Because the law enforcement agencies really hate it when you brag about the your ability to operate under their noses without getting caught, which is why they pass a big bunch of stupid laws, so instead of just charging you with one crime, they charge you with 50 different things that are all incidental and hope that you will trip up somewhere along the line.
Rememer that Al Capone was never convicted of being a mobster or even of any violent crime. He was brought down because the government decided that he had not fully declared his income and paid taxes on all of his ill gotten gains.
The irony of it all though was that if it wasn't for the laws of the day (prohibition), he wouldn't have been in business in the first place and the government wouldn't have had to spend so much effort trying to catch him. In other words, its only an issue because the law says its an issue.
While the sessionid in the URL makes it more explisit, and leaves open the copy/paste URL issue, you should equally never assume that cookie data is "trusted" data, ie its possible for the user to manually open up their cookie file and enter in any arbitrary/random/malicious data in there.
One way of protecting session ID spoofing, is to keep track of all sessionids in a database, along with time last seen, IP subnet (ie 192.168.***.*** - the exact IP may legitimately vary if going through a multi-server load balancing proxy), and the first 255 chars of the user agent string (remember to do a substring on the UA before comparing it - I got burned once on a Ubuntu Firefox UA string that was longer than 255 chars and would never compare to the 'cropped' DB value). Also record a live/unlive flag.
Any time you check the cookie sessionid, look it up in the DB, check to see if the last seen time is within an acceptable limit (ie 1 hour), check that the IP sebnet matches and so does the UA string, and that it is still marked as a live sessionid. If any of these checks fails mark the sessionid as unlive, and regenerate the sessionid (double checking that the new random value hasn't already been recorded in the DB).
Though if a XSS attack happens then having username/password data in the cookie, may be of more importance than the sessionid.
If you are extra paranoid, you could even randomly generate a 32 digit password, store it in the cookie, and double check it on each page load. This will help against guessing the sessionid, but won't help if the cookie itself is read remotely (ie via a javascript XSS attack), so you could in theory regenerate the random password on every page load (the attacker would then need to act on that data before the user clicked on the next page), but this could cause problems if a user attempts to load several pages (ie in tabs) before the next page can send its cookies back (all the requests would have the same password, but the server would be expecting a password that the client has not yet recieved), or if there is a connection issue which means the server gets the request, but the user fails to recieve the response.
10) And last but not least....creating legions of Idiot Admins that can't do anything unless they are lead around by a OK or CANCEL button. God help them if they don't have a setup Icon someplace! One company who single handedly has put the US back into the Dark ages while the rest of the world MOVES ON without us.
Maybe this is part of the reason there is so much use of MS in corperate networks. Its fairly easy to hire cheap and plentiful idiot admins, who can be easily managed my idiot managers.
If you needed skilled workers to manage your stuff, apart from paying them more and having to listen them occasionally, you would also need skilled managers who would understand how to put them to good use and recruiters who where able to do more than simply read off a list of the latest TLA buzzwords.
The problem is not Bush per se, but the fact that congress, the military and everyone else is following his nonsense. The best punishment for Bush would be to send him back to his ranch, and let him spend out the rest of his days being a big kid with lots of toys but prevent him from every being put in a position of responsibility ever again.
The best thing the American people could do would be to vote him out of office (well he's not going to run for a third time, unless he proposes a new amendment) and get rid of the two party system by voting in an independant for president.
Bank of England I promise to pay the bearer on demand £10
However, last time I physically went to the Bank of England to demand my £10, I was politely asked to leave and told I should try spending it in a shop. The did claim to be willing to offer me a replacement bank note, but no gold or sterling silver.
Trying to teach a two year old that there are some things he must not touch is like trying to teach a cat how to play fetch, or an RIAA exec trying to teach a hacker that there are some algorithms she must not crack.
As a slashdotter you should understand, its a common trait among geeks, that they retain some of the innate curiorisity that defines a 2 years old's life.
1. Not everyone online is a US citizen and has a social security number. 2. Not everyone online is a US citizen and has a social security number..
Technically thats only one problem, but it was such a big one I thought I would point it out twice.
Also for outgoing email, the "From" field is just a user entered text field, if you want to recieve email, then all you need a computer with a domain name, a mail server and an open port 25 (or just use mailinator - where you don't even "own" the email address).
ISPs would then need to have a list of "sex offender" accounts, and monitor all their traffic, including port 80 for webmail, and grep for all email addresses in outbound traffic.
Or we could change the whole email infrastructure, use sender authentication, and insist that all the email cert providers run background checks to see if you are a "sex offender", "terrorist", "non-believer" or "building landing strips for the gay martians". Of course these checks would mean the certs will cost a fortune, meaning that all us geeks will use self-signed certs that we post in our sigs (and lawmakers will complain about this huge loophole in their plans - and the huge amount of aalib encoded ASCII kiddy porn being sent over email - but at least the screenshots will be viewable in mutt).
Actually there are a few cases of an appeal launched on behalf of an executed person. I remember a semi-recent UK case, where a WWI soldier was cleared of cowardace and refusing to fight (which carried the penality of death), on the basis of our modern understanding of shell shock.
The point wasn't to undo the sentance, but to restore honour to the persons memory and to that of the family.
Thats not the only case, and actually the last person to be hanged in the UK was later found not-guilty on appeal (which was part of the reason for eliminating the death penalty in the UK).
Shall we continue to build palace after palace for the rich? Or shall we aspire to a more noble purpose and build decent housing for the poor? How does the senate vote? Senate: FUCK THE POOR!
Then it is agreed, we shall build whorehouses in palaces for the rich, where the poor can live as well as getting fucked on a regular basis.
In order to launch a civil lawsuit you need to show that you have been personally harmed by their actions (I forget the legal term for this), but in short you cannot sue on behalf of someone else, even in a class action suit, you need to find the individuals directly harmed.
If you where one of the copyright holders yourself, then you could sue on that basis.
The other complaint you make is that you (as part of a group of filesharers) are being harmed due to selective enforcement of copyright holders rights (ie they are suing some people but not others) - this might work for trademark law (where failure to defend the mark means you lose your rights), but not copyright law. You cannot sue for negitive-damages (ie TimeWarner not inflicting a lawsuit on someone).
The only possible way you could make that argument fly would be to put it in terms of an anti-trust suit, claiming that selective enforcement of rights is being used to artifically inhibit compitition and keep prices artifically high (again you would need to be both a defendant in a lawsuit and a competitior to TimeWarner to make such a claim). However such a claim would likely fail on the basis that the ability to initiate a lawsuit is considered a fundamental right of both a citizen and a company.
One other thing that I'd like to ask is what about all the bandwidth throttling by the ISP's of torrents?
Think of this in reverse, when the average Joe starts being a "bandwidth hog", the ISPs will have no choice but to increase their capasity to keep up. Us early adopters will no longer be scapegoats for using our connections to the full.
How do you propose to perform your test? If others "skilled in the art" already know that there is a solution, then you are injecting hindsight into the equation, and EVERYTHING is obvious once you have hindsight."
Take a small panel of "experts", give them the specifications of the problem that the patent is intended to solve, and let them brainstorm for upto a day on various methods of how to solve it.
If they come up with the same solution as the patent within 5 minutes or even a day, then its patently obvious.
The original reason for that restriction was to help prevent the english nobility/monarchy or a suitable puppet, from getting elected as head of the newly founded US.
As for me, I vote Osama Bin Laden for president (ducks)
The fake boarding pass is not a means to dodge the $80 ticket, you still need a valid ticket to get on the plane.
The trick is to bypass the no fly list without having to have fake ID, the loophole is that the name on your ID and boarding pass are not both checked at the same time and compared.
2. I don't have a freeview box or even a TV. I get everything I want to watch via bittorrent or DVD.
3. I've assumed that a person would choose what they have on their hard disk (ie only stuff they want to watch), rather than being bombarded by 600+ channels, chosen by the media companies (an extension of the broadcast meme, rather than the hyperlink meme).
Arora said, by 2012, iPods could launch at similar prices to those on sale now and yet be capable of holding a whole year's worth of video releases.
A normal xvid encoding is about 700mb for a 2 hour film, or 350mb per hour, and that gives DVD like quality. The iPod has a fairly small screen, so we could quite easily downsample it and retain a "watchable" quality (advances in encoding formats will improve this quality or decrease the size).
For now I will assume that 100mb per hour of video would be of "watchable" quality (I'll use metric gb for easy maths).
100mb * 24hours = 2.4gb per day.
2.4gb * 365 days = 876gb per year
Now if we downsample our xvid to 85mb per hour, that works out at 745mb per year and bingo, there are already 750gb hard disk drives on the market, and it is possible to rewire your ipod to use an 3.5" hard disk
So Arora's prediction is correct, but then we already have that technology today. As for me, I'm just waiting for Steve Jobs to announce next year's terabyte iPod
Redundancy in testing helps to improve the certanty of a hypothesis - this is not just to protect against "influenced" findings, but also against mistakes in testing, methodology or even statistical flukes. Aslo if the second lab takes a slightly different approach to testing, it may also show up the fact that some variables are more or less significant than previously thought.
In very basic mathmatical terms, if you would trust the results of lab A 50% of the time, and those of lab B 80% of the time, then if both labs come to the same conclusion, you should be 90% confident of the results (more so than if just lab B did the test itself).
Another point to note, is that while the data and research of an "influenced" study may be perfectly valid, the majority of the "influence" may have gone into rewording/re-emphasing the summary and press-release (the bit most non-researchers will read).
Another major feature of "influenced" research is the ability to cancel funding when the research does not look promising. While this makes perfect sense from a commerical viewpoint (why waste money on a dead end), it reduces the amount of "negitive knowledge" (ie what we know doesn't work) which is often very useful and can unbalance the amount of "positive" and "negitive" research papers on a subject (and the mass-media is often more sensitive to quanitity over quality).
One suggestion for pharmacuitical research, would be for all clinical trials to be logged by the government before they start, even if they are later canceled before completion.
Slashdot Mirror
Because the law enforcement agencies really hate it when you brag about the your ability to operate under their noses without getting caught, which is why they pass a big bunch of stupid laws, so instead of just charging you with one crime, they charge you with 50 different things that are all incidental and hope that you will trip up somewhere along the line.
Rememer that Al Capone was never convicted of being a mobster or even of any violent crime. He was brought down because the government decided that he had not fully declared his income and paid taxes on all of his ill gotten gains.
The irony of it all though was that if it wasn't for the laws of the day (prohibition), he wouldn't have been in business in the first place and the government wouldn't have had to spend so much effort trying to catch him. In other words, its only an issue because the law says its an issue.
While the sessionid in the URL makes it more explisit, and leaves open the copy/paste URL issue, you should equally never assume that cookie data is "trusted" data, ie its possible for the user to manually open up their cookie file and enter in any arbitrary/random/malicious data in there.
One way of protecting session ID spoofing, is to keep track of all sessionids in a database, along with time last seen, IP subnet (ie 192.168.***.*** - the exact IP may legitimately vary if going through a multi-server load balancing proxy), and the first 255 chars of the user agent string (remember to do a substring on the UA before comparing it - I got burned once on a Ubuntu Firefox UA string that was longer than 255 chars and would never compare to the 'cropped' DB value). Also record a live/unlive flag.
Any time you check the cookie sessionid, look it up in the DB, check to see if the last seen time is within an acceptable limit (ie 1 hour), check that the IP sebnet matches and so does the UA string, and that it is still marked as a live sessionid. If any of these checks fails mark the sessionid as unlive, and regenerate the sessionid (double checking that the new random value hasn't already been recorded in the DB).
Though if a XSS attack happens then having username/password data in the cookie, may be of more importance than the sessionid.
If you are extra paranoid, you could even randomly generate a 32 digit password, store it in the cookie, and double check it on each page load. This will help against guessing the sessionid, but won't help if the cookie itself is read remotely (ie via a javascript XSS attack), so you could in theory regenerate the random password on every page load (the attacker would then need to act on that data before the user clicked on the next page), but this could cause problems if a user attempts to load several pages (ie in tabs) before the next page can send its cookies back (all the requests would have the same password, but the server would be expecting a password that the client has not yet recieved), or if there is a connection issue which means the server gets the request, but the user fails to recieve the response.
Maybe this is part of the reason there is so much use of MS in corperate networks. Its fairly easy to hire cheap and plentiful idiot admins, who can be easily managed my idiot managers.
If you needed skilled workers to manage your stuff, apart from paying them more and having to listen them occasionally, you would also need skilled managers who would understand how to put them to good use and recruiters who where able to do more than simply read off a list of the latest TLA buzzwords.
The problem is not Bush per se, but the fact that congress, the military and everyone else is following his nonsense. The best punishment for Bush would be to send him back to his ranch, and let him spend out the rest of his days being a big kid with lots of toys but prevent him from every being put in a position of responsibility ever again.
The best thing the American people could do would be to vote him out of office (well he's not going to run for a third time, unless he proposes a new amendment) and get rid of the two party system by voting in an independant for president.
Actually in England, the bank notes still say:
Bank of England
I promise to pay the bearer on demand £10
However, last time I physically went to the Bank of England to demand my £10, I was politely asked to leave and told I should try spending it in a shop. The did claim to be willing to offer me a replacement bank note, but no gold or sterling silver.
Trying to teach a two year old that there are some things he must not touch is like trying to teach a cat how to play fetch, or an RIAA exec trying to teach a hacker that there are some algorithms she must not crack.
As a slashdotter you should understand, its a common trait among geeks, that they retain some of the innate curiorisity that defines a 2 years old's life.
Back in my day, we didn't have fancy bewolf clusters, we just had to rely on weird science
Two problems with that plan...
1. Not everyone online is a US citizen and has a social security number.
2. Not everyone online is a US citizen and has a social security number..
Technically thats only one problem, but it was such a big one I thought I would point it out twice.
Also for outgoing email, the "From" field is just a user entered text field, if you want to recieve email, then all you need a computer with a domain name, a mail server and an open port 25 (or just use mailinator - where you don't even "own" the email address).
ISPs would then need to have a list of "sex offender" accounts, and monitor all their traffic, including port 80 for webmail, and grep for all email addresses in outbound traffic.
Or we could change the whole email infrastructure, use sender authentication, and insist that all the email cert providers run background checks to see if you are a "sex offender", "terrorist", "non-believer" or "building landing strips for the gay martians". Of course these checks would mean the certs will cost a fortune, meaning that all us geeks will use self-signed certs that we post in our sigs (and lawmakers will complain about this huge loophole in their plans - and the huge amount of aalib encoded ASCII kiddy porn being sent over email - but at least the screenshots will be viewable in mutt).
Actually there are a few cases of an appeal launched on behalf of an executed person. I remember a semi-recent UK case, where a WWI soldier was cleared of cowardace and refusing to fight (which carried the penality of death), on the basis of our modern understanding of shell shock.
The point wasn't to undo the sentance, but to restore honour to the persons memory and to that of the family.
Thats not the only case, and actually the last person to be hanged in the UK was later found not-guilty on appeal (which was part of the reason for eliminating the death penalty in the UK).
How about a wireless TV cable, between your set-top box/DVD player and your TV(s).
The MPAA may ask that this link be heavily encrypted, but it will make a nice CS hobby project in trying to decrypt it.
In order to launch a civil lawsuit you need to show that you have been personally harmed by their actions (I forget the legal term for this), but in short you cannot sue on behalf of someone else, even in a class action suit, you need to find the individuals directly harmed.
If you where one of the copyright holders yourself, then you could sue on that basis.
The other complaint you make is that you (as part of a group of filesharers) are being harmed due to selective enforcement of copyright holders rights (ie they are suing some people but not others) - this might work for trademark law (where failure to defend the mark means you lose your rights), but not copyright law. You cannot sue for negitive-damages (ie TimeWarner not inflicting a lawsuit on someone).
The only possible way you could make that argument fly would be to put it in terms of an anti-trust suit, claiming that selective enforcement of rights is being used to artifically inhibit compitition and keep prices artifically high (again you would need to be both a defendant in a lawsuit and a competitior to TimeWarner to make such a claim). However such a claim would likely fail on the basis that the ability to initiate a lawsuit is considered a fundamental right of both a citizen and a company.
How about Jython or JRuby
I want the classic snow white apple.
Take a small panel of "experts", give them the specifications of the problem that the patent is intended to solve, and let them brainstorm for upto a day on various methods of how to solve it.
If they come up with the same solution as the patent within 5 minutes or even a day, then its patently obvious.
The original reason for that restriction was to help prevent the english nobility/monarchy or a suitable puppet, from getting elected as head of the newly founded US.
As for me, I vote Osama Bin Laden for president (ducks)
The fake boarding pass is not a means to dodge the $80 ticket, you still need a valid ticket to get on the plane.
The trick is to bypass the no fly list without having to have fake ID, the loophole is that the name on your ID and boarding pass are not both checked at the same time and compared.
No, violently overthrowing the government and failing is treason, if you succeed, then you are called a patriot.
Remember, history is written by the victors.
1. Yes I am british
2. I don't have a freeview box or even a TV. I get everything I want to watch via bittorrent or DVD.
3. I've assumed that a person would choose what they have on their hard disk (ie only stuff they want to watch), rather than being bombarded by 600+ channels, chosen by the media companies (an extension of the broadcast meme, rather than the hyperlink meme).
Now how long until allofmp3.com starts getting hosted out of the principality of sealand
A normal xvid encoding is about 700mb for a 2 hour film, or 350mb per hour, and that gives DVD like quality. The iPod has a fairly small screen, so we could quite easily downsample it and retain a "watchable" quality (advances in encoding formats will improve this quality or decrease the size).
For now I will assume that 100mb per hour of video would be of "watchable" quality (I'll use metric gb for easy maths).
100mb * 24hours = 2.4gb per day.
2.4gb * 365 days = 876gb per year
Now if we downsample our xvid to 85mb per hour, that works out at 745mb per year and bingo, there are already 750gb hard disk drives on the market, and it is possible to rewire your ipod to use an 3.5" hard disk
So Arora's prediction is correct, but then we already have that technology today. As for me, I'm just waiting for Steve Jobs to announce next year's terabyte iPod
Redundancy in testing helps to improve the certanty of a hypothesis - this is not just to protect against "influenced" findings, but also against mistakes in testing, methodology or even statistical flukes. Aslo if the second lab takes a slightly different approach to testing, it may also show up the fact that some variables are more or less significant than previously thought.
In very basic mathmatical terms, if you would trust the results of lab A 50% of the time, and those of lab B 80% of the time, then if both labs come to the same conclusion, you should be 90% confident of the results (more so than if just lab B did the test itself).
Another point to note, is that while the data and research of an "influenced" study may be perfectly valid, the majority of the "influence" may have gone into rewording/re-emphasing the summary and press-release (the bit most non-researchers will read).
Another major feature of "influenced" research is the ability to cancel funding when the research does not look promising. While this makes perfect sense from a commerical viewpoint (why waste money on a dead end), it reduces the amount of "negitive knowledge" (ie what we know doesn't work) which is often very useful and can unbalance the amount of "positive" and "negitive" research papers on a subject (and the mass-media is often more sensitive to quanitity over quality).
One suggestion for pharmacuitical research, would be for all clinical trials to be logged by the government before they start, even if they are later canceled before completion.
Everyone knows that iPod minis are for girls...
3) you shared the cookie with the interstellar traveller
(I didn't realize that sharing was such an alien concept)