> just find some artist that you like, who is willing to give their work away for free. > There's plenty of homeless people with guitars and horns that you can listen to.
The record labels haven't forgotten, they're running scared and wreaking havoc with our society...
<sarcasm>Quite a few of those homeless musicians are probably still signed on record company contracts and aren't able to legally sell us their music as independents, poor guys!</sarcasm>
> Almost the entire cast, crew, and musicians involved in it's creation are dead.
From Wikipedia:
> Barbara Cook as Marian, and Eddie Hodges...
both are still alive (according to Wikipedia). (N.B.: This is a pedantic correction --- this doesn't mean that I believe they should still be profiting from their work after such a long time. Oh, if I'm going pedantic I might as well go all the way: you should have used "its", which is the possessive form of "it", and not "it's", which is a contraction of "it is". Compare with "his" and "he's".)
Established by Congress, this program has created an integrated network of centers at the Nation's leading research universities, which will help to continually align scientific results with homeland security priorities.
The kind of science I'm familiar with reports results, and as much as possible tries not to "align" them with "priorities".
> only protected by electronic measures they would have been abused long ago since it only takes one intrusion to set them off
Perhaps you have inside info I lack, but given the published details of the system (no one knows if they are accurate), you would probably need at least a few intrusions, because the minute you try to simplistically gain physical access to the chip with the key, you set off an explosive charge which fragments the chip sufficiently that no recoverable fragment contains more than 1 bit of the key.
> or just drop the warhead into a convenient location and trigger it
It's not a pistol, eh? Triggering it properly requires detonating several pieces of explosive with accurate timing. If we're talking fusion, make that especially accurate timing.
You don't sound like you really know what you're talking about. And yes, it might be possible to rework the raw nuclear material into a new warhead of your own design, but I rather doubt that one would work on the first try, either. Easier to just try to cropdust NYC with it.
> Well, you got that mainly right --- but mainly because....
> The safeguards on the US nuclear arsenal are also DRM. They've worked for a long time....
Ouch. After reading the AC who beat me to the punch, I reconsidered this, and using the nuclear weapon analogy wasn't such a good idea. My error emphasizes a second reason I totally ignored about why most everyday DRM cannot work, which is that it protects things which are meant to be easily accessible to the consumer.
> Hardware is no harder to attack than software, it just needs different tools.
About as accurate (not) as "Hardware is no harder to develop than software, it just needs different tools."
Unless "no harder" was meant in a sort of mathematical, theoretical, sense --- that neither can be totally secure. If you meant it that way, it's clear you totally miss a major point of security, that it always has to do with increasing the economic cost to the attacker (preferably to the point where his attack no longer makes economic sense), and has little to do with making things "absolutely secure".
> DRM cannot ever work.
Well, you got that mainly right --- but mainly because most things protected by DRM in everyday life are easily replaceable by inexpensive substitutes, so it doesn't make sense to protect them very well.
The safeguards on the US nuclear arsenal are also DRM. They've worked for a long time....
Wow. First time I encounter a persona like you on the net. Sometimes you post insightful comments, and sometimes you are a non-troll-ish just-for-fun voice-of-fictional-character.
> Taping TV shows is considered fair use and indeed was a result of legal cases, and you do not even have the original copy in that case.
I hope you're not planning on representing someone in court in the near future.
There could be little, if any, connection between the two cases; the rulings on TV, for example, might have hinged on the fact that TV is a broadcast medium.
Flamebait? I think some mod didn't understand something....
Re:Possible counter-attacks to myminicity link-spa
on
Archos 605 WiFi Hacked
·
· Score: 1
Frankly, in agreement with the post I replied to, I think any kind of activity within the framework of that game would in the end be counterproductive. What we need to develop is ways to "persuade" the game architects to prevent link-spamming from being profitable for the players of the game, or make games which encourage link-spamming not profitable.
> It has handled a couple of drops but dissembles itself.
Er, I had always had the impression that these things are not unconnected. I'd assumed that Nokia designed the phone so that the less valuable and less fragile parts (the covers, and perhaps the battery) absorb more of the energy of the collision, partially by flying off.
Possible counter-attacks to myminicity link-spam
on
Archos 605 WiFi Hacked
·
· Score: 2, Interesting
> a vain attempt at slashdoting the minicities which encourages them even more
I would think that it would be possible to try to DDoS the servers themselves by accessing URLs which seem OK but actually don't exist (e.g., take a link to a real myminicity and change the name of the city to a different random string each time). Of course, if the company running the servers is unscrupulous, it could always return ads for what should be 404's. But at the very least, attacking in this way doesn't encourage link spamming from people running the cities. And eventually one could hope that the people paying them for serving the ads would rebel.
This is of course just academic speculation, actually making such an application, or even encouraging people to access such URLs, might be against the law in the jurisdiction where you live, and I am not recommending that anyone break the law..... of course!
I'd ask that someone should work up an application like that (anonymously, of course) and post a link to it here, but then a clever myminicity geek could just spoof us with an application that actually accesses his real myminicity. Actually I'd guess it could be worked up in a few lines in Python which most knowledgeable Slashdot users could verify for themselves...
A totally different way to try to combat would be to choose a random city, access it to obtain the ads, and then click on each ad to find out who is paying for this c**p and then send them email explaining that they are financing link spammers and you are adding them to a list of companies to boycott for financing link spamming by advertising at myminicity.com. To be effective, the list should actually exist and be as widely published as possible.
> the real deterrent for Linux is that any significant malware attack will be patched by the community
Have you been reading the other comments? How can you patch the stupidity of your users?
After a clueless user has been owned properly, there is probably no effective way for the community to help him; that would require a full reinstall from scratch. This is not dependent on the operating system, as far as I can see.
OK, you have a good point; we are just considering two totally different simplicity metrics. it seems to me that by your metric, Forth, a language I admire a lot, would be a big winner; but my metric has to do with how simple the language is to learn and use for a "non-power" end user, not how simple it is to implement.
This thread is (originally) about using Python as a scripting/control language for a scientific computation package; many users won't be Comp. Sci. majors and I'm pretty sure that it would take some extra effort for them to use a functional language like Scheme as compared to Python, where they would at least have infix notation for the familiar operators.
No, and most casual users of Python don't need to.
I use Python a lot, and I have to agree with mangu that its syntax is a lot simpler than many alternatives I've looked into (or used) like Lisp, Scheme, or even Perl (and yes, I'm sure there are a gadzillion other languages I haven't managed to look into yet, including PHP, Lua, and others).
So you've done this? You were a customer of The MathWorks who didn't upgrade an old version of Matlab and they let you buy a new seat without upgrading your old one?
You do realize that the situation we're talking about is "we have the right to dictate any renewal and purchase terms for our software which are not otherwise illegal", right? The situation that ScrewMaster describes does not seem to me to be particularly unlikely.
And yes, I realize ScrewMaster's company could get around it in various, perhaps illegal ways, like having the employee buy a personal copy and giving him a bigger bonus or something. That doesn't change the validity of his complaint.
> I think you underestimate the paranoia of some open source users.
No, as one of these open-source users on the higher end of the paranoia scale, I think I may have a better feeling for it than you think.
More and more malware attacks are protecting themselves from the "herd defenses", for example anti-virus signatures, via highly specific targeting (i.e., only infect a small segment of the user population, e.g., only delivering the payload to users from specific IP address blocks, so that the probability of the malware being detected is minimized and its active lifetime extended). This same kind of targeting would also help to protect against detection via reverse engineering.
I have a strange feeling that as open-source gets more and more mainstream use, we will start to see things like open-source projects where released compiled binaries are compilations of modified versions of the released source code, which contain malware. No amount of code review is going to catch that.
I wonder if to counter-act this, open-source projects will start to release, in addition to the source, all of the compilation settings, etc. which were used to create their released binaries, so that anyone with the same development platform can more easily verify that there is no hanky-panky going on.
Slashdot Mirror
> just find some artist that you like, who is willing to give their work away for free.
> There's plenty of homeless people with guitars and horns that you can listen to.
Wow, that's one hell of a strawman... haven't you conveniently forgotten the growing, ever growing, numbers of independent professional and semi-professional musicians fueled by new options for making money from their music who many of us, like me, are willing to pay?
The record labels haven't forgotten, they're running scared and wreaking havoc with our society...
<sarcasm>Quite a few of those homeless musicians are probably still signed on record company contracts and aren't able to legally sell us their music as independents, poor guys!</sarcasm>
Hell, look at the Constitution. Even the *politicians* didn't have confidence in politics/government back then.
Yeah, that's why Twofish was one of the 5 finalist algorithms of NIST's AES competition.
And Blowfish is still unbroken after 15 years.
I should be such a crappy cryptographer!
Interesting, this smells like a preemptive analogy to Godwin's law.
BTW, you forgot terms like linsux, etc. Probably every flamewar has its particular TroMorF (Troll-Moron-Fanatic) identifying terms...
> The artist needs an audience and the audience needs an artist. Problem solved.
This is Slashdot. You forgot the last point:
?) Profit!
i.e., something of value has to be transferred from the audience to the artist. Or will all art be hobbyist in your future?
> Almost the entire cast, crew, and musicians involved in it's creation are dead.
...
From Wikipedia:
> Barbara Cook as Marian, and Eddie Hodges
both are still alive (according to Wikipedia). (N.B.: This is a pedantic correction --- this doesn't mean that I believe they should still be profiting from their work after such a long time. Oh, if I'm going pedantic I might as well go all the way: you should have used "its", which is the possessive form of "it", and not "it's", which is a contraction of "it is". Compare with "his" and "he's".)
What a Freudian slip!
> only protected by electronic measures they would have been abused long ago since it only takes one intrusion to set them off
Perhaps you have inside info I lack, but given the published details of the system (no one knows if they are accurate), you would probably need at least a few intrusions, because the minute you try to simplistically gain physical access to the chip with the key, you set off an explosive charge which fragments the chip sufficiently that no recoverable fragment contains more than 1 bit of the key.
> or just drop the warhead into a convenient location and trigger it
It's not a pistol, eh? Triggering it properly requires detonating several pieces of explosive with accurate timing. If we're talking fusion, make that especially accurate timing.
You don't sound like you really know what you're talking about. And yes, it might be possible to rework the raw nuclear material into a new warhead of your own design, but I rather doubt that one would work on the first try, either. Easier to just try to cropdust NYC with it.
>> DRM cannot ever work.
....
> Well, you got that mainly right --- but mainly because
> The safeguards on the US nuclear arsenal are also DRM. They've worked for a long time....
Ouch. After reading the AC who beat me to the punch, I reconsidered this, and using the nuclear weapon analogy wasn't such a good idea. My error emphasizes a second reason I totally ignored about why most everyday DRM cannot work, which is that it protects things which are meant to be easily accessible to the consumer.
> Hardware is no harder to attack than software, it just needs different tools.
About as accurate (not) as "Hardware is no harder to develop than software, it just needs different tools."
Unless "no harder" was meant in a sort of mathematical, theoretical, sense --- that neither can be totally secure. If you meant it that way, it's clear you totally miss a major point of security, that it always has to do with increasing the economic cost to the attacker (preferably to the point where his attack no longer makes economic sense), and has little to do with making things "absolutely secure".
> DRM cannot ever work.
Well, you got that mainly right --- but mainly because most things protected by DRM in everyday life are easily replaceable by inexpensive substitutes, so it doesn't make sense to protect them very well.
The safeguards on the US nuclear arsenal are also DRM. They've worked for a long time....
Wow. First time I encounter a persona like you on the net. Sometimes you post insightful comments, and sometimes you are a non-troll-ish just-for-fun voice-of-fictional-character.
Has anyone coined a term for personas like you?
> Taping TV shows is considered fair use and indeed was a result of legal cases, and you do not even have the original copy in that case.
I hope you're not planning on representing someone in court in the near future.
There could be little, if any, connection between the two cases; the rulings on TV, for example, might have hinged on the fact that TV is a broadcast medium.
Flamebait? I think some mod didn't understand something....
Frankly, in agreement with the post I replied to, I think any kind of activity within the framework of that game would in the end be counterproductive. What we need to develop is ways to "persuade" the game architects to prevent link-spamming from being profitable for the players of the game, or make games which encourage link-spamming not profitable.
Bruce Schneier often comments on the problem of these kinds of externalities.
> It has handled a couple of drops but dissembles itself.
Er, I had always had the impression that these things are not unconnected. I'd assumed that Nokia designed the phone so that the less valuable and less fragile parts (the covers, and perhaps the battery) absorb more of the energy of the collision, partially by flying off.
> a vain attempt at slashdoting the minicities which encourages them even more
I would think that it would be possible to try to DDoS the servers themselves by accessing URLs which seem OK but actually don't exist (e.g., take a link to a real myminicity and change the name of the city to a different random string each time). Of course, if the company running the servers is unscrupulous, it could always return ads for what should be 404's. But at the very least, attacking in this way doesn't encourage link spamming from people running the cities. And eventually one could hope that the people paying them for serving the ads would rebel.
This is of course just academic speculation, actually making such an application, or even encouraging people to access such URLs, might be against the law in the jurisdiction where you live, and I am not recommending that anyone break the law..... of course!
I'd ask that someone should work up an application like that (anonymously, of course) and post a link to it here, but then a clever myminicity geek could just spoof us with an application that actually accesses his real myminicity. Actually I'd guess it could be worked up in a few lines in Python which most knowledgeable Slashdot users could verify for themselves...
A totally different way to try to combat would be to choose a random city, access it to obtain the ads, and then click on each ad to find out who is paying for this c**p and then send them email explaining that they are financing link spammers and you are adding them to a list of companies to boycott for financing link spamming by advertising at myminicity.com. To be effective, the list should actually exist and be as widely published as possible.
> Rather than a tool to teach basic education skills, it's primary use is as a political propaganda tool.
And pray tell, from where in the article did you learn this? and if it wasn't from the article, post a source.
[BTW, your use of "it's" was wrong, you should have used "its".]
> What does he Supervise? That people ....
No, duh, he makes sure Superman doesn't go around peeping, of course!
His next project is to extract lead from toy manufacturer's paints to make lead-shielded underwear....
> the real deterrent for Linux is that any significant malware attack will be patched by the community
Have you been reading the other comments? How can you patch the stupidity of your users?
After a clueless user has been owned properly, there is probably no effective way for the community to help him; that would require a full reinstall from scratch. This is not dependent on the operating system, as far as I can see.
OK, you have a good point; we are just considering two totally different simplicity metrics. it seems to me that by your metric, Forth, a language I admire a lot, would be a big winner; but my metric has to do with how simple the language is to learn and use for a "non-power" end user, not how simple it is to implement.
This thread is (originally) about using Python as a scripting/control language for a scientific computation package; many users won't be Comp. Sci. majors and I'm pretty sure that it would take some extra effort for them to use a functional language like Scheme as compared to Python, where they would at least have infix notation for the familiar operators.
No, and most casual users of Python don't need to.
I use Python a lot, and I have to agree with mangu that its syntax is a lot simpler than many alternatives I've looked into (or used) like Lisp, Scheme, or even Perl (and yes, I'm sure there are a gadzillion other languages I haven't managed to look into yet, including PHP, Lua, and others).
So you've done this? You were a customer of The MathWorks who didn't upgrade an old version of Matlab and they let you buy a new seat without upgrading your old one?
You do realize that the situation we're talking about is "we have the right to dictate any renewal and purchase terms for our software which are not otherwise illegal", right? The situation that ScrewMaster describes does not seem to me to be particularly unlikely.
And yes, I realize ScrewMaster's company could get around it in various, perhaps illegal ways, like having the employee buy a personal copy and giving him a bigger bonus or something. That doesn't change the validity of his complaint.
Just by chance (of course) I posted a comment about this happening more and more... just yesterday!
The timing makes me look bad...
> I think you underestimate the paranoia of some open source users.
No, as one of these open-source users on the higher end of the paranoia scale, I think I may have a better feeling for it than you think.
More and more malware attacks are protecting themselves from the "herd defenses", for example anti-virus signatures, via highly specific targeting (i.e., only infect a small segment of the user population, e.g., only delivering the payload to users from specific IP address blocks, so that the probability of the malware being detected is minimized and its active lifetime extended). This same kind of targeting would also help to protect against detection via reverse engineering.
I have a strange feeling that as open-source gets more and more mainstream use, we will start to see things like open-source projects where released compiled binaries are compilations of modified versions of the released source code, which contain malware. No amount of code review is going to catch that.
I wonder if to counter-act this, open-source projects will start to release, in addition to the source, all of the compilation settings, etc. which were used to create their released binaries, so that anyone with the same development platform can more easily verify that there is no hanky-panky going on.