Basic Cable for the Internet
The rules of engagement
Interesting post by Glenn McDonald on why he feels "stealing" music is justified. Unfortunate choice of word (mostly influenced by the fact that the music companies want you to call it stealing), since what he's really talking about is copyright infringement, but some strong stuff in there.While you can't help but agree with some of his points, some of the arguments do come across as specious. You have to pay more because an album isn't available for sale in the U.S., or won't be available for some time? You may disagree with the business model, but it doesn't justify getting it for free by infringing copyright instead. Too many slippery slopes there, my friend.I think the core problem stems from the music industry trying to keep a single solution for all of their markets, and the music consumers steadfastly refusing to conform to being a single market. Yes, you may be a music connoisseur who needs to experience the music and listen to it several times before you decide to purchase the album, but compare that to the thousands of listeners who will listen to a song twice and be done with it. If the business caters to your way of experiencing music, you may end up losing some level of sales from the other audience. If the business caters to their way of doing it, then they may end up losing some level of sales from you. Which way is the bigger gain for the company? Can you prove it, other than through anecdotal evidence or personal assertions ("I will buy $1000 more in music over the next year if you conform to my proposed business model")?Here's the problem: you want to convince a business to change their business model? Don't try to appeal to their feelings about the grandiose nature of music as an experience that must, in principle, be shared to all, so then the consumer will make an informed decision on how much that experience is worth and (hopefully) pay you. Ummm... how's that going to look on a pie chart, exactly?Give them numbers for your solution. Which is what, exactly? Make all music available for free download, and trust that the consumer will pay for it if they like it and delete it if they don't? Whatever your new business model, and no matter how altruistic you believe your fellow humans are, there will be *some* sales lost to people who would have otherwise paid for the experience, but now won't. Human nature. Until the business can understand clearly *how much* that lost sale amounts to, they won't change their model, and here's the problem: they don't know how much it is, and neither do you. You believe it will be a small amount, they believe it will be a lot, and neither of you can decisively prove your belief to the other side. Otherwise we wouldn't be having these discussions in the first place.Here's the thing: let's say the amount of sales lost under a new model will be X. I don't happen to believe X=0, but I imagine some of you might. If you can prove that to me, excellent, but let's assume X>0 by some amount. There will also be some amount of sales increase (Y) due to people discovering and purchasing music to which they would have otherwise never been exposed. I happen to believe that Y>0, but I can't prove it. The business assumes that (X-Y)>0, you may assume the opposite. Personally, I do not know.So what the business feels they have to do is increase the price per CD by a certain amount to recover (X-Y). How much is that? Is it a dollar? Is it $10 or $100? Is it even a positive number? You don't *know*, I don't know, and neither does the business. And there are other factors, like the fact that if I increase the cost per CD by $100, fewer people will be able afford it.Until you can prove the value of X and Y, or at least prove that (X-Y)<0, you're not going to get the business to listen. In the meantime, if you like Group X from BigBadRecordCompany, there are probably a hundred local bands that *are* making their MP3s available online because that's the only way they get listeners. Go listen to them. Patronize the record labels that do treat their musicians fairly, and that do subscribe to a business model you're happy with. Don't complain that it makes the music hard to find: the ease of finding a popular album on Amazon is one of the things you pay for under the current business model. Instead of trying to get businesses to change their business model by saying you don't like it, make those businesses _go_away_ by not buying what they sell: eventually, they will be replaced by the companies you *do* support.
This goes for all businesses, not just music: don't like the way Wal-Mart treats their employees? Don't give them your business.
Warnings and Promises
High tech vs. low tech ID theft
A point that was brought up in an offline conversation: while at TechEd last week I had a few discussions with companies that claim to "fully protect" your data by doing things like blocking the transfer of files to USB-attached devices, prohibiting access the the "print" command from specific apps, content analysis on all outgoing emails, all kinds of convolutions.
However, the recent ID theft bank attacks (Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA) were a lot more low-tech, and thus effective even if the systems are fully locked down: the employees would bring up a person's data, and then either printscreen or copy the data out by hand (!!). Talk about the analog hole!
Any company that claims to provide you with "complete security" (as several did last week at TechEd) is either lying or doesn't know what the hell they're talking about.
2005 Internet Attack Trends
For those of you who read Bruce Schneier's blog (http://www.schneier.com/blog/
, RSS 1.0 feed at http://www.schneier.com/blog/index.rdf
, RSS 2.0 (just excerpts) at http://www.schneier.com/blog/index.xml
), or subscribe to the CRYPTO-GRAM (http://www.schneier.com/crypto-gram-0506.html
) the below comes from the most recent edition of the 'gram. If you're in IT security and you're not reading Schneier... well, then you're not really in security.
Considering where they see attacks happening, it might not be a bad idea to check all of the recent patches that affect the DCOM interface and the LSASS, and ensure they're installed on your systems. "These seem to be the current favorites for virus and worm writers, and we expect this trend to continue."
If they're they favorites, that usually means that not enough people have patched them yet, so the victim population is large enough to target. Let's work on removing the targets, shall we?
Look Ma! A Blogger template!