IIRC the punishment is 3 years for not decrypting the data, which can rise to 5 if (seriously!) you inform anyone about the fact that you're being investigated under the act.
That being said, it's probably rather easier to resume a normal life if your CV reads "3 years in prison for not complying with an RIPA demand" rather than "4 months in prison for possessing indecent pictures of small children".
After all, if you can break the rule of law, why not them?
De minimis non curat lex.
"The law does not concern itself with trifles".
IOW, the purpose of the law is put in place to hold society as a whole together by punishing those whose actions threaten the fabric of society, rather than those whose actions which, while technically illegal, are of such little consequence that quite frankly the court has better things to do with its time than listen to them.
You inadvertantly hit the nail on the head with "minus the kernel",
BSD jails don't allow a whole different operating system in the VM. If the company needs some fancy commercial product which is "only supported on RHEL 4.(mumble) with THESE patches (but not THOSE patches), yet everything else in the company runs FreeBSD, the argument of "minus the kernel" holds no water whatsoever - as soon as you say "minus the kernel" you're giving the commercial support folks a "get out of jail free" card for any support issue you bring up, even if it is immediately obvious that the BSD jail cannot possibly be the problem.
(Amazon et al) since those customers don't feel any backlash from us either.
But if sales are down, surely by definition Amazon et al do?
The purpose of the RIAA, or indeed any trade organisation, is to act on behalf of its members - when all of its members have common goals, it makes a lot of sense from the smaller members' perspective to have the bargaining power of a large organisation on their side. Think of it as being like a trade union for companies.
In this case, however, the RIAA has a secondary benefit which you've already alluded to: the bad publicity reflects on the RIAA, not its member companies. And the RIAA has no customers, so nothing to lose. So far I have seen zero comments saying "Aren't SonyBMG/TimeWarner/EMI a bunch of soulless monsters?", but plenty saying "Aren't the RIAA a bunch of soulless monsters?".
Someone needs to explain this to me. Why do office suites need these features? For what are they used? I've never worked in a big office that actually uses the macro and scripting features of productivity software.
What generally happens is this (and I'd expect it to be much the same for most of Office's macro features):
Department A perceives a need for a complicated spreadsheet or a small database. It's not really complicated enough to go through the "pass it up the line and set up a project in conjunction with IT" routine, and in a lot of companies IT is viewed with a certain degree of suspicion. However, it would still be nice to have.
Then a person in department A with an interest in IT but with no formal IT training or experience (we'll call him Fred) hears of this need. Fred thinks to himself "I could do that! Easy!", and a couple of weeks later Department A his its database, courtesy of Fred. Over the coming months, Fred adds features and fixes bugs as they come up.
While all of this is going on, nobody outside of Department A even knows that the database exists. It's not until Fred leaves the company two years later and someone in Department A suddenly discovers a hitherto unknown bug in his database (which has since become critical to Dept. A's function) that IT gets to hear about it - when the person who discovers the bug calls the helpdesk and demands support.
Have you used Windows lately? It hasn't shipped with anything on paper in years, and most suppliers don't support anything over and above "does the hardware work".
If you mean "The kid down the street doesn't know it", then yes, you may have a point there.
Not if I come along with an electric drill it isn't.
The only secure computer is one which has been ground up into little bits and buried under 6' of concrete. Unfortunately it's not terribly useful then, but the lump of concrete is an excellent example to show to someone who demands "100% security".
Go out and buy a server. Install an OS on it, and run a typical "business" task. (By which I mean: one which doesn't require enormous quantities of CPU time - DNS, static web serving, small LDAP installations are all excellent examples).
Now run "top". Note how 98% of the time the CPU is twiddling its electronic thumbs in an idle state.
Now, granted, with any half-sane Unix you don't need to set up a separate VM for all the above tasks, but there's a lot of benefits to doing so:
1. A security hole in one service only compromises one VM, not everything. 2. Separating those services at a later date should it be necessary is much easier. 3. Something runs away so hard you can't even SSH in? Reboot the VM, lose one service while it's coming back up rather than several. 4. Most companies have at least a few people who don't really care what OS their backend systems run as long as the software they want to use works. Sooner or later one of those people may well come to you with a piece of software they want to use which depends on MS SQL server - and if they sign off your wages at the end of the month, you can't really say "no". Run Windows in its own VM and you don't have to give over an entire server to the needs of 3 people.
Tell you where Dell does make their money: "optional" extras. Which tend to be absolutely ridiculous.
I buy Dell, and there the prices shown are indeed very cheap, but the disks are "optional extras". My account manager sent me a screendump of their system to demonstrate the cost of a hard disk without first obscuring the profit margin (which I'm sure was a mistake, but I'm not under any NDA)
The Ultra Wide 320 SCSI hard disk - you know, those ones which cost 3 times the amount of IDE disks per GB - those ones which are supposedly that much more expensive because they're more reliable - had a retail price of around UK£200, of which around £120 was profit.
You can claim victory for a day or two, until the VM authors get their hands on your tool and make the necessary modifications to their VM to cripple your tool, and then you are back to the drawing board.
:%s/VM/virus/g
and you've just described the state of the art in virus scanning as it's been since more-or-less forever.
"Ma'am, did you download Pirates of the Caribbean Part 4"
"Yes sir, I did. You see...."
"Just answer the question please, Ma'am. Are you aware of what HDCP is?"
"Yes sir, I am, my television..."
"Just answer the question please, ma'am. Are you aware that using a technical means to bypass copy protection mechanisms such as HDCP is illegal under the DMCA?"
I don't think a court would call the lawsuits harassment.
To someone who regularly deals with things legal - such as a lawyer or judge - a single lawsuit which is without merit is little more than a minor annoyance.
To a single parent whose biggest "crime" to date has been to allow their child to use the Internet without understanding what their child was doing, being threatened with fines of $thousands is scary, and if it's done purely to generate publicity with little or no concern as to whether or not the parent is actually guilty, I'd say it is harrassment.
And I bet you anything you like every single lawyer on the RIAA's payroll is well aware that facing a court of law is a terrifying idea for a layperson.
Liquid medicines need to have "verifiable" prescriptions (whatever the hell that means, as in the UK you don't get to keep the bit of paper the prescription on was printed on after it's been filled).
Seems to me it would be easy enough to throw together a fake letter from a "doctor" explaining that the patient needed the medicine they were carrying, and couldn't be expected to sample it to prove its safety as taking it at the wrong time could be dangerous.
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses (x) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks (x) It will stop spam for two weeks and then we'll be stuck with it (x) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (x) Requires immediate total cooperation from everybody at once (x) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it (x) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems (x) Unpopularity of weird new taxes (x) Public reluctance to accept weird new forms of money (x) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks (x) Countermeasures must work if phased in gradually (x) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Sometimes its best to let a competitor waste his resources on.
In fact, why stop there?
"Look, it's obvious I'll never be able to please you. But I don't like to part with customers on bad terms, so what I suggest you do is call [insert name of competitor] - their product's slightly different to mine and is perhaps more appropriate to someone with your requirements".
123 was available in a Windows version - see side by side screenshot here
I don't.
IIRC the punishment is 3 years for not decrypting the data, which can rise to 5 if (seriously!) you inform anyone about the fact that you're being investigated under the act.
Whereas Gary Glitter was apparently sentenced to four months for possession of child porn.
That being said, it's probably rather easier to resume a normal life if your CV reads "3 years in prison for not complying with an RIPA demand" rather than "4 months in prison for possessing indecent pictures of small children".
After all, if you can break the rule of law, why not them?
De minimis non curat lex.
"The law does not concern itself with trifles".
IOW, the purpose of the law is put in place to hold society as a whole together by punishing those whose actions threaten the fabric of society, rather than those whose actions which, while technically illegal, are of such little consequence that quite frankly the court has better things to do with its time than listen to them.
You inadvertantly hit the nail on the head with "minus the kernel",
BSD jails don't allow a whole different operating system in the VM. If the company needs some fancy commercial product which is "only supported on RHEL 4.(mumble) with THESE patches (but not THOSE patches), yet everything else in the company runs FreeBSD, the argument of "minus the kernel" holds no water whatsoever - as soon as you say "minus the kernel" you're giving the commercial support folks a "get out of jail free" card for any support issue you bring up, even if it is immediately obvious that the BSD jail cannot possibly be the problem.
Well, yes.
But the members of the RIAA and the MPAA in many cases are branches of the same company - and are equally inventive in their accounting.
(Amazon et al) since those customers don't feel any backlash from us either.
But if sales are down, surely by definition Amazon et al do?
The purpose of the RIAA, or indeed any trade organisation, is to act on behalf of its members - when all of its members have common goals, it makes a lot of sense from the smaller members' perspective to have the bargaining power of a large organisation on their side. Think of it as being like a trade union for companies.
In this case, however, the RIAA has a secondary benefit which you've already alluded to: the bad publicity reflects on the RIAA, not its member companies. And the RIAA has no customers, so nothing to lose. So far I have seen zero comments saying "Aren't SonyBMG/TimeWarner/EMI a bunch of soulless monsters?", but plenty saying "Aren't the RIAA a bunch of soulless monsters?".
Fred doesn't need to be capable of installing any software. It's already installed; it's called "Access".
And trust me, by the time the IT department hears about it it's probably already taken a strong foothold.
Someone needs to explain this to me. Why do office suites need these features? For what are they used? I've never worked in a big office that actually uses the macro and scripting features of productivity software.
What generally happens is this (and I'd expect it to be much the same for most of Office's macro features):
Department A perceives a need for a complicated spreadsheet or a small database. It's not really complicated enough to go through the "pass it up the line and set up a project in conjunction with IT" routine, and in a lot of companies IT is viewed with a certain degree of suspicion. However, it would still be nice to have.
Then a person in department A with an interest in IT but with no formal IT training or experience (we'll call him Fred) hears of this need. Fred thinks to himself "I could do that! Easy!", and a couple of weeks later Department A his its database, courtesy of Fred. Over the coming months, Fred adds features and fixes bugs as they come up.
While all of this is going on, nobody outside of Department A even knows that the database exists. It's not until Fred leaves the company two years later and someone in Department A suddenly discovers a hitherto unknown bug in his database (which has since become critical to Dept. A's function) that IT gets to hear about it - when the person who discovers the bug calls the helpdesk and demands support.
Have you used Windows lately? It hasn't shipped with anything on paper in years, and most suppliers don't support anything over and above "does the hardware work".
If you mean "The kid down the street doesn't know it", then yes, you may have a point there.
Not if I come along with an electric drill it isn't.
The only secure computer is one which has been ground up into little bits and buried under 6' of concrete. Unfortunately it's not terribly useful then, but the lump of concrete is an excellent example to show to someone who demands "100% security".
Go out and buy a server. Install an OS on it, and run a typical "business" task. (By which I mean: one which doesn't require enormous quantities of CPU time - DNS, static web serving, small LDAP installations are all excellent examples).
Now run "top". Note how 98% of the time the CPU is twiddling its electronic thumbs in an idle state.
Now, granted, with any half-sane Unix you don't need to set up a separate VM for all the above tasks, but there's a lot of benefits to doing so:
1. A security hole in one service only compromises one VM, not everything.
2. Separating those services at a later date should it be necessary is much easier.
3. Something runs away so hard you can't even SSH in? Reboot the VM, lose one service while it's coming back up rather than several.
4. Most companies have at least a few people who don't really care what OS their backend systems run as long as the software they want to use works. Sooner or later one of those people may well come to you with a piece of software they want to use which depends on MS SQL server - and if they sign off your wages at the end of the month, you can't really say "no". Run Windows in its own VM and you don't have to give over an entire server to the needs of 3 people.
Completely OT, but why do you continue with your a%i after i > (a/2)?
They tried that.
Tell you where Dell does make their money: "optional" extras. Which tend to be absolutely ridiculous.
I buy Dell, and there the prices shown are indeed very cheap, but the disks are "optional extras". My account manager sent me a screendump of their system to demonstrate the cost of a hard disk without first obscuring the profit margin (which I'm sure was a mistake, but I'm not under any NDA)
The Ultra Wide 320 SCSI hard disk - you know, those ones which cost 3 times the amount of IDE disks per GB - those ones which are supposedly that much more expensive because they're more reliable - had a retail price of around UK£200, of which around £120 was profit.
This is the MPAA we're talking about here.
"Ma'am, did you download Pirates of the Caribbean Part 4"
"Yes sir, I did. You see...."
"Just answer the question please, Ma'am. Are you aware of what HDCP is?"
"Yes sir, I am, my television..."
"Just answer the question please, ma'am. Are you aware that using a technical means to bypass copy protection mechanisms such as HDCP is illegal under the DMCA?"
"Yes sir, I understand that, however.... "
Don't know about elsewhere, but here in the UK, judges are appointed from the ranks of senior members of the legal profession.
Birds of a feather and all that....
To someone who regularly deals with things legal - such as a lawyer or judge - a single lawsuit which is without merit is little more than a minor annoyance.
To a single parent whose biggest "crime" to date has been to allow their child to use the Internet without understanding what their child was doing, being threatened with fines of $thousands is scary, and if it's done purely to generate publicity with little or no concern as to whether or not the parent is actually guilty, I'd say it is harrassment.
And I bet you anything you like every single lawyer on the RIAA's payroll is well aware that facing a court of law is a terrifying idea for a layperson.
How many people have ponied up cash to SCO because of their outrageous claims about Linux IP?
AFAICT from a spot of searching, about four. And one of them regrets it.
Liquid medicines need to have "verifiable" prescriptions (whatever the hell that means, as in the UK you don't get to keep the bit of paper the prescription on was printed on after it's been filled).
Seems to me it would be easy enough to throw together a fake letter from a "doctor" explaining that the patient needed the medicine they were carrying, and couldn't be expected to sample it to prove its safety as taking it at the wrong time could be dangerous.
"Cet animal est tres mechant. Quand on l'attaque il se defend"
Or, roughly translated:
"This animal is very naughty. When attacked, it defends itself."
If a user is happy with Windows as their OS, it doesn't make much odds whether they buy a Dell, HP or a Gateway.
If, however, they are particularly keen on using Mac OS, they don't have any choice in the matter.
Your post advocates a
(x ) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
In fact, why stop there?
"Look, it's obvious I'll never be able to please you. But I don't like to part with customers on bad terms, so what I suggest you do is call [insert name of competitor] - their product's slightly different to mine and is perhaps more appropriate to someone with your requirements".