Uhh, what exactly, is the point, of encryption when you can't verify the key? If you haven't verified the key, there is no guarantee that your data isn't being seen by a Man-In-The-Middle, so the encryption might not be doing anything useful for you at all.
Correct me if I'm wrong, but I believe that all the major browsers allow you to view info about the certificate that was presented, including the key fingerprint. If you know enough of the fingerprint, you should be able to verify that it is the fingerprint of *your* self-signed key, and accept it, without having had to manually install the key into the browser.
It all comes down to, can you determine that you are using the same crypto key that the server is? The reason for signing certificates and the like is to try to detect when you are being hit with a man-in-the-middle attack. In a nutshell, that attack is when you try to open a connection to your 'known' IP address, say, 123.45.6.7. Even though you are connecting to a 'known' IP address of a server you trust, doesn't mean you can necessarily trust traffic from that IP address. Why not? Because the Internet works by passing data from router to router until your data gets to it's destination. Every router in between is an opportunity for malicious code on that router to re-write your packet, and you'd never know the difference, unless you have some way to *verify* that the packet is from the trusted server.
A crypto key, if you have the *correct* key, can verify for you that the data hasn't been tampered with. The problem is, however, that before you can begin encrypted communications, you must do an *unencrypted* key exchange, where the server gives you it's crypto key. Here's where the man-in-the-middle has an opportunity. If your traffic is going through my router, I can intercept the self-signed key from the server, and generate a new self-signed key with the same server name, etc in it, so that it *looks* like the self-signed key from your server, but which allows me to decrypt the communications between you and the server. My router then establishes a connection to the server using the *correct* key, and as data passes between you and the server, I unencrypt the data using the real key, then re-encrypt it using the 'fake' key. So, the data is encrypted between me and the server, and between me and you, but gets unencrypted in my router, giving me the opportunity to spy on your data, or even alter if if I want.
The point of a CA-signed certificate is to give slightly stronger verification that you are actually using the key that belongs to the server you are trying to connect to.
Yes, self-signed keys have some uses - in particular if you happen to know the real key's fingerprint (a fingerprint is a numeric or hex string which identifies a cryptographic key), so that you can verify yourself that you are using the correct key for SSL. If you don't happen to know the fingerprint, it's probably still fine to use self-signed certs on a LAN, where you control all the equipment, so don't have to worry so much about a man-in-the-middle (although, arguably, on a LAN you might not even need encryption).
So, in summary, yes, SSL adds security to the connection, but ONLY if you can verify that the correct SSL key for your server is being used, and not a different key that a hostile router has injected.
No joke. I seem to recall at least 2 or 3 articles (I don't remember if I saw them here or Groklaw - probably both)in the past year of the BusyBox devs winning suits for GPL violations. Might be quite a lucrative business for them - who says there's no way to make money off GPL software? *grin*
The potential problem here is that if you have a device, and you burn GPL Software to a ROM on the device, then give that device to someone else, that is distribution, and so copyright applies. There's no difference, legally, between a circuit-based rom, and a cd-rom. However, this particular case is not necessarily a GPL violation. Someone else asked a poignant question - Did Minerva modify the source? If they use binaries built from unmodified source, they can probably abide by the GPL simply by giving users a link to download the source from any server which hosts the same version of the source (e.g. from the main Linux or Busybox developers' ftp servers).
Well, does the software or manual anywhere point to a link to download the source from the original source repository? I'm not really sure, but if you really didn't modify the code, you could probably get away with providing users a link to download the source from any server where the source may be downloaded. It may also depend on GPLv2 vs GPLv3, but according to V3:
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
* a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
* b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.. [emph. added]
* c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b.
* d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party)[emph. added] that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
* e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d.
I'm no lawyer, but looking at that, as long as you tell users *where* they can download the source code (In section B, it just says "a network server", so I think pointing to kernel.org or any other server, would probably fulfill that requirement), it doesn't appear that you have any particular obligation to actually host the source code yourself (section d explicitly allows the server hosting the source to be operated by a third party).
Oh man, I wouldn't bank on the success of that rainbow technology. Maybe it'll surprise everyone, but I'd have the following concerns:
* What is the performance of that technology (in terms of seek time, and throughput, both reading and writing)
* What kind of reliability are you gonna get out of that? The discs are made of paper - that sounds really fragile. Heat, moisture, wrinkling/tearing, dirt - anything made of paper sounds too flimsy and fragile to me to be useful. What happens if it gets a little bit wet - are the inks/pigments going to run and bleed, causing the disc to become unreadable?
Does it actually even work? This kind of sounds like flim-flam to me.
People like to debate the 'best' format for long term storage. The answer, when talking about digital data, is copies, copies, copies. No media lasts forever. The advantage of digital media is that, as long as it's still readable, you can make bit-perfect copies.
Store the data on multiple media, and plan to make new copies every 5 or 10 years. Give some copies to relatives/friends to hold on to (offsite storage:) ).
It can be a little daunting to try to keep track of lots of different copies, and ensure that every file you want to keep is re-copied on schedule, no doubt, so good quality media is still important, but the best defense against digital data loss is having multiple copies, and it's better to have multiple copies on reasonably priced media, than a single very expensive, very-high quality media, because even the most expensive, high quality media still have a chance to fail, or to be damaged (scratches, abrasions, or cracks in optical media, exposure to strong electromagnetic fields for magnetic media, etc).
Some good questions. . . however, I believe not all nuclear reactor designs require water for cooling? I was looking briefly at Wikipedia earlier, and it mentions designs that are cooled by CO2 gas, or liquid metal, so there might be other alternatives for arid regions. Also consider that it might be possible to 'pipe' water into a reservoir built next to the power plant (definitely want a reservoir, so that if for some reason, the pipe does not have available water for a while, you can safely continue to run the plant, or at least shut it down, using the reservoir water).
"How much gas/diesel would be needed to build 45 plants". . . whatever it is, it's likely to be much less than the gas/diesel/coal which would be required to generate the equivalent electricity over the life of the plants. Also, how many 'conventional' power plants would you have to build to have equivalent generating capacity, and how much gas/diesel would you use building those other plants? Power plants need to be built, it's just a question of what type of power plants. Fossil fuels will be used in the construction of those plants no matter which type of plant you are building, so that argument is kind of a wash.
"45 new terrorist destinations?" Terrorists don't, generally, attack well protected targets. They seek the weak points. Nuclear plants should definitely be very high on the list of 'hard targets'. I would suspect that, as long as we are vigilant about the nuclear plants, they won't really be very attractive targets for Terrorists. Also, I suspect that, to some extent, these 45 new plants will be replacing old nuclear plants that will eventually need to be decommissioned. I don't know that for sure though, but nuclear power plants can't have an unlimited lifespan, right? Some of the nuclear plants are getting to be 40, 50 years old (though, I suppose, if the plant is taken out of commission for some time, it could be 'overhauled' and put back into service, as essentially a new power plant.
You make a fundamental assumption that there are no stupid criminals or stupid terrorists. Yes, *some* terrorists and criminals are smart enough to encrypt their emails. But I'm sure there really are people out there stupid enough to talk about their criminal plans/exploits in plaintext email, or plaintext IMs, because they are just stupid. The Swedish government, will, no doubt catch some of those stupid criminals through such spying on email, then point to those cases whenever they talk to the media/public about why this is a 'good thing'.
As with any invasive authoritarian law, the government can always present anecdotal examples of it 'working', and so 'justify' the law, despite the fact that it's fundamentally a bad law, and probably not necessary.
I'm no physicist or climate expert, so, uhh, this might just be totally ignorant, but. . .
I *think*, based on my limited understanding of physics, that, as long as you don't have an excess of greenhouse gasses in the atmosphere, that faster you add heat to the atmosphere, it will generally be equally offset b other processes which absorb or remove heat from the atmosphere. Processes like evaporation, wind, and heat radiating off into space. In particular, I think energy radiating into space would probably ramp up pretty quickly to offset our heat production. But again, I admit I'm pretty ignorant about this. It'd possibly be a fascinating topic for a Ph.D. dissertation or scientific journal article (there might already be people who have published such papers, so you might want to look).
"concerning the DoFS - That's why you don't actually *buy* software any more. You actually lease the right to use it."
If you follow that Wikipedia link in my earlier post, and read the section on case law, specifically the last paragraph about Vernor vs Autodesk, you'll see that at least one Federal Judge has made a ruling that calls "Bullshit" on that argument. That was a very recent ruling, though, so there is still the possibility that could be appealed, I think, but it's at least encouraging that the courts might be willing to overrule bogus licenses.
I've liked some of Bioware's earlier releases, but I guess I'll just keep on waiting for Mass Effect, till they come to their senses.
Honestly, if Bioware never 'needed' DRM (outside of a license key) for earlier games such as the Baldur's Gate Series, Neverwinter Nights, Knights of the Old Republic, etc, and made millions upon millions of dollars of revenue, why do they suddenly need such restrictive DRM? I guess it's to keep people like me from buying the game who probably otherwise would.
Publishers, pay attention: DRM doesn't generate more revenue, it costs you revenue. It's costly to develop and deploy, and to some extent, reduces your sales. I doubt a single person who would have pirated a non-DRM'ed version will actually pay because of the DRM, but it definitely goes the other way - some percentage, even if small, of potential customers who would have payed will be turned off by the DRM and will simply not purchase the game.
Also, DRM like this violates the Doctrine of First Sale - you know, that little concept that if you buy a book, recording, or copy of a computer program, you can let your friends read it, listen to it, libraries can lend it out, etc. Any DRM which prevents lawful re-use of a legally purchased copy should itself be illegal, but of course our corrupt congress which only cares about pandering to rich lobbyists don't care about flushing a century of copyright law down the toilet.
"Clearly, these planets do not satisfy the Earth-like gravity requirement of a class M planet."
I've posted more details in another thread, but in summary, the Gravitational Force experienced at the surface of a planet is not just a function of the mass of the planet, but also of the size of the planet (specifically, the length of the radius of the planet). A planet with more mass than Earth can have the same gravity as earth, so long as the size is also larger (so it would have to be less dense than the earth, which still means it's probably not very earthlike).
I posted a comment in another thread with more details, but I'll point out, here, that the Force of Gravity is not just a function of mass, it is also a function of the radius of the planet. A planet could have 10 times the mass of earth, and yet have the same gravity at the surface, as long as the planet has Sqrt(10) times larger radius. A planet could even be less massive than earth and have the same gravity, as long as it was also proportionally smaller.
"Square-root of 2 times the mass of the earth" should read "Square-root of 2 times the radius of the earth".
Also, more generally, if the mass of a planet is X times the mass of the earth, then if the radius is also Sqrt of X times the radius of the earth, the Force of Gravity will be the same.
The actual force of gravity at the surface of a planet is not just a function of the mass of the planet. It is also a function of the radius of the planet. So, if a planet had more mass than earth, but also had a radius that was the right size, it could have the exact same surface gravity.
I believe the function is something like:
G * ( [M1 * M2]/R^2)
Where G is the universal constant of Gravity, M1 is the mass of a test object, M2 is the mass of the planet, and R^2 is the average radius of the planet, squared. Since we have a fraction, if M2 increases, you can keep the fraction constant by also increasing R.
So, to give a bit more concrete example, if the planet has 2 times the mass of Earth, and the radius is Square-root of 2 times the mass of the earth, then the Force of Gravity at the surface is the same.
While that's clever, anyone who is NOT a computer science or math major would completely, totally, miss the point of that art. You *might* want something that will be just a little more. . . accessible, to the general public.
. . . the child pornographers will just user other newgroup servers. Ok, so Verizon chops alt.* from *their* server. Is there anything that prevents a user from connecting to a third-party news server over the Internet? What does this accomplish other than pander to the NY AG?
I truly think that if anyone out there begins developing an application, and makes enough progress to at least have some sort of proof-of-concept build of the app, and then simply *asks* for someone to help them buy an Apple Developer Key, they'd not find it that difficult to come up with the needed funds. I really think you *would* be able to find people - I suspect there are, in the US, Canada, and Europe, hundreds of thousands of Free Software users (I'm not counting the millions who use Free Software, but don't really know that they are, like most Apple users *grin*, and some Linux users), and if your app interests a tiny percentage of that group, there's probably someone who would gladly help out your project.
If you can't get a private sponsor, maybe you could get a company to sponsor you - like a website which could 'host' your project and put up ads on your project page, so that every time someone went to look for info about your app, they'd see the ad.
I agree that open source developers will find creative solutions (plural, more than one) for this problem. Sharing a key is one possible solution, but ultimately, whoever registers the key with Apple is going to be held responsible if, e.g. any malware/virus/rootkit/etc is found in software signed by that key, so I think you wouldn't see something as open as, "upload your software to this server to get it signed". If I were signing something, I'd want to, at the minimum, either directly review the code to check for problems, or have someone I trust completely, review the code, which limits the number of projects, I think, which can be signed by a single person/key.
Now, again, I'd like to preface this with, I think it would be a good thing if Apple came up with cheaper or free keys for Free Software, since they've been the beneficiary of a lot of great Free Software, but if they don't do that, I still think $99 isn't *much* of a barrier. . .
If you are a student, either join a computer science student organization on campus, or if there isn't one, form one (for example, at the University of Cincinnati, OH, where I'm currently studying, there is a group call LaRC - the Lab for Recreational Computing, which is a bunch of CompSci geeks who hang out and develop software [mostly entertainment software, i believe]). Such organizations can typically petition some type of "Student Activities Board" or other University entity for budget money to buy equipment, journal subscriptions, pay for speakers and events, etc. I suspect that if such an organization wanted to get an Apple Developer Key to publish student submissions, they could get some money from the University.
As for adults, people spend lots of money on their hobbies - digital cameras, bicycles, skis, boats, fishing equipment, golf clubs, etc, any of which could cost hundreds or *thousands* of dollars. Again, $99 isn't much, and you don't need to have one of those keys to just GET STARTED. As others have said, the article stated that you could get keys, I think for free, which allow limited private deployement. Which, when you are first starting the project, is enough to let you get it on your own iPhone for testing purposes, and to roll it out to a few other developers or testers, to start getting a small community together. Surely, by the time you have 50 or 80 people interested in the project, you could get someone or multiple someones to donate the money ( 10 people donating 10 bucks, for example).
See, this kind of thing should lead to all the lawyers working those cases being disbarred (personally), and the law firms they work for losing their licenses to practice law.
Legal tactics like this just waste taxpayer money (after all, the courts are taxpayer funded), and drive up the legal costs of the parties that are trying to defend against their claims.
Slashdot Mirror
Isn't the whole *point* of slashdot to be a place for people who don't know, to tell you how things are?
There's a joke about lawyers. . .
A bad lawyer can let a case drag on for years. . . a good lawyer can make it last even longer.
Uhh, what exactly, is the point, of encryption when you can't verify the key? If you haven't verified the key, there is no guarantee that your data isn't being seen by a Man-In-The-Middle, so the encryption might not be doing anything useful for you at all.
Correct me if I'm wrong, but I believe that all the major browsers allow you to view info about the certificate that was presented, including the key fingerprint. If you know enough of the fingerprint, you should be able to verify that it is the fingerprint of *your* self-signed key, and accept it, without having had to manually install the key into the browser.
It all comes down to, can you determine that you are using the same crypto key that the server is? The reason for signing certificates and the like is to try to detect when you are being hit with a man-in-the-middle attack. In a nutshell, that attack is when you try to open a connection to your 'known' IP address, say, 123.45.6.7. Even though you are connecting to a 'known' IP address of a server you trust, doesn't mean you can necessarily trust traffic from that IP address. Why not? Because the Internet works by passing data from router to router until your data gets to it's destination. Every router in between is an opportunity for malicious code on that router to re-write your packet, and you'd never know the difference, unless you have some way to *verify* that the packet is from the trusted server.
A crypto key, if you have the *correct* key, can verify for you that the data hasn't been tampered with. The problem is, however, that before you can begin encrypted communications, you must do an *unencrypted* key exchange, where the server gives you it's crypto key. Here's where the man-in-the-middle has an opportunity. If your traffic is going through my router, I can intercept the self-signed key from the server, and generate a new self-signed key with the same server name, etc in it, so that it *looks* like the self-signed key from your server, but which allows me to decrypt the communications between you and the server. My router then establishes a connection to the server using the *correct* key, and as data passes between you and the server, I unencrypt the data using the real key, then re-encrypt it using the 'fake' key. So, the data is encrypted between me and the server, and between me and you, but gets unencrypted in my router, giving me the opportunity to spy on your data, or even alter if if I want.
The point of a CA-signed certificate is to give slightly stronger verification that you are actually using the key that belongs to the server you are trying to connect to.
Yes, self-signed keys have some uses - in particular if you happen to know the real key's fingerprint (a fingerprint is a numeric or hex string which identifies a cryptographic key), so that you can verify yourself that you are using the correct key for SSL. If you don't happen to know the fingerprint, it's probably still fine to use self-signed certs on a LAN, where you control all the equipment, so don't have to worry so much about a man-in-the-middle (although, arguably, on a LAN you might not even need encryption).
So, in summary, yes, SSL adds security to the connection, but ONLY if you can verify that the correct SSL key for your server is being used, and not a different key that a hostile router has injected.
. . . will just use it as an opportunity to learn new unethical tricks. I'm sure he'll be fastidiously taking notes, not doodling.
No joke. I seem to recall at least 2 or 3 articles (I don't remember if I saw them here or Groklaw - probably both)in the past year of the BusyBox devs winning suits for GPL violations. Might be quite a lucrative business for them - who says there's no way to make money off GPL software? *grin*
The potential problem here is that if you have a device, and you burn GPL Software to a ROM on the device, then give that device to someone else, that is distribution, and so copyright applies. There's no difference, legally, between a circuit-based rom, and a cd-rom. However, this particular case is not necessarily a GPL violation. Someone else asked a poignant question - Did Minerva modify the source? If they use binaries built from unmodified source, they can probably abide by the GPL simply by giving users a link to download the source from any server which hosts the same version of the source (e.g. from the main Linux or Busybox developers' ftp servers).
Well, does the software or manual anywhere point to a link to download the source from the original source repository? I'm not really sure, but if you really didn't modify the code, you could probably get away with providing users a link to download the source from any server where the source may be downloaded. It may also depend on GPLv2 vs GPLv3, but according to V3:
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
* a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
* b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. . [emph. added]
* c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b.
* d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) [emph. added] that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
* e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d.
I'm no lawyer, but looking at that, as long as you tell users *where* they can download the source code (In section B, it just says "a network server", so I think pointing to kernel.org or any other server, would probably fulfill that requirement), it doesn't appear that you have any particular obligation to actually host the source code yourself (section d explicitly allows the server hosting the source to be operated by a third party).
Oh man, I wouldn't bank on the success of that rainbow technology. Maybe it'll surprise everyone, but I'd have the following concerns:
* What is the performance of that technology (in terms of seek time, and throughput, both reading and writing)
* What kind of reliability are you gonna get out of that? The discs are made of paper - that sounds really fragile. Heat, moisture, wrinkling/tearing, dirt - anything made of paper sounds too flimsy and fragile to me to be useful. What happens if it gets a little bit wet - are the inks/pigments going to run and bleed, causing the disc to become unreadable?
Does it actually even work? This kind of sounds like flim-flam to me.
People like to debate the 'best' format for long term storage. The answer, when talking about digital data, is copies, copies, copies. No media lasts forever. The advantage of digital media is that, as long as it's still readable, you can make bit-perfect copies.
Store the data on multiple media, and plan to make new copies every 5 or 10 years. Give some copies to relatives/friends to hold on to (offsite storage :) ).
It can be a little daunting to try to keep track of lots of different copies, and ensure that every file you want to keep is re-copied on schedule, no doubt, so good quality media is still important, but the best defense against digital data loss is having multiple copies, and it's better to have multiple copies on reasonably priced media, than a single very expensive, very-high quality media, because even the most expensive, high quality media still have a chance to fail, or to be damaged (scratches, abrasions, or cracks in optical media, exposure to strong electromagnetic fields for magnetic media, etc).
Some good questions. . . however, I believe not all nuclear reactor designs require water for cooling? I was looking briefly at Wikipedia earlier, and it mentions designs that are cooled by CO2 gas, or liquid metal, so there might be other alternatives for arid regions. Also consider that it might be possible to 'pipe' water into a reservoir built next to the power plant (definitely want a reservoir, so that if for some reason, the pipe does not have available water for a while, you can safely continue to run the plant, or at least shut it down, using the reservoir water).
"How much gas/diesel would be needed to build 45 plants". . . whatever it is, it's likely to be much less than the gas/diesel/coal which would be required to generate the equivalent electricity over the life of the plants. Also, how many 'conventional' power plants would you have to build to have equivalent generating capacity, and how much gas/diesel would you use building those other plants? Power plants need to be built, it's just a question of what type of power plants. Fossil fuels will be used in the construction of those plants no matter which type of plant you are building, so that argument is kind of a wash.
"45 new terrorist destinations?" Terrorists don't, generally, attack well protected targets. They seek the weak points. Nuclear plants should definitely be very high on the list of 'hard targets'. I would suspect that, as long as we are vigilant about the nuclear plants, they won't really be very attractive targets for Terrorists. Also, I suspect that, to some extent, these 45 new plants will be replacing old nuclear plants that will eventually need to be decommissioned. I don't know that for sure though, but nuclear power plants can't have an unlimited lifespan, right? Some of the nuclear plants are getting to be 40, 50 years old (though, I suppose, if the plant is taken out of commission for some time, it could be 'overhauled' and put back into service, as essentially a new power plant.
You make a fundamental assumption that there are no stupid criminals or stupid terrorists. Yes, *some* terrorists and criminals are smart enough to encrypt their emails. But I'm sure there really are people out there stupid enough to talk about their criminal plans/exploits in plaintext email, or plaintext IMs, because they are just stupid. The Swedish government, will, no doubt catch some of those stupid criminals through such spying on email, then point to those cases whenever they talk to the media/public about why this is a 'good thing'.
As with any invasive authoritarian law, the government can always present anecdotal examples of it 'working', and so 'justify' the law, despite the fact that it's fundamentally a bad law, and probably not necessary.
I'm no physicist or climate expert, so, uhh, this might just be totally ignorant, but. . .
I *think*, based on my limited understanding of physics, that, as long as you don't have an excess of greenhouse gasses in the atmosphere, that faster you add heat to the atmosphere, it will generally be equally offset b other processes which absorb or remove heat from the atmosphere. Processes like evaporation, wind, and heat radiating off into space. In particular, I think energy radiating into space would probably ramp up pretty quickly to offset our heat production. But again, I admit I'm pretty ignorant about this. It'd possibly be a fascinating topic for a Ph.D. dissertation or scientific journal article (there might already be people who have published such papers, so you might want to look).
"concerning the DoFS - That's why you don't actually *buy* software any more. You actually lease the right to use it."
If you follow that Wikipedia link in my earlier post, and read the section on case law, specifically the last paragraph about Vernor vs Autodesk, you'll see that at least one Federal Judge has made a ruling that calls "Bullshit" on that argument. That was a very recent ruling, though, so there is still the possibility that could be appealed, I think, but it's at least encouraging that the courts might be willing to overrule bogus licenses.
I've liked some of Bioware's earlier releases, but I guess I'll just keep on waiting for Mass Effect, till they come to their senses.
Honestly, if Bioware never 'needed' DRM (outside of a license key) for earlier games such as the Baldur's Gate Series, Neverwinter Nights, Knights of the Old Republic, etc, and made millions upon millions of dollars of revenue, why do they suddenly need such restrictive DRM? I guess it's to keep people like me from buying the game who probably otherwise would.
Publishers, pay attention: DRM doesn't generate more revenue, it costs you revenue. It's costly to develop and deploy, and to some extent, reduces your sales. I doubt a single person who would have pirated a non-DRM'ed version will actually pay because of the DRM, but it definitely goes the other way - some percentage, even if small, of potential customers who would have payed will be turned off by the DRM and will simply not purchase the game.
Also, DRM like this violates the Doctrine of First Sale - you know, that little concept that if you buy a book, recording, or copy of a computer program, you can let your friends read it, listen to it, libraries can lend it out, etc. Any DRM which prevents lawful re-use of a legally purchased copy should itself be illegal, but of course our corrupt congress which only cares about pandering to rich lobbyists don't care about flushing a century of copyright law down the toilet.
"Clearly, these planets do not satisfy the Earth-like gravity requirement of a class M planet."
I've posted more details in another thread, but in summary, the Gravitational Force experienced at the surface of a planet is not just a function of the mass of the planet, but also of the size of the planet (specifically, the length of the radius of the planet). A planet with more mass than Earth can have the same gravity as earth, so long as the size is also larger (so it would have to be less dense than the earth, which still means it's probably not very earthlike).
I posted a comment in another thread with more details, but I'll point out, here, that the Force of Gravity is not just a function of mass, it is also a function of the radius of the planet. A planet could have 10 times the mass of earth, and yet have the same gravity at the surface, as long as the planet has Sqrt(10) times larger radius. A planet could even be less massive than earth and have the same gravity, as long as it was also proportionally smaller.
"Square-root of 2 times the mass of the earth" should read "Square-root of 2 times the radius of the earth".
Also, more generally, if the mass of a planet is X times the mass of the earth, then if the radius is also Sqrt of X times the radius of the earth, the Force of Gravity will be the same.
The actual force of gravity at the surface of a planet is not just a function of the mass of the planet. It is also a function of the radius of the planet. So, if a planet had more mass than earth, but also had a radius that was the right size, it could have the exact same surface gravity.
/R^2)
I believe the function is something like:
G * ( [M1 * M2]
Where G is the universal constant of Gravity, M1 is the mass of a test object, M2 is the mass of the planet, and R^2 is the average radius of the planet, squared. Since we have a fraction, if M2 increases, you can keep the fraction constant by also increasing R.
So, to give a bit more concrete example, if the planet has 2 times the mass of Earth, and the radius is Square-root of 2 times the mass of the earth, then the Force of Gravity at the surface is the same.
While that's clever, anyone who is NOT a computer science or math major would completely, totally, miss the point of that art. You *might* want something that will be just a little more. . . accessible, to the general public.
. . . the child pornographers will just user other newgroup servers. Ok, so Verizon chops alt.* from *their* server. Is there anything that prevents a user from connecting to a third-party news server over the Internet? What does this accomplish other than pander to the NY AG?
"Ye have not, because ye ask not"
I truly think that if anyone out there begins developing an application, and makes enough progress to at least have some sort of proof-of-concept build of the app, and then simply *asks* for someone to help them buy an Apple Developer Key, they'd not find it that difficult to come up with the needed funds. I really think you *would* be able to find people - I suspect there are, in the US, Canada, and Europe, hundreds of thousands of Free Software users (I'm not counting the millions who use Free Software, but don't really know that they are, like most Apple users *grin*, and some Linux users), and if your app interests a tiny percentage of that group, there's probably someone who would gladly help out your project.
If you can't get a private sponsor, maybe you could get a company to sponsor you - like a website which could 'host' your project and put up ads on your project page, so that every time someone went to look for info about your app, they'd see the ad.
I agree that open source developers will find creative solutions (plural, more than one) for this problem. Sharing a key is one possible solution, but ultimately, whoever registers the key with Apple is going to be held responsible if, e.g. any malware/virus/rootkit/etc is found in software signed by that key, so I think you wouldn't see something as open as, "upload your software to this server to get it signed". If I were signing something, I'd want to, at the minimum, either directly review the code to check for problems, or have someone I trust completely, review the code, which limits the number of projects, I think, which can be signed by a single person/key.
Now, again, I'd like to preface this with, I think it would be a good thing if Apple came up with cheaper or free keys for Free Software, since they've been the beneficiary of a lot of great Free Software, but if they don't do that, I still think $99 isn't *much* of a barrier. . .
If you are a student, either join a computer science student organization on campus, or if there isn't one, form one (for example, at the University of Cincinnati, OH, where I'm currently studying, there is a group call LaRC - the Lab for Recreational Computing, which is a bunch of CompSci geeks who hang out and develop software [mostly entertainment software, i believe]). Such organizations can typically petition some type of "Student Activities Board" or other University entity for budget money to buy equipment, journal subscriptions, pay for speakers and events, etc. I suspect that if such an organization wanted to get an Apple Developer Key to publish student submissions, they could get some money from the University.
As for adults, people spend lots of money on their hobbies - digital cameras, bicycles, skis, boats, fishing equipment, golf clubs, etc, any of which could cost hundreds or *thousands* of dollars. Again, $99 isn't much, and you don't need to have one of those keys to just GET STARTED. As others have said, the article stated that you could get keys, I think for free, which allow limited private deployement. Which, when you are first starting the project, is enough to let you get it on your own iPhone for testing purposes, and to roll it out to a few other developers or testers, to start getting a small community together. Surely, by the time you have 50 or 80 people interested in the project, you could get someone or multiple someones to donate the money ( 10 people donating 10 bucks, for example).
See, this kind of thing should lead to all the lawyers working those cases being disbarred (personally), and the law firms they work for losing their licenses to practice law.
Legal tactics like this just waste taxpayer money (after all, the courts are taxpayer funded), and drive up the legal costs of the parties that are trying to defend against their claims.