Slashdot Mirror
Alan Cox talks about laws... and Linux
1) European DMCA
by Yohahn
Given that you won't visit the USA given the enactment of the DMCA. If the DMCA equivalent passes in Europe, will you move? If so, is there anywhere that is safe from this kind of insane law (it sounds like peru may be a new haven for free software)?
Alan:
It's very hard to fight laws in foreign countries. Dmitry for example was almost certainly chosen because he was Russian. It's sadly much easier to win a case in almost any country when you use your historical enemies and prejudices to set the precedents. "Foreigner attacking US business interests" just sounds so much better in court than "clever kid helping his grandma read ebooks", especially when someone notices you can easily get a longer sentence for helping grandma read than kicking her down the stairs.
In the EU we are doing what we can to make the EUCD harm limited, and also trying to educate politicians on the damage they have done. If we can tell them in advance the problems the EUCD is going to cause we can help them frame futher law to prevent those abuses, and to update it.
Knowing the EUCD will trip up its much easier to ensure that there is a nail bed where it will land and you know when to stick your foot out as it streamrollers past, than it is to attempt to hit it head on. We've already had some interesting pointers. In a recent case the judge accepted that the law favoured the bad guys, but said openly that had it been brought up several other ways they would have had no defence. So we have some good ideas how to hit back.
See www.eurorights.org and www.fipr.org for more information
I will be staying put for now. Its my job to hell fight the EUCD just as its the US folks duty to fight the DMCA if they believe in the values the USA claims to hold high. Maybe someone can find a way to use the US flag to defeat a copy protection system. That should make a most entertaining hearing.
Slowly the political wheel is turning, although not entirely in ways I like. The european parties advocating that the nation comes before europe and before international treaties are winning more and more votes. Sadly these parties also advocate racism and forced repatriation of foreigners. It is becoming very important for a lot of reasons that mainstream parties recognize what is going on, otherwise there is a real risk the racists will win real power, because it may be the only way people can vote for these other extremely important political changes.
2) What is your political goal?
by Capt_Troy
What is the goal you hope to obtain in regard to the DMCA dispute? How to you intend to meet those goals ?
Personally, I think that as time passes, people will become more and more technical and eventually the absurdity of the DMCA will be exposed on a more general population than just the techies that it is now. So the best means to an end IMHO is educating the general public. Is this your intention?
Alan:
The ultimate goal has to be to find a middle way that addresses both the rights of copyright holders to protection of their works, and the rights of society to ensure those protections are limited and don't do harm to the general good. Copyright was invented for government censorship and military purposes. It became something for the good of society, and the USA acquired it in that form. Its important it remains for the good of society.
The truth is that the DMCA has no value at all in stopping piracy, only in stopping innovation. It takes one person to break the protection on something and the game is over. That person may be anywhere and well beyond US law. What you can do is to deal with the actual folk who distribute such material. Lets face it, to get a copy of something on the internet you must be able to find it. If you can find it, so can law enforcement.
We need to get to a point where people who actual commit real crimes are punished not people who make tools that might be misused. The 'logic' of the DMCA extended to other regimes makes grim reading for any US citizen:
Photocopiers can be used to copy - ban them, control the libraries
Typewriters can be used to make copies - license then
Web sites can be used to publish illegal material - license/censor them
Which leaves you with a state remarkably similar to the old stalinist block.
The SSSCA mark two and the digital TV rights in the USA are very similar problems. The digital TV one is confused by the fact that encryption of free to air digital tv is heavily restricted in the USA. It isn't in the UK which makes that simpler and you can get Digital TV cards here. The UK encrypted to air TV people went spectacularly bankrupt but thats market forces at work.
I'd like to see the SSSCA stuff solved by market forces and sanity too. Let the Hollywood folks make themselves an antitamper PCI or USB2 hardware card that has only encrypted data in, a smartcard slot for per user rights management and an SVGA analogue overlay/analogue out. If the market is right they can sell/give away such hardware and make a profit on the films. No software system will survive a cracker long, and indeed things like vmware already make a mockery of software only stuff like windows digital media protection since people can record the audio output of the virtual pc trivially.
A tamperproof hardware card also means they can publish all the programming information to load and play movies on it with any OS. That will cut down the number of people interested in cracking it by 99% too.
Keep the government well out of it. Neither Hollywood or the US government (or indeed government in general) has been very good at meddling with technology and innovation. The SSSCA mark 2 is basically an attempt by the studios to make someone else pay for the technology they want to use to sell their product. Thats utterly cynical misuse of power. If its worth doing - let them pay for it.
Educating the public assumes you have access to media that the public proper read and which sees the DMCA as bad. You don't, the media empires helped create that law. That makes such a process very slow and hard to achieve as it has to be done person by person.
3) Microsoft .NET and Linux
by SL33Z3
What are your feelings on Microsoft's .NET and any initiatives to make the technology work on Linux?
Alan:
Microsoft has publically stated that it has patents on critical parts of .NET and will enforce them. If you think that .NET is a good idea, or cloning .NET is a good idea, remember you won't have a US market unless they find you amusing enough to allow to live on. And if you think Microsoft can be trusted on this look at their recent activities against Samba.
The system itself is mildly interesting as a technology. Its yet another virtual machine, roughly equivalent to picojava in capabilities. It has an interesting way to self generate IDL, but one which their own papers say cannot represent all programming languages.
The more dangerous parts of all this are not so much .NET but chunks of the model that not only the .NET product and the Java standards rely on. Things like xmlrpc, soap and the stuff on top of them are designed to "interwork through firewalls". A better phrase would be "go through the firewall like a knife through butter in a way that prevents the companies involved monitoring the activity".
When all you have is an encrypted SSL session how are you going to figure out if its a legitimate bit of ebusiness with a related company or someone in your company uploading your entire company customer database?
4) Organizing the OSS community for activism
by akb
Free software programmers and the extended community are arguably the most organized non-hierarchical, grassroots constituency in the world. The community includes the tens of thousands developers and millions of endusers tightly networked through institutions like sourceforge, slashdot, countless LUGs, etc. The ability to produce projects of the scale and complexity of the Linux kernel, the Debian distribution, or the engineering behind the Internet itself is a testament to the community's ability to organize more than anything else.
Despite this incredible organizing for software production, support and distribution very little of this gets translated into the political realm. In his last slashdot interview [slashdot.org] Lawerence Lessig chided the community for this.
Organizers of traditional political campaigns for social justice or equitable distribution of power would drool over having a constituency as organized as that which we have. How do you think the community can translate its effective organizing in the technical arena into the political realm?
Alan:
Most organised grassroots constituency. Nowhere near. It's an elitist rather unrepesentative bunch of lazy people. They have far too small an overlap with the masses or with the political powers. I also think that the church would probably find any claim of that nature by the free software people rather funny. Walk into a random record shop and say "Tipper Gore" then, assuming you survive, count the percentage of people who don't know. Repeat the same by going into a random pcworld type computer shop but saying "EFF". The mainstream awareness just is not there.
The way you fix that is to get up off said backsides and write to politicians, propose alternatives, write letters to the mainstream newspapers and organise events to publicize things. Unfortunately everyone thinks it will be OK because someone else will get up off their backside instead.
You achieve change because everyone gets off their backsides and does stuff. Gandhi didn't free India alone, women didn't get the vote because one person rang the prime ministers office and asked for it. The same goes for much smaller and less important goals too.
5) The end of cheap "open" hardware?
by I91MM
It looks like us PC hardware hackers are likely to have a much harder time in the next ten to twenty years as the average (desktop) PC becomes increasingly integrated. I see a trend away from the PC of today towards an increasingly closed 'black box' where the components are no longer a set of cards which are easily replacable. This is inevitable, especially at the lower end of the PC market, since increasing integration leads to lower costs for the manufacturers. Correspondingly, custom hardware will become more expensive and be increasingly restricted to the high end...
How do you think such a trend away from "open" hardware would affect open source development, especially at the lower end of the spectrum? As the computer becomes more and more of a mysterious black box, do you think that the would-be hardware hackers of tomorrow are more likely to turn towards software and application development, and would this be mostly good or mostly bad for open source software (more applications/systems programmers, but fewer hardware-level programmers)?
Alan:
The desktop PC is an anachronism already to most people. The high flexibility of the system makes it scary to use, expensive to manufacture, and hard to make reliable. PC's are also noisy, they are hard to reset to the state they arrived in without losing your personal data and so forth.
The low cost sealed box PC is an inevitability, and one that is badly needed to push computing on a stage. It is much cheaper to do safety and approvals work on a system that the user can't poke a screwdriver inside and which doesn't contain connectors sticking up off the board like small aerials.
I don't see all custom hardware getting more expensive, or the inability to fit cards as a problem. If the entire system is cheaper than the new card it is a quite serious recycling problem rather than a financial one. A lot of electronics hackers have found things like USB very good too. Its not hard to write USB devices and its a great way to plug fun electronics into a PC, USB even provides device power for you.
There is a temptation for some manufacturers to make it deliberately hard to twiddle with a computer, to fit non standard external connectors and the like but I'm hopeful the market will address that - preferably better than it did laptop docking stations.
I'm also not sure sealed boxes make less "open" hardware in the free software sense. It may even be advantageous. If the systems are very integrated it becomes easier for all OS vendors to handle things like driver writing because there are less drivers to write. A piece of silicon is pretty opaque without the manual whether you have to saw the box open or undo screws.
It might mean a reduction in the number of programmers with good hardware experience, it might also mean there are more good programmers free to work on the next critical things - user interfaces, security models, or replacing the current web services garbage with something that is scalable and can be made to work for example
6) Free vs Commercial
by div_2n
With free versions of software such as Open Office constantly improving, what place do you perceive commercial software to have in the free software world as free alternatives mature to an acceptable and usable state?
Alan:
It really comes down to people having a business model that justifies the extra cost of their proprietary product, both in convenience to the user and development cost to them.
Sometimes that equation makes real sense. For example I'm sick of deleting bug reports from people with the Nvidia kernel modules. I've talked to Nvidia folks about why they do it. The bottom line is that I can't make a good case for them to open source it. Their worries about what it might do to their performance relative to competitors are quite well founded.
If the governments would do something properly about the Microsoft monopoly, patent abuse and other false pressures the markets ought to sort it out. Right now its not the "invisible hand" guiding the markets its the "lobbyists jackboots"
7) Beards?
(Score:5, Funny)
by WinstonSmith
I've been programming a computer since I was 8 years old. I'm 29 now. That's 21 years of "experience". Lately, however, I've come to the realization that I'm never going to make it "big" unless I grow a Big Ole Programmer's Beard. I'd like to think it's possible to be a wise UNIX guru without one, but I think it would be easier if I had a beard. A big one.
My question is: Since my wife won't let me grow the Big Ole Programmer's Beard, what should I do to make it "big" in the world of UNIX gurus?
Alan:
You could try a disguise kit. Maybe a stick on beard would work? I'm glad to see that you have at least decided the wife is more important than a beard.
Linus is proof that you can change the world without a beard, even by accident. In my opinion you have to do two things to be a Unix guru. Firstly you need to know a lot about the system and the philosophy. Being able to say "V7 was the last real Unix" and justify your claim is a good test. Secondly you need to be actively helping and teaching other people that knowledge - which in turn also improves yours immensely. If you want the holes in your knowledge showing up try teaching someone.
8) The future of Linux
by halftrack
With the rise of KDE3, increased user friendlyness and "simple" distros such as Mandrake and Lindows. Do you belive the development of Linux and the open source comunity would be harmed in any way, if Linux ever became mainstream?
Alan:
Linux is already mainstream in the embedded world and in the server world. Take a look at the huge Wall Street companies using Linux if you doubt that.
The desktop is much more challenging, but I don't actually see it as a "problem" if it becomes mainstream. It will certainly add pressure to improve standardisation work in the LSB for the user interface libraries.
The bigger challenge in terms of not breaking the OS is embedded. The drive for size is not that major a problem but the goal of extremely good real time response does have potential conflicts. Solving those of course also helps on the desktop.
9) What should we fear the most?
by jmv
There are many plagues that threaten the open-source community and even the software industry in general. There are software patents, DMCA and the like, frivolous lawsuits, MS bullying to name a few. In your opinion which one is the most dangerous? Also, what do you think is the best way to fight it?
Alan:
Most of them depend what country you are in. I don't see the USA or western europe as a long term software development market for example. They are too expensive and there is too much stupid (as opposed to justified) red tape and expense.
Software patents and frivolous lawsuits all sit together. When you look at the kind of rubbish the USPTO has allowed to be patented - stuff like merge sorting web logs - you being to realize the scale of the mess. Fortunately everyone is now telling the US government this, even patent attorneys. It is going to take a lot of cleaning up and will require political will alas.
Microsoft certainly are a threat. If they are given a slapped wrist then their behaviour after the lawsuit is going to make their behaviour before it look quite saintly. It won't be politicially acceptable for the US to drag them straight back into court. They know that from their last slapped wrist. The fact they have been able to avoid paying shareholders dividends has given them huge amounts of cash and power. Typically a corporation pays over 80% of its profit as shareholder dividends in the USA.
Its actually quite ironic for them to describe Linux as un-American. Work out the tax that would have arisen if they paid dividends like normal companies on their 30 billion plus cash mountain. Now convert that into extra on the ground US security service employees and ask the obvious question..
10) Do you have any other interests?
by gosand
Do you have any other interests, besides Linux? I know in order to get to the "guru" status you have to be pretty dedicated to one thing. But what else do you like? Or are you a 100% Linux-kernel-hacker? I swear I saw you the other day riding a Harley. ;-)
Alan:
I don't think you can obtain guru status without having other interests. If you never look out of your own windows you will miss so much that has direct relevance and is usable in your own field of work.
The things I actually do tend to vary, the last couple of weeks have involved playing Illuminati and practicing my world domination skills (one win, one joint win out of two) and investigating furniture. Next week may involve repotting plants I think, and trying to work out why one of my spiderplants is dying.
I know I'm getting older too. There comes that certain point in life when you actually find things like furniture catalogues interesting. As a friend summed it up "I have found in me the urge to buy power tools".
You wouldn't find me riding a Harley however. I've never been keen on bikes. and my mother promised long ago if I ever got one she'd smash it into little pieces (a close relative ended up with a permanent limp from a bike accident). I've done enough damage falling off a real horse, I'll skip iron ones.
It's very hard to fight laws in foreign countries. Dmitry for example was almost certainly chosen because he was Russian. It's sadly much easier to win a case in almost any country when you use your historical enemies and prejudices to set the precedents. "Foreigner attacking US business interests" just sounds so much better in court than "clever kid helping his grandma read ebooks", especially when someone notices you can easily get a longer sentence for helping grandma read than kicking her down the stairs.
Dmitry was not in hot water just for "helping grandma to read", he made it possible for millions of copywritten works which make up for some people's livleyhoods, to be exploited without proper compensation by 10's of millions of people. If he wanted to help grandma read, he would bring some books from the local library and get grandma some warm tea and a bright light.
I am sure that there were certain portions of the way he was procecuted that were not fair, but this sort of gross exageration does not fool anyone and really does more harm than good.
Of course my idea is that eventually it all talks to each other and tells me what it all needs and prints me out a list for when I drive down the road to the nearest Wal Mart (O.K. Asda).
Matt Thompson - Actuality - Insert product here.
Shareholders know they don't pay dividends, they invest full well knowing that. They bet that by reinvesting that money back into the company, the shareholder value will increase. That in of itself is better than a dividend.
SIG:Slashdot: indymedia for nerds.
> investigating furniture.
Thats a busman's holiday if there ever was one! In the UK, the only acceptable place to buy furniture is Ikea (or so I've been told) and they run redshat:-
* alan walks into ikea.
[alan] "ooh a vt420"
[alan] "ooh a redhat box"
* alan admires his work smugly.
* alan leaves ikea with cheap flat pack furniture that will break during assembly.
--- And on the 7th day, God created Windows. He must have been tired by then.
I almost wonder if his is a space alien (like something out of Men in Black). I wonder which one he would be.
In any case, it sounds like he has been putting his courses in improvisational science and cultural reconfiguration to good use.
"It is a greater offense to steal men's labor, than their clothes"
That's a nice thought, but as there currently aren't that many distros that even manage to comply with the current LSB, how likely is it that UI libs will be standardised? I don't think it's possible to introduce standards into Linux now, it's too late for that. We just have to make do with whatever standards were set by the UNIX heritage, or by market forces.
I'm still trying to figure out if that's a good thing or not.
I'd like to see the SSSCA stuff solved by market forces and sanity too. Let the Hollywood folks make themselves an antitamper PCI or USB2 hardware card that has only encrypted data in, a smartcard slot for per user rights management and an SVGA analogue overlay/analogue out. If the market is right they can sell/give away such hardware and make a profit on the films. No software system will survive a cracker long, and indeed things like vmware already make a mockery of software only stuff like windows digital media protection since people can record the audio output of the virtual pc trivially.
The real problem is that Hollywood wants their cake and to eat it too. They want to use commodity PC hardware (DVDs). They should kill the DVD, create a propritary platform (players only) and NEVER aloow it to run on a PC. Geez, I publish something in a public format I then I'm surprised the public can share it? Get real.
This whole screw-up is Hollywoods fault. Don't let them stick it to us for their mistakes.
Hmm... what is it with beards and UNIX gurus and Jedi. When Obi was an apprentice, he was clean shaven (and his master Qui-Gon had a beard). Now that he's the master, he's all fuzzy. Maybe it's a UNIX thing too :)
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
Every time I read an interview like this, it strikes me how odd my own life is - I'm at least as concerned about the Microsoft trial and the latest versions of software as I am about my relationship w/ my wife. It's a kind of techno-myopia - you get so immersed in it all that priorities become skewed. And I think I'm safe in saying that I share this w/ a large portion of the Slashdot community. Every time I have this insight (about once a month or so), I go get out my guitar and start practicing for a few days, and I think about my life and what's important, and I always resolve to spend less time worrying about the things that don't really matter - like whether an Athlon or Pentium preforms a particular test better. But then I go back to work, and I start worrying about the same old crap again.
I sometimes wonder if the Slashdot community's collective myopia and whether it will lead to the community's downfall - worrying about trivia while the rest just gets ignored. Is the latest version of Linux really more important than getting out and taking a walking holding hands with someoue you love?
Yeah, it may be OT and it may be flamebait, but Alan mentioned this one...
After V7, more and more got thrown into the kernel. V7 was the last "minimalist" kernel, where small was beautiful.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
In fairness, the guy was talking about organization for software production and distribution. His point was that the political side was weak and asking about how to change that.
He's still wrong, and I agree with Alan that this isn't someone familiar with organized religion.
An additional point is that, as much as Eric Raymond, Richard Stallman and Slashdot editors would like to believe that involvement with free software necessarily involves certain political views, that's not the case. You're not going be able to mobilize all Linux users, or Linux developers, for denouncing gun control, eliminating copyright or guaranteeing children the right to view porn in public libraries for the simple reason that most of those users and developers don't believe in those things.
What I'm listening to now on Pandora...
While I'm fascinated to hear Alan's views on life, the universe and everything, I can't help but notice that a minimal boot of my 2.4.18 kernel with nothing running but a serial console, bash and free, is leaking memory, a few K every couple of seconds.
Still, I expect that's due to racist European politicians or the EU-DMCA. Those Belgian bastards are stealing my memory!
If you were blocking sigs, you wouldn't have to read this.
Hate to say it dude-mar, saw a DVD/VHS unit in the ole wally-world yesterday. Not sure on the specs, or who made it, but for about $200 you could buy it.
"If a quarter is two bits, then a dollar's a byte." -R Deric Miller
Readily available DeCSS + DivX is a good choice if you want to copy DVDs. I have heard there is plenty of people using it!
Definitely, at least for DVDs, DMCA has proven completely useless at stopping piracy. And for a DVD->DVD copier, just wait a little...
When all you have is an encrypted SSL session how are you going to figure out if its a legitimate bit of ebusiness with a related company or someone in your company uploading your entire company customer database?
.net going over it (whatever .net is?).
I dunno if I can agree here.
What exactly would be the difference between running ipsec over a firewall?
All the firewall admin will know is that there is data going over the ipsec interface.
That's just as much as when there is encrypted
Well, don't worry about that. We can get you back before you leave. (Dr. Who)
Alan Cox clearly doesn't understand copyright -- what is that baloney about it being invented by oppressive regimes for censor? Copyright was something an author sold a publisher, and didn't exist in any form, really, until it got put in the American constitiution. The problem then was the publishers were ripping off the writers, and it was made to protect a writer's (and the publishers he contracted with) rights. The pirates, from the start, were publishers.
He's right about the political machinations though. When the only alternatives are some fruitcake space cadet with a bunch of platitudes or a racists with a promise to make the trains run, people are going to say, hell with it -- if we can't have a decent government, at least we can have reliable transportation.
When all you have is an encrypted SSL session how are you going to figure out if its a legitimate bit of ebusiness with a related company or someone in your company uploading your entire company customer database?
This is supposedly referring to the dangers of .NET - but if you allow an encrypted SSL session to send data outside your company, you don't need .NET or any other particular technology to upload sensitive company data.
The right way to do it would probably be to require SOAP connections to be done unencrypted on the inside, encrypted at the firewall and communicated externally that way.. Then the firewall gets the ability to examine the data before encrypting it and sending it out (or not).
HTTP supports posting data and files through encrypted sessions - you don't need anything more than a copy of Netscape to send a sensitive document out in a way the firewall can't prevent (assuming you allow any outgoing SSL connections.. and most companies do).
SOAP doesn't require that it be done over port 80 HTTP; that's one of the implementations but not the only one, and if you don't like it, don't use it. It's really easy to move it to another port, for example, or use a different transport completely like SMTP, straight TCP, or even Jabber.
- Steve
Why pray do you need a commercial DVD to DVD copier. I doubt all the people who grabbed things like the leaked Star Wars II movie needed a DVD copier. All they needed was a network interface and a hard disk.
Do you not think that a couple of thousand students getting hit by small claims actions after their machines are shown to be used for mp3 distribution without the authors permission is going to have more effect ?
If you are thinking "they'll just go underground" thats perfect. The other 99% of the population won't be able to find the stuff.
What are your feelings on Microsoft's
Alan:
Microsoft has publically stated that it has patents on critical parts of
This is FUD, plain and simple. The fact is, that the
The system itself is mildly interesting as a technology. Its yet another virtual machine, roughly equivalent to picojava in capabilities. It has an interesting way to self generate IDL, but one which their own papers say cannot represent all programming languages.
Once again, the technology takes ideas from Perl (foreach, anyone?), Java (VM, OO style) Visual Basic (properties done right this time). Best of all, it's designed to be able to integrate with existing code -- existing Gnome/KDE/console programs will be able to call a simple C library to invoke functions from a cross-platform
And of course it "cannot represent all programming languages." You of all people should know that Alan -- this is by design, not a flaw of the architecture. There's always a balance to be made between running code natively and running it on a Virtual Machine. What I can say is that
The more dangerous parts of
all this are not so much
When all you have is an encrypted SSL session how are you going to figure out if its a legitimate bit of ebusiness with a related company or someone in your company uploading your entire company customer database?
And this is a bad thing? Point-to-point crypto, as you point out so aptly, is something that allows the decentralisation of control. Sure, this may be a bad thing for packet-Nazis ("legitimate bit of ebusiness with a related company" as you say), but the fact is that the world is begging for a secure point-to-pont encryption technology that's both relatively secure and simple to set up (I am a GPG junkie but that doesn't mean I expect the rest of my family to be).
Alan's ideas are usually good and I've been involved with the formation of the AFFS in the UK as well as having donated to the EFF in the US several times, but he will not make any friends by insulting some of the smartest developers on the Linux desktop today. Like it or not,
The Mono
Debian users will be able to apt-get install a JIT virtual machine that can play cross-platform applets in their browsers for the first time ever without resorting to propriterary software, and as far as I'm concerned, that's the most important thing we can ask for from a desktop OS -- a good, modern infrastructure for the development of desktop and server applications.
Any legal objections are simply false. Eben Moglen, rofessor of Law he will then once again have my full support.
...but, there is no special protection/rules for the US flag in the USA. There was an *attempt* to make it illegal to burn (or otherwise malign) the flag, but it was not successful. You are legally entitled to step on, spit on, or do other indignities to the US flag!
So, I'm kinda confused as to the point of this whole line of thought.
Free Mac Mini
Any legal objections are simply false. Eben Moglen, professor of Law and Legal History, and the Free Software foundation's top lawyer, has already given the go-ahead for the Mono , therefore I can only explain Alan's anti-.NET arguments to be either misinformed, or written to misinform. I hope he will redirect his efforts to more worthy issues in the future; he will then once again have my full support.
Why pray do you need a commercial DVD to DVD copier.
I would like a personal one, but it is not a question of need. It is a question of US government's (intended-to-be) limited powers and authority. Not sure where any level of government was granted the power to restrict whatever I want to manufacture, within reasonible limits of the Commerce Clause and Copyright and Trademark powers of the government. Beyond that, my wants are none of their business. Wanting to be able to make my own DVDs and copy them falls within my business and nobody elses.
Hummm, just noticed this is my second response to one of your comments and never realized before that we disagree this much! Cheers and good luck with your efforts!
Eve Fairbanks says I drive a hybrid!LOL
> Next week may involve repotting plants I think, and trying to work out why one of my spiderplants is dying.
...
I wonder if he has any ulterior motives for having spider plants
:)
(RMS allegedly has a phobia of spider plants
http://www.geocities.com/stallmanus/ )
If you are going to insult me look up your facts. If Microsoft paid typical US dividends they would have under 20% of their current slush fund. (under because at 80% dividends the investors not the corporation got the benefit of reinvestment of most of the interest)
If they choose to sit on that $40 billion they should be paying tax on it because I really doubt they can demonstrate its neccessary for operational overheads. In which case 39% of it belongs to the US people. Which on a quick back of the envelope calculation is a bit over $50 per US citizen
Alan Cox admits he just can't make an economic argument to Nvidia why they should open source their drivers. He tries to save the situation by doing some hand-waving about patents and IP but eventually has to acknowledge that open-sourcing the drivers would help Nvidia's competitors.
Let's be blunt, if Nvidia were to open source their drivers even Alan Cox is admitting that say ATI could act as a parasite on Nvidia's IP. And that would simply be wrong. Nvidia has invested in a unified driver model where Linux support is almost on par with Windows support whereas ATI has chosen to not invest in skilled driver writers. It is incredible that card generation after card generation the universal complaint about ATI is always about the drivers, the company is based in Canada where presumably with any sort of effort they could hire extraordinary programmers to write these drivers, yet ATI management chooses this area to skimp on spending money.
Why should a company that is too cheap to hire sufficiently skilled programmers be given a free ride on Nvidia's investments?
If the US flag itself could be used as a device to circumvent an access control then it would technically become illegal.
Personally, I suspect you'd have more luck with an ASCII Constitution but that's the principle. Can't see it happening (it's too artificial and would get laughed out of court) but it would be entertaining...
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
I will sell you a Pioneer DVD Burner for $400 right now. Let me know.
Let's just say, that as a somewhat interested code-monkey, I've been wondering off and on now about a bit of what the following answer touches on
Blockquoth the poster (evermore till the
So, I'm mostly curious. Is the whole XMLRPC, SOAP, Web-Based Client, Firewall circle self driving? Network administrators started putting up firewalls so that undesireable traffic would go no further. Then the *.net busted onto the scene and port 80 sort of popped right open pretty much everywhere. Now we write complicated schemes (and schemas) and wrap all our data into a session-oriented layer on top of a connectionless protocol, and shuttle it out (often, as noted in the quote, with great encryption) across the ubiquitously open ports.
To what end? We've essentially arrived at a multipurpose protocol layered atop a single purposed sub-section of a multipurposed protocol, the firewall vendors make the bank, the network admins get a bit more automated every day, and all that's old is new again.
Wierd.
You people kill me laughing
The idea of creating and using a independant language based development facility to create software has no basis in reality.
.Net, it is a ludicrously expensive software API to develop on, and offers no real value in developing internet based applications as a result.
I for one don't care about language independance as there is no use for a application written in X different languages. US Military tried that two decades ago and said enough is enough, and created ADA to solve that problem.
It would seem Microsoft hasn't kept up to date on the historic research in antiquidated software development practices.
Not surprising, it hasn't kep up to date with MODERN practices either!!
.Net was created with one thing and one thing in mind only, to destroy Java and to sell more software, not because it solves a pressing problem in the market place. (Beyond people flocking to Java to solve the decade old problem of keep software alive and well between hardware upgrades.)
.Net was not created because it offers something of value to the market place.
.Net was not created because it solves a technology problem in our industry like Java. (i.e. Truly portable code over target machine hardware)
.Net in short is a solution looking for a problem.
It offfers NO advantage over its target market it wants to kill, (i.e. Java developers) and actually restricts your organization by not allowing your software to run anywhere but on Microsoft's own limited vision of what computing power is, (i.e. PC hardware).
Like so many other times I have commented on
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
It's interesting how most of the questions have a self-serving angle, as if the asker is just trying to get Mr. Cox to agree with him. And moreso, those questions were exactly what you'd expect from zealots without much real-life experience. Someone actually thought that "open source" was the worlds largest grassroots organization? And I love the guy who sees PC has being "open." Open in what sense? Do you have the VHDL for your Athlon or GeForce 2? Is being able to swap one overpriced video card with a bad driver for another really all that empowering?
Kudos to Alan for some level-headed responses, given the loons who asked questions.
Really Alan? Please direct me to a commercialy available DVD->DVD copier, or a DVD->VHS unit?
DVD->VHS HOWTO
Take DVD player.
Take VHS recorder.
Take RF or SCART cable.
Connect output of DVD player to input of VHS recorder.
Press 'record' on VHS recorder.
Press 'play' on DVD player.
Wait.
Real Daleks don't climb stairs - they level the building.
Blaming Dmitry is pure scapegoating - he had remarkably little to do with the extremely few illegal actions that have been committed with his code.
This further quote from your post is apropos:
This is FUD, plain and simple. The fact is, that the .NET CLR and C# specifications are right up there on the ECMA [www.ecma.ch] standards board for anyone to freely implement.
Just beacuse it is an open spec doesn't mean that it isn't burdened with patents. About 6 months ago I was down at the PTO filing a provisional (I do this often on the stuff that I write... with no intention to follow up; it just puts my stuff in the public domain so no one can patent it) and ran into the fella from IBM. He had a huge stack of patents (about 40 or so). I asked him how often he does this... he smiled and said "about once a week". I multiplied 50*40=2000 patents? And he just grinned, proud of this legal terror they had constructed. I can't imagine that Microsoft is much different. In those few hundred (perhaps a thousand or more) software patents I bet there are several on CLR. And I bet if/when you seriously come close to threatening Microsoft, they will use them against you. So please. Calling something FUD when it isn't is just niave.
They already paid tax on it. In the US of A, tax is levied on income, not assets. That's why it's called "Income Tax". Now, unless there was some funny monkey business going on with their profit/loss, and they didn't report all of their revenue to the IRS gestapo, that's 40 bil after tax.
As a side note, if that pile of cash gets distributed as dividends, the recipients will end up paying income tax on them, 'cause its income to them. So corporate profits are, essentially, double-taxes, but that's a different topic. In any case, MS does not owe any tax on their cash pile (except, perhaps, on the interest, since interest is considered to be income).
1. Independent Discovery
Anyone who creates the same secret information independently -- even if it is identical to your business' trade secret -- is free to use and disclose that information. In other words, creating a trade secret, by itself, does not grant you exclusive rights to use that secret.
EXAMPLE: Dudely Company and Manly Company sell competing after-shave products. Dudely creates a database that compares different brands of after-shave advertising and resulting annual sales. Dudely uses this trade secret information to determine how to allocate its advertising budget. Manly's president independently creates a similar database and publishes it in a business book. Dudely will be unable to protect its formula under existing NDAs because its database is no longer a trade secret.
To preserve a possible claim of independent discovery, many companies will not look at materials furnished by an outsider who wants to sell something to the company. By refusing to consider unsolicited materials, the company has a better argument for its independent creation of similar products. One method of proving independent creation is to use clean room techniques (see "Clean Rooms" below)
Unfortunately Communists, Socialists and Facists just can not understand your points, nor do they understand that the above 3 groups are shades of the same cloth.
I have also noticed that they assume Capitalists, like me, automatically support state imposed death penalties, gun bans and recreational drug banning and keep trying to argue about how wrong these laws are, no matter how much anybody agrees that these laws are wrong too (except for the guns, they disagree there but what's the difference? they disagree for agreeing with them on other issues).
The best we can do is state our case(s) and let others judge the views, let the anti-freedom forces whither away like North Korea and Cuba.
Eve Fairbanks says I drive a hybrid!LOL
If the DMCA had stopped people from building DeCSS, someone would just build a program that takes an encrypted DVD image file and build a virtual drive to represent it, like Daemon Tools does for an iso. You'd just pull the DVD contents as a file off the drive and send it encrypted over OpenFT instead of sending the unencrypted version.
Encryption can't stop copying.
Don't forget, the taxes were already paid on these funds when earned. Mr. Cox, and many others like him, just want taxation to be a revolving door for corporations.
Eve Fairbanks says I drive a hybrid!LOL
If what Alan said about the patents they hold is true, then nothing you said is very relevent.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Anyway, we are talking about extreme cases (always difficult) of financial theory (which doesn't have a whole lot of theory behind it to a humble engineer) in situations that, as you imply, will probably never arise.
However, you may want to look at the MSFT price graph for the last 2 years, and keep in mind that they have a LOT of option grants coming up in the next 2. Trees don't grow to the sky and Microsoft is no exception. Problem is MSFT is valued as if they do.
sPh
I'm surprised there are still people on Slashdot who haven't heard of the exception to patent law called Independent Discovery. I could go ahead and describe it here, or I could quote one of the more eminent legal resources [nolo.com] on the Web. Basically, if you didn't copy the patent directly off their patent claim sheets, then they don't have a case against you (US and UK law):
Independant discovery only works in a trade secret environment. Independant discovery is not a defense against patent infringement. The book you link to and the stuff you quote is all about trade secrtes, not patents.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
The point you're missing here is, piracy is an illegal act of redistributing another's work without compensation to the original author. By definition, this is an illegal activity, so how is any law outlawing the tools that allow this going to prevent the act?
The legitimate customer who HAS purchased the software/DVD/widget now cannot exercise his right to make backups of the content. He also cannot transfer the content (which he purchased -- he did NOT purchase only the media, he purchased the right to use the content) from the delivery media to a media of his choice for use. This restricts his ability to use the product as he sees fit (in the privacy of his own home).
If THAT is not enough, the protection schemes many companies use on their products prevent the normal operation of the product. The region codes of the DVD are an example of this. I can buy a movie that's only distributed in Hong Kong, but if I use a region enabled player, I won't be able to view it at all, even though there IS NO EQUIVALENT for my region. Another example is software copy protection... if the copy protection can't read the non-standard CD format on a given drive, it is
not useable.
The DMCA says that if I find a way to make this work on my equipment (which it does not, as the manufacturer sold it to me), or I make a backup copy of it, then I am a criminal.
This is what the DMCA does to a law-abiding citizen.
What does it do to a pirate?
Given that a pirate is intending to redistribute copyrighted material (which is itself already an illegal violation of copyright law), and that they know perfectly well that they are breaking the law by doing this... how is one more law going to deter them?
You can pick up an old silver top-loading VCR at any number of yard sales and thrift stores for $25 or less. I have never encountered one that recognized Macrovision, although many of them have only co-ax IO, and IIRC most DVD players are RCA IO only.
Alternatively, you can buy a little signal conditioning box the removes macrovision for about $100.
In case you are unaware of the technology involved (and I'm guessing you are if you've even bothered to ask this question), Macrovision is the "copyright protection technology" that makes VHS copies of DVDs look crappy. Generally it's effects are limited to making the copy fluctuate between a dark, perhaps barely visible picture, and a bright, perhaps washed out picture. Highly annoying, but it doesn't actually prevent copying, it just degrades the video quality of a copy to the point that most people won't bother.
Macrovision is also responsible for that little "curl" you sometimes see at the top of the screen while watching "protected" VHS tapes. It is a common misconception that this is caused by the tracking mechanism being misadjusted or the heads being dirty, but in actuality it is a side effect of the Macrovision "technology". This is why the above mentioned singal conditioners can be legally sold.
In summary, it is quite easy for any consumer, with a modest outlay of cash to purchase perfectly legal consumer technology, to make DVD to VHS copies.
I have no experience with making DVD to DVD copies, but my understanding from the little research I've done is that it's just as easy, if perhaps a little less legal. DVD-ROM drives are in the $40 range right now, and I've seen DVD burners for under $250 (though IIRC DVD burner formats that will play in consumer DVD players are more expensive, being around $400).
Note, though, that as far as I can tell CSS in no way prevents copying of DVDs (it's still possible to copy a DVD, CSS and all), but merely limits the equipment that the consumer can watch the DVD on to that officially approved by the MPAA for that particular part of the world. In theory, I could play a pirated copy of a region 1 DVD in my region 1 DVD player without difficulty. That's just a theory, mind you, as I haven't actually tried it. However, I have tried to watch legally obtained legitimate copies of region 2 DVDs and have been prevented from doing so. I have also had problem with low quality, but perfectly legitimate region 1 DVDs.
In summary, the "copy protection" on DVDs hurts only the legitimate consumer trying to watch their legitimately purchased media, without having any actual effect on pirates, since the equipment needed to make those copies is readily available at consumer level prices.
Under capitalism man exploits man. Under communism it's the other way around.
i'm working on this as we speak.. =)
.jpeg of a flag, at any size, it will work.. =)
basically you feed it a
of course I'm going to post this anonymously once the code is done, but i think it would be great
the problem is that the flag of the US will not be viewed as a copy-protection circumvention device.. the code that reads the flag and cracks the code will be associated with it..
the reason being is also the reason why the DMCA shouldn't have ever been enacted. circumvention code by itself cannot crack copy-protection schemes, it takes a computer to run it on.. so the computer WITH the code together should be the item that is illegal, not just one part of it.
just like rocks are not illegal, but rocks enroute to target + person who throws them + target that will be damaged by rock makes the rock an illegal tool. it is because the rock was used in the commission of a crime.. the same way that guns are legal, but using them to hold up a bank is not.
-fc
. echo -e \\04 >
I'd like to see the SSSCA stuff solved by market forces and sanity too. Let the Hollywood folks make themselves an antitamper PCI or USB2 hardware card that has only encrypted data in, a smartcard slot for per user rights management and an SVGA analogue overlay/analogue out. If the market is right they can sell/give away such hardware and make a profit on the films.
I can't believe I'm reading this bullcrap coming from AC himself. If I pay for digital content, I have every right to expect to have open access to the original digital stream for whatever the heck my Fair Use desires may be. (Hey, maybe I have a digital projector and want to run the signal through a de-interlacer, sharpen filter, or perhaps scale the output to a different resolution for doing multi-channel viewing). And it is NOT hollywood's right to dictate via DRM, hard-coded or otherwise, what I may do with the content I've legally gained access to, whether cable subscription or open air broadcast. So if I want to take the HDTV stream from my favorite TV show, edit out the commercials, scale it down to 160x120, encode it to DivX and play it on my iPaQ, I should have every right to do so. Same goes for any type of audio-only format. The beauty of open technology is flexibility. I can be creative with it and bend it to suit my needs.
What Cox is suggesting would be better than SSSCA-like government mandated PC hardware / software copy controls, but it is by no means good for the consumer and it is still by any means, an anti-innovative technology. Oh yeah.. and it wouldn't prevent 'piracy' either.
You can find the former at Pricewatch
And here's a link to VHS->DVD units; I haven't found any DVD->VHS units in my quick searching.
I feel fantastic, and I'm still alive.
If he wanted to help grandma read, he would bring some books from the local library and get grandma some warm tea and a bright light.
Dear billstr78:
My name is Jim Shyster, and I represent Global Tetrahedron Publishing, the largest book publisher in the world. It has come to our attention that you are distributing instructions describing how to circumvent the patented access control device which protects our valuable printed content.
Our patented access control system, which is sold under various names, including Darkness(tm), NoLight(R), and Hey-I-Can't-See(tm), is an effective system for protecting copyrighted works from unauthorized duplication and use. Over 10,000 man-hours have gone into developing this popular system, which is licensed to thousands of usersworldwide.
Your description clearly outlines a method for circumventing this system, by use of a "bright light", in violation of US copyright law, specifically Code Title 17, Ch. 12, Sec. 1201. The reading license in our books states that only our NightVision(R) Glasses can be used to read these books in an otherwise darkened room, which are available from our distributors for $199.99. A reader may also purchase a Perpetual Sunshine License ($1,999) which grants members of a household the right to read outdoors, under solar illumination, at any time. These are the only authorized uses of our products.
You might also note the section of the license that forbids license holders from using public libraries or any other system of "free" or "unauthorized" reading, lending, or copying; in order to prevent book piracy.
We trust that you will remove the infringing material within 7 days.
Most Very Truly Yours,
Jim Shyster, ESQ
Dewie, Cheatham, and Howe LLP
You can copy DVDs trivially if you have a DVD burner. What do DVD burners burn? DVD images. What do you read off of a DVD? DVD images. This was demonstrated during the DeCSS trial: they made a copy of an encrypted DVD.
As for a DVD->VHS unit, what's the point? Why would you want a VHS tape if you had a DVD, unless you didn't have a DVD player? And if you didn't have a DVD player, you'd buy a DVD player, not a DVD->VHS converter to use with your VHS player. Of course, you could be making illegal copies for people who don't have DVD players. But in that case, why wouldn't you either tell them to get DVD players and copy the DVD without decrypting it, or get a VHS version and copy that?
These devices don't exist because they're not commercially viable, not because of the DMCA. The only thing that the DMCA does with respect to DVDs is prohibit people from watching them without using a licensed player. And the only licensed players would theoretically be ones that don't let you play copies, aren't region-free, etc. But, of course, there are region-free players, players that will play copies, and so forth, properly licensed and not prohibited by the DMCA.
No, that doesn't work. An ordinary DVD-burner does not copy all the parts of the DVD. Specifically it does not copy the parts that are necessary to decrypt the CSS-encrypted video.
Like most highly successful public companies, Microsoft does share buybacks instead of paying out dividends, because as another poster wrote dividends are taxed twice, once when Microsoft earned the money, again when the investor receives the dividends (dividends are taxed as regular income). Thus, dividends are grossly tax inefficient, and the dividend payout rates of stocks have plummeted accordingly. Dividend paying stocks are favored by retirees who need the regular income and for use in tax-sheltered voluntary retirement accounts.
REITs (Real Estate Investment Trusts) are a special case, they get special tax treatment in exchange for paying out the bulk of their income in dividends.
The UK encrypted to air TV people went spectacularly bankrupt but thats market forces at work.
Same in the Netherlands. They wanted to hide our premier football league (American? read: soccer) behind a subscription model. Noone used it, the "Sport 7" channel went bankrupt and football is right back on public TV.
Turns out you can't cheat the public from what they think should be available. Piracy wasn't an issue here (weekly matches are much permanent than movies and audio, which you tend to *keep*). Only bad thing: many of the smaller teams now have huge debts because they made huge investments based on a multi-year sponsor contract of Sport 7.
Let's hope the general audience will also be smart enough to ignore any devices and software overly protected just for the sake of getting more money. Educating them indeed seems the proper way to fight.
See Section 296 of the Copyright, Design and Patents Act 1988 (c. 48)
Ok, let's look at the facts:
The dividend payout ratio for the S see [1], the rises coincide with recessions as companies try to keep dividend payments steady but profits dip). Also worth noting is that the tendency of US companies to pay high dividends has declined over time (see [2]). The only companies I can find that regularly pay out dividends of more than 50% are slow-growth businesses like electric utilities or car manufacturers, which are known for having high dividend yields. Can you point me to a list of companies with 25% long-term growth rates that pay out 80% dividends? Without running all the numbers, it looks like the DJIA would come out to about a 50% payout on average. Running the Nasdaq 100 would give a COMPLETELY different picture. MSFT is a very different company than Honeywell or General Motors.
- In FY97, MSFT purchased stock in the amount equivalent to a 37% dividend payout.
- In FY98 the payout was 21%.
- In FY99 the payout was 10%.
- In FY00 the payout was 23%.
- In FY01 the payout was 79%.
Remember, share repurchases have the same net effect as dividend payouts. Given that MSFT paid (small) dividends in FY97 through FY00, the respective payout numbers are (97-00): 38%, 22, 11, 23.
You talk about sitting on $40B in cash. Don't forget that they have nearly $12B in current liabilities -- these are suppliers and employees that need to be paid!
And why exactly should MSFT be penalized for sitting on cash? Plenty of US companies have lots of cash. They already all pay taxes on the interest they earn from this "unused" cash, as it becomes part of their net profit. You "doubt they can demonstrate its neccessary for operational overheads" [sic], but this is beside the point. In the US, a company can use corporate assets for any legal purpose. If you think that MSFT is doing something illegal with its cash, then say so. Otherwise, don't try to insinuate that the mere possession of capital is illegal or otherwise "wrong".
If you want a piece of that $40B, you might buy some shares of MSFT. Put a proposal stating that they should increase the dividend payout on their proxy form for the next annual meeting. See if the shareholders vote to approve. If they do, you can collect your $0.18 per share per quarter (an estimate of the dividend amount given 40% payout and the most recent share buyback amounts). But if you're investing for dividends, look at REITs -- they have a higher yield and they are tax advantaged.
MSFT does pay a substantial amount of taxes: $1.2B in the quarter ended Mar 02. That works out to a little over $4 for every man, woman and child living in the US (*not* just citizens) -- and that is just in the first three months of this year.
(Note: I am no fan of MSFT, I just dislike seeing "facts" misrepresented.)
[1] http://www.cpcug.org/user/invest/payout.gif, http://www.barra.com/research/fundamentals.asp
[2] http://www.lowrisk.com/dividends.htm
The Daily Build
Actually that is what SHOULD happen. Unfortunatley Microsoft has used loopholes in the tax law to avoid paying federal income tax for 2 years. www.billparish.com Read it. It's very disturbing
It takes a big man to cry, but it takes a bigger man to laugh at that man.
So you'll take a handout, but you'd call a government "facist" that supplied one? You're slaying me here, man, that's funny as hell!
If businesses/industry do not exist to serve the needs of the socio-cultural matrix that allows them to exist, what are they for? Is the existence of widgets of inherent value aside from the generation of taxes and payroll checks during their production? Perhaps all the Happy Meal toys are really Objectivist Holy Relics?
Now I'm cracking myself up. I'm easily amused today.
I'm sick of deleting bug reports from people with the Nvidia kernel modules. I've talked to Nvidia folks about why they do it. The bottom line is that I can't make a good case for them to open source it. Their worries about what it might do to their performance relative to competitors are quite well founded.
Could you explain this further? The source code for the Nvidia kernel drivers is available (though copyrighted, not GPL) and appears to be well commented. What exactly do they fear from GPL'ing it? That it may degrade in performance? Obviously not that their competitors will be able to see it, as they can already.
Ian (from Cropredy, ukpml & Sydney linux.conf.au)
FWIW, most DVDs are not "protected" with Macrovision, not in my experience anyway. It took me six months before I had to buy an RF converter for mine, before that I hooked the DVD player up to the TV through the VCR.
Studios who use Macrovision have to pay for the privilege. This is why CSS is almost ubiquitous and Macrovision isn't. Interestingly, I'm finding a lot of recent releases of "old" (ie British-made Hitchcocks, etc) and horror movies are being released in budget form in regionless, CSS-less, DVD form.
KMSMA (WWBD?)
At least he didn't start going on about Darmok at Tanagra...
Didn't I read recently that SCO released the rights to the V7 source? Was it just the kernel or the whole OS?
How difficult would it be to target this for x86? How difficult would it be to make it run XFree? Would the kernel need to be updated for POSIX?
Why is it that people can write kiddie porn essays and not get charged, but when a programmer writes De-CSS, etc, he is thrown in the slammer?
AC is 100% correct, the writing of the code does not break copyright law, only using the tool in certain ways is criminal.
The DMCA == censorship at best, at worst it is an attack on a minority group, developers, as big money attempts to control what they can't buy.
Its astounding to me that a person in the US can buy a 9mm Glock, a weapon made specifically for killing other people, but if they distribute certain censored works, like De-CSS, its into the slammer.
What's next? Illegal Mathematical formulae?
Because:
They learn the art of efficiency. It is a complete waste of time to shave your beard if it just going to grow back. You spend 3-5 minutes every stinking day shaving. So why do it? That's around 15 hours a year for a Mon-Fri schedule. Grow a beard and trim it for 5 min every two weeks. Done.
The more dangerous parts of all this are not so much .NET but chunks of the model that not only the .NET product and the Java standards rely on. Things like xmlrpc, soap and the stuff on top of them are designed to "interwork through firewalls". A better phrase would be "go through the firewall like a knife through butter in a way that prevents the companies involved monitoring the activity".
.NET and Linux by SL33Z3 .NET and any initiatives to make the technology work on Linux?
... I simply do not get that freaking panic about SOAP and firewalls.
.html request for a plain web site posting what I like to that side.
When all you have is an encrypted SSL session how are you going to figure out if its a legitimate bit of ebusiness with a related company or someone in your company uploading your entire company customer database?
This is a part form the answer to the qestion:
3) Microsoft
What are your feelings on Microsoft's
Hu hom
If I run a corporate network and I have a server inside of my network, which exposes its functionality via SOAP, my firewall does not NEED to filter it. Well, sure, I'm paranoid, so I filter the adresses so that outside requests only go to the HTML web server or to the SOAP server.
What the heck should be the security issue with SOAP via HTTP if *I* run a soap service. I can configure everything to make it bullet proof.
So other scenario:
Someone outside of my network is running a SOAP service. Clients inside of my network like to access it. My firewall should "be involved".
So again, what is the freaking security problem?
A guy inside of my network likes to upload the client data base to an outside destination?
So, first thing: I only alow SOAP requests to known SOAP servers where my business processes rely on.
Second, "of course" I need a inspecting fire wall. I only allow requests which fit my restrictions of service endpoint and called method.
Third, if you in fact use SOAP you install a forwarding SOAP server inside of your network. That one is configured to accept all requests which are ment to reach a known outside destination. All requests are prechecked if needed or simply forwarded if the destination is accepted or dropped if the destination is not accepted.
The firewall is configured to accept and pass through HTTP requests with content type text/xml or text/soap only from that server.
So what is the problem?
The remaining problem is one can write a custom application using SOAP via SSL to bypass the internal server. The firewall can not check the content because of SSL? I think the firewall still can recognize the content type, only the body of teh request is encrypted, right?
So, you think that is a SOAP problem? Isn't that a generic problem of firewalls?
I can write a custom application, a ten liner in Java or likely a one liner shell script with CURL, just using plain HTTP for a plain
What does the firewall do in that case? The same like in case of SOAP. Either it is statefull and well configured or not. And for inside out attacks firewalls are hard to make water proof I would say.
Bottom line: I see no SOAP inherent problem regarding firewalls. But thats only because the guys who are much smarter in that respect fail to make clear WHY there is indeed a problem.
I would love to see some good points showing why SOAP messes everything up(security wise). I only found statement snd no backing, even from Bruce Schneier.
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
If I've just gone to the movies, the conversation is usually about the movie.
If I'm at work, conversation is about work.
When I'm on Slashdot, conversation is about Linux.
What makes you think this behavior indicates "myopia"?
"Hardly used" will not fetch you a better price for your brain.
They already paid tax on it. In the US of A, tax is levied on income, not assets. That's why it's called "Income Tax". Now, unless there was some funny monkey business going on with their profit/loss, and they didn't report all of their revenue to the IRS gestapo, that's 40 bil after tax.
IANAA, but corps in the US don't pay 'income tax' either, they pay tax on capital gains (profit) and inventory. Of course this would accumulate over time into a cash balance, making your statement correct for essentially different reasons. (BTW, this taxing of profits is why companies with profit left over at end of the fiscal year will blow it on "unneccesary" stuff rather than let it sit in a savings account. "Inventory clearance" sales in the retail sector operate on the same principle - you don't have to pay tax on it if it isn't in your warehouse on inventory day.)
Shoot, isn't that one of the reasons why corps will pay dividends at EOY anyway? Perhaps the more interesting question to ask is why was MS's accountants willing to pay tax on the profit from CG rather than hide it? It must be nice to make money so fast you can't spend it all - at the very least, they could have dumped some of it on lobbyists and settled the antitrust suit the first time around, but I guess they were too busy making $$ to notice that it would be a problem.
Curious indeed.
"Lawyers are for sucks."
- Doug McKenzie
Thanks for the correction.
You say "an ordinary DVD-burner";is it a limitation built into consumer grade DVD*R, or is that info in an area only accessable with a press?
Under capitalism man exploits man. Under communism it's the other way around.
Sorry Alan.
...
Of course it is not FUD as you did not say that with the intension "to FUD" anyone, right?
But your saying IS WRONG.
Its not(only) a descission of the management to pay dividend or not, its a descission of the share holders.
OTOH it IS INTERESTING why the US department of finances does not ask for taxes
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
That by the way is a peculiarly US institution. In most countries authors do get some returns from libraries
The limitation is built into the medium:
http://www.mediasupply.com/dvdr/faq.html
(Speaking as a Brit)
The interest to me lies in the Pledge of Allegiance. Having a country who've been brought up pledgeing allegiance to a flag enact a law making that flag illegal would be amusing.
However, due to the nature of the thing, I have to think that text is a better tool. Also a plausible one.
Instinct says I could construct a hypothetical tool which decrypted DVDs (for example) using the constitution as a key. It would be a trivial modification from an existing program, I'd just XOR the current key against the constitution and store that. Combine the two and I have a valid key... and a legal stunt which would get laughed out of court because there would be no way I could state that the constitution would be an integral part of this whole. Any judge worth their salt would instantly point out that I could have replaced the constitution with any text at the initial stage and made _that_ the critical factor, at which point the fact that I user the constition makes it a legal stunt and nothing more.
However, I'm sure we can beat this. There's enough access controls that need keys out there to provide a large pool of possible targets. Remember the fun a while ago with the 'illegal prime number'? Someone had found a large prime which happened to also be a vaild GZIP file of DeCSS IIRC.
Let's imagine that someone takes a large pile of keys and Project Gutenberg. Searches for byte equivalents of these keys within various texts. Sooner or later we'll hit one somewhere. Maybe the constitution won't unzip that eBook, but what if lines 2-7 of a Shakespearean sonnet cracks WPA? Or 3 verses from Collosians as translated in the NASB crack Warner DVDs?
Remember the fun with various strings connected with Microsoft, carefully arranged, whose ASCII sums totalled 666? This may well be possible...
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
If they just publicited the product to enable blinds to read e-books... they would be just off the hook! (as is stated in the DMCA)...
i get a kick every time i hear this type of argument. it's always the advertised intent of the product that matters.
this is why anyone can run into a "head shop" and get a nice 10 foot tube that their friend has to light while they inhale the tobacco smoke from it. or maybe the fancy ones that have a huge bowl in the middle for placing the tobacco and then has 6 tubes for your friends to all share the tobacco smoke with. but then again, when you're really jonsin' for some tobacco and don't have one of those fancy schmancy devices around, you can always grab an empty pop/beer can which can easily be converted for your enjoyment.
then there's the cable tv descramblers that are to keep you from having to pay those outrageous rental prices from the cable company to use their boxes.
after all, it's the intent of the product. my opinions on weather those tobacco smoking devices or tv descramblers should be leagal is for a different thread, i just get a kick out of the whole "intent" thing. if it's an apple, call it a apple, not a red shiny teacher's desk decoration.
But you still have to pay capital gains on the money from the buyback right? Wouldn't this only be 'good' if you make more than a certain amount of money so that the capital gains rate is less than your income tax rate?
The people who choose to sell the stock pay capital gains, but that may be the long-term capital gains tax (which is significantly lower). You'll pay the same tax on dividend-paying stock, but if you reinvested your dividends to buy more shares you'll have an accounting nightmare figuring out your tax.
Since your money is untaxed until you cash out, you'll wind up with much more money with a zero-dividend stock that averages 7% per year growth versus a stock paying 7% per year of dividends that get heavily taxed and no stock appreciation. Most stocks have lower dividends and some price appreciation, but you get the idea.
In order to be fair we should stop taxing dividends, either letting companies tax deduct dividend payments from their income or letting investors receive dividends tax-free (because the company paid tax when it earned the income). The latter would be simplest, one big tax payment at the source. Neither will get passed because investing is "for the rich".
None of these schemes will work because the US flag is _physical thing_, i.e., a piece of cloth with certain color components and proportional dimension relationships. A _picture_ of a US flag is not the flag itself. Nor is any computer file (JPEG, GIF, whatever) that can be interpreted to present a picture of the US flag itself a US flag.
album its management finds objectionable, that's exercising editorial discretion. They have the right
to refuse to sell it, and you have the right to buy the album in uncut form elsewhere (there's this thing
you might have heard of... the World Wide Web). It's censorship when measures are taken to prevent
anyone from distributing the material...like requiring that CDs that don't have the appropriate DRM
keys can't be played.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
How is this different from any other network service?
Think about it. Why do you bother with a firewall at all? Since you are such a hot-shot administrator, you only have certain services running on the computers on your network, and these services are running for a reason. Unlike in the movies, a "hacker" can only do certain things from outside your network - mainly send packets in (possibly with forged data), and get responses back out. The responses can only come from services you have configured, so why bother to filter anything?
If you haven't caught my point yet: obviously your firewall is useful, because it takes away some of the burden to secure every single service on your network. Now only certain services are reachable from the outside world, and you can concentrate on making sure those are properly configured and secure.
Enter SOAP. It tunnels through HTTP - a design point intended to minimise hassle reconfiguring firewalls. Or to put it another way: SOAP was explicitly designed to circumvent the protection of a firewall, trading it for the convenience of an open network transport. Currently you say you explicitly configured a service that uses SOAP, and it therefore should pass through the firewall. But what if SOAP catches on as a way to deliver generic services, similar to raw TCP ports? What if every new install of Windows 2006 comes with "Simple SOAP Services" including echo, daytime, bgiqotd (BG's inspirational quote of the day) and so forth?
Back in 1988, everyone wrote his own inetd.conf file (or was inetd even around back then?) and knew exactly what TCP ports he was using. Now Unix boxes come with telnet, rlogin, rexec, lpd, and lots of other junk enabled by default, a lot of which is a good idea to firewall off. SOAP or XML-RPC could easily be in the same boat, say, five years from now.
Tunneling through port 80 created an unnecessary arms race between firewall vendors and web services vendors. "I can tunnel through your firewall" ... "I can intelligently block your flows" ... "I can use SSL to keep you from making decisions about my flows" ... "I can use MITM to decrypt your SSL" ... "I can use and verify certificates" ... Why? It's one thing to have an arms race with an actual adversary. In this case the two are on the same team - unless you consider "defeating your own firewall" to be an actual conflict situation.
"How can you claim that you are anti-crack, while still writing a window manager?" — Metacity README
Ahh, but there's nothing in the copyright laws that speaks to the ease of reproducing the work. Whether you share a digital copy or employ 30 monks to inscribe it a la The Book of Kells , it's legally the exact same thing.
What your argument here is really based on is the idea that libraries only exist because they cannot physically impact profit, due to the finite number of book available.
You're probably right. I dunno how well it would go over if my library bought 200 electronic copies of the latest NYT Bestseller, and loaned them out via copying one to my reader.
Whatever happened to JonKatz?
encode DeCSS in the physical form of a handgun.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Puh ...
... or if I SSH.
... BTW: actual linux distributions are not better. Ever looked into /etc/inetd.conf?
:-(
this does not explain what the security problem with SOAP is or might be.
If I had a Win 2000 machine exposing itself into the internet via SOAP I would blcok the port or clean the machine.
The problem is not SOAP in this case as this could happen with everything.
If I would run a SOAP service I would run it by convenience not via the standard HTTP port but over its own port.
Allan Cox particulary mentioned: somone inside of the network would easily be able to upload my corporate data via SOAP(to an outside destination). Thats wrong. Thats not a SOAP problem but a generic one. Regardless via wich port and what protocol something is going.
The same could happend if I SOAP via SMTP
The problem is indeed default enabled junk
Be lucky if the top line is a comment like: all services disabled, look in XYZ how xnetd(or however it is called) is configured. And then you only get TeX-Info for the "state of the art über demon" which needs emacs and other ugly stuff
So, I still lack a good crafted soluition how to use SOAP securely and what to avoid and whre teh in depth problems reside.
Lets say: ok, I accept it. I do not use HTTP for SOAP. What should I use then? And why?
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Ultimately it's about compromise, between the Lander sisters' artistic vision, the suits at Sony, Wal-Mart, and the other distribution avenues, and fans like you. If you aren't willing to pay more for unfiltered cursing, then why should you expect any of them to deliver it? (True censorship doesn't allow all of you to bargain with each other -it decides that your tastes are irrelevant.)
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
SOAP alone is not particular interesting.
... it opened far more questions then it closed).
Its in some sence more lightweight than CORBA, it lacks activation and sessions however.
It a simple message/response protocol.
The SOAP server is a simple extended HTTP server. Interesting are the standards based on top of SOAP: UDDI, WSDL.
However I find SOAP overcomplicated in its specifications and abilities.
Ease of use for dummy developers is however, great. Just enter the URL of your web service into your IDE and it genreates you local stup classes to communicate with the server, the rest of the code does not see that you use remote objects.
As I said: good for dummy users/programmes, nothing for me. If you dig into it and try to understand how it is working and what the restrictions are, you hardly find good material(I spend a month to craft a presentation about SOAP
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.