As another Illinois voter I just want to point out that ballots in Illinois vary in technology by polling authority. You can clearly see from pictures that Obama used a paper ballot and optical reader. When I early voted in DuPage county last week, we used electronic voting machines with paper-trail backup. And I know from the DuPage county board of elections site that if I had voted today I would have a paper ballot with "fill in the oval" style voting at my usual voting place.
Not sure where you were that you had the "line" style optical ballot, that's the first I've heard of it.
On a WGN note, I will miss Spike when he leaves next month.
That's the idea! Computers are bad, go back to the abacus! From the article...
"'We're going to discard tens of millions of dollars to go to a system that is less accurate and secure,' said John Willis, an elections expert who was secretary of state under former Maryland governor Parris N. Glendening (D). 'The proper question is security and safeguards. It's not to go backwards into the 19th century with paper."
While I applaud these states for identifying that they're using a sloppy e-voting solution, is the right solution really to go back to the equivalent of the steam engine? While I agree you can tamper with most (all?) of the e-voting machines out there plenty of them provide a paper audit record that the voter can validate. Don't through the baby out with the bathwater on this.
It does make me wonder...would they not have been better waiting another 3 weeks--or until late January--to bring this suit so W has less, uh, clout with which to sweep this under the rug?
I ask because it's not clear: Does your IT department (or, in fact, Info Security, etc.) approve of or support you trying to connect to the mail server from a Linux system? Are you within your company's approved use terms? It would seem to me that if your company approves of you checking your mail with something other than Outlook they would be providing support to you for doing so.
Please don't get me wrong--I'm all for Linux and open source, and all those great things. But your company email solution belongs to your company, and they must have a say in how you're connecting to it. Expecting the company to open up IMAP or POP3 or something else for you may be inappropriate.
That said, if they do support/encourage/allow what you're doing, good luck, I'll be looking for that answer myself.
Of course following a little further back can do the trick as well, something about sight lines and angles and such. There's also the trick of looking through the car in front of you, which I know doesn't work in areas that allow window tinting and the like. Speaking of which, have you seen an SUV in the past 10 years that didn't have tinted windows?
"while those channels might be popular with slashdot, they are massively unpopular with the public at large. What this means is that they will be expensive. Right now the reason there are some geek friendly channels on cable is because they are subsidized by the popular stuff. If ala carte pricing ever happens, the only affordable channels will be the popular ones, and all the niche channels will cease to exist, or be prohibitively expensive."
I don't know that I buy that.
In (some) other countries, content providers actually PAY THE CABLE COMPANY to carry their signals. The content providers then make their money on the commercials that they include within their programming. They get more money in ad revenue based on proving that they can be seen by X number of subscribers, based on their agreements with the cable companies.
In many cases in the US, the content provider "bullies" the cable company into paying to carry their lesser channels thusly: "We know that our flagship station, 'E5PN', is really, really popular. We will stop providing you with that station unless you also pay us for 'E5PN Shot Put' and 'E5PN Pinewood Derby' and bundle them with your basic cable package. Oh, and that's after you pay us the outrageous amount to show 'E5PN' anyway."
So will we lose some specialty channels? Maybe. But the true "cost" of carrying a channel is going down, especially now that as digital becomes more prevalent you can stuff more channels into a given bandwidth than you could with analog. So the only thing left driving the price becomes the actual content provider's budget. If "E5PN Shot Put" can survive on the revenue generated from the people who want to watch it, then it will be there. If not, it goes away. Kinda like broadcast TV really...I'm more worried about paying $200/month for "E5PN," since they have a monopoly on the content--you can't get "$ports Centre" on SciFi.
I can't believe the artist that was first recorded on CD. What, were the Bee Gees unavailable? And now I've got one of their damn songs going through my head. Damn you first CD trivia!
"I can see this working if they have a dedicated teacher that knows what he's talking about"
You mean, the same as having a math teacher teach math, or a history teacher teach history? You may be on to something here...Now if only there was a way to implement such an idea...
Of course, there are those environments, like grade schools, where one teacher often covers all the classes for a particular grade level. So with the right reference materials and training they could probably teach your 5th grader the basics of Internet safety. And just like with math or history, perhaps you re-teach some next year while adding new bits to it.
In my opinion as a network and network security professional, the affidavit takes some liberties with the truth of IP networking. Most blatantly it ignores the technologies of NAT and PAT, and assumes that the IP address presented to the Internet belongs to a single computer, and that this computer is owned and operated by the person who the IP address was assigned to. To me, this is the crux of the whole argument: You simply can NOT determine the identity of a USER by the IP address shown to the Internet. You can only identify the owner/subscriber of the connection to the Internet. You MUST do further evidence gathering to complete the discovery process and identify a person.
Here are my thoughts paragraph by paragraph. I hope they're helpful. If not, I hope they're at least not dry. FULL DISCLOSURE: I've never actually used any P2P network software, but then again when I was in college "gopher" was a cool utility.
6. "At any given moment, millions of people illegally use online media distribution systems to upload or download copyrighted material." By who's count? Where did this number come from? How many millions of people are on the Internet? Is he saying that such a huge percentage of the users of the Internet are "at any given time" ALL illegally sharing files?
8. "Thus, the vast majority of the content that is copied and distributed on P2P networks is unauthorized by the copyright owner" This statement is far too broad. Again, what evidence does he have? Is he further stating that the vast majority of the files on P2P networks are music files? Again, by what evidence?
12. "Users of P2P networks...can be identified by using Internet Protocol ("IP") addresses because the unique IP address of the computer offering the files for distribution can be captured..." This is factually incorrect. While the IP address being presented to the Internet can be determined, this IP address may represent any number of distinct computers due to technologies such as Network Address Translation (NAT) and Port Address Translation (PAT). If the "unique IP address" of the actual computer can still be identified by the P2P client (which I can not speak to having never actually used P2P software) that addresses is not necessarily permanent either. The technology of Dynamic Host Control Protocol (DHCP) allows for the temporary assignment of IP addresses to computers. This means that the IP address of the computer in question may have changed between the time of the alleged distribution of copyrighted materials and the time of the investigation of that. Further still, and IP address is assigned to a computer, not to a person. This argument does not, in any way, indicate any correlation between IP address and person. It is more akin to identifying a driver based on a photograph of the license plate of the car. Yes, you may know who owns the car, but you don't know who was driving. For that matter, you don't know if somebody lifted the license plate and put it on a different car.
12. "Two computes cannot effectively function if they are connected to the Internet with the same IP address at the same time." This does not account for methods of hijacking an IP address, nor does it account for the NAT or PAT technologies discussed earlier.
12. "This is analogous to the telephone system where each location has a unique number." In so far as you can identify the "owner" of the telephone number, but you still haven't identified who placed the call.
16. "Once provided with the IP address, plus the date and time of the infringing activity...can identify the computer from which the infringement occurred (and the name and address of the subscriber that controls that computer)." There is an assumption here that there is no NAT or PAT occurring on the network. More correctly, what can be identified is the subscriber to whom the IP has been assigned. That IP may represent a single computer or a network of computers. That network may include publicly accessible connections, and unless the RIAA has done the due-diligence to determine that the subscriber who had the IP address at that time has a secure and locked-down network, they still have not even identified an actual computer yet.
While underestimating your opponent is always bad, so can overestimating them. Why would a company have thought out legal action any better than they think out IT infrastructure, employee health care, etc.? How many times have you seen a company completely blow a truly big decision before? Why assume the legal department is any better?
Don't forget that the RIAA isn't just using employee lawyers, they've hired litigation firms. And, just like any good contractor, those firms certainly have glossed over any pitfalls of their strategy in order to convince the RIAA to pay them lots of money to do what they do. And do you think the RIAA lawyer who rubber-stamped this process had the time and the background to realize that there might be something wrong with the way they were proceeding? How many data center managers and CIO's have you seen rubber-stamp a great IT idea that turned out to cost the company 10-times the original estimate, and result in lost productivity and higher maintenance costs? Why assume lawyers are any different?
"But the question remains why anyone feels violated by this"
Because it's another way to track me. Not to pull my tinfoil hat down so far that I can't see, but I simply don't need another way for somebody to get my information. I have a Slashdot login, but there's no profile info, because that's my choice. I have profiles with ISP's, but wherever possible there's no personal information available to the public, because that's my choice. It's just my choice to limit who gets that info, and how it's distributed.
Violated by this? Perhaps not. However, it will be a differentiator as I decide where to buy my online music from now on.
PS, this isn't an Apple bashing session, it's a business practice bashing session. iTunes is the big kid on the block, though, so the story broke about them, since it has the widest impact.
The issue is apples and oranges. Joe 6-pack doesn't install Windows himself, he buys a computer with it already on there. If he's going to use Ubuntu, or any other flavor of linux, he's much more likely to have to install it himself, because HP, Dell, etc., don't (yet) have pre-installed versions for him. So ease of install is UBER-important because Joe 6-pack will have to do it himself.
Even for somebody who's used to installing Windows, a linux install can be intimidating. "What the hell is this "swap" partition for? Why can't I just make one big drive? What are all these different keyboard choices? I just have a regular keyboard, which one is that?"
Sure, it's child's play to somebody who knows, but you can't assume Joe 6-pack does.
Has anybody checked the local economy in Michigan lately? Let's look at the pillars of their industry.
1. Paper industry. This one has been on the way out for about a decade at least. Fortunately, they've laid off about everyone they can already. 2. Chrysler/Ford/General Motors. Survey anybody who works for one of these companies, or for any of the thousands of companies that were built to do business with them, and I doubt you'll see too many of them who think they'll have jobs within the next 5 years. 3. Pharmasuticals. Well yes, these companies are, in general, doing ok. However, they've been pulling out of Michigan for some time now.
All this leads to the question: When there's not enough jobs for people in the state, and you can't sell your home because nobody is moving into Michigan (unless it's a cabin in the woods) so you can't afford to leave, are you really going to believe that the best use of your tax dollars is buying every kid a music player?
For crying out loud Michigan! Figure out how to create some jobs, not how to isolate kids by ensuring they don't ever talk or interact with others because they've got ear-buds in all day.
"He downloaded material without bothering to make sure that what he was downloading was what he needed in order to play the music."
Indeed, but that isn't really the point, is it?
The point is he has a music player. He found music he could legally purchase. But it turns out that he would have to jump through hoops to get the music he wanted to work on his music player. What were his choices?
1. Go without. 2. Buy a new, compatible, music player. 3. Go through a bunch of pain to convert the music. 4. Download it from another source in a format he can use.
The point is that when he tried to do things the "right^H^H^H^H^H legal way," he had to go through a lot of work for something that should have taken about 2 minutes. If the music industry can't figure out how to make DRM work for someone like him (compatible with ANY music player, any OS, any firewall, etc.) then they're working against themselves by frustrating their customers into "piracy."
Isn't that quote from Wired actually saying: "We'd like our readers to be our sources too, because then we don't have to pay writers, but we can still charge the readers, effectively charging them for submitting stories..."
Or did I just wake up all cynical today?
I see a couple of potentially significant details that got left out here, or that, after reading the deposition, I missed in other people's comments. (Disclaimer: I have no certifications, nor am I a lawyer, so there is no more validity to my comments than those of the RIAA's expert)
1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.
2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.
3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?
4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.
All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?
Where is the centralized management? How do I, as the IT Admin, lock down a user's rights on a Macintosh without having to log in locally? How does someone, with only a network login, log onto a Mac for the first time without the admin visiting the box and setting them up first?
How do I create a central policy the defines the firewall settings on OS-X? How do I push that to all the workstations? How do I centrally change the local admin password on all the workstations without logging in locally or addressing each box individually?
How do I handle websites that my users must go to that only render properly in IE?
These are the things that Windows Active Directory and Novel have figured out and done for years. They may not always have the prettiest interface, and are sometimes downright kludgey, but they are able to do all of these things for Windows based computers.
Until I, the IT Admin, can do all of these things and more from my desk at a "global" level, I can't see how I can put Mac's in my enterprise.
Then again, maybe I'm just ignorant and Apple has all of these solutions, but I've yet to see somebody who's got them working.
There are ways to "disguise" your IP address. Gratuitous ARP is the first concept that comes to mind. Then there's the idea of "relaying" via a hidden install of some sort on somebody else's computer, oh yeah, you could hide behind their open wi-fi access-point that NAT's addresses.
Those are just the ones that come to mind quickly.
"the bottom line is that Apple has had two years (at least) to get their [stuff] together with widely available documentation and SDKs from Microsoft that many other software companies have happily used so far."
Yes, you could say that, or you could also take note that several other companies are in a similar position. For instance, Cisco barely has a beta VPN client for 32 bit Vista http://support.microsoft.com/kb/929490# and they aren't alone. Perhaps part of the issue is that Vista is "so secure" that everyone is having to re-write their code from the ground up to fix all the sloppy hacked-together stuff they put out for XP. Or maybe there's a bit more to porting an app to Vista, or more to porting an app to run natively in 64 bit mode...
Slashdot Mirror
As another Illinois voter I just want to point out that ballots in Illinois vary in technology by polling authority. You can clearly see from pictures that Obama used a paper ballot and optical reader. When I early voted in DuPage county last week, we used electronic voting machines with paper-trail backup. And I know from the DuPage county board of elections site that if I had voted today I would have a paper ballot with "fill in the oval" style voting at my usual voting place.
Not sure where you were that you had the "line" style optical ballot, that's the first I've heard of it.
On a WGN note, I will miss Spike when he leaves next month.
That's the idea! Computers are bad, go back to the abacus! From the article...
"'We're going to discard tens of millions of dollars to go to a system that is less accurate and secure,' said John Willis, an elections expert who was secretary of state under former Maryland governor Parris N. Glendening (D). 'The proper question is security and safeguards. It's not to go backwards into the 19th century with paper."
While I applaud these states for identifying that they're using a sloppy e-voting solution, is the right solution really to go back to the equivalent of the steam engine? While I agree you can tamper with most (all?) of the e-voting machines out there plenty of them provide a paper audit record that the voter can validate. Don't through the baby out with the bathwater on this.
Yeah, uh, good point. Darn.
It does make me wonder...would they not have been better waiting another 3 weeks--or until late January--to bring this suit so W has less, uh, clout with which to sweep this under the rug?
I ask because it's not clear: Does your IT department (or, in fact, Info Security, etc.) approve of or support you trying to connect to the mail server from a Linux system? Are you within your company's approved use terms? It would seem to me that if your company approves of you checking your mail with something other than Outlook they would be providing support to you for doing so.
Please don't get me wrong--I'm all for Linux and open source, and all those great things. But your company email solution belongs to your company, and they must have a say in how you're connecting to it. Expecting the company to open up IMAP or POP3 or something else for you may be inappropriate.
That said, if they do support/encourage/allow what you're doing, good luck, I'll be looking for that answer myself.
Of course following a little further back can do the trick as well, something about sight lines and angles and such. There's also the trick of looking through the car in front of you, which I know doesn't work in areas that allow window tinting and the like. Speaking of which, have you seen an SUV in the past 10 years that didn't have tinted windows?
"After all, if someone gets near it with a magnet, there goes your "tangible" property. The same cannot be said for a car"
That depends on the size of your magnet.
"while those channels might be popular with slashdot, they are massively unpopular with the public at large. What this means is that they will be expensive. Right now the reason there are some geek friendly channels on cable is because they are subsidized by the popular stuff. If ala carte pricing ever happens, the only affordable channels will be the popular ones, and all the niche channels will cease to exist, or be prohibitively expensive."
I don't know that I buy that.
In (some) other countries, content providers actually PAY THE CABLE COMPANY to carry their signals. The content providers then make their money on the commercials that they include within their programming. They get more money in ad revenue based on proving that they can be seen by X number of subscribers, based on their agreements with the cable companies.
In many cases in the US, the content provider "bullies" the cable company into paying to carry their lesser channels thusly: "We know that our flagship station, 'E5PN', is really, really popular. We will stop providing you with that station unless you also pay us for 'E5PN Shot Put' and 'E5PN Pinewood Derby' and bundle them with your basic cable package. Oh, and that's after you pay us the outrageous amount to show 'E5PN' anyway."
So will we lose some specialty channels? Maybe. But the true "cost" of carrying a channel is going down, especially now that as digital becomes more prevalent you can stuff more channels into a given bandwidth than you could with analog. So the only thing left driving the price becomes the actual content provider's budget. If "E5PN Shot Put" can survive on the revenue generated from the people who want to watch it, then it will be there. If not, it goes away. Kinda like broadcast TV really...I'm more worried about paying $200/month for "E5PN," since they have a monopoly on the content--you can't get "$ports Centre" on SciFi.
Now how am I going to hold people off? My excuse has always been "not until SP1 comes out." I'm screwed.
I can't believe the artist that was first recorded on CD. What, were the Bee Gees unavailable? And now I've got one of their damn songs going through my head. Damn you first CD trivia!
"I can see this working if they have a dedicated teacher that knows what he's talking about"
You mean, the same as having a math teacher teach math, or a history teacher teach history? You may be on to something here...Now if only there was a way to implement such an idea...
Of course, there are those environments, like grade schools, where one teacher often covers all the classes for a particular grade level. So with the right reference materials and training they could probably teach your 5th grader the basics of Internet safety. And just like with math or history, perhaps you re-teach some next year while adding new bits to it.
"The most surprising thing here to me is that this implies some share holders actually believed SCO had a case here."
Yeah, I just hope they weren't the guys running any of my 401k Mutual Funds...
In my opinion as a network and network security professional, the affidavit takes some liberties with the truth of IP networking. Most blatantly it ignores the technologies of NAT and PAT, and assumes that the IP address presented to the Internet belongs to a single computer, and that this computer is owned and operated by the person who the IP address was assigned to. To me, this is the crux of the whole argument: You simply can NOT determine the identity of a USER by the IP address shown to the Internet. You can only identify the owner/subscriber of the connection to the Internet. You MUST do further evidence gathering to complete the discovery process and identify a person.
Here are my thoughts paragraph by paragraph. I hope they're helpful. If not, I hope they're at least not dry. FULL DISCLOSURE: I've never actually used any P2P network software, but then again when I was in college "gopher" was a cool utility.
6. "At any given moment, millions of people illegally use online media distribution systems to upload or download copyrighted material." By who's count? Where did this number come from? How many millions of people are on the Internet? Is he saying that such a huge percentage of the users of the Internet are "at any given time" ALL illegally sharing files?
8. "Thus, the vast majority of the content that is copied and distributed on P2P networks is unauthorized by the copyright owner" This statement is far too broad. Again, what evidence does he have? Is he further stating that the vast majority of the files on P2P networks are music files? Again, by what evidence?
12. "Users of P2P networks...can be identified by using Internet Protocol ("IP") addresses because the unique IP address of the computer offering the files for distribution can be captured..." This is factually incorrect. While the IP address being presented to the Internet can be determined, this IP address may represent any number of distinct computers due to technologies such as Network Address Translation (NAT) and Port Address Translation (PAT). If the "unique IP address" of the actual computer can still be identified by the P2P client (which I can not speak to having never actually used P2P software) that addresses is not necessarily permanent either. The technology of Dynamic Host Control Protocol (DHCP) allows for the temporary assignment of IP addresses to computers. This means that the IP address of the computer in question may have changed between the time of the alleged distribution of copyrighted materials and the time of the investigation of that. Further still, and IP address is assigned to a computer, not to a person. This argument does not, in any way, indicate any correlation between IP address and person. It is more akin to identifying a driver based on a photograph of the license plate of the car. Yes, you may know who owns the car, but you don't know who was driving. For that matter, you don't know if somebody lifted the license plate and put it on a different car.
12. "Two computes cannot effectively function if they are connected to the Internet with the same IP address at the same time." This does not account for methods of hijacking an IP address, nor does it account for the NAT or PAT technologies discussed earlier.
12. "This is analogous to the telephone system where each location has a unique number." In so far as you can identify the "owner" of the telephone number, but you still haven't identified who placed the call.
16. "Once provided with the IP address, plus the date and time of the infringing activity...can identify the computer from which the infringement occurred (and the name and address of the subscriber that controls that computer)." There is an assumption here that there is no NAT or PAT occurring on the network. More correctly, what can be identified is the subscriber to whom the IP has been assigned. That IP may represent a single computer or a network of computers. That network may include publicly accessible connections, and unless the RIAA has done the due-diligence to determine that the subscriber who had the IP address at that time has a secure and locked-down network, they still have not even identified an actual computer yet.
While underestimating your opponent is always bad, so can overestimating them. Why would a company have thought out legal action any better than they think out IT infrastructure, employee health care, etc.? How many times have you seen a company completely blow a truly big decision before? Why assume the legal department is any better?
Don't forget that the RIAA isn't just using employee lawyers, they've hired litigation firms. And, just like any good contractor, those firms certainly have glossed over any pitfalls of their strategy in order to convince the RIAA to pay them lots of money to do what they do. And do you think the RIAA lawyer who rubber-stamped this process had the time and the background to realize that there might be something wrong with the way they were proceeding? How many data center managers and CIO's have you seen rubber-stamp a great IT idea that turned out to cost the company 10-times the original estimate, and result in lost productivity and higher maintenance costs? Why assume lawyers are any different?
...for being "obvious?"
"But the question remains why anyone feels violated by this"
Because it's another way to track me. Not to pull my tinfoil hat down so far that I can't see, but I simply don't need another way for somebody to get my information. I have a Slashdot login, but there's no profile info, because that's my choice. I have profiles with ISP's, but wherever possible there's no personal information available to the public, because that's my choice. It's just my choice to limit who gets that info, and how it's distributed.
Violated by this? Perhaps not. However, it will be a differentiator as I decide where to buy my online music from now on.
PS, this isn't an Apple bashing session, it's a business practice bashing session. iTunes is the big kid on the block, though, so the story broke about them, since it has the widest impact.
The issue is apples and oranges. Joe 6-pack doesn't install Windows himself, he buys a computer with it already on there. If he's going to use Ubuntu, or any other flavor of linux, he's much more likely to have to install it himself, because HP, Dell, etc., don't (yet) have pre-installed versions for him. So ease of install is UBER-important because Joe 6-pack will have to do it himself. Even for somebody who's used to installing Windows, a linux install can be intimidating. "What the hell is this "swap" partition for? Why can't I just make one big drive? What are all these different keyboard choices? I just have a regular keyboard, which one is that?" Sure, it's child's play to somebody who knows, but you can't assume Joe 6-pack does.
Has anybody checked the local economy in Michigan lately? Let's look at the pillars of their industry.
1. Paper industry. This one has been on the way out for about a decade at least. Fortunately, they've laid off about everyone they can already.
2. Chrysler/Ford/General Motors. Survey anybody who works for one of these companies, or for any of the thousands of companies that were built to do business with them, and I doubt you'll see too many of them who think they'll have jobs within the next 5 years.
3. Pharmasuticals. Well yes, these companies are, in general, doing ok. However, they've been pulling out of Michigan for some time now.
All this leads to the question: When there's not enough jobs for people in the state, and you can't sell your home because nobody is moving into Michigan (unless it's a cabin in the woods) so you can't afford to leave, are you really going to believe that the best use of your tax dollars is buying every kid a music player?
For crying out loud Michigan! Figure out how to create some jobs, not how to isolate kids by ensuring they don't ever talk or interact with others because they've got ear-buds in all day.
I'll get off my soap box now.
"He downloaded material without bothering to make sure that what he was downloading was what he needed in order to play the music."
Indeed, but that isn't really the point, is it?
The point is he has a music player. He found music he could legally purchase. But it turns out that he would have to jump through hoops to get the music he wanted to work on his music player. What were his choices?
1. Go without.
2. Buy a new, compatible, music player.
3. Go through a bunch of pain to convert the music.
4. Download it from another source in a format he can use.
The point is that when he tried to do things the "right^H^H^H^H^H legal way," he had to go through a lot of work for something that should have taken about 2 minutes. If the music industry can't figure out how to make DRM work for someone like him (compatible with ANY music player, any OS, any firewall, etc.) then they're working against themselves by frustrating their customers into "piracy."
Isn't that quote from Wired actually saying: "We'd like our readers to be our sources too, because then we don't have to pay writers, but we can still charge the readers, effectively charging them for submitting stories..." Or did I just wake up all cynical today?
I see a couple of potentially significant details that got left out here, or that, after reading the deposition, I missed in other people's comments. (Disclaimer: I have no certifications, nor am I a lawyer, so there is no more validity to my comments than those of the RIAA's expert)
1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.
2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.
3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?
4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.
All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?
Where is the centralized management? How do I, as the IT Admin, lock down a user's rights on a Macintosh without having to log in locally? How does someone, with only a network login, log onto a Mac for the first time without the admin visiting the box and setting them up first?
How do I create a central policy the defines the firewall settings on OS-X? How do I push that to all the workstations? How do I centrally change the local admin password on all the workstations without logging in locally or addressing each box individually?
How do I handle websites that my users must go to that only render properly in IE?
These are the things that Windows Active Directory and Novel have figured out and done for years. They may not always have the prettiest interface, and are sometimes downright kludgey, but they are able to do all of these things for Windows based computers.
Until I, the IT Admin, can do all of these things and more from my desk at a "global" level, I can't see how I can put Mac's in my enterprise.
Then again, maybe I'm just ignorant and Apple has all of these solutions, but I've yet to see somebody who's got them working.
Wait a minute! You're posting on Slashdot AND are in a position not only to date a woman, but to break up with her? You are so my new hero!
There are ways to "disguise" your IP address. Gratuitous ARP is the first concept that comes to mind. Then there's the idea of "relaying" via a hidden install of some sort on somebody else's computer, oh yeah, you could hide behind their open wi-fi access-point that NAT's addresses.
Those are just the ones that come to mind quickly.
"the bottom line is that Apple has had two years (at least) to get their [stuff] together with widely available documentation and SDKs from Microsoft that many other software companies have happily used so far."
Yes, you could say that, or you could also take note that several other companies are in a similar position. For instance, Cisco barely has a beta VPN client for 32 bit Vista http://support.microsoft.com/kb/929490# and they aren't alone. Perhaps part of the issue is that Vista is "so secure" that everyone is having to re-write their code from the ground up to fix all the sloppy hacked-together stuff they put out for XP. Or maybe there's a bit more to porting an app to Vista, or more to porting an app to run natively in 64 bit mode...