Actually the UK internet is censored by some ISP's. There is a voluntary scheme where ISP's block sites on the IWF list (Internet Watch Foundation). Only the IWF and the Home Secretary know the contents of the IWF list. I believe even elected Members of Parliament are not allowed to look at the list.
It's worth pointing out that this is voluntary in the sense that the Government basically wrote to the major ISPs saying "work together to block such traffic or we'll force legislation upon you to do it".
You won't find a major ISP that is not signed up to this scheme.
Unless they are saying that they plan to break European law.
They're breaking it already.
My guess is they've decided that they won't accept that they're breaking it until a sufficiently high-ranking judge says they are. That will take some time.
The important phrase in that disclaimer is "TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW".
Many countries expressly do not give the customer the luxury of being able to throw their rights away like that. The retailer might just as well say "TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, THE SUN WILL NOT RISE TOMORROW".
Sorry, I should have made that clear in my earlier post.
I know the retailer is still on the hook but I also know from bitter experience that unless something is abundantly clear cut (think: something simple like a television no longer works after three weeks) they have a tendency to do everything in their power to avoid being held liable right up until the letters threatening court action show up.
I would describe this as not absolutely clear cut. The reason I would describe it as "not absolutely clear cut" is the console continues to work as it did before for most (not all) practical purposes, it's a little known feature among the general public which I wouldn't expect your average minimum wage sales clerk to know or care much about - and in most nationwide bricks & mortar stores, the store manager may be as high as you can get without writing rude letters but s/he usually has his hands tied by store policy (for which read: is threatened with losing his job for insisting on following the law. I doubt this would stand up in an employment tribunal but that's a separate kettle of fish altogether).
If the store head office sends out a memo to all stores saying "customers with fat PS3s complaining about this are SOL", most people are simply not getting any sort of refund without sitting down in front of the word processor.
That's an extremely good question, and one I'd dearly love to see an answer to.
AFAIK, current legislation doesn't really account for products which by design can gain and lose functionality long after purchase. A product losing functionality because it broke earlier than you'd expect it to, fine. That is covered. But a product which can have features remotely removed and the manufacturer actively choosing to remotely, indiscriminately remove it for everyone?
It's even more complicated than that - you have to apply the patch otherwise another bit of functionality (online gaming) stops working.
Put it this way, if a retailer was particularly bloody-minded they could probably drag it through the court system for a few years easily. The only reason they wouldn't is because it'd probably work out cheaper to just partially refund you.
All of my accounts will alert me by text and/or email of any transactions exceeding $500, or if the monthly transactions exceed $2000. I don't need to monitor my accounts daily, because the most anyone can take without triggering an alert is usually $500.
That being said, I check my accounts on a weekly basis, which is a good habit to get into. I get my balance and recent transaction history emailed to me on monday mornings, again using the banks' own systems.
Account alerts are wonderful tools. Use them!
All a system like that does is discourage fraudsters from taking more than $500 in one transaction.
So they're not going to be buying a car with your card, but there's plenty of other things they could buy.
Note that in the EU, your contract is with (and therefore the organisation you have to sue if it all goes pear-shaped) the retailer, not the manufacturer. But now that Sony has made an official announcement, there is no way most retailers will even contemplate offering a partial refund until they receive court papers - and possibly not until it's heard and an order is handed down.
Even if ordered to by a court, a retailer isn't going to bother trying to sue Sony unless and until they have had to refund a sufficiently large number of customers as to make it worthwhile. They're certainly not going to take Sony on over a single £70 refund (which I believe is what Amazon refunded), and they probably won't until they have dealt with hundreds, if not thousands of similar refunds.
I'm not convinced there are enough people who are sufficiently bothered by it as to make that happen.
You are aware that if you demand solid 100% unimpeachable proof, most investigative journalism (by which I mean real journalism, not repeating press releases) and whistleblowing would never get off the ground?
Then the correct solution is not to bitch on/. The correct solution is to write to your representative (whatever country you're in), explain your concerns and (this is the important bit) suggest a workable alternative.
If you don't, it is very likely your government will take the approach "well, it may be a lousy solution but in the absence of any alternatives....."
Of course it is. And remember we're only seeing what EFF want us to see - they're hardly going to present the most unbiased view.
Thing is, money talks. It certainly talks to the US government, and also to my own (UK) government. Those who are going all out pro-piracy are easily labelled as insane (which is remarkably easy - much of the western world doesn't produce any sort of property but intellectual, it doesn't take a debating genius to put forward an argument that some sort of protection is absolutely necessary for the continued wellbeing of the economy - frankly, the previous system of patronage doesn't scale so well. It's easy to overlook the fact that a cleverly built website could probably fix that by allowing lots of small donations to be wrapped up into one big lump, because nobody's done that yet. Closest thing is probably Magnatunes).
This leaves the moderates. Those who produce and/or enjoy music, don't see a problem with artists getting paid per se but do see a problem with the current system. Problem is, AFAICT the moderates aren't proposing workable solutions, they're simply complaining that every suggestion that's brought up is worse than the current system. Which is true, but right now you've got people on all sides saying "We need to do something. Hey, Government, do something!" and the only "something" that's being presented to do is presented by the entertainment industry. So the Government reaction is likely to be "We need to do something. This is something. Let's do it."
Hey, while folks are at it, why doesn't someone chuck a fire under Apple to just get MacOS out to the masses - it's not like it's a hard modification to OSX to get it to run on most modern x86 machines - that in itself would throw Microsoft for a loop!
Last time Apple did something like that, it almost killed them.
Besides, the whole point of OS X is it JFW and to a certain extent that's true - much more so than Windows, IME. Expose it to all the crap hardware that's out there and I strongly doubt that would continue to be the case.
While I don't wish to belittle the work of people who are literally saving lives, you do realise the only reason anybody's email account is even remotely usable is because all they have to do is "mash the delete key a few times"?
If your email address has been in the wild for any length of time, it's safe to assume that at least 90 spams are being discarded behind the scenes for every legitimate email you receive - and that's assuming the system in use is not very good at dealing with the risk of false positives and so errs on the side of letting things through.
I don't know of any organisation these days that doesn't put some level of spam filtering in place.
I haven't configured it, but the latest verson of jabberd2 supports GSSAPI, and hence should support Kerberos. Also supports SSL, syslog will give you centralised logging and you should easily find clients for multiple platforms.
Seriously, somebody would pay Microsoft for an IM solution?
Truly, the modern equivalent of "nobody got fired for buying IBM" (subtext: even if the IBM product is lousy, even if there are others which are both substantially cheaper and better).
Your work computer better not be accessible through the firewall.
I'm sure it isn't. But I'm also sure that most of the important data should not be on your own PC. It should be in a fileserver or the database that serves an application, and by the time you consider things like VPNs, interaction with other applications and other organisations, it's very easy to find that you've just inadvertently made a whole lot of data publicly available.
Your office should ensure that viruii do not exist, this includes monitoring firewall traffic and computer activity internally.
Very true, and any half-sane company will do exactly this - but a lot of modern malware is very adept at covering its tracks. You certainly can't rely on AV software.
The only thing they are going to help is when someone has physical access to your computer--and when that happens any/.er will tell you that all bets are off and passwords are pretty much irrelevant.
Which is one of the reasons why you don't encourage people to store stuff on their own PC. Data loss is more of a risk if it's a laptop, but at the same time no bugger has yet developed a sensible way to backup individual desktop PCs - it's a million times easier to backup a single whacking great fileserver.
Surprising? Not at all. I've been sure in my own mind for some time that the risk these days comes from the application you run on the web server, rather than the web server itself. About the best you can do is lock down everything to buggery so that any impact can be minimised. From TFA, it sounds like the Apache people had done quite a bit to reduce the impact but there were a few things overlooked.
It's a very prestigious target (if you're the sort that would do this for some sort of prestige). It's also a poster-child for a solid OSS product - what better way to spread FUD?
AFAICT, web servers themselves aren't commonly hacked these days - and indeed that seems to be the case here.
The foolish thing is - and it's downright stupid, make no mistake - while most modern web servers are fairly secure, the same is most definitely not true of the applications and frameworks that commonly run on them. And because it's quite common to find a password for one application works for others (either by a user using the same password or by design, eg. using a common backend such as LDAP), you only need one stupid application which doesn't take countermeasures against brute-force attacks and doesn't log failed logins (making fail2ban ineffective) and the whole damn lot is cracked open.
Every OS has its quirks. Windows has bluescreens, Unix has kernel panics. And even if you put together a hardware/OS combination that isn't particularly vulnerable to such things, you've still got application software to deal with.
When you categorically must have the system as a whole working, when "oh dear that server just died horribly" is not allowed to cause the system as a whole to come crashing down, redundancy is very much a critical issue - I don't care if you're talking about Windows, Linux or VMS.
Slashdot Mirror
Which is why IBM's software probably won't pin your kids as being "likely to become a criminal".
Actually the UK internet is censored by some ISP's. There is a voluntary scheme where ISP's block sites on the IWF list (Internet Watch Foundation). Only the IWF and the Home Secretary know the contents of the IWF list. I believe even elected Members of Parliament are not allowed to look at the list.
It's worth pointing out that this is voluntary in the sense that the Government basically wrote to the major ISPs saying "work together to block such traffic or we'll force legislation upon you to do it".
You won't find a major ISP that is not signed up to this scheme.
You're assuming enough people will be able to read centuries from now.
Unless they are saying that they plan to break European law.
They're breaking it already.
My guess is they've decided that they won't accept that they're breaking it until a sufficiently high-ranking judge says they are. That will take some time.
The important phrase in that disclaimer is "TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW".
Many countries expressly do not give the customer the luxury of being able to throw their rights away like that. The retailer might just as well say "TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, THE SUN WILL NOT RISE TOMORROW".
Sorry, I should have made that clear in my earlier post.
I know the retailer is still on the hook but I also know from bitter experience that unless something is abundantly clear cut (think: something simple like a television no longer works after three weeks) they have a tendency to do everything in their power to avoid being held liable right up until the letters threatening court action show up.
I would describe this as not absolutely clear cut. The reason I would describe it as "not absolutely clear cut" is the console continues to work as it did before for most (not all) practical purposes, it's a little known feature among the general public which I wouldn't expect your average minimum wage sales clerk to know or care much about - and in most nationwide bricks & mortar stores, the store manager may be as high as you can get without writing rude letters but s/he usually has his hands tied by store policy (for which read: is threatened with losing his job for insisting on following the law. I doubt this would stand up in an employment tribunal but that's a separate kettle of fish altogether).
If the store head office sends out a memo to all stores saying "customers with fat PS3s complaining about this are SOL", most people are simply not getting any sort of refund without sitting down in front of the word processor.
That's an extremely good question, and one I'd dearly love to see an answer to.
AFAIK, current legislation doesn't really account for products which by design can gain and lose functionality long after purchase. A product losing functionality because it broke earlier than you'd expect it to, fine. That is covered. But a product which can have features remotely removed and the manufacturer actively choosing to remotely, indiscriminately remove it for everyone?
It's even more complicated than that - you have to apply the patch otherwise another bit of functionality (online gaming) stops working.
Put it this way, if a retailer was particularly bloody-minded they could probably drag it through the court system for a few years easily. The only reason they wouldn't is because it'd probably work out cheaper to just partially refund you.
How? The slim version of the PS3 (the only model available new) has never supported Linux.
We in Europe normally have to pay much higher sales tax (though we call it VAT, it's essentially the same thing).
The UK rate is 17.5% and that's one of the lower ones. Ireland, I believe, is 21%.
Once you've taken that off the price difference is usually far lower.
They can't.
ICBW, but AIUI under European law, A is not allowed to dictate the terms of a transaction between B and C.
"A" in this case is Visa/MC, "B" is the retailer and "C" is the consumer.
All of my accounts will alert me by text and/or email of any transactions exceeding $500, or if the monthly transactions exceed $2000. I don't need to monitor my accounts daily, because the most anyone can take without triggering an alert is usually $500.
That being said, I check my accounts on a weekly basis, which is a good habit to get into. I get my balance and recent transaction history emailed to me on monday mornings, again using the banks' own systems.
Account alerts are wonderful tools. Use them!
All a system like that does is discourage fraudsters from taking more than $500 in one transaction.
So they're not going to be buying a car with your card, but there's plenty of other things they could buy.
Note that in the EU, your contract is with (and therefore the organisation you have to sue if it all goes pear-shaped) the retailer, not the manufacturer. But now that Sony has made an official announcement, there is no way most retailers will even contemplate offering a partial refund until they receive court papers - and possibly not until it's heard and an order is handed down.
Even if ordered to by a court, a retailer isn't going to bother trying to sue Sony unless and until they have had to refund a sufficiently large number of customers as to make it worthwhile. They're certainly not going to take Sony on over a single £70 refund (which I believe is what Amazon refunded), and they probably won't until they have dealt with hundreds, if not thousands of similar refunds.
I'm not convinced there are enough people who are sufficiently bothered by it as to make that happen.
You are aware that if you demand solid 100% unimpeachable proof, most investigative journalism (by which I mean real journalism, not repeating press releases) and whistleblowing would never get off the ground?
Then the correct solution is not to bitch on /. The correct solution is to write to your representative (whatever country you're in), explain your concerns and (this is the important bit) suggest a workable alternative.
If you don't, it is very likely your government will take the approach "well, it may be a lousy solution but in the absence of any alternatives....."
Of course it is. And remember we're only seeing what EFF want us to see - they're hardly going to present the most unbiased view.
Thing is, money talks. It certainly talks to the US government, and also to my own (UK) government. Those who are going all out pro-piracy are easily labelled as insane (which is remarkably easy - much of the western world doesn't produce any sort of property but intellectual, it doesn't take a debating genius to put forward an argument that some sort of protection is absolutely necessary for the continued wellbeing of the economy - frankly, the previous system of patronage doesn't scale so well. It's easy to overlook the fact that a cleverly built website could probably fix that by allowing lots of small donations to be wrapped up into one big lump, because nobody's done that yet. Closest thing is probably Magnatunes).
This leaves the moderates. Those who produce and/or enjoy music, don't see a problem with artists getting paid per se but do see a problem with the current system. Problem is, AFAICT the moderates aren't proposing workable solutions, they're simply complaining that every suggestion that's brought up is worse than the current system. Which is true, but right now you've got people on all sides saying "We need to do something. Hey, Government, do something!" and the only "something" that's being presented to do is presented by the entertainment industry. So the Government reaction is likely to be "We need to do something. This is something. Let's do it."
Hey, while folks are at it, why doesn't someone chuck a fire under Apple to just get MacOS out to the masses - it's not like it's a hard modification to OSX to get it to run on most modern x86 machines - that in itself would throw Microsoft for a loop!
Last time Apple did something like that, it almost killed them.
Besides, the whole point of OS X is it JFW and to a certain extent that's true - much more so than Windows, IME. Expose it to all the crap hardware that's out there and I strongly doubt that would continue to be the case.
While I don't wish to belittle the work of people who are literally saving lives, you do realise the only reason anybody's email account is even remotely usable is because all they have to do is "mash the delete key a few times"?
If your email address has been in the wild for any length of time, it's safe to assume that at least 90 spams are being discarded behind the scenes for every legitimate email you receive - and that's assuming the system in use is not very good at dealing with the risk of false positives and so errs on the side of letting things through.
I don't know of any organisation these days that doesn't put some level of spam filtering in place.
I haven't configured it, but the latest verson of jabberd2 supports GSSAPI, and hence should support Kerberos. Also supports SSL, syslog will give you centralised logging and you should easily find clients for multiple platforms.
Seriously, somebody would pay Microsoft for an IM solution?
Truly, the modern equivalent of "nobody got fired for buying IBM" (subtext: even if the IBM product is lousy, even if there are others which are both substantially cheaper and better).
Your work computer better not be accessible through the firewall.
I'm sure it isn't. But I'm also sure that most of the important data should not be on your own PC. It should be in a fileserver or the database that serves an application, and by the time you consider things like VPNs, interaction with other applications and other organisations, it's very easy to find that you've just inadvertently made a whole lot of data publicly available.
Your office should ensure that viruii do not exist, this includes monitoring firewall traffic and computer activity internally.
Very true, and any half-sane company will do exactly this - but a lot of modern malware is very adept at covering its tracks. You certainly can't rely on AV software.
The only thing they are going to help is when someone has physical access to your computer--and when that happens any /.er will tell you that all bets are off and passwords are pretty much irrelevant.
Which is one of the reasons why you don't encourage people to store stuff on their own PC. Data loss is more of a risk if it's a laptop, but at the same time no bugger has yet developed a sensible way to backup individual desktop PCs - it's a million times easier to backup a single whacking great fileserver.
Worrying? Possibly.
Surprising? Not at all. I've been sure in my own mind for some time that the risk these days comes from the application you run on the web server, rather than the web server itself. About the best you can do is lock down everything to buggery so that any impact can be minimised. From TFA, it sounds like the Apache people had done quite a bit to reduce the impact but there were a few things overlooked.
I can think of a couple.
It's a very prestigious target (if you're the sort that would do this for some sort of prestige). It's also a poster-child for a solid OSS product - what better way to spread FUD?
AFAICT, web servers themselves aren't commonly hacked these days - and indeed that seems to be the case here.
The foolish thing is - and it's downright stupid, make no mistake - while most modern web servers are fairly secure, the same is most definitely not true of the applications and frameworks that commonly run on them. And because it's quite common to find a password for one application works for others (either by a user using the same password or by design, eg. using a common backend such as LDAP), you only need one stupid application which doesn't take countermeasures against brute-force attacks and doesn't log failed logins (making fail2ban ineffective) and the whole damn lot is cracked open.
Oh come on. Put the crack pipe down.
Every OS has its quirks. Windows has bluescreens, Unix has kernel panics. And even if you put together a hardware/OS combination that isn't particularly vulnerable to such things, you've still got application software to deal with.
When you categorically must have the system as a whole working, when "oh dear that server just died horribly" is not allowed to cause the system as a whole to come crashing down, redundancy is very much a critical issue - I don't care if you're talking about Windows, Linux or VMS.