As multitude of other people have pointed out, by assigning your patch/code copyright to the FSF, the FSF retains full ownership of the software.
I'm not going to go into the aspects of using the FSF as a big stick to hit GPL infringers with. Instead, I'd like to point out something that people seem to miss w/r/t this whole thing:
By assigning your copyright to the FSF, you allow them to relicense the code anyway they want, with no input from you. Now, I'm not screaming blue bloody murder here, it's just something that people should be aware of.
The FSF sometimes will relicense code to companies which would like to use the code, but can't take the GPL (for one reason or another). A historical example was Motorola. They licensed gcc from the FSF under some closed-source terms, and paid big bucks to the FSF for it (it was close to $2million, IIRC). Those terms included the stipulation that improvements from Motorola were to remain inside Motorola. Essentially, the FSF simply sells copies of the code base. By retaining full copyright on programs, the FSF has the power to do this sort of thing whenever it wants.
Now, I don't believe that the FSF will ever abandon the GPL, but you need to be aware that your code may be sold in a non-GPL format to XYZ company. If this is fine with you, well, it's a nice way to support the FSF (monetarily-speaking). If you have problems with this, then don't assign your copyright.
The E-meter is a physical device, that does not require a license to operate (that is, it is easily obtainable through open channels available to the public without any licensing required). Therefore, the Scientologists have given up any right to control what is done with the E-meter, since they sell it without a license of any sort. Period.
Now, what is in the E-meter may be copyrighted, patented, or otherwise protected, so you can't automatically assume you can make a copy of it. However, so is any printed book. The courts have consistently ruled that the owner of a book may freely resell it in any manner whatsoever; that is, the copyright holder has no legal recourse to determine the resalability or conditions of use by the purchaser. I don't have the cases in front of me (Hawk, help!) but this is very well established case law. Once you own the book, you can do whatever you please with it; you just can't copy it (Fair Use, excepted). The physical item is yours, and noone, even with an army of lawyers, can force you do otherwise.
The DCMA is simply being used to confuse the issue. It is not in any way applicable to this case, as it concerns the COPYING and MANNER OF USE of copyrighted materials. It says nothing about the resale of copyrighted material which has been otherwise legally obtained. UTICA, however, might possibly apply here.
What this is is someone not consulting their legal department when they receive a demand letter (or, having a really bad lawyer look at it). The demand is invalid prima facia. This is the same as if O'Reilly had sent a demand to EBay to quit selling all those old copies of Programming Perl since they owned the copyright.
In fact, Ebay should countersue, for malicious prosecution (actually, the civil equivalent), and have a judge force the Scientologists to pay their lawyer fees, plus lost income (hey, this is Ebay, we can inflate that lost income any way we want, and no-one would know!), plus punative damages. I bet they could get a couple million if they pursued this.
Ebay needs to look at this as a revenue-generating opportunity! Hey, they might even get a stock uptick when they sue the Scientologists!
I've got alot of background dealing with copyright and storyline use, but, IANAL, so consult one if you need official advice.
Fan Fiction fits the definition of "derivative work" in copyright law almost to a T. Despite what the article says, it's pretty clear that all fan fiction (by definition, almost) uses the settings, characters, and plot histories of copyrighted works. I don't care if they go into places that the original never imagined. In fact, that's irrelevant. What is relevant (in the eyes of the courts) is that you are using a well-known character, with defined background and references, that is owned by someone else. Sorry, but that's a derivative work, period. Honestly, I can't see that Fair Use comes into this at all - I think that the studios have a solid claim that "publishing" on the Internet is well beyond the scope of Fair Use, and thus, any protections thereunder are void (the fact that people are making no profit off it is immaterial).
The thing here that studios are afraid of, is that derived works are a two-way street. That is, the new author has to get permission to use the original work in order to publish, but that doesn't mean that the original author owns the new work. What the studios are afraid of in this scenario is that their scriptwriters accidently (or maybe not-so-accidently) use a plot identical to one found in a fanfic story. Oops! Now, the fanfic writer has ownership of that, and you get into some nasty situations.
Basically, I don't have much of a problem with the copyright owners policing their fanfic followers. They are well within their rights to do such, and in fact, it's probably really necessary to protect the integrity of their original works. However, the manner in which some do this is far too heavy-handed, as fanfic is beneficial to the original author. It's a fine line, but, in my opinion, one which the original author has all the right to determine where it should be drawn w/r/t his or her works.
Think of it this way: suppose I write code that I decide to GPL (for whatever reason). Giving fanfic true, unencumbered legal status would be about the same as letting recipients of my GPL code use it in their product, and change the license to something they wanted instead. ( I know this isn't a perfect example, but you're all smart - get the analogy?)
One of the big bitches of electric cars is (besides battery life) the poor power/weight ratio of the electric engine against the gas (petrol) engine. Also, even more damning, is the relative reliability of the gas engine. What we really need are people putting alot more effort into making a better, lightweight electric engine.
We already have the parts to build a really good hybrid gas/electric car (which, face it folks, is the only kind of low-emissions vehicle you will see for years). We have the following parts:
Electric engine - provides the power to move the car. Also acts as a generator when braking/coasting, thus providing extra power!
High-efficiency gas engine - stick in a 300-400 cc motorcycle engine. They generate several kW of power, and can run at optimal efficiency (about 4500RPM) all the time, since you're not using them to directly drive the car. And the parts are readily available, and easy to maintain (and there is a repair infrastructure already in place - your local Kawasaki dealer...) Of course, I'd really like to see us use miniature gas-turbine engines, but I don't expect to see this anytime soon...
Zinc-oxide batteries - the so-called "air battery" provides excellent continuous voltage and storage. You may still need a couple of lead-acid around for instantaneous bursts, but probably no more than 2 standard ones.
High-speed Flywheels - easily the most efficient and compact way to store energy, a flywheel made of composites can be spun at up to 100,000RPM or more to store energy. And they don't lose energy much (you could leave one spinning overnight and probably only lose a couple hundred RPM, if that). Far more efficient than batteries, these are tre-cool, too.
The Honda Inspire and the coming competition from Nissan and Toyota are OK, but face it, we need something about the size of a Honda Accord, not a Honda Civic CRX. I can't see any reason (technically) right now why someone doesn't mass-produce a converted Accord. I mean, you can use the exact same design (maybe cheat and use alluminium body panels), just with a new powertrain (with an electric engine, you should probably have a continuously variable transmission, rather than an "automatic", and definately not a "standard") and still get at least 70+ miles/gallon (that is, 30km/l).
Hell, with the $4k US tax credit for buying a low-emission vehicle, and gas here at $1.85 in the Bay Area, I'd spend $5k more for a converted Accord over a normal one, and still make out like a bandit. So who're the morons in the Marketing Depts at the car manufacturers?
Not to disrespect the other cultures reading this, but I'm an American, and thus, this post reflects my culture. YMMV for your country.
I've had at last count 4 friends with bipolar manic-depressive illness. One managed to succeed in killing himself: you may have known him. I lived with a mildly (ie, not bad enough to be clinically diagnosed, but definately there) bipolar friend for 2 years, so I've seen exactly what this does to people.
The real problem here in the US is the lack or recognition that mental illness is a real disease. Alot of the pseudo-bullshit "new" mental illness diagnosis that seem to pop up (with the sole purpose (or so it seems) to get compensation under the Americans with Disabilities Act) certainly re-inforce this view in the public's eyes. The shame that often goes with the formal diagnosis of mental illness merely is the last turn in a vicious circle.
In answer to the Pinkerton WAVE thing, the NYTimes has a great article on so-called "ramage killers". Guess what? A majority of them were diagnosed with a clinical mental illness. Were they getting proper treatment? Nope. Were they being supported in a reasonable manner? Nope. Hmmmmm.
A poster awhile back suggested that school children undergo mandatory psych exams, and that they be put on (drug) therapy if they showed any signs of being a "problem". Actually, I think the basic idea is a good one. Early diagnosis of a disease is critical to long-term survial (ask any doctor). The rest of the idea isn't so hot. But I think it would be a good idea if schools had everyone talk to a psychologist once a semester. It'd cut down the biggest barrier to helping those with mental illness - the stigma of asking for help. Kids would be able to get help without being even more of an outcast. And you'd have a great opportunity to bring in the parents, who are going to be the biggest help to the kid.
I don't think anything could have help Marty, as much as I wonder if there was something I missed or could have done. However, I'm now really sensitive to people who show any of these signs, and do what I can for them - which is often hard, as accepting such help is often the last thing someone is willing to do. <sigh>
Lastly, I don't see any particular concentration or statistical blip on bi-polar people being programmers/geeks. Sorry, but this is something that I've seen in virtually all sorts of people. It's a disease. Attempting to pigeon-hole bipolars as geeks (or vice versa) is incorrect. Period.
... honestly, how can it be illegal for someone to sell a non-region encoded device?
Even in the US, assuming that the DMCA stands (which is a big if), I would have assumed that several things occured in the manufacturing of the PS2:
Sony paid the DVD Forum (or actually, is already a member) the required licensing fees for the decoding algorithm, and the right to use it.
The PS2 does NOT make available the method for "cracking the CCS". They already legally have bought the rights to decode it, and are not "circumventing" it in any way.
You can't claim the PS2 is in any way a DVD-copying machine, any more than a standard, fully-region-encoded DVD player is.
Simply by ignoring the region encoding flag, I don't see how they could construe this to be actively circumventing the copyright protection of the DVD. Region encoding has absolutely nothing to do with copyright; it's all about distribution control, nothing more.
If Sony would be in trouble for anything, it might be for failing to adhere to the terms of the DVD CCS license contract (which undoubtable says something like "You are supposed to enforce Region Encoding"). However, this is contract (ie Civil) law, certainly not criminal law.
Of course, IANAJL (I'm not a Japanese Lawyer), so things may be different there.
Certainly, if the case is Civil, people who bought the PS2 aren't legally forced to return it. They can keep it. If it's criminal (wherein the possession of such a device is illegal), well, then, guess you have to give it back.
I'd be interested to see what this turns out to be...
I used to work for Prof. Pentland, and he's definately a good guy to hang out with, not to mention having a packed head (as Ender would say).
However, when I first heard of this thing via the MediaLab mailing lists, I had to wonder about the sanity of those involved. Or, at least, the common sense.
I mean, the Lab has done some really strange stuff over the years (anyone remember the original "fashion-show-with-wearable-computers"?), but I have to say, getting a group of nationwide geeks together is kinda weird. I mean, when I used to work there, you already had the biggest bunch of geeks together in one place.
Oh well, I'll probably fly cross-country to get there just for giggle (and to see my friends).
Fight advice: Check out the specials from the various airlines starting today for flights leaving early Saturday morning and returning Sunday or Monday. I can usually catch a flight from SFO to BOS for about $300 or so. I got used to seeing $150 from most East Coast cities for such a jaunt. And, when you're there, buy a 3-day T pass. It's cheap, and Boston has excellent public transporation.
Tourist Advice: go to RedBones in Davis Square (off the Red Line) for some tasty BBQ. Check out the MIT Museum for some randomly nerdy exhibits and a cool display of MIT hacks memorabilia. Go to E.L.I. computing on hampshire st in cambridge for a look at all the wonderful old recycled computer parts (they used to be the only place I could find PDP-11 parts). And, of course, go see the Boston Computer Museum (conveniently next to the Children's Museum).
True, many people have misgivings about such service, given their experience with some other gov't agencies (as you have).
But look at it this way: currently, about the only "data" service that gets fixed promptly is telephone, and I'm almost positive this is because it's regulated as a "critical" service. Also, in many areas, the Water, Gas, Sewer, and/or Electricity are already local government owned, and I've got pretty good experience with my local Water/Sewer service fixing that right away...
Ever tried to get your cable fixed after a break? Or what about the (non-existant) service guarranty that comes with your DSL? Point is, the current "last-mile" providers of Internet and Cable service aren't doing any decent job right now, and I don't see them getting a whole lot better soon.
The advantage of having your local town run the Data Dept is that it's local - your city taxes pay for it, you elect local people to manage it, and it's almost certainly open to public feedback and criticism. The best model I can thing of is the Water&Sewer service - you get public meetings, they are funded by city taxes, and the City Council dictates their terms of operation, all of which are open to traditional political methods of influence. How much influence do you really think you can have on the current companies?
yes, it's not a free lunch. I also thing that you're not giving government credit for doing some things right, when the impetus (and demand) is there for them to do it.
I'd take a local Data Dept. over any of the RBOCs any day.
As a whole, Lawrence Gets It(tm). he's thoughtful, and has the proper wide view on alot of stuff, particularly regulation of the (US-portion) Internet.
Cable companies should most certainly be forced to provide Open Access. They've got a government-sanctioned monopoly, and are in (for all practical purposes) the same position that your local ILEC (nee RBOC) is in. We'd all be very upset if PacBell/BellSouth/BellAtlantic/et al. suddenly were allowed to shut off ISP access to anyone but their own ISP, wouldn't we? It's the same boat here.
However, in the longer term, I advocate something that not alot of people either consider (or may disagree with). I advocate the Nationalization of the Local Data Infrastructure. That is, just like you have the local Road Dept, there should be a local Data Dept. (Note, I think that the larger-scale infrastructure is doing just fine as it is, it's just the local data link that needs help.)
Now, before you all yell Commie!, thing about this. The big fight right now is over the last mile access - the CO to house, or curb to neighborhood. With the convergence of TV, phone, and data, it really makes no sense (from anyone's economic point of view) to have 4 or 5 companies maintaining different information infrastructures, with all the costs associated with them. Info lines are now as critical as roads, and realistically, we should have someone dedicated to that.
What I'd like to see is that each Municipality take over the last mile work, and essentially be fully responsible (and SOLELY responsible) for providing physical connectivity to each household. Then at the local CO, you can anyone to put in lines to their company to provide access of any kind they want. Open Access for Everyone, with no monopoly on any part of the process. Part of your taxes would pay for this Department, and you'd have direct feedback on how this was spent (vs. Do you really think SuperMegaCorp is that responsive to your community needs? view the spotty DSL/cable rollouts).
The big snag on this is that this really requires fibre to the house. It'll cost alot, but it'll be worth it to say the least. And having local control over the infrastructure means you can probably get better response than having it controlled by SuperMegaCorp#1.
Also, to everyone who complains about subsidizing rural areas: GROW UP! Think beyond the end of your nose, and quit being selfish. Having Universal Telephone service changed this country, as did complete Electrification, both of which were paid for by slightly taxing high-density areas to allow for the installation and maintenance of rural areas. Providing these services to rural areas is what allowed huge gains in farm productivity, so all you city-dwellers, remember who feeds you.
OK, I run one of the big AD&D hobbyist web sites (I get ~200k hits/month). I'm not posting it here, 'cause I can't take being/.-d.:-)
I've been writing AD&D rule expansions and collecting and editing alot of material from the Web for almost 10 years now. I'm also one of the two people involved in maintaining the Great Net Spell/Prayerbook stuff (I do the editing and rule-checking). I've had alot of dealings with TSR in their old incarnation, and also with WOTC when they first took over TSR, though none recently.
Here are the legal guidelines that govern add-ons to the AD&D system (that is, what you can legally do, and what can be published).
You can't use trademarks of TSR without permission. TSR had published a list of words/terms it claims as trademarks - find it here. Additionally, there is a list of non-registered ones here. Some of the unregistered trademarks are dubious (eg. "goblin"), since they are well-established in prior literature.
You can't copy text from any TSR work. That is, you can't quote any section or description from a rulebook. However, you are allowed to rephrase the section, as the book is covered under copyright, not any other law.
You cannot wholesale copy tables from TSR books. The layout and presentation of those tables is copyrighted. However, you can copy the contents of those tables and create your own tables from the information contained therein. The info in those tables is considered game mechanics, which is NOT covered by trademark, trade secret, copyright, or any other IP law. Game mechanics are expressly excluded from protection.
You can use generic terms (such as Armor Class, Hit Dice, Hit Points) from the TSR rules. Generic terms are those which express concepts in game mechanics. Note that DM (ie Dungeon Master) is a TSR trademark, and is NOT a generic term.
You can reference items and information in TSR works. This is perfectly legal. What you cannot do is provide any specific language that such a work includes.
Writing your own rules and extensions is NOT considered to be a derived work. The base AD&D system is a game, and as such, is subject to different legal status than literature. Using items, characters, and settings from TSR literature (such as The World of Greyhawk) is not allowed, as that is considered a work of literature. However, the base AD&D world and ruleset is not protected from others building upon it, no matter what TSR says.
After about 7 years, I'm about 90% of the way through a complete, free, unencumbered re-write of the 1st Edition DMG + PHB. I've tried to be very aware of all these issues, and I suspect that the D20 initiative is really intended to head off the possible impact that works such as mine would have on TSR income (there are several others working on similar, free rule tomes).
To look at it in a simplistic view, all we've done is to clone Monopoly. There are large numbers of Monopoly-like clones out there: same rules, same board layout. However, notice they have different artwork and labels for things. This is what you can do.
To reiterate, Game Mechanics Are Not Protected. All TSR can do is prevent you from using their trademarks, exact text/layout and developed settings. Everything else is fair game.
It definately was a good survey piece, but anyone notice that there were wayyyyyy to many WAGs (wild-ass-guesses) in the article?
(Offtopic): Does anyone know where I can find a good technical description of AMD's roadmap? I'm trying to figure out what kind of SMP Athalon I can expect to possibly buy in Q4, what the new chip designs will incorporate, L2/Bus combinations, etc.
First of all, Silicon.com isn't any place to be getting good opinions about technical stuff. It's a overview-style PHB rag. Too bad they don't recognise this.
The more important thing we all seem to miss is that the security of an OS is dependent on two critical features:
How easy is to find exploits?
and
How fast are those exploits fixed?
Now, as a simple matter of logic, it is easier to find an exploit on a Open-Source system than a closed source system, everything else being equal. It's that simple. You've got the code right in front of you, so it's easy to verify that there is indeed a flaw.
However, the other issue is where is Open Source community shines. Typical patches for exploits are generally issued within hours, or at most a couple of days for OS stuff, whereas we all know how long it takes our favorite vendors to fix their stuff (if they ever get around to it).
You simply can't consider one of the two requirements in absence of the other. It's impossible. Doing so marks you as a complete nincompoop. Or dort, whichever you prefer. And, of course, we're talking about an ideal world, where everyone has an equally elegant design, all coders made the same quality code, etc. In reality, these other issues generally far outweigh the first consideration, and have a considerable impact on the second (bad code is harder to fix, thus longer patch times). And we've all seen the quality of some of the closed-source code, haven't we?
The other quote there that I love is: Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available. The first sentance has nothing to do with the second one - they are completely unrelated. Indeed, security must be built into the OS, you simply can't bolt it on later. This is a design issue, and has nothing to do with whether the OS is OpenSource or closed. The guy's a blathering clueless moron.
Right now, the most secure OSes around are OpenBSD, Secure IRIX, and Secure SunOS. All have a very careful security design included in them, and are very attentive to security concerns. One is OpenSource, the other two are closed. Giving away the code makes no difference to the end -security of your system. Either you did a good security design, or you didn't.
To a certain degree, I see your point. However, I would like to make a couple of opposite points:
Right now, it's very possible for about 5-10% of the population to block/pass (depending on the issue) a certain proposition. This is ludicrous. It makes it possible for a small minority of people to hold the entire populance hostage. I know, this is not supposed to be possible , but given low voter turnout, it very much is. This is no longer a problem for mandatory voting. In that case, you need a minimum of 51% of the vote to get something passed or blocked.
Now, this could be bad, too, given that maybe it's pretty close (say 45/55 split). For voter referendums, I would suggest requring a supermajority (66% or 2/3 of votes). In general, you should not be putting alot of legislative agendas on the ballot - that's what you have elected representatives. Referendums should be reserved for broad policy votes (Will we allow personal pets? and not Are cats allowed?)
Also, in my opinion, people who vote primarily (or solely) on a single-issue are very bad for the system as a whole. You do NOT want a system where all delegates have a single agenda, and are inflexible on that agenda. This leads to gridlock, animosity, and generally very bad government. While it may be possible for single-issue voters to swing a close election, in general, with mandatory voting, single-issue voters (who tend to be a small, but well motivated, percentage) cannot dictate the outcome of the election. They can right now, and that's bad.
The difference right now is that democracies are Representative Democracies, not Direct Democracies. When we get to the point where people can easily vote on all issues, then we can have this discussion over again about mandatory/voluntary voting. But in a representative democracy, very few individual "issue" referendums should be put to a vote. In reality, I'm for NO referendums, and let the representatives do everything. That way, you can kick them out and put in a new bunch to change stuff much easier than trying to get rid of old, bad referendums.
Unfortunately, in the US, the number of citizen that are eligible to vote which actually do is very low. Last I looked, for a nationwide campaign like the Presidency, about 15% of all eligible voters would vote come Nov 2000. Now, that's about 40% of all registered voters (since not everyone who is eligible actually registers). I've read that there is a similar situation in many other "western" democracies that don't have mandatory voting laws (yes, some countries are much better, but not many). Complacency in the system is a nasty disease that hurts a country.
A big argument (which you will see in previous posts) is that people who cannot be bothered to participate in their own future by voting should not be accomodates, and indeed, would be harmful if they were accomodated by a universal voting law. A similar argument is that if we force uneducated (about the candidates/issues, that is) voters to vote, then the system will be skewed towards unhealthy trends (ie, those with a high profile/large PR campaign/demogogues), since those uneducated voters will be unable to make meaningful decisions on complex issues.
I'd like to put out my views on this, and as how Internet/Electronic Voting might help solve some of our voter turnout problem...
Voting should be compulsatory. Alot of people argue that by making voting mandatory, you remove the right of people to opt out of the system. Unfortunately, this really doesn't make rational sense. A more rational proposal would be an enforcable "None of the Above" vote (that is, if "None of the Above" would win a specific election, all candidates would lose, and be prohibited from running for that office on the subsequent re-vote). Citizen really need to participate in their government, for it to be a democracy. Only through direct participation can the benefits of a "true" democracy be available - otherwise, you end up with a "limited" democracy by default (the ancient Roman Republic was such a limited democracy). In a society of universal citizenship and universal rights, a limited democracy is an unsound fit.
Voting isn't just a right, it's a Civic Duty. While being a citizen grants you certain rights (in the US, everything enumerated by the Constitution (and other stuff)), you are also required to perform certain duties for that priviledge of citizenship. In many Western democracies, military service is required for all citizens (in the US, we have the Selective Service). Jury duty is another civic responsibility. Without mandatory participation in these civic duties, the system as a whole suffers, and thus, there are penalties for those who shirk their civic duties. My argument is that voting is no different - everyone should participate for the good of the whole, and there should be penalties against those who refuse to pull their own weight.
Universal voting does not mean rule-of-the-uneducated (voter). I love it when people somehow suggest that the average active voter is somehow more educated than the non-active voter. And I'm not talking about formal education or even intelligence here. Systems where only "interested" voters vote are heavily subject to what I call "issue stacking". That is, if a certain small minority of people are motivated to vote, they can dictate policy to the entire group. We see this in US politics all the time - you get high participation by certain special interest group (high participation driven primarily though targeted money spent in PR) that will skew the vote. With everyone voting, it is much harder to stack the vote through a small core constituency.
Also, the relative education (voting-wise) of a person has alot to do with the ease of access to solid information. If large amounts of both summary and detailed position information is available in an easy-to-access format (see, the Web!), then voter education is much higher. Granted, there will be a considerable number of people who do not read this information, and are swayed by PR, but if managed properly, this percentage should not be a majority (or even a large minority).
Internet Voting doesn't discriminate. What people seem to forget is that electronic-only voting is (and probably won't be for a very, very, very long time) not the only method of voting. Sure, by allowing Internet Voting, the people who vote online may be more wealthy/educated/whatever than a "typical" voter, byt all those "typical voters" can still vote traditionally. Alot of this is tied into voter turnout. With mandatory voting, there will not be any issues here - since everyone has to vote, how they vote is immaterial (as long as it is secure/verified/et al.) We should be doing everything to make voting easier for everyone. Knocking a voting method because it caters more to a certain percentage of people is stupid.
Oops, this is getting long. Conter-arguments, anyone?
I've got my handy copy of Applied Crypto around here, and looked up the section on voting. I would like a bit more information about the actual mechanics of the AZ vote before I would say it's a step in the right direction.
Requirements for Electronic (Internet) Voting, such that the vote would meet normal US voting standards:
Authenticity: the voter must be able to prove his/her identity with a very low chance of either being mistaken for someone else, or using a false identity.
Anonymity: Any vote that a person makes must not be able to be traced back to a specific person.
Verifiability: Any vote must be able to be verified that it came from an authenticated person. However, as per the previous requirement, it should not be able to prove that a specific vote came from a specific person.
Security: The voting system must defeat attempts to ballot stuff (attempts by a single voter to vote more than once) and for ballot forgery (attempts by the vote-collecting/counting authority to manufacture/alter votes)
According to Applied Crypto, these are very hard to accomplish. Alot of the problems are centered around where you place trust in the voting system. In ther AZ election, I saw misplaced trust (ie, potential violations of the above principles) in three places:
Verification wasn't strong enough. Given their "voter authentication system", I'm note really sure that I would trust it's ability to insure identity. It looked rather primitive.
The voting process wasn't secure. What form of encryption was used to insure that the transmission of the vote was secure? SSL? (I didn't see it.) Even beyond that, what measures were taken to securely store the votes?
Vote tallying was in the hands of a private company. While this in and of itself isn't a condemnation of the system, did the company have to meet legal requirements on accountability? Was there anything about how it was to be provably insured that the vote was correct? Etc...
While interesting as a first step, I think that this was a good example of exactly how far we have to go before Internet voting can become real.
Actually, MS's implimentation interoperates to a certain degree with the reference MIT one. The difference that people are pointing out is that MS implimented one of the "optional" features that the reference implimentation doesn't.
Now, this is good and bad. What it means is that MS clients can authorize to an MIT-based server's realm, and that UNIX clients can authorize to a MS-based realm, though you really need to run an MS server as the "native" realm for the MS clients, in order to have this extra field for the MS clients to use. I think they use it for something in Active Directory, but I'm not sure.
It is MS being their usual "we work with them (almost)" self, but in this case, they're not hiding anything. They just happen to use more of the spec than the reference one.
There's nothing keeping someone from taking the MIT software and adding the optional feature that MS uses. In fact, it's not hard to do (we once looked at doing exactly this). IASMOP (It's A Simple Matter Of Programming). The hitch is that you have an installed base that needs to be upgraded, which is kinda a bummer.
And no, this isn't new. I found out about this almost 2 years ago.
Not to be a complete wet blanket, but am I the only one that thinks using domain names as resource locators is wrong? I appreciate what they're doing, but in the end, we're not helping things by propogating the idea that a domain name must be inherently attached to something (often, the ONLY thing) it's named after?
Almost all of our DNS problems come from the misguided attempt of people to solve the "location" problem via domain names. People, that's not what DNS is for, period, end of argument.
Instead of caving to the masses, why aren't we working towards the real solution, a Content Registration System. Yahoo and all the portals are the first step, but really, folks, they're pretty primitive. The web spiders can no longer index the web (it's too big, and changes too fast). Rather, shouldn't we have some central place for people to register their sites? By that, I mean the content of their sites? And perhaps, provide periodic updates of their content indexes?
Sorry for the rant, and I realize this isn't exactly on topic, but DNS is really creaking these days, and it's starting to hurt me. Plus, the current situation is just, well, sooooo unaesthetic.
In both USENET and the various discussion Web sites, the comment poster owns the copyright, so, technically, you should have to get permission to redistribute in either case.
Due to the nature of USENET, it can reasonably be assumed that the poster allows redistribution freely. However, there definately is untested waters for services that "package" USENET postings and then resell them, since they are using the original copyrighted material in methods that could be argued are different from the implied "license to distribute". Now, no one has challenged this in court, and hopefully, no one will, since it seems to be a good arrangement for both sides, and it would hurt everyone involved. Everything I just said about USENET seems to apply to mailing lists, too.
The major problem with Web sites is the lack of easy-to-access archives of material, not the legality of redistribution. Yes, technically, you should ask for permission to redistribute, but that's the same as under USENET. It's a matter of perceptions. The problem sited here is that 3rd-parties can't get at the archives in an efficient method to do repackaging. This is a problem, and one I'm not sure is easy to solve.
However, it's also a problem with mailing-lists: if the list maintainer doesn't make a digest or archive available, it's not easy to get back articles. Sure, you can subscribe and get everything from that moment on, but you don't get "back issues".
I don't really know what the answer is, but at least it doesn't seem to be a legal problem.
As someone else pointed out, the article in question covers quite a bit of ground, but makes no real attempt to clarify or make substantial claims about the interrelationship between hacking and drug use. It seems much more about the visions and ideas of a single person, which while valid, certainly don't have anything to do with a community that I can't really think anyone would count her as a member.
That said, I do see some correlation between drug use (and patterns of drug use) and the hacker community. What follows is my personal experience (both in use, and observing others), and generalizations I make are unique to me, though I think they are a bit more valid the Ms. Plant's.
A little background: I'm 29, grew up in rural Western PA, and went to college in Boston. That's my frame of reference. Now on to the meat...
Drug use amongst "hackers" doesn't deviate from society at large. Generally, all the hackers I know don't use drugs in any greater or lesser amounts than my non-hacker friends. What does differ (often dramatically) are the drugs of choice
Hackers tend to use two categories of drugs: stimulants and what I call relaxers. Stimulants are obvious: caffeine, crystal meth, dexadrine, etc. Fairly obvious why - their use tends be be tied usually to their favorite activity (hacking). The relaxers - alcohol, pot, maybe some low-level psycho-tromatics like 'shrooms - tend to be used exactly for that reason: as a break/vacation from hacking, or as a social thing to do with friends over for the evening.
I don't see to many hackers with the "damn-the-man, I'm doing drugs" thing going on, though I might be a bit old for that now (sigh>). Drug use tends to be a rather personal choice. Honestly, I don't remember getting any pressure from any of my hacker friends to "do" a particular drug. It was "here, use it if you want, if you don't, well, OK" from them. All my drug pressure came from non-hackers (look at the pressure to use alcohol).
I don't remember any of my hacker friends using drugs for the "mind-expanding" stuff that some of the intelligensia (and the bourgoise pretend to) seem to be so into.
Also, I don't think a person's drug use can be neatly categorized, just like a person's life doesn't fall into neat categories. Yeah, most of us here are hackers. But we're also a wide variety of stuff, and I venture to guess that most hackers over 20 have at least 3 sets of different friends that they do things with. For instance, me (heehee): I like to club, I play soccer and swim, and I go to church (gasp!). The rings of friends I have from each of those activities overlap somewhat, but I'm certainly going to behave differently in each group. So trying to categorize my overall drug use as relates to a single one of my activities is silly.
I've seen some claims from people above, but I honestly can't say I know anyone who can hack on anything but stimulants. Interesting ideas you might get on pot/LSD/whatever, but the coding process is very rational and process-oriented, which I can't see anyone doing well under anything but stimulants. Speaking of which, everyone notice that performance curve from crystal due to sleep deprevation? I've friends who were up for 72 hours on crystal, and though they functioned fine up until the very end, couldn't code after about 30 hours or so...
Realistically, the emphasis for the INS should be on citizenship, and not on Green Cards.
I have lots of friends here with Green Cards (and a few with H1-Bs), but look at the bigger picture here for everyone:
H1-B visa are temporary work permits. They allow you to come to the US for a specific amount of time (4-6 years, depending on the exact specifics of the visa), and contain rather severe restrictions on the type of work you do here. You need to have a sponoring company to get one. At the end, you HAVE to leave.
"Green Cards" are permanent resident visas. You get most of the benefits of citizenship (with a couple of major caveauts - no voting, tendency of politicians to use you as scapegoats, etc..), but are still the citizen of another country. You get to live here indefinately, and have no work restrictions.
Citizenship is exactly that - you are indistinguishable from a "native-born" American.
The thing here is this: in the long run, it is by far in the best interests of the US to have all immigrants get Citizenship, and none get Green Cards. Fundamentally, H1-Bs and Green Cards are exporting the knowledge/expertise that such people gain back to their original country. The US has maintained it's economic lead primarily by skimming the best of the intellectuals from other countries via immigration.
Face it, the US is primarily an idea factory nowdays - we think up stuff, and other people make it (not everything, but the major engine of the US economy is Intellectual Property). So, we need to keep "stealing" the bright people from other countries. H1-Bs and Green Cards are bad for this, since they don't keep the knowledge here. Citizenship, on the other hand, keeps the knowledge in the US, and thus our competative advantage.
Fundamentally, the H1-Bs should be "come here for 5 years, then either get your citizenship, or you have to leave (and can't get another H1-B ever)", while Green Cards should be few and far between. Instead, the path to Citizenship should be made as easy as possible, and open to virtually anyone on some kind of a temporary visa (except of course tourist ones). Realistically, it makes no sense to let large numbers of people into this country if you have no intention of making them productive citizens.
We need to be keeping all these people!
-Erik (And, honestly, whomever thought of the "same number of people per country" quotas was a total moron.)
First off, I'm all in agreement with everyone who said that Kevin's treatment by the Justice System was a shambles. Alot of the system got trampled in the rush to prosecute, and I'm not happy with the way the whole thing went at all.
That said, I'm really tired of people bitching and moaning about how Kevin really didn't do anything, and how his sentance was soooooo long, and now he has all these nasty restrictions, etc...
Some facts and a reality check here, folks.
The average time served for forcible rape in the US is 8 years in a MAXIMUM SECURITY facility. Average time served for sexual assault (or sexual battery) is 3 years, usually in a MEDIUM security facility.
The average time served for 2nd degree murder (murder without forethought) is 9 years. Usually in MEDIUM security, but sometime in MAXIMUM. The average time served for 1st degree murder is 22 years in a MAXIMUM security prison.
The above are from the FBI's web site on prison statistics for 1990-1995. AND THEY DO NOT INCLUDE TIME ON PAROLE.
So please, stop with the bitching about the sentance length. It's not atypical, nor unreasonable.
Bottom line here, folks, is that Kevin broke the law bigtime. I don't condone how he was prosecuted, but he IS a criminal.
And, if you look at things in the big picture, white collar crime is seriously UNDERPUNISHED in the US. White collar crime is generally far more damaging to society that violent crime (whose affect is more focused), in that white collar undermines the economic system itself. A couple of years washing dishes in a minimum-security facility doesn't even come close to being either a deterent or reasonable punishment.
One last thing here. The terms of his parole are neither onerous, nor atypical. Yes, for most of us, living without a computer would be unpleasant, but it is VERY easy to live a life without coming into contact with computers (or at least, in ways that Kevin's parole stipulate he not use them - and the ATM argument is bogus. He should have no problem using an ATM, if I read the parole terms right). Sorry, Kevin, you're just going to have to go be something other than an IT worker. That still leaves lots open. And plenty of non-menial jobs, too.
An old aphorism hold here:
If you can't do the time, don't do the crime.
I have no sympathy for Kevin himself. None at all. I'm still mad that prosecution handled itself the way it did, and I think they need to be taken to task for it, and heavily chastized. But I still don't feel for Kevin one iota.
And, I'm sorry, but/. shouldn't be interviewing convicted felons.
A parody can contain copyrighted footage, even if it is for-profit.
The sticking point here is exactly how much material are you allowed to use. IANAL, but I think the standard is something similar to "fair-use", or maybe around 10% or so. However, if they are not attempting to profit from it, I think the standard is completely different, and they might be allowed to use more.
As usual, your milage may vary. Consult a IP lawyer before attempting, et al.
I've read through alot of these posts, and there seems to be two common threads to most of them:
It's the product's fault for shipping with stupid defaults.
It's the admins fault for not fixing things tightly.
I think both of these need to be addressed to see the underlying reasons for the problem, of which neither of the above are.
First off, I'm a professional SysAdmin, and have spent most of the last 4 years doing System Architect and Security stuff. The last two at E-commerce places.
People, the problem is threefold, none of which is easy to fix:
Virtually nothing is designed with security in mind. That includes all our favorite UNIX OSes, Windows, and virtually all applications. The few apps that seem to have some reasonable security setup often sacrifice this by using stupid defaults to aid "ease-of-use". The sad fact here is that nothing we are using these days is decently secure (no, not even OpenBSD). UNIX is stuck with the all-or-nothing model of security, while Windows actually has a good model that is horribly implimented. Apps tend to be the same. Given that the systems are poor to begin with, hardening them is more than difficult. And compromises tend to do massive damage.
Business is not taking security seriously. Right now, time-to-market is king, and everything else is sacrificed to that great Idol. This is primarily the public's fault, as people seem to reward cheap and first rather than more expensive and well-designed. The miserable state of software quality is a prime example of this mentality. And bugs are a leading cause of security problems.
Also, companies have limited resources. Right now, spending the extra money to shore up security (or maybe even - gasp - do it Right) is about as likely as giving the entire staff a free vacation to Tahiti. They simply have no reason to do it - there isn't much real PR problem, the public doesn't seem to reward companies that spend the extra on security, and there aren't really any legal liabilities yet for failing to do so. So why spend money on something that doesn't have any real returns?
Security is an ongoing battle. This is related to both the previous problems (lack of proper resources, and poor security to begin with). In order to keep a site even basically secure, it's far more complex than simply keeping an eye on BugTraq and watching for vendor security updates. A typical mid-size e-commerce site probably has at least 100 different products (remember, each script is a different product) to keep an eye on, covering at least a dozen (nowdays, with ASPs, likely several score) machines. Just keeping up to date is a daunting task, and like fighting a really war, the opponent isn't stupid, and adapts rapidly. You will suffer defeats. Security is a massively complex and difficult job. Don't let anyone kid you otherwise.
The knee-jerk reaction to fire the admin is merely a Management-covering-their-ass mentality. Blaming the product overlooks the reasons why the product is that way, and also doesn't say anything about the state of the market as a whole.
Until there is a concentrated demand from the public for security, things will continue to be as they are. If the public can stand it, well, then that's the shape of the world we live in. If they don't like it, give business the incentives to buckle down - make them legally responsible for breakins, buy only properly-designed software, etc. Until that happens, blaming the admins and the software is stupid.
First, everyone remember that UCITA is not Federal legislation; it's a recommended addition to the UCC, which means that it must be passed at the state level.
While this means that we haven't lost yet, it makes fighting the thing a real pain, as we have to do it at each and every state legislature.
Back on track.... Cem did a dead-on critique of the proposal last May. I saved it, and everyone interested should read it, as it's very, very, good.
I could be very wrong about this, but I tried to carefully read both the summary (the 1st link) and the actual ammendments (the 2nd link).
We Still Can't Export Crypto above 64bit symetric / 512-bit RSA
Look at the last paragraph in the summary. It concerns the Wassenaar agreement from 1998. Notice the key length restrictions.
After reading the actual proposal (which was exceedingly dense), I don't see anywhere that they indicate that restrictions on high-bit length keys are lifted.
What the proposal essentially does is allow anyone to export/re-export 56-bit symetric/512-bit RSA products without having to get an export license at all. Products that impliment up to 64-bit symetric can be exported if they are reviewed by BXA (let's face it, the NSA). You Still Can't Export 128-bit (1024-bit RSA)stuff
The one good point may be Open Source. I'm not sure how this affects Source Code exporting, as it's rather simple to change the bit-length in source code (and thus possibly run into the "key-too-long" restriction). It looks like they are going to let all source code out, but I'm not positive on that.
I hope my reading is wrong. But I'm pretty sure all they are doing is streamlining the regulations for the current situation, and not a real revamp.
Slashdot Mirror
As multitude of other people have pointed out, by assigning your patch/code copyright to the FSF, the FSF retains full ownership of the software.
I'm not going to go into the aspects of using the FSF as a big stick to hit GPL infringers with. Instead, I'd like to point out something that people seem to miss w/r/t this whole thing:
By assigning your copyright to the FSF, you allow them to relicense the code anyway they want, with no input from you. Now, I'm not screaming blue bloody murder here, it's just something that people should be aware of.
The FSF sometimes will relicense code to companies which would like to use the code, but can't take the GPL (for one reason or another). A historical example was Motorola. They licensed gcc from the FSF under some closed-source terms, and paid big bucks to the FSF for it (it was close to $2million, IIRC). Those terms included the stipulation that improvements from Motorola were to remain inside Motorola. Essentially, the FSF simply sells copies of the code base. By retaining full copyright on programs, the FSF has the power to do this sort of thing whenever it wants.
Now, I don't believe that the FSF will ever abandon the GPL, but you need to be aware that your code may be sold in a non-GPL format to XYZ company. If this is fine with you, well, it's a nice way to support the FSF (monetarily-speaking). If you have problems with this, then don't assign your copyright.
This has been an information-only post.
-Erik
(or, get some balls, EBay)
The E-meter is a physical device, that does not require a license to operate (that is, it is easily obtainable through open channels available to the public without any licensing required). Therefore, the Scientologists have given up any right to control what is done with the E-meter, since they sell it without a license of any sort. Period.
Now, what is in the E-meter may be copyrighted, patented, or otherwise protected, so you can't automatically assume you can make a copy of it. However, so is any printed book. The courts have consistently ruled that the owner of a book may freely resell it in any manner whatsoever; that is, the copyright holder has no legal recourse to determine the resalability or conditions of use by the purchaser. I don't have the cases in front of me (Hawk, help!) but this is very well established case law. Once you own the book, you can do whatever you please with it; you just can't copy it (Fair Use, excepted). The physical item is yours, and noone, even with an army of lawyers, can force you do otherwise.
The DCMA is simply being used to confuse the issue. It is not in any way applicable to this case, as it concerns the COPYING and MANNER OF USE of copyrighted materials. It says nothing about the resale of copyrighted material which has been otherwise legally obtained. UTICA, however, might possibly apply here.
What this is is someone not consulting their legal department when they receive a demand letter (or, having a really bad lawyer look at it). The demand is invalid prima facia. This is the same as if O'Reilly had sent a demand to EBay to quit selling all those old copies of Programming Perl since they owned the copyright.
In fact, Ebay should countersue, for malicious prosecution (actually, the civil equivalent), and have a judge force the Scientologists to pay their lawyer fees, plus lost income (hey, this is Ebay, we can inflate that lost income any way we want, and no-one would know!), plus punative damages. I bet they could get a couple million if they pursued this.
Ebay needs to look at this as a revenue-generating opportunity! Hey, they might even get a stock uptick when they sue the Scientologists!
-Erik
I've got alot of background dealing with copyright and storyline use, but, IANAL, so consult one if you need official advice.
Fan Fiction fits the definition of "derivative work" in copyright law almost to a T. Despite what the article says, it's pretty clear that all fan fiction (by definition, almost) uses the settings, characters, and plot histories of copyrighted works. I don't care if they go into places that the original never imagined. In fact, that's irrelevant. What is relevant (in the eyes of the courts) is that you are using a well-known character, with defined background and references, that is owned by someone else. Sorry, but that's a derivative work, period. Honestly, I can't see that Fair Use comes into this at all - I think that the studios have a solid claim that "publishing" on the Internet is well beyond the scope of Fair Use, and thus, any protections thereunder are void (the fact that people are making no profit off it is immaterial).
The thing here that studios are afraid of, is that derived works are a two-way street. That is, the new author has to get permission to use the original work in order to publish, but that doesn't mean that the original author owns the new work. What the studios are afraid of in this scenario is that their scriptwriters accidently (or maybe not-so-accidently) use a plot identical to one found in a fanfic story. Oops! Now, the fanfic writer has ownership of that, and you get into some nasty situations.
Basically, I don't have much of a problem with the copyright owners policing their fanfic followers. They are well within their rights to do such, and in fact, it's probably really necessary to protect the integrity of their original works. However, the manner in which some do this is far too heavy-handed, as fanfic is beneficial to the original author. It's a fine line, but, in my opinion, one which the original author has all the right to determine where it should be drawn w/r/t his or her works.
Think of it this way: suppose I write code that I decide to GPL (for whatever reason). Giving fanfic true, unencumbered legal status would be about the same as letting recipients of my GPL code use it in their product, and change the license to something they wanted instead. ( I know this isn't a perfect example, but you're all smart - get the analogy?)
-Erik
...major improvements in electric engines.
One of the big bitches of electric cars is (besides battery life) the poor power/weight ratio of the electric engine against the gas (petrol) engine. Also, even more damning, is the relative reliability of the gas engine. What we really need are people putting alot more effort into making a better, lightweight electric engine.
We already have the parts to build a really good hybrid gas/electric car (which, face it folks, is the only kind of low-emissions vehicle you will see for years). We have the following parts:
The Honda Inspire and the coming competition from Nissan and Toyota are OK, but face it, we need something about the size of a Honda Accord, not a Honda Civic CRX. I can't see any reason (technically) right now why someone doesn't mass-produce a converted Accord. I mean, you can use the exact same design (maybe cheat and use alluminium body panels), just with a new powertrain (with an electric engine, you should probably have a continuously variable transmission, rather than an "automatic", and definately not a "standard") and still get at least 70+ miles/gallon (that is, 30km/l).
Hell, with the $4k US tax credit for buying a low-emission vehicle, and gas here at $1.85 in the Bay Area, I'd spend $5k more for a converted Accord over a normal one, and still make out like a bandit. So who're the morons in the Marketing Depts at the car manufacturers?
-Erik
Not to disrespect the other cultures reading this, but I'm an American, and thus, this post reflects my culture. YMMV for your country.
I've had at last count 4 friends with bipolar manic-depressive illness. One managed to succeed in killing himself: you may have known him. I lived with a mildly (ie, not bad enough to be clinically diagnosed, but definately there) bipolar friend for 2 years, so I've seen exactly what this does to people.
The real problem here in the US is the lack or recognition that mental illness is a real disease. Alot of the pseudo-bullshit "new" mental illness diagnosis that seem to pop up (with the sole purpose (or so it seems) to get compensation under the Americans with Disabilities Act) certainly re-inforce this view in the public's eyes. The shame that often goes with the formal diagnosis of mental illness merely is the last turn in a vicious circle.
In answer to the Pinkerton WAVE thing, the NYTimes has a great article on so-called "ramage killers". Guess what? A majority of them were diagnosed with a clinical mental illness. Were they getting proper treatment? Nope. Were they being supported in a reasonable manner? Nope. Hmmmmm.
A poster awhile back suggested that school children undergo mandatory psych exams, and that they be put on (drug) therapy if they showed any signs of being a "problem". Actually, I think the basic idea is a good one. Early diagnosis of a disease is critical to long-term survial (ask any doctor). The rest of the idea isn't so hot. But I think it would be a good idea if schools had everyone talk to a psychologist once a semester. It'd cut down the biggest barrier to helping those with mental illness - the stigma of asking for help. Kids would be able to get help without being even more of an outcast. And you'd have a great opportunity to bring in the parents, who are going to be the biggest help to the kid.
I don't think anything could have help Marty, as much as I wonder if there was something I missed or could have done. However, I'm now really sensitive to people who show any of these signs, and do what I can for them - which is often hard, as accepting such help is often the last thing someone is willing to do. <sigh>
Lastly, I don't see any particular concentration or statistical blip on bi-polar people being programmers/geeks. Sorry, but this is something that I've seen in virtually all sorts of people. It's a disease. Attempting to pigeon-hole bipolars as geeks (or vice versa) is incorrect. Period.
5 years, 2 months, 8 days - Marty, you idiot.
-Erik
... honestly, how can it be illegal for someone to sell a non-region encoded device?
Even in the US, assuming that the DMCA stands (which is a big if), I would have assumed that several things occured in the manufacturing of the PS2:
If Sony would be in trouble for anything, it might be for failing to adhere to the terms of the DVD CCS license contract (which undoubtable says something like "You are supposed to enforce Region Encoding"). However, this is contract (ie Civil) law, certainly not criminal law.
Of course, IANAJL (I'm not a Japanese Lawyer), so things may be different there.
Certainly, if the case is Civil, people who bought the PS2 aren't legally forced to return it. They can keep it. If it's criminal (wherein the possession of such a device is illegal), well, then, guess you have to give it back.
I'd be interested to see what this turns out to be...
-Erik
I used to work for Prof. Pentland, and he's definately a good guy to hang out with, not to mention having a packed head (as Ender would say).
However, when I first heard of this thing via the MediaLab mailing lists, I had to wonder about the sanity of those involved. Or, at least, the common sense.
I mean, the Lab has done some really strange stuff over the years (anyone remember the original "fashion-show-with-wearable-computers"?), but I have to say, getting a group of nationwide geeks together is kinda weird. I mean, when I used to work there, you already had the biggest bunch of geeks together in one place.
Oh well, I'll probably fly cross-country to get there just for giggle (and to see my friends).
Fight advice: Check out the specials from the various airlines starting today for flights leaving early Saturday morning and returning Sunday or Monday. I can usually catch a flight from SFO to BOS for about $300 or so. I got used to seeing $150 from most East Coast cities for such a jaunt. And, when you're there, buy a 3-day T pass. It's cheap, and Boston has excellent public transporation.
Tourist Advice: go to RedBones in Davis Square (off the Red Line) for some tasty BBQ. Check out the MIT Museum for some randomly nerdy exhibits and a cool display of MIT hacks memorabilia. Go to E.L.I. computing on hampshire st in cambridge for a look at all the wonderful old recycled computer parts (they used to be the only place I could find PDP-11 parts). And, of course, go see the Boston Computer Museum (conveniently next to the Children's Museum).
Have fun!
-Erik
True, many people have misgivings about such service, given their experience with some other gov't agencies (as you have).
But look at it this way: currently, about the only "data" service that gets fixed promptly is telephone, and I'm almost positive this is because it's regulated as a "critical" service. Also, in many areas, the Water, Gas, Sewer, and/or Electricity are already local government owned, and I've got pretty good experience with my local Water/Sewer service fixing that right away...
Ever tried to get your cable fixed after a break? Or what about the (non-existant) service guarranty that comes with your DSL? Point is, the current "last-mile" providers of Internet and Cable service aren't doing any decent job right now, and I don't see them getting a whole lot better soon.
The advantage of having your local town run the Data Dept is that it's local - your city taxes pay for it, you elect local people to manage it, and it's almost certainly open to public feedback and criticism. The best model I can thing of is the Water&Sewer service - you get public meetings, they are funded by city taxes, and the City Council dictates their terms of operation, all of which are open to traditional political methods of influence. How much influence do you really think you can have on the current companies?
yes, it's not a free lunch. I also thing that you're not giving government credit for doing some things right, when the impetus (and demand) is there for them to do it.
I'd take a local Data Dept. over any of the RBOCs any day.
-Erik
As a whole, Lawrence Gets It(tm). he's thoughtful, and has the proper wide view on alot of stuff, particularly regulation of the (US-portion) Internet.
Cable companies should most certainly be forced to provide Open Access. They've got a government-sanctioned monopoly, and are in (for all practical purposes) the same position that your local ILEC (nee RBOC) is in. We'd all be very upset if PacBell/BellSouth/BellAtlantic/et al. suddenly were allowed to shut off ISP access to anyone but their own ISP, wouldn't we? It's the same boat here.
However, in the longer term, I advocate something that not alot of people either consider (or may disagree with). I advocate the Nationalization of the Local Data Infrastructure. That is, just like you have the local Road Dept, there should be a local Data Dept. (Note, I think that the larger-scale infrastructure is doing just fine as it is, it's just the local data link that needs help.)
Now, before you all yell Commie!, thing about this. The big fight right now is over the last mile access - the CO to house, or curb to neighborhood. With the convergence of TV, phone, and data, it really makes no sense (from anyone's economic point of view) to have 4 or 5 companies maintaining different information infrastructures, with all the costs associated with them. Info lines are now as critical as roads, and realistically, we should have someone dedicated to that.
What I'd like to see is that each Municipality take over the last mile work, and essentially be fully responsible (and SOLELY responsible) for providing physical connectivity to each household. Then at the local CO, you can anyone to put in lines to their company to provide access of any kind they want. Open Access for Everyone, with no monopoly on any part of the process. Part of your taxes would pay for this Department, and you'd have direct feedback on how this was spent (vs. Do you really think SuperMegaCorp is that responsive to your community needs? view the spotty DSL/cable rollouts).
The big snag on this is that this really requires fibre to the house. It'll cost alot, but it'll be worth it to say the least. And having local control over the infrastructure means you can probably get better response than having it controlled by SuperMegaCorp#1.
Also, to everyone who complains about subsidizing rural areas: GROW UP! Think beyond the end of your nose, and quit being selfish. Having Universal Telephone service changed this country, as did complete Electrification, both of which were paid for by slightly taxing high-density areas to allow for the installation and maintenance of rural areas. Providing these services to rural areas is what allowed huge gains in farm productivity, so all you city-dwellers, remember who feeds you.
Just some thoughts!
-Erik
OK, I run one of the big AD&D hobbyist web sites (I get ~200k hits/month). I'm not posting it here, 'cause I can't take being /.-d. :-)
I've been writing AD&D rule expansions and collecting and editing alot of material from the Web for almost 10 years now. I'm also one of the two people involved in maintaining the Great Net Spell/Prayerbook stuff (I do the editing and rule-checking). I've had alot of dealings with TSR in their old incarnation, and also with WOTC when they first took over TSR, though none recently.
Here are the legal guidelines that govern add-ons to the AD&D system (that is, what you can legally do, and what can be published).
After about 7 years, I'm about 90% of the way through a complete, free, unencumbered re-write of the 1st Edition DMG + PHB. I've tried to be very aware of all these issues, and I suspect that the D20 initiative is really intended to head off the possible impact that works such as mine would have on TSR income (there are several others working on similar, free rule tomes).
To look at it in a simplistic view, all we've done is to clone Monopoly. There are large numbers of Monopoly-like clones out there: same rules, same board layout. However, notice they have different artwork and labels for things. This is what you can do.
To reiterate, Game Mechanics Are Not Protected . All TSR can do is prevent you from using their trademarks, exact text/layout and developed settings. Everything else is fair game.
-Erik
It definately was a good survey piece, but anyone notice that there were wayyyyyy to many WAGs (wild-ass-guesses) in the article?
(Offtopic): Does anyone know where I can find a good technical description of AMD's roadmap? I'm trying to figure out what kind of SMP Athalon I can expect to possibly buy in Q4, what the new chip designs will incorporate, L2/Bus combinations, etc.
-Erik
First of all, Silicon.com isn't any place to be getting good opinions about technical stuff. It's a overview-style PHB rag. Too bad they don't recognise this.
The more important thing we all seem to miss is that the security of an OS is dependent on two critical features:
How easy is to find exploits?
and
How fast are those exploits fixed?
Now, as a simple matter of logic, it is easier to find an exploit on a Open-Source system than a closed source system, everything else being equal. It's that simple. You've got the code right in front of you, so it's easy to verify that there is indeed a flaw.
However, the other issue is where is Open Source community shines. Typical patches for exploits are generally issued within hours, or at most a couple of days for OS stuff, whereas we all know how long it takes our favorite vendors to fix their stuff (if they ever get around to it).
You simply can't consider one of the two requirements in absence of the other. It's impossible. Doing so marks you as a complete nincompoop. Or dort, whichever you prefer. And, of course, we're talking about an ideal world, where everyone has an equally elegant design, all coders made the same quality code, etc. In reality, these other issues generally far outweigh the first consideration, and have a considerable impact on the second (bad code is harder to fix, thus longer patch times). And we've all seen the quality of some of the closed-source code, haven't we?
The other quote there that I love is: Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available. The first sentance has nothing to do with the second one - they are completely unrelated. Indeed, security must be built into the OS, you simply can't bolt it on later. This is a design issue, and has nothing to do with whether the OS is OpenSource or closed. The guy's a blathering clueless moron.
Right now, the most secure OSes around are OpenBSD, Secure IRIX, and Secure SunOS. All have a very careful security design included in them, and are very attentive to security concerns. One is OpenSource, the other two are closed. Giving away the code makes no difference to the end -security of your system. Either you did a good security design, or you didn't.
The article is simply wrong.
-Erik
To a certain degree, I see your point. However, I would like to make a couple of opposite points:
Right now, it's very possible for about 5-10% of the population to block/pass (depending on the issue) a certain proposition. This is ludicrous. It makes it possible for a small minority of people to hold the entire populance hostage. I know, this is not supposed to be possible , but given low voter turnout, it very much is. This is no longer a problem for mandatory voting. In that case, you need a minimum of 51% of the vote to get something passed or blocked.
Now, this could be bad, too, given that maybe it's pretty close (say 45/55 split). For voter referendums, I would suggest requring a supermajority (66% or 2/3 of votes). In general, you should not be putting alot of legislative agendas on the ballot - that's what you have elected representatives. Referendums should be reserved for broad policy votes (Will we allow personal pets? and not Are cats allowed?)
Also, in my opinion, people who vote primarily (or solely) on a single-issue are very bad for the system as a whole. You do NOT want a system where all delegates have a single agenda, and are inflexible on that agenda. This leads to gridlock, animosity, and generally very bad government. While it may be possible for single-issue voters to swing a close election, in general, with mandatory voting, single-issue voters (who tend to be a small, but well motivated, percentage) cannot dictate the outcome of the election. They can right now, and that's bad.
The difference right now is that democracies are Representative Democracies, not Direct Democracies. When we get to the point where people can easily vote on all issues, then we can have this discussion over again about mandatory/voluntary voting. But in a representative democracy, very few individual "issue" referendums should be put to a vote. In reality, I'm for NO referendums, and let the representatives do everything. That way, you can kick them out and put in a new bunch to change stuff much easier than trying to get rid of old, bad referendums.
-Erik
Unfortunately, in the US, the number of citizen that are eligible to vote which actually do is very low. Last I looked, for a nationwide campaign like the Presidency, about 15% of all eligible voters would vote come Nov 2000. Now, that's about 40% of all registered voters (since not everyone who is eligible actually registers). I've read that there is a similar situation in many other "western" democracies that don't have mandatory voting laws (yes, some countries are much better, but not many). Complacency in the system is a nasty disease that hurts a country.
A big argument (which you will see in previous posts) is that people who cannot be bothered to participate in their own future by voting should not be accomodates, and indeed, would be harmful if they were accomodated by a universal voting law. A similar argument is that if we force uneducated (about the candidates/issues, that is) voters to vote, then the system will be skewed towards unhealthy trends (ie, those with a high profile/large PR campaign/demogogues), since those uneducated voters will be unable to make meaningful decisions on complex issues.
I'd like to put out my views on this, and as how Internet/Electronic Voting might help solve some of our voter turnout problem...
Also, the relative education (voting-wise) of a person has alot to do with the ease of access to solid information. If large amounts of both summary and detailed position information is available in an easy-to-access format (see, the Web!), then voter education is much higher. Granted, there will be a considerable number of people who do not read this information, and are swayed by PR, but if managed properly, this percentage should not be a majority (or even a large minority).
Oops, this is getting long. Conter-arguments, anyone?
;-)
-Erik
I've got my handy copy of Applied Crypto around here, and looked up the section on voting. I would like a bit more information about the actual mechanics of the AZ vote before I would say it's a step in the right direction.
Requirements for Electronic (Internet) Voting, such that the vote would meet normal US voting standards:
According to Applied Crypto, these are very hard to accomplish. Alot of the problems are centered around where you place trust in the voting system. In ther AZ election, I saw misplaced trust (ie, potential violations of the above principles) in three places:
While interesting as a first step, I think that this was a good example of exactly how far we have to go before Internet voting can become real.
Nice Try, but Not Quite.
-Erik
Actually, MS's implimentation interoperates to a certain degree with the reference MIT one. The difference that people are pointing out is that MS implimented one of the "optional" features that the reference implimentation doesn't.
Now, this is good and bad. What it means is that MS clients can authorize to an MIT-based server's realm, and that UNIX clients can authorize to a MS-based realm, though you really need to run an MS server as the "native" realm for the MS clients, in order to have this extra field for the MS clients to use. I think they use it for something in Active Directory, but I'm not sure.
It is MS being their usual "we work with them (almost)" self, but in this case, they're not hiding anything. They just happen to use more of the spec than the reference one.
There's nothing keeping someone from taking the MIT software and adding the optional feature that MS uses. In fact, it's not hard to do (we once looked at doing exactly this). IASMOP (It's A Simple Matter Of Programming). The hitch is that you have an installed base that needs to be upgraded, which is kinda a bummer.
And no, this isn't new. I found out about this almost 2 years ago.
Nothing Evil about this, just annoying.
-Erik
Darn. Now I'm feeling old.
Not to be a complete wet blanket, but am I the only one that thinks using domain names as resource locators is wrong? I appreciate what they're doing, but in the end, we're not helping things by propogating the idea that a domain name must be inherently attached to something (often, the ONLY thing) it's named after?
Almost all of our DNS problems come from the misguided attempt of people to solve the "location" problem via domain names. People, that's not what DNS is for, period, end of argument.
Instead of caving to the masses, why aren't we working towards the real solution, a Content Registration System. Yahoo and all the portals are the first step, but really, folks, they're pretty primitive. The web spiders can no longer index the web (it's too big, and changes too fast). Rather, shouldn't we have some central place for people to register their sites? By that, I mean the content of their sites? And perhaps, provide periodic updates of their content indexes?
Sorry for the rant, and I realize this isn't exactly on topic, but DNS is really creaking these days, and it's starting to hurt me. Plus, the current situation is just, well, sooooo unaesthetic.
-Erik
In both USENET and the various discussion Web sites, the comment poster owns the copyright, so, technically, you should have to get permission to redistribute in either case.
Due to the nature of USENET, it can reasonably be assumed that the poster allows redistribution freely. However, there definately is untested waters for services that "package" USENET postings and then resell them, since they are using the original copyrighted material in methods that could be argued are different from the implied "license to distribute". Now, no one has challenged this in court, and hopefully, no one will, since it seems to be a good arrangement for both sides, and it would hurt everyone involved. Everything I just said about USENET seems to apply to mailing lists, too.
The major problem with Web sites is the lack of easy-to-access archives of material, not the legality of redistribution. Yes, technically, you should ask for permission to redistribute, but that's the same as under USENET. It's a matter of perceptions. The problem sited here is that 3rd-parties can't get at the archives in an efficient method to do repackaging. This is a problem, and one I'm not sure is easy to solve.
However, it's also a problem with mailing-lists: if the list maintainer doesn't make a digest or archive available, it's not easy to get back articles. Sure, you can subscribe and get everything from that moment on, but you don't get "back issues".
I don't really know what the answer is, but at least it doesn't seem to be a legal problem.
:-)
-Erik
As someone else pointed out, the article in question covers quite a bit of ground, but makes no real attempt to clarify or make substantial claims about the interrelationship between hacking and drug use. It seems much more about the visions and ideas of a single person, which while valid, certainly don't have anything to do with a community that I can't really think anyone would count her as a member.
That said, I do see some correlation between drug use (and patterns of drug use) and the hacker community. What follows is my personal experience (both in use, and observing others), and generalizations I make are unique to me, though I think they are a bit more valid the Ms. Plant's.
I've seen some claims from people above, but I honestly can't say I know anyone who can hack on anything but stimulants. Interesting ideas you might get on pot/LSD/whatever, but the coding process is very rational and process-oriented, which I can't see anyone doing well under anything but stimulants. Speaking of which, everyone notice that performance curve from crystal due to sleep deprevation? I've friends who were up for 72 hours on crystal, and though they functioned fine up until the very end, couldn't code after about 30 hours or so...
Anyway, my $0.02.
-Erik
Realistically, the emphasis for the INS should be on citizenship, and not on Green Cards.
I have lots of friends here with Green Cards (and a few with H1-Bs), but look at the bigger picture here for everyone:
The thing here is this: in the long run, it is by far in the best interests of the US to have all immigrants get Citizenship, and none get Green Cards. Fundamentally, H1-Bs and Green Cards are exporting the knowledge/expertise that such people gain back to their original country. The US has maintained it's economic lead primarily by skimming the best of the intellectuals from other countries via immigration.
Face it, the US is primarily an idea factory nowdays - we think up stuff, and other people make it (not everything, but the major engine of the US economy is Intellectual Property). So, we need to keep "stealing" the bright people from other countries. H1-Bs and Green Cards are bad for this, since they don't keep the knowledge here. Citizenship, on the other hand, keeps the knowledge in the US, and thus our competative advantage.
Fundamentally, the H1-Bs should be "come here for 5 years, then either get your citizenship, or you have to leave (and can't get another H1-B ever)", while Green Cards should be few and far between. Instead, the path to Citizenship should be made as easy as possible, and open to virtually anyone on some kind of a temporary visa (except of course tourist ones). Realistically, it makes no sense to let large numbers of people into this country if you have no intention of making them productive citizens.
We need to be keeping all these people!
-Erik
(And, honestly, whomever thought of the "same number of people per country" quotas was a total moron.)
First off, I'm all in agreement with everyone who said that Kevin's treatment by the Justice System was a shambles. Alot of the system got trampled in the rush to prosecute, and I'm not happy with the way the whole thing went at all.
That said, I'm really tired of people bitching and moaning about how Kevin really didn't do anything, and how his sentance was soooooo long, and now he has all these nasty restrictions, etc...
Some facts and a reality check here, folks.
So please, stop with the bitching about the sentance length. It's not atypical, nor unreasonable.
Bottom line here, folks, is that Kevin broke the law bigtime. I don't condone how he was prosecuted, but he IS a criminal.
And, if you look at things in the big picture, white collar crime is seriously UNDERPUNISHED in the US. White collar crime is generally far more damaging to society that violent crime (whose affect is more focused), in that white collar undermines the economic system itself. A couple of years washing dishes in a minimum-security facility doesn't even come close to being either a deterent or reasonable punishment.
One last thing here. The terms of his parole are neither onerous, nor atypical. Yes, for most of us, living without a computer would be unpleasant, but it is VERY easy to live a life without coming into contact with computers (or at least, in ways that Kevin's parole stipulate he not use them - and the ATM argument is bogus. He should have no problem using an ATM, if I read the parole terms right). Sorry, Kevin, you're just going to have to go be something other than an IT worker. That still leaves lots open. And plenty of non-menial jobs, too.
An old aphorism hold here:
If you can't do the time, don't do the crime.
I have no sympathy for Kevin himself. None at all. I'm still mad that prosecution handled itself the way it did, and I think they need to be taken to task for it, and heavily chastized. But I still don't feel for Kevin one iota.
And, I'm sorry, but /. shouldn't be interviewing convicted felons.
-Erik
A parody can contain copyrighted footage, even if it is for-profit.
The sticking point here is exactly how much material are you allowed to use. IANAL, but I think the standard is something similar to "fair-use", or maybe around 10% or so. However, if they are not attempting to profit from it, I think the standard is completely different, and they might be allowed to use more.
As usual, your milage may vary. Consult a IP lawyer before attempting, et al.
I've read through alot of these posts, and there seems to be two common threads to most of them:
I think both of these need to be addressed to see the underlying reasons for the problem, of which neither of the above are.
First off, I'm a professional SysAdmin, and have spent most of the last 4 years doing System Architect and Security stuff. The last two at E-commerce places.
People, the problem is threefold, none of which is easy to fix:
Virtually nothing is designed with security in mind. That includes all our favorite UNIX OSes, Windows, and virtually all applications. The few apps that seem to have some reasonable security setup often sacrifice this by using stupid defaults to aid "ease-of-use". The sad fact here is that nothing we are using these days is decently secure (no, not even OpenBSD). UNIX is stuck with the all-or-nothing model of security, while Windows actually has a good model that is horribly implimented. Apps tend to be the same. Given that the systems are poor to begin with, hardening them is more than difficult. And compromises tend to do massive damage.
Business is not taking security seriously. Right now, time-to-market is king, and everything else is sacrificed to that great Idol. This is primarily the public's fault, as people seem to reward cheap and first rather than more expensive and well-designed. The miserable state of software quality is a prime example of this mentality. And bugs are a leading cause of security problems.
Also, companies have limited resources. Right now, spending the extra money to shore up security (or maybe even - gasp - do it Right) is about as likely as giving the entire staff a free vacation to Tahiti. They simply have no reason to do it - there isn't much real PR problem, the public doesn't seem to reward companies that spend the extra on security, and there aren't really any legal liabilities yet for failing to do so. So why spend money on something that doesn't have any real returns?
Security is an ongoing battle. This is related to both the previous problems (lack of proper resources, and poor security to begin with). In order to keep a site even basically secure, it's far more complex than simply keeping an eye on BugTraq and watching for vendor security updates. A typical mid-size e-commerce site probably has at least 100 different products (remember, each script is a different product) to keep an eye on, covering at least a dozen (nowdays, with ASPs, likely several score) machines. Just keeping up to date is a daunting task, and like fighting a really war, the opponent isn't stupid, and adapts rapidly. You will suffer defeats. Security is a massively complex and difficult job. Don't let anyone kid you otherwise.
The knee-jerk reaction to fire the admin is merely a Management-covering-their-ass mentality. Blaming the product overlooks the reasons why the product is that way, and also doesn't say anything about the state of the market as a whole.
Until there is a concentrated demand from the public for security, things will continue to be as they are. If the public can stand it, well, then that's the shape of the world we live in. If they don't like it, give business the incentives to buckle down - make them legally responsible for breakins, buy only properly-designed software, etc. Until that happens, blaming the admins and the software is stupid.
First, everyone remember that UCITA is not Federal legislation; it's a recommended addition to the UCC, which means that it must be passed at the state level.
While this means that we haven't lost yet, it makes fighting the thing a real pain, as we have to do it at each and every state legislature.
Back on track.... Cem did a dead-on critique of the proposal last May. I saved it, and everyone interested should read it, as it's very, very, good.
Cem's critique of UCITA
UCITA sucks all over; it's one of the few pieces of legalese that I've seen that has absolutely, positively no redeeming qualities.
-Erik
I could be very wrong about this, but I tried to carefully read both the summary (the 1st link) and the actual ammendments (the 2nd link).
We Still Can't Export Crypto above 64bit symetric / 512-bit RSA
Look at the last paragraph in the summary. It concerns the Wassenaar agreement from 1998. Notice the key length restrictions.
After reading the actual proposal (which was exceedingly dense), I don't see anywhere that they indicate that restrictions on high-bit length keys are lifted.
What the proposal essentially does is allow anyone to export/re-export 56-bit symetric/512-bit RSA products without having to get an export license at all. Products that impliment up to 64-bit symetric can be exported if they are reviewed by BXA (let's face it, the NSA). You Still Can't Export 128-bit (1024-bit RSA)stuff
The one good point may be Open Source. I'm not sure how this affects Source Code exporting, as it's rather simple to change the bit-length in source code (and thus possibly run into the "key-too-long" restriction). It looks like they are going to let all source code out, but I'm not positive on that.
I hope my reading is wrong. But I'm pretty sure all they are doing is streamlining the regulations for the current situation, and not a real revamp.
Too bad.
-Erik