I'm not as up on SMART as I should be, but presumably the power-on hours is cumulative, and could be used to see if the drive had been spun up.
Of course, with the laptop missing for so long, the attacker could easily have removed the platters from the drive, moved them into another identical drive, and read them on the other drive, which would have left the SMART attributes untouched.
This also relies on our bumbling CLEAR security folk keeping some sort of off-laptop log of the SMART data for the drive.
Correction; they refuse to sell the devices outside of the USA. I can't buy one up here in Canada.
There's lots wrong with Amazon's marketing strategy; some kinds of books in the US are expensive, such as text books, and much of this cost comes from their limited runs. Publishing these books to the Kindle would eliminate much of the cost associated with publishing overhead. This would also stop poor students from having to lug a hundred pounds of textbooks around with them.
Textbooks are also a perfect choice for this sort of medium, as it is not uncommon for text publishers to make updates and refinements to their texts as errors are found or new breakthroughs are made. While you can't make updates to an existing paper book (aside from using a pen), it would be easy to distribute patches for eBooks.
I was a user on the SchoolNet MOO way back. I built a lot of cool stuff back then.
I've built some cool stuff on SL, too. It attracted me for much the same reason the MOO did; building cool stuff is fun. It would just be nice if LSL wasn't so terrible.:)
Yes, you can reuse code by copy and pasting other people's code into your script. That's not REALLY code reuse though, is it? If someone finds a bug in the XYText system and fixes it, you have to go copy and paste their updated code in order to receive the benefits of that fix. If you find a bug in your own library, have fun finding all the places you use it and fixing them.
"Arbitrary text input" does not a natural interface make. While you might interact with your cell phone in real life by saying "/dial 555-1515", I don't. There are some very specific interfaces available, like the vehicle interface, which I suppose deserve mention. Would be nice if there was a way to, say, add menu options to the little radial menu that pops out when you right click an object (other than replacing the "sit" text).
You can usually find some way to do what you want given enough ingenuity; I built a pink Matel hoverboard attachment that worked by replacing all your character animations, so it always looked like you were flying around on it. The lack of a nice interface system is not their biggest fault, and talking to everything from your shoes to your car isn't terrible, but it could be better.
Energy is used for a lot more than just movement. Rezing new objects requires energy, so you can't rez multiple objects at once (although I built a "shotgun" that scattered multiple spheres of "buckshot", and got around this with a collection of invisible objects at the front of the gun, each of which fired a single buckshot when signaled by the gun itself, using llMessageLinked, none the less. Since each object only rezed one object, it worked most of the time). llMessageLinked is another example of a function which uses energy, BTW, even though you wouldn't expect it to.
I/do/ understand what I'm talking about. I know there's cryptic horrible ways around the broken limitations of LSL; I just don't like them. It's kind of fun to program in LSL, but in the same way it's kind of fun to try figure out how to use a toothpick and some bubblegum to build a nuclear weapon. I wouldn't want to do anything important in LSL, and I certainly wouldn't want to use it as a teaching tool to corrupt and cripple the minds of young future programmers.
I'd say it would be interesting to see what comes of their.NET integration, except for three things. First, I said it years ago when they first posted demos of.NET scripts running in SL. Second, I think they're going to screw it up. Third, I've long since moved on to other things, because the limitations of LSL were enough to make me give up long ago. I could be doing something useful with my time.
When I first heard about Second Life I was pretty excited about the prospect of using it as a teaching tool. My first real exposure to OO was LambdaMOO (MOO = MUD Object Oriented, and MUD = Multi-User Dungeon).
LambdaMOO has a very nice object oriented structure, where everything in the universe is an object which inherits from some other object. There's object 1 which is called Object, from which you derive the base objects Room, Exit, User (User further split out into Wizard and Player), and so on. Every object in the world had a collection of "verbs" defined on it, which were essentially methods. Objects could call each others methods. It was a very nice environment for learning OO, because when an "object" is a "Tree" or a "Vehicle" it is a bit more concrete and obvious than when an object is a "TransactionProcessor" or a "DocumentFactory".
LambdaMOO had no concept of a "class". Your user was an object which inherited from "Player" or "Wizard". But, adding new verbs to Player or Wizard would add them to all players and wizards, and verbs could be overridden on child objects, and the implementation was hidden, so you satisfy all the pilars of a traditional OO system.
Now, we have Second Life, which COULD be a totally awesome tool for learning OO... except the scripting language is like a crippled version of Basic. Scripts can't call into each other so there's no code reuse. Scripts can't export any sort of interface (beyond the dreaded "touch" event) so there's no natural way to interact with scripts. Scripts are also hobbled by concepts like "energy" and various specific commands have other rate limits or other limits on them (which I understand the need for, I just wish they were documented). Let's not even talk about what happens if someone else picks the same "channel" as you to send inter-script messages on.
Finally scripts are not OO in any way; no encapsulation, no inheritance, no polymorphism, no abstraction. Despite the fact that the world is literally made of objects, the development environment is not object oriented. It's crazy talk.
It's outright painful to try and build anything of any complexity.
But, it's strange, because if I drag and drop an SVG file on my machine at work, it works fine. And, as prockcore pointed out, it worked on his machine too.
Hmm.. That's odd. If I go to the URL, it renders. If I save it to my desktop and drag it back, I get an "Opening butterfly.svg" dialog with options to "Open With: Internet Explorer" and "Save File".
I had assumed from this that this was because SVG wasn't supported.
There's no entry for SVG in the Options->Applications window. If I choose "Open With:" and browse to Firefox, it opens a new tab and re-displays the "Opening" dialog.
> The only reason Flash succeeded was because web browsers didn't have vector graphic support ten years ago.
Try drag and dropping an SVG file onto a Firefox 3 window. Browsers STILL don't support vector graphics.
(And, for some totally strange reason, you can't drag and drop an SVG onto Safari under Windows either; you can drop it onto the address bar, but not onto the window itself).
However, self signed certs are useful when you have some means of secure distribution.
For example, I have a webmail client running on my server at home so I can read my mail while I'm at work (my office's evil proxy blocks out secure IMAP). I access the webmail client via SSL with a self signed cert. Since I added the cert to Firefox's list of exemptions while I was at home, on my private network, I know there was no MITM attack. Now I can access my home server from work using this cert no problem. If someone were to try a MITM attack, then the cert would change, and Firefox would complain (and I'd start updating my resume in an attempt to escape my evil IT department.:)
Umm... no. A certificate proves who is on the other end, because whoever is on the other end has the private key associated with the certificate, otherwise they wouldn't be able to negotiate the SSL link.
The only way for someone else to be in control of the certificate is to gain access to that secret key, which implies a great deal of carelessness on behalf of the certificate owner, since no one (not even the CA) should have the secret key.
The value a CA adds is that the CA certs are well known. The CA verifies that the certificate in question belongs to the site or person in the certificate's subject, and then signs the cert with the CA's private key. Since I have a copy of the CA's certificate ahead of time, I can use it to verify the signature, which means I know the cert was signed by the CA, which means I know the cert belongs to the person who claims to own it (assuming I trust the CA).
The problem is that a self-signed certificate suffers from attacks at distribution time, whereas a CA signed certificate does not.
First, you have to understand what a certificate is. A certificate consists of two parts: a public key, and a subject. The public key has a matching private key, but only the owner of the certificate has the private key (no one else; not even the CA). The subject tells us who the cert belongs to, and it is signed with the private key (so we can use the public key to make sure the subject hasn't been altered).
If I connect to your server via SSL, and you provide me with a self signed certificate, then that certificate proves that you are you (because of the subject), and it provides a means for us to establish encrypted communication (because of the public key). All is well, right?
Well, not quite; this only works if you've provided me with your cert ahead of time via some other secure channel (not the web). Otherwise, this setup is vulnerable to the classic "man in the middle" attack. Someone who wants to intercept our communication pretends to be you, and gives me his own "fake" self signed cert. I establish communications with the attacker; the attacker's subject is signed with the attacker's public key, and the attacker has the private key so he can read the messages I send him. The attacker then establishes communications with you, and passes my messages on to you, and the attacker can now listen in on everything we say.
The attacker could also pretend to be you, again by providing me with a self signed cert that claims to be you.
The problem in both of these attacks is simply that I have no way to verify that this self signed cert is really your self signed cert. If you had given it to me ahead of time, I could have added it to my list of trusted certs, and then when the attacker presented me with a different cert, I'd know someone was up to something. (Although, how would I know it was really you when you give it to me "ahead of time"? And if we have some out of band secure channel, why aren't we using that instead?)
Now, why isn't this a problem with CA signed certs? The CA goes through varying levels of pains to verify that you really are you when you submit a signing request. So I get a cert from you, it's signed by the CA's cert's private key. I check the signature against the CA's cert, and I see that it is good. Since I trust the CA, I know that this certificate really is your certificate.
The man in the middle attack and the "pretending to be you" attack won't work here; if the attacker provides me with a different certificate, then the certificate's signature will either not match the certificate, or else won't have a signature. The attacker could simply grab your certificate (it is provided to anyone who asks for it by your web server - the certificate itself is public knowledge), and then the cert would pass the signature checks, but since the attacker does not have your certificate's private key (only you have that), the attacker would be unable to decrypt any communication I send to him using your certificate.
There's nothing wrong with self-signed certs in and of themselves. You will notice that the signing certificates belonging to the CAs are self signed. This only makes sense; the CA signed your cert with their cert, but who signed the CA cert? Even if someone did sign it (the uberCA), then who would sign that cert? It has to end somewhere, so it ends at the CA.
The thing about the CAs' signing certificates is that they are "well known". Everyone has a copy of them; they come with your operating system. If, for some reason, you distrust your OS distributor, you can go find multiple copies of them scattered about the internet. If you could convince OEMs to include your self signed cert, it would be just as good.:)
As I said, it's rate based (or at least, that's what they told me when I wrote and complained about it). So if you install it 200 times in an afternoon, you'll get locked out, but if you install it once every few months, no problem. The 2 PC limit is enforced only by the EULA.
Bioshock on Steam has the Steam copy protection *AND* the SecuROM DRM. You get the worst of both worlds. If either the Steam servers or the SecuROM activation servers go down, you're out of luck.
Erm... Sid Meyer's production company is Firaxis games, which was acquired by publisher 2K Games in 2005. 2K Games is the same company which published BioShock.
There's a good chance you won't be seeing any un-DRMed games from Sid Meyer for a while, I think.
Erm... I hate to tell you this. The Stardock games all "have no copy protection" for the V1.0, but as soon as you install an update, it asks you for the key, and then it does product activation, much like BioShock and Mass Effect.
The Stardock product activation is much nicer than BioShock or ME; instead of a hard install limit, the install limit is rate based. In other words, you're only allowed [unspecified number] of installs per [unspecified time period]. There's also none of the "can't be running any debugging tools" nonsense that SecuROM comes with.
The "unspecified"s in there make me a bit uncomfortable, but it's a bit better than SecuROM.
For some reason EA didn't advertise the three install limit on the box. I imagine most people didn't know it was there until they hit it.
The first game I ever got with activation was Flight Simulator X; got it as a gift. If I'd actually bought it, I would've done my best to return it (although no one does returns on open box software anymore).
Now consumers are starting to be trained to be more cautious. Hopefully fewer people will buy Mass Effect.
More like "DRM keeps a dishonest company dishonest".
DRM imposes limits on the honest man that he wouldn't otherwise have (no format shifting, vendor lock-in, etc).
DRM imposes no limits on the dishonest man; since the very idea of DRM is fundamentally flawed at a first-premises level, it will always be easy to crack, and dishonest people will always have access to DRM protected goods.
DRM lets big media companies bilk people by forcing them to buy the same thing over and over again.
Yes, but a lot better than the US DMCA, where when the ISP gets a notice, they have to remove the content immediately and then wait for a counter-claim from their user. This system is much less prone to abuse, and the effects of false claims are less damaging. I would've liked to see penalties for false notices, because the cost of sending notices is basically nil today so there's no real harm to the big media companies in sending them indiscriminately to everyone, everywhere.
But then, I would've liked to see laws requiring clear disclosure of DRM on software, music, and DVDs, and I didn't think that was too likely.:P
I think our notice-notice system isn't bad. I like it a lot better than the American notice-takedown system; not anywhere near as open to abuse.
It's just... the rest of it.:P
The exceptions for academia are nice, but you have to wonder how useful they are. If publishing the results counts as distribution, then it's basically useless. I haven't read the whole bill yet, and IANAL, so I'll leave those gray areas to others.
-expressly allow you to record TV shows for later viewing; copy legally purchased music onto other devices, such as MP3 players or cell phones;
Provided that the music isn't coming from a DVD, and that the original source isn't protected by DRM, in which case the new bill actually expressly criminalizes it, whereas before it would have been legal.
-make back-up copies of legally purchased books, newspapers, videocassettes and photographs onto devices you own;
But not laser discs, video-CDs, DVDs, or any other audio-visual media with the exception of videocassettes. Again, these are now criminalized.
and limit the "statutory damages" a court could award for all private use copyright infringements;
If you're using P2P technology, this new bill imposes a $20,000 fine for "making available", which is far more than the current statutory damages.
clarify the roles and responsibilities of Internet Service Providers related to the copyright content flowing over their network facilities; and
This part doesn't seem so bad (unless I'm missing something). Basically, if ISPs get served with a notice, they have to pass it on to their users, which seems good.
"With respect to audiovisual material such as films, the format-shifting provision would apply only to videocassettes and would not allow you to make copies of material stored on other media, such as DVDs." -http://www.ic.gc.ca/epic/site/crp-prda.nsf/en/rp01158e.html
That's a bit obtuse. Why does it matter what media format the source is on?
As the bill stands, format shifting from old laser discs or Video-CDs would be illegal. Format shifting DVDs to your video iPod would be illegal (even for the few DVDs without copy protection). Once DVD becomes an obsolete format, it would still be illegal to format shift your content onto more recent media.
Format shifting music DVDs onto your iPod also would be illegal (which totally sucks).
Slashdot Mirror
I'm not as up on SMART as I should be, but presumably the power-on hours is cumulative, and could be used to see if the drive had been spun up.
Of course, with the laptop missing for so long, the attacker could easily have removed the platters from the drive, moved them into another identical drive, and read them on the other drive, which would have left the SMART attributes untouched.
This also relies on our bumbling CLEAR security folk keeping some sort of off-laptop log of the SMART data for the drive.
The truth is, they have no idea if it was compromised or not. All you'd need is an Ubuntu boot CD and you could read the data straight off the drive.
Next time they should use THREE levels of passwords. ;)
Correction; they refuse to sell the devices outside of the USA. I can't buy one up here in Canada.
There's lots wrong with Amazon's marketing strategy; some kinds of books in the US are expensive, such as text books, and much of this cost comes from their limited runs. Publishing these books to the Kindle would eliminate much of the cost associated with publishing overhead. This would also stop poor students from having to lug a hundred pounds of textbooks around with them.
Textbooks are also a perfect choice for this sort of medium, as it is not uncommon for text publishers to make updates and refinements to their texts as errors are found or new breakthroughs are made. While you can't make updates to an existing paper book (aside from using a pen), it would be easy to distribute patches for eBooks.
So where is Amazon's textbook store?
I was a user on the SchoolNet MOO way back. I built a lot of cool stuff back then.
I've built some cool stuff on SL, too. It attracted me for much the same reason the MOO did; building cool stuff is fun. It would just be nice if LSL wasn't so terrible. :)
Yes, you can reuse code by copy and pasting other people's code into your script. That's not REALLY code reuse though, is it? If someone finds a bug in the XYText system and fixes it, you have to go copy and paste their updated code in order to receive the benefits of that fix. If you find a bug in your own library, have fun finding all the places you use it and fixing them.
"Arbitrary text input" does not a natural interface make. While you might interact with your cell phone in real life by saying "/dial 555-1515", I don't. There are some very specific interfaces available, like the vehicle interface, which I suppose deserve mention. Would be nice if there was a way to, say, add menu options to the little radial menu that pops out when you right click an object (other than replacing the "sit" text).
You can usually find some way to do what you want given enough ingenuity; I built a pink Matel hoverboard attachment that worked by replacing all your character animations, so it always looked like you were flying around on it. The lack of a nice interface system is not their biggest fault, and talking to everything from your shoes to your car isn't terrible, but it could be better.
Energy is used for a lot more than just movement. Rezing new objects requires energy, so you can't rez multiple objects at once (although I built a "shotgun" that scattered multiple spheres of "buckshot", and got around this with a collection of invisible objects at the front of the gun, each of which fired a single buckshot when signaled by the gun itself, using llMessageLinked, none the less. Since each object only rezed one object, it worked most of the time). llMessageLinked is another example of a function which uses energy, BTW, even though you wouldn't expect it to.
I /do/ understand what I'm talking about. I know there's cryptic horrible ways around the broken limitations of LSL; I just don't like them. It's kind of fun to program in LSL, but in the same way it's kind of fun to try figure out how to use a toothpick and some bubblegum to build a nuclear weapon. I wouldn't want to do anything important in LSL, and I certainly wouldn't want to use it as a teaching tool to corrupt and cripple the minds of young future programmers.
I'd say it would be interesting to see what comes of their .NET integration, except for three things. First, I said it years ago when they first posted demos of .NET scripts running in SL. Second, I think they're going to screw it up. Third, I've long since moved on to other things, because the limitations of LSL were enough to make me give up long ago. I could be doing something useful with my time.
When I first heard about Second Life I was pretty excited about the prospect of using it as a teaching tool. My first real exposure to OO was LambdaMOO (MOO = MUD Object Oriented, and MUD = Multi-User Dungeon).
LambdaMOO has a very nice object oriented structure, where everything in the universe is an object which inherits from some other object. There's object 1 which is called Object, from which you derive the base objects Room, Exit, User (User further split out into Wizard and Player), and so on. Every object in the world had a collection of "verbs" defined on it, which were essentially methods. Objects could call each others methods. It was a very nice environment for learning OO, because when an "object" is a "Tree" or a "Vehicle" it is a bit more concrete and obvious than when an object is a "TransactionProcessor" or a "DocumentFactory".
LambdaMOO had no concept of a "class". Your user was an object which inherited from "Player" or "Wizard". But, adding new verbs to Player or Wizard would add them to all players and wizards, and verbs could be overridden on child objects, and the implementation was hidden, so you satisfy all the pilars of a traditional OO system.
Now, we have Second Life, which COULD be a totally awesome tool for learning OO... except the scripting language is like a crippled version of Basic. Scripts can't call into each other so there's no code reuse. Scripts can't export any sort of interface (beyond the dreaded "touch" event) so there's no natural way to interact with scripts. Scripts are also hobbled by concepts like "energy" and various specific commands have other rate limits or other limits on them (which I understand the need for, I just wish they were documented). Let's not even talk about what happens if someone else picks the same "channel" as you to send inter-script messages on.
Finally scripts are not OO in any way; no encapsulation, no inheritance, no polymorphism, no abstraction. Despite the fact that the world is literally made of objects, the development environment is not object oriented. It's crazy talk.
It's outright painful to try and build anything of any complexity.
Could be worse. Rogers and Bell, here in Canada, just throttle ALL encrypted traffic.
"Research suggests that consumers also derive more enjoyment from the hits..."
Really? More people like popular things than unpopular things? Or, in other words, more people like things which more people like?
Wonders never cease.
But, it's strange, because if I drag and drop an SVG file on my machine at work, it works fine. And, as prockcore pointed out, it worked on his machine too.
Very strange.
Hmm.. That's odd. If I go to the URL, it renders. If I save it to my desktop and drag it back, I get an "Opening butterfly.svg" dialog with options to "Open With: Internet Explorer" and "Save File".
I had assumed from this that this was because SVG wasn't supported.
There's no entry for SVG in the Options->Applications window. If I choose "Open With:" and browse to Firefox, it opens a new tab and re-displays the "Opening" dialog.
> The only reason Flash succeeded was because web browsers didn't have vector graphic support ten years ago.
Try drag and dropping an SVG file onto a Firefox 3 window. Browsers STILL don't support vector graphics.
(And, for some totally strange reason, you can't drag and drop an SVG onto Safari under Windows either; you can drop it onto the address bar, but not onto the window itself).
However, self signed certs are useful when you have some means of secure distribution.
For example, I have a webmail client running on my server at home so I can read my mail while I'm at work (my office's evil proxy blocks out secure IMAP). I access the webmail client via SSL with a self signed cert. Since I added the cert to Firefox's list of exemptions while I was at home, on my private network, I know there was no MITM attack. Now I can access my home server from work using this cert no problem. If someone were to try a MITM attack, then the cert would change, and Firefox would complain (and I'd start updating my resume in an attempt to escape my evil IT department. :)
Umm... no. A certificate proves who is on the other end, because whoever is on the other end has the private key associated with the certificate, otherwise they wouldn't be able to negotiate the SSL link.
The only way for someone else to be in control of the certificate is to gain access to that secret key, which implies a great deal of carelessness on behalf of the certificate owner, since no one (not even the CA) should have the secret key.
The value a CA adds is that the CA certs are well known. The CA verifies that the certificate in question belongs to the site or person in the certificate's subject, and then signs the cert with the CA's private key. Since I have a copy of the CA's certificate ahead of time, I can use it to verify the signature, which means I know the cert was signed by the CA, which means I know the cert belongs to the person who claims to own it (assuming I trust the CA).
The problem is that a self-signed certificate suffers from attacks at distribution time, whereas a CA signed certificate does not.
First, you have to understand what a certificate is. A certificate consists of two parts: a public key, and a subject. The public key has a matching private key, but only the owner of the certificate has the private key (no one else; not even the CA). The subject tells us who the cert belongs to, and it is signed with the private key (so we can use the public key to make sure the subject hasn't been altered).
If I connect to your server via SSL, and you provide me with a self signed certificate, then that certificate proves that you are you (because of the subject), and it provides a means for us to establish encrypted communication (because of the public key). All is well, right?
Well, not quite; this only works if you've provided me with your cert ahead of time via some other secure channel (not the web). Otherwise, this setup is vulnerable to the classic "man in the middle" attack. Someone who wants to intercept our communication pretends to be you, and gives me his own "fake" self signed cert. I establish communications with the attacker; the attacker's subject is signed with the attacker's public key, and the attacker has the private key so he can read the messages I send him. The attacker then establishes communications with you, and passes my messages on to you, and the attacker can now listen in on everything we say.
The attacker could also pretend to be you, again by providing me with a self signed cert that claims to be you.
The problem in both of these attacks is simply that I have no way to verify that this self signed cert is really your self signed cert. If you had given it to me ahead of time, I could have added it to my list of trusted certs, and then when the attacker presented me with a different cert, I'd know someone was up to something. (Although, how would I know it was really you when you give it to me "ahead of time"? And if we have some out of band secure channel, why aren't we using that instead?)
Now, why isn't this a problem with CA signed certs? The CA goes through varying levels of pains to verify that you really are you when you submit a signing request. So I get a cert from you, it's signed by the CA's cert's private key. I check the signature against the CA's cert, and I see that it is good. Since I trust the CA, I know that this certificate really is your certificate.
The man in the middle attack and the "pretending to be you" attack won't work here; if the attacker provides me with a different certificate, then the certificate's signature will either not match the certificate, or else won't have a signature. The attacker could simply grab your certificate (it is provided to anyone who asks for it by your web server - the certificate itself is public knowledge), and then the cert would pass the signature checks, but since the attacker does not have your certificate's private key (only you have that), the attacker would be unable to decrypt any communication I send to him using your certificate.
There's nothing wrong with self-signed certs in and of themselves. You will notice that the signing certificates belonging to the CAs are self signed. This only makes sense; the CA signed your cert with their cert, but who signed the CA cert? Even if someone did sign it (the uberCA), then who would sign that cert? It has to end somewhere, so it ends at the CA.
The thing about the CAs' signing certificates is that they are "well known". Everyone has a copy of them; they come with your operating system. If, for some reason, you distrust your OS distributor, you can go find multiple copies of them scattered about the internet. If you could convince OEMs to include your self signed cert, it would be just as good. :)
As I said, it's rate based (or at least, that's what they told me when I wrote and complained about it). So if you install it 200 times in an afternoon, you'll get locked out, but if you install it once every few months, no problem. The 2 PC limit is enforced only by the EULA.
Bioshock on Steam has the Steam copy protection *AND* the SecuROM DRM. You get the worst of both worlds. If either the Steam servers or the SecuROM activation servers go down, you're out of luck.
Erm... Sid Meyer's production company is Firaxis games, which was acquired by publisher 2K Games in 2005. 2K Games is the same company which published BioShock.
There's a good chance you won't be seeing any un-DRMed games from Sid Meyer for a while, I think.
Erm... I hate to tell you this. The Stardock games all "have no copy protection" for the V1.0, but as soon as you install an update, it asks you for the key, and then it does product activation, much like BioShock and Mass Effect.
The Stardock product activation is much nicer than BioShock or ME; instead of a hard install limit, the install limit is rate based. In other words, you're only allowed [unspecified number] of installs per [unspecified time period]. There's also none of the "can't be running any debugging tools" nonsense that SecuROM comes with.
The "unspecified"s in there make me a bit uncomfortable, but it's a bit better than SecuROM.
For some reason EA didn't advertise the three install limit on the box. I imagine most people didn't know it was there until they hit it.
The first game I ever got with activation was Flight Simulator X; got it as a gift. If I'd actually bought it, I would've done my best to return it (although no one does returns on open box software anymore).
Now consumers are starting to be trained to be more cautious. Hopefully fewer people will buy Mass Effect.
More like "DRM keeps a dishonest company dishonest".
DRM imposes limits on the honest man that he wouldn't otherwise have (no format shifting, vendor lock-in, etc).
DRM imposes no limits on the dishonest man; since the very idea of DRM is fundamentally flawed at a first-premises level, it will always be easy to crack, and dishonest people will always have access to DRM protected goods.
DRM lets big media companies bilk people by forcing them to buy the same thing over and over again.
Yes, but a lot better than the US DMCA, where when the ISP gets a notice, they have to remove the content immediately and then wait for a counter-claim from their user. This system is much less prone to abuse, and the effects of false claims are less damaging. I would've liked to see penalties for false notices, because the cost of sending notices is basically nil today so there's no real harm to the big media companies in sending them indiscriminately to everyone, everywhere.
:P
But then, I would've liked to see laws requiring clear disclosure of DRM on software, music, and DVDs, and I didn't think that was too likely.
I think our notice-notice system isn't bad. I like it a lot better than the American notice-takedown system; not anywhere near as open to abuse.
:P
It's just... the rest of it.
The exceptions for academia are nice, but you have to wonder how useful they are. If publishing the results counts as distribution, then it's basically useless. I haven't read the whole bill yet, and IANAL, so I'll leave those gray areas to others.
No problem (although please replace my address with yours. I got a little too eager on the cut and paste. :)
If anyone wants to mail this to their MP, I wholeheartedly encourage it.
Provided that the music isn't coming from a DVD, and that the original source isn't protected by DRM, in which case the new bill actually expressly criminalizes it, whereas before it would have been legal.
But not laser discs, video-CDs, DVDs, or any other audio-visual media with the exception of videocassettes. Again, these are now criminalized.
If you're using P2P technology, this new bill imposes a $20,000 fine for "making available", which is far more than the current statutory damages.
This part doesn't seem so bad (unless I'm missing something). Basically, if ISPs get served with a notice, they have to pass it on to their users, which seems good.
"With respect to audiovisual material such as films, the format-shifting provision would apply only to videocassettes and would not allow you to make copies of material stored on other media, such as DVDs."
-http://www.ic.gc.ca/epic/site/crp-prda.nsf/en/rp01158e.html
That's a bit obtuse. Why does it matter what media format the source is on?
As the bill stands, format shifting from old laser discs or Video-CDs would be illegal. Format shifting DVDs to your video iPod would be illegal (even for the few DVDs without copy protection). Once DVD becomes an obsolete format, it would still be illegal to format shift your content onto more recent media.
Format shifting music DVDs onto your iPod also would be illegal (which totally sucks).