I'm a Linux user, but I harbor no enmity toward BSD. I rarely hear other Linux users mouth off againt BSD either.
However, when reading BSD-oriented articles, I frequently see BSD users make statements like yours against Linux. What does the BSD community have against Linux?
Possibilities that come to mind:
A feeling of superiority because BSD has been around longer
A feeling of inferiority/resentment because business and media herald Linux as a revolution while mostly ignoring BSD
put down that crack pipe and take a reality check. cookies can only be read from the domain in which they are issued.
Exactly. You visit att.com to pay your bill, and receive a cookie which will be sent back in future requests to att.com. Next, you visit the do-not-call list site, which includes an image from att.com. Your browser includes the cookie in the HTTP request for this image.
This is a common technique for tracking users from site to site. It's especially effective if you're a company that serves banner ads to thousands of other websites: every one of those banner images comes from the same domain, so a unique identifier set in a cookie along with one banner image will be returned in requests for other banner images. Look at the HTTP referer and you know what site that user was visiting.
This is why some browsers now offer an option to disable loading of images from domains other than the one that the HTML page came from.
And what IP address they came from, which can tell them the ISP, geographic location, and potentially other sorts of demographic information.
If the user has a tracking cookie from AT&T, that'll be sent back as well, which could potentially provide a link to personally-identifiable information. For example, if you pay your AT&T phone bill online, you could get a cookie that way. Then when you visit the DNC site, AT&T knows exactly which of their customers it was.
I'm curious about this. According to RFC 2821, section 5, an A record is only used for mail delivery if there are no MX records for the name. If there are multiple MX records and the first is broken, shouldn't the MTA immediately try the subsequent MX records, rather than using the A record?
I'm not correcting you, I'm asking, since you seem to know what you're talking about and I don't have real-world experience with "serious" DNS administration.
I GPG-sign almost all email I send -- exceptions being when I think it might cause difficulty on the receiving end, as described below.
As far as I know, not a single person I communicate with via email actually checks signatures or even has PGP software installed. The only effect my signatures seem to have on people is that Outlook and Outlook Express show the message body -- the text/plain part -- as an attachment (something.txt) rather than inline as the message indicates it should be shown.
I continue signing mail because I'd like to raise awareness, but I'm not too hopeful. Most poeple are clueless, and those who aren't just don't seem to care. It's the "nobody'd want to do that sort of attack on me" mindset.
Those are just the things they're telling the student consultants to do, since we'll be dealing with all the new freshmen. I was in a hurry when I posted my last message and didn't think to mention the other steps that are being taken.
They're also scanning the entire network for systems that are vulnerable, identifying the owners of those systems based on their network jack, and sending email to those owners telling them to patch up. (These people will continue to receive these messages periodically until they install the patch.) The login script for NetWare (which most people use, though not all) scans the system for MSBlaster, and removes it and warns the user if found. And the RPC ports that MSBlaster uses to spread are being blocked at the point of connection to the Internet.
I realize that this thread is supposed to be about SoBig, not MSBlaster, but MSBlaster seems to be what they're mostly concerned with. Regarding things that spread by email, though, inbound and outbound SMTP traffic is restricted to a few "authorized" servers, run by the university, the CSE department, etc. (Actually, I need to meet with the security guy sometime soon to get my club's mailing-list server whitelisted -- an ACM chapter that doubles as a LUG is competent enough to run a secure mailserver, but we have to approach them about it.)
I think these measures are fairly comprehensive, though if you can think of any other steps that could be taken, I'd be interested in hearing about them.
I'm a student consultant at my school who helps other students with computer problems, and believe me, the network people in charge here are fully aware of this fact. For what we call "mass-install week", which means setting up all the new students, we're being told to enable the XP firewall, check for and remove Blaster, install patches from windowsupdate and explain to the student the importance of patching, and install the school's site-licensed copy of Norton.
Hopefully these sort of measures, here and at other schools, will mitigate the damage.
Linus isn't the sole copyright holder, by a long shot. Anyone who's written code in the kernel holds copyright on their piece of the kernel, distributed to SCO under a license that SCO may be infringing, so any of those people could file the lawsuit and subpoena that you suggested.
"Trusted Computing" is a Microsoft initiative that isn't really related to this. It's basically just a nifty-sounding name for the idea that "we'll try to stop leaving so many holes in our products", plus some DRM stuff.
The purpose of DNSSEC is to ensure that the result of your DNS query is genuine -- that it really is the IP address corresponding to the name you asked for, and not some other IP address given by an imposter. Once the DNS lookup is done, your communication with the host is completely outside the scope of DNSSEC, so censorship is out of the picture.
This isn't that hard. People have this perception of computers as the same as their television or washing machine in terms of support - don't touch it unless it's obviously unusably broken. They don't work that way, they're much closer to cars. Sure, some people don't maintain their cars either, but those people aren't in the majority.
Definitely. But taking this a step further, we have auto insurance, some forms of which are required in order to be legally allowed to drive. I wonder if we'll start seeing something like virus insurance, to pay for damages caused by security exploits.
People would want it, and it would be an encouragement to take short security courses -- you know, a few hours per day for a few days, going over how to install updates, common sense when downloading things, etc. -- because it would reduce their insurance premium. (Similar to how taking a driver's ed course can reduce a student's car-insurance payments.) And this would cause greater public pressure on Microsoft and other software vendors to make their software more secure, again because people would want to lower their insurance costs. No legal force would be needed; the market would offer all the incentives.
I know Microsoft currently seems to be supporting SCO (buying the Unix license), but it'd be pretty interesting if Microsoft did realize the danger here and fight SCO over it. We'd see Microsoft and Red Hat fighting side-by-side against a common enemy.:-)
Not necessarily, if they weren't aware that the package they were distributing (Linux as a whole) contained their proprietary code.
However, from what I've read, apparently there was a bit of a time delay between when somone in the company realized there might be a problem, and when they stopped distributing Linux.
That would certainly be true if they intended to put it there. The issue is that someone (supposedly) took SCO-owned code and put it in the kernel without permission. If this person didn't have the right to distribute the code under the GPL in the first place, a court might nullify the GPL terms on it; in that case, that person would have violated the GPL by putting non-GPL code into Linux.
GPL is about distribution because copyright law is about distribution. Copyright law doesn't place any restrictions on use -- once you have a copy, you can do whatever you want with it, unless you've entered into some sort of agreement beforehand (such as a Microsoft EULA).
Suppose that there really is SCO code in the kernel, and suppose that the GPL is found to not apply to it because whoever put it there didn't have the right to GPL it. In that case, if you've distributed Linux -- made copies -- then you could concievably be found in violation for that, but in no case do you infringe anyone's copyright by running Linux.
The fact that they're trying to sell licenses granting the right to run Linux without violating their copyrights means that either their lawyers are a bunch of idiots who only passed the bar exam by cheating, or (more likely) they're not really serious and this is just a tactic to see how much they can get before everything comes crashing down.
(Note that this only applies to copyrights; if SCO has a patent on something in the kernel then you could indeed be held responsible for running it. SCO has not filed any patent claims AFAIK, but they use the general term "intellectual property" -- which covers both copyright and patent -- in talking about their license. I imagine the ambiguity is intentional, because if I can recognize what I've just pointed out, I'm sure a judge can too.)
IANAL, but I pay attention to the people here who say they are.
Re:... at the same time as the IPv6 upgrade! ???
on
Replacing SMTP?
·
· Score: 1
And here in the US, we're still using inches and feet, measurements based on the lengths of the thumb and foot of a long-dead king. And we call them "standard".
Actually, I read somewhere that the inch was originally defined as the length of two barley corns laid end-to-end.
So if I install the.NET Framework on my computer, I'm not allowed to benchmark it and publish the results because the Supplementary EULA said so, but if I get someone else to buy a computer and install the framework, and then donate the computer to me, then Microsoft has no way of stopping me from publishing benchmark results?:-)
That seems like a pretty gaping hole in the whole EULA concept. Very interesting, too.
This interests me too, because he waited until the court made its decision before he stopped using Napster. See, the job of a court isn't to decide whether something is wrong; it's to decide whether it's illegal. It's up to the legislature, of which the Senate is a part, to ensure that the law accurately reflects our moral sense of right and wrong. So when a Senator, whose job is to codify right and wrong into law, seemingly waits for a court's determination of whether something is wrong before he ceases doing it, it makes one stop and think.
Either he supports file-sharing morally, and only stopped because it was declared illegal, or he actually uses the law as his moral compass, which is a very bad thing.:-)
Well, my understanding is that if I'm System Builder A and you're System Builder B, I have to say to you, "I can give you this software if you agree to accept the same restrictions and obligations to Microsoft that this agreement puts on me." So even though your agreement would be with me, it would be an agreement to consider yourself under contract with Microsoft, so to speak.
In the retail case, the agreement would be between Microsoft and the retailer, not between the retailer and the customer. Something like "You may sell this Software to one Customer, provided that you require such Customer to agree to the terms of the Microsoft End User License Agreement."
I haven't read any Microsoft EULAs in detail recently, but I imagine they all contain a clause which either says the license is non-transferrable, or allows transfer of the license only if the recipient submits to the terms of the EULA. Their agreements with distributors probably pass along the EULA-dependency in the same way.
I can verify that to an extent, actually. I have here an unopened Windows Server 2003 System Builder Pack -- it's what goes to people who will be building and selling computers with Windows pre-installed. Printed on the back of the box is the "Microsoft Distribution and Preinstallation Agreement", aka "Microsoft OEM System Builder License", acceptance of which is requried before opening the box. It's not a EULA, but section 6 reads as follows:
6. SPECIAL REQUIREMENTS FOR DISTRIBUTION OTHER THAN WITH A FULLY-ASSEMBLED COMPUTER SYSTEM
Microsoft grants you a nonexclusive right to distribute the Software Units (desktop operating systems only) or hardware in this OEM System Builder Pack to another System Builder, with a nonperipheral computer hardware component (that will be integral to the computer system in which it will be installed), provided such other System Builder accepts all the terms of this license. To facilitate acceptance, a digital copy of this license is posted at www.microsoft.com/oem/sblicense. You are required to retain records to establish compliance with this section.
As you can see, they close the First Sale loophole for OEM system builders, so it's almost certain that they do it for retailers and other distributors as well.
I don't think there's anything in our law that says such a disclaimer is required, but given the litigious nature of modern US society, I wouldn't be at all surprised if someone were to try to sue over such a thing. So it's a good idea.
(I don't think there's anything in our law that says such a disclaimer is required, but don't take that as legal advice.:-P)
Except for Free software, it's accepted that users need valid licenses for their software.
"Accepted" by consumers maybe, but legally speaking, copyright law does not require you to obtain a license just to use a copyrighted work, as Moglen explains in the paper.
The reason you need to click through an EULA when installing Windows is because Microsoft, as the copyright holder, has the exclusive right to make copies of Windows, and they agree to "give" you the copy you've just installed only if you agree to submit to the restrictions they place on your use of it. The EULA isn't a copyright issue at all; it's simply a contract negotiation prior to the copyright holder exercising its exclusive rights.
On the other hand, the General Public License is granted to you unconditionally. It's not contingent on your agreeing to any artificial restrictions on use beforehand, which is why there's no EULA on Free software.
And of course, to distribute Free software, you certainly do need a license, which is why you have the GPL in the first place.
b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
This covers distributing the original work as well, not just derivative works -- it's the "contains", as opposed to "is derived from". (If I burn linux-2.4.21.tar.bz2 to a CD and give it to you, the CD "contains", "in whole", the "Program".)
I understand the argument that SCO might have destroyed their own case by distributing Linux (and thereby "accepting" the GPL distribution of their proprietary code), but I don't like it. For one thing, exception could understandably, and possibly should, be made if they weren't aware, through no fault of their own, that they were distributing their proprietary code. If I sell you my car, and then realize a few days later that I left my spool of Ethernet cable -- which I didn't intend to be part of the sale -- in the trunk, it's still my cable and I ought to get it back. Second, I don't like the impression that it creates: that distributing and contributing to Linux is a good way to get yourself burned.
If someone copied SCO's proprietary code into the Linux kernel, then SCO was wronged and that person ought to be punished. I think that's perfectly fair. However:
The end users have nothing to do with it. As Moglen pointed out, copyright law only deals with certain reserved rights such as copying and creation of derivative works, not simple use of a copyrighted work. Simply installing and running a copy of Linux that you've been given is not governed by copyright law. Distributors (who make copies) and developers (who create derivative works) might be at risk -- that's a grey area -- but end users are not.
Taking lines of code that were written by IBM into AIX and incorporating them into Linux does not make Linux a derived work of Unix. Unless the terms of IBM's AIX license specify otherwise, (which, according to another/.'er, was a term of the original license from AT&T that IBM specifically negotiated out of), IBM holds copyright on the code that IBM wrote. The incorporation of that code into Unix/AIX forms a derived work that IBM can't distribute without the Unix license from SCO, but as the copyright holder, IBM can certainly take the lines of code that they wrote and put them into Linux.
If someone copied UnixWare code into Linux, I'd be perfectly happy if that person were tracked down and sued or whatever, but SCO is being ridiculously overreaching in its claims. The only issue that really concerns me at all is the FUD.
Slashdot Mirror
I'm a Linux user, but I harbor no enmity toward BSD. I rarely hear other Linux users mouth off againt BSD either.
However, when reading BSD-oriented articles, I frequently see BSD users make statements like yours against Linux. What does the BSD community have against Linux?
Possibilities that come to mind:
I think the poster's already aware of that...
It's very well-done though. :-)
Exactly. You visit att.com to pay your bill, and receive a cookie which will be sent back in future requests to att.com. Next, you visit the do-not-call list site, which includes an image from att.com. Your browser includes the cookie in the HTTP request for this image.
This is a common technique for tracking users from site to site. It's especially effective if you're a company that serves banner ads to thousands of other websites: every one of those banner images comes from the same domain, so a unique identifier set in a cookie along with one banner image will be returned in requests for other banner images. Look at the HTTP referer and you know what site that user was visiting.
This is why some browsers now offer an option to disable loading of images from domains other than the one that the HTML page came from.
And what IP address they came from, which can tell them the ISP, geographic location, and potentially other sorts of demographic information.
If the user has a tracking cookie from AT&T, that'll be sent back as well, which could potentially provide a link to personally-identifiable information. For example, if you pay your AT&T phone bill online, you could get a cookie that way. Then when you visit the DNC site, AT&T knows exactly which of their customers it was.
I'm curious about this. According to RFC 2821, section 5, an A record is only used for mail delivery if there are no MX records for the name. If there are multiple MX records and the first is broken, shouldn't the MTA immediately try the subsequent MX records, rather than using the A record?
I'm not correcting you, I'm asking, since you seem to know what you're talking about and I don't have real-world experience with "serious" DNS administration.
I GPG-sign almost all email I send -- exceptions being when I think it might cause difficulty on the receiving end, as described below.
As far as I know, not a single person I communicate with via email actually checks signatures or even has PGP software installed. The only effect my signatures seem to have on people is that Outlook and Outlook Express show the message body -- the text/plain part -- as an attachment (something .txt) rather than inline as the message indicates it should be shown.
I continue signing mail because I'd like to raise awareness, but I'm not too hopeful. Most poeple are clueless, and those who aren't just don't seem to care. It's the "nobody'd want to do that sort of attack on me" mindset.
Those are just the things they're telling the student consultants to do, since we'll be dealing with all the new freshmen. I was in a hurry when I posted my last message and didn't think to mention the other steps that are being taken.
They're also scanning the entire network for systems that are vulnerable, identifying the owners of those systems based on their network jack, and sending email to those owners telling them to patch up. (These people will continue to receive these messages periodically until they install the patch.) The login script for NetWare (which most people use, though not all) scans the system for MSBlaster, and removes it and warns the user if found. And the RPC ports that MSBlaster uses to spread are being blocked at the point of connection to the Internet.
I realize that this thread is supposed to be about SoBig, not MSBlaster, but MSBlaster seems to be what they're mostly concerned with. Regarding things that spread by email, though, inbound and outbound SMTP traffic is restricted to a few "authorized" servers, run by the university, the CSE department, etc. (Actually, I need to meet with the security guy sometime soon to get my club's mailing-list server whitelisted -- an ACM chapter that doubles as a LUG is competent enough to run a secure mailserver, but we have to approach them about it.)
I think these measures are fairly comprehensive, though if you can think of any other steps that could be taken, I'd be interested in hearing about them.
I'm a student consultant at my school who helps other students with computer problems, and believe me, the network people in charge here are fully aware of this fact. For what we call "mass-install week", which means setting up all the new students, we're being told to enable the XP firewall, check for and remove Blaster, install patches from windowsupdate and explain to the student the importance of patching, and install the school's site-licensed copy of Norton.
Hopefully these sort of measures, here and at other schools, will mitigate the damage.
Western Digital manufactured them? My dad had a deskstar die, and the replacement was a nearly-identical drive labeled Hitachi. Have a look.
Is the entire hard-drive industry consolidating or something?
Linus isn't the sole copyright holder, by a long shot. Anyone who's written code in the kernel holds copyright on their piece of the kernel, distributed to SCO under a license that SCO may be infringing, so any of those people could file the lawsuit and subpoena that you suggested.
I'd like to see one of them do it.
"Trusted Computing" is a Microsoft initiative that isn't really related to this. It's basically just a nifty-sounding name for the idea that "we'll try to stop leaving so many holes in our products", plus some DRM stuff.
The purpose of DNSSEC is to ensure that the result of your DNS query is genuine -- that it really is the IP address corresponding to the name you asked for, and not some other IP address given by an imposter. Once the DNS lookup is done, your communication with the host is completely outside the scope of DNSSEC, so censorship is out of the picture.
Definitely. But taking this a step further, we have auto insurance, some forms of which are required in order to be legally allowed to drive. I wonder if we'll start seeing something like virus insurance, to pay for damages caused by security exploits.
People would want it, and it would be an encouragement to take short security courses -- you know, a few hours per day for a few days, going over how to install updates, common sense when downloading things, etc. -- because it would reduce their insurance premium. (Similar to how taking a driver's ed course can reduce a student's car-insurance payments.) And this would cause greater public pressure on Microsoft and other software vendors to make their software more secure, again because people would want to lower their insurance costs. No legal force would be needed; the market would offer all the incentives.
It could work...
We do have a Microsoft section -- number 109. Look back to the recent headline about Microsoft ceasing development of Outlook Express, for example.
We even have a separate topic for Internet Explorer.
I know Microsoft currently seems to be supporting SCO (buying the Unix license), but it'd be pretty interesting if Microsoft did realize the danger here and fight SCO over it. We'd see Microsoft and Red Hat fighting side-by-side against a common enemy. :-)
Not necessarily, if they weren't aware that the package they were distributing (Linux as a whole) contained their proprietary code.
However, from what I've read, apparently there was a bit of a time delay between when somone in the company realized there might be a problem, and when they stopped distributing Linux.
That would certainly be true if they intended to put it there. The issue is that someone (supposedly) took SCO-owned code and put it in the kernel without permission. If this person didn't have the right to distribute the code under the GPL in the first place, a court might nullify the GPL terms on it; in that case, that person would have violated the GPL by putting non-GPL code into Linux.
(Hopefully that makes some sense.)
GPL is about distribution because copyright law is about distribution. Copyright law doesn't place any restrictions on use -- once you have a copy, you can do whatever you want with it, unless you've entered into some sort of agreement beforehand (such as a Microsoft EULA).
Suppose that there really is SCO code in the kernel, and suppose that the GPL is found to not apply to it because whoever put it there didn't have the right to GPL it. In that case, if you've distributed Linux -- made copies -- then you could concievably be found in violation for that, but in no case do you infringe anyone's copyright by running Linux.
The fact that they're trying to sell licenses granting the right to run Linux without violating their copyrights means that either their lawyers are a bunch of idiots who only passed the bar exam by cheating, or (more likely) they're not really serious and this is just a tactic to see how much they can get before everything comes crashing down.
(Note that this only applies to copyrights; if SCO has a patent on something in the kernel then you could indeed be held responsible for running it. SCO has not filed any patent claims AFAIK, but they use the general term "intellectual property" -- which covers both copyright and patent -- in talking about their license. I imagine the ambiguity is intentional, because if I can recognize what I've just pointed out, I'm sure a judge can too.)
IANAL, but I pay attention to the people here who say they are.
Actually, I read somewhere that the inch was originally defined as the length of two barley corns laid end-to-end.
So if I install the .NET Framework on my computer, I'm not allowed to benchmark it and publish the results because the Supplementary EULA said so, but if I get someone else to buy a computer and install the framework, and then donate the computer to me, then Microsoft has no way of stopping me from publishing benchmark results? :-)
That seems like a pretty gaping hole in the whole EULA concept. Very interesting, too.
This interests me too, because he waited until the court made its decision before he stopped using Napster. See, the job of a court isn't to decide whether something is wrong; it's to decide whether it's illegal. It's up to the legislature, of which the Senate is a part, to ensure that the law accurately reflects our moral sense of right and wrong. So when a Senator, whose job is to codify right and wrong into law, seemingly waits for a court's determination of whether something is wrong before he ceases doing it, it makes one stop and think.
Either he supports file-sharing morally, and only stopped because it was declared illegal, or he actually uses the law as his moral compass, which is a very bad thing. :-)
Well, my understanding is that if I'm System Builder A and you're System Builder B, I have to say to you, "I can give you this software if you agree to accept the same restrictions and obligations to Microsoft that this agreement puts on me." So even though your agreement would be with me, it would be an agreement to consider yourself under contract with Microsoft, so to speak.
In the retail case, the agreement would be between Microsoft and the retailer, not between the retailer and the customer. Something like "You may sell this Software to one Customer, provided that you require such Customer to agree to the terms of the Microsoft End User License Agreement."
I haven't read any Microsoft EULAs in detail recently, but I imagine they all contain a clause which either says the license is non-transferrable, or allows transfer of the license only if the recipient submits to the terms of the EULA. Their agreements with distributors probably pass along the EULA-dependency in the same way.
I can verify that to an extent, actually. I have here an unopened Windows Server 2003 System Builder Pack -- it's what goes to people who will be building and selling computers with Windows pre-installed. Printed on the back of the box is the "Microsoft Distribution and Preinstallation Agreement", aka "Microsoft OEM System Builder License", acceptance of which is requried before opening the box. It's not a EULA, but section 6 reads as follows:
As you can see, they close the First Sale loophole for OEM system builders, so it's almost certain that they do it for retailers and other distributors as well.
I don't think there's anything in our law that says such a disclaimer is required, but given the litigious nature of modern US society, I wouldn't be at all surprised if someone were to try to sue over such a thing. So it's a good idea.
(I don't think there's anything in our law that says such a disclaimer is required, but don't take that as legal advice. :-P)
"Accepted" by consumers maybe, but legally speaking, copyright law does not require you to obtain a license just to use a copyrighted work, as Moglen explains in the paper.
The reason you need to click through an EULA when installing Windows is because Microsoft, as the copyright holder, has the exclusive right to make copies of Windows, and they agree to "give" you the copy you've just installed only if you agree to submit to the restrictions they place on your use of it. The EULA isn't a copyright issue at all; it's simply a contract negotiation prior to the copyright holder exercising its exclusive rights.
On the other hand, the General Public License is granted to you unconditionally. It's not contingent on your agreeing to any artificial restrictions on use beforehand, which is why there's no EULA on Free software.
And of course, to distribute Free software, you certainly do need a license, which is why you have the GPL in the first place.
This covers distributing the original work as well, not just derivative works -- it's the "contains", as opposed to "is derived from". (If I burn linux-2.4.21.tar.bz2 to a CD and give it to you, the CD "contains", "in whole", the "Program".)
I understand the argument that SCO might have destroyed their own case by distributing Linux (and thereby "accepting" the GPL distribution of their proprietary code), but I don't like it. For one thing, exception could understandably, and possibly should, be made if they weren't aware, through no fault of their own, that they were distributing their proprietary code. If I sell you my car, and then realize a few days later that I left my spool of Ethernet cable -- which I didn't intend to be part of the sale -- in the trunk, it's still my cable and I ought to get it back. Second, I don't like the impression that it creates: that distributing and contributing to Linux is a good way to get yourself burned.
If someone copied SCO's proprietary code into the Linux kernel, then SCO was wronged and that person ought to be punished. I think that's perfectly fair. However:
If someone copied UnixWare code into Linux, I'd be perfectly happy if that person were tracked down and sued or whatever, but SCO is being ridiculously overreaching in its claims. The only issue that really concerns me at all is the FUD.
IANAL.