Only the ones who don't know what they are doing make that mistake.
System.IO.Path.Combine has been around since.Net 1.0 and it works with a defined "platform seperator" and doesn't care whether you use drive letters or any other designation. It certainly isn't Microsoft's fault that some people are too lazy to read the directions.
A company that I do tech work for part-time just bought a new computer for an employee. They didn't ask me ahead of time what they should get, they just went down to a computer store and bought something they thought fit their needs.
It came with Vista and no option for XP. The manufacturer's web site has no drivers for XP for that system. Also, the major software package they use isn't Vista compatible unless you upgrade to the newest version. They were left with several choices:
1. Upgrade to the newest version of the software for $1000 (everyone has to upgrade, not just one user). Also upgrade Vista to Business Edition because it has to join a domain.
2. Downgrade to XP. They would have to pay me a chunk of change to get the hardware working on XP, and I couldn't guarantee when I'd have it running.
3. Take the computer back and get a different one.
Option 3 was the only viable one. I never really thought much about it, but it seems now that you have to get professional advice before buying a computer. The days of picking up a system and having it "just work" seem to be over for a while.
Vendors are my big pet peeve. I have one vendor that won't talk to any WMWare customer with a problem until they reproduce the problem on physical hardware. I'm certain that taking it off a VM has never fixed any problem, but they insist. This is the type of company that sells you a $100,000 software package, then charges $20,000 a year, then makes you hire a certified tech a call in a callback key for every upgrade or module activation (the customer is not allowed to call), also to use a hardware license HASP on all servers and config workstations. After jumping through all those hoops, they insist on the software being installed on physical hardware and the file and db server being seperate boxes.
The really funny part is that the minimum system requirements are a P3 with 256 megs of RAM. They really woud rather you put the software on two P3s than on one quad proccessor server with 32GB of RAM.
A rich application is one that can draw a chart within the app quickly, without making a trip back to the server. A rich application can actually rebuild a drop down list in a millisecond in response to a user's actions. A rich application isn't limited to what HTML and DOM can do on all platforms, rather it is limited to what one platform is capable of doing. The Netscape folks prophesized that Windows would eventually become a "poorly debugged set of device drivers" for the web platform. Well, the web is in danger of becoming a "barely functional platform that only survives because of the demand for cross platform apps and the fear of running rich applications from unknown authors".
Microsoft is betting that they can solve their security and distribution problems before Google and others solve the problem of building and maintaining fast, sophisticated web apps.
How many developers could build Google Maps better than Google given access to the same images? I'll bet a good high-school developer could build a better Google Maps if they were allowed to build it as a desktop app and compare it to Google's web app. That is the power of a rich app. It gives a mediocre developer a better end product than a team of the best in the world who are held back by the requirement of building a web app.
Personally, I feel that web development needs to take a HUGE leap forward if it doesn't want to become a dead technology in 15 years. Rich applications are far closer to meeting people's needs than web apps are. If MS builds and sells a good Windows API emulation library for Linux/OSX, they could allow corporate customers to switch to non-windows OSes without losing revenue or their corporate clients. Sure, it will not be a "free" solution in any sense of the word and those that "get" Linux will scream like mad, but 99% of the world won't listen. MS could even pull a NetScape and make it free for personal use and charge for corporate use to speed adoption.
No one would ever figure out to strip everything after the plus before selling it to spammers. That would be far too difficult and wouldn't work for a large number of accounts.
The + address just lets you catch the ones that are accidentally leaking your address. Anyone being aggressive will have your real address. That way you won't have any of the spam that is periferally related to things that you are actually interested in, but you will get tons of Viagra and porn spam. Yay!!!
Re:thawte offers free x.509 certificates . . .
on
PGP Is 15 Years Old
·
· Score: 1
Sure, SSL in the middle is possible, but you need a properly signed certificate to set it up. It can't be used for man-in-the-middle attacks unless the CA or the certificate are compromised. Essentially, you are just moving the secure communication endpoint.
As for the big list of pre-trusted CAs, just remove the ones you don't trust.
PGP may be more secure for point to point, but shared secret or one-time pad is even better. If all you want is secure communications with someone you already have a relationship with, then you aren't breaking any new ground here and stuff from the '70s is good enough to keep you private. PKI and CAs were designed to allow billions of people to communicate securely with hundreds of millions of servers. There is room for improvement however. I wish there were several tiers of trust, not just one big list of trusted root CAs.
This is all technically true. However, the current use of the term "Upstate NY" shows a NY==NYC mode of thinking that mildly offends those of us who don't live there. Since half of the population lives in the NYC area, the term has stuck and will stick forever. That doesn't make it any less narrowminded. To say that Jamestown is in Upstate NY is geographically rediculous.
Interesting side note on the whole NY==NYC thing. I was in Newport News, VA one time having a discussion about this issue and as an example of how far I live from NYC, I brought up to Google Maps. One from Newport News and one from Niagara Falls. Newport News is closer than I am. There are points in 11 states that are closer to NYC than Western New York.
Yes, but that is the point. IPSec, among other things, verifies that the packet header has not been altered. NAT alters the packet header. You are correct in stating that if any other router between the source and the destination alters the packet (including the IP header), then IPSec will freak out. Why would a router alter your packet? A router might fragment the packet, but the destination machine should put it back together again. A router will change the MAC header, but that isn't authenticated by IPSec. Only an attempted hijack or man-in-the-middle attack would alter the IP packet header. Maybe an old school ping-of-death would do it too. Personally, I would like my protocol to reject MITM attempts.
Are you suggesting that traffic should be able to flow normally across a compromised router?
The biggest problem with TIFF isn't patents. The official TIFF standard is now controlled by Adobe who seems to have no plans to move it forward. TIFF could compete with PDF on many fronts, so Adobe wants it to stagnate. TIFF 6 had a lot of issues with not being explicit enough to ensure compatibility (mostly with JPEG compressed TIFFs). A strong leadership could have saved the format a lot of pain.
BTW, there are open source TIFF implementations like libtiff and DevIL, so I don't know why there isn't support in Firefox. But, libtiff doesn't open a lot of commercially produced TIFFs becuase of the above mentioned compatibility issues. Search for TIFF Technical Note #2 if you want to know about the JPEG-in-TIFF fiasco.
I could meet both of your conditions to be pirated (more likely to be pre-0wned, less likely to be easy to install) while still being genuine under Microsoft's definition. Microsoft encourages corporate clients to tweak installation CDs to be easier to install on their hardware and that same process could easily be used to put nasty stuff on the CD. Through Remote Installation Services, third party software like Ghost, or through Setup Manager that automates the installation process, I could easily modify my Windows installation and pass the WGA validation with flying colors. I also regularly install genuine Windows in 20 minutes with Office and other stuff preconfigured an everything is licensed properly. If I weren't using a Corporate copy of Windows, I could also easily make it stop at the product key screen so I could enter a unique key for each computer.
What if Apple promised me that after 3 and a half years of useage, if I didn't write them a letter with the word "Steve" on it and send it to a special address in the Congo, they'd get to take my house?
You see, when they say "We'll let you download and play music". People have an expectation of what that means. The courts have also spelled out some of what that means. Both of those boil down a reasonable expectation that "I can play it on any of my devices that are designed to play digital music". Apple can't simple erase that with a EULA, it's guaranteed by the constitution in the same law that guarantees copyright protection to the record labels.
The only reason Apple gets away with DRM is that there is another law that although it doesn't change my rights to fair use, it effectively prevents my exercising that right -- the DMCA. Apple only agrees to DRM because they wouldn't get the contracts to sell the music if they didn't. Apple would be more than happy to widen the envelope of compatible music and not have to maintain a DRM system.
BTW, nearly all EULAs in the computer world state that the software is not guaranteed to do anything useful and the vendor has no responsibility to make it work or to compensate you if the software causes any problems. If your copy of Mac OSX or Windows doesn't work, I'm sure you won't stand for "But you are getting exactly what we promised you. Read the EULA."
Nope. DRM just forces those non-technically inclined dishonest people to go to a technically inclined dishonest person who has already cracked the DRM and buy the media at 1/10th the face value. In the process it also creates new criminal enterprises and funds existing organized crime. Who do you think is selling those CDs full of ripped MP3s on the street corners in Brooklyn? The Girl Scouts?
As for buying the same song multiple times, that is just stupid. Why would we accept that new technology actually works worse than the old stuff unless we were given no choice and that lack of choice was being maintained by force of law? Digital cell phones sound worse than the old analog ones, but allow the phone companies to run 100 calls on the hardware that used to support 10. Modern digital music (MP3s and other compressed formats) sounds worse than good old-fashioned CD music, while often allowing the companies to control us through DRM. Satellite radio and TV lose signal more than tradition radio and TV technologies, while making what a VCR made easy in the '80s difficult again. Modern music is sold as a $1 iPod song, a $2.99 downloadable song on my cell phone and a $1.99 ring tone (yes, on the same phone I have to buy it as a song and as a ringtone!!!), and through the wonders of DRM and the DMCA, I have little to no choice.
All this damage occured so that we can prevent digital file sharing that was never proven to cause losses to anyone to begin with. We enacted these horrible laws and invented this horrible technology on the unfounded fear that somebody might lose some money.
DRM isn't really about directly screwing the consumers. It's no surprise that most iTunes customers aren't inconvenienced that much. But, you should be pissed that you are pawns in a game to screw the artists.
You are being gently but persistently rounded up into a group that works best if you buy iPods, use iTunes, and most importantly, buy content from the big distributors that sell via iTunes. If this were ever to not become the case, then the artists might actually get anough clout to get a decent contract.
No one is doing anything to outright prevent you from straying form the group, but it's happening. You have less choices of players due to DRM (there are ways around, but it's easiest if you stay in the group). You have less choices of download stores because of DRM (try using the Windows friendly services with your iPod). Also, anyone that makes software that makes it easy to stray from the group is punished as a violator of the DMCA, due to the need to remove the DRM.
Sure there are alternatives, but they are really just one big alternative group being hearded together with WMA based DRM.
Your apathy towards DRM isn't all that different than an apathy toward a company that uses child labor to bring you good prices. Only in this case, you're helping forge the chains that bind the artists of the world. In the clothing industry, your argument would amount to "XYZ company gives us the styles we want at the prices we want. Why all this talk about Malaysian children working 16 hours a day?"
BTW, iPods would still be the wonderful devices you claim they are without DRM. DRM adds nothing. So why should we put up with any amount of DRM on our devices?
You are missing the point. DRM is not there to make sure the artists get paid. As the grandparent said, that is the responsibily of the courts and the police, not Apple. If the courts can find out who leaked the music, the proper person can be held accountable. It's very easy to do this in a way that protects privacy. Just use transaction IDs and keep the details at the store until it needs to go to court.
DRM exists to perpetuate a business model. 20 years ago it was hard to be a distributor. Content producers had little leverage and were sunk without a good distributor. So, content producers grudgingly signed contracts that allowed exclusive distribution by one distributor and gave that distributor most of the money.
Today, it is much easier to be a distributor. You still can't get your stuff on the Best Buy and WalMart shelves without a being big distributor, but you can get rich. Well, at least you should be able to. Here is where DRM comes in. DRM creates the lock-in that the distrubutors need. Arbitrary rules can now be put in place to make sure that you go through iTunes and buy iPods, which in turn means you'll buy only content distributed by Sony, BMG, and a handful of others. Now, the big distributors get to keep the near monopoly they've always had and continue to rape and pillage the artists.
See, DRM is bad for artists in the long run, but is being sold as good for them. Guys like Metallica that no longer really need a distributor get sweet deals and don't stand gain much if the distribution cartels are broken up. So, Metallica only sees the bad end of the spectrum, the potential for copyright violation. Thousands of smaller artists would get a far better deal if there was more competition among distributors and they had the power to get their stuff out there without signing an exclusive contract. Sure, there would be more illegal file sharing, but the American public has always shown that they will throw their disposable income at whatever they like listening to.
Actually. it's a matter of interpretation whether it violates the DMCA or not. At one extreme we have products that use encryption keys obtained without authorization and by reverse engineering the process. At the other end of the spectrum is simply recording the output of your speakers.
Most people will agree that using the keys should be considered "breaking the encryption" and recording the sound should not. But, where is the line? If you picked up the analog signal to the speakers with an RCA cable, most people would still stay that it's not breaking the encryption. However, one approach is to write a sound driver that records the digital data stream. Another is to grab the data inside the application like QTFairUse. The next level deeper would be to use portions of the ligitimate application, but control them from an application that ignores the DRM restrictions.
The funny part is that the recording industry was fine with some level of fair use as long as it was cumbersome. As soon as it was easy, they freaked out. The law shouldn't gaurantee them a market, but that's what they are trying to do. 99% of the money is in the distribution business. Until the late 1990's, it was difficult to succeed in the music distribution business and those who did got rich. When Napster was unveiled, suddenly it was easy to be a music distributor. Capitalism should have dictated that people who distributed music for a living should have gone broke. Good thing they made it a law that any mechanism that makes it easy to be a music distributor is now illegal.
That's the spirit that the DMCA was written in and that's how it will be interpreted. Since QTFairUse is easy, it is "circumvention" and thereforew illegal.
My opinion is that we shouldn't be building solutions that solve our short term problems like QTFairUse does. Instead, we should be building application that shine a spotlight on how insane these laws are. Anything that blurs the line enough to get the courts to really think about the issue is good. For example, a P2P client that doesn't exchange actual copyrighted music, but instead exchanges many very small snippets of public domain music along with instructions on how to piece them together to get the overall sound you want. Maybe add to that a small patch file to change the critical section that are difficult to get right. Or maybe break a song into 100 "layers". Each layer is meaningless on its own, but if all 100 are XORed with each other you get the right end product. No client would ever offer more than 10 layers of the same original. Just to be fun, make a few of the layers public domain text, like Shakespeare. To be really fun, require that the Shakespeare layer be applied last. That way you have total garbage until the last layer and the one magic piece you add to it is obviously not the property of the RIAA's clients.
So.... you want your classes to be compelling and you want the students to enjoy coming to your classes....
Your solution is to create devices that force the students to attend such as counting attendance in the grade. Am I missing something here or does the technique contradict the intent? If your classes were truely compelling then you'd have to find a mechanism to keep students from other sections out of your class so your students could get seats.
I do some teaching at the adult level myself, so I'm not attacking your teaching skills or dedication. I know how difficult it is to make a classroom environment compelling. I know that it is difficult enough that you will fail more often than you succeed no matter how hard you try. But grading attendance is not helping anyone and is hurting those student who don't learn the way you want them to.
Personally, I do see a point in forced attendance at many levels of education. An educator's time can be used much more effectively if many students are involved in one question and answer session, rather than answering the same question for each student. There electronic technologies that handle this wonderfully like discussion boards, but you still may have to deal with everything twice, once in person and again on the boards.
What it really boils down to is that it is better for the professor and the university that the students attend. It is not necessarily better for the student. Forcing attendance sends the clear massage "please don't waste our precious time regardless of your schedules and priorities". Forcing attendance also waters down the achievement of attaining a degree. Any full-fledged university should let the students sink or swim on their own while providing as many opportunities and as much guidance as possible to succeed. Part of that is attendance. Students need to learn to budget their time in order to succeed. Passing difficult classes without mandatory attendance is an important hurdle to be jumped before attaining a degree.
Interesting note: I've recently worked with two organizations that offer classes. Organization A has strict attendance policies and organization B has almost none. Attendance was never a problem at organization B. I'd estimate that I had better than 98% attendance. At organization A, I'm lucky to get 85% even with the policies in place. So, you see here an example that the attendance policies don't dictate attendance, but rather attendance habits tend to dictate policy. Posting class lectures for download won't make student skip. They made that determination long ago.
Whatever factors they are using don't seem to work. I fly about 10 times a year, I am white and my parents are both US citizens, on my fathers side they've been citizens for nearly 200 years, my maternal grandmother was Australian (British family line), I always buy from the airline's website, round trip, about two to three weeks in advance. Every ticket is Sunday evening to Friday evening. I get "SSSS" on my ticket about two thirds of the time. The best part is that they search me on both legs of each trip. That second search is a total waste of manpower. It is so consistent that if I were planning to do something evil on the plane, I wouldn't dream of carrying something to the security gates on the second leg because I know I'm going to get searched. For the first leg, I would call off my evil plans after I saw "SSSS" on my ticket.
The best part is that I sometimes like it. In my home airport there is a seperate line for the special searches. That line goes through in two minutes while the general population takes 30 to 40 minutes. Many airports do the special search after waiting in the standard line, that kinda sucks. The worst is Washington National which searches you again if you change gates or eat dinner because of the layout of the airport.
So, you want things that are "usable", not "usable to the extent that the law allows you to use them"? Hmmm.... I hope you don't treat freedom the same way. By that reasoning, being in jail, but being allowed to talk to your friends and play video games could be considered freedom to you. How about -- letting most of the people (those like you) do what they want and take the Jewish people and send them to camps. How's that for freedom, it's just as usable for you, isn't it?
BTW, your second paragraph sound very authorative. It's almost as if you were stating something that is literally correct to make sure the rest of us get it. However, the term "Piracy" is nothing but propaganda designed to make those who even think of going beyond the whims of content producers (and also those who would break the law) into the bad guys. Piracy only acquired its current meaning through use. At first it was a blatant exaggeration, then it sounded a little radical, now it sounds just about right. Well, it's still a blatant exaggeration. Pirates were the most feared and hated criminals back when travel by sea was very popular. There is no comparison between those who commit "copyright violation" and the pirates of the old days.
In a few years, "people who listen DRMed music" will be looked at like we look at "people who use AOL as an ISP". They will be seen as the sheep of the world volunteering to be fleeced. Thank god no one legislated the use of AOL 15 years ago. Too bad that DRM is effectively being legislated today.
I'm not confusing them, I'm just citing an example where "doing it more" ends up making the system less secure. More rounds, more bits, more iterations, it doesn't really matter. What matters is that any lay person's quick fix is likely to cause as much harm as good. It takes a lot of cryptanalysis and a lot of time to test the quality of an encryption algorithm.
My favorite example is when script kiddies pull out some wacky scheme like "Take a message, type it on an image in photoshop, save as JPEG, reverse the bytes in the file, zip it, and xor with 'HELLO WORLD'." They don't realize that a determined skilled attacker can break that much more easily than if it were a proven cipher. If you don't have a lot of experience in cryptography, you shouldn't even try to "improve" an algorithm.
Remember...... ALL encryption algorithms are 100% resistant to every attack the designers thought of, except brute force. If it wasn't resistant to their test attacks, they would have changed it. Therefore, only someone else can verify the strength of an algorithm. It takes many "someone elses" before you can be confident an algorithm is actually good.
That doesn't always work. For example, two rounds of DES encryption has weaknesses that neither one nor three round suffer from. The only way to count on an encryption or hash algorithm is to have it tested by the general public for many years. Simply increasing a key size or number of rounds is often a crapshoot and you won't know whether you were successful for a long time.
The better alternative is to move to an existing well tested algoritm while the security researchers are testing the future replacements. If there's one place you don't want to be on the bleeding edge, it's with security algorithms.
BTW, traditional guards don't work when your aren't cutting all the way through the material. If you do dadoes or shaping on a table saw then the guard has to be gone. On most table saws removing and replacing the guard is a huge pain, so it is always off. You can buy a $500 guard that hangs down from the top rather that protruding from the table, but that costs more than my saw did.
Personally, if I didn't feel confident enough in my saw safety techniques that I was willing to blow through a $100 blade and $40 cartridge every once in a while to save my fingers, I'd just have someone else cut my lumber. It would likely work out cheaper and safer in the long run.
Tivo can walk that fine line all they want, no one is arguing their right to do so here. However, RMS is objecting to TiVo releasing a product that contains a large amount of community contributed code, in a manner not consistent with the wishes of that community. See, TiVo saved a ton of cash by basing the product on Linux. The payback is supposed to be that we get to play with the product. By including the signature verifying component in the hardware, they are making it a one sided tradeoff -- otherwise know as "a bad deal". Why should we give an operating system to TiVo free of charge and free of any other benefit? GPLv3 has provisions to help assure that we won't get burned again.
In direct response to your first comment, of course TiVo wouldn't succeed if they had opened up the TiVo. But they really should have picked a different platform instead of hiding behind a technicality in the GPLv2. There are pleny of for-profit companies that would have sold them an OS.
Anybody who says the Gore would have won in 2000 with a popular vote system isn't thinking it through.
Remember, Gore won the popular vote by about 500,000 votes. Also remember that the Republicans were targeting small swing states with small populations. It's a well worn fact that giving a group attention will get some of their votes. If the system had been a popular vote system in 2000, Bush would have spent all his time in California and New York. Also think of how many Texans stayed home because Bush already had Texas in the bag. If he had posted gains in those three big states, he would have won the popular vote by a healthy margin. There's 70 million people in those three states to swing and he'd only need a bit less than 1% of them. Gore was already in the big states, so he wouldn't have picked up as much.
The whole idea of a vote "counting" is rediculous. The electoral system was designed to influence the behavior of candidates and force them to make wide-reaching promises. It's hard to get a majority vote in 29 states without appealing to a lot of different types of people. That is the true American way, to try to appeal to as many types of people as possible, not to appeal to as many people as possible. It has been said above, but deserves repeating -- democracy is not two wolves and a sheep voting on what's for dinner. Kudos to the founding fathers for having the courage to set up a system that ignores 50 million whining "me-too"s while preserving the voice of many smaller groups.
BTW, how many New Yorker Bush supporters do you think stayed home because they though their vote wouldn't count? I'm certain that would have changed the popular vote count, probably enough to give the edge to Bush. Much of New York outside of the New York city votes red, but they concede defeat during presidential elections because they know the city is going to swing the State blue.
Slashdot Mirror
Only the ones who don't know what they are doing make that mistake.
.Net 1.0 and it works with a defined "platform seperator" and doesn't care whether you use drive letters or any other designation. It certainly isn't Microsoft's fault that some people are too lazy to read the directions.
System.IO.Path.Combine has been around since
A company that I do tech work for part-time just bought a new computer for an employee. They didn't ask me ahead of time what they should get, they just went down to a computer store and bought something they thought fit their needs.
It came with Vista and no option for XP. The manufacturer's web site has no drivers for XP for that system. Also, the major software package they use isn't Vista compatible unless you upgrade to the newest version. They were left with several choices:
1. Upgrade to the newest version of the software for $1000 (everyone has to upgrade, not just one user). Also upgrade Vista to Business Edition because it has to join a domain.
2. Downgrade to XP. They would have to pay me a chunk of change to get the hardware working on XP, and I couldn't guarantee when I'd have it running.
3. Take the computer back and get a different one.
Option 3 was the only viable one. I never really thought much about it, but it seems now that you have to get professional advice before buying a computer. The days of picking up a system and having it "just work" seem to be over for a while.
Vendors are my big pet peeve. I have one vendor that won't talk to any WMWare customer with a problem until they reproduce the problem on physical hardware. I'm certain that taking it off a VM has never fixed any problem, but they insist. This is the type of company that sells you a $100,000 software package, then charges $20,000 a year, then makes you hire a certified tech a call in a callback key for every upgrade or module activation (the customer is not allowed to call), also to use a hardware license HASP on all servers and config workstations. After jumping through all those hoops, they insist on the software being installed on physical hardware and the file and db server being seperate boxes.
The really funny part is that the minimum system requirements are a P3 with 256 megs of RAM. They really woud rather you put the software on two P3s than on one quad proccessor server with 32GB of RAM.
A rich application is one that can draw a chart within the app quickly, without making a trip back to the server. A rich application can actually rebuild a drop down list in a millisecond in response to a user's actions. A rich application isn't limited to what HTML and DOM can do on all platforms, rather it is limited to what one platform is capable of doing. The Netscape folks prophesized that Windows would eventually become a "poorly debugged set of device drivers" for the web platform. Well, the web is in danger of becoming a "barely functional platform that only survives because of the demand for cross platform apps and the fear of running rich applications from unknown authors".
Microsoft is betting that they can solve their security and distribution problems before Google and others solve the problem of building and maintaining fast, sophisticated web apps.
How many developers could build Google Maps better than Google given access to the same images? I'll bet a good high-school developer could build a better Google Maps if they were allowed to build it as a desktop app and compare it to Google's web app. That is the power of a rich app. It gives a mediocre developer a better end product than a team of the best in the world who are held back by the requirement of building a web app.
Personally, I feel that web development needs to take a HUGE leap forward if it doesn't want to become a dead technology in 15 years. Rich applications are far closer to meeting people's needs than web apps are. If MS builds and sells a good Windows API emulation library for Linux/OSX, they could allow corporate customers to switch to non-windows OSes without losing revenue or their corporate clients. Sure, it will not be a "free" solution in any sense of the word and those that "get" Linux will scream like mad, but 99% of the world won't listen. MS could even pull a NetScape and make it free for personal use and charge for corporate use to speed adoption.
No one would ever figure out to strip everything after the plus before selling it to spammers. That would be far too difficult and wouldn't work for a large number of accounts.
The + address just lets you catch the ones that are accidentally leaking your address. Anyone being aggressive will have your real address. That way you won't have any of the spam that is periferally related to things that you are actually interested in, but you will get tons of Viagra and porn spam. Yay!!!
Sure, SSL in the middle is possible, but you need a properly signed certificate to set it up. It can't be used for man-in-the-middle attacks unless the CA or the certificate are compromised. Essentially, you are just moving the secure communication endpoint.
As for the big list of pre-trusted CAs, just remove the ones you don't trust.
PGP may be more secure for point to point, but shared secret or one-time pad is even better. If all you want is secure communications with someone you already have a relationship with, then you aren't breaking any new ground here and stuff from the '70s is good enough to keep you private. PKI and CAs were designed to allow billions of people to communicate securely with hundreds of millions of servers. There is room for improvement however. I wish there were several tiers of trust, not just one big list of trusted root CAs.
This is all technically true. However, the current use of the term "Upstate NY" shows a NY==NYC mode of thinking that mildly offends those of us who don't live there. Since half of the population lives in the NYC area, the term has stuck and will stick forever. That doesn't make it any less narrowminded. To say that Jamestown is in Upstate NY is geographically rediculous.
Interesting side note on the whole NY==NYC thing. I was in Newport News, VA one time having a discussion about this issue and as an example of how far I live from NYC, I brought up to Google Maps. One from Newport News and one from Niagara Falls. Newport News is closer than I am. There are points in 11 states that are closer to NYC than Western New York.
Hmmm.... I live around Buffalo and we call ourselves Western New York. When you we hear Upstate, we think Watertown and Plattsburgh.
Yes, but that is the point. IPSec, among other things, verifies that the packet header has not been altered. NAT alters the packet header. You are correct in stating that if any other router between the source and the destination alters the packet (including the IP header), then IPSec will freak out. Why would a router alter your packet? A router might fragment the packet, but the destination machine should put it back together again. A router will change the MAC header, but that isn't authenticated by IPSec. Only an attempted hijack or man-in-the-middle attack would alter the IP packet header. Maybe an old school ping-of-death would do it too. Personally, I would like my protocol to reject MITM attempts.
Are you suggesting that traffic should be able to flow normally across a compromised router?
The biggest problem with TIFF isn't patents. The official TIFF standard is now controlled by Adobe who seems to have no plans to move it forward. TIFF could compete with PDF on many fronts, so Adobe wants it to stagnate. TIFF 6 had a lot of issues with not being explicit enough to ensure compatibility (mostly with JPEG compressed TIFFs). A strong leadership could have saved the format a lot of pain. BTW, there are open source TIFF implementations like libtiff and DevIL, so I don't know why there isn't support in Firefox. But, libtiff doesn't open a lot of commercially produced TIFFs becuase of the above mentioned compatibility issues. Search for TIFF Technical Note #2 if you want to know about the JPEG-in-TIFF fiasco.
I could meet both of your conditions to be pirated (more likely to be pre-0wned, less likely to be easy to install) while still being genuine under Microsoft's definition. Microsoft encourages corporate clients to tweak installation CDs to be easier to install on their hardware and that same process could easily be used to put nasty stuff on the CD. Through Remote Installation Services, third party software like Ghost, or through Setup Manager that automates the installation process, I could easily modify my Windows installation and pass the WGA validation with flying colors. I also regularly install genuine Windows in 20 minutes with Office and other stuff preconfigured an everything is licensed properly. If I weren't using a Corporate copy of Windows, I could also easily make it stop at the product key screen so I could enter a unique key for each computer.
What if Apple promised me that after 3 and a half years of useage, if I didn't write them a letter with the word "Steve" on it and send it to a special address in the Congo, they'd get to take my house?
You see, when they say "We'll let you download and play music". People have an expectation of what that means. The courts have also spelled out some of what that means. Both of those boil down a reasonable expectation that "I can play it on any of my devices that are designed to play digital music". Apple can't simple erase that with a EULA, it's guaranteed by the constitution in the same law that guarantees copyright protection to the record labels.
The only reason Apple gets away with DRM is that there is another law that although it doesn't change my rights to fair use, it effectively prevents my exercising that right -- the DMCA. Apple only agrees to DRM because they wouldn't get the contracts to sell the music if they didn't. Apple would be more than happy to widen the envelope of compatible music and not have to maintain a DRM system.
BTW, nearly all EULAs in the computer world state that the software is not guaranteed to do anything useful and the vendor has no responsibility to make it work or to compensate you if the software causes any problems. If your copy of Mac OSX or Windows doesn't work, I'm sure you won't stand for "But you are getting exactly what we promised you. Read the EULA."
Nope. DRM just forces those non-technically inclined dishonest people to go to a technically inclined dishonest person who has already cracked the DRM and buy the media at 1/10th the face value. In the process it also creates new criminal enterprises and funds existing organized crime. Who do you think is selling those CDs full of ripped MP3s on the street corners in Brooklyn? The Girl Scouts?
As for buying the same song multiple times, that is just stupid. Why would we accept that new technology actually works worse than the old stuff unless we were given no choice and that lack of choice was being maintained by force of law? Digital cell phones sound worse than the old analog ones, but allow the phone companies to run 100 calls on the hardware that used to support 10. Modern digital music (MP3s and other compressed formats) sounds worse than good old-fashioned CD music, while often allowing the companies to control us through DRM. Satellite radio and TV lose signal more than tradition radio and TV technologies, while making what a VCR made easy in the '80s difficult again. Modern music is sold as a $1 iPod song, a $2.99 downloadable song on my cell phone and a $1.99 ring tone (yes, on the same phone I have to buy it as a song and as a ringtone!!!), and through the wonders of DRM and the DMCA, I have little to no choice.
All this damage occured so that we can prevent digital file sharing that was never proven to cause losses to anyone to begin with. We enacted these horrible laws and invented this horrible technology on the unfounded fear that somebody might lose some money.
DRM isn't really about directly screwing the consumers. It's no surprise that most iTunes customers aren't inconvenienced that much. But, you should be pissed that you are pawns in a game to screw the artists.
You are being gently but persistently rounded up into a group that works best if you buy iPods, use iTunes, and most importantly, buy content from the big distributors that sell via iTunes. If this were ever to not become the case, then the artists might actually get anough clout to get a decent contract.
No one is doing anything to outright prevent you from straying form the group, but it's happening. You have less choices of players due to DRM (there are ways around, but it's easiest if you stay in the group). You have less choices of download stores because of DRM (try using the Windows friendly services with your iPod). Also, anyone that makes software that makes it easy to stray from the group is punished as a violator of the DMCA, due to the need to remove the DRM.
Sure there are alternatives, but they are really just one big alternative group being hearded together with WMA based DRM.
Your apathy towards DRM isn't all that different than an apathy toward a company that uses child labor to bring you good prices. Only in this case, you're helping forge the chains that bind the artists of the world. In the clothing industry, your argument would amount to "XYZ company gives us the styles we want at the prices we want. Why all this talk about Malaysian children working 16 hours a day?"
BTW, iPods would still be the wonderful devices you claim they are without DRM. DRM adds nothing. So why should we put up with any amount of DRM on our devices?
You are missing the point. DRM is not there to make sure the artists get paid. As the grandparent said, that is the responsibily of the courts and the police, not Apple. If the courts can find out who leaked the music, the proper person can be held accountable. It's very easy to do this in a way that protects privacy. Just use transaction IDs and keep the details at the store until it needs to go to court.
DRM exists to perpetuate a business model. 20 years ago it was hard to be a distributor. Content producers had little leverage and were sunk without a good distributor. So, content producers grudgingly signed contracts that allowed exclusive distribution by one distributor and gave that distributor most of the money.
Today, it is much easier to be a distributor. You still can't get your stuff on the Best Buy and WalMart shelves without a being big distributor, but you can get rich. Well, at least you should be able to. Here is where DRM comes in. DRM creates the lock-in that the distrubutors need. Arbitrary rules can now be put in place to make sure that you go through iTunes and buy iPods, which in turn means you'll buy only content distributed by Sony, BMG, and a handful of others. Now, the big distributors get to keep the near monopoly they've always had and continue to rape and pillage the artists.
See, DRM is bad for artists in the long run, but is being sold as good for them. Guys like Metallica that no longer really need a distributor get sweet deals and don't stand gain much if the distribution cartels are broken up. So, Metallica only sees the bad end of the spectrum, the potential for copyright violation. Thousands of smaller artists would get a far better deal if there was more competition among distributors and they had the power to get their stuff out there without signing an exclusive contract. Sure, there would be more illegal file sharing, but the American public has always shown that they will throw their disposable income at whatever they like listening to.
Actually. it's a matter of interpretation whether it violates the DMCA or not. At one extreme we have products that use encryption keys obtained without authorization and by reverse engineering the process. At the other end of the spectrum is simply recording the output of your speakers.
Most people will agree that using the keys should be considered "breaking the encryption" and recording the sound should not. But, where is the line? If you picked up the analog signal to the speakers with an RCA cable, most people would still stay that it's not breaking the encryption. However, one approach is to write a sound driver that records the digital data stream. Another is to grab the data inside the application like QTFairUse. The next level deeper would be to use portions of the ligitimate application, but control them from an application that ignores the DRM restrictions.
The funny part is that the recording industry was fine with some level of fair use as long as it was cumbersome. As soon as it was easy, they freaked out. The law shouldn't gaurantee them a market, but that's what they are trying to do. 99% of the money is in the distribution business. Until the late 1990's, it was difficult to succeed in the music distribution business and those who did got rich. When Napster was unveiled, suddenly it was easy to be a music distributor. Capitalism should have dictated that people who distributed music for a living should have gone broke. Good thing they made it a law that any mechanism that makes it easy to be a music distributor is now illegal.
That's the spirit that the DMCA was written in and that's how it will be interpreted. Since QTFairUse is easy, it is "circumvention" and thereforew illegal.
My opinion is that we shouldn't be building solutions that solve our short term problems like QTFairUse does. Instead, we should be building application that shine a spotlight on how insane these laws are. Anything that blurs the line enough to get the courts to really think about the issue is good. For example, a P2P client that doesn't exchange actual copyrighted music, but instead exchanges many very small snippets of public domain music along with instructions on how to piece them together to get the overall sound you want. Maybe add to that a small patch file to change the critical section that are difficult to get right. Or maybe break a song into 100 "layers". Each layer is meaningless on its own, but if all 100 are XORed with each other you get the right end product. No client would ever offer more than 10 layers of the same original. Just to be fun, make a few of the layers public domain text, like Shakespeare. To be really fun, require that the Shakespeare layer be applied last. That way you have total garbage until the last layer and the one magic piece you add to it is obviously not the property of the RIAA's clients.
So.... you want your classes to be compelling and you want the students to enjoy coming to your classes....
Your solution is to create devices that force the students to attend such as counting attendance in the grade. Am I missing something here or does the technique contradict the intent? If your classes were truely compelling then you'd have to find a mechanism to keep students from other sections out of your class so your students could get seats.
I do some teaching at the adult level myself, so I'm not attacking your teaching skills or dedication. I know how difficult it is to make a classroom environment compelling. I know that it is difficult enough that you will fail more often than you succeed no matter how hard you try. But grading attendance is not helping anyone and is hurting those student who don't learn the way you want them to.
Personally, I do see a point in forced attendance at many levels of education. An educator's time can be used much more effectively if many students are involved in one question and answer session, rather than answering the same question for each student. There electronic technologies that handle this wonderfully like discussion boards, but you still may have to deal with everything twice, once in person and again on the boards.
What it really boils down to is that it is better for the professor and the university that the students attend. It is not necessarily better for the student. Forcing attendance sends the clear massage "please don't waste our precious time regardless of your schedules and priorities". Forcing attendance also waters down the achievement of attaining a degree. Any full-fledged university should let the students sink or swim on their own while providing as many opportunities and as much guidance as possible to succeed. Part of that is attendance. Students need to learn to budget their time in order to succeed. Passing difficult classes without mandatory attendance is an important hurdle to be jumped before attaining a degree.
Interesting note: I've recently worked with two organizations that offer classes. Organization A has strict attendance policies and organization B has almost none. Attendance was never a problem at organization B. I'd estimate that I had better than 98% attendance. At organization A, I'm lucky to get 85% even with the policies in place. So, you see here an example that the attendance policies don't dictate attendance, but rather attendance habits tend to dictate policy. Posting class lectures for download won't make student skip. They made that determination long ago.
Whatever factors they are using don't seem to work. I fly about 10 times a year, I am white and my parents are both US citizens, on my fathers side they've been citizens for nearly 200 years, my maternal grandmother was Australian (British family line), I always buy from the airline's website, round trip, about two to three weeks in advance. Every ticket is Sunday evening to Friday evening. I get "SSSS" on my ticket about two thirds of the time. The best part is that they search me on both legs of each trip. That second search is a total waste of manpower. It is so consistent that if I were planning to do something evil on the plane, I wouldn't dream of carrying something to the security gates on the second leg because I know I'm going to get searched. For the first leg, I would call off my evil plans after I saw "SSSS" on my ticket.
The best part is that I sometimes like it. In my home airport there is a seperate line for the special searches. That line goes through in two minutes while the general population takes 30 to 40 minutes. Many airports do the special search after waiting in the standard line, that kinda sucks. The worst is Washington National which searches you again if you change gates or eat dinner because of the layout of the airport.
So, you want things that are "usable", not "usable to the extent that the law allows you to use them"? Hmmm.... I hope you don't treat freedom the same way. By that reasoning, being in jail, but being allowed to talk to your friends and play video games could be considered freedom to you. How about -- letting most of the people (those like you) do what they want and take the Jewish people and send them to camps. How's that for freedom, it's just as usable for you, isn't it?
BTW, your second paragraph sound very authorative. It's almost as if you were stating something that is literally correct to make sure the rest of us get it. However, the term "Piracy" is nothing but propaganda designed to make those who even think of going beyond the whims of content producers (and also those who would break the law) into the bad guys. Piracy only acquired its current meaning through use. At first it was a blatant exaggeration, then it sounded a little radical, now it sounds just about right. Well, it's still a blatant exaggeration. Pirates were the most feared and hated criminals back when travel by sea was very popular. There is no comparison between those who commit "copyright violation" and the pirates of the old days.
In a few years, "people who listen DRMed music" will be looked at like we look at "people who use AOL as an ISP". They will be seen as the sheep of the world volunteering to be fleeced. Thank god no one legislated the use of AOL 15 years ago. Too bad that DRM is effectively being legislated today.
I'm not confusing them, I'm just citing an example where "doing it more" ends up making the system less secure. More rounds, more bits, more iterations, it doesn't really matter. What matters is that any lay person's quick fix is likely to cause as much harm as good. It takes a lot of cryptanalysis and a lot of time to test the quality of an encryption algorithm.
My favorite example is when script kiddies pull out some wacky scheme like "Take a message, type it on an image in photoshop, save as JPEG, reverse the bytes in the file, zip it, and xor with 'HELLO WORLD'." They don't realize that a determined skilled attacker can break that much more easily than if it were a proven cipher. If you don't have a lot of experience in cryptography, you shouldn't even try to "improve" an algorithm.
Remember...... ALL encryption algorithms are 100% resistant to every attack the designers thought of, except brute force. If it wasn't resistant to their test attacks, they would have changed it. Therefore, only someone else can verify the strength of an algorithm. It takes many "someone elses" before you can be confident an algorithm is actually good.
Send the original mesage as a PDF attachment. There's a ton of place to hide data in a PDF and no one would give it a second thought.
That doesn't always work. For example, two rounds of DES encryption has weaknesses that neither one nor three round suffer from. The only way to count on an encryption or hash algorithm is to have it tested by the general public for many years. Simply increasing a key size or number of rounds is often a crapshoot and you won't know whether you were successful for a long time.
The better alternative is to move to an existing well tested algoritm while the security researchers are testing the future replacements. If there's one place you don't want to be on the bleeding edge, it's with security algorithms.
BTW, traditional guards don't work when your aren't cutting all the way through the material. If you do dadoes or shaping on a table saw then the guard has to be gone. On most table saws removing and replacing the guard is a huge pain, so it is always off. You can buy a $500 guard that hangs down from the top rather that protruding from the table, but that costs more than my saw did.
Personally, if I didn't feel confident enough in my saw safety techniques that I was willing to blow through a $100 blade and $40 cartridge every once in a while to save my fingers, I'd just have someone else cut my lumber. It would likely work out cheaper and safer in the long run.
Tivo can walk that fine line all they want, no one is arguing their right to do so here. However, RMS is objecting to TiVo releasing a product that contains a large amount of community contributed code, in a manner not consistent with the wishes of that community. See, TiVo saved a ton of cash by basing the product on Linux. The payback is supposed to be that we get to play with the product. By including the signature verifying component in the hardware, they are making it a one sided tradeoff -- otherwise know as "a bad deal". Why should we give an operating system to TiVo free of charge and free of any other benefit? GPLv3 has provisions to help assure that we won't get burned again.
In direct response to your first comment, of course TiVo wouldn't succeed if they had opened up the TiVo. But they really should have picked a different platform instead of hiding behind a technicality in the GPLv2. There are pleny of for-profit companies that would have sold them an OS.
Anybody who says the Gore would have won in 2000 with a popular vote system isn't thinking it through.
Remember, Gore won the popular vote by about 500,000 votes. Also remember that the Republicans were targeting small swing states with small populations. It's a well worn fact that giving a group attention will get some of their votes. If the system had been a popular vote system in 2000, Bush would have spent all his time in California and New York. Also think of how many Texans stayed home because Bush already had Texas in the bag. If he had posted gains in those three big states, he would have won the popular vote by a healthy margin. There's 70 million people in those three states to swing and he'd only need a bit less than 1% of them. Gore was already in the big states, so he wouldn't have picked up as much.
The whole idea of a vote "counting" is rediculous. The electoral system was designed to influence the behavior of candidates and force them to make wide-reaching promises. It's hard to get a majority vote in 29 states without appealing to a lot of different types of people. That is the true American way, to try to appeal to as many types of people as possible, not to appeal to as many people as possible. It has been said above, but deserves repeating -- democracy is not two wolves and a sheep voting on what's for dinner. Kudos to the founding fathers for having the courage to set up a system that ignores 50 million whining "me-too"s while preserving the voice of many smaller groups.
BTW, how many New Yorker Bush supporters do you think stayed home because they though their vote wouldn't count? I'm certain that would have changed the popular vote count, probably enough to give the edge to Bush. Much of New York outside of the New York city votes red, but they concede defeat during presidential elections because they know the city is going to swing the State blue.