Slashdot Mirror
How to Save PGP
Tomcat666 sends in: "The Register got some excerpts from an interview with Phil Zimmerman. He talks about how it might be possible to save PGP (Network Associates couldn't sell it, and will stop its development), OpenPGP and the future (industry-backed OpenPGP?)." A follow-up to our story yesterday about Network Associates mothballing PGP.
Just open source it...but then again open source and security software aren't best used in the same sentence.
Make your pet projects free from the start.
Notice that Phil wants to release it under a BSD style license. As much as we'd all like that, it probably isn't going to happen.
Isn't GPG (an OS implementation of the PGP protocol) exactly what you suggest? It's been around for quite some time.
--
The Cap is nigh. Time to get a fresh new account.
This isn't the end of PGP. OpenPGP is always going to be around. (or almost always - its open but everyone could decide to trash it if they like)
This is the end of commercial PGP. This isn't a good thing for PGP to be used in commercial settings. Also this is the end of the PGPDesktop which was the only thing close to an option for (l)users.
Hopefully NSI will release the code in a manner that will allow a smaller company to add value and repackage it to large corporations.
$sig=$1 if($brain =~
/. get's about what, a million unique hits? NAI put 36 million into PGP, and since they're not finding a buyer, we can assume they'd be willing to take somewhat less for it.. let's say 25 million. If /. changes it's subscribtion pay pal account instead to be a funding house to purchase PGP, each user could donate 25 dollars,and we'd have a co-op that now owns PGP. This co-op could then market it as an inexpensive payware product, available for download complete with source code for a $5 license fee. This rids the need for /. subscriptions by generating income, opens the most current version of source code up for review, and allows independant programmers to modify this source code to continually improve the product.
A win win situation! 8-)
IANAL. This is tongue in cheek. I hate having to explain myself...
Isn't PGP kind of a dead end, ultimately? Based on my limited (and quite possibly wrong) understanding, as quantum computing research continues, it will become possible to break this encryption. Right?
I actually have no objections to it being presevered and developed, especially if it were Free Software, what I'm asking for is reasons for it to be preseved from the point of view of Free Software advocates.
How about Amnesty International who uses PGP to keep their researchers who are in dangerous parts of the world, and the people who inform them safe from governments who would think nothing of searching their laptops? PGP has saved lives of good people who without it wouldn't have access to encryption secure enough to trust their lives with.
Think about that, how many computer programs would you trust your life with?
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
That's not the real problem. PGP don't create terrorist, and we all know that encrypted mail/files aren't the only way to pass secret information. I belive we should all care about crypto. Like Phill Zimmerman says roughly: E-Mails are like postcards, PGP is just a tool to get you mail messages into an envelope. Privacy is the real issue about tools like PGP, if you are willing to let it go, goverments, industries and peoples will sooner or later abuse you rights. You're not free when you are always looked upon.
Colosse.
In the article Phil focuses on easy to use GUI interfaces for less technically adept end users as the major feature that the OpenPGP/GPG projects need to focus on. This is the main advantage that the commerical version provided, and the main thing lacking in all the other alternatives.
He clearly states that the PGP protocol is in no danger whatsoever, and will continue to remain widely implemented.
Having spent many hours deciphering gpg command lines to use PGP to its full potential makes you realize how usefull a simple, easy to use GUI interface to a PGP would be. (Implicit in this task is integration with other applications, however, you can find plugin support for almost anything that you wish to use PGP in)
The commerical PGP is only one implementation of the open PGP standard. Even up to 6.5.8, full source code was available from Network Associates.
Plus, there is GPG, PGPi, and other freeware implementations of the standard (under the umbrella of OpenPGP.org).
I don't see why "PGP" as a whole is going down.
It's like saying if Microsoft or Netscape decided to stop relasing browsers, then the entire WWW is doomed, when there's still Konquerer, Opera, Mozilla, and the whole W3C standards body, etc...
There's 10 types of people in this world, those who understand binary and those who don't.
- Slick interface
- Good sponsor
- Open source
Since a slick interface would mean development and they current development is in limbo(with two shipable inferfaces in stock!!) I really don't think that an option. Second option is a sponsor, but since nobody is willing to buy pgp, I don't really think sponsorship will be attrictive to sponsors. Leaves only one optionI was doing my taxes today (oh joy) and marked the box that mentioned something like $3 to the Presidential election campaign fund. Perhaps we could have a few donation check boxes to buy lucrative abandonware into the open source world.
Then again, sometimes it might be good to just start some projects completely over. Remember Netscape?
GnuPG. Because only the technically oriented deserve privacy.
I'm a concientious
Think about that, how many computer programs would you trust your life with?
;)
You mean aside from windows?
I don't know about you, but if I'm going to trust my life to some software I would at least like the option of looking at the source code. So, it seems like they might be better off with an open program like gpg. I now I don't want to die because of a bug in a program that could have been fixed if the source was open.
If he would have put it under the GPL from the beginning we would not be seeing this. He would be like the Linus of crypto, but he was so determined to controll the things he shouldn't be controlling that he lost controll over the things he should be.
One app that is going a along way to making PGP slightly easier is Evolution. It has the best PGP solution I've seen yet for email. Easy and simple to use, even Joe Barr agrees.
But, the problem is you still must maintain your GnuPG bits manually on the command line. That was the beauty of NA's program. It had a slick GUI. Of course, in the end it didn't take me very long to pick up how to use gpg via the command line, but for the general populace it's still a barrier.
Fortran programmer...oh yeah. Array math for life!
Yeah, I'd much rather die because of a bug in poorly-written public domain code, than buy from a company that has staff on hand to do quality testing, and paid programmers who can spend all day on the code.
Oh wait... NO!!
BEFORE you post a reply, read this:
1) Yes, I know, microsoft software sucks. That's not what I'm arguing about.
2) I'm also aware some companies use EULAs to eliminate their liability. You should buy from someone who doesn't do this if you need quality-certified software.
3) This has nothing to do with linux, beowulf clusters, or Linus Torvalds.
Read the previous article. The source for NAI's PGP was released. The change in policy was why P.Z. left NAI, but up till the very last version it was published source (as is traditional in cryptography software) so we could inspect the encryption and make sure it worked, and didn't contain any backdoors.
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
nt
The first time I bought a copy of windows (95, and don't worry, I'm cured) I read through the licence. Why does it have to tell me specifically that nuclear fail-safes should not be run under windows, nor should any live-saving medical devices?
I'm a concientious
Damn right! I'd much rather buy my clothes from the government, who has experts working on the problem day and night, than some handmade outfit by a glamorous designer!
Pushin' 'n dealin', shovin' 'n stealin'
What about the possibility of PGP technology being a part of the next major upgrade of open internet protocals (ie, POP, SMTP, etc .. )
:)
It seems to be that possibly losing out on the client-side 'niceness' that a commercial PGP implementation provides could be a non issue if the next round of standards include support for providing PGP mechanisms as part of their protocols (not that you'd HAVE to use PGP, but that PGP would somewhere in the protocol if you wanted to use it.)
That would reduce the need to depend on the never-surefire client market penetration in order to see widespead and longterm usage of PGP as a means of protecting ones privacy.
I've always felt open protocols make the best vehicles for propogating public-interest technology. That way, you dont need [Mailclient] + [PGP intergrated client] but [Mailclient that supports Next Gen Protocol X] where one of X's functionality sets uses a private/public key encryption scheme. Not sure what the likelihood of that happening is, tho, both from the perspective of when we'll outgrow the current crop of protocols, whether the new crop will be open enough to get public interests into the design phase, and whether the creators of said protocol would even think it would be a good idea to include a PGP layer in the protocol.
"Old man yells at systemd"
GPGME is a project to do this. From the website: "It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management."
It's a work in progress. It's useable, but of course, there is the standard disclaimer. Compiles fine on most Linux distributions. It needed a small amount of help to compile on Mac OS X. Not sure about any other OSes.
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
> And what's scandalous is that NAI has OS X and XP-ready versions, but won't ship them.
/create/ inefficiency in a market rather than reduce it.
We need some laws that force work into the public domain if it wont be exploited for the private domain. I'm sick of companies keeping what will go into the dustbin. This is another example of how too much private interest can
Of course, I respect that the work in question would probably have to pass some criterium whereby its release into the public domain would not cause significant damage to the company in question (if the company is to live on), but surely we can't believe that scenarios like this outweigh the benifits of laws forcing companies to push work they lose interest/money in back into the public domain?
"Old man yells at systemd"
CIA
A bad start.
Experiments with Mind Control
It gets worse
on Children
Yep, gotta save 'dem chilluns! Where's the bastard! We'll lynch 'im!
by Jon Rappoport
Ok, if you didn't stop before this, you can now. This is the man who claims that AIDS is not a virus, but a secret weapon of the drug companies!
He's a real tin-foil-hat kinda guy (or just found a market among that crowd).
The CIA mind-control apparatus has been well known since 1975
Obviously, I failed to stop. Pardon me, but what is your definition of well known?
when 10 large boxes of documents were released pursuant to Freedom of Information Act requests.
Oh, well that's certainly an interesting metric for well known! (later he claims that J.R. is a highly respected journalist, but fails to indicate who respects him....)
Several good books were then written on the subject of the CIA program known as MK-ULTRA.
They were good books of course. Not like those powdery, tasteless books you serve your relatives!
LSD and more powerful compounds
I live that line. I'm going to have it framed.
In case you're wondering, as with most nutters, J.R. has hit on a thread of truth, and then run with it to the mythalogical end-zone of his own creation.
There really were CIA experiments on CIA agents and civilians alike with LSD in the 60s. The CIA thought that it might work out as a truth serum of sorts, but it was not very effective, and had very dangerous long-term consenquences.
However, much of the rest of this theory is based on these axioms: 1) If you testify about something to a government panel, it must be true 2) the CIA has nothing better to do with its time than recruit children to perform missions that there are scads of willing volunteers in the military for 3) events which have common themes are obviously linked.
I recommend that you do your own research here. Books like this one are aimed to scare and shock (that's how they sell). If the facts don't fit, they are often... re-shaped.
If you want to play "spot the loonies" just look for key phrases like "in [document/testemony/etc] the name [government or corporate figure] came up" cited as "proof" that linkage exists between an event and a group that the author wishes to accuse of wrong-doing.
Basically, you believe that people should be forced by big brother to share what they developed. This is on par with very few bad ideas that I have seen on /.. If I am an inventor, and I am eccentric enough to want to keep my inventions to myself, it's my business.
An economic system can NEVER be more intelligent that the people who control it, whether it's the combined brains of a million entrepreneurs, or a communist dictator. The best we can hope for is inccentifying intelligence, which laise-fair capitalism seems to do best.
(Don't mod me down because you dislike my opinions, but feel free to mod me up if you agree )
I'm a concientious
To see what RMS actually thinks about this subject see http://www.gnu.org/philosophy/selling.html
From that page:
Then again, when has an AC let reality interfere with the contents of his posts?
-Peter
So sounds like Amnesty International should pick up the tab for developing PGP. I mean, I grant you, I think that PGP is a wonderful product and I'd like for network associates to keep it, but they are a business and if it's not making money for them, there's no reason for them to keep it around.
Personally I use GPG and think it works wonderfully, and Network Associates has nothing to do with that. May not have some of the bells and whistles of the full commercial PGP but it still does what PGP has always done, encrypt e-mail. Organizations like AI should be able to function fine with just that.
This sig has been temporarily disconnected or is no longer in service
It means they are legally exempt from rampant idiocy. Java's SDK says the same thing. The GPL generalizes it more saying the author is responsible in no way for the software. Regulations for nuclear control equipment and medical devices only allow for qualifying software to be run on such devices, being stated in the EULA on Windows and many other programs is merely compliance with these regulations.
I'm a loner Dottie, a Rebel.
Because someone in the Government would think it's a great idea to manage a nuclear power plant with Windows 95, except that Microsoft said not to.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
It's true that currently GPG's user interface is terrible for beginning users if they have to use it directly. So, clearly, you want to use programs that embed GPG (like Evolution). Also, note that the German government is funding further development of GPG. They specifically say that their funding will be used to make GPG more usable by less experienced users, including porting the software to other operating systems, developing graphical user interfaces (GUI) and writing a handbook.
Thus, this sounds like a short-term problem at worst.
- David A. Wheeler (see my Secure Programming HOWTO)
It's like saying if Microsoft or Netscape decided to stop relasing browsers, then the entire WWW is doomed, when there's still Konquerer, Opera, Mozilla, and the whole W3C standards body, etc...
... at best of dubious value. They set the standards on which the web was built, but in the last year they seem to have shifted their purpose. The acceptance of patented "standards", e.g., is totally unacceptable. A patent is a grant of control over an expression of an idea, and increasingly over the idea itself. So the recent W3C activity is a total denial of publically accessible standards, to the extent that I won't use the word to describe their proposals. It is as if PGP (well, Network Associates) had first ensured that nobody else could create any implementation of a secure protocol, and THEN withdrew their package.
This was a lot better before you included the W3C. Many of their recent activities have been
If you delete the reference to the W3C, then your point is quite valid.
I think we've pushed this "anyone can grow up to be president" thing too far.
The Windows version of PGP was pretty nice and actually hooked in with MS Exchange and other software. No I never actually used it, I specified that communications between my group and a shop we were contracting out to be encrypted with PGP. I used GPG with Linux and they went with the happy windows user interface. Most managers and probably the majority of developers will want to use the Windows version if forced to use the encryption software (By some asshole like me pointing out that transmitting the source code in the clear is a violation of corporate security policies ;-)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Context is so overrated :)
This sig has been temporarily disconnected or is no longer in service
then a)it has no value, and you have nothing to lose by giving it away, say, to the FSF, OR b) you can't find the value in it, and so maybe you should let someone else have a crack at it. (Add suggestions for 'someone else' as you see fit, but, of course, my vote goes to Phil.
Quoted from: http://www.chiark.greenend.org.uk/pipermail/ukcryp to/1998-December/003102.html
"If you're talking about the British government or the American government,
they're virtually permanently tapping all of our stuff and using voice and
character recognition," Gregory says. "I know what technology they've got.
"The Tunisians [where a new office is being set up] aren't as subtle as the
Americans and the British. It's a bit like heavy breathing on the line."
However, even though Amnesty staff can automatically encode any message sent
in Notes with its built-in encryption - certain staff use far stronger PGP
encryption - Gregory says the US export ban on strong encryption still
leaves it in a difficult situation.
Remember, not all countries that AI investigates can be as unsubtle as to beat passphrases out of people, and the person couriering the data need not have the passphrase to have it beat out of them.
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
part of the problem is that the IDEA algorithm is licensed technology from the Swiss company that owns the patent.
What PGP needs is a pluggable-encryption component, so that it could leverage something like AES
Old age and treachery almost always overcome youth and skill.
Really, if "they've" already compromised the system to the point where you have to worry about the libraries being secure, you've got bigger problems on your hands than the libraries being secure. The only thing the lack of a library is contributing to is a hampering of programmers incorporating GPG natively into everything from E-Mail clients to network protocols.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I think what he was saying (or should phrase it like) is that the government should not offer protections of 'intellectual property' to those who do not market/sell/use it.
With a large enough gun, any piece of physical property can be defended. Governments exist to keep us from needing guns to do that.
Intellectual property can ONLY be defended with the use of the government. By removing this government protection from IP that is not used, the market is MORE laise-fare(sp), not less.
Now, if the government were to take an active roll, such as disseminating IP that is not used, that would be wrong.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Hence the reason that encryption is only the first step.
Second step is steganography, hiding the message, either by attaching it to the end of a zip file, or by weaving it into an image.
Third step is to have an encryption system which allows alternate passwords: each password reveals a different set of data, and the password you get forced to tell someone reveals not much at all.
You need more than just encryption to hide your data from governments.
GPG.
Thats how you save PGP.
Brielle
PGP is a product of its own, which is probably good and bad -- good, because you can use it with non-email, and (awkwardly) with most mail clients. S/MIME would have to be built in, I imagine -- but a couple of easy implementations would bring encryption (and decryption) to many more people than the current situation with PGP/GPG/whatever.
So why aren't people making S/MIME capable clients?
http://www.sente.ch/software/GPGMail/index.html
Instead of the GPL, think about the BSD license. Why? First of all, it's not your software. You aren't the developer or the contributor. The BSD license gives you exactly the same rights as a user under the GPL, plus a few more. On the flip side, the BSD license would allow easier incorporation of PGP technology into existing email clients. Remember, it doesn't matter how leet you are for using PGP if no one in the Windows world is using it. The GPL will relegate PGP to the tool-only status, but it should be much more than that. It should be a standard expected in all applications capable of communication regardless of their licensing.
A Government Is a Body of People, Usually Notably Ungoverned
It sucked or else it would have made money.
Vote Quimby!
RMS can encourage people to charge as much as they want for redistributing software, but under his system all software has the same value, which is directly proportional to the cost of a CD-R and a stamp.
-a
How to rationalize theft.
What does the commercial success of PGP under NAI, with universally acknowledged horrid marketing, have to do with the adoption of PGP and variants in the marketplace? There are millions of people out there using either the free version available from http://www.pgpi.com, or the many open standard PGP variants. PGP is an incredibly valuable piece of software and it will live on regardless of what NAI does.
I have used both and it seems both Evolution and KMail have about equal GPG integration... Unfortunatly neither seem to do much in the way of generating new keys or specificially associating keys with contacts... Both look in your db for a key that matches the contacts email... Evolution just errors when it can not find anything... Luckly KMail will actually let you choose a public key out of a list if you really need to.
Luke
In short, 80% of the people who read Slashdot are freeloaders who won't even pay to read their favorite web site.
What makes Slashdot such a great webpage? Is the ability to (most of the time) read about geek news? Or is the ability to read and discuss a certain post with thousands of technical savvy people?
I believe it is the second one. If you remove those 80% (the freeloaders) would you have the diversity? You'd probably have a lot less trolls, but I think you would lose a lot of good with the bad.
I belong to a great LUG which does not charge for membership. If they did, I wouldn't put as much effort into my time there. I try to give just as much as I get. Do I feel that I do? No, not really. I love going and hearing about aspects of Linux that I know nothing about and learning something new.
To tie that to your post, I feel the same way about Slashdot. I could pay for a news website, and get spoonfeed mass media trash, or exert my brain here on Slashdot. These freeloaders might be the very ones who give great info in AskSlashdot, or mirror slashdotted webpages. Pay to read their favorite webpage? They do! They try to give back to the Slashdot community as best as they can.
This is not meant to be a flamebait, you will notice I am logged in even. You seem to think cash is the ONLY method of paying for something. You have a lot to learn about life.
Vertical
72 CD D7 52 D0 7E D8 47 44 91 D5 84 D1 59 F1 A9-This is my 128bit integer. There are many like it, but this one is mine.
You're out of date. The latest w3c patent policy does *not* allow patented standards unless a Royalty Free license is available. There is a loophole in the policy that says effectively "if we hit a brick wall with this policy and can't implement a standard within it, we'll form an advisory group to decide what to do" (with the implicit suggestion that one of the things they might theoretically do is go with a patented standard) but there are a whole lot of hoops that must be jumped through before that point can even be reached.
Besides, as you would know if you'd done a little research rather than just skimming headlines, the w3c has never *had* a patent policy before, and therefore could easily have created a standard that relied on patented technology. The fact that they haven't is an indication of their general goodwill towards patent-free standards - when they got half-way through SVG and found that apple had a patent on alpha-blending, they stopped what they were doing for ages to try to ensure that the standard would remain patent-free. That was when they started looking into having a patent policy.
Of course, as a closed organization they first asked their members, who are primarily corporations, and those corporations said "we should have patented standards". Hence their first draft. Then they submitted the draft for public review, and NOBODY NOTICED. After a long comment period with no comments, someone suddenly posted it to slashdot with 2 days to go, and all hell broke loose - and the w3c essentially backtracked and now have a sane policy.
If anyone is to blame for the poor original policy, it's the fact that the community wasn't alert - it's mindboggling that the "many eyes" that are supposed to make bugs shallow didn't catch a major announcement like that from the w3c.
Stuart.
BSD? Are you joking? If I'm going to pay for something to be free, why would I want to subsidize the proprietary products of someone else?
I disagree. Redhat charges a premium for priority FTP access to software which can be freely distributed. The FSF itself was formed with money made by selling GNU on tape.
It is true that Free Software does not have the "advantage" of artificial scarcity that proprietary software has. In spite of this, both Cheap Bytes and KRUD both operate in the black AFAIK.
If we expand beyond simple distribution there are additional ways to actually make money by distributing Free Software that have been demonstrated in the real world. Redhat turns a profit, largely by bundling service with distribution. Several of the PHPGroupWare guys support themselves by supporting PHPGroupWare when they aren't hacking on it. Other value-adds exist, such as IBM bundling Free Software with hardware.
But, I suppose it is true that you aren't going to make yourself rich by downloading Free Software on your cablemodem and mailing out burned CDs.
-Peter
But what I really want to do, at least initially, is to promise a payment, which becomes payable when enough other people have promised that the software's current owner agrees to the deal. Inevitably trust issues come up: I might welch on my promise. Or to make things more complicated, I might promise and pay only on the condition of anonymity.
How to do all this? One way would be to place the money in escrow for a limited time, and if the deal doesn't come together by then, I get my money back. The people trying to organize the deal would give themselves a time limit and encourage donors to set their escrow timers for that time limit. A reputable bank or insurance company (or maybe a casino?) could act as the escrow agent.
There's a guy named Ronnie Horesh with a very cool idea called social policy bonds, intended to bring market forces to bear on social issues. Government auctions off bonds, which mature when some measurable social goal occurs, and are then redeemable for larger amounts. He once commented that a social policy bond is like a bet. The government hedges its position (that, say, literacy is good) by begging that literacy won't go up. When literacy does go up, the government has to pay up.
In the same way, if I believe that PGP should go into the public domain, I may hedge that belief by betting Network Associates that they won't do that. They can easily win that bet by releasing PGP, when they decide that winning all those bets is more important than retaining PGP as closed-source software.
WWJD for a Klondike Bar?
No one asking you to pay. Last time I checked you didn't have any code in PGP anyway.
A Government Is a Body of People, Usually Notably Ungoverned
It just seems very strange that all of commerical products that provide good encrypted message transfer have suddenly become "unecconomical" for the companies that make them. Especially in this post Sept 11 world? I think there is something fishy here...And I don't like it.
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Instead of putting GPG into a library you can write a CORBA interface and put Bonobo implementation into separate executable file. No more problems with corrupting GPG internals and it would be accessible from any programming language.
The important parts are the Windows infrastructure and the patented protocols that appeared in PGP5.
The Windows infrastructure is more than just the GUI - the GUI is OK, but nothing special. The infrastructure includes
- a low level secure storage driver at the OS level
- integration with many mail clients
- an Explorer shell extension to handle encrypt / decrypt, secure wipe, and verify functions
- a secure viewer with anti-tempest fonts
- the PGPNet VPN solution
- the PGPDisk secure storage solution
This is what NAI have paid to develop, and this is why it represents a major loss.Jon.
N/T
Who cares about PGP... if companies and investors are not opting in, there is a reason... ponder that.
The reason is the complexity. Most people are not concerned with complex key ring schemes, expiring keys, and electronically signing e-mail. They just want a way to encrypt e-mail so that it's not easily sniffed.
The Article said that freeware versions of PGP do no work with XP. That is simply not true. I am using PGP 6.5.8, and it runs fine in winXP Pro.
Also, MIT's PGP Distro site is operating.
-dcviper
Ummm, err, say what, now?
the problem with this apparent sell-friendly position is that it is not workable. lets see...
1. Corporation creates and sells an App under GPL for $1,000 (all legal but you do have to provide source).
2. one person buys your app. because it is gpl'd, Customer 1 puts it up on sourceforge for all to download free of charge. it's now GnuApp. all legal, all gpl.
3. Corporation now has to compete with it's own software available free of charge. Corporation can't pay rent, electricity, or those pesky programmer salaries.
4. therefore, whatever stallman SAYS about the ability to sell gpl software, the reality is that you are effectively giving it away for free. Ever wonder why you don't ever see pure play GPL software companies survive on their own for more than a few months?
I think GPL is great for stuff that you INTEND to be free forever, just be careful if you want to make $$$ by selling code.
It is abundantly clear that you didn't read the page I linked to.
Most of what you said is based on the exact confusion arising from the phrase "selling software" (and variants you used like "selling App" or "selling gpl software" or "selling code") that is explained in the page I linked to.
So, since you don't care to read that article, let me establish some vocabulary.
If "selling software" is to have any consistent meaning it must be selling the copyrights to a piece of software. Such as when Corel bought WordPerfect. This clearly is not the topic of the discussion.
Now we come to what you are really talking about, which is selling software licenses. When you "buy software" (really "buy a license") you never get anything but the use of the software IAW the license terms. If you actually "bought windows" why may you not sell it? I don't mean en masse, just the CD you bought? Because you didn't buy anything but a license.
Finally we have distributing software. Which is what I was talking about. Wal-Mart makes money by distributing both proprietary and Free Software. It doesn't make a difference to them. Redhat sits on the shelf right next to XP. See my other reply in this thread for more examples of people making money by distributing free software.
Finally, note that if we can agree to the terminology above then you were more correct than you know, since there is there is no license for use of Free Software distributed under the terms of the GPL to sell.
To be totally clear about what I just said; the GPL isn't a "software license" in the sense that many people think it is. The GPL is a software distribution license. It makes no demands on the user (unlike a EULA) except that they may not sue if they don't like the way the program works, or fails to work.
So again, there is no software license to sell. Thus, you are correct that selling licenses for unlicensed software is not a promising business model. That, however, has nothing to do with my original post.
-Peter
Maybe you ought to look at the post this was a reply-to-a-reply to, or even the post that you replied to.
You must smoke even more weed than me to have that much memory loss..
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
Go rub hot oil on your turgid nipples, you gimp.
I don't know about Cheap Bytes and KRUD. A few companies are making money distributing open source, but clearly not many and not very much. Bundling sounds great in principle, but in practice it drives down your margins, and that has a snowballing effect through the whole economy.
As for Redhat, I dispute your claim that they are making a profit. Here's a link to their balance sheet for 2001. According to this page, they lost $17 million below the line last year. That's not a huge loss, but it's not a great result for a former $120 billion company.
-a
How to rationalize theft.
How does selling something along with something you get for free drive down your margins?
s _Q12002.html. Maybe "making" was too strong a word. Made a profit in Q1 of '01.
Let's say that Red Hat and MS each sell an OS for $100. Each expects to spend $50 supporting it. RH has $15/copy (at expected distribution volume) invested in development, and MS has $30, since the write the whole thing from scratch.
Who has the larger margin?
Now, these are all made-up numbers, but I think that they are useful for illustration purposes. Can you make up a set of reasonable numbers to illustrate how bundling support and distribution of software that you largely get for free hurts your margin?
The way I explain that RH isn't making money hand over fist, but MS is is simple. Volume. I think that the reality is that RH spends something on the order of 1/10 what MS does on development, and has something like 1/1000 the (full price paid) distribution. So the numbers are more like 100/50/150 vs. 100/50/30.
Perhaps I was mistaken about Red Hat making a profit. I swear I read that somewhere. Ah, wait, here it is http://www.redhat.com/about/presscenter/2001/pres
OTOH, your $120 billion figure, if I'm not mistaken, is their peak market cap. Which is bullshit. Market cap is literally meaningless. It has nothing to do with actual money. Not money that they have, have spent, people have spent on them. Nothing.
That statement, combined with your statement that adding value by packaging and selling something that you get for free hurts the economy makes me question your grasp of economics.
Now, I know nothing about accounting, but my understanding of the English language leads me to believe that they had a quarterly loss of 17M in 2000 (and a somewhat higher loss in the same quarter of 2001). Which leads me to question your interpretation of any facts.
Finally, who said anything about "open source?" I'm talking about Free Software.
-Peter
Steering systems were apparently being run under NT in some way. I cannot imagine anyone feeling WIN9x was ever suitable for a mission critical application like that but possibly NT. That they apparently didn't have a suitable mechanical backup is telling - no chance of power being knocked out to that system during an actual fight? No chance of the computer hardware taking smoke damage and dying? Who builds these things?!
Build it, Drive it, Improve it! Hybridz.org
Okay, so I only quickly skimmed the balance sheet and read the wrong number. No need to get snotty (especially since both mistakes I made caused me to *underestimate* their annual loss).
It was a humourous aside, nothing more.
Did you ever read the book "Voltaire's Bastards: the Dictatorship of Reason in the West" in which John Raulston Saul explains how ideas which seem logical, but counter-intuitive have led to such global problems as nuclear prolifiration and the 3rd world debt crisis? (That may seem like a bit of a non-sequitor, but I was reminded of this book by the recent slahsdot story on US nuclear research.)
You'd have to read the book to really understand the concept, but the crux of the argument is that it is wrong to allow logic to overrule common sense, especially when there are human factors involved. There are too many factors involved and simplistic comparisons tend to overlook some of them. For example, you ignore the fact that Red Hat's entry into the market changes the market. You can't simply extrapolate based on market share because the curve is not linear and its shape will be further altered by feedback.
As an illustration of how the feedback effect works in economics, take the example of a company that rakes in a huge profit in 2002. Chances are, the employees will go on strike in 2003 to demand a larger cut. The next year, the profit margins will be much smaller. In the software industry, we don't see a lot of strikes because the employees are not unionized. However, large profits attract increased competition, which tends to lower prices.
There is a reason why adding a $1 part to a computer may add $10 to the price. Along the way, each party operates on margins. The manufacturer will increase the price of the raw goods by a fixed margin. So will the distributor and the reseller. They make the margin a percentage of the price because that's the way people buy things. Whether you're buying a house or a car or a computer game, the amount you are willing to pay is probably a base price X plus some additional amount Y to get the specific one you want. Y can typically be modelled as a percentage of X. So if you *need* a car, but you *want* a Honda, you may be willing to pay a margin of 10% above the price of a similar Ford. Since you have to pay X regardless of what you buy, you might as well pay X+Y to get what you want.
Let's say that the price of vacuums drops from $200 to $10. Would you still buy an extended warranty for $100? I don't know about you, but I don't buy warrantees today. Warranties are too much like insurance. I figure if the product breaks, I'll just replace it (probably with a different brand). If Red Hat gives away its OS for free and sells a support package then suddenly support, rather than software, will be the biggest cost to consumers. People are going to start looking for ways to save money. Why pay Red Hat $100 for support when you can get discount support for $20. Maybe the discount support isn't as good, but maybe it is. Red Hat will probably have to resort to IBM-style FUD to convince people that nobody ever got fired for buying Red Hat support.
Note that this applies in other instances as well. Right now, the software industry is having its margins eroded by the falling price of hardware. People don't mind spending a few hundred buck on software if it improves the functionality of their $2000 computer. If hardware prices continue to fall, then the software industry is going to get hurt even more.
I take the Nancy Reagan approach: "Just say no to jargon."
-a
How to rationalize theft.
Sorry dude, try again. LSD doesn't cause any long term problems. What can cause long term problems is any tramautic situation
That's like saying that cars don't cause injury, getting into accidents in cars causes injury. True, but LSD puts the user into a state where they can become very agitated by even the most mundane of circumstances. It essentially creates traumatic situations.
LSD is not the demon drug that it has been labeled as, but having seen some friends take mental nose-dives on acid, that have lasted for months, I have to say that it's not exactly as safe as houses either. It's major saving grace is that it's not addictive. So, as long as you don't a) get locked into some "I need the drug to see the aliens" physchosis and b) don't use it as a gateway to other (addictive) drug use, it's easy enough to stop using it if there's a problem,and then seek help.
I think we're both basically on the same track here. I just don't belive in sugar-coating the dangers of mind-altering drugs of any kind (and I include drugs that doctors give out like candy without really understanding, here).