Seriously, don't sign a contract if you are unhappy with the terms, and do ask a lawyer if you want the job badly enough to make that worthwhile. Courts may later agree that the contract was unenforceable if it comes to a dispute, but you really don't want to get into that position in the first place.
In a previous job, I requested changes to my contract relating to ownership of work done outside company time - specifically that several pre-existing products I had created were not covered by the contract. They ummed and ahhed, but agreed to the changes.
Boy was I glad I had those changes written in - I wasn't being paranoid after all. Three years later, when the company had new managers and was merging with another company, they tried to take ownership of some of those same products (which had been used with no payment by them in their core product, with my permission of course). They pointed at the standard contract. I pointed at my modified contract. They went on to make me some other non-tempting offers (like - we can use your products, but you are liable if they go wrong), which I also refused. My terms were simply they could use them or not, with no payment, but at their risk. They could strip them out if they didn't like them. Three rounds of pointless discussions later, legal had to agree to my terms.
Always make sure your contract says what you want, even if you absolutely trust the people you are making the initial agreement with. It just avoids trouble later, and can even bring a smile to your face;)
In this case, each student's grades were encrypted independently of each other. The hackers just literally copied the encrypted grade for a good student over their own. The school assumed that because the grades were encrypted they were "secure", when in fact you can attack without having to decrypt or alter existing encryption at all. I did say it was a simple example, but it illustrates how "security" is hard for people who are untrained. There are more complex attacks on encryption itself that can produce useful alterations inside encrypted data without decrypting it.
HMACs aren't encryption by the way, but they are cryptography. They are hashing algorithms combined with a secret key. Unlike encryption, you can't recover the original information from them, even with the secret key. Modern *cryptography* protects from malicious alteration, but modern encryption does not - it protects confidentiality of information. They are intentionally separate - any good cryptographer knows you have to protect integrity and confidentiality using separate security primitives. Splitting hairs? Not really - that's how the crypto community understands it.
It seems like splitting hairs, but actually it matters. People used to think that if you encrypted something, it was safe from modification, but that's just not true. They thought that if it was encrypted, it would be impossible for an attacker to create useful changes in it, but it turns out that isn't true.
One very simple attack was changing the grades in a school system. The school encrypted the grades, so they thought they were safe from change. The failed students hacked into the system, and just changed their data to the same data held against students they knew had done well. Anyway, that's just one way that encryption doesn't protect you against malicious modification. It gets a lot sneakier the more you look into it.
I think you're mixing up the definition of cryptography with that of encryption. Cryptography encompasses encryption, hashing, key exchange, zero-knowledge proofs and other stranger things. A hash algorithm is a one-way function by definition - you can't reverse it even with knowledge of what was done. En-cryption is a two-way function - it always implies the possibility of de-cryption.
I'm not sure there's much of a story there, but I'm happy to give some more info. Quite a few years ago, I was the technical architect on the team defining the core product of a software startup.
The head of Marketing not only understood our target market, but knew how to engage with it. We had a solution to a problem, but most people weren't aware the problem existed. She got everyone talking about it, from analysts talking about a new market sector, to the CEOs and CTOs of our target customers. On more than one occasion, we had almost all of them together at events we arranged. I have no idea how she did that - we were an unknown tiny company - but she did it.
She also played a key role in defining what technology we used. We wanted to use an object oriented database, as it provided a much better technical fit to what we were doing. She argued, correctly, that our market expected their data to be transparent to them - it's their data - so we needed to use a relational database, and build an O-R mapping layer (there's lots of them about now, but there wasn't back then). She forced us to find clear ways of explaining what we doing, which was very helpful. Her only possible failure of imagination was to use our development codeword for the product as the actual product name. It was kind of boring - just a letter and a number. I guess it works for Amazon:)
I know some engineers saw me as selling out to marketing, as I wasn't always making decisions for purely technical reasons anymore. There's a completely healthy engineers suspicion to these things, but sometimes it becomes a bit irrational - that no other reason than technical can ever be taken into consideration. Anyway, fast-forward, the dot-com crashed, the company merged with another, development went to Karachi. It was fun, and I gained some new perspectives. As far as I know the product is still being used in a few places, but I don't see it being actively developed anymore. There are other companies out there now doing what we were doing, doing it better, but still using the language she defined.
Excellent point. Like many techies, I used to underestimate marketing, sneering a bit at it I guess. Then I had the privilege of working with a very astute marketing person on product development, and she totally changed my opinion. If it's going to work for many people, it has to work on many levels - technical is important, but nowhere near the only one.
I have a different question to ask? Why do so many web sites requite scripting in the first place? It is one thing to provided reduced functionality if the client does not support scripting (by default I do not run javascript, java, Flash, etc), but why require it? I don't care about the neat media and am quite willing skip it and conserve my bandwidth.
Exactly. I recently tried to download some open source software from Microsoft's CodePlex, and found that you can't download the source files without javascript enabled! I sent them an email about it, asking if they could make basic stuff just work for the paranoid among us, but by all means to use it to make a better user experience if its enabled.
They got back to me fairly soon, thanking me for the suggestion, and suggesting I re-submit it as a feature request. I wasn't quite sure what to make of that - that was the feature request!
I am assuming your archive is encrypted using standard encryption algorithms, and you didn't invent your own (if you did, it would almost certainly be easily crackable by any half-baked cryptanalyst - it's very, very hard getting encryption algorithms right).
So the limiting factor in accessing your material is not your wierd software, but rather the size and strength of the key used to the encrypt the archive. You may have a 1024 bit size key, but you are generating that key by entering a password, so the true strength is limited by the entropy in your typical password. You probably only use combinations of alphanumerics, and probably combined in wordy-ways, not completely randomly. The strength of keys generated this way is much, much, much lower than using the entire 1024 bit keyspace.
All your extra "security" has done is make it hard to find the password screen, which I don't need anyway - I'll just use the industry standard decrypting algorithms for the encryption you're using, with some kind of dictionary attack to try to find the key.
I note at the end you say the password could change on each attempt. I presume you don't re-encrypt all the data each time - in which case this would mean that the password is only being used as access control to the real key, which must be stored somewhere. In that case its even easier - I'll just scan your software for high entropy strings (or disassemble your software to find out how you are hiding the key). Again, I will ignore your attempts to hide the "enter your password" GUI - I don't need it - I will just proceed directly to decrypting the archive using standard tools once I've grabbed the key.
You also seem to be confusing the security of web-based authentication systems with that of locally encrypted. files. Completely different kinds of security and threats. The bottom line is that security by obscurity really doesn't work very well (and sometimes makes you less secure).
You miss the point - there is no single way of drawing the "same" pass picture - only more or less similar ways. The values in your XML file you talk about would be slightly different each time you drew the pass picture.
Since even only a single bit difference to a hash algorithm generates an entirely different result, this means you can't hash that file and expect it to match a hash of the "same" pass picture on the server, unless you draw the pass picture absolutely identically every time.
So how do you securely store a user pass-picture on the server without risking its compromise if the server was hacked? Which was the point of the GP.
I agree that getting OOXML recognised as an international standard is a key strategic objective for Microsoft, as many public authorities are concerned about the long-term preservation and accessibility of public information. Open document standards (if they are actually implementable) are essential here.
I guess using ODF rather than the current MS Office formats would make using Ubuntu easier right now. However, if OOXML is ratified as a standard (and is actually implementable by anyone other than Microsoft), then you could equally work with OOXML on Windows or Ubuntu.
I work in the field of digital preservation in the UK, and I can tell you it's really not about the operating system or software. These are just temporary things with a relatively short lifetime. It's about having open document standards.
No - you can use Microsoft Office. You can use Windows. You can use any damn software you want. This is not about software - it's about document formats and open standards.
It's only because Microsoft have been so successful in binding their software to their formats, that when someone chooses another format, people think it's about the software!
Many thanks for your lucid and lengthy explanation. For myself, I would like to think I would oppose oppression, although I have never been placed in such a difficult situation. Being essentially agnostic and humanistic, I must make my moral decisions on the basis of good in this world as I perceive it.
I'm not that clued up on religion, although I'm generally familiar with Christianity, growing up in the UK. The moral and theological issues that arise are fascinating though.
Strangely enough, I think we basically agree on what a monopoly is, but we are disagreeing on our definition of "choice in the market". Encarta defines a monopoly as:
"economic situation in which only a single seller or producer supplies a commodity or a service. For a monopoly to be effective, there must be no practical substitutes for the product or service sold, and no serious threat of the entry of a competitor into the market. This enables the seller to control the price."
The key words here are "practical substitutes". While Microsoft cannot prevent other people creating functionally comparable operating systems, document file formats or file sharing protocols, these competitors cannot practically substitute for Microsoft's products, even when they are given away for free.
Microsoft have not reduced the price of their offerings to compete with free - they are still setting the price independently of this free competition. Why is this? Because these alternate products do not form a practical substitute for most consumers. A lack of interoperability creates lock-in, which prevents a competitive market from properly functioning. I'm pretty sure that's a monopoly situation.
A monopoly only means that one company significantly dominates a market - it doesn't mean that there aren't any other possible choices available. Pretty much everyone agrees that Microsoft has a monopoly in desktop operating systems and office suites.
If the other choices are free to compete in that market on a level playing field, then having a monopoly simply reflects market place choice. If a monopoly engages in practices that restrict market choice - for example, by making it hard to inter-operate, then that is illegal in both the US and EU.
I'd argue there are equally strong self-interest motivations in maintaining backwards compatibility though. This is just good business - you don't give users a huge reason to desert you. Reducing the viability of the platform is a big no-no.
Linus is vastly superior to Windows for me, as I like playing with cutting edge technology and having the freedom to do what I like with it, without being nagged to death or having things installed or my system rebooted without my permission.
Windows is vastly superior to Linux for my business - as that's what we have, all our software runs on it, all our support staff know it, all the employees know it.
OS/X is vastly superior to both of them for my GF, as it looks great, the hardware is silent and beautifully designed, and it just works.
Case in point: Eclipse and Java are good examples of where Microsoft face solid competition, so it's no surprise that they're improving Visual Studio and the.NET framework. As far as Office goes - they are beginning to face competition again after a long spell without any real competition.
Microsoft have always been pretty good at putting polish on existing products. Although, they really shouldn't be dropping what they were doing and adding new customer-requested features during beta testing! That's not customer-focus. I guess beta testing doesn't mean what it used to in the Internet age (I'm looking at you too, Google...)
I'm not saying there aren't alternatives - just that for most organisations, there isn't a realistic alternative given their existing investment in windows desktops, servers, software, staff, training, support etc. It's a hard sell for an IT department to take to the CEO right now.
I guess that's why some people saw Vista and Office 2007 as a great competitive opportunity - as many things broke and changed in those releases, making the alternatives appear less threatening by comparison.
Personally, I use linux and OSX at home, and Windows at work. It would have to be some absolutely compelling benefit to convince the business to switch away, and I just don't see a case for it, even though I prefer the alternatives myself.
Fabulous - my first Troll mod:) I actually felt I was making a serious point, although I guess I put it rather briefly.
People don't have a realistic alternative to Windows yet. It's not just a technology issue either. Microsoft only improve products when they face competition, and ensuring they don't have to do that is one of their principal business strategies.
Since Microsoft is (a) in the game of making money, (b) has a monopoly position in the market place and (c) continues to shut out competitors, then I contend that Microsoft don't care whether they piss off their users or not, and never really did care, except in those areas in which they are yet to dominate.
Pleasing users is not Microsoft's game. That's what their competitors have to do.
That's just misdirection and spin. The court agrees that all the things SCO actually wrote themselves, they own the copyright to. Err... wow... On the other hand, the court also said they don't own the copyrights to Unix, the actual subject of the court case.
A bit like a criminal convicted of theft saying "but the court agrees that anything I made myself, is really mine!".
(Sorry to make a theft/copyright *analogy* here - they aren't the same crime, before anyone leaps in).
I agree completely about it not being stealing. I just wonder about the copyright infringement aspect - I also don't think it would be, but I'm not sure.
Here's the gedanken experiment: a user gets so frustrated with a legitimate copy of Vista or XP, that they download a pirated version with the annoyances hacked out (the hacked version may violate other laws, but let's not worry about those).
Clearly, installing it on another machine would be infringement - but if they overwrote their legitimate copy, is that copyright infringement? Is downloading the pirated version copyright infringement in the first place?
Alternatively, they simply download a patch that alters their legitimate copy. I can't see any copyright infringement there, but the end result is the same.
Thanks for your explanation - I didn't know that human authority was sanctioned by God. Does this mean that anyone who rebels against human authority is committing a sin, or is it possible to commit a greater sin by not acting in the face of oppression?
Slashdot Mirror
He doesn't care about them enough to precisely order them in his care list - he could care less ;)
Seriously, don't sign a contract if you are unhappy with the terms, and do ask a lawyer if you want the job badly enough to make that worthwhile. Courts may later agree that the contract was unenforceable if it comes to a dispute, but you really don't want to get into that position in the first place.
;)
In a previous job, I requested changes to my contract relating to ownership of work done outside company time - specifically that several pre-existing products I had created were not covered by the contract. They ummed and ahhed, but agreed to the changes.
Boy was I glad I had those changes written in - I wasn't being paranoid after all. Three years later, when the company had new managers and was merging with another company, they tried to take ownership of some of those same products (which had been used with no payment by them in their core product, with my permission of course). They pointed at the standard contract. I pointed at my modified contract. They went on to make me some other non-tempting offers (like - we can use your products, but you are liable if they go wrong), which I also refused. My terms were simply they could use them or not, with no payment, but at their risk. They could strip them out if they didn't like them. Three rounds of pointless discussions later, legal had to agree to my terms.
Always make sure your contract says what you want, even if you absolutely trust the people you are making the initial agreement with. It just avoids trouble later, and can even bring a smile to your face
In this case, each student's grades were encrypted independently of each other. The hackers just literally copied the encrypted grade for a good student over their own. The school assumed that because the grades were encrypted they were "secure", when in fact you can attack without having to decrypt or alter existing encryption at all. I did say it was a simple example, but it illustrates how "security" is hard for people who are untrained. There are more complex attacks on encryption itself that can produce useful alterations inside encrypted data without decrypting it.
HMACs aren't encryption by the way, but they are cryptography. They are hashing algorithms combined with a secret key. Unlike encryption, you can't recover the original information from them, even with the secret key. Modern *cryptography* protects from malicious alteration, but modern encryption does not - it protects confidentiality of information. They are intentionally separate - any good cryptographer knows you have to protect integrity and confidentiality using separate security primitives. Splitting hairs? Not really - that's how the crypto community understands it.
It seems like splitting hairs, but actually it matters. People used to think that if you encrypted something, it was safe from modification, but that's just not true. They thought that if it was encrypted, it would be impossible for an attacker to create useful changes in it, but it turns out that isn't true.
One very simple attack was changing the grades in a school system. The school encrypted the grades, so they thought they were safe from change. The failed students hacked into the system, and just changed their data to the same data held against students they knew had done well. Anyway, that's just one way that encryption doesn't protect you against malicious modification. It gets a lot sneakier the more you look into it.
I think you're mixing up the definition of cryptography with that of encryption. Cryptography encompasses encryption, hashing, key exchange, zero-knowledge proofs and other stranger things. A hash algorithm is a one-way function by definition - you can't reverse it even with knowledge of what was done. En-cryption is a two-way function - it always implies the possibility of de-cryption.
I'm not sure there's much of a story there, but I'm happy to give some more info. Quite a few years ago, I was the technical architect on the team defining the core product of a software startup.
:)
The head of Marketing not only understood our target market, but knew how to engage with it. We had a solution to a problem, but most people weren't aware the problem existed. She got everyone talking about it, from analysts talking about a new market sector, to the CEOs and CTOs of our target customers. On more than one occasion, we had almost all of them together at events we arranged. I have no idea how she did that - we were an unknown tiny company - but she did it.
She also played a key role in defining what technology we used. We wanted to use an object oriented database, as it provided a much better technical fit to what we were doing. She argued, correctly, that our market expected their data to be transparent to them - it's their data - so we needed to use a relational database, and build an O-R mapping layer (there's lots of them about now, but there wasn't back then). She forced us to find clear ways of explaining what we doing, which was very helpful. Her only possible failure of imagination was to use our development codeword for the product as the actual product name. It was kind of boring - just a letter and a number. I guess it works for Amazon
I know some engineers saw me as selling out to marketing, as I wasn't always making decisions for purely technical reasons anymore. There's a completely healthy engineers suspicion to these things, but sometimes it becomes a bit irrational - that no other reason than technical can ever be taken into consideration. Anyway, fast-forward, the dot-com crashed, the company merged with another, development went to Karachi. It was fun, and I gained some new perspectives. As far as I know the product is still being used in a few places, but I don't see it being actively developed anymore. There are other companies out there now doing what we were doing, doing it better, but still using the language she defined.
Excellent point. Like many techies, I used to underestimate marketing, sneering a bit at it I guess. Then I had the privilege of working with a very astute marketing person on product development, and she totally changed my opinion. If it's going to work for many people, it has to work on many levels - technical is important, but nowhere near the only one.
I have a different question to ask? Why do so many web sites requite scripting in the first place? It is one thing to provided reduced functionality if the client does not support scripting (by default I do not run javascript, java, Flash, etc), but why require it? I don't care about the neat media and am quite willing skip it and conserve my bandwidth.
Exactly. I recently tried to download some open source software from Microsoft's CodePlex, and found that you can't download the source files without javascript enabled! I sent them an email about it, asking if they could make basic stuff just work for the paranoid among us, but by all means to use it to make a better user experience if its enabled.
They got back to me fairly soon, thanking me for the suggestion, and suggesting I re-submit it as a feature request. I wasn't quite sure what to make of that - that was the feature request!
Good point. That'll teach me to read the summary more carefully!
I am assuming your archive is encrypted using standard encryption algorithms, and you didn't invent your own (if you did, it would almost certainly be easily crackable by any half-baked cryptanalyst - it's very, very hard getting encryption algorithms right).
So the limiting factor in accessing your material is not your wierd software, but rather the size and strength of the key used to the encrypt the archive. You may have a 1024 bit size key, but you are generating that key by entering a password, so the true strength is limited by the entropy in your typical password. You probably only use combinations of alphanumerics, and probably combined in wordy-ways, not completely randomly. The strength of keys generated this way is much, much, much lower than using the entire 1024 bit keyspace.
All your extra "security" has done is make it hard to find the password screen, which I don't need anyway - I'll just use the industry standard decrypting algorithms for the encryption you're using, with some kind of dictionary attack to try to find the key.
I note at the end you say the password could change on each attempt. I presume you don't re-encrypt all the data each time - in which case this would mean that the password is only being used as access control to the real key, which must be stored somewhere. In that case its even easier - I'll just scan your software for high entropy strings (or disassemble your software to find out how you are hiding the key). Again, I will ignore your attempts to hide the "enter your password" GUI - I don't need it - I will just proceed directly to decrypting the archive using standard tools once I've grabbed the key.
You also seem to be confusing the security of web-based authentication systems with that of locally encrypted. files. Completely different kinds of security and threats. The bottom line is that security by obscurity really doesn't work very well (and sometimes makes you less secure).
You miss the point - there is no single way of drawing the "same" pass picture - only more or less similar ways. The values in your XML file you talk about would be slightly different each time you drew the pass picture.
Since even only a single bit difference to a hash algorithm generates an entirely different result, this means you can't hash that file and expect it to match a hash of the "same" pass picture on the server, unless you draw the pass picture absolutely identically every time.
So how do you securely store a user pass-picture on the server without risking its compromise if the server was hacked? Which was the point of the GP.
I agree that getting OOXML recognised as an international standard is a key strategic objective for Microsoft, as many public authorities are concerned about the long-term preservation and accessibility of public information. Open document standards (if they are actually implementable) are essential here.
I guess using ODF rather than the current MS Office formats would make using Ubuntu easier right now. However, if OOXML is ratified as a standard (and is actually implementable by anyone other than Microsoft), then you could equally work with OOXML on Windows or Ubuntu.
I work in the field of digital preservation in the UK, and I can tell you it's really not about the operating system or software. These are just temporary things with a relatively short lifetime. It's about having open document standards.
No - you can use Microsoft Office. You can use Windows. You can use any damn software you want. This is not about software - it's about document formats and open standards.
It's only because Microsoft have been so successful in binding their software to their formats, that when someone chooses another format, people think it's about the software!
Many thanks for your lucid and lengthy explanation. For myself, I would like to think I would oppose oppression, although I have never been placed in such a difficult situation. Being essentially agnostic and humanistic, I must make my moral decisions on the basis of good in this world as I perceive it.
I'm not that clued up on religion, although I'm generally familiar with Christianity, growing up in the UK. The moral and theological issues that arise are fascinating though.
Strangely enough, I think we basically agree on what a monopoly is, but we are disagreeing on our definition of "choice in the market". Encarta defines a monopoly as:
"economic situation in which only a single seller or producer supplies a commodity or a service. For a monopoly to be effective, there must be no practical substitutes for the product or service sold, and no serious threat of the entry of a competitor into the market. This enables the seller to control the price."
The key words here are "practical substitutes". While Microsoft cannot prevent other people creating functionally comparable operating systems, document file formats or file sharing protocols, these competitors cannot practically substitute for Microsoft's products, even when they are given away for free.
Microsoft have not reduced the price of their offerings to compete with free - they are still setting the price independently of this free competition. Why is this? Because these alternate products do not form a practical substitute for most consumers. A lack of interoperability creates lock-in, which prevents a competitive market from properly functioning. I'm pretty sure that's a monopoly situation.
A monopoly only means that one company significantly dominates a market - it doesn't mean that there aren't any other possible choices available. Pretty much everyone agrees that Microsoft has a monopoly in desktop operating systems and office suites.
If the other choices are free to compete in that market on a level playing field, then having a monopoly simply reflects market place choice. If a monopoly engages in practices that restrict market choice - for example, by making it hard to inter-operate, then that is illegal in both the US and EU.
Monopoly != no other choices.
Good point.
I'd argue there are equally strong self-interest motivations in maintaining backwards compatibility though. This is just good business - you don't give users a huge reason to desert you. Reducing the viability of the platform is a big no-no.
Linus is vastly superior to Windows for me, as I like playing with cutting edge technology and having the freedom to do what I like with it, without being nagged to death or having things installed or my system rebooted without my permission.
Windows is vastly superior to Linux for my business - as that's what we have, all our software runs on it, all our support staff know it, all the employees know it.
OS/X is vastly superior to both of them for my GF, as it looks great, the hardware is silent and beautifully designed, and it just works.
No cognitive dissonance required.
Case in point: Eclipse and Java are good examples of where Microsoft face solid competition, so it's no surprise that they're improving Visual Studio and the .NET framework. As far as Office goes - they are beginning to face competition again after a long spell without any real competition.
Microsoft have always been pretty good at putting polish on existing products. Although, they really shouldn't be dropping what they were doing and adding new customer-requested features during beta testing! That's not customer-focus. I guess beta testing doesn't mean what it used to in the Internet age (I'm looking at you too, Google...)
I'm not saying there aren't alternatives - just that for most organisations, there isn't a realistic alternative given their existing investment in windows desktops, servers, software, staff, training, support etc. It's a hard sell for an IT department to take to the CEO right now.
I guess that's why some people saw Vista and Office 2007 as a great competitive opportunity - as many things broke and changed in those releases, making the alternatives appear less threatening by comparison.
Personally, I use linux and OSX at home, and Windows at work. It would have to be some absolutely compelling benefit to convince the business to switch away, and I just don't see a case for it, even though I prefer the alternatives myself.
Fabulous - my first Troll mod :) I actually felt I was making a serious point, although I guess I put it rather briefly.
People don't have a realistic alternative to Windows yet. It's not just a technology issue either. Microsoft only improve products when they face competition, and ensuring they don't have to do that is one of their principal business strategies.
Since Microsoft is (a) in the game of making money, (b) has a monopoly position in the market place and (c) continues to shut out competitors, then I contend that Microsoft don't care whether they piss off their users or not, and never really did care, except in those areas in which they are yet to dominate.
Pleasing users is not Microsoft's game. That's what their competitors have to do.
Since when did Microsoft care about pissing off its users? What realistic alternative do they have?
That's just misdirection and spin. The court agrees that all the things SCO actually wrote themselves, they own the copyright to. Err... wow... On the other hand, the court also said they don't own the copyrights to Unix, the actual subject of the court case.
A bit like a criminal convicted of theft saying "but the court agrees that anything I made myself, is really mine!".
(Sorry to make a theft/copyright *analogy* here - they aren't the same crime, before anyone leaps in).
I agree completely about it not being stealing. I just wonder about the copyright infringement aspect - I also don't think it would be, but I'm not sure.
Here's the gedanken experiment: a user gets so frustrated with a legitimate copy of Vista or XP, that they download a pirated version with the annoyances hacked out (the hacked version may violate other laws, but let's not worry about those).
Clearly, installing it on another machine would be infringement - but if they overwrote their legitimate copy, is that copyright infringement? Is downloading the pirated version copyright infringement in the first place?
Alternatively, they simply download a patch that alters their legitimate copy. I can't see any copyright infringement there, but the end result is the same.
Thanks for your explanation - I didn't know that human authority was sanctioned by God. Does this mean that anyone who rebels against human authority is committing a sin, or is it possible to commit a greater sin by not acting in the face of oppression?