People aren't entitled to stay in a particular hotel room or shop in a particular store either. The law still requires hotel and shop owners to provide handicapped access.
The problem with that approach is that the potential payoff is too far into the future to be a real motivating factor. Patents take about 3 years to get through the system and be accepted. Especially for young startups, you can't even rely on the company still being around after that time, never mind being able to honor a long-term commitment after a merger or takeover.
A good policy thus provides a small immediate payoff, combined with a more substantial long-term benefit. As the GP suggests, you of course have to guard against abuse.
That is a good patent policy for a university, but I don't see how it could work for a company. For example, at Stanford (and most other universities), the inventors have the right to place inventions in the public domain. I don't see how ANY company could let individual employees make that important a decision on what is potentially a core technology for their business.
Universities almost never want to implement the IP themselves - instead they are searching for licensees that will take the invention and make the additional investments necessary to turn an idea or prototype into a product. Companies clearly work differently, and thus need to treat their IP differently.
The people who think this should read some books on user interfaces. This kind of 3D UI has been analyzed for decades, and has uniformly been found to suck for a number of reasons, including:
- while the world s 3D, the display technology itself is 2D. Introducing 3D content in 2D automatically means some information will be occluded and needs to be found through navigation.
- humans suck at 3D navigation. While we live in a 3D world, we have evolved to move on a 2D surface. Studies have shown over and over again that people cannot solve even the most basic true 3D navigation tasks without substantial training.
- 3D is a really poor use of your "screen realestate" (i.e. the number of pixels you have on your screen). In 2D, almost all of your pixels can be used to show important content, in 3D you are bound to have lots of your pixels (often way over 50%) show 3D context that does not contribute to communicating the content itself.
I am not using Ubuntu, but on the various versions of SuSE that I work on, flash is working fine. That does suggest that Ubuntu included a bad version without testing, no? Sure, Adobe screwed up that version of flash, but then Ubuntu should have fallen back to an older, stable version for their distro.
I'll quote from the overview paragraph of the second page you link:
Simply recompile the source code twice: once with a second (trusted) compiler, and again using the result of the first compilation. If the result is bit-for-bit identical with the untrusted binary, then the source code accurately represents the binary.
So, you have to have a trusted compiler to begin with, a classic chicken-and-egg problem. Clearly the method is better than doing nothing, but at the same time you can hardly claim that it completely solves the problem. The "trusted" compiler has its own chain of bootstrapping and potential attack vectors. In particular, if your "trusted" compiler is actually a compromised older version of the same code base as the new compiler, it is easy to see how the double compilation could miss the trojan.
Even most of the small elite that COULD use the internet right now, will not have enough disposable income to make them a good target for advertisement. If this is an investment, it sure is a very longterm one. Kudos to google for doing it anyhow.
Re:You can rebuild everything from a known base.
on
The Fedora-Red Hat Crisis
·
· Score: 2, Insightful
Well, gee. Thanks for explaining the meaning of "bootstrapping" to me.
The problem is: when can you consider a compiler "clean"? The only way to be sure is to develop it yourself in machine language (no, you can't even use an assembler, because it could generate a backdoor, too), or to fully scrutinize the machine language of an existing compiler binary.
In practice, if you are using gcc, you have a compiler that has been recompiled by itself over and over again for at least a decade. Can you be absolutely sure that there wasn't somebody somewhere in that chain who added some malicious code that has propagated on? Not unless you audit the machine code of a specific gcc binary. The most likely party to have performed such an audit would be the NSA, but I am not sure I would trust them if they report there is no backdoor (in fact, they are pretty high on the list of who might want to plant a backdoor to begin with).
But, it doesn't matter - it's all open source, you can look at the lines of code and verify for yourself that they're safe, right?
Wrong. I know this is common wisdom in the open source community, but it really isn't that simple when compilers are involved.
The reason is that the hackers COULD potentially have modified the binary of the compiler used to bootstrap the whole RedHat distribution. You can modify the compiler such that it takes harmless code and compiles backdoors into it. In particular you could modify it so that it always propagates the change when it compiles a version of itself. Since every system bootstraps from an already compiled version of the compiler, a well hidden backdoor could propagate forever, unless people actually analyze the machine code.
Read Ken Thompson's 1984(!) Turing Award lecture for the full nitty gritty details. This should be required reading for everybody in security (and all open source advocates, for that matter):
...just like everywhere else on the planet, one might add.
Well, everywhere except for regions north of the arctic circle or south of the antarctic circle. That covers what, about 99.999% of the human population?
Thanks for posting those! I wish I hadn't just spent all my modpoints.
The business model is very impressive indeed if you consider when it was written. He did a good job analyzing cost/benefit for all parties involved. In the end, his only problem was that he was a few years ahead of the technology...
HD-DVD vs. BlueRay has shown pretty conclusively that content providers are the ones who decide what distribution forms will be successful. As for higher-than-HD resolutions, it will take at least a decade to roll yet another standard. HD took 15+ years for widespread adoption, a similar timeframe would be plenty for bandwidth to catch up. We are not talking computer screens here, but a whole pipeline infrastructure including cameras, better optics, post processing facilities, media formats, and displays, and probably a half dozen other things I am overlooking right now.
People believed that for different reasons, though. LaserDisk was simply supposed to be so superior in quality that there would be no need to improve on it. That was nonsense, of course.
The point now is that nobody really doubts we will eventually have enough bandwidth to make streaming a feasible alternative to physical media. Also, content owners have every reason to favor streaming over sale of physical media. I am not saying that users will necessarily have the same preference (I certainly don't), but it isn't like we are going to get a choice.
Well, the author of the article was clearly smoking something good, but there are a lot of people in the industry who believe that BlueRay will be the last physical media format for movie distribution.
All signs point towards live streaming. This would allow movie distribution to finally fully switch to a rental model, something the big studios have really wanted for ages. So as soon as the bandwidth is available to move the whole industry to online streaming, I have no doubt that the content providers will jump on it. Will that happen within 5 years? Maybe, maybe not. But it will happen eventually.
Large risks are only acceptable if large payoffs are available in return. Armstrong will forever be remembered as the first man on the moon. By comparison, do you know the names of the astronauts on the last shuttle flight? I don't. Hell, I can't even remember the names of the people who died on the shuttle crashes. So, as an astronaut, why would you want to take a 1 in 12 to die for nothing?
There is just no pleasing some people. These guys have been consistently working away on a hard problem, making progress along the way, published their work, so others can run their own experiments, and worked towards a product.
Meanwhile, what exactly have you been doing?
Like somebody else said, if you only want final products, go to Best Buy.
Well, you think the people in charge are shortsighted. I think many of them are actually fairly smart; they are simply optimizing for a different metric than you or I would like. All that counts to them is a the next quarter or two. If the stock does well in that time frame, they just cash in and move it to other investments. Their jobs are similarly mobile.
In short, the problem is that there is no long term accountability for management, and hence they have no interest in optimizing for the long term survival of a company.
Well, EULAs may be unenforceable when applied to end users, since end users can argue that 1) it is unreasonable to for them to be expected to read and understand the legalese in an EULA, and 2) they only get the EULA after they already dished out the money for a copy.
HOWEVER, any reasonable court will make a distinction between an individual end user and a commercial outlet like pystar. Once you have a legal division, and you customarily buy large numbers of the same license, neither excuse really applies. It is not unreasonable to expect a company to do its legal homework before coming up with a business plan, so the EULA ought to be enforceable with anybody that deals with large numbers of these licenses.
Pystar can RESELL the OS, but they can't INSTALL it on their machines (as per the EULA).
If you really want to stay with your restaurant analogy, it is more or less like saying the restaurant refuses to sell take-out food. They definitely have the right to do that.
Yes, because people love to read long pages of text and never just click the first button at the bottom of the dialog. More importantly, plenty of Firefox users don't know they're using Firefox, or don't care, and won't know how to react to such security notices.
Well, those people will generally not have the permissions to do an upgrade anyway.
This constant upgrade policy may work for hobbyists, but as others have pointed out, as soon as you have an IT department that maintains your boxes, they will want to have control over the state of the machines they support. You also really don't want to change the systems you are working on before major deadlines, since dependencies can cascade.
Personally, the first thing I do when I install e new system even on my private computers, is to disable all the auto-upgrade crap. On my computer, I want to have control over what is on the system and when it gets there.
Slashdot Mirror
People aren't entitled to stay in a particular hotel room or shop in a particular store either. The law still requires hotel and shop owners to provide handicapped access.
The problem with that approach is that the potential payoff is too far into the future to be a real motivating factor. Patents take about 3 years to get through the system and be accepted. Especially for young startups, you can't even rely on the company still being around after that time, never mind being able to honor a long-term commitment after a merger or takeover.
A good policy thus provides a small immediate payoff, combined with a more substantial long-term benefit. As the GP suggests, you of course have to guard against abuse.
That is a good patent policy for a university, but I don't see how it could work for a company. For example, at Stanford (and most other universities), the inventors have the right to place inventions in the public domain. I don't see how ANY company could let individual employees make that important a decision on what is potentially a core technology for their business.
Universities almost never want to implement the IP themselves - instead they are searching for licensees that will take the invention and make the additional investments necessary to turn an idea or prototype into a product. Companies clearly work differently, and thus need to treat their IP differently.
The people who think this should read some books on user interfaces. This kind of 3D UI has been analyzed for decades, and has uniformly been found to suck for a number of reasons, including:
- while the world s 3D, the display technology itself is 2D. Introducing 3D content in 2D automatically means some information will be occluded and needs to be found through navigation.
- humans suck at 3D navigation. While we live in a 3D world, we have evolved to move on a 2D surface. Studies have shown over and over again that people cannot solve even the most basic true 3D navigation tasks without substantial training.
- 3D is a really poor use of your "screen realestate" (i.e. the number of pixels you have on your screen). In 2D, almost all of your pixels can be used to show important content, in 3D you are bound to have lots of your pixels (often way over 50%) show 3D context that does not contribute to communicating the content itself.
I am not using Ubuntu, but on the various versions of SuSE that I work on, flash is working fine. That does suggest that Ubuntu included a bad version without testing, no? Sure, Adobe screwed up that version of flash, but then Ubuntu should have fallen back to an older, stable version for their distro.
What moron marked this whole subthread "Troll"? You may not agree with any particular posting, but none of them are trolls!
I'll quote from the overview paragraph of the second page you link:
Simply recompile the source code twice: once with a second (trusted) compiler, and again using the result of the first compilation. If the result is bit-for-bit identical with the untrusted binary, then the source code accurately represents the binary.
So, you have to have a trusted compiler to begin with, a classic chicken-and-egg problem. Clearly the method is better than doing nothing, but at the same time you can hardly claim that it completely solves the problem. The "trusted" compiler has its own chain of bootstrapping and potential attack vectors. In particular, if your "trusted" compiler is actually a compromised older version of the same code base as the new compiler, it is easy to see how the double compilation could miss the trojan.
Even most of the small elite that COULD use the internet right now, will not have enough disposable income to make them a good target for advertisement. If this is an investment, it sure is a very longterm one. Kudos to google for doing it anyhow.
Well, gee. Thanks for explaining the meaning of "bootstrapping" to me.
The problem is: when can you consider a compiler "clean"? The only way to be sure is to develop it yourself in machine language (no, you can't even use an assembler, because it could generate a backdoor, too), or to fully scrutinize the machine language of an existing compiler binary.
In practice, if you are using gcc, you have a compiler that has been recompiled by itself over and over again for at least a decade. Can you be absolutely sure that there wasn't somebody somewhere in that chain who added some malicious code that has propagated on? Not unless you audit the machine code of a specific gcc binary. The most likely party to have performed such an audit would be the NSA, but I am not sure I would trust them if they report there is no backdoor (in fact, they are pretty high on the list of who might want to plant a backdoor to begin with).
But, it doesn't matter - it's all open source, you can look at the lines of code and verify for yourself that they're safe, right?
Wrong. I know this is common wisdom in the open source community, but it really isn't that simple when compilers are involved.
The reason is that the hackers COULD potentially have modified the binary of the compiler used to bootstrap the whole RedHat distribution. You can modify the compiler such that it takes harmless code and compiles backdoors into it. In particular you could modify it so that it always propagates the change when it compiles a version of itself. Since every system bootstraps from an already compiled version of the compiler, a well hidden backdoor could propagate forever, unless people actually analyze the machine code.
Read Ken Thompson's 1984(!) Turing Award lecture for the full nitty gritty details. This should be required reading for everybody in security (and all open source advocates, for that matter):
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.91.5728&rep=rep1&type=pdf
(PDF)
...just like everywhere else on the planet, one might add.
Well, everywhere except for regions north of the arctic circle or south of the antarctic circle. That covers what, about 99.999% of the human population?
The start of winter is the shortest day of the year, the start of summer the longest. Weather is only a secondary effect.
Thanks for posting those! I wish I hadn't just spent all my modpoints.
The business model is very impressive indeed if you consider when it was written. He did a good job analyzing cost/benefit for all parties involved. In the end, his only problem was that he was a few years ahead of the technology...
HD-DVD vs. BlueRay has shown pretty conclusively that content providers are the ones who decide what distribution forms will be successful. As for higher-than-HD resolutions, it will take at least a decade to roll yet another standard. HD took 15+ years for widespread adoption, a similar timeframe would be plenty for bandwidth to catch up. We are not talking computer screens here, but a whole pipeline infrastructure including cameras, better optics, post processing facilities, media formats, and displays, and probably a half dozen other things I am overlooking right now.
People believed that for different reasons, though. LaserDisk was simply supposed to be so superior in quality that there would be no need to improve on it. That was nonsense, of course.
The point now is that nobody really doubts we will eventually have enough bandwidth to make streaming a feasible alternative to physical media. Also, content owners have every reason to favor streaming over sale of physical media. I am not saying that users will necessarily have the same preference (I certainly don't), but it isn't like we are going to get a choice.
Well, the author of the article was clearly smoking something good, but there are a lot of people in the industry who believe that BlueRay will be the last physical media format for movie distribution.
All signs point towards live streaming. This would allow movie distribution to finally fully switch to a rental model, something the big studios have really wanted for ages. So as soon as the bandwidth is available to move the whole industry to online streaming, I have no doubt that the content providers will jump on it. Will that happen within 5 years? Maybe, maybe not. But it will happen eventually.
Large risks are only acceptable if large payoffs are available in return. Armstrong will forever be remembered as the first man on the moon. By comparison, do you know the names of the astronauts on the last shuttle flight? I don't. Hell, I can't even remember the names of the people who died on the shuttle crashes. So, as an astronaut, why would you want to take a 1 in 12 to die for nothing?
There is just no pleasing some people. These guys have been consistently working away on a hard problem, making progress along the way, published their work, so others can run their own experiments, and worked towards a product.
Meanwhile, what exactly have you been doing?
Like somebody else said, if you only want final products, go to Best Buy.
Friends & family for financing a material science startup? Your family must be a lot richer than mine.
As for angel investors, how do you suppose they hear about your invention & plans?
And yeah, I have been through the whole startup thing. Seems like you are the one who is clueless.
How many write cycles are your SSDs good for?
With wear leveling? More than a hard drive. Time to put that myth to rest. And no, I am not trolling.
Well, you think the people in charge are shortsighted. I think many of them are actually fairly smart; they are simply optimizing for a different metric than you or I would like. All that counts to them is a the next quarter or two. If the stock does well in that time frame, they just cash in and move it to other investments. Their jobs are similarly mobile.
In short, the problem is that there is no long term accountability for management, and hence they have no interest in optimizing for the long term survival of a company.
... nobody in their right mind bought the stuff...
...I had a dual alpha motherboard running windows NT it rocked as a server.
So, would it be fair to say that you weren't in your right mind? ;-)
Well, EULAs may be unenforceable when applied to end users, since end users can argue that 1) it is unreasonable to for them to be expected to read and understand the legalese in an EULA, and 2) they only get the EULA after they already dished out the money for a copy.
HOWEVER, any reasonable court will make a distinction between an individual end user and a commercial outlet like pystar. Once you have a legal division, and you customarily buy large numbers of the same license, neither excuse really applies. It is not unreasonable to expect a company to do its legal homework before coming up with a business plan, so the EULA ought to be enforceable with anybody that deals with large numbers of these licenses.
Pystar can RESELL the OS, but they can't INSTALL it on their machines (as per the EULA).
If you really want to stay with your restaurant analogy, it is more or less like saying the restaurant refuses to sell take-out food. They definitely have the right to do that.
Yes, because people love to read long pages of text and never just click the first button at the bottom of the dialog. More importantly, plenty of Firefox users don't know they're using Firefox, or don't care, and won't know how to react to such security notices.
Well, those people will generally not have the permissions to do an upgrade anyway.
This constant upgrade policy may work for hobbyists, but as others have pointed out, as soon as you have an IT department that maintains your boxes, they will want to have control over the state of the machines they support. You also really don't want to change the systems you are working on before major deadlines, since dependencies can cascade.
Personally, the first thing I do when I install e new system even on my private computers, is to disable all the auto-upgrade crap. On my computer, I want to have control over what is on the system and when it gets there.