle that themselves to stay legal under US tax law.
However, it might be decent money in some parts of the global economy, so many might not be subject to US tax law. (Or are they?) Of course, for the contractor there's the capital cost of a computer and monitor, and the question of how the economics changes if high speed network connections aren't available, and for the employer there's the problem of paying someone to write up the HIT descriptions..
The economics might sound viable to me at about double the pay rate; I don't think that the described current pay rates give a business model that will last over a year.
I'll play with it the next time my insomnia is acting up.
Empirical evidence suggests otherwise
on
Reining in Google
·
· Score: 2, Insightful
Indexing a printed work in no leads to the user actually doing anything that will make money for the person(s) responsible for that work.
Doing anything like, oh... buying the book?
While O'Reilly Books are seriously cool people, they aren't publishing just for the fun of it. They're out to make some money (although they're not completely averse to having fun while doing it). They're also, judging by bookshelves in local geek circles and by the cover prices I've been paying, doing a decent job of it.
I would also suggest you (and Schroeder and Barr) play with Google Scholar before sounding off. Google is already indexing copyrighted materials, many of which are in journals that cost a couple hundred bucks a year to subscribe to. However, they don't show the full text of the article in many cases (unless the publisher wants to). You will see the usual two lines worth of context, and there's usually a link to an abstract. If you search from a.edu IP address, your school may have a electronic subscription that Google will link to. Otherwise... get up off your lazy backside and get thee to a library. When Schroeder and Barr are wondering what Google may mean by "Snippets", this ought to give them a clue about what Google plans to do. Google's lawyers are not stupid; I'd be suprised if even full paragraphs show up on material not yet lasped to the public domain.
I'll also note that Google Scholar has a distinct lack of ads on it. The Google Library might not be ad-free, but it will probably be limited to ads trying to sell books or related materials. Gee, what might that do for the publishing industry?
The fish wrapper, or the birdcage liner?
on
Reining in Google
·
· Score: 1
The Washington Times != The Washington Post. One is a bastion of DC journalism. The other is only slightly better than a tabloid.
Um... is there really much difference between DC journalism and the tabloids these days?
It's actually never legally allowed to require a social security number; "they" can request it, but not demand it, unless "they" are a government agency
Not quite true; a few are legally required to have it (EG: your bank, which is required to file tax forms with the IRS), but there aren't a lot. Government agencies entitled to ask are also required to provide the statute that says that they can.
in fact, on various forms, I give any of three different names (with or without my middle name, or with middle and first transposed) with my SSN.
You are in general legally allowed to use whatever name you want as an alias, save for purposes of committing criminal fraud. (EG; Johann Gambolputty de von...) I routinely give any of the 26 letter of the alphabet for my middle initial, in order to see where my junk mail comes from. A former freind of mine a few years back had secondary credit cards issued in the name of his SCA persona; he has a blast with telemarketers, since anyone asking for the persona gets to talk with someone extremely patient and polite... but utterly unfamiliar with anything that's happened since 1536. =)
But giving a false SSN (as opposed to a legal alias) is a different story, likely to be a headache for any living legitimate holder of that number (making Nixon's a good choice), and may be criminal fraud under some circumstances. If you're going to play games like that, be sure to check the law carefully first.
....given that there have been a handful of remote arbitrary code exploits for the Mac since moving to OS X......
Don't all of these need to have admin/root access to write themselves into the system?
Checking back, not exactly. While no single exploit would allow a remote attacker to execute arbitrary code with root privileges, there were several patches (EG: this one) where one hole would allow a remote attacker to execute arbitrary code, and a second hole would allow escalation to root privileges.
Also to be more exact, these were potential exploits only: major security holes in the OS that were patched. As far as I know, no demonstration of these exploits — code that actually makes use of such weaknesses — have been publicly released. That distinction is not overly reassuring to my concerns from where I sit.
Slashdot Mirror
Put down the moonshine and re-study your history. The Prohibition movement was far from a majority; they were an extremely vocal minority, sufficiently large and well organized to be able to swing elections, and motivated by a religious belief that the ends justified the means, pushed a large variety of bad science about the degree of harm of alcohol. The analogy to the prohibition may not be that bad after all, although the religious right in general and the intelligent design movement in particular are probably closer to the prohibition movement than the copyright forces.
No, they gave an F because of the content of the Hot Coffee mod being on the disk. Of course, the detail that it wasn't accessible without a 3rd party patch (for the PC) or 3rd party "cheat code" hardware escapes them. The latter should concern parents more than the former... but frankly, I consider the sex depicted to be less offensive than the rest of the GTA game. Telling dumb oversexed teenage guys that "Failure to satisfy a woman is a CRIME!" is a message their (similarly afflicted) girlfriends are less likely to regret than anything else they might learn in the game.
Not as many as the lack of a sexual relationship after marriage. =)
It has been shown that the divorce rate among the most fundamentalist christians is TWICE that of the divorce rate among atheists and agnostics - and that the divorce rate between the two is pretty much linearaly related to the level of fundamentalism the couple is involved in.
My prejudices find that plausible, but I feel obligated to ask: source, please?
IANAL, but this is misleading. First, the rules vary from state to state. For example, NY used to require an attorney represent a corporation going to Small Claims Court (either as plaintiff or defendant), and allowed but did not require it for individuals. Other states allow private individuals to choose whether or not to have an attorney represent them; all, however, allow pro se representation in Small Claims — individuals never need a lawyer.
While it seems California does not allow attorney representation in SCC, they may consult with you before and after. Some states that don't allow attorney representation will permit having the attorney in the courtroom to advise; it doesn't look like CA allows that, however.
Second, while California does not allow a lawyer to be hired to represent a side in court, if a corporation has a lawyer already as an employee, they may send the lawyer (as an employee) as the representative. What are the odds that Sony has a lawyer employed? Hmmm....
You actually have to have been damaged in a way that cost you money in order to collect in small claims court.
Note that, if you do the system reinstallation yourself, you can usually try and collect reimbursement for that time at your normal hourly wage. This is easier if you do computer work on the side, but is still possible -- after all, this took your time, which has a demonstrated cash value.
If you win your case, you've not only made SONY liable for your damages (plus your court costs) you've also cost them probably more than your damages especially if they send one of their legal department lawyers.
Well... no. Corporate lawyers as I understand are usually salaried; they'd be paid regardless. Sony's really only out travel expenses. This only seriously costs Sony if enough people do it that Sony needs to hire more lawyers.
In their defense, the ignoramuses at Sony may not have been told that in so many words. Their level of understanding has been clearly shown by the much hyped and once again relevant quote:
Perhaps what he meant was: "I don't even know what a Rootkit is, so why should I care about it?"F-Secure may have assumed someone around Sony ought to have half a clue about security, and would not need the term "rootkit" defined or the nasty security implications spelled out. Of course, this doesn't excuse the ignoramuses at Sony for being ignoramuses.
Perhaps not the only, but definitely the most prominent. Also, in JLA#3 during the Hyperclan saga, there's a classic exchange about Batman, while he's off quietly picking off Hyperclan stragglers:
Well... not quite. Blocking *.xxx names from a DNS server would not prevent one from accessing questionable sites directly by IP address. Of course, with many wesites sharing IP addresses via virtual servers, that access doesn't work so well these days... and requiring such sharing (with the default IP address site being clean) might not be too onerous a regulatory measure. And there's the additional problem that ISPs would have pressure to block DNS queries to XXX, which in the future would relegate a complete DNS feed to the same bin as a complete NNTP feed is these days: rare, premium pay, and mostly the province of perverts. But these are fairly minor socio-technical issues.
The real problem with the Orem loon's suggestion is that of those 65000 "channels" she refers to, a lot already have dedicated traffic, and we need some for on-the fly outgoing connections. (Although removing all outgoing port connections would clean up the internet completely....) Still, the Port 30 suggestion above is about as good as this could hope for.
It was short sighted of the Bush administration to block the XXX domain. I suspect the main problem is that they don't want ANY sexually explict material out there, and the XXX domain would "legitimize" it. On the other hand, considering how whitehouse.com looked for a couple years, I can only imaging what whitehouse.xxx would turn out to be like. Maybe that worry was really behind their objection....
6009 years, 1 month, 1 day, and (checks watch) about 14 hours; and those skeletons are a joke of God's that the palentologists haven't gotten yet. You'd think examining the duckbill platypus would give folk a hint about Her sense of humor, but the fundamentalists don't seem to understand that either.
The settlement agreement over the original trademark issue included terms saying Apple Computer would not enter the music business. AppleComp paid additional money out to AppleCorp in the early 90s, when they started producing computers that could play music from the speakers. The lawyers are currently talking; rumors about the settlement say it may involve BILLIONS in cash, large blocks of AppleComp stock, and a possible seat on Apple's board for McCartney, but only time (and a careful examination of the Apple quarterly SEC reports) will tell.
Starting their own record label might be possible after the new agreement, but before then it would be a blatant violation of the existing agreement about not entering the music business.
Americans speak something in between: a language of highly focused, unruly, inbred, goat-humping, warriors and scholars. BooRAH!
You'll make an Algebraic Topologist whine.
Actually, it's a LOT of communities... plus a lot of noise in the signal from Spam. It's a pity no-one assassinated Cantor and Siegel in a timely fashion; it's far too late to do any good now.
OK, so assume that RIAA member company Three Initial Recording (TIR) have a lock-in recording contract with the hottest band around, the Hong Kong Cavaliers. TIR makes a fistful of buckaroos from every one of HKC CDs they sell. But music from iTunes is a really close substitute, if not a superior replacement; changes in prices of one will affect the sales of the other pretty easily. Raising prices so as not to undercut sales makes sense to TIR.
The problem is, there are other substitutable choices besides CD and iTunes. TIR considers DRM-Rootkitted music disks: consumers don't like those much, but most are easily confused sheep, so the substitutibility is fairly good until ingenious folk at Sysinternals notice. Maybe they try it, maybe not.
There's live concert performances... but that's not a good substitute for most working stiffs who want to listen to the band at any given time of day, and the HKC can only do so many concerts; TIR can live with that.
There's music from other bands; although some folk feel there is no alternative to the HKC's unique sound, others are just as happy listening to Electric Mayhem, who are signed with another RIAA member. Well, it's within the cartel. But the band Disaster Area tends to have a wide overlap in the fan base, and they've not only working with an independent studio, they took pot shots with a sniper rifle at the last TIR contract rep who tried to persuade them to join up. Hmm...
And really, any form of entertainment might be a substitute; cheap, safe, designer hallucinogens might leave everyone just sitting around giggling at their fingers, but the War on Drugs makes most people stay away. Movies are another alternative, but the MPAA has enough overlap and common interest that they're not likely to be a deliberate threat. Books... well, nobody reads those any more. Video games are a growing problem, but they look to be gelling into a cartel pretty soon.
But that leaves the big one: there's pirate copies of the music, in all of their many forms. Recorded live in concert while in the audience. Sketchy dealers on NY sidewalks selling counterfeit CDs. Music ripped to MP3/Ogg/FOO format and traveling over the internet by FTP, HTTP, NNTP, KaZaa, BitTorrent, and the six surviving Gopher sites. Yes, it's illegal... but cheaper, all the way down to free. The extra costs are only to the pirate's self respect (which there's less to lose of each time they give in) and if they get caught. And almost EVERYBODY is doing it.
Some flexibility in pricing might help both Apple and the RIAA, especially if they put more of the long tail up on iTunes (which would probably be the best way to grow revenue), with opportunities for having sales, and making a litte more on the megahits. (Yeah, bands with gold albums probably ought to be going for $1.25 IMHO). But my back-of-the-hand guess is that if the average price (weighted by number of sales) of iTunes song starts rising, there will be more "sales" really lost to piracy, as opposed to the RIAA claimed losses. And with those short-term real losses come longer term erosion to the foundation social mores (EG: piracy=theft=bad) that the music industry is reliant on. And that is something TIR and the other RIAA members aren't factoring in on their economics.
There's evil, and there's evil. At least one version of the story of the Irish Jack O'Lantern has the devil refusing to let Jack into hell because Jack is a bastard so evil that even the devil himself can't stand him.
If it's not only bad enough to worry us, but the oh-so-corporate-freindly Bush administration, someone at Sony may need to find a turnip.
Well... yes, and no. 90 days gives sufficient time for an dedicated attack that should break anything that will be breakable: the human-factors attacks.
- There'll be multiple encrypted files, particularly if they are encrypting their communications (guilty or not guilty). Each one would need 90 days.
Very few of even the most paranoid cypherpunks I know use multiple keys; I don't know any who use more than five. If you crack one file, you've probably figured out the key the suspect uses for at least 20% of the data.
- They'll not know the encryption algorithm in all cases, so would need to try every one. Each one would need 90 days.
Not necessarily. There would be a few leading suspects; generally starting with any crypto software with signs of ever being installed on the hard drive, along with a couple really widely used ones. (GPG/PGP, OS X's FileVault, a couple others). Unless you're dealing with the hacker equivalent of the Unibomber-- a lone genius working in isolation-- you're probably dealing with a widely shared algorithm. Furthermore, while many of the messages can't be decrypted, many standard encryption methods put enough metadata in to allow identifying the algorithm.
- There are HUNDREDS of encryption algorithms that use such large keys that you can't realistically expect to crack the password in 90 years, let alone 90 days.
True. But most people don't use raw keys; memorizing a pair of 600 hexit prime numbers is a bit of a challenge. Most people use a password. Clever ones use a passphrase. And 90 days gives you time for a seriousdictionary attack. Of course, 90 days isn't enough time for breaking the password of a professional paranoid; but the cops are looking for something the suspect could have memorized... which may limit the scope. In 90 days, a high-end single-CPU ought to be able to crack any 8 character password. A phrase dictionary could tie up a few more machines trying for something longer. A search of every piece of paper in the suspects entire apartment might also be fruitful... but I don't think either US or UK powers allow that without SOME other evidence.
And it's still possible to take one and write your own with an even longer key. (The details of which would be secret so they couldn't crack it in the first place anyway).
Actually, this might be what the police are hoping for. Most crypto systems developed by amateurs are "easily" broken by professionals. Of course, by "easily', I mean "in a month or so".
Myself, when I'm feeling paranoid, I use GPG from a bootable CD on a non-networked PC, a 4096 bit keypair with the private key stored on a USB flash drive I carry (two backup copies exist, located... er, hither and yonder), with the passphrase to access the private key being a simple number.
Of course, by "simple", I mean "a prime number 25 base-sixteen hexits long". I estimate a dedicated planet-wide effort might crack it in 100 years... most of which time should be devoted to developing a quantum computer for a direct assault on the RSA algorithm.
Depends on whether or not they can keep an exclusive license for producing the educational materials, and still maintain their current prices. I'm sure the CoS would be delighted to have using their materials remain expensive, and become mandatory for every high school kid.
One little problem with that:
- can you count?
People are not so good at noticing stuff when concentrating on something else...
That's not even enough to get kids in the US to do it for pocket money. I'd bet it's also set up as contract work, so Amazon doesn't need to pay the Social Security contribution or take out any other taxes; contractors are required to handle that themselves to stay legal under US tax law.
However, it might be decent money in some parts of the global economy, so many might not be subject to US tax law. (Or are they?) Of course, for the contractor there's the capital cost of a computer and monitor, and the question of how the economics changes if high speed network connections aren't available, and for the employer there's the problem of paying someone to write up the HIT descriptions..
The economics might sound viable to me at about double the pay rate; I don't think that the described current pay rates give a business model that will last over a year.
I'll play with it the next time my insomnia is acting up.
The correct phrase is Cheap-Labor Conservative.
Doing anything like, oh... buying the book?
While O'Reilly Books are seriously cool people, they aren't publishing just for the fun of it. They're out to make some money (although they're not completely averse to having fun while doing it). They're also, judging by bookshelves in local geek circles and by the cover prices I've been paying, doing a decent job of it.
So why does O'Reilly Books have the entire (conventional) index of a HELL of a lot of their books available on the web? Free. No charge. Google searchable even. Why? Well, they might be trying to drum up interest in the Safari on-line library, but I don't think that's it. I think that, like Baen's Free Library, they "expect this to make us money by selling books".
I would also suggest you (and Schroeder and Barr) play with Google Scholar before sounding off. Google is already indexing copyrighted materials, many of which are in journals that cost a couple hundred bucks a year to subscribe to. However, they don't show the full text of the article in many cases (unless the publisher wants to). You will see the usual two lines worth of context, and there's usually a link to an abstract. If you search from a .edu IP address, your school may have a electronic subscription that Google will link to. Otherwise... get up off your lazy backside and get thee to a library. When Schroeder and Barr are wondering what Google may mean by "Snippets", this ought to give them a clue about what Google plans to do. Google's lawyers are not stupid; I'd be suprised if even full paragraphs show up on material not yet lasped to the public domain.
I'll also note that Google Scholar has a distinct lack of ads on it. The Google Library might not be ad-free, but it will probably be limited to ads trying to sell books or related materials. Gee, what might that do for the publishing industry?
Um... is there really much difference between DC journalism and the tabloids these days?
More exactly, Google Groups does not carry nor index the any of the alt.binaries.* heirarchy groups... which is where most of the multimedia (...pr0n...) is carried.
A pity Usenet is so spam infested nowadays... not that the signal-to-noise ratio was ever that great, even before the green card incident.
Not quite true; a few are legally required to have it (EG: your bank, which is required to file tax forms with the IRS), but there aren't a lot. Government agencies entitled to ask are also required to provide the statute that says that they can.
in fact, on various forms, I give any of three different names (with or without my middle name, or with middle and first transposed) with my SSN.
You are in general legally allowed to use whatever name you want as an alias, save for purposes of committing criminal fraud. (EG; Johann Gambolputty de von...) I routinely give any of the 26 letter of the alphabet for my middle initial, in order to see where my junk mail comes from. A former freind of mine a few years back had secondary credit cards issued in the name of his SCA persona; he has a blast with telemarketers, since anyone asking for the persona gets to talk with someone extremely patient and polite... but utterly unfamiliar with anything that's happened since 1536. =)
But giving a false SSN (as opposed to a legal alias) is a different story, likely to be a headache for any living legitimate holder of that number (making Nixon's a good choice), and may be criminal fraud under some circumstances. If you're going to play games like that, be sure to check the law carefully first.
Checking back, not exactly. While no single exploit would allow a remote attacker to execute arbitrary code with root privileges, there were several patches (EG: this one) where one hole would allow a remote attacker to execute arbitrary code, and a second hole would allow escalation to root privileges.
Also to be more exact, these were potential exploits only: major security holes in the OS that were patched. As far as I know, no demonstration of these exploits — code that actually makes use of such weaknesses — have been publicly released. That distinction is not overly reassuring to my concerns from where I sit.