Constant connection does nothing to restrict non-interactive content. If a human can see it, a machine can store it. You just need to capture the data at any point after decryption.
All DRM requires some secrecy at some stage, making [...] open source implementations difficult.
s/difficult/impossible/
To display the content, you need to decrypt it into an understandable form. This means, the authors would need to add an antifeature to deny some forms of use if a flag is set -- removing such an antifeature is trivial so no one even bothers.
Effective DRM is, strictly speaking, impossible even in closed source, but the bad guys can least make it hard to pierce.
How do you manage to even ingest the stuff? All popular diet sodas are made with aspartame, which is pretty repulsive -- you can force it down, but it's not something to buy willingly.
As opposed to Cola Zero, which somehow they managed to make so revolting that when they gave out free samples, no one among my family and friends managed to drink the whole 0.33 can.
I like the taste of regular Coca Cola, so assuming only the sweetener changes, sugar substitutes cause a massive difference in taste. Coca Cola in the US is a good deal worse than in Europe (HFCS vs sugar), but at least drinkable. If you drink sodas anymore, that is.
There's a massive difference between the same company in different countries.
Around 20-15 years ago, McDonalds in Poland had great quality. Why? Because their burger set for 10zl competed with a bigger burger for 1zl 20 and coke for 2zl 50 just outside their restaurant, and thus no riff-raff would eat there, and they had to cater to a better clientele. I then visited the US, and McDonalds there were quite a shock. In a contrast to the country in general being far more civilized than Poland, all three McDonalds I poked my head into stank like worst Polish commie-era eateries, with a general state of cleaniness akin to that of a Serbian toilet. Obviously, I did not dare eat there. I tried Burger King instead -- the diarrhea lasted long. So while they were able to make tasty and safe food in Poland, on their home turf they apparently don't even try.
Since then, just as Poland in general slowly but steadily improves, the quality of McDonalds is in a rapid plunge.
they hope for the Debian 'Jessie' release their micro-kernel in Debian will make it as part of some official CDs.
Sorry, but Hurd is being demoted to a second-class (ie, unofficial) port. The rules say that a port that fails to be included in two subsequent releases, gets moved to the debian-ports ghetto, with shining neighbours like hppa (long dead) or sh4 (never has been).
In some ways, that's a pity -- like, improving other code by forcing removal of buffer overflows/asinine truncations related to PATH_MAX. In others, well, it's Hurd...
This particular vulnerability might be patched, but you're wide open to hundreds of others. Flash is not something a responsible OS distributor should install by default.
I have once suffered a terrible, traumatic experience: I plopped my ass at a machine in a lab, and tried reading perl man pages. Turns out, these man pages have been translated to Polish. The last time I checked, Polish was my native language, and I'm not that shabby at perl either. Yet I couldn't understand a single sentence. Finally, I ssh-ed into some place that had man pages in English, and breathed in relief.
It happened 14 or so years ago, yet I still haven't recovered. Every time I see messages translated into Polish, I shudder with revulsion and try to switch to English. Judging from problems people have, I save quite a bit of time this way. For example, in Gimp, you have (quoting from memory) "Frame according to template" and "Cut exactly". What's that? "Crop to selection" and "Autocrop". And Gimp is nowhere close to monstrosities like anything by Microsoft or most localized games.
Google Translate can hopefully let someone glean the basic sense of some text, but its output is nowhere close to being easy to read. And as for grammatical correctness... oy vey.
It makes a non-terrible job of translating into English, but for example when translating into Polish, it tends to produce sentences akin to those in caveman jokes: "Ugh be strong use computer". It's about that bad.
Back in the days of CGA we had a hardware-accelerated console. We do have it to this day, as long as framebuffer is not involved. I've seen a server that takes around a whole booping second to switch VTs. Displaying a screenful of text wasn't pleasant, either.
You can use your method but don't need passwords that long. My point is, the "common wisdom" that gets spread here badly inflates the entropy needed. Beyond being able to withstand 2^25-30 attempts, there is no real gain anymore. You are safe against brute forcing over network, hacks against the target server defeat you just the same. All you would gain is the attacker not learning what your password is -- which doesn't matter unless you reuse it somewhere else.
Using too long too complex passwords does have its costs: wasted time and mental effort, and especially, an urge to give the same weight to network-secure and locally-secure passwords. Since you brag about your password scheme, I guess you use the same for both. As using strong passwords for most uses would tire most reasonable humans, this means the password you use for things that can be attacked locally is too weak. Ie, because of the drive to use long passwords where you don't need them, you use too short ones in places that matter.
(Obviously, by "length" I mean entropy, everywhere. That "8 characters" is only a rule of thumb.)
Actually, that's good for the user, as it stops the FUD that's most posts in this discussions are riddled with.
Want to have a secure passwords? Pick an 8 character reasonable one (not a dictionary word, but no pure randomness either). Not longer, you'll just forget it, or be tempted to reuse.
And why even that long? Because you don't know the lockdown policies implemented by the other side, nor whether they're actually in place. They are actually hard to design, as it's too easy to allow DoS attacks against users. Thus, what your password needs to endure is several hours or perhaps days of, let's say, no more than 1000 attempts per second. The attacker can't bring down or seriously slow down the target server/servers, and you can expect a rig of more than several login servers to have at least semi-competent monitoring, so that's the upper limit for brute force attempts.
But, but, but one can download the password hashes, you'd say. Except, it's a rare case to gain access to the password db but not whatever was protected by these passwords -- or at least, have read-write access to that password db. Or, be able to install a nice logger that stores your password the next time you log in (somehow, most websites send plain text over SSL instead of challenge-response hashing on the client side).
There are uses where you need an actual long secure password: gpg key, disk encryption. And hardly anything else.
The monopoly would have to drop the price for an extended time, which effectively makes them non-abusive one. If they'd sell below costs, they would need to get money for dumping from somewhere -- if we're talking about a multi-billion company, the smaller one has means of exporting to that place.
So there are two cases: either a small company that can easily spring up and dissolve, or a large (but smaller) competitor. Beating the former requires the monopoly to forfeit all profits for a noticeable period of time, the latter can diversify (either geographically or to different products), and thus can't be easily smashed. In the second case, there's no monopoly anymore.
If you have multiple billions, you can be a significant player in any market that has no artificial barriers.
-BY disallows presenting modified text as the original work, so that's already handled. And -ND makes citations impossible (so you can at most use references), so using it shows misunderstanding of these licenses. -NC cannot be quoted in research done commercially.
No, the original is sadly correct. If you try to step up to your rights, then get overwhelmed by force (legal, illegal or bought legal), they can do with your gear whatever they want.
Since those startups can just refuse being bought out and proceed to sell the goods at inflated prices (still cheaper than the monopoly's), sunk costs are not their problem. Obviously, they would refuse the buyout if it's not going to be profitable. Or if they do something for a principle, for that matter.
I hope you're at least not arguing that removing barriers to entry as much as possible, getting rid of patents, disallowing lobbying, stopping all bailouts, etc, wouldn't be a good idea.
How can a monopoly kill all competition in a fully free market? There are two ways: either they keep prices lower than anyone else can -- and in this case, there's no harm done, or raise them and try to buy out all competition. In which case you can earn money doing nothing but spawning more and more startups. A new startup will either profit selling stuff at inflated prices (same or just a notch below that of the monopoly), or get bought out -- in which case, its creators profit, and more and more folks start jumping at such an easy opportunity.
So what do big companies do? They lobby for barriers for entry, via government interference, in the form of patents, permits or concessions. Or, for a more tricky scheme, a bailout that gets "repaid" -- which wipes out minor financial institutions, as investors get a strong message that their money is not safe with anyone not "too big to fail", while responsible handling of risk is simply not profitable enough to allow competing with the financial mafia.
Er, I don't think anyone would be irresponsible enough to release official builds even for a minor open source project without having a set of VMs, one with each major supported version of Windows. There's usually something wrong. Like, in Dungeon Crawl (not so minor a project, but not big either), Windows builds for 0.11.0 worked fine, 0.11.1 would crash on startup on Win7 (but not XP, 2k or 8) if I didn't catch it, 0.11.2 built fine again. Quite puzzling -- why would a strictly bugfix point release suddenly fail? Turns out there's something wrong in mingw for LTO compilation (final builds get optimized up the wazoo, nightlies don't). So there's simply no way to skip a test rig.
It's hard to believe in such a level of incompetency. On the other hand, this is Kaspersky...
Slashdot Mirror
You'll just add another implant at the very next neuron after the first one.
Constant connection does nothing to restrict non-interactive content. If a human can see it, a machine can store it. You just need to capture the data at any point after decryption.
All DRM requires some secrecy at some stage, making [...] open source implementations difficult.
s/difficult/impossible/
To display the content, you need to decrypt it into an understandable form. This means, the authors would need to add an antifeature to deny some forms of use if a flag is set -- removing such an antifeature is trivial so no one even bothers.
Effective DRM is, strictly speaking, impossible even in closed source, but the bad guys can least make it hard to pierce.
How do you manage to even ingest the stuff? All popular diet sodas are made with aspartame, which is pretty repulsive -- you can force it down, but it's not something to buy willingly.
As opposed to Cola Zero, which somehow they managed to make so revolting that when they gave out free samples, no one among my family and friends managed to drink the whole 0.33 can.
I like the taste of regular Coca Cola, so assuming only the sweetener changes, sugar substitutes cause a massive difference in taste. Coca Cola in the US is a good deal worse than in Europe (HFCS vs sugar), but at least drinkable. If you drink sodas anymore, that is.
There's a massive difference between the same company in different countries.
Around 20-15 years ago, McDonalds in Poland had great quality. Why? Because their burger set for 10zl competed with a bigger burger for 1zl 20 and coke for 2zl 50 just outside their restaurant, and thus no riff-raff would eat there, and they had to cater to a better clientele. I then visited the US, and McDonalds there were quite a shock. In a contrast to the country in general being far more civilized than Poland, all three McDonalds I poked my head into stank like worst Polish commie-era eateries, with a general state of cleaniness akin to that of a Serbian toilet. Obviously, I did not dare eat there. I tried Burger King instead -- the diarrhea lasted long. So while they were able to make tasty and safe food in Poland, on their home turf they apparently don't even try.
Since then, just as Poland in general slowly but steadily improves, the quality of McDonalds is in a rapid plunge.
they hope for the Debian 'Jessie' release their micro-kernel in Debian will make it as part of some official CDs.
Sorry, but Hurd is being demoted to a second-class (ie, unofficial) port. The rules say that a port that fails to be included in two subsequent releases, gets moved to the debian-ports ghetto, with shining neighbours like hppa (long dead) or sh4 (never has been).
In some ways, that's a pity -- like, improving other code by forcing removal of buffer overflows/asinine truncations related to PATH_MAX. In others, well, it's Hurd...
This particular vulnerability might be patched, but you're wide open to hundreds of others. Flash is not something a responsible OS distributor should install by default.
I have once suffered a terrible, traumatic experience: I plopped my ass at a machine in a lab, and tried reading perl man pages. Turns out, these man pages have been translated to Polish. The last time I checked, Polish was my native language, and I'm not that shabby at perl either. Yet I couldn't understand a single sentence. Finally, I ssh-ed into some place that had man pages in English, and breathed in relief.
It happened 14 or so years ago, yet I still haven't recovered. Every time I see messages translated into Polish, I shudder with revulsion and try to switch to English. Judging from problems people have, I save quite a bit of time this way. For example, in Gimp, you have (quoting from memory) "Frame according to template" and "Cut exactly". What's that? "Crop to selection" and "Autocrop". And Gimp is nowhere close to monstrosities like anything by Microsoft or most localized games.
Google Translate can hopefully let someone glean the basic sense of some text, but its output is nowhere close to being easy to read. And as for grammatical correctness... oy vey.
It makes a non-terrible job of translating into English, but for example when translating into Polish, it tends to produce sentences akin to those in caveman jokes: "Ugh be strong use computer". It's about that bad.
Back in the days of CGA we had a hardware-accelerated console. We do have it to this day, as long as framebuffer is not involved. I've seen a server that takes around a whole booping second to switch VTs. Displaying a screenful of text wasn't pleasant, either.
You can use your method but don't need passwords that long. My point is, the "common wisdom" that gets spread here badly inflates the entropy needed. Beyond being able to withstand 2^25-30 attempts, there is no real gain anymore. You are safe against brute forcing over network, hacks against the target server defeat you just the same. All you would gain is the attacker not learning what your password is -- which doesn't matter unless you reuse it somewhere else.
Using too long too complex passwords does have its costs: wasted time and mental effort, and especially, an urge to give the same weight to network-secure and locally-secure passwords. Since you brag about your password scheme, I guess you use the same for both. As using strong passwords for most uses would tire most reasonable humans, this means the password you use for things that can be attacked locally is too weak. Ie, because of the drive to use long passwords where you don't need them, you use too short ones in places that matter.
(Obviously, by "length" I mean entropy, everywhere. That "8 characters" is only a rule of thumb.)
Actually, that's good for the user, as it stops the FUD that's most posts in this discussions are riddled with.
Want to have a secure passwords? Pick an 8 character reasonable one (not a dictionary word, but no pure randomness either). Not longer, you'll just forget it, or be tempted to reuse.
And why even that long? Because you don't know the lockdown policies implemented by the other side, nor whether they're actually in place. They are actually hard to design, as it's too easy to allow DoS attacks against users. Thus, what your password needs to endure is several hours or perhaps days of, let's say, no more than 1000 attempts per second. The attacker can't bring down or seriously slow down the target server/servers, and you can expect a rig of more than several login servers to have at least semi-competent monitoring, so that's the upper limit for brute force attempts.
But, but, but one can download the password hashes, you'd say. Except, it's a rare case to gain access to the password db but not whatever was protected by these passwords -- or at least, have read-write access to that password db. Or, be able to install a nice logger that stores your password the next time you log in (somehow, most websites send plain text over SSL instead of challenge-response hashing on the client side).
There are uses where you need an actual long secure password: gpg key, disk encryption. And hardly anything else.
I bet CowboyNeal uses the birth years of CmdrTaco and his mom for his password,. . . ;-)
Try weight, although without using scientific notation it'd be too long to type.
The monopoly would have to drop the price for an extended time, which effectively makes them non-abusive one. If they'd sell below costs, they would need to get money for dumping from somewhere -- if we're talking about a multi-billion company, the smaller one has means of exporting to that place.
So there are two cases: either a small company that can easily spring up and dissolve, or a large (but smaller) competitor. Beating the former requires the monopoly to forfeit all profits for a noticeable period of time, the latter can diversify (either geographically or to different products), and thus can't be easily smashed. In the second case, there's no monopoly anymore.
If you have multiple billions, you can be a significant player in any market that has no artificial barriers.
-BY disallows presenting modified text as the original work, so that's already handled. And -ND makes citations impossible (so you can at most use references), so using it shows misunderstanding of these licenses. -NC cannot be quoted in research done commercially.
No, the original is sadly correct. If you try to step up to your rights, then get overwhelmed by force (legal, illegal or bought legal), they can do with your gear whatever they want.
"will"? Sorry, but future tense you used is inappropriate.
Take a look at new games, for example, and note how many of them come without some form of SecuROM, Steam or another kind of phone-home spyware.
Since those startups can just refuse being bought out and proceed to sell the goods at inflated prices (still cheaper than the monopoly's), sunk costs are not their problem. Obviously, they would refuse the buyout if it's not going to be profitable. Or if they do something for a principle, for that matter.
I hope you're at least not arguing that removing barriers to entry as much as possible, getting rid of patents, disallowing lobbying, stopping all bailouts, etc, wouldn't be a good idea.
How can a monopoly kill all competition in a fully free market? There are two ways: either they keep prices lower than anyone else can -- and in this case, there's no harm done, or raise them and try to buy out all competition. In which case you can earn money doing nothing but spawning more and more startups. A new startup will either profit selling stuff at inflated prices (same or just a notch below that of the monopoly), or get bought out -- in which case, its creators profit, and more and more folks start jumping at such an easy opportunity.
So what do big companies do? They lobby for barriers for entry, via government interference, in the form of patents, permits or concessions. Or, for a more tricky scheme, a bailout that gets "repaid" -- which wipes out minor financial institutions, as investors get a strong message that their money is not safe with anyone not "too big to fail", while responsible handling of risk is simply not profitable enough to allow competing with the financial mafia.
The free marketeers, excuse me the "privatize the profits, socialize the losses"
Please educate me, how socializing losses is even possible at all in a free market? What you're bashing here is a government-controlled economy.
Er, I don't think anyone would be irresponsible enough to release official builds even for a minor open source project without having a set of VMs, one with each major supported version of Windows. There's usually something wrong. Like, in Dungeon Crawl (not so minor a project, but not big either), Windows builds for 0.11.0 worked fine, 0.11.1 would crash on startup on Win7 (but not XP, 2k or 8) if I didn't catch it, 0.11.2 built fine again. Quite puzzling -- why would a strictly bugfix point release suddenly fail? Turns out there's something wrong in mingw for LTO compilation (final builds get optimized up the wazoo, nightlies don't). So there's simply no way to skip a test rig.
It's hard to believe in such a level of incompetency. On the other hand, this is Kaspersky...
That's not screwing free market, that's helping it against government-controlled monopolies.
Except that in this casino, friends of the owner are allowed access to cameras looking into your cards, to react a fraction of second before you do.
From Wikipedia: The FCC works towards six goals in the areas of broadband, competition, the spectrum, the media, public safety and homeland security.
Here's why. You're comparing a corporation that's merely organized crime with a government agency that has ties with Gestapo.