They're committing "wire fraud". Forget the bank prosecuting, this makes them the responsibility of the US Treasury, specifically the Secret Service, at least for fraud against US citizens. If anyone was going to bother to prosecute them, it would be for criminal activity, but the Secret Service can't be bothered. It regularly discards any complaints less than a quite large threshold as not worth the manpower to investigate and convict.
If the banks would bother to report, and to support prosecutions, the Secret Service might be more willing to pursue it. This doesn't seem to happen.
Microsoft didn't just shit on SPF. They embraced and extended it, broke the labeling for version 1 by stuffing their domain keys into it inappropriately, poisoned it with patented and un-extendable patented technologies no major SMTP server except Microsoft Exchange dared to be burdened with, and tried to cook the ISO proceedings in ways similar to what they're doing with OOXML. The result is that they claim all the SPF enabled sites as Domain Keys, when over 90% of them actually refuse to use Domain Keys.
Microsoft tried to poison it because publishing information about your allowed mail servers in DNS is very efficient, and gives most of the benefits of Domain Keys without having to spend a red cent for a key or special server from Microsoft.
I've seen this sentiment echoed here several places. The only way to ship a complex product without security holes is not to ship it at all: with a few hundred thousand lines of code, or a few million in a big product line, you can't catch __all__ the holes even with with a rigorous Q/A policy.
I assume you left out the word "have" and mis-spelled "going", meaning:
1. You don't [have] to publish your changes to GNU GPL code unless you are [doing-->going] to distribute it.
Please spellcheck your statements that try to explore tight logical or legal issues. It will make your post much more legible. I'll restrain my other spelling comments, because I also make a typo now and then.
Patents do not apply to portraits, or to posters, or to printouts.
The details of the layout artwork (and good layout *IS* artwork!), rather than the overall functional concept, are vital to making complex circuits. Patent law does not cover that detailed a level of implementation. Copyright, or something like it for the masks being discussed, seems to make more sense.
Fortunately, the blackhat community are thieves. And mostly quite stupid ones, at that. They'll have no fear of stealing the information from each other and publishing it on one of their poorly secured IRC channels for l33t d00dz. Expecting otherwise is expecting the blackhat community to obey their non-disclosure agreements with this Russian company, and having the skills to protect their systems from the rest of the unskilled but fast-breeding blackhat users.
I'd expect Real to get a copy of the published information, or a synopisis of the actual vulnerability, within 48 hours.
How about they switch to GPL? That way, anyone who publishes a patch for client has to reveal the patch.
Yes, it's a pipe dream for now, but that sort of security and performance flaw is partly why the GPL exists: to get the source, patches, and feature additions out into the open.
I agree with almost all of your reasoning, but you'd better believe that Bill Gates still maintains a noticeable influence on Microsoft policy. Ballmer couldn't pursue this without Gates' support, through Gates history as the corporate leadership and his personal knowledge of the current leadership.
A big infusion of money is helpful to almost any business. But like dealing with Wal-mart, selling your company to Microsoft can destroy your company's productivity, flexibility, and profitability in the long term. Migrating Yahoo's software toolkit to Microsoft tools can, for example ruin their performance and create a massive cost in manpower and hardware to achieve the change.
I don't want an MIT physics professor, except as a consultant. I want James Randi, the stage magicion who's now debunking psychic frauds, to look at the apparatus and make sure there's nothing strange going on.
For example, most voltage and current meters do no measurement of phase delay between the curent and the voltage. A bit of odd impedance in a motor can often affect its performance considerably by drawing more of the current when it's at the highest voltage and the maximum power is delivered to it, rather than wasting energy in conductive losses at low voltages. And oddball impedances can cause surprising loads to the sources of electrical power, which are not noticed unless you look carefully at the fuel consumption for the upstream generator or examine the electrical load with better instruments. The relevant phrase to look this up is "power factor correction".
They're not traffic "shaping". They're poisoning specific traffic with "RST" commands. It's the difference between selling each kid only a few pieces of candy, and stealing the candy from the candy wrappers and telling the kids "sorry, you bought it, don't talk to me!"
Does it count that the contest managers will still have been unable to install the network drivers, so it's unconnected to anything? I've tried to install network drivers for a Broadcom chipset on an OpenBSD system: it wasn't a pretty sight.
Linus actually *reads* the kernel code, and is aware of how the code arrived in the Linux kernel. And while Linus is not an author of law texts, he's certainly had to review and deal with copyright and patent law previously in the Linux kernel.
And oh, yes, if you're referring to the SCO lawsuits, go over to www.groklaw.net. The lawsuits were funded by Microsoft "partnership" deals with SCO and other Microsoft partners, and have fallen through because Novell actually owns the UNIX code in question. SCO is now in bankruptcy and delisted (or being delisted) from the NASDAQ after wasting years on a frivolous lawsuit instead of actually doing work.
While Google has made serious ethical and moral mistakes (such as their deals with China to permit governmental censorship of their search results), Google has been far, far, far less evil and nefarious than Microsoft. They haven't gathered the information illegally, or played the nasty spy games that the NSA has.
As "the lesser of two evils", Google actually comes out pretty well against almost any company.
Oh, even for the worst offenders and most idiotic script kiddies, the conviction rate and discovery rate is pitiful. How many of us actually pursue all the IP addresses of script kiddies trying to log in as root remotely to our servers? How many of us succeed in actually prosecuting such an abuse, especially when the law enforcement agencies kick it to the FBI and the FBI can't be bothered?
I see. You haven't encountered the laptop network driver adventures, or poor bandwidth to the file share due to being at home, that I do on a frequent basis.
Don't you copy the d:\i386 directory of the Windows XP inatallation CD to c:\i386, for just this sort of situation? I do that as a matter of course, as do most of the IT support staff that I know.
Switching between tasks regularly, though, can be very useful. A morning of coding, a lunch break to switch gears, then an afternoon of network wiring can be amazingly productive. It's the "trouble ticket" approach, and the "spend the next 3 hours making a Gant chart to plot out the dependencies of one day's work" that is so nasty.
I'd like to disagree with you on this. There is a threshold involved, that of actually getting someone's fiscal data rather than their home address or telephone number or computer password, that automatically means they are beyond the normal "hacker" exploits. If all you want to do is look around, you can do it with a sense of self restraint that gets you people's personal email or passwords, not their money information.
I'm also afraid that bragging to their friends does not, in fact, usually get them caught. The number of hackers, crackers, phishers, and other people who poke around other's computers seems to consistently be much larger than the number arrested or even caught. Most companies don't bother to pursue such frauds: they just say "is it worth our time and money to track them down? will we get our money back, or will it stop the next round from trying the same stunt", decide it won't, and ignore it as a part of doing business.
Even getting the police involved against the worst crackers and phishers is difficult. Getting police to act across state lines, or worse international borders, is a nightmare of arcane turf wars among governmental security groups who frankly will not bother with small thefts. They can only be convinced to pursue it when the amount exceeds some threshold, which varies from agency to agency and from month to month, but a few thousand stolen from any individual is like losing your wallet on a bus. They just won't bother doing anything about it besides sending you a form letter to fill out, which is promptly ignored.
Please examine the relevant law at http://www.copyright.gov/title17/92chap4.html, which specifies in detail where copyright law was modified by the Berne Ccnvention and this is no longer required. The lack of such requirement is critical to computer software lawsuits I'm aware of, and would otherwise overwhelm the library of Congress in trivial copyright registration.
Out-of-date knowledge of the law can be as dangerous as out-of-date knowledge of computer science, electronics, or medicine.
I'm going to have to update this: according to Wikipedia, Mr. Wollersheim did get roughly $9,000,000 from the cult, most of which went to legal fees from the years of his lawsuits and having to sue them repeatedly to get the money he won in his much, much earlier victory against the cult.
A big chunk went to destroying Cult Awareness Network with hundreds of fraudulent lawsuits, then buying up their assets including the name and phone lines. They're not making mooney like they used to, and the claims of "8 million members worldwide and growing" are clearly fraudulent. Their offices are closing, the Internet and various books and Time magazine have exposed their fraud, and their attack lawsuits and core offices are quite expensive to maintain.
They're certainly not using any of the money to pay Larry Wollersheim the roughly $10,000,000 they owe him.
And I've heard Christians talk about how Jesus fixed their liver, and acupuncture practicioners talk about how the needles block Chi flows. Having a stupid belief about slaughtered galactic citizens stuck to your body causing all your illness and bad thoughts seems no sillier.
Claiming that getting rid of these spirits make you a god, and you can get rid of them with a badly designed lie detector called an "e-meter" and having all your confessions of crimes and bad thoughts recorded and sent to the cult headquarters, and paying to have that done? Now, that's silly.
They're committing "wire fraud". Forget the bank prosecuting, this makes them the responsibility of the US Treasury, specifically the Secret Service, at least for fraud against US citizens. If anyone was going to bother to prosecute them, it would be for criminal activity, but the Secret Service can't be bothered. It regularly discards any complaints less than a quite large threshold as not worth the manpower to investigate and convict.
If the banks would bother to report, and to support prosecutions, the Secret Service might be more willing to pursue it. This doesn't seem to happen.
Microsoft didn't just shit on SPF. They embraced and extended it, broke the labeling for version 1 by stuffing their domain keys into it inappropriately, poisoned it with patented and un-extendable patented technologies no major SMTP server except Microsoft Exchange dared to be burdened with, and tried to cook the ISO proceedings in ways similar to what they're doing with OOXML. The result is that they claim all the SPF enabled sites as Domain Keys, when over 90% of them actually refuse to use Domain Keys.
Microsoft tried to poison it because publishing information about your allowed mail servers in DNS is very efficient, and gives most of the benefits of Domain Keys without having to spend a red cent for a key or special server from Microsoft.
I've seen this sentiment echoed here several places. The only way to ship a complex product without security holes is not to ship it at all: with a few hundred thousand lines of code, or a few million in a big product line, you can't catch __all__ the holes even with with a rigorous Q/A policy.
I assume you left out the word "have" and mis-spelled "going", meaning:
1. You don't [have] to publish your changes to GNU GPL code unless you are [doing-->going] to distribute it.
Please spellcheck your statements that try to explore tight logical or legal issues. It will make your post much more legible. I'll restrain my other spelling comments, because I also make a typo now and then.
Patents do not apply to portraits, or to posters, or to printouts.
The details of the layout artwork (and good layout *IS* artwork!), rather than the overall functional concept, are vital to making complex circuits. Patent law does not cover that detailed a level of implementation. Copyright, or something like it for the masks being discussed, seems to make more sense.
Fortunately, the blackhat community are thieves. And mostly quite stupid ones, at that. They'll have no fear of stealing the information from each other and publishing it on one of their poorly secured IRC channels for l33t d00dz. Expecting otherwise is expecting the blackhat community to obey their non-disclosure agreements with this Russian company, and having the skills to protect their systems from the rest of the unskilled but fast-breeding blackhat users.
I'd expect Real to get a copy of the published information, or a synopisis of the actual vulnerability, within 48 hours.
How about they switch to GPL? That way, anyone who publishes a patch for client has to reveal the patch.
Yes, it's a pipe dream for now, but that sort of security and performance flaw is partly why the GPL exists: to get the source, patches, and feature additions out into the open.
I see you have a great career in hotel reservations and car rental agreements.
I agree with almost all of your reasoning, but you'd better believe that Bill Gates still maintains a noticeable influence on Microsoft policy. Ballmer couldn't pursue this without Gates' support, through Gates history as the corporate leadership and his personal knowledge of the current leadership.
A big infusion of money is helpful to almost any business. But like dealing with Wal-mart, selling your company to Microsoft can destroy your company's productivity, flexibility, and profitability in the long term. Migrating Yahoo's software toolkit to Microsoft tools can, for example ruin their performance and create a massive cost in manpower and hardware to achieve the change.
I don't want an MIT physics professor, except as a consultant. I want James Randi, the stage magicion who's now debunking psychic frauds, to look at the apparatus and make sure there's nothing strange going on.
For example, most voltage and current meters do no measurement of phase delay between the curent and the voltage. A bit of odd impedance in a motor can often affect its performance considerably by drawing more of the current when it's at the highest voltage and the maximum power is delivered to it, rather than wasting energy in conductive losses at low voltages. And oddball impedances can cause surprising loads to the sources of electrical power, which are not noticed unless you look carefully at the fuel consumption for the upstream generator or examine the electrical load with better instruments. The relevant phrase to look this up is "power factor correction".
They're not traffic "shaping". They're poisoning specific traffic with "RST" commands. It's the difference between selling each kid only a few pieces of candy, and stealing the candy from the candy wrappers and telling the kids "sorry, you bought it, don't talk to me!"
Does it count that the contest managers will still have been unable to install the network drivers, so it's unconnected to anything? I've tried to install network drivers for a Broadcom chipset on an OpenBSD system: it wasn't a pretty sight.
I am.
Someone with mod points mark this fool down.
Linus actually *reads* the kernel code, and is aware of how the code arrived in the Linux kernel. And while Linus is not an author of law texts, he's certainly had to review and deal with copyright and patent law previously in the Linux kernel.
And oh, yes, if you're referring to the SCO lawsuits, go over to www.groklaw.net. The lawsuits were funded by Microsoft "partnership" deals with SCO and other Microsoft partners, and have fallen through because Novell actually owns the UNIX code in question. SCO is now in bankruptcy and delisted (or being delisted) from the NASDAQ after wasting years on a frivolous lawsuit instead of actually doing work.
While Google has made serious ethical and moral mistakes (such as their deals with China to permit governmental censorship of their search results), Google has been far, far, far less evil and nefarious than Microsoft. They haven't gathered the information illegally, or played the nasty spy games that the NSA has.
As "the lesser of two evils", Google actually comes out pretty well against almost any company.
Oh, even for the worst offenders and most idiotic script kiddies, the conviction rate and discovery rate is pitiful. How many of us actually pursue all the IP addresses of script kiddies trying to log in as root remotely to our servers? How many of us succeed in actually prosecuting such an abuse, especially when the law enforcement agencies kick it to the FBI and the FBI can't be bothered?
I see. You haven't encountered the laptop network driver adventures, or poor bandwidth to the file share due to being at home, that I do on a frequent basis.
Don't you copy the d:\i386 directory of the Windows XP inatallation CD to c:\i386, for just this sort of situation? I do that as a matter of course, as do most of the IT support staff that I know.
Switching between tasks regularly, though, can be very useful. A morning of coding, a lunch break to switch gears, then an afternoon of network wiring can be amazingly productive. It's the "trouble ticket" approach, and the "spend the next 3 hours making a Gant chart to plot out the dependencies of one day's work" that is so nasty.
I'd like to disagree with you on this. There is a threshold involved, that of actually getting someone's fiscal data rather than their home address or telephone number or computer password, that automatically means they are beyond the normal "hacker" exploits. If all you want to do is look around, you can do it with a sense of self restraint that gets you people's personal email or passwords, not their money information.
I'm also afraid that bragging to their friends does not, in fact, usually get them caught. The number of hackers, crackers, phishers, and other people who poke around other's computers seems to consistently be much larger than the number arrested or even caught. Most companies don't bother to pursue such frauds: they just say "is it worth our time and money to track them down? will we get our money back, or will it stop the next round from trying the same stunt", decide it won't, and ignore it as a part of doing business.
Even getting the police involved against the worst crackers and phishers is difficult. Getting police to act across state lines, or worse international borders, is a nightmare of arcane turf wars among governmental security groups who frankly will not bother with small thefts. They can only be convinced to pursue it when the amount exceeds some threshold, which varies from agency to agency and from month to month, but a few thousand stolen from any individual is like losing your wallet on a bus. They just won't bother doing anything about it besides sending you a form letter to fill out, which is promptly ignored.
Please examine the relevant law at http://www.copyright.gov/title17/92chap4.html, which specifies in detail where copyright law was modified by the Berne Ccnvention and this is no longer required. The lack of such requirement is critical to computer software lawsuits I'm aware of, and would otherwise overwhelm the library of Congress in trivial copyright registration.
Out-of-date knowledge of the law can be as dangerous as out-of-date knowledge of computer science, electronics, or medicine.
I'm going to have to update this: according to Wikipedia, Mr. Wollersheim did get roughly $9,000,000 from the cult, most of which went to legal fees from the years of his lawsuits and having to sue them repeatedly to get the money he won in his much, much earlier victory against the cult.
So that's where some of the money went.
A big chunk went to destroying Cult Awareness Network with hundreds of fraudulent lawsuits, then buying up their assets including the name and phone lines. They're not making mooney like they used to, and the claims of "8 million members worldwide and growing" are clearly fraudulent. Their offices are closing, the Internet and various books and Time magazine have exposed their fraud, and their attack lawsuits and core offices are quite expensive to maintain.
They're certainly not using any of the money to pay Larry Wollersheim the roughly $10,000,000 they owe him.
And I've heard Christians talk about how Jesus fixed their liver, and acupuncture practicioners talk about how the needles block Chi flows. Having a stupid belief about slaughtered galactic citizens stuck to your body causing all your illness and bad thoughts seems no sillier.
Claiming that getting rid of these spirits make you a god, and you can get rid of them with a badly designed lie detector called an "e-meter" and having all your confessions of crimes and bad thoughts recorded and sent to the cult headquarters, and paying to have that done? Now, that's silly.