Once Vista sets the activated flag, does it actually check for revocation of activation at some prescribed interval?
Why, yes. Rechecking the activation key against an updated list of revoked licenses takes place as part of the periodic updates to "Windows Validation" delivered via Windows Update. In practice under XP, this happens every month to every few months. Depending on your settings and whatever the future might bring, it might well be the case that machines will be checking for updates & possibly re-validating themselves every week.
I even had mod points, but you were already at +5 Funny (deservedly). I wonder which one, Seti@Home or this WindowsKeyGen@Home, will accumulate more CPU time overall next year...?
I also wonder if vendors are going to simply give up on using 20 or 25-character long activation codes, if they can be brute-forced in a reasonable period of time? Will they be switching to keyfile activation using hardware profile info (NIC ethernet MACs, motherboard/BIOS serial #, hard drive serial #, etc)? That seems to be happening more and more already...
Inductive loads like motors have a lagging phase angle compared with purely resistive loads, whereas capacitive loads have a leading phase angle. If you look up "power factor correction" you'll get some good examples.
I agree that if the iTMS sold non-DRM'ed songs which worked with all vendor's music players, they'd be selling more songs. I don't think that's a big motivator for Apple, as they aren't making much profit off the iTMS-- it's running pretty close to a break-even position, reputedly.
The more interesting question is what would happen to the iPod marketshare if non-DRMed music replaced the DRM'ed versions the big-4 publishing companies want Apple to sell...?
YMMV, but many, if not most of the "problems" I see regarding P2P sharing, happen less with regular employees in an office environment compared with random business visitors doing meetings or sales or whatever and using wireless hotspots. They won't have the local CA cert, unless they had to get it before they could use the local proxy....
True. But most people download something, say, over port 80 or 443, and once you use TLS/SSL, packet inspection can't tell whether you are talking to your bank's secure website or a Bitorrent proxy via SSL.
This, by the way, is an argument for configuring business networks where port 80 & 443 are blocked outbound, and all the client machines have to go through a proxy machine, which can at least track the destination, and let you look for excessive usage via proxy-log analysis.
"Anyone willing to tell a lie can silence your online speech for ten days."
Not quite. Anyone willing to tell a lie which "substantially complies with the DMCA 512(c)(3)(A) clauses (ii), (iii), & (iv)" can silence your speech for ten days. You can't just claim that so-and-so wrote something you didn't like and the ISP will automatically remove your words as infringing-- the person making the claim has to identify a copyrighted work that your speech infringes upon, and the material in question has to be copyrightable in the first place.
Some ISPs are better than others at checking into this, but DMCA 512(c)(3)(B)(ii)) says that the OSP/ISP must (ie, is required to) seek clarification of any unclear aspects.
The DMCA actually requires that the person sending a takedown notice provide a description of the copyrighted items which are supposely infringing, a "statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed", and valid contact info so that the ISP can perform some minimal verification that the person sending the DMCA takedown notice really exists.
In other words, your #2 suggestion is already in place.
Your #1 suggestion is nonsense-- ISPs should not be hosting infringing material, period, regardless of whether they benefit financially or not.
As for #3, the DMCA lets the person posting the material refute the DMCA takedown claim (again, under penalty of perjury) and the ISP is required to put the material back up in 10-14 business days unless the original person filing the complaint files a lawsuit to enforce their claim. The DMCA isn't great, but it at least lets both sides make their position heard without the ISP having to take a firm position for one side or the other...especially when the ISP may not have any way of determining whether a claim is valid or not.
There are good CEOs/VPs/etc and bad ones; good ones understand that if their company depends on certain technological tools to work (VoIP phones, email, calender/meeting stuff, filesharing), they'd damn well better consider the costs of downtime versus the overhead of providing adequate IT support in-house.
Poor CEO/VP/senior management types can and do behave exactly as you've described, but the end results generally don't work as well as what you find from a good manager. The cold hard truth is that the services IT runs on servers on your LAN ought to have something resembling 99.99% uptime, whereas even the best places that you can outsource email/calendar stuff to (typically Exchange) tend to be down for at least an hour or two every few months-- and some places have much more significant outages than that.
I would say that games with poor AI commonly use tuning to help the AI compensate against the human player, but then they also use things like giving the AI a large # of units to start with, or bigger/multiple enemy bases compared with the human's starting forces, etc-- the early C&C and Warcraft games were famous for this, for example.
I would agree with the notion that tuning matters a lot in PvP, to make sure there isn't one "best unit" or "best weapon" that can be consistently used to win against people using any other units/weapons. This doesn't mean that you have to make every weapon equal in terms of "damage per shot" times "firing rate", but the game designer should make sure that it's at least possible for two decent players to compete with each other using various combinations of weapons or units and have one side or the other win at least some of the time.
With units, newer games like AoE, the newer versions of Civ, or the Total War series tend to use a rock/paper/sissors appoach, ie, pikemen kill cavalry, cavalry kill archer units, and archers kill pikemen. Not only is that more interesting, it encourages people to try a "combined" arms approach with different formations and so forth that has a more realistic feel. Not that being "more realistic" is always "more fun", mind you, but making games complicated enough that the results aren't obviously predictable and where unexpected outcomes can occur generally gives you a game which is more enjoyable to play and has greater replay value.
Um. You've acknowledged or at least not disputed my point that there are sources of DRM-free music aside from CD-ROMs.
Regardless of how popular or not popular you might feel Phish or the Greatful Dead are, they're still something that lots of people listen to and enjoy. If not every band allows concert taping, doesn't it make sense to support the bands which do rather than claiming their music is "less valuable" just because they let you freely share concert tapes...?
Of course it can. Putting allofmp3.com aside for the moment, there is no legal source of non-DRM music aside from CD.
Actually, there are plenty of sites which offer free, legal, non-DRM'ed music online. Check out the SHN (shorten) format and www.etree.org-- the artist list includes Phish, The Grateful Dead, The Seth Yacovone Band, String Cheese Incident, The Slip, Medeski, Martin & Wood, Umphrey's McGee, The Big Wu, Amfibian and The New Deal, along with a bunch of other smaller bands who encourage people to buy "taping tickets", ie, which give them the right to go to a show, and get a feed off the soundboard, and then share the copy they make with anyone or everyone.
KoTOR I & II seem to qualify as good dialogue games-- at least, most of the plot choices are driven by the conversation topics you choose. There's enough replay value in them to do both at least twice (once as the light side, the other as the dark side).
Other people give honorable mention to Grim Fandango for the voice acting and plot in it.
While it's possible to do wide-area networking with some of the later versions of Novell Netware (over SPX/IPX) and the old VAX mainframes running DECnet, or IBM mainframes & the AS/400 minis nowadays running SNA also had some WAN/routable protocol capabilities, pretty much everything most people use nowadays runs over TCP/IP....
I gather he's seriously a professor, but apparently not in a field that has much to do with computers. In particular, this quote from TFA:
"If you talk to most technologists, they believe TCP/IP is now obsolete."...leapt out at me. First, the people who know the most about network protocol usage are firewall admins, network admins/managers, ISPs, and so forth-- who tend to identify themselves specifically as such, not as "technologists". Secondly, the overwhelming majority of network traffic (especially Internet traffic) is based off the TCP/IP protocol suite.
Now, there are parts of TCP/IP which are not commonly used or are not especially relevant, so yes, a few parts are obsolete, but overall, TCP/IP is becoming more commonly used rather than fading away...
There are several forms of PKI (ie, SSL X.509 certs, PGP/GnuPG/OpenPGP keypairs) which can be used with email: see RFC's 1991, 2440, 2487. There's also some good links off the IETF's S/MIME page here: http://www.imc.org/ietf-smime/
These have been around for several years, but the uptake of TLS/SSL aware SMTP servers has been slow, and the adoption of signed/secure email has also been very slow. The first problem lies mostly with mail server admins, because setting up even self-signed certs is time-consuming and complex unless you do it regularly, but is more likely to make progress than convincing the majority of users to deal with PGP's "web of trust", keysigning parties, and so forth.
For a program to call setuid(), it needs to have superuser permissions. For a program to be made setuid via the filesystem, you have to invoke chmod via "su". Unless you make the program setuid-root, it cannot change the user information to some arbitrary other user.
Certainly it's true that there have not been major outbreaks targetting Mac users for financial gain, but some of the more recent games like sniffing mail passwords in an internet cafe and then holding the account's email contents hostage would affect Mac users just as they would a Windows user.
For a program to change UID/EUID to another user, it needs to have superuser permissions. We're not going to gain in security by making Safari setuid-root or encouraging someone to browse the web as root (most likely).
Making Safari setuid via the filesystem requires fewer changes and no need for superuser.
If you notice how long it takes your system to run the "update_prebindings" script after a major update (ie, something which touches the main C library, aka System.framework), and divide by the number of executables it had to change, you've got an estimate as to the startup cost involved.
I made a quick guestimate and came up with on the order of 10 ms extra startup cost being saved by prebinding.
No, but thanks anyway for telling me about it and also for the gratituous comparison with a "hitman".
Maybe you're confusing me with someone else? I don't work for the RIAA or for anyone sending out cease-and-desist letters or filing lawsuits like the big labels; but I've done consulting work for mid-size cellphone companies to set up sites where either (a) they provide a service where you play a song into the phone and it recognizes the artist+track name, or (b) lets people put up their own free ringtones (in which case, scanning for copyrighted songs and keeping them from appearing on the site without a human check).
Interestingly enough, the first one wants to have very good "distorted" sample recognition, including recognizing people humming or trying to kareoke the song themselves (and yes, the samples you can get from this are completely hilarious-- listening to people trying to sing songs they don't know or can't exactly remember can generate some priceless comic quotes:-), whereas the second case would prefer to have no "distorted" matches so they don't have to do much reviewing of live stuff by operators.
It's not as dangerous as a bug which requires no interaction whatsoever, but it's common enough for people to boink on random links that the risk level of that exploit could be fairly high. It will be interesting to see whether malicious exploits appear widely for any of these Mac bugs, and how quickly they spread if so...
chown unknown/Applications/Safari.app/Contents/MacOS/Safari chmod u+s unknown/Applications/Safari.app/Contents/MacOS/Safari...and you'll probably need to also change the following:
Re:Response from Kevin Finisterre, second bug
on
Month of Apple Fixes
·
· Score: 0
Well, a lot of people do have Quicktime installed and configured as an automatic content handler when surfing-- and this includes not just Mac users but Windows users of QT as well. The shellcode or malware would be different for each platform, but the underlying bug is the same.
Slashdot Mirror
Why, yes. Rechecking the activation key against an updated list of revoked licenses takes place as part of the periodic updates to "Windows Validation" delivered via Windows Update. In practice under XP, this happens every month to every few months. Depending on your settings and whatever the future might bring, it might well be the case that machines will be checking for updates & possibly re-validating themselves every week.
I even had mod points, but you were already at +5 Funny (deservedly). I wonder which one, Seti@Home or this WindowsKeyGen@Home, will accumulate more CPU time overall next year...?
I also wonder if vendors are going to simply give up on using 20 or 25-character long activation codes, if they can be brute-forced in a reasonable period of time? Will they be switching to keyfile activation using hardware profile info (NIC ethernet MACs, motherboard/BIOS serial #, hard drive serial #, etc)? That seems to be happening more and more already...
The order is supposed to be:
"L" -> "R" -> "C"
Inductive loads like motors have a lagging phase angle compared with purely resistive loads, whereas capacitive loads have a leading phase angle. If you look up "power factor correction" you'll get some good examples.
I agree that if the iTMS sold non-DRM'ed songs which worked with all vendor's music players, they'd be selling more songs. I don't think that's a big motivator for Apple, as they aren't making much profit off the iTMS-- it's running pretty close to a break-even position, reputedly.
The more interesting question is what would happen to the iPod marketshare if non-DRMed music replaced the DRM'ed versions the big-4 publishing companies want Apple to sell...?
YMMV, but many, if not most of the "problems" I see regarding P2P sharing, happen less with regular employees in an office environment compared with random business visitors doing meetings or sales or whatever and using wireless hotspots. They won't have the local CA cert, unless they had to get it before they could use the local proxy....
True. But most people download something, say, over port 80 or 443, and once you use TLS/SSL, packet inspection can't tell whether you are talking to your bank's secure website or a Bitorrent proxy via SSL.
This, by the way, is an argument for configuring business networks where port 80 & 443 are blocked outbound, and all the client machines have to go through a proxy machine, which can at least track the destination, and let you look for excessive usage via proxy-log analysis.
"Anyone willing to tell a lie can silence your online speech for ten days."
Not quite. Anyone willing to tell a lie which "substantially complies with the DMCA 512(c)(3)(A) clauses (ii), (iii), & (iv)" can silence your speech for ten days. You can't just claim that so-and-so wrote something you didn't like and the ISP will automatically remove your words as infringing-- the person making the claim has to identify a copyrighted work that your speech infringes upon, and the material in question has to be copyrightable in the first place.
Some ISPs are better than others at checking into this, but DMCA 512(c)(3)(B)(ii)) says that the OSP/ISP must (ie, is required to) seek clarification of any unclear aspects.
The DMCA actually requires that the person sending a takedown notice provide a description of the copyrighted items which are supposely infringing, a "statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed", and valid contact info so that the ISP can perform some minimal verification that the person sending the DMCA takedown notice really exists.
In other words, your #2 suggestion is already in place.
Your #1 suggestion is nonsense-- ISPs should not be hosting infringing material, period, regardless of whether they benefit financially or not.
As for #3, the DMCA lets the person posting the material refute the DMCA takedown claim (again, under penalty of perjury) and the ISP is required to put the material back up in 10-14 business days unless the original person filing the complaint files a lawsuit to enforce their claim. The DMCA isn't great, but it at least lets both sides make their position heard without the ISP having to take a firm position for one side or the other...especially when the ISP may not have any way of determining whether a claim is valid or not.
Respond with the Obligatory Barney Quote:
:-)
"....I can see your MIT education really pays for itself."
There are good CEOs/VPs/etc and bad ones; good ones understand that if their company depends on certain technological tools to work (VoIP phones, email, calender/meeting stuff, filesharing), they'd damn well better consider the costs of downtime versus the overhead of providing adequate IT support in-house.
Poor CEO/VP/senior management types can and do behave exactly as you've described, but the end results generally don't work as well as what you find from a good manager. The cold hard truth is that the services IT runs on servers on your LAN ought to have something resembling 99.99% uptime, whereas even the best places that you can outsource email/calendar stuff to (typically Exchange) tend to be down for at least an hour or two every few months-- and some places have much more significant outages than that.
I would say that games with poor AI commonly use tuning to help the AI compensate against the human player, but then they also use things like giving the AI a large # of units to start with, or bigger/multiple enemy bases compared with the human's starting forces, etc-- the early C&C and Warcraft games were famous for this, for example.
I would agree with the notion that tuning matters a lot in PvP, to make sure there isn't one "best unit" or "best weapon" that can be consistently used to win against people using any other units/weapons. This doesn't mean that you have to make every weapon equal in terms of "damage per shot" times "firing rate", but the game designer should make sure that it's at least possible for two decent players to compete with each other using various combinations of weapons or units and have one side or the other win at least some of the time.
With units, newer games like AoE, the newer versions of Civ, or the Total War series tend to use a rock/paper/sissors appoach, ie, pikemen kill cavalry, cavalry kill archer units, and archers kill pikemen. Not only is that more interesting, it encourages people to try a "combined" arms approach with different formations and so forth that has a more realistic feel. Not that being "more realistic" is always "more fun", mind you, but making games complicated enough that the results aren't obviously predictable and where unexpected outcomes can occur generally gives you a game which is more enjoyable to play and has greater replay value.
Um. You've acknowledged or at least not disputed my point that there are sources of DRM-free music aside from CD-ROMs.
Regardless of how popular or not popular you might feel Phish or the Greatful Dead are, they're still something that lots of people listen to and enjoy. If not every band allows concert taping, doesn't it make sense to support the bands which do rather than claiming their music is "less valuable" just because they let you freely share concert tapes...?
Actually, there are plenty of sites which offer free, legal, non-DRM'ed music online. Check out the SHN (shorten) format and www.etree.org-- the artist list includes Phish, The Grateful Dead, The Seth Yacovone Band, String Cheese Incident, The Slip, Medeski, Martin & Wood, Umphrey's McGee, The Big Wu, Amfibian and The New Deal, along with a bunch of other smaller bands who encourage people to buy "taping tickets", ie, which give them the right to go to a show, and get a feed off the soundboard, and then share the copy they make with anyone or everyone.
KoTOR I & II seem to qualify as good dialogue games-- at least, most of the plot choices are driven by the conversation topics you choose. There's enough replay value in them to do both at least twice (once as the light side, the other as the dark side).
Other people give honorable mention to Grim Fandango for the voice acting and plot in it.
Yeah, I doubt he's talking about IPv6 either. :-)
While it's possible to do wide-area networking with some of the later versions of Novell Netware (over SPX/IPX) and the old VAX mainframes running DECnet, or IBM mainframes & the AS/400 minis nowadays running SNA also had some WAN/routable protocol capabilities, pretty much everything most people use nowadays runs over TCP/IP....
I gather he's seriously a professor, but apparently not in a field that has much to do with computers. In particular, this quote from TFA:
...leapt out at me. First, the people who know the most about network protocol usage are firewall admins, network admins/managers, ISPs, and so forth-- who tend to identify themselves specifically as such, not as "technologists". Secondly, the overwhelming majority of network traffic (especially Internet traffic) is based off the TCP/IP protocol suite.
"If you talk to most technologists, they believe TCP/IP is now obsolete."
Now, there are parts of TCP/IP which are not commonly used or are not especially relevant, so yes, a few parts are obsolete, but overall, TCP/IP is becoming more commonly used rather than fading away...
There are several forms of PKI (ie, SSL X.509 certs, PGP/GnuPG/OpenPGP keypairs) which can be used with email: see RFC's 1991, 2440, 2487. There's also some good links off the IETF's S/MIME page here: http://www.imc.org/ietf-smime/
These have been around for several years, but the uptake of TLS/SSL aware SMTP servers has been slow, and the adoption of signed/secure email has also been very slow. The first problem lies mostly with mail server admins, because setting up even self-signed certs is time-consuming and complex unless you do it regularly, but is more likely to make progress than convincing the majority of users to deal with PGP's "web of trust", keysigning parties, and so forth.
For a program to call setuid(), it needs to have superuser permissions. For a program to be made setuid via the filesystem, you have to invoke chmod via "su". Unless you make the program setuid-root, it cannot change the user information to some arbitrary other user.
Certainly it's true that there have not been major outbreaks targetting Mac users for financial gain, but some of the more recent games like sniffing mail passwords in an internet cafe and then holding the account's email contents hostage would affect Mac users just as they would a Windows user.
For a program to change UID/EUID to another user, it needs to have superuser permissions. We're not going to gain in security by making Safari setuid-root or encouraging someone to browse the web as root (most likely).
Making Safari setuid via the filesystem requires fewer changes and no need for superuser.
If you notice how long it takes your system to run the "update_prebindings" script after a major update (ie, something which touches the main C library, aka System.framework), and divide by the number of executables it had to change, you've got an estimate as to the startup cost involved.
I made a quick guestimate and came up with on the order of 10 ms extra startup cost being saved by prebinding.
No, but thanks anyway for telling me about it and also for the gratituous comparison with a "hitman".
Maybe you're confusing me with someone else? I don't work for the RIAA or for anyone sending out cease-and-desist letters or filing lawsuits like the big labels; but I've done consulting work for mid-size cellphone companies to set up sites where either (a) they provide a service where you play a song into the phone and it recognizes the artist+track name, or (b) lets people put up their own free ringtones (in which case, scanning for copyrighted songs and keeping them from appearing on the site without a human check).
Interestingly enough, the first one wants to have very good "distorted" sample recognition, including recognizing people humming or trying to kareoke the song themselves (and yes, the samples you can get from this are completely hilarious-- listening to people trying to sing songs they don't know or can't exactly remember can generate some priceless comic quotes :-), whereas the second case would prefer to have no "distorted" matches so they don't have to do much reviewing of live stuff by operators.
Yes, that's exactly right.
It's not as dangerous as a bug which requires no interaction whatsoever, but it's common enough for people to boink on random links that the risk level of that exploit could be fairly high. It will be interesting to see whether malicious exploits appear widely for any of these Mac bugs, and how quickly they spread if so...
You could probably try doing this yourself:
/Applications/Safari.app/Contents/MacOS/Safari /Applications/Safari.app/Contents/MacOS/Safari ...and you'll probably need to also change the following:
chown unknown
chmod u+s unknown
chown -R unknown ~/Library/Caches/Safari
chown -R unknown ~/Library/Safari
Well, a lot of people do have Quicktime installed and configured as an automatic content handler when surfing-- and this includes not just Mac users but Windows users of QT as well. The shellcode or malware would be different for each platform, but the underlying bug is the same.