Comment The actual paper (Score 1) 168
The paper: http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf
And the required Schneier blog post: http://www.schneier.com/blog/archives/2009/11/protecting_oss.html
The paper: http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf
And the required Schneier blog post: http://www.schneier.com/blog/archives/2009/11/protecting_oss.html
I realize you are not taking this view, but responding to it anyway
Microsoft lost nothing as he did not take a physical disc and he got 600 pounds of value. Some would say that this is a good thing as no wealth was lost and 600 pounds of wealth was created. Since he could not have paid, there was no lost sale.
The only problem is, he could afford it. He spent 75 pounds to get it "chipped." That's the 12% of the price of the 30-40 games he later said he copied, so he could have at least bought 10% of those games (3-4).
My take is that people have decided they want what they want now and if there is an easy and relatively safe way to illegally obtain it - instead of paying for it or saving up and paying for it - they will do it the illegal way. Modding wasn't illegal, AFAIK, but downloading was. And yes, Microsoft lost sales; presumably this guy would have bought games if he wasn't getting them for free, as he did have money to spend on it.
The "no lost sale" argument still implies that it's okay to do something as long as you can't afford to do it. That's the part of the argument that's wrong, IMO. That and there does definitely seem to be a pervading can't-wait feeling. You (and I) wait for the game prices to go down. These kids tell us they "can't" wait and that they don't have anything else to do if they can't play the newest games. Something is wrong there...
Yeah, but unless it's going to offer the surreal experience of porn in 4-D, you're probably not going to get many people biting to spend this "paltry" amount.
Now, I CAN see the average man "investing" $15K for a new holodeck o'porn...Sad? Yes. True? Damn skippy.
so really it's all about the boink applications, I guess...
For example, the best guy I ever worked for realized this and while we still had the monolithic and byzantine change management system, the word from the boss was "for non-emergency changes, email my secretary who will handle the forms and stuff. If questions come back you still need to answer them but I dont want you wasting your time over some auditors quibble over whether something is correctly coded for the type of service request or not" - effectively dividing up the work on the process so that the staff who were best trained to handle a particular part of it did so. Perhaps unsurprisingly, the teams under this guy had the best record for change management compliance in the entire company.
It's very much like security - if it's easy to comply with a policy, everybody will. If it's hard then you're giving folks an incentive to look for loopholes and work around it. Like security change control is an essential component of managing systems and networks but you cant afford to change manage yourself into total paralysis any more than you want to secure a server by shutting it down and unplugging it.
Excessive paperwork like 30 min to fill out a change request form to do something like make a 30 second edit to a config file and sighup a daemon is stupid and you'll hear no argument from me on that. Change control per se however, is essential, particularly in a large enterprise. Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)
The problem is not change control, its the way it is implemented. Change control methodology is designed by PHBs who haven't actually done the tech work in years, if they ever did. It's then scribbled all over by a "business analyst" who thinks a sigpipe is a plumbing problem and by the time guys actually doing the work get hold of it it has become a nightmare of procedural BS when all you really needed was a way to make sure everything you do to a live production system is documented and that anything other than emergency break-fix at least got basic testing and a second pair of eyes looking at it before rolling it out.
THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE