No, I think the numbers which really mattered to Sony (not that they are going to figure this out) are:
4 years = amount of time before geek rage focussed on cracking the DRM of the PS3
10 months = amount of time PS3 DRM withstood geek rage
OTOH, I rather doubt Sony will initially sell their next generation consoles with "OtherOS", while at the same time the high-performance computing community is more and more focused on GPGPU acceleration. So maybe they don't care that they're just giving themselves bad PR with the geek crowd while not really preventing anyone from obtaining tools to develop / run homebrew / run pirated games.
After all, the rootkit incident didn't cause a general focus on cracking the PS3. So perhaps this won't cause their next console to become a target from the very start --- or maybe yes, because it won't have OtherOS. Only time will tell.
I'd guess that most open-source projects are one- or two-developer deals, max (actually, if you look at SourceForge, you'd end up saying that most projects are zero-developer deals!). However, the most-used projects are much better "staffed", which might mean that there is more of a chance that the people in charge of vetting the commits have some specialized training to catch malevolent changes (and also that more than one set of eyeballs might be looking at every commit).
In the end, it comes down to a matter of trust. Once a developer has gained a reputation for being trustworthy via having made significant contributions, my guess is that it becomes easier for him to slip bad code into a project. So I suppose the black hats might eventually be a net gain for the open-source movement. On the other hand, I'd guess that organized crime might find it expedient to pay key developers a personal visit, to deliver the famous "offer you cannot resist" --- and once that happens, people might be scared off from contributing.
The first action the intruder took, changing the SSH password, set off an automatic email notification, which is how the compromise was detected. Pretty stupid.
A pity that the clueless black hats eventually learn, tho. Not that this means that open-source is totally helpless. In the past, malevolent software updates have been caught. If this becomes widespread, it just means that the development is slowed by the necessity for peer review.
> I just want the giant music labels to get completely replaced by some combination of thousands of indie efforts.
A beautiful dream, but unfortunately unlikely, because most people prefer to have someone else decide what they should like, all the while believing that they decide for themselves.
This probably won't change for at least a few generations, if ever (it might be something instinctive which has been enhanced by evolution, actually).
Are you being intentionally obtuse, or did you just not understand what you read? The article stated that in the past, people pirated the songs off of the radio (or, more probably, just got rips from radio station employees), weeks before it is released.
Your post fails epically, because it assumes that the majority of people only buy music because they cannot obtain it for free. The boom in sales of digital music (in the form of singles), indicates that you are probably wrong in this assumption, to a large extent.
That's an impressive step forward in progress, I'd say, and a huge win for Google. I'd like to know how much Sony paid for that information, because it is highly valuable to them.
I have the impression that Google gives this info away for free, via Google Trends. I'm fairly sure that iTunes, however, charges a pretty penny.
Not that Google doesn't have a lot of info which you cannot get via Google Trends. For example, Sony might be interested in knowing what kinds of MP3 players are searched for by people who have also searched for a certain song --- to get info like that you probably have to pay Google good coin.
My apologies, I misunderstood your use of "a" in "a secret answer" to mean "always the same one".
To be honest, I also don't always bother to generate strong security question answers, it certainly depends on how important is the resource being protected.
Better than typing the real answer, but weak because you are reusing the same password (which is probably sent to the website in cleartext, not hashed) between different resources, any one of which might expose it (via an unscrupulous employee, for example).
With my suggestion, one can merely prefix the answer string with the name of the resource before hashing, and voila, every web site has a unique secret answer.
(P.S. For anyone foolish enough to think otherwise, I personally use a more sophisticated Python script for this, don't waste your time trying to break into my email using this "information".)
Yes, and climate change theory says that if you add more greenhouse gases to a system then the temperature of the system will rise on average over time, and THAT can be tested. It just doesn't say by how much, in a decade.
This reminds me of jokes about mathematicians giving correct information which is totally useless. In the context of public policy decision making, the quantity of the actual rise is important, not the sign of the derivative. I guess that means you believe that climate change theory is useless for generating input for public policy decision making, eh?
The debate kind of reminds me of my youth, with all of the predictions of long-term world population growth and predictions of the resulting economic and environmental ramifications. In the meantime, the rate of increase of the world population has started to decline, giving hope that the world population might stabilize at somewhere around 10^10, which might be sustainable without world-scale disasters culling the population.
That depends on how you define "correct". Even in mathematics texts, there can be typos. In addition, older texts will omit more current mathematical knowledge (e.g., all books listing "open problems in number theory" which predate Wiles' proof of Fermat's Last Theorem).
But I'd guess that the majority of "wrong" in such texts is in the attribution of the theorems which are used --- there's a huge number of math theorems which are attributed to the mathematicians who conjectured them rather than to the mathematicians who proved them, or to more famous mathematicians who are not the first mathematicians to have proven them.
If one raises the level of "pedantic" enough, I can imagine you might have a hard time to find those 10% of 100% "correct" mathematics texts.
YouTube displays the content it hosts, which requires that it is uploaded unencrypted. Rapidshare doesn't display uploaded content, which means it is trivial for anyone to upload an archive which includes encrypted content and also a CAPTCHA revealing the password.
Only YouTube's business model is amenable to automatic copyright infringement detection.
In reality, they are only trying to do their jobs, which is hard enough because they are figuratively slammed between two opposing parties : on one side the passengers who do not want to be disturbed , and on the other side their bosses, who will lose their jobs if it becomes public knowledge that the actual terrorist threat was adequately taken care of by pre-TSA screening, reinforcing cockpit doors, and educating passengers that cooperating with terrorists is a bad idea.
There FTFY. Too bad that airport security isn't as easily fixed.
I was thinking that he would do the research to find American companies which end up getting (part of) the money the dumb jerks are paying, who actually buy the stuff advertised by the spam (assuming that the anti-spam laws forbid such contributory behavior).
> this isn't the Nigerian princes, or Russians trying to sell you v1@gra
That would seem to be a smart, if cowardly, business plan. I'd guess that if any one person would become too much of a financial burden on the foreign spammer community, there would be a significant chance they would put out a contract on his life.
Based on http://wikileaks.nl/support.html it is still possible to transfer money directly to two bank accounts (to fund Wikileaks itself, there is also information there if you want to fund Assange's defense):
Bank Transfer - Option 1: via Sunshine Press Productions ehf:
Bank Transfer - Option 2: via the not-for-profit Wau Holland Stiftung Foundation:
This support is tax deductible in Germany Bank Account: 2772812-04 IBAN: DE46 5204 0021 0277 2812 04 BIC Code: COBADEFF520 Bank: Commerzbank Kassel German BLZ: 52040021 Subject: WIKILEAKS / WHS Projekt 04
The page also states that some European banks can transfer directly to Datacell, the collection agent for Wikileaks:
Using:
DirectEBanking : For online Donations from selected banks in Germany, Belguim, Austra, Switzerland and UK
Last time I checked, strong encryption is only legal in France if you give the key to the government. It's been suspected for a long time that the French government monitors commercial communications of non-French companies and passes on the information to French companies to give them an advantage over their competitors.
OTOH, if thousands of people start using "weak" encryption (say, 40-bit ephemeral keys), I rather doubt that the government is going to go (or even be able to) crack everyone's keys.
You're hoping for the wrong utopia. You should be hoping for the utopia where people are always willing to pay for things which they value, even if they can obtain them for free (or for a small risk).
We already live in the reality where everyone has the ability, if not the right, to trample copyright patent protection for private use. This reality isn't going to change (in any society worthy of being called a democracy, of course).
Slashdot Mirror
> But these are the numbers which matter to Sony.
No, I think the numbers which really mattered to Sony (not that they are going to figure this out) are:
OTOH, I rather doubt Sony will initially sell their next generation consoles with "OtherOS", while at the same time the high-performance computing community is more and more focused on GPGPU acceleration. So maybe they don't care that they're just giving themselves bad PR with the geek crowd while not really preventing anyone from obtaining tools to develop / run homebrew / run pirated games.
After all, the rootkit incident didn't cause a general focus on cracking the PS3. So perhaps this won't cause their next console to become a target from the very start --- or maybe yes, because it won't have OtherOS. Only time will tell.
> has this case in the bag
Ain't no such thing in court. Especially if it's a jury trial.
I'd guess that most open-source projects are one- or two-developer deals, max (actually, if you look at SourceForge, you'd end up saying that most projects are zero-developer deals!). However, the most-used projects are much better "staffed", which might mean that there is more of a chance that the people in charge of vetting the commits have some specialized training to catch malevolent changes (and also that more than one set of eyeballs might be looking at every commit).
In the end, it comes down to a matter of trust. Once a developer has gained a reputation for being trustworthy via having made significant contributions, my guess is that it becomes easier for him to slip bad code into a project. So I suppose the black hats might eventually be a net gain for the open-source movement. On the other hand, I'd guess that organized crime might find it expedient to pay key developers a personal visit, to deliver the famous "offer you cannot resist" --- and once that happens, people might be scared off from contributing.
> it is not necessary as it is assumed that software package people will not
> be introducing security holes into software
And we've seen how one can be bitten by this assumption, badly (Debian SSH patch-of-entropy-death).
The first action the intruder took, changing the SSH password, set off an automatic email notification, which is how the compromise was detected. Pretty stupid.
A pity that the clueless black hats eventually learn, tho. Not that this means that open-source is totally helpless. In the past, malevolent software updates have been caught. If this becomes widespread, it just means that the development is slowed by the necessity for peer review.
> I just want the giant music labels to get completely replaced by some combination of thousands of indie efforts.
A beautiful dream, but unfortunately unlikely, because most people prefer to have someone else decide what they should like, all the while believing that they decide for themselves.
This probably won't change for at least a few generations, if ever (it might be something instinctive which has been enhanced by evolution, actually).
Are you being intentionally obtuse, or did you just not understand what you read? The article stated that in the past, people pirated the songs off of the radio (or, more probably, just got rips from radio station employees), weeks before it is released.
Your post fails epically, because it assumes that the majority of people only buy music because they cannot obtain it for free. The boom in sales of digital music (in the form of singles), indicates that you are probably wrong in this assumption, to a large extent.
I have the impression that Google gives this info away for free, via Google Trends. I'm fairly sure that iTunes, however, charges a pretty penny.
Not that Google doesn't have a lot of info which you cannot get via Google Trends. For example, Sony might be interested in knowing what kinds of MP3 players are searched for by people who have also searched for a certain song --- to get info like that you probably have to pay Google good coin.
My apologies, I misunderstood your use of "a" in "a secret answer" to mean "always the same one".
To be honest, I also don't always bother to generate strong security question answers, it certainly depends on how important is the resource being protected.
Better than typing the real answer, but weak because you are reusing the same password (which is probably sent to the website in cleartext, not hashed) between different resources, any one of which might expose it (via an unscrupulous employee, for example).
With my suggestion, one can merely prefix the answer string with the name of the resource before hashing, and voila, every web site has a unique secret answer.
Why not try using the Linux/Cygwin command line?
echo "mother's maiden name" | md5sum | sha1sum
If you want to be fancy:
(echo -n "string1" ; echo "string2" | md5sum) | sha1sum
(P.S. For anyone foolish enough to think otherwise, I personally use a more sophisticated Python script for this, don't waste your time trying to break into my email using this "information".)
This reminds me of jokes about mathematicians giving correct information which is totally useless. In the context of public policy decision making, the quantity of the actual rise is important, not the sign of the derivative. I guess that means you believe that climate change theory is useless for generating input for public policy decision making, eh?
The debate kind of reminds me of my youth, with all of the predictions of long-term world population growth and predictions of the resulting economic and environmental ramifications. In the meantime, the rate of increase of the world population has started to decline, giving hope that the world population might stabilize at somewhere around 10^10, which might be sustainable without world-scale disasters culling the population.
That depends on how you define "correct". Even in mathematics texts, there can be typos. In addition, older texts will omit more current mathematical knowledge (e.g., all books listing "open problems in number theory" which predate Wiles' proof of Fermat's Last Theorem).
But I'd guess that the majority of "wrong" in such texts is in the attribution of the theorems which are used --- there's a huge number of math theorems which are attributed to the mathematicians who conjectured them rather than to the mathematicians who proved them, or to more famous mathematicians who are not the first mathematicians to have proven them.
If one raises the level of "pedantic" enough, I can imagine you might have a hard time to find those 10% of 100% "correct" mathematics texts.
> You don't want to make that cloud angry.
Do not taunt happy green cloud?
We need this like the bad moderation I'm trying to undo with this post...
Big difference.
YouTube displays the content it hosts, which requires that it is uploaded unencrypted. Rapidshare doesn't display uploaded content, which means it is trivial for anyone to upload an archive which includes encrypted content and also a CAPTCHA revealing the password.
Only YouTube's business model is amenable to automatic copyright infringement detection.
> Try to create a new account. It will ask for a phone number.
You didn't, perchance, just try to leave that blank?
Last time I checked, it was possible.
Of course! Indians have been using beta version (smoke) clouds for communication since prehistoric times!
There FTFY. Too bad that airport security isn't as easily fixed.
I was thinking that he would do the research to find American companies which end up getting (part of) the money the dumb jerks are paying, who actually buy the stuff advertised by the spam (assuming that the anti-spam laws forbid such contributory behavior).
> this isn't the Nigerian princes, or Russians trying to sell you v1@gra
That would seem to be a smart, if cowardly, business plan. I'd guess that if any one person would become too much of a financial burden on the foreign spammer community, there would be a significant chance they would put out a contract on his life.
Based on http://wikileaks.nl/support.html it is still possible to transfer money directly to two bank accounts (to fund Wikileaks itself, there is also information there if you want to fund Assange's defense):
Bank Transfer - Option 1: via Sunshine Press Productions ehf:
Skulagötu 19, 101 Reykjavik, Iceland
Landsbanki Islands Account number 0111-26-611010
BANK/SWIFT:NBIIISRE
ACCOUNT/IBAN:IS97 0111 2661 1010 6110 1002 80
Bank Transfer - Option 2: via the not-for-profit Wau Holland Stiftung Foundation:
This support is tax deductible in Germany
Bank Account: 2772812-04
IBAN: DE46 5204 0021 0277 2812 04
BIC Code: COBADEFF520
Bank: Commerzbank Kassel
German BLZ: 52040021
Subject: WIKILEAKS / WHS Projekt 04
The page also states that some European banks can transfer directly to Datacell, the collection agent for Wikileaks:
Using:
See URLs http://www.datacell.com/news.php and https://payments.datacell.com/ for more info about that last option
Last time I checked, strong encryption is only legal in France if you give the key to the government. It's been suspected for a long time that the French government monitors commercial communications of non-French companies and passes on the information to French companies to give them an advantage over their competitors.
OTOH, if thousands of people start using "weak" encryption (say, 40-bit ephemeral keys), I rather doubt that the government is going to go (or even be able to) crack everyone's keys.
Wow, thanks for the education.
I'd been aware that copyright law was really out of sync with common sense, but had missed this whopper of idiocy.
You're hoping for the wrong utopia. You should be hoping for the utopia where people are always willing to pay for things which they value, even if they can obtain them for free (or for a small risk).
We already live in the reality where everyone has the ability, if not the right, to trample copyright patent protection for private use. This reality isn't going to change (in any society worthy of being called a democracy, of course).