I immediatly thought of all the communications freedoms that would disappear.
We now see carnivore chomping down, proposed crypto backdoors, universal evasedrop warrents and other direct freedoms disappear.
We are also seeing that the CIA propose re-entering the "dirty game".
This attack has done more than physical damage on the USA.
Rather than file to block the distribution of WindowsXP which is rather hard to do now that the software has been released, the government should file to prevent Microsoft from receiving any revenue on the sale of XP. All profits relating to the sale of XP should be banked and set aside waiting a ruling in the case and possible penalties and other settlements.
This benefits everyone except Microsoft who are then hostage to settling the case to receive their revenues. This puts pressure on Microsoft without putting pressure on anyone else. What it does do is release the XP into the wild but then everyone who thinks XP closes them out of the market is allowed to file a brief with the court and join the "victim list".
If XP is also found to be an abuse of monopoly power the total funds are available to be payed out to those locked out of the XP market by the inclusion of technologies into XP. At this point Microsoft should be told by the judge
"You have been found to be a monopoly."
"You have misused your power as a monopoly in the past."
"These are judged facts."
"If XP is found to be a continuation of the practice I will rule with prejudice, as XP was released after the judged facts were concluded and you were fully aware of them."
"You have the option of withdrawing XP or releasing it. If XP is released all revenues received will be seized until a judgment settles the case."
"If it is found to be the case that XP continues the practice of abuse of monopoly power the XP revenues will be seized to compensate the victims and pay penalties. It is possible that additional penalties will also apply."
The first question to anyone who is "selling" a get rich scheme is "If it works so well why the hell are you not off doing that?" The only benefit I have ever noticed to the get rich schemes is that it seems more possible to make money selling "how to get rich" schemes than one can make of the actual scheme.
The second question is "How saturated is the market?" In general a market will saturate. Here is a question for slashdot, Do you think the skintrade will ever saturate?
Ok, so does anyone have a utility to turn the boot log file into a real pretty image to load as a background for graphical logins?
Color highlights and folded into 4 vertical strips would be nice.
The only defense users will have is contracts. Contracts spelling out what the ASP is to provide and what the liabilities of the ASP are. They contract should also spell out monetary penalties to be applied to the ASP payed to the service user for deficiencies in service.
Pay for service, get payed for lack of service. No buisness should sign with an ASP without getting guarantees on data access, data retrevial and data security. The process should be insured by a third party and audited by a fourth party.
Right now places like MSN have a "we can screw with your data all we like contract" that is designed to protect their asses. No buisness in its right mind should trust that service. Buisnesses need a contract that protects their asses. For the ASP buisness to work both parties need their asses covered by contracts. ASPs need to provide support and protection to the service users as much as the ASPs need protection for their actions. This support needs to be contractual and financial to ensure that it is legitimate.
Until ASPs put their cash on the line no buisness should really commit heavily to their use. If I pay for a critical service level I want $$$ back if that service level is not provided.
Watch that intellectual property flag. As Windows XP now supports protection for intellectual property on commercial CD's and on web distributed materials, how long before the "Linux, by providing a mechanism to circumvent IP protection measures, is a violtation of DMCA" flag gets raised by Microsoft.
All this Linux and the GPL are cancers, etc are just the opening shots. Expect a well planned campaign from Microsoft.
Microsoft owes its existance to open source
on
Mundie Responds
·
· Score: 1
IBM granted Microsoft life by releasing the specifications for the PC.
I would like Mr. Mundie to explain where Microsoft would be today without the open consumer market in PC's.
Because of the open spec's for PC's
a) PC's are cheap
b) PC's are plentiful
c) IBM was not able to cutoff Microsoft's air by placing OS/2 on every PC and making Windows a costly optional upgrade.
Part of a trial is establishing a chain of evidence. How on earth can you ever prove that an electronic train of evidence has not been tampered with.
Prosec: "As you can see in the log files.."
Defens: "Objection: the material security of the log files has not been proven. The prosecution has to prove it that the log files are a true recording of what happened. That the log files and logging process was a completely secure and tamper proof system."
Prosec: "The log files show that no one accessed the system."
Defens: "Objection: Log files are just that, they can be edited. Was the console secure? Was the net access secure?"
Prosec: "When we examined the system."
Defens: "Objection: Prove that the system was not tampered with or completely ghosted by a backup system between the time of the events in question and the time the material was secured."
One important thing is that this puts a number of users at a "standard user" level. People with these stations will not be able to use ActiveX controls, not be able to view Microsft word documents and in general not be able to access non-open standard material.
The more users in the world who do not have the ability to access closed format information the more pressure on information providers to provide open standard information.
Trusted paths are great until they become subverted. Consider the ultimate viris/worm on a trusted path machine. Presuppose a hole in the operating system allowing access. Now the intrusion program simply creates a new access category and grants no one access to it in any way. On a complete trusted path system all process and files owned by the viris could then be made invisible to the rest of the system. Try finding and removing that intrusion.
Oh, you want some process with super access to find the isolated intrusion. This super access puts it all back to square one.
You would assume this would be the case wouldn't you. We have the example of DVD region encoding. Specifically stated by the companies involved to restrict markets as a counter example. So it appears as though companies can directly cooperate in limiting markets and it does not fall under anti-trust.
Whether the pilot is on board or 1e6km away. As the long as the maching is directed by a human it is not a robot.
I hate to see these "news" items about robots that really mean remote controlled devices. Lets keep the terms straight and not get led on by the popular notion that anything remotely high tech is a robot.
Battlebots are not robots. They are funky remote controlled cars playing a mean version of the smash up derby.
With power steering, abs brakes, and ignition control you could probably call most modern car fly by wire systems and describe them as robots using the "great" distinctions of the unwashed public.
It is worse than that. A non RIAA artist should be able to apply to get the ban lifted in a second.
A non-RIAA artist should be able to use web services like napster to become heard. This is fair and proper use of a service like napster. This non-RIAA artist can claim to be using napster as a medium for becoming known and for distributing their work.
A non-RIAA artist should be able to make a song, even a parody song with a similar name to a RIAA order blocked song. This non-RIAA artist can then sue napster and the RIAA to get the blocking released so that the non-RIAA material can be transmitted.
The non-RIAA artist can sue the RIAA for the $$$ of potential future career money the RIAA is cutting them out of by blocking the medium.
Spelling of a title cannot be used as a reason for blocking non-infinging material.
Example:
A famous horror writer, a Mr King perhaps, wants to distribute chapter 1 of his book online for free. As an added bonus the author decides to read it and creates -> thriller.mpg. This file is copyright but released free to everyone as a publicity stunt to get everone hooked and to buy the book. Mr King plans to save marketing costs by using the napster transmission medium to spread the word.
Opps, napster blocks this file. Now the author can sue napster (and the RIAA) for illegal restraint of trade. This was not material the RIAA had control over, nor was it anywhere close. File names are generally short and descriptive, thriller.mpg is appropriate for the reading of a horror story and in no way implies connection to any music titled similarly.
If software goes this route, I really want to see the requirement that the billing notice comes at the front end.
"Welcome to Microsoft Office Ca$H, using this product costs $0.10 per hour"
I don't think many people will be happy with back end billing.
"Thank you for using Microsot Office Ca$H last month. You used 720 hours and now owe us $72.00."
Think of the effect of instant messaging and other "hidden effects" that can trigger applications and keep them alive in the background.
.NET services had better come with an upfront desktop meter shown current price/hour of the active software.
Personal grip: I wish long distance carriers would tell you the price/minute of a call before the call is connected rather than not know the cost until it shows up on the bill.
So now Microsoft will have the ultimate hostid->user data base. Say the feds get hold of a compiled program of MSword document with a Windows ID tag. All they need to do is make a little call to Redmond and they get the address of the person who registered that copy of windows.
Code and documents can now be traced to their source.
Unless of course you lie to Microsoft when registering the computer. Make a good record of the lie so that you can repeat it when moving the software.
I wonder if Microsoft will commercialize document tracing. For $10 find out who really wrote that code/document.
Even more than the licenseing issue this is a privacy problem.
Microsoft is able to tie the software license key to a real person who talks to them and has to enter some "relevant data". You can bet this is not going to be just machine information but also WHO with your address and possibly phone number.
So now microsoft is going to know exactly who is behind the MSFT key XYZ when you connect to microsoft.com and hotmail.com.
Yahoo makes a nice centralized target as the source of the transmission. Without looking at the law I would suggest that the other end of the message is more likely to be in violation.
1) from a physics and philosophical point once the message has been sent to anyone it has been sent to everyone. The only issue remaining is resolving the message out of the universal background noise.
2) French law does not apply to transmissions from A to B where neither is in france and the direct transmission path is not through France.
3) infomation is only present when resolved at its destination.
So the violation of the law is being done by the recipients of the message. Yahoo makes a large and incorrect target for the application of the law.
Yahoo may be in violation if it becomes difficult
for those in france to avoid receiving the message.
Radio Shack used to be the hackers friend. Selling parts for the home designer to use. Giving the Cue-cat away but not allowing people to play with it seems to be against the philosophy I remember of Radio Shack.
Then again aren't most modern Shack store reduced to a single peg board of parts, common user small things like batteries and spare 8V supplies then the computer, toy, and stero section.
Don't boycott them. Attack their buisness model, go to as many stores as you can, collect as many CueCats as you can, either throw them out or put them in storage. Destroy their buisness model which is to gain and sell information on users to fund the cost of manufacture and distribution. Collecting and not using devices costs them.
In any case if they see a large number of devices being picked up and do not get a similar number of registered hits on their site they are going to know they are in a lossing situation. Just not getting the device means you are just a customer that has not "encountered" their technology yet. I would rather be counted as a "failed" customer. It hurts their bottom line more.
The DMCA does not require that the protection schemes applied to copyright works have any sort of minimal strength.
Could not the argument be made that text if encode in the ASCII data representation stored in binary on a digital media be enough of a coding scheme that any machinery decoding this text is in violation of the DMCA. Send someone a email message, mark it copyright, then if they even view the message using a computer they are in violation of the DMCA.
You just have to love the line:
"If they RIAA members are found guilty of using their copyrights in an anti-competative way, they lose the ability to enforce the copyrights."
While many lawyers will fight for their paychecks before that ever happens. That would be a blessing for the artists who could then sue the RIAA for losing the copyright and require that the RIAA pay damages. This would force the RIAA to publish the information showing that the artists never get paid anything anyways.
In the end of course the only people making any money at all will be the lawyers
:-(
Before people can make reasonable suggestions they need to know what you have available.
What hardware do you have? How much, performance level, resources.
What environment do you have? What OS, development tools, etc.
Do you have any multimedia tools? Cameras, scanners, microphones, speakers, 2D, 3D packages.
Basic suggestions: 1) wipe clean a few PC's give them the OS and applications CD and make them install everything 2) do a this is my "city", "high-school", "class", "neighborhood" multimedia presentation. 3) C-robots 4) song lyrics data base 5) dating service
Interesting comment about any piece of information being codeable as a number. In most cases a really big number.
Can you get a copyright on a number?
Obviously any piece of information can be coded into just about any number you want if you allow for a wide enough variation in coding methods. Where then is the copyrightable information, is it in the coded form, or the codeing algorithm or only in a combination of both.
To what form of the information does the copyright hold, only the original, or any mutable combination thereof. Say Bob Jones software publishes some code on a CD protecting it by copyright. Does the copyright apply to any other coded form of the CD or just the original. With the right mapping any CD is just a coded copy of any other CD. So every CD is theoretically in violation of the copyright of every other CD.
Don't blame the hardware, don't blame the language, blame the programmer. Relying on the hardware to fix bad programming style is like a parachutist relying on a safety net.
Any input operation that overwrites memory it is not supposed to, is bad programming style. Ideally the programmer does not know what hardware their code will run on, maybe it will be a flat memory machine with 0 memory managment hardware.
In C scanf("%s",foo) is nice and handy for little programs. But it is not production level code. Production level code should instead always use limited length routines. So it is a little harder, maybe the first implementation has to be audited to remove the screw ups. This is like checking the return values on printf and scanf nobody does in the test code, but damn well better be done in the final code.
Programmers need to limit themselves to limited input routines or at the start of the project development build a little library of limited input routines.
What someone really needs to do is come up with a "no-overrun libc" that does not included any unlimited input functions and spits horrible messages whenever a standard input function is called with arguments allowing unlimited input.
You link and run development code against this library and fix any place where it screams.
I really am suprised big development houses don't do anything like this. But of course no one has time to do it right.
Slashdot Mirror
I immediatly thought of all the communications freedoms that would disappear.
We now see carnivore chomping down, proposed crypto backdoors, universal evasedrop warrents and other direct freedoms disappear. We are also seeing that the CIA propose re-entering the "dirty game". This attack has done more than physical damage on the USA.
Rather than file to block the distribution of WindowsXP which is rather hard to do now that the software has been released, the government should file to prevent Microsoft from receiving any revenue on the sale of XP. All profits relating to the sale of XP should be banked and set aside waiting a ruling in the case and possible penalties and other settlements.
This benefits everyone except Microsoft who are then hostage to settling the case to receive their revenues. This puts pressure on Microsoft without putting pressure on anyone else. What it does do is release the XP into the wild but then everyone who thinks XP closes them out of the market is allowed to file a brief with the court and join the "victim list".
If XP is also found to be an abuse of monopoly power the total funds are available to be payed out to those locked out of the XP market by the inclusion of technologies into XP. At this point Microsoft should be told by the judge
"You have been found to be a monopoly."
"You have misused your power as a monopoly in the past."
"These are judged facts."
"If XP is found to be a continuation of the practice I will rule with prejudice, as XP was released after the judged facts were concluded and you were fully aware of them."
"You have the option of withdrawing XP or releasing it. If XP is released all revenues received will be seized until a judgment settles the case."
"If it is found to be the case that XP continues the practice of abuse of monopoly power the XP revenues will be seized to compensate the victims and pay penalties. It is possible that additional penalties will also apply."
The first question to anyone who is "selling" a get rich scheme is "If it works so well why the hell are you not off doing that?" The only benefit I have ever noticed to the get rich schemes is that it seems more possible to make money selling "how to get rich" schemes than one can make of the actual scheme.
The second question is "How saturated is the market?" In general a market will saturate. Here is a question for slashdot, Do you think the skintrade will ever saturate?
Ok, so does anyone have a utility to turn the boot log file into a real pretty image to load as a background for graphical logins?
Color highlights and folded into 4 vertical strips would be nice.
The only defense users will have is contracts. Contracts spelling out what the ASP is to provide and what the liabilities of the ASP are. They contract should also spell out monetary penalties to be applied to the ASP payed to the service user for deficiencies in service.
Pay for service, get payed for lack of service. No buisness should sign with an ASP without getting guarantees on data access, data retrevial and data security. The process should be insured by a third party and audited by a fourth party.
Right now places like MSN have a "we can screw with your data all we like contract" that is designed to protect their asses. No buisness in its right mind should trust that service. Buisnesses need a contract that protects their asses. For the ASP buisness to work both parties need their asses covered by contracts. ASPs need to provide support and protection to the service users as much as the ASPs need protection for their actions. This support needs to be contractual and financial to ensure that it is legitimate.
Until ASPs put their cash on the line no buisness should really commit heavily to their use. If I pay for a critical service level I want $$$ back if that service level is not provided.
Watch that intellectual property flag. As Windows XP now supports protection for intellectual property on commercial CD's and on web distributed materials, how long before the "Linux, by providing a mechanism to circumvent IP protection measures, is a violtation of DMCA" flag gets raised by Microsoft.
All this Linux and the GPL are cancers, etc are just the opening shots. Expect a well planned campaign from Microsoft.
IBM granted Microsoft life by releasing the specifications for the PC.
I would like Mr. Mundie to explain where Microsoft would be today without the open consumer market in PC's.
Because of the open spec's for PC's
a) PC's are cheap
b) PC's are plentiful
c) IBM was not able to cutoff Microsoft's air by placing OS/2 on every PC and making Windows a costly optional upgrade.
Mundie owes his $$$ to open source
Live news feeds for all. Automatic insertion of commercials based on physical location, biometric state and recorded user preferences.
Part of a trial is establishing a chain of evidence. How on earth can you ever prove that an electronic train of evidence has not been tampered with.
.."
Prosec: "As you can see in the log files
Defens: "Objection: the material security of the log files has not been proven. The prosecution has to prove it that the log files are a true recording of what happened. That the log files and logging process was a completely secure and tamper proof system."
Prosec: "The log files show that no one accessed the system."
Defens: "Objection: Log files are just that, they can be edited. Was the console secure? Was the net access secure?"
Prosec: "When we examined the system."
Defens: "Objection: Prove that the system was not tampered with or completely ghosted by a backup system between the time of the events in question and the time the material was secured."
One important thing is that this puts a number of users at a "standard user" level. People with these stations will not be able to use ActiveX controls, not be able to view Microsft word documents and in general not be able to access non-open standard material.
The more users in the world who do not have the ability to access closed format information the more pressure on information providers to provide open standard information.
Trusted paths are great until they become subverted. Consider the ultimate viris/worm on a trusted path machine. Presuppose a hole in the operating system allowing access. Now the intrusion program simply creates a new access category and grants no one access to it in any way. On a complete trusted path system all process and files owned by the viris could then be made invisible to the rest of the system. Try finding and removing that intrusion.
Oh, you want some process with super access to find the isolated intrusion. This super access puts it all back to square one.
You would assume this would be the case wouldn't you. We have the example of DVD region encoding. Specifically stated by the companies involved to restrict markets as a counter example. So it appears as though companies can directly cooperate in limiting markets and it does not fall under anti-trust.
If it has a pilot it is not a robot.
Whether the pilot is on board or 1e6km away. As the long as the maching is directed by a human it is not a robot.
I hate to see these "news" items about robots that really mean remote controlled devices. Lets keep the terms straight and not get led on by the popular notion that anything remotely high tech is a robot.
Battlebots are not robots. They are funky remote controlled cars playing a mean version of the smash up derby.
With power steering, abs brakes, and ignition control you could probably call most modern car fly by wire systems and describe them as robots using the "great" distinctions of the unwashed public.
It is worse than that. A non RIAA artist should be able to apply to get the ban lifted in a second.
A non-RIAA artist should be able to use web services like napster to become heard. This is fair and proper use of a service like napster. This non-RIAA artist can claim to be using napster as a medium for becoming known and for distributing their work.
A non-RIAA artist should be able to make a song, even a parody song with a similar name to a RIAA order blocked song. This non-RIAA artist can then sue napster and the RIAA to get the blocking released so that the non-RIAA material can be transmitted.
The non-RIAA artist can sue the RIAA for the $$$ of potential future career money the RIAA is cutting them out of by blocking the medium.
Spelling of a title cannot be used as a reason for blocking non-infinging material.
Example:
A famous horror writer, a Mr King perhaps, wants to distribute chapter 1 of his book online for free. As an added bonus the author decides to read it and creates -> thriller.mpg. This file is copyright but released free to everyone as a publicity stunt to get everone hooked and to buy the book. Mr King plans to save marketing costs by using the napster transmission medium to spread the word.
Opps, napster blocks this file. Now the author can sue napster (and the RIAA) for illegal restraint of trade. This was not material the RIAA had control over, nor was it anywhere close. File names are generally short and descriptive, thriller.mpg is appropriate for the reading of a horror story and in no way implies connection to any music titled similarly.
If software goes this route, I really want to see the requirement that the billing notice comes at the front end.
"Welcome to Microsoft Office Ca$H, using this product costs $0.10 per hour"
I don't think many people will be happy with back end billing.
"Thank you for using Microsot Office Ca$H last month. You used 720 hours and now owe us $72.00."
Think of the effect of instant messaging and other "hidden effects" that can trigger applications and keep them alive in the background.
.NET services had better come with an upfront desktop meter shown current price/hour of the active software.
Personal grip: I wish long distance carriers would tell you the price/minute of a call before the call is connected rather than not know the cost until it shows up on the bill.
So now Microsoft will have the ultimate hostid->user data base. Say the feds get hold of a compiled program of MSword document with a Windows ID tag. All they need to do is make a little call to Redmond and they get the address of the person who registered that copy of windows.
Code and documents can now be traced to their source.
Unless of course you lie to Microsoft when registering the computer. Make a good record of the lie so that you can repeat it when moving the software.
I wonder if Microsoft will commercialize document tracing. For $10 find out who really wrote that code/document.
Even more than the licenseing issue this is a privacy problem.
Microsoft is able to tie the software license key to a real person who talks to them and has to enter some "relevant data". You can bet this is not going to be just machine information but also WHO with your address and possibly phone number.
So now microsoft is going to know exactly who is behind the MSFT key XYZ when you connect to microsoft.com and hotmail.com.
Yahoo makes a nice centralized target as the source of the transmission. Without looking at the law I would suggest that the other end of the message is more likely to be in violation. 1) from a physics and philosophical point once the message has been sent to anyone it has been sent to everyone. The only issue remaining is resolving the message out of the universal background noise. 2) French law does not apply to transmissions from A to B where neither is in france and the direct transmission path is not through France. 3) infomation is only present when resolved at its destination. So the violation of the law is being done by the recipients of the message. Yahoo makes a large and incorrect target for the application of the law. Yahoo may be in violation if it becomes difficult for those in france to avoid receiving the message.
Radio Shack used to be the hackers friend. Selling parts for the home designer to use. Giving the Cue-cat away but not allowing people to play with it seems to be against the philosophy I remember of Radio Shack.
Then again aren't most modern Shack store reduced to a single peg board of parts, common user small things like batteries and spare 8V supplies then the computer, toy, and stero section.
Don't boycott them. Attack their buisness model, go to as many stores as you can, collect as many CueCats as you can, either throw them out or put them in storage. Destroy their buisness model which is to gain and sell information on users to fund the cost of manufacture and distribution. Collecting and not using devices costs them.
In any case if they see a large number of devices being picked up and do not get a similar number of registered hits on their site they are going to know they are in a lossing situation. Just not getting the device means you are just a customer that has not "encountered" their technology yet. I would rather be counted as a "failed" customer. It hurts their bottom line more.
The DMCA does not require that the protection schemes applied to copyright works have any sort of minimal strength.
Could not the argument be made that text if encode in the ASCII data representation stored in binary on a digital media be enough of a coding scheme that any machinery decoding this text is in violation of the DMCA. Send someone a email message, mark it copyright, then if they even view the message using a computer they are in violation of the DMCA.
You just have to love the line:
"If they RIAA members are found guilty of using their copyrights in an anti-competative way, they lose the ability to enforce the copyrights."
While many lawyers will fight for their paychecks before that ever happens. That would be a blessing for the artists who could then sue the RIAA for losing the copyright and require that the RIAA pay damages. This would force the RIAA to publish the information showing that the artists never get paid anything anyways.
In the end of course the only people making any money at all will be the lawyers
:-(
Before people can make reasonable suggestions they need to know what you have available.
What hardware do you have? How much, performance level, resources.
What environment do you have? What OS, development tools, etc.
Do you have any multimedia tools? Cameras, scanners, microphones, speakers, 2D, 3D packages.
Basic suggestions:
1) wipe clean a few PC's give them the OS and applications CD and make them install everything
2) do a this is my "city", "high-school", "class", "neighborhood" multimedia presentation.
3) C-robots
4) song lyrics data base
5) dating service
Interesting comment about any piece of information being codeable as a number. In most cases a really big number.
Can you get a copyright on a number?
Obviously any piece of information can be coded into just about any number you want if you allow for a wide enough variation in coding methods.
Where then is the copyrightable information, is it in the coded form, or the codeing algorithm or only in a combination of both.
To what form of the information does the copyright hold, only the original, or any mutable combination thereof. Say Bob Jones software publishes some code on a CD protecting it by copyright. Does the copyright apply to any other coded form of the CD or just the original. With the right mapping any CD is just a coded copy of any other CD. So every CD is theoretically in violation of the copyright of every other CD.
Copyright law really needs revision now!
Don't blame the hardware, don't blame the language, blame the programmer. Relying on the hardware to fix bad programming style is like a parachutist relying on a safety net.
Any input operation that overwrites memory it is not supposed to, is bad programming style. Ideally the programmer does not know what hardware their code will run on, maybe it will be a flat memory machine with 0 memory managment hardware.
In C scanf("%s",foo) is nice and handy for little programs. But it is not production level code. Production level code should instead always use limited length routines. So it is a little harder, maybe the first implementation has to be audited to remove the screw ups. This is like checking the return values on printf and scanf nobody does in the test code, but damn well better be done in the final code.
Programmers need to limit themselves to limited input routines or at the start of the project development build a little library of limited input routines.
What someone really needs to do is come up with a "no-overrun libc" that does not included any unlimited input functions and spits horrible messages whenever a standard input function is called with arguments allowing unlimited input.
You link and run development code against this library and fix any place where it screams.
I really am suprised big development houses don't do anything like this. But of course no one has time to do it right.