First off, get thee to a lawyer.BUT not just any lawyer. Find a lawyer with significant experience with intellectual property law, particularly regarding programming issues. I would strongly suggest contacting your local chapter of the Independent Computer Consultants of America and asking for referrals to lawyers familiar with the IP issues facing consultants.
There have been some posts here that have suggested that HTML can't be copyrighted--that's probably not true. At the very least it is not legally certain, which is worse. When something is legally defined, it is generally tough to litigate. When something is legally vague, the lawyers come out in droves. And your client's insurance company (who is fighting this) has an incentive to settle to make the suit go away. And part of that incentive is that they can ask your homeowners' insurance carrier to chip in part of the settlement cost.
Here's the problem: computer source code generally is protected by copyright. I have, for instance, successfully pressured a recalcitrant client into paying up by threatening an action for infringement. But--copyright generally only protects the "creative work". The courts generally do not view the results of machine output as being protected by copyright. So the code you wrote by hand is probably protected--the code generated by the DreamWeaver guys probably is not.
Simple analogy: What is the most commonly used programming language in the world today? The answer isn't Visual Basic, Perl, or C++. It is PostScript. PostScript is a complete programming language, and the output from your PostScript printer driver is actually a program that is executed by an interpreter running on the output device (usually your printer, but there are other kinds of PostScript interpreters). I have produced very carefully-written programs in PostScript (years ago, for typesetting equipment calibration), and I charged good money for them. Those programs were creative work protected by copyright. On the other hand, the PostScript program generated by your printer driver to print this web page is just machine-generated output--where's the creativity? There isn't any creativity, so there's nothing in the PostScript code to copyright. Your text may be copyrightable, my text may be copyrightable, and Andover's little blurb at the bottom asserts that everything else on the page is copyrightable--but the PostScript program to print all of it is not copyrightable.
You might find it useful to mention this analogy to your client's lawyers. You can actually save the output from a PostScript printer driver to a file, and browse the program with a text editor. (If you'd like to do this, I can also give you some hand-written PostScript to make the distinction between the two. Contact me at if you want some help.) So long as the HTML code originated in DreamWeaver the creative work is the design of the page as it appears on the Browser. The machine output isn't their creative work, so they can't sue to protect it from infringement. The owner of that creative aspect is the publisher of DreamWeaver--they're just using the "machine".
All of that said, get thee to a lawyer! Is it a pain? Yup. Is it an expense? Yup. But it is definitely worth the bucks to be sure. And it is always worth the bucks to bring your own hired gun to the table, rather than depend upon the charity of somebody else's lawyers. They don't call 'em sharks for nothing--and when did you ever hear of a charitable shark?
Um, actually, the "!" isn't an operator for ODBC. It is a shorthand way of referring to a default property of a referenced object. You can use it in all sorts of places, in much the same way that you can use default values.
When you assign a value from a recordset, for instance, you might use this snippet:
' Assume lValue is already declared as a long lValue = rsData!CustomerID
It is syntactically identical to this:
lValue = rsData.Fields("CustomerID").Value
The "!" operator retrieves the default property (Value) of a referenced object (the Field object, a member of the Fields collection).
This has nothing to do with ODBC--it is related to the COM object model. This works with any COM object, not just a database component.
Actually, I have not bought anything I first learned of through spam.
But that's because the sales rep won't be here till Tuesday. Then I'm buying.
I get spam just like anybody else. I get the photocopier toner sales, the multi-level marketing spiels, and seemingly endless variations on Neiman-Marcus cookies forwarded by Daughter #2's voice teacher. But last Friday I actually saw a useful promotion in what was unabashed B-spam (B2B-spam?).
A local sales manager for an upstart alternative phone company named ChoiceOne B-spammed every web domain holder in his territory (the Lehigh Valley in Pennsylvania). This was a pretty amateur effort: he even mistyped the URL to his company's website. But the company is offering something I want--dramatically lower-cost bandwidth.
(Digression: I'm 23,000 feet from the nearest CO, so DSL is out of the question. What this outfit (ChoiceOne--http://www.choiceonecom.com) is offering to do is resell a local T1 circuit to the CO, where they have a point of presence (for the DSL service they're offering in-town). This is dramatically cheaper than any other alternatives--it means that my bandwidth charges drop from $485/month for 64Kbps to $375/month for 512Kbps. This may seem overpriced to you urban cowboys, but out here in the sticks this is terrific news.)
The rep's coming out on Tuesday. I'll visit with him, then take him up the road to visit a sometime client who also wants to sign up.
So yes--count me as someone who has bought a service from a spammer. In my case (at least right now) it seems like too good a deal to pass up.
(Sorry to take so long in responding. Had to do my tax returns. Ugh.)
Any security system requires positions of trust. You have pointed out (much more politely than a couple of others) that root privileges are required to replace pieces of the OS--and since a bad guy has to have root privs, why bother with an exploit?
In a word, "anonymity."
In my career I have been involved with three different cases of system attacks. In each of the three cases the perpetrator was an employee. In one case there was enough evidence to convict the employee and send him to prison. In another case the client didn't want to prosecute--but was so damaged by the exploit that it essentially collapsed. It was acquired by a competitor a few months later and most of the office employees were let go.
In all three cases the perpetrator was a trusted insider. The users had the equivalent (on their systems) of root privs.
What caught the first guy, but didn't catch the second? The first guy was, in effect, using his root privs locally to play around with records (trying to cover up an embezzlement). The second guy did everything remotely--the damage wasn't apparent until 2-3 months after he was gone, by which time it was practically impossible to prove that he was responsible.
I submit that recompiling a file system component, or replacing an ActiveX control, provides the would-be miscreant a higher degree of anonymity, and thus a lower risk of getting caught.
Can you modify a system file in Windows 2000? Yes. (Although trying to replace any system file in 2000 is a pain, even if you're not being malicious.) But hacking the binary is vastly more difficult than recompiling from commented source code, no? Which was my point: it is easier to run an in-house exploit on OSS.
Thanks for your response. The URLs you directed me to are a reminder of why I am not a lawyer:-).
However--I would be leery of assuming too much from this act. It protects me in my capacity as a volunteer at three-day events (a horse discipline that can be dangerous). It obviously protects a client of mine, who is a Ski Patrol leader. If I were an attorney (and I would regard any suggestion that I am an attorney as defamatory) I'd take issue with how broad the definition of volunteer might be--and would a programmer working on an OSS project count?
However, all that aside, I see your point: you would feel better if you knew the organization was registered as a 501(c)(3).
ESR makes a good point in emphasizing that Open Source software can be reviewed by anybody, and actually is reviewed by many developers when a new release is distributed. He is entirely correctly in asserting that this process (in essence, peer review) prevents a programmer from widely distributing a back door. That is, without question, a definite plus for Open Source.
On the other hand, there is a definite minus to Open Source--anybody can recompile it. Or even parts of it. So anybody with access to the OS can recompile a small part, substitute that part into the OS, and subsequently replace the original.
For example, suppose I want to snoop on doings in the executive suite. I just modify the file system to write copies into another directory--or send copies of all the CEO's email to my home server. When I have the data I want, I just replace the original versions of the OS--and no one will be the wiser.
You can't do that with closed-source software. Since you don't have the source code, you can't alter the code. So you (or that contract programmer who the company is letting go at the end of the month) can't run a little in-house exploit.
Let me clarify that a bit more: an in-house programmer can't run this kind of exploit using a part of the operating system or a closed-source product (such as a database or email system). However, an in-house programmer can run this kind of exploit on components that he can recompile (such as ActiveX controls). If reasonable source control is in place (everyone must use source control, projects can't be checked out indefinitely) there is little risk. Admittedly, there aren't that many corporations that have reasonable source control policies.
The security problem most corporations face today isn't back doors, or even Trojan Horses. It is the in-house Trojan, put in place by somebody on the inside. It is significantly easier to create an in-house Trojan with OSS.
Which is to say, being "Open" is both a blessing and a curse.
I am not 100% certain about my legal protections if a user damages their system while following my advice. The Stampede Linux Foundation is indeed a Non-Profit Organization in Utah, but I was never shown any proof that it was a Federally recognized non-profit (I believe the technical name is 401-C3 status). Thus I have no legal blanket protecting me from a lawsuit.
David!
Completely apart from the discussion of what happened and what the consequences are, you should be aware that membership in a not-for-profit organization does not provide you with any legal protection whatsoever.
What is generally termed a "not-for-profit" organization is recognized under section 501(c)(3) of the Internal Revenue Code. The law pertains to whether or not profits of those organizations are taxed. It says nothing--nothing--about any kind of legal protection for group members. Any kind of protection for liability (in the case you describe, liability for errors and omissions) would only come from an insurance policy taken out by the not-for-profit on behalf of its leaders (expensive) or members (hideously expensive).
For the record: I am not a lawyer. I have been the business manager of a 501(c)(3) not-for-profit that fought the IRS over our status--we won at the Court of Appeals level over a precise definition of the IRC and the specific intent of Congress in establishing not-for-profits. (If you're a lawyer, look up "Presbyterian & Reformed Publishing v. Commissioner.") I have also been covered by E&O by a not-for-profit, have written claims-handling systems for a large insurance company that issues E&O policies, and am presently covered under liability policies for two not-for-profit organizations in my community.
We have a problem, and it is serious. The following item appeared in a major newspaper recently, quoting Arnold Yabenson of the National CyberCrime Prevention Foundation as saying:
"Instead of blowing up a single plane, these groups will be able to patch into the central computer of a large airline and blow up hundreds of planes at once."
It seems clear to me that Yabensen is referring to the Realtime Online Flight Logistics (ROFL) system we developed for Vultee Aerospace. As several of us who were involved in the PLC coding for the FADECs recall, there is extensive logic embedded in the onboard systems governing how fuel is supplied to the engines. If this Yabensen has guessed that the Denial of Realtime Kerosene (DORK) features that permit fuel starvation (on ground, I might add) he may be aware of the firmware issue raised by Ross Scott during final rollout.
Public Relations: Ted, I want your people to find out who this Yabensen is. I've never heard of him, although the paper seems to think he is a credible source. It is crucial that we head this story off at the pass--divert the press with another story. I like the "air ambulance for sick kids" story you mentioned a couple of weeks ago, but if this story looks like it is going someplace--particularly someplace like network TV newsmagazines--I am willing to authorize another remote fuel starvation incident of a TV news helicopter.
Software/Host Systems: Ed, I want you to contact Dave Stearns at Vultee and mention, gently, that somebody has been talking about ROFL and DORK. This is a good opportunity to pitch the Phase III enhancements to ROFL that Marty Eisenreich and his team have been working on. We don't want to scare him (Stearns is *such* a ninny) but this is something we can use to move that project along. The simplest solution to this whole exercise is starting Phase III of ROFL--it will give us control of the entire code base, as well as the source code repository system. Any legacy code that might conceivably trigger the Dump Overboard Hydrogen (DORK-DOH) logic can simply be excised, and the problem gets excised with it. If Stearns starts whimpering feel free to contact George Demetrios directly. We need to move on this!
Hardware/CMOS Systems: Joanie--what was the name of that little nerdy guy who wrote the EEPROM code for DORK? Could he be Yabensen's source? Find him. Ensure his compliance--or his silence.
Legal: Arnie, we are innocent as lambs. There is no problem, there is certainly no legal problem. We have contractual protections, we have statutory protections, we have constitutional protections. Or we'd better. Review our position on this, list our options in the event that this becomes public, and be prepared for five minutes in the Thursday meeting (and *only* five!).
Everybody: No matter what, we have to stonewall this. Nobody talks to anybody, except to scoff at the source. It didn't happen, it can't happen, it's not possible. No reputable company would do such a thing. We're a reputable company, ergo it could not have happened. If word of this leaks onto the Internet, we are doomed.
I want status reports and memos from all dept. heads at the Thursday 3 o'clock.
John
P.S.: Sue tells me that Arnie, Mike E., Ted, and Sylvia have not yet sent in their travel requests for the "Ethics in Corporate Business" seminar. This is required in Q2, people. It's important that we set the ethical example for our employees.
One wonders if I can change the title of the original post to "Read the Whole Post Before Replying...." You and four others (at the time I write this) didn't read all that I wrote. I specifically address the question of software that checks a license over the network in my original post. It's the second way that TrojanWare can exist:
The only other way is if the software periodically reaches out from your system to contact the Evil Corporation to check a license--theoretically possible, but again something that you should be able to catch at the firewall. (You can typically block outbound addresses, for instance, or monitor your firewall logs to see where traffic originates from. There is no reason for Port 80 [for example] traffic to Microsoft to originate from one of your servers.)
Three points:
First, you have to agree to it. UCITA legalizes self-help measures in the contract. It does not simply let any software vendor invade your network. If you are in the business of installing mission-critical enterprise software without reading your license agreement, you deserve what you get.
Second, you have to permit it. As I wrote earlier, you're monitoring outbound traffic at the firewall, right? You've done the routine thing of grouping all your servers in an identifiable IP range, right? And you keep an eye on outbound traffic at your firewall, right? So wouldn't you notice if one of your servers starts sending HTTP packets (or any other kind of permissible packet) out through the firewall?
Third--network outages happen. Any vendor attempting to sell software that won't run without a current connection to the Internet has rocks in his head. The gas company rips up my frame relay circuit with a backhoe--so my accounting software quits? Does anybody think that is a vendor that's going to be in the business for the long haul--like, say, through Christmas?
So what is self-help (TrojanWare) for?
Simple. Lots and lots and lots of custom software (and customized commercial software, like Great Plains accounting systems) are sold in "thirds." The bargain is
one-third of the contract price at the time the bargain is signed,
one-third at the time the project is delivered,
and one-third thirty days after the project is delivered.
Lots of small software firms have found it extremely hard to collect that last third. If you have a 40% gross margin (relatively common in the industry) and you have absolutely hit all your project deadlines that last third amounts to practically all of your profit. If you have had a little bit of an overrun here, an extra cost there, and perhaps your margin has slipped a bit (extremely common in the industry) that last third may be money that you desperately need. More than one small ISV has gone broke depending upon the last third of a project to make payroll taxes, only to have the client refuse to pay. (I had to lay off one of my very best friends when this circumstance happened to us.)
So how do you collect that last third? If the client is in the same state, you can sue. But you'll spend a mountain of money (and a ton of otherwise billable time) in pre-trial litigation. If you're trying to collect the last third of a $45,000 project, you'll go through $15,000 in legal fees in a month. If the deadbeat is out of state it is even worse--you cannot sue in federal court unless you can prove $50,000 in actual damages. Trying to collect that $15,000? Forget it--it is too small an amount to sue in federal court. Your only option is to sue the client in his home state--using an out-of-state lawyer for a one-off lawsuit will only cost you more money. Bottom line: you write off the $15,000, and perhaps go broke.
A lot of small ISVs resort to Trojans. I used to work for a small ISV that dominates the market for accounting and marketing software for book publishers. They bill "on thirds" and they used to use a trojan to make sure they get paid. If you hadn't paid your bill 90 days after installation, each system user was warned that a problem existed with the system--please call customer service. If the bill was still unpaid 120 days after installation, the users were warned that a SERIOUS problem existed--please call customer service. If the bill was still unpaid 150 days later, each user was warned that their employer had not paid for the system in five months. The system would not start. The client's data was still intact--but the client now had to get around to paying up instead of jerking my former employer around. The clients were aware of this--it was spelled out in the contract. And because it was spelled out in the contract the trojan never actually got used (at least not while I was there).
But in the late 80s the Commonwealth of Virginia banned that kind of "self-help" system. And all of a sudden the deadbeats in Virginia could stiff out-of-state ISVs with impunity.
UCITA overturns the Virginia ban--it lets an ISV explicitly include trojans in a contract. Is that a bad thing? Tell you what--let's wait till you're waiting for that last third from a client, with $200 in the bank and payroll taxes due at the end of the week. It might give you an entirely different perspective on the question.
Golly--whoever the PR firm behind this campaign is, they're doing one hell of a job.
Is it me? Or has anybody else noticed that all the articles regarding this question that have appeared in major newspapers open in exactly the same fashion? "Microsoft and other software giants are pressing to get this passed" followed by "the bill will permit software companies to surreptitiously sneak into your computer system to disable software that hasn't been completely paid for."
What you're watching, folks, is a very well-orchestrated campaign in opposition to UCITA that is "planting" story themes. And newspaper writers with, um, more enthusiasm for computers than, well, knowledge buy the idea and write panic-stricken articles about the Evil Corporation and Plans to Invade Your Computer. The only thing different about this article is that the WP writer went further and actually got people in favor of UCITA (like the Virginia governor) to comment on the accusations.
Come on, people!
This is SlashDot, right? Presumably a group of people who know how to do stuff like secure their networks? People who don't just open ports at the firewall for every Tom, Dick, and Harry that wants to peek at your system? People who have sense enough to not grant root (or administrator) privileges, or to leave those privs set to the default passwords?
Riddle: If you're filtering packets at the public router, and you're doing stateful packet inspection at the proxy server, and you're doing network address translation, and you're properly securing privileges with passwords--how can a vendor break into your system?
There are only two ways that TrojanWare can exist. The manner threatened in these maskirovka articles is that an Evil Corporation invades your system and cripples your software. Right--how? If you have done a half-decent job of securing your network it can't happen. If you haven't done a half-decent job of securing your network getting your software turned off by a vendor is probably the least of your problems. You are doubtless bedeviled by all the l33t hax0r skript kiddiez from the local junior high. The only other way is if the software periodically reaches out from your system to contact the Evil Corporation to check a license--theoretically possible, but again something that you should be able to catch at the firewall. (You can typically block outbound addresses, for instance, or monitor your firewall logs to see where traffic originates from. There is no reason for Port 80 [for example] traffic to Microsoft to originate from one of your servers.)
In other words, if you have half a clue the only way TrojanWare can exist is if you actually agree to let it. And the only way you'd agree to let it be there is if the vendor can make a valid case for it.
And guess what? The UCITA provision for "self help" (which is the euphemism du jour for TrojanWare) is, in fact, there to permit vendors and customers to agree to self-help in contracts. Contract provisions permitting self-help are not binding in those states that ban self-help (including Virginia). The UCITA overturns that. That's all the UCITA does (on this matter). The people screaming about Evil Corporations Invading Your System are engaging in exactly the same kind of hype that the Y2K Survivalists did--the difference this time is that it appears to be computer industry denizens who ought to know better that are getting panicked.
I realize that the primary purchase factor when buying any computer is whether it will adequately support Quake. One must have one's priorities.
If you have to make a living in order to support your Quake-playing habits you can indeed use a notebook as a desktop replacement. I've used notebooks exclusively since 1994--first in a high-end Compaq docking station, but lately I've just used a port replicator to simplify making connections in my office. If I'm at a client's or on a plane I have everything I need right in my hands. I don't have to mess with reconciling two systems, I don't have to keep track of what files are where--wherever I am, my computer is there.
It is new notebook time, and I'm intrigued by the VAIO. They look good--very good. But looks don't matter--I make my living with my notebook (I run a small software development firm) and I want the best possible tool. My big disappointment with my present notebook is that it does not support multiple monitors--once you have programmed with source code on one (or more!) monitor(s) and the running application on another, you simply don't want to go back to doing it any other way. I am told that Dell notebooks support multiple monitors, and I'm intrigued. I'm a bit disappointed that this review doesn't touch on the question.
Writing the review while in-flight is a nice touch--but I wish the writer had mentioned whether the VAIO came with the necessaries for connecting to the onboard power supplies now common on many airlines. You simply cannot board the plane with enough batteries for the flight from Chicago to Tokyo--so any reasonable notebook has to be able to simply connect to the onboard systems.
And, perhaps most importantly of all, I wish he'd written about the tactile feel of the keyboard. My most recent notebook has been a WinBook--a very nice notebook, but the keyboard is a bit soft. I like it--but I don't have the love I still feel for original 14-lb. IBM 101 key keyboards. Big, heavy, clunky--but absolutely splendid keyboards. I wish more reviews gave more information about that--it would help so much in making a purchase decision.
The Undersecretary of the Navy is going to go to Redmond to tell Steve Ballmer that Microsoft's groupware products are terrible.
So? Does he think he's going to tell Ballmer something that Ballmer doesn't already know?
Quick Quiz Time: Name Microsoft's "groupware products" that we're talking about here. Ready? What's your answer?
Microsoft's answer to groupware is Microsoft Exchange. But what do you think of Exchange as being? An expensive Email server. What does the entire corporate marketplace think of Exchange as being? An expensive Email server. Perhaps a slow, difficult-to-administer, and expensive Email server. I run a small company, and we're a Microsoft ISV. We get Exchange for free (bundled with the rest of the software we license) and we're likely to toss it for a Linux server and SendMail. Build enterprise applications on top of Exchange? You must be joking....
But is that some revelation to the Navy? To the Undersecretary? To Steve Ballmer? To Bill? Nope. If Microsoft's corporate muscle, marketing prowess, and sheer evil were one-third of what the Dept. of Justice (and your typical Linux pre-teen) insist, Exchange would be ubiquitous. Lotus Notes is sold at very hefty prices--much higher prices than Microsoft charges for Exchange (if Microsoft charges anything for Exchange at all). Lotus is sold by IBM, which is the living embodiment of "ham-handed" sales. So why does Notes still exist? Because Microsoft has a turkey of a product, and they (and everybody else) knows it.
A trip from Chicago to Los Angeles in the early spring will provide you with a breathtaking tour across our country. It is a wonderful journey to take, and you will be pleasantly surprised at how "connected" you can continue to be. Connecting to the Internet from practically any place along your journey will be a breeze.
Let me make some assumptions: I'm assuming that you're renting a car, and that you're planning on staying in hotels or motels as you travel. (That is, you're not hitchhiking with a tent.) Practically any motel room you find will have a phone--you'll quickly discover which hotel chains offer free local calls, and which charge $1 per local call. If you want to stay a little off the beaten track you find lots of local independent motels--but those will almost always charge a hefty price ($0.75 to $1) per local call.
However--you may not find paying $1 per local call to be that big a deal. Local calls in the United States (in most areas) do not have any time charges--you make the local connect and you can stay on the line as long as you like. Similarly, practically no ISP has a connect time charge for local access (ISPs typically do charge for connect time if you are connecting via a toll-free number--because they're paying for that toll-free call).
You're wise to think of the problems of using a non-US cell phone, and to think of what kind of jack to use in a hotel room. However--you should also carefully consider what kind of modem you have. You may be surprised to discover that many modems (particularly inexpensive ones) may not be legal to use outside your country. This little surprise catches a lot of US travelers--the UK periodically makes a point of confiscating "illegal" modems from notebook users when they clear Customs. "Turnabout is fair play" is something of a truism with customs and immigration authorities--if the Brits are being jerks by confiscating modems, you can expect customs officials in other countries to look very closely at the modems of UK travellers. Make sure your modem is labelled as being registered with the U.S. Federal Communications Commission.
I'm sure you're aware that the electrical sockets are different in the U.S., as is the electrical voltage. If you know of a shop in the UK that sells the electrical converters, they will sell you any necessary kits for connecting to phone lines as well. If you can't find such kits in your area, buy one in the gift shops at Heathrow before you board the plane. When you land in Chicago you will not find any shops in the International Terminal--you clear customs and immigration and proceed directly to the tram to the domestic side of the airport. To get to airport shops at the other terminals (the best shopping is in United's concourse, which is Terminal One) you will have to go back through the barrier.
Check with your local ISP about whether they offer a roaming plan. Most ISPs in the US participate in POP-sharing plans that have connect points around the world. Failing that, AOL and CompuServe have the most local nodes (they're related--AOL owns CompuServe). You can sign up for either in the UK (even on a trial membership) and then drop it when you return home.
Corel was originally a custom software provider, focusing on the Canadian federal government, in the mid-1980s. In the late 80s Corel developed a graphics package named Corel Draw! (they used to add an exclamation point to all their products) as a companion tool for Xerox Ventura Publisher. The original version of Corel Draw! shipped with a Microsoft Windows 2.15 runtime--Corel Draw! 1.0 was how I first bought Windows.
In 1991 Corel bought the Ventura Software division from Xerox. Corel attempted to package several graphics package bundles, but their development efforts were hampered by both sales and programming obstacles. (The big programming obstacle was that Ventura Publisher was an assembly-language hack--no documentation, and the original programmer was long gone.)
Mike Cowpland (rhymes with "hope-land") of Corel has worked very hard at being a wheeler-dealer. He has bought a couple of well-regarded names for lots of Corel stock and very little cash--he bought WordPerfect (but not WordPerfect's payroll) from Novell for a lot of stock but only about $10 million in cash in the mid-90s. In this transaction he's "buying" Borland with newly-issued stock and no cash. (This transaction dilutes the shareholders interests by 44%--but doesn't cost Corel a dime.)
(FWIW: I used to be a tech support forum sysop on Ventura Software's CompuServe forum. I used to do technical illustration of children's books using Corel Draw.)
There are two problems with this post. The first problem is that the HREF tag is incorrect--the closing is not formed correctly so the link doesn't work. The second problem is that the bitmap doesn't correctly identify this post as a joke.
This guy is a typical user? You're joking, right?
He indicates that he's presently using three different distributions of Linux, and has recompiled (at least one of them) 3 times. He has a home network, with a full-time Internet connection. He "naturally" chose KDE over Gnome, and prefers vi to emacs.
He's a "typical" user. Right.
I don't like to see "end luser" comments, because those end users are the people who pay us. (If half of my clients had half a clue, I'd be looking for a real job....) But to suggest that this guy is anything like a "typical" end user is too much--way too much.
The "typical" user turns off his computer, but leaves the monitor on--and thinks he's saving energy. Or he turns the monitor off, but leaves the computer on, thinking the whole thing is off. The typical user carefully types his password on his notebook when he boots it up on the airplane--otherwise that heavy-duty security won't let him into his files. The typical user hopes that someday the computer support geeks will stop giggling about the time he demanded immediate onsite response, and the "critical problem" turned out to be that the monitor was unplugged.
All joking aside, how typical is this guy? Would any of us pass this article along to "typical" users at an employer's, or at client's? How many typical users that we know would be able to read through the first paragraph and understand what it means? If this is any realistic notion of a "typical" user, ESR (et al)'s dream of "taking over the world" is a joke--because the vast majority of the world simply can't read that first paragraph.
When Windows 95 was being reviewed one of the Microsoft project leaders defined a very simple metric: "can my mother use this?" You can prate all you want about the stability and reliability of *nix or *BSD--but until all of our mothers are chatting on Linux boxen there simply isn't going to be a place in the desktop market for Linux (et al). My (67-year-old) mother is happily using Windows 95. She uses CompuServe for email, and has yet to explore the Web--she thinks it would be more complication than she has time to put up with. Would I expect Mom to recompile Mandrake 6.0 3 times to deal with "Level 5 problems"?
Actually, this isn't a big bandwidth issue. The biggest bandwidth concern is maintaining a connection for just-in-case help--being able to reach out and touch via a cellular call. All the user should have to do is press the Help button, and the phone rings at the pre-defined phone number. The call recipient should be able to identify where the user is (GPS sent in the data setup for the call, perhaps, or maintained in a web-based database from continuous feeds) and be able to talk back. He or she could talk to the end user, or raise the volume and talk to people nearby ("can somebody tell me if Bobby is okay? I can't hear him...can anybody answer me?")
That requires a device that is a power controller, a GPS receiver, a cell phone, and a CDPD data device (cellular digital packet data). But it doesn't really require that much bandwidth.
Actually, I see the problem as a software issue: to communicate we have to create an adaptive vocabulary that lets the user, and his or her guardians, determine a relatively limited list of commonly used words or phrases. You and I communicate via keystrokes typed on a keyboard--because you and I have learned a language based on characters that combine to form phonemes, which combine to form words, which combine to form sentences. The breadth and depth of English-language expression requires the ability to assemble speech with detailed precision--we don't need that kind of precision if we're using a total vocabulary of 400 words. ("I want to go home" can be thought of as a single word in this context.)
Communication for the mute isn't the same as it is for you and me. Kids with very limited language skills learn to use "cheap talkers"--devices with a few pre-recorded sounds related to buttons. The buttons have symbols (from a symbol set named PCS, from Johnson-Mayer Company). The user presses a symbol and the talker repeats the sound. The problem with these devices are manifold: they're very limited (they might have 32 or 40 words); they're focused on single-word vocabularies (typically for very language-deficient kids); and they have no means of data collection--you can't tell what words the user actually selects. The key to this kind of adaptive speech is data collection--recording what the user has said, identifying words and word forms that the user has used, and playing back a day's conversations so that Mom and Dad can work on new words or phrases for tomorrow.
There are many brilliant people working in bioengineering, trying to create a link between a person's nervous system and bionic/robotic devices. That is promising, and (I'm told) is deeply rewarding work for the people who do it. The kids I'm thinking of have little or no control over their own muscles (that's part of what cerebral palsy is) so connecting to their muscles won't achieve anything. What I'm concerned to do is to give these people a voice--so that they can communicate with the world outside of their bodies.
(Truth in messaging: I'm a programmer, so I see a software-based solution to every conceivable problem. A hardware guy might view the matter differently.)
I have a dream. A dream I have had since 1992, when I first met a boy named Bobby. Bobby has cerebral palsy, and is extremely affected--he can move his left arm at the shoulder, but his elbow wrist and fingers are essentially rigid. Bobby has an electric wheelchair, which he can control with his left arm. Bobby cannot speak.
There is a cruelty to cerebral palsy--oftentimes there is a perfectly normal child trapped inside that horribly disfigured body. And, sooner or later, that child realizes that he is permanently, utterly, royally screwed. It will never get better--he will always be the Hunchback. (What is child abuse? Send a severely-affected CP kid to a school named "Notre Dame.")
Bobby's parents heard of me because of an educational game I created for kids with limited language skills. They asked if I could help Bobby. Long story--but the resulting program helped Bobby go from a "spoken" vocabulary of 0 to 400 words over the weekend. But--the program was written in Visual Basic, which required a PC. I had a dream....
What I've dreamt of for eight years is an Assistive Device. Plugged into an electric chair it provides the kind of smart battery intelligence that we take for granted with notebooks--but that is completely missing from wheelchairs. Gain #1--longer battery life for chairs. In the end user's chair we have the ability to extend the simple user interface for non-verbal users--they can "mouse" to the words or phrases they need ("excuse me", "is this the A4 bus?", "please let me off at the Whitehall Mall"). Using a recorded mix of Mom's voice and Dad's, the user "speaks" with a voice that is recognizably part of his family. Gain #2. With that UberPDA the end user can communicate with a buddy--"Help! I'm stuck on a sidewalk covered in snow!". With GPS and wireless our end user is never lost, and never alone. Gain #3. For the end user who is not permanently confined to a chair we can make the uberPDA wearable--using a simple handheld device he can identify the words or phrases he needs to say--and the device "speaks" them through speakers. If he is blind we can offer GPS-based guidance--and perhaps IR-based (or sonar?) collision-avoidance.
I have a dream. With big MIPS, big bandwidth, and very, very low power consumption we can give sight to the blind, and a voice to the mute. We can take the shattered and the crippled and let them experience that most precious of dreams: independence. Autonomy. Freedom.
In 1992 I wrote an article that stated that from that day forward I was a has-been: I had written the best software of my life, and from BobbyWrite onward all would be downhill. Perhaps--maybe--I was wrong. Perhaps, with the incredible advances of technology, we can take that nascent germ of an idea and make it really useful.
This is a non sequitur. The downfall of Lotus 123 and Wordperfect had 100% of nothing to do with their contract terms and everything to do with Microsoft's belligerent marketing of MS Office.
Um, actually, no. Microsoft crushed WordPerfect and Lotus in the corporate workplace partly because of price, and partly because of contract terms. One of my major clients, in 1994, was planning to implement an enterprise standard for office software. They had some divisions using Lotus 1-2-3, some using Excel, some using Samna Ami (later Lotus Ami Pro), some using WordPerfect, and some using Word. They had Quattro users, Paradox users, dBase users, FoxPro users--they had a mess.
Lotus showed up, and offered a site license: buy a copy of Lotus for every machine in the corporation, and individually register every single one of them--for a not very good discount (Lotus listed at $795). In English only--other languages (if they were available) had to be licensed separately at different terms. WordPerfect showed up, with a better discount, and less onerous terms--but sorry, you couldn't do anything like embed a Lotus spreadsheet in a WordPerfect document. And they'd only do the site license in English--other languages? Other terms, other negotiations, other pricing. Then Microsoft showed up--Word, Excel, PowerPoint, and Access, for $229 per PC across the entire corporation. Japanese in Japan, Modern Chinese in the PRC, Traditional Chinese in Hong Kong and Taiwan, French in France and so forth. They didn't just embed spreadsheets in documents--they produced corporate developers (employees of the client) who had already done integration products with Office components. (Microsoft's Developer Network is hands-down the best developer support program there is--and all of these guys were MSDN members). In one memorable comment a manager remarked, "we could launch space shots from Cape Canaveral with WordBASIC if half of this stuff is to be believed...." (The client is a major supplier to NASA, BTW.)
The client saw an easy decision: Office offered vastly better integration, vastly more "open" architecture to permit IT developers to integrate solutions (every desktop has Excel--so you don't need to buy charting tools for custom apps. Just embed an Excel chart.) Dramatically lower price, and no Mickey Mouse contract terms. (Approximately 6,000 of the client's desktops are outside the U.S.--so the multiple-language contract was a big issue. I don't think you could even buy WordPerfect for Windows in Japan at that point--Lotus 1-2-3 in Japanese was terrible--but its been a long time.)
The client still has the same deal. They're up to 18,000 desktops, and will have over 30,000 desktops this summer after a pending merger is completed. Not because of Microsoft belligerence--but because Microsoft's solutions worked better and cost approximately 24% of the competing alternatives. It was, and still is, a no-brainer.
Which is to say, Microsoft won the business, and has kept the business, because of pricing, features, and support. Which is how a free market is supposed to work.
(BTW--nice job in formatting your reply with HTML. Never dawned on me to use BLOCKQUOTE for, um, quoting....)
Please clarify. Back doors are not a threat because (a) nobody in their right mind will buy a product that contained one or (b) they would be illegal under this legislation. The former is insufficient reason, since products have already been sold that have back doors, usually without the knowledge of the buyer.
Nobody in their right mind will buy commercial TrojanWare. And no sane shrinkwrap producer will even consider shipping TrojanWare--because the immediate consequence of using a back door will be litigation. Anybody in business knows that it isn't the result of litigation that matters--just the fees for going to court will wipe you out. And, as eToys.com is discovering, a little bid of bad publicity can get your stock price hammered.
What the "self help" provision does is permit a vendor to include language in a contract that explicitly permits back doors or other means. I used to work for a company that did it--here's how it works. A lot of mid-priced software, and custom software projects, are sold on "thirds"--one-third of the contract price is due at the start of the project, one-third is due at delivery, and one-third is due thirty days after delivery. Sometimes getting that last third can be a real challenge--if you're dealing with a small company they may simply not have the cash and try to string you out; if you're dealing with a crook they might suggest that you pound sand--they're not paying. In a lot of custom development the vendor discovers that a lot of new features seem to get added to the feature list after he has delivered--"oh, I'm sure there'll be no problem with payment, if you just be sure to add this little thing for us...." That list can go on for months--because they know you need that last third. If the client tries to stiff you for that last third your only recourse is to take the client to court--but if the client is located across a state line you have to sue in federal court, where you have to demonstrate $50,000 in actual damages before you even have "standing" to sue. If you're looking to collect the last $15,000 on a $45,000 job you can try to hire a lawyer in the client's home state--but you might as well forget it. You'll burn through fifteen grand in legal fees before you get to court, so essentially you're screwed.
Unless you use some form of "self help." In the case of my former employer the system checked the date at startup (since this was an order entry system dates couldn't easily be spoofed) and checked a series of parameters to see if the software had been installed for more than 90 days. If it was, the operators would get a screen asking the supervisor to call customer service. Thirty days later, if the system still hadn't been paid for, another screen asked the supervisor to call customer service, as a serious problem exists with the system. (My employer viewed an invoice over 120 days old as a serious problem.) Thirty days later (thus, 150 days after installation, and four months after payment was due) every user logging in was prompted that the system could not function because a bill had not been paid.
We told every prospective client about that feature. To my knowledge it was never used--in part because the clients knew it was there. (We did do some weird stuff at startup if the date was Friday the 13th, but that's another story:-)
In the late 1980s the commonwealth of Virginia banned that kind of Trojan. And all of a sudden you simply couldn't collect that last third from deadbeats in Virginia--and the Virginia deadbeats knew it. The UCITA overturns that law, and similar laws in other states (I don't know if there are other states with similar laws or not).
Couple of additional points: first, my company doesn't use Trojans. We usually provide source code to our customers, and we typically do systems for companies that are large enough that they don't play those kinds of games. Second, the Independent Computer Consultants of America opposed the UCITA, especially the self-help provision. I don't know why, but it is an interesting perspective to this discussion that I'd like to learn more about.
RMS, once again, disappoints me. As the leading light of the Free Software movement he certainly has an important perspective to share on many issues--but in this article he simply reiterates many of the straw-man arguments that others have raised.
Simply put, the spectre of UCITA that he raises is that UCITA permits vendors and buyers to agree to contract terms. UCITA does not, in so many words, legalize Trojan Horses (so-called "self-help measures") without buyer consent. Nobody in his right mind is going to buy a TrojanWare shrinkwrap app. But "self-help" measures permit custom software developers to ensure that they get paid. They can only use self-help if the client agrees to them, in the contract.
Can Microsoft, IBM, Oracle, or another software giant force an onerous contract down your throat? Nope--markets do, in fact, work. In 1989 Lotus had a cast-iron lock on the spreadsheet market, WordPerfect had a lock on the word processing market, and Xerox had a lock on desktop publishing. Lotus 1-2-3 still has a dozen or so users, somewhere; Corel can't give away WordPerfect; and I'd bet most SlashDot users can't even name the erstwhile Xerox product that owned the DTP market. (Hint: Corel Draw was created as an add-on product for it, and Corel now owns it.) Lest you think that Microsoft hegemony can keep a bad product alive, two words: Microsoft Bob.
If you thought the world was going to end on New Year's Eve, you'll probably get panicked by UCITA as well. You shouldn't be--this isn't nearly as scary as the doomsayers are claiming.
"If the woman was genuinly concerned about privacy, she should do what many of us already do and filter out doubleclick before it arives at the browser.
You know how to filter DoubleClick. I know how to filter DoubleClick. 99 and 44/100% of Internet users do not know how to filter DoubleClick. And there is no reason in the world that they should have to learn. Her privacy has, obviously, been invaded--the question now is whether a jury decides that her privacy is worth much.
"When was the last time you heard of a piece of *free* software developed in mainland China?"
Which means that software innovation in China isn't happening. But is it because all of the Chinese are poor?
(Been to China lately?)
India has significantly greater poverty than China--but India has a booming software industry. (Just consider how many tens of thousands of Indians are in the U.S. on H1B visas.) Why is software innovation booming in India, but not in China? (And why, for that matter, is software booming in Taiwan, which forty years ago was poorer, and which has zero natural resources?)
This is Macroeconomics 1A material--intellectual property rights are the basis for technological innovation, which is the basis for economic growth.
"The analogy to barriers to entry in heavy industry also fails. "Historically", if what you suggest is true, there has been no barrier to plagiarism. What you describe is a barrier to production. Software is different in that it is being treated as a product, not a means of production."
I'm not suggesting, I'm stating. And yes, historically, it is true--there is no barrier to plagiarism in intellectual property law. The whole point of the patent system is to encourage plagiarism. The concept is called "derivative works."
For example, suppose that you come up with a better method for stamping sheet steel (this happened in the 1920s). I've been working on the same problem, but taking a much different approach. I read your patent application (which is public information) and the lightbulb goes on--I have the solution, and my new solution is even better than yours. I rush to the Patent Office and file a patent. The world, recognizing a better mousetrap, beats a path to my door. I get rich--but because my patent depends upon yours (and identifying those dependencies is part of the patent process) you get rich too. You and I get rich--but society as a whole reaps an enormous benefit. Since we've improved metal stamping technology automobiles can now have enclosed bodies and still cost less to build. Aircraft wings can be assembled from stamped parts, rather than be hand-made from wood and fabric. Consumer products will drop in price--a whole cycle of economic activity will take place due to our technological innovation. (True fact: simultaneous innovation in cold-rolled steel and steel-stamping technology was one of the very few pieces of good news in economics in the 1930s.)
My point, which I think you misunderstood, is that even if someone were to try to plagiarize an invention without licensing it, typical barriers to production effectively prevented it. I know how ABB's continuous casting process works--so what? I can't set up a continuous caster in my back yard. With software there are no such barriers--if you have the source code to Bank A's consumer lending software you can easily sell a consumer lending solution to Bank B without ever getting caught. (In fact, many consulting companies do this all the time--they write a solution for a client, then sell the same solution to the client's competitors.)
Without intellectual property protection (which is what the GPL amounts to) there is no legal recourse to somebody plagiarizing your code. That was my point.
First, the question of China and intellectual property. This is a settled question in the history of economics: there was no such thing as intellectual property protection before the mid 1700s in Britain. The development of intellectual property protection--specifically the monopoly rights to your creation--was the basis for the Industrial Revolution. The nations that industrialized early were those nations that adopted intellectual property protections (such as the U.S.). Those that did not adopt IP protection (France, the German states) were left behind. They did not begin to catch up until they adopted protections for intellectual property.
Poverty in China is no reason why there is no Chinese software industry--there is plenty of poverty in India and Pakistan, but there are booming software industries in both countries. Remember that before Ed Yourdon was crying wolf about the Year 2000, he was crying wolf about the threat from cheap labor in India. (And many of us who have worked in IT for a long time can name former clients or employers who outsourced all their programming to Indian firms.) What's the difference? India and Pakistan both protect intellectual property rights. China doesn't.
If you want to look at a broader comparison, consider East Germany vs. West Germany; North Korea vs. South Korea; Singapore vs. Malaysia; or practically anybody in Asia vs. Indonesia. Technological innovation boomed in West Germany, driving the booming economy--to the extent that the Third World War that we were brought up to expect didn't happen because West Germany more or less just bought East Germany. It wasn't a war--it was a white-knight takeover. Technological innovation in West Germany was protected by intellectual property rules, it was not protected in East Germany. Without an impetus to innovation, nobody in East Germany felt a burning desire to innovate. The same situation exists in all the other countries I listed: forty years ago there was no economic distinction between the pairs of countries I mention. The country that has prospered has done so through technological innovation. If the other country (such as Indonesia) has prospered at all, it is largely a result of the extraction of natural resources and the exploitation of cheap labor.
Intellectual property protection begets technological innovation. Technological innovation begets economic progress. You can have technological innovation without IP protection--but the record of history is brutally clear: without IP protection the rate of technological innovation is dramatically lower.
(This, incidentally, is a major part of the World Trade Organization's dialogues with the People's Republic of China. The industrialized West wants the PRC to develop strong intellectual property rights to encourage technological innovation. To many people it looks like the U.S. is trying to jail people bootlegging copies of Windows. What those people, including the PRC's leadership, don't get is that if and when somebody develops a Chinese OS that's better than Windows, Microsoft will instantly become the #2 player in the game. Way more people speak Chinese than English.)
Slashdot Mirror
Hi!
First off, get thee to a lawyer. BUT not just any lawyer. Find a lawyer with significant experience with intellectual property law, particularly regarding programming issues. I would strongly suggest contacting your local chapter of the Independent Computer Consultants of America and asking for referrals to lawyers familiar with the IP issues facing consultants.
There have been some posts here that have suggested that HTML can't be copyrighted--that's probably not true. At the very least it is not legally certain, which is worse. When something is legally defined, it is generally tough to litigate. When something is legally vague, the lawyers come out in droves. And your client's insurance company (who is fighting this) has an incentive to settle to make the suit go away. And part of that incentive is that they can ask your homeowners' insurance carrier to chip in part of the settlement cost.
Here's the problem: computer source code generally is protected by copyright. I have, for instance, successfully pressured a recalcitrant client into paying up by threatening an action for infringement. But--copyright generally only protects the "creative work". The courts generally do not view the results of machine output as being protected by copyright. So the code you wrote by hand is probably protected--the code generated by the DreamWeaver guys probably is not.
Simple analogy:
What is the most commonly used programming language in the world today? The answer isn't Visual Basic, Perl, or C++. It is PostScript. PostScript is a complete programming language, and the output from your PostScript printer driver is actually a program that is executed by an interpreter running on the output device (usually your printer, but there are other kinds of PostScript interpreters). I have produced very carefully-written programs in PostScript (years ago, for typesetting equipment calibration), and I charged good money for them. Those programs were creative work protected by copyright. On the other hand, the PostScript program generated by your printer driver to print this web page is just machine-generated output--where's the creativity? There isn't any creativity, so there's nothing in the PostScript code to copyright. Your text may be copyrightable, my text may be copyrightable, and Andover's little blurb at the bottom asserts that everything else on the page is copyrightable--but the PostScript program to print all of it is not copyrightable.
You might find it useful to mention this analogy to your client's lawyers. You can actually save the output from a PostScript printer driver to a file, and browse the program with a text editor. (If you'd like to do this, I can also give you some hand-written PostScript to make the distinction between the two. Contact me at if you want some help.) So long as the HTML code originated in DreamWeaver the creative work is the design of the page as it appears on the Browser. The machine output isn't their creative work, so they can't sue to protect it from infringement. The owner of that creative aspect is the publisher of DreamWeaver--they're just using the "machine".
All of that said, get thee to a lawyer! Is it a pain? Yup. Is it an expense? Yup. But it is definitely worth the bucks to be sure. And it is always worth the bucks to bring your own hired gun to the table, rather than depend upon the charity of somebody else's lawyers. They don't call 'em sharks for nothing--and when did you ever hear of a charitable shark?
Hi!
Um, actually, the "!" isn't an operator for ODBC. It is a shorthand way of referring to a default property of a referenced object. You can use it in all sorts of places, in much the same way that you can use default values.
When you assign a value from a recordset, for instance, you might use this snippet:
' Assume lValue is already declared as a long
lValue = rsData!CustomerID
It is syntactically identical to this:
lValue = rsData.Fields("CustomerID").Value
The "!" operator retrieves the default property (Value) of a referenced object (the Field object, a member of the Fields collection).
This has nothing to do with ODBC--it is related to the COM object model. This works with any COM object, not just a database component.
Hi!
Actually, I have not bought anything I first learned of through spam.
But that's because the sales rep won't be here till Tuesday. Then I'm buying.
I get spam just like anybody else. I get the photocopier toner sales, the multi-level marketing spiels, and seemingly endless variations on Neiman-Marcus cookies forwarded by Daughter #2's voice teacher. But last Friday I actually saw a useful promotion in what was unabashed B-spam (B2B-spam?).
A local sales manager for an upstart alternative phone company named ChoiceOne B-spammed every web domain holder in his territory (the Lehigh Valley in Pennsylvania). This was a pretty amateur effort: he even mistyped the URL to his company's website. But the company is offering something I want--dramatically lower-cost bandwidth.
(Digression: I'm 23,000 feet from the nearest CO, so DSL is out of the question. What this outfit (ChoiceOne--http://www.choiceonecom.com) is offering to do is resell a local T1 circuit to the CO, where they have a point of presence (for the DSL service they're offering in-town). This is dramatically cheaper than any other alternatives--it means that my bandwidth charges drop from $485/month for 64Kbps to $375/month for 512Kbps. This may seem overpriced to you urban cowboys, but out here in the sticks this is terrific news.)
The rep's coming out on Tuesday. I'll visit with him, then take him up the road to visit a sometime client who also wants to sign up.
So yes--count me as someone who has bought a service from a spammer. In my case (at least right now) it seems like too good a deal to pass up.
John Murdoch
Hi!
(Sorry to take so long in responding. Had to do my tax returns. Ugh.)
Any security system requires positions of trust. You have pointed out (much more politely than a couple of others) that root privileges are required to replace pieces of the OS--and since a bad guy has to have root privs, why bother with an exploit?
In a word, "anonymity."
In my career I have been involved with three different cases of system attacks. In each of the three cases the perpetrator was an employee. In one case there was enough evidence to convict the employee and send him to prison. In another case the client didn't want to prosecute--but was so damaged by the exploit that it essentially collapsed. It was acquired by a competitor a few months later and most of the office employees were let go.
In all three cases the perpetrator was a trusted insider. The users had the equivalent (on their systems) of root privs.
What caught the first guy, but didn't catch the second? The first guy was, in effect, using his root privs locally to play around with records (trying to cover up an embezzlement). The second guy did everything remotely--the damage wasn't apparent until 2-3 months after he was gone, by which time it was practically impossible to prove that he was responsible.
I submit that recompiling a file system component, or replacing an ActiveX control, provides the would-be miscreant a higher degree of anonymity, and thus a lower risk of getting caught.
Can you modify a system file in Windows 2000? Yes. (Although trying to replace any system file in 2000 is a pain, even if you're not being malicious.) But hacking the binary is vastly more difficult than recompiling from commented source code, no? Which was my point: it is easier to run an in-house exploit on OSS.
Yours,
John Murdoch
Hi David!
:-).
Thanks for your response. The URLs you directed me to are a reminder of why I am not a lawyer
However--I would be leery of assuming too much from this act. It protects me in my capacity as a volunteer at three-day events (a horse discipline that can be dangerous). It obviously protects a client of mine, who is a Ski Patrol leader. If I were an attorney (and I would regard any suggestion that I am an attorney as defamatory) I'd take issue with how broad the definition of volunteer might be--and would a programmer working on an OSS project count?
However, all that aside, I see your point: you would feel better if you knew the organization was registered as a 501(c)(3).
Thanks for the information.
John Murdoch
ESR makes a good point in emphasizing that Open Source software can be reviewed by anybody, and actually is reviewed by many developers when a new release is distributed. He is entirely correctly in asserting that this process (in essence, peer review) prevents a programmer from widely distributing a back door. That is, without question, a definite plus for Open Source.
On the other hand, there is a definite minus to Open Source--anybody can recompile it. Or even parts of it. So anybody with access to the OS can recompile a small part, substitute that part into the OS, and subsequently replace the original.
For example, suppose I want to snoop on doings in the executive suite. I just modify the file system to write copies into another directory--or send copies of all the CEO's email to my home server. When I have the data I want, I just replace the original versions of the OS--and no one will be the wiser.
You can't do that with closed-source software. Since you don't have the source code, you can't alter the code. So you (or that contract programmer who the company is letting go at the end of the month) can't run a little in-house exploit.
Let me clarify that a bit more: an in-house programmer can't run this kind of exploit using a part of the operating system or a closed-source product (such as a database or email system). However, an in-house programmer can run this kind of exploit on components that he can recompile (such as ActiveX controls). If reasonable source control is in place (everyone must use source control, projects can't be checked out indefinitely) there is little risk. Admittedly, there aren't that many corporations that have reasonable source control policies.
The security problem most corporations face today isn't back doors, or even Trojan Horses. It is the in-house Trojan, put in place by somebody on the inside. It is significantly easier to create an in-house Trojan with OSS.
Which is to say, being "Open" is both a blessing and a curse.
John Murdoch
David!
Completely apart from the discussion of what happened and what the consequences are, you should be aware that membership in a not-for-profit organization does not provide you with any legal protection whatsoever.
What is generally termed a "not-for-profit" organization is recognized under section 501(c)(3) of the Internal Revenue Code. The law pertains to whether or not profits of those organizations are taxed. It says nothing--nothing--about any kind of legal protection for group members. Any kind of protection for liability (in the case you describe, liability for errors and omissions) would only come from an insurance policy taken out by the not-for-profit on behalf of its leaders (expensive) or members (hideously expensive).
For the record: I am not a lawyer. I have been the business manager of a 501(c)(3) not-for-profit that fought the IRS over our status--we won at the Court of Appeals level over a precise definition of the IRC and the specific intent of Congress in establishing not-for-profits. (If you're a lawyer, look up "Presbyterian & Reformed Publishing v. Commissioner.") I have also been covered by E&O by a not-for-profit, have written claims-handling systems for a large insurance company that issues E&O policies, and am presently covered under liability policies for two not-for-profit organizations in my community.
John Murdoch
We have a problem, and it is serious. The following item appeared in a major newspaper recently, quoting Arnold Yabenson of the National CyberCrime Prevention Foundation as saying:
"Instead of blowing up a single plane, these groups will be able to patch into the central computer of a large airline and blow up hundreds of planes at once."
It seems clear to me that Yabensen is referring to the Realtime Online Flight Logistics (ROFL) system we developed for Vultee Aerospace. As several of us who were involved in the PLC coding for the FADECs recall, there is extensive logic embedded in the onboard systems governing how fuel is supplied to the engines. If this Yabensen has guessed that the Denial of Realtime Kerosene (DORK) features that permit fuel starvation (on ground, I might add) he may be aware of the firmware issue raised by Ross Scott during final rollout.
Public Relations:
Ted, I want your people to find out who this Yabensen is. I've never heard of him, although the paper seems to think he is a credible source. It is crucial that we head this story off at the pass--divert the press with another story. I like the "air ambulance for sick kids" story you mentioned a couple of weeks ago, but if this story looks like it is going someplace--particularly someplace like network TV newsmagazines--I am willing to authorize another remote fuel starvation incident of a TV news helicopter.
Software/Host Systems:
Ed, I want you to contact Dave Stearns at Vultee and mention, gently, that somebody has been talking about ROFL and DORK. This is a good opportunity to pitch the Phase III enhancements to ROFL that Marty Eisenreich and his team have been working on. We don't want to scare him (Stearns is *such* a ninny) but this is something we can use to move that project along. The simplest solution to this whole exercise is starting Phase III of ROFL--it will give us control of the entire code base, as well as the source code repository system. Any legacy code that might conceivably trigger the Dump Overboard Hydrogen (DORK-DOH) logic can simply be excised, and the problem gets excised with it. If Stearns starts whimpering feel free to contact George Demetrios directly. We need to move on this!
Hardware/CMOS Systems:
Joanie--what was the name of that little nerdy guy who wrote the EEPROM code for DORK? Could he be Yabensen's source? Find him. Ensure his compliance--or his silence.
Legal:
Arnie, we are innocent as lambs. There is no problem, there is certainly no legal problem. We have contractual protections, we have statutory protections, we have constitutional protections. Or we'd better. Review our position on this, list our options in the event that this becomes public, and be prepared for five minutes in the Thursday meeting (and *only* five!).
Everybody:
No matter what, we have to stonewall this. Nobody talks to anybody, except to scoff at the source. It didn't happen, it can't happen, it's not possible. No reputable company would do such a thing. We're a reputable company, ergo it could not have happened. If word of this leaks onto the Internet, we are doomed.
I want status reports and memos from all dept. heads at the Thursday 3 o'clock.
John
P.S.: Sue tells me that Arnie, Mike E., Ted, and Sylvia have not yet sent in their travel requests for the "Ethics in Corporate Business" seminar. This is required in Q2, people. It's important that we set the ethical example for our employees.
One wonders if I can change the title of the original post to "Read the Whole Post Before Replying...." You and four others (at the time I write this) didn't read all that I wrote. I specifically address the question of software that checks a license over the network in my original post. It's the second way that TrojanWare can exist:
Three points:
So what is self-help (TrojanWare) for?
Simple. Lots and lots and lots of custom software (and customized commercial software, like Great Plains accounting systems) are sold in "thirds." The bargain is
Lots of small software firms have found it extremely hard to collect that last third. If you have a 40% gross margin (relatively common in the industry) and you have absolutely hit all your project deadlines that last third amounts to practically all of your profit. If you have had a little bit of an overrun here, an extra cost there, and perhaps your margin has slipped a bit (extremely common in the industry) that last third may be money that you desperately need. More than one small ISV has gone broke depending upon the last third of a project to make payroll taxes, only to have the client refuse to pay. (I had to lay off one of my very best friends when this circumstance happened to us.)
So how do you collect that last third? If the client is in the same state, you can sue. But you'll spend a mountain of money (and a ton of otherwise billable time) in pre-trial litigation. If you're trying to collect the last third of a $45,000 project, you'll go through $15,000 in legal fees in a month. If the deadbeat is out of state it is even worse--you cannot sue in federal court unless you can prove $50,000 in actual damages. Trying to collect that $15,000? Forget it--it is too small an amount to sue in federal court. Your only option is to sue the client in his home state--using an out-of-state lawyer for a one-off lawsuit will only cost you more money. Bottom line: you write off the $15,000, and perhaps go broke.
A lot of small ISVs resort to Trojans. I used to work for a small ISV that dominates the market for accounting and marketing software for book publishers. They bill "on thirds" and they used to use a trojan to make sure they get paid. If you hadn't paid your bill 90 days after installation, each system user was warned that a problem existed with the system--please call customer service. If the bill was still unpaid 120 days after installation, the users were warned that a SERIOUS problem existed--please call customer service. If the bill was still unpaid 150 days later, each user was warned that their employer had not paid for the system in five months. The system would not start. The client's data was still intact--but the client now had to get around to paying up instead of jerking my former employer around. The clients were aware of this--it was spelled out in the contract. And because it was spelled out in the contract the trojan never actually got used (at least not while I was there).
But in the late 80s the Commonwealth of Virginia banned that kind of "self-help" system. And all of a sudden the deadbeats in Virginia could stiff out-of-state ISVs with impunity.
UCITA overturns the Virginia ban--it lets an ISV explicitly include trojans in a contract. Is that a bad thing? Tell you what--let's wait till you're waiting for that last third from a client, with $200 in the bank and payroll taxes due at the end of the week. It might give you an entirely different perspective on the question.
Golly--whoever the PR firm behind this campaign is, they're doing one hell of a job.
Is it me? Or has anybody else noticed that all the articles regarding this question that have appeared in major newspapers open in exactly the same fashion? "Microsoft and other software giants are pressing to get this passed" followed by "the bill will permit software companies to surreptitiously sneak into your computer system to disable software that hasn't been completely paid for."
What you're watching, folks, is a very well-orchestrated campaign in opposition to UCITA that is "planting" story themes. And newspaper writers with, um, more enthusiasm for computers than, well, knowledge buy the idea and write panic-stricken articles about the Evil Corporation and Plans to Invade Your Computer. The only thing different about this article is that the WP writer went further and actually got people in favor of UCITA (like the Virginia governor) to comment on the accusations.
Come on, people!
This is SlashDot, right? Presumably a group of people who know how to do stuff like secure their networks? People who don't just open ports at the firewall for every Tom, Dick, and Harry that wants to peek at your system? People who have sense enough to not grant root (or administrator) privileges, or to leave those privs set to the default passwords?
Riddle: If you're filtering packets at the public router, and you're doing stateful packet inspection at the proxy server, and you're doing network address translation, and you're properly securing privileges with passwords--how can a vendor break into your system?
There are only two ways that TrojanWare can exist. The manner threatened in these maskirovka articles is that an Evil Corporation invades your system and cripples your software. Right--how? If you have done a half-decent job of securing your network it can't happen. If you haven't done a half-decent job of securing your network getting your software turned off by a vendor is probably the least of your problems. You are doubtless bedeviled by all the l33t hax0r skript kiddiez from the local junior high. The only other way is if the software periodically reaches out from your system to contact the Evil Corporation to check a license--theoretically possible, but again something that you should be able to catch at the firewall. (You can typically block outbound addresses, for instance, or monitor your firewall logs to see where traffic originates from. There is no reason for Port 80 [for example] traffic to Microsoft to originate from one of your servers.)
In other words, if you have half a clue the only way TrojanWare can exist is if you actually agree to let it. And the only way you'd agree to let it be there is if the vendor can make a valid case for it.
And guess what? The UCITA provision for "self help" (which is the euphemism du jour for TrojanWare) is, in fact, there to permit vendors and customers to agree to self-help in contracts. Contract provisions permitting self-help are not binding in those states that ban self-help (including Virginia). The UCITA overturns that. That's all the UCITA does (on this matter). The people screaming about Evil Corporations Invading Your System are engaging in exactly the same kind of hype that the Y2K Survivalists did--the difference this time is that it appears to be computer industry denizens who ought to know better that are getting panicked.
I realize that the primary purchase factor when buying any computer is whether it will adequately support Quake. One must have one's priorities.
If you have to make a living in order to support your Quake-playing habits you can indeed use a notebook as a desktop replacement. I've used notebooks exclusively since 1994--first in a high-end Compaq docking station, but lately I've just used a port replicator to simplify making connections in my office. If I'm at a client's or on a plane I have everything I need right in my hands. I don't have to mess with reconciling two systems, I don't have to keep track of what files are where--wherever I am, my computer is there.
It is new notebook time, and I'm intrigued by the VAIO. They look good--very good. But looks don't matter--I make my living with my notebook (I run a small software development firm) and I want the best possible tool. My big disappointment with my present notebook is that it does not support multiple monitors--once you have programmed with source code on one (or more!) monitor(s) and the running application on another, you simply don't want to go back to doing it any other way. I am told that Dell notebooks support multiple monitors, and I'm intrigued. I'm a bit disappointed that this review doesn't touch on the question.
Writing the review while in-flight is a nice touch--but I wish the writer had mentioned whether the VAIO came with the necessaries for connecting to the onboard power supplies now common on many airlines. You simply cannot board the plane with enough batteries for the flight from Chicago to Tokyo--so any reasonable notebook has to be able to simply connect to the onboard systems.
And, perhaps most importantly of all, I wish he'd written about the tactile feel of the keyboard. My most recent notebook has been a WinBook--a very nice notebook, but the keyboard is a bit soft. I like it--but I don't have the love I still feel for original 14-lb. IBM 101 key keyboards. Big, heavy, clunky--but absolutely splendid keyboards. I wish more reviews gave more information about that--it would help so much in making a purchase decision.
The Undersecretary of the Navy is going to go to Redmond to tell Steve Ballmer that Microsoft's groupware products are terrible.
So? Does he think he's going to tell Ballmer something that Ballmer doesn't already know?
Quick Quiz Time: Name Microsoft's "groupware products" that we're talking about here. Ready? What's your answer?
Microsoft's answer to groupware is Microsoft Exchange. But what do you think of Exchange as being? An expensive Email server. What does the entire corporate marketplace think of Exchange as being? An expensive Email server. Perhaps a slow, difficult-to-administer, and expensive Email server. I run a small company, and we're a Microsoft ISV. We get Exchange for free (bundled with the rest of the software we license) and we're likely to toss it for a Linux server and SendMail. Build enterprise applications on top of Exchange? You must be joking....
But is that some revelation to the Navy? To the Undersecretary? To Steve Ballmer? To Bill? Nope. If Microsoft's corporate muscle, marketing prowess, and sheer evil were one-third of what the Dept. of Justice (and your typical Linux pre-teen) insist, Exchange would be ubiquitous. Lotus Notes is sold at very hefty prices--much higher prices than Microsoft charges for Exchange (if Microsoft charges anything for Exchange at all). Lotus is sold by IBM, which is the living embodiment of "ham-handed" sales. So why does Notes still exist? Because Microsoft has a turkey of a product, and they (and everybody else) knows it.
So why the story? And why post it here?
Welcome to America!
A trip from Chicago to Los Angeles in the early spring will provide you with a breathtaking tour across our country. It is a wonderful journey to take, and you will be pleasantly surprised at how "connected" you can continue to be. Connecting to the Internet from practically any place along your journey will be a breeze.
Let me make some assumptions: I'm assuming that you're renting a car, and that you're planning on staying in hotels or motels as you travel. (That is, you're not hitchhiking with a tent.) Practically any motel room you find will have a phone--you'll quickly discover which hotel chains offer free local calls, and which charge $1 per local call. If you want to stay a little off the beaten track you find lots of local independent motels--but those will almost always charge a hefty price ($0.75 to $1) per local call.
However--you may not find paying $1 per local call to be that big a deal. Local calls in the United States (in most areas) do not have any time charges--you make the local connect and you can stay on the line as long as you like. Similarly, practically no ISP has a connect time charge for local access (ISPs typically do charge for connect time if you are connecting via a toll-free number--because they're paying for that toll-free call).
You're wise to think of the problems of using a non-US cell phone, and to think of what kind of jack to use in a hotel room. However--you should also carefully consider what kind of modem you have. You may be surprised to discover that many modems (particularly inexpensive ones) may not be legal to use outside your country. This little surprise catches a lot of US travelers--the UK periodically makes a point of confiscating "illegal" modems from notebook users when they clear Customs. "Turnabout is fair play" is something of a truism with customs and immigration authorities--if the Brits are being jerks by confiscating modems, you can expect customs officials in other countries to look very closely at the modems of UK travellers. Make sure your modem is labelled as being registered with the U.S. Federal Communications Commission.
I'm sure you're aware that the electrical sockets are different in the U.S., as is the electrical voltage. If you know of a shop in the UK that sells the electrical converters, they will sell you any necessary kits for connecting to phone lines as well. If you can't find such kits in your area, buy one in the gift shops at Heathrow before you board the plane. When you land in Chicago you will not find any shops in the International Terminal--you clear customs and immigration and proceed directly to the tram to the domestic side of the airport. To get to airport shops at the other terminals (the best shopping is in United's concourse, which is Terminal One) you will have to go back through the barrier.
Check with your local ISP about whether they offer a roaming plan. Most ISPs in the US participate in POP-sharing plans that have connect points around the world. Failing that, AOL and CompuServe have the most local nodes (they're related--AOL owns CompuServe). You can sign up for either in the UK (even on a trial membership) and then drop it when you return home.
Welcome!
Corel was originally a custom software provider, focusing on the Canadian federal government, in the mid-1980s. In the late 80s Corel developed a graphics package named Corel Draw! (they used to add an exclamation point to all their products) as a companion tool for Xerox Ventura Publisher. The original version of Corel Draw! shipped with a Microsoft Windows 2.15 runtime--Corel Draw! 1.0 was how I first bought Windows.
In 1991 Corel bought the Ventura Software division from Xerox. Corel attempted to package several graphics package bundles, but their development efforts were hampered by both sales and programming obstacles. (The big programming obstacle was that Ventura Publisher was an assembly-language hack--no documentation, and the original programmer was long gone.)
Mike Cowpland (rhymes with "hope-land") of Corel has worked very hard at being a wheeler-dealer. He has bought a couple of well-regarded names for lots of Corel stock and very little cash--he bought WordPerfect (but not WordPerfect's payroll) from Novell for a lot of stock but only about $10 million in cash in the mid-90s. In this transaction he's "buying" Borland with newly-issued stock and no cash. (This transaction dilutes the shareholders interests by 44%--but doesn't cost Corel a dime.)
(FWIW: I used to be a tech support forum sysop on Ventura Software's CompuServe forum. I used to do technical illustration of children's books using Corel Draw.)
There are two problems with this post. The first problem is that the HREF tag is incorrect--the closing is not formed correctly so the link doesn't work. The second problem is that the bitmap doesn't correctly identify this post as a joke.
This guy is a typical user? You're joking, right?
He indicates that he's presently using three different distributions of Linux, and has recompiled (at least one of them) 3 times. He has a home network, with a full-time Internet connection. He "naturally" chose KDE over Gnome, and prefers vi to emacs.
He's a "typical" user. Right.
I don't like to see "end luser" comments, because those end users are the people who pay us. (If half of my clients had half a clue, I'd be looking for a real job....) But to suggest that this guy is anything like a "typical" end user is too much--way too much.
The "typical" user turns off his computer, but leaves the monitor on--and thinks he's saving energy. Or he turns the monitor off, but leaves the computer on, thinking the whole thing is off. The typical user carefully types his password on his notebook when he boots it up on the airplane--otherwise that heavy-duty security won't let him into his files. The typical user hopes that someday the computer support geeks will stop giggling about the time he demanded immediate onsite response, and the "critical problem" turned out to be that the monitor was unplugged.
All joking aside, how typical is this guy? Would any of us pass this article along to "typical" users at an employer's, or at client's? How many typical users that we know would be able to read through the first paragraph and understand what it means? If this is any realistic notion of a "typical" user, ESR (et al)'s dream of "taking over the world" is a joke--because the vast majority of the world simply can't read that first paragraph.
When Windows 95 was being reviewed one of the Microsoft project leaders defined a very simple metric: "can my mother use this?" You can prate all you want about the stability and reliability of *nix or *BSD--but until all of our mothers are chatting on Linux boxen there simply isn't going to be a place in the desktop market for Linux (et al). My (67-year-old) mother is happily using Windows 95. She uses CompuServe for email, and has yet to explore the Web--she thinks it would be more complication than she has time to put up with. Would I expect Mom to recompile Mandrake 6.0 3 times to deal with "Level 5 problems"?
You must be kidding....
Hi Nick!
Actually, this isn't a big bandwidth issue. The biggest bandwidth concern is maintaining a connection for just-in-case help--being able to reach out and touch via a cellular call. All the user should have to do is press the Help button, and the phone rings at the pre-defined phone number. The call recipient should be able to identify where the user is (GPS sent in the data setup for the call, perhaps, or maintained in a web-based database from continuous feeds) and be able to talk back. He or she could talk to the end user, or raise the volume and talk to people nearby ("can somebody tell me if Bobby is okay? I can't hear him...can anybody answer me?")
That requires a device that is a power controller, a GPS receiver, a cell phone, and a CDPD data device (cellular digital packet data). But it doesn't really require that much bandwidth.
Thanks for your comment.
Actually, I see the problem as a software issue: to communicate we have to create an adaptive vocabulary that lets the user, and his or her guardians, determine a relatively limited list of commonly used words or phrases. You and I communicate via keystrokes typed on a keyboard--because you and I have learned a language based on characters that combine to form phonemes, which combine to form words, which combine to form sentences. The breadth and depth of English-language expression requires the ability to assemble speech with detailed precision--we don't need that kind of precision if we're using a total vocabulary of 400 words. ("I want to go home" can be thought of as a single word in this context.)
Communication for the mute isn't the same as it is for you and me. Kids with very limited language skills learn to use "cheap talkers"--devices with a few pre-recorded sounds related to buttons. The buttons have symbols (from a symbol set named PCS, from Johnson-Mayer Company). The user presses a symbol and the talker repeats the sound. The problem with these devices are manifold: they're very limited (they might have 32 or 40 words); they're focused on single-word vocabularies (typically for very language-deficient kids); and they have no means of data collection--you can't tell what words the user actually selects. The key to this kind of adaptive speech is data collection--recording what the user has said, identifying words and word forms that the user has used, and playing back a day's conversations so that Mom and Dad can work on new words or phrases for tomorrow.
There are many brilliant people working in bioengineering, trying to create a link between a person's nervous system and bionic/robotic devices. That is promising, and (I'm told) is deeply rewarding work for the people who do it. The kids I'm thinking of have little or no control over their own muscles (that's part of what cerebral palsy is) so connecting to their muscles won't achieve anything. What I'm concerned to do is to give these people a voice--so that they can communicate with the world outside of their bodies.
(Truth in messaging: I'm a programmer, so I see a software-based solution to every conceivable problem. A hardware guy might view the matter differently.)
I have a dream. A dream I have had since 1992, when I first met a boy named Bobby. Bobby has cerebral palsy, and is extremely affected--he can move his left arm at the shoulder, but his elbow wrist and fingers are essentially rigid. Bobby has an electric wheelchair, which he can control with his left arm. Bobby cannot speak.
There is a cruelty to cerebral palsy--oftentimes there is a perfectly normal child trapped inside that horribly disfigured body. And, sooner or later, that child realizes that he is permanently, utterly, royally screwed. It will never get better--he will always be the Hunchback. (What is child abuse? Send a severely-affected CP kid to a school named "Notre Dame.")
Bobby's parents heard of me because of an educational game I created for kids with limited language skills. They asked if I could help Bobby. Long story--but the resulting program helped Bobby go from a "spoken" vocabulary of 0 to 400 words over the weekend. But--the program was written in Visual Basic, which required a PC. I had a dream....
What I've dreamt of for eight years is an Assistive Device. Plugged into an electric chair it provides the kind of smart battery intelligence that we take for granted with notebooks--but that is completely missing from wheelchairs. Gain #1--longer battery life for chairs. In the end user's chair we have the ability to extend the simple user interface for non-verbal users--they can "mouse" to the words or phrases they need ("excuse me", "is this the A4 bus?", "please let me off at the Whitehall Mall"). Using a recorded mix of Mom's voice and Dad's, the user "speaks" with a voice that is recognizably part of his family. Gain #2. With that UberPDA the end user can communicate with a buddy--"Help! I'm stuck on a sidewalk covered in snow!". With GPS and wireless our end user is never lost, and never alone. Gain #3. For the end user who is not permanently confined to a chair we can make the uberPDA wearable--using a simple handheld device he can identify the words or phrases he needs to say--and the device "speaks" them through speakers. If he is blind we can offer GPS-based guidance--and perhaps IR-based (or sonar?) collision-avoidance.
I have a dream. With big MIPS, big bandwidth, and very, very low power consumption we can give sight to the blind, and a voice to the mute. We can take the shattered and the crippled and let them experience that most precious of dreams: independence. Autonomy. Freedom.
In 1992 I wrote an article that stated that from that day forward I was a has-been: I had written the best software of my life, and from BobbyWrite onward all would be downhill. Perhaps--maybe--I was wrong. Perhaps, with the incredible advances of technology, we can take that nascent germ of an idea and make it really useful.
One can only dream of the possibilities....
Um, actually, no. Microsoft crushed WordPerfect and Lotus in the corporate workplace partly because of price, and partly because of contract terms. One of my major clients, in 1994, was planning to implement an enterprise standard for office software. They had some divisions using Lotus 1-2-3, some using Excel, some using Samna Ami (later Lotus Ami Pro), some using WordPerfect, and some using Word. They had Quattro users, Paradox users, dBase users, FoxPro users--they had a mess.
Lotus showed up, and offered a site license: buy a copy of Lotus for every machine in the corporation, and individually register every single one of them--for a not very good discount (Lotus listed at $795). In English only--other languages (if they were available) had to be licensed separately at different terms. WordPerfect showed up, with a better discount, and less onerous terms--but sorry, you couldn't do anything like embed a Lotus spreadsheet in a WordPerfect document. And they'd only do the site license in English--other languages? Other terms, other negotiations, other pricing. Then Microsoft showed up--Word, Excel, PowerPoint, and Access, for $229 per PC across the entire corporation. Japanese in Japan, Modern Chinese in the PRC, Traditional Chinese in Hong Kong and Taiwan, French in France and so forth. They didn't just embed spreadsheets in documents--they produced corporate developers (employees of the client) who had already done integration products with Office components. (Microsoft's Developer Network is hands-down the best developer support program there is--and all of these guys were MSDN members). In one memorable comment a manager remarked, "we could launch space shots from Cape Canaveral with WordBASIC if half of this stuff is to be believed...." (The client is a major supplier to NASA, BTW.)
The client saw an easy decision: Office offered vastly better integration, vastly more "open" architecture to permit IT developers to integrate solutions (every desktop has Excel--so you don't need to buy charting tools for custom apps. Just embed an Excel chart.) Dramatically lower price, and no Mickey Mouse contract terms. (Approximately 6,000 of the client's desktops are outside the U.S.--so the multiple-language contract was a big issue. I don't think you could even buy WordPerfect for Windows in Japan at that point--Lotus 1-2-3 in Japanese was terrible--but its been a long time.)
The client still has the same deal. They're up to 18,000 desktops, and will have over 30,000 desktops this summer after a pending merger is completed. Not because of Microsoft belligerence--but because Microsoft's solutions worked better and cost approximately 24% of the competing alternatives. It was, and still is, a no-brainer.
Which is to say, Microsoft won the business, and has kept the business, because of pricing, features, and support. Which is how a free market is supposed to work.
Hi!
(BTW--nice job in formatting your reply with HTML. Never dawned on me to use BLOCKQUOTE for, um, quoting....)
Nobody in their right mind will buy commercial TrojanWare. And no sane shrinkwrap producer will even consider shipping TrojanWare--because the immediate consequence of using a back door will be litigation. Anybody in business knows that it isn't the result of litigation that matters--just the fees for going to court will wipe you out. And, as eToys.com is discovering, a little bid of bad publicity can get your stock price hammered.
What the "self help" provision does is permit a vendor to include language in a contract that explicitly permits back doors or other means. I used to work for a company that did it--here's how it works. A lot of mid-priced software, and custom software projects, are sold on "thirds"--one-third of the contract price is due at the start of the project, one-third is due at delivery, and one-third is due thirty days after delivery. Sometimes getting that last third can be a real challenge--if you're dealing with a small company they may simply not have the cash and try to string you out; if you're dealing with a crook they might suggest that you pound sand--they're not paying. In a lot of custom development the vendor discovers that a lot of new features seem to get added to the feature list after he has delivered--"oh, I'm sure there'll be no problem with payment, if you just be sure to add this little thing for us...." That list can go on for months--because they know you need that last third. If the client tries to stiff you for that last third your only recourse is to take the client to court--but if the client is located across a state line you have to sue in federal court, where you have to demonstrate $50,000 in actual damages before you even have "standing" to sue. If you're looking to collect the last $15,000 on a $45,000 job you can try to hire a lawyer in the client's home state--but you might as well forget it. You'll burn through fifteen grand in legal fees before you get to court, so essentially you're screwed.
Unless you use some form of "self help." In the case of my former employer the system checked the date at startup (since this was an order entry system dates couldn't easily be spoofed) and checked a series of parameters to see if the software had been installed for more than 90 days. If it was, the operators would get a screen asking the supervisor to call customer service. Thirty days later, if the system still hadn't been paid for, another screen asked the supervisor to call customer service, as a serious problem exists with the system. (My employer viewed an invoice over 120 days old as a serious problem.) Thirty days later (thus, 150 days after installation, and four months after payment was due) every user logging in was prompted that the system could not function because a bill had not been paid.
We told every prospective client about that feature. To my knowledge it was never used--in part because the clients knew it was there. (We did do some weird stuff at startup if the date was Friday the 13th, but that's another story :-)
In the late 1980s the commonwealth of Virginia banned that kind of Trojan. And all of a sudden you simply couldn't collect that last third from deadbeats in Virginia--and the Virginia deadbeats knew it. The UCITA overturns that law, and similar laws in other states (I don't know if there are other states with similar laws or not).
Couple of additional points: first, my company doesn't use Trojans. We usually provide source code to our customers, and we typically do systems for companies that are large enough that they don't play those kinds of games. Second, the Independent Computer Consultants of America opposed the UCITA, especially the self-help provision. I don't know why, but it is an interesting perspective to this discussion that I'd like to learn more about.
RMS, once again, disappoints me. As the leading light of the Free Software movement he certainly has an important perspective to share on many issues--but in this article he simply reiterates many of the straw-man arguments that others have raised.
Simply put, the spectre of UCITA that he raises is that UCITA permits vendors and buyers to agree to contract terms. UCITA does not, in so many words, legalize Trojan Horses (so-called "self-help measures") without buyer consent. Nobody in his right mind is going to buy a TrojanWare shrinkwrap app. But "self-help" measures permit custom software developers to ensure that they get paid. They can only use self-help if the client agrees to them, in the contract.
Can Microsoft, IBM, Oracle, or another software giant force an onerous contract down your throat? Nope--markets do, in fact, work. In 1989 Lotus had a cast-iron lock on the spreadsheet market, WordPerfect had a lock on the word processing market, and Xerox had a lock on desktop publishing. Lotus 1-2-3 still has a dozen or so users, somewhere; Corel can't give away WordPerfect; and I'd bet most SlashDot users can't even name the erstwhile Xerox product that owned the DTP market. (Hint: Corel Draw was created as an add-on product for it, and Corel now owns it.) Lest you think that Microsoft hegemony can keep a bad product alive, two words: Microsoft Bob.
If you thought the world was going to end on New Year's Eve, you'll probably get panicked by UCITA as well. You shouldn't be--this isn't nearly as scary as the doomsayers are claiming.
"If the woman was genuinly concerned about privacy, she should do what many of us already do and filter out doubleclick before it arives at the browser.
You know how to filter DoubleClick. I know how to filter DoubleClick. 99 and 44/100% of Internet users do not know how to filter DoubleClick. And there is no reason in the world that they should have to learn. Her privacy has, obviously, been invaded--the question now is whether a jury decides that her privacy is worth much.
"When was the last time you heard of a piece of *free* software developed in mainland China?"
Which means that software innovation in China isn't happening. But is it because all of the Chinese are poor?
(Been to China lately?)
India has significantly greater poverty than China--but India has a booming software industry. (Just consider how many tens of thousands of Indians are in the U.S. on H1B visas.) Why is software innovation booming in India, but not in China? (And why, for that matter, is software booming in Taiwan, which forty years ago was poorer, and which has zero natural resources?)
This is Macroeconomics 1A material--intellectual property rights are the basis for technological innovation, which is the basis for economic growth.
"The analogy to barriers to entry in heavy industry also fails. "Historically", if what you suggest is true, there has been no barrier to plagiarism. What you describe is a barrier to production. Software is different in that it is being treated as a product, not a means of production."
I'm not suggesting, I'm stating. And yes, historically, it is true--there is no barrier to plagiarism in intellectual property law. The whole point of the patent system is to encourage plagiarism. The concept is called "derivative works."
For example, suppose that you come up with a better method for stamping sheet steel (this happened in the 1920s). I've been working on the same problem, but taking a much different approach. I read your patent application (which is public information) and the lightbulb goes on--I have the solution, and my new solution is even better than yours. I rush to the Patent Office and file a patent. The world, recognizing a better mousetrap, beats a path to my door. I get rich--but because my patent depends upon yours (and identifying those dependencies is part of the patent process) you get rich too. You and I get rich--but society as a whole reaps an enormous benefit. Since we've improved metal stamping technology automobiles can now have enclosed bodies and still cost less to build. Aircraft wings can be assembled from stamped parts, rather than be hand-made from wood and fabric. Consumer products will drop in price--a whole cycle of economic activity will take place due to our technological innovation. (True fact: simultaneous innovation in cold-rolled steel and steel-stamping technology was one of the very few pieces of good news in economics in the 1930s.)
My point, which I think you misunderstood, is that even if someone were to try to plagiarize an invention without licensing it, typical barriers to production effectively prevented it. I know how ABB's continuous casting process works--so what? I can't set up a continuous caster in my back yard. With software there are no such barriers--if you have the source code to Bank A's consumer lending software you can easily sell a consumer lending solution to Bank B without ever getting caught. (In fact, many consulting companies do this all the time--they write a solution for a client, then sell the same solution to the client's competitors.)
Without intellectual property protection (which is what the GPL amounts to) there is no legal recourse to somebody plagiarizing your code. That was my point.
Thanks for your comments.
First, the question of China and intellectual property. This is a settled question in the history of economics: there was no such thing as intellectual property protection before the mid 1700s in Britain. The development of intellectual property protection--specifically the monopoly rights to your creation--was the basis for the Industrial Revolution. The nations that industrialized early were those nations that adopted intellectual property protections (such as the U.S.). Those that did not adopt IP protection (France, the German states) were left behind. They did not begin to catch up until they adopted protections for intellectual property.
Poverty in China is no reason why there is no Chinese software industry--there is plenty of poverty in India and Pakistan, but there are booming software industries in both countries. Remember that before Ed Yourdon was crying wolf about the Year 2000, he was crying wolf about the threat from cheap labor in India. (And many of us who have worked in IT for a long time can name former clients or employers who outsourced all their programming to Indian firms.) What's the difference? India and Pakistan both protect intellectual property rights. China doesn't.
If you want to look at a broader comparison, consider East Germany vs. West Germany; North Korea vs. South Korea; Singapore vs. Malaysia; or practically anybody in Asia vs. Indonesia. Technological innovation boomed in West Germany, driving the booming economy--to the extent that the Third World War that we were brought up to expect didn't happen because West Germany more or less just bought East Germany. It wasn't a war--it was a white-knight takeover. Technological innovation in West Germany was protected by intellectual property rules, it was not protected in East Germany. Without an impetus to innovation, nobody in East Germany felt a burning desire to innovate. The same situation exists in all the other countries I listed: forty years ago there was no economic distinction between the pairs of countries I mention. The country that has prospered has done so through technological innovation. If the other country (such as Indonesia) has prospered at all, it is largely a result of the extraction of natural resources and the exploitation of cheap labor.
Intellectual property protection begets technological innovation. Technological innovation begets economic progress. You can have technological innovation without IP protection--but the record of history is brutally clear: without IP protection the rate of technological innovation is dramatically lower.
(This, incidentally, is a major part of the World Trade Organization's dialogues with the People's Republic of China. The industrialized West wants the PRC to develop strong intellectual property rights to encourage technological innovation. To many people it looks like the U.S. is trying to jail people bootlegging copies of Windows. What those people, including the PRC's leadership, don't get is that if and when somebody develops a Chinese OS that's better than Windows, Microsoft will instantly become the #2 player in the game. Way more people speak Chinese than English.)