Umm, one question, if all of the above is so easy, why hasn't it been used to annihilate current malicious botnets(as you say they would do to a military one)?
It already HAS been done by botnet owners who hijack other botnets. Search for, um, I don't know... try "hijack botnet" - currently, the first 5 results are relevant.
Problem is that integration testing has to be done against each distro independently, so there is zero time saved.
Most distros have at least some differences in libraries, file paths, compile-time settings, etc.
Better to stagger the releases, and let each distro maker find the bugs pertinent to their release, since they're going to have to test anyway. If a bug affects a competitors' release that is scheduled for a month down the road, so much the better.
Simultaneous release is one step closer to a monoculture, without any of the associated benefits.
Of course, there's nothing to stop you from setting up some honey-pots, figuring out the control commands, and taking control of a large chunk of the botnet, since it *isn't* centralized. then turn it on the parts you don't control, or the central c&c computers, or other "targets of interest."
We write software for Linux users. Keeping up to date with the latest releases sends our packaging and testing teams into extra, unplanned cycles as our customers demand the latest Linux stuff is always supported and we have no control over what is release and when. Synchronized release cycles would be a major boon for the thousands of companies writing software for commercial Linux users/companies/ISVs.
This won't help your situation. It *will* make it worse. Remember, distros customize their products. This includes system libraries. So, instead of having to test 1 a month, and having the other distros fix that which is broken when they make their release, you'll have longer periods of no testing, then a mad rush to test against ALL the simultaneously-updated distros. And what do you do when they all have the same zero-day defect? You (and everyone else) is fucked.
Staggering release dates is the only sensible thing to do. Search for "linux brown bag release" to see how stupid simultaneous release can be.
The real benefit here is when a bug is found in a package, be it the kernel or something like GNOME or KDE, three years from now. That is five or six versions of Gnome out of date. With a coordinated set of primary applications at least the major LTS distributions can maintain their patches together.
Why? All the majors do customization of their distros, so "patch compatibility/cooperation" is not going to happen. It's not like you'll be able to apply the same patch to different distros, or even have the same set of bugs/failure modes, so forget the "major distributions can maintain their patches together." Besides, Ubuntu was the worst offender with the patch that disable booting. Imagine if that had been pushed out to all the distros...
Same thing with the gcc printf bug in Mandrake a half-decade ago. Good thing I was running Redhat on another machine, and that they weren't both "coordinating" their updates and patches.
Come on - most people can figure out that things like rpm and apt aren't the "features" I'm referring to. I mean specific features, like Version XX.YY.ZZ of gcc or firefox or kde. If there's a problem with one, better to have only one distro get hit with it because of staggered release dates. Ditto with security problems.
Then there's the extra net traffic caused by more than one major distro releasing simultaneously.
The idea of simultaneous releases for all the major distros is wrong.
All this would do is ensure that people stick with their current distros. After all, if they all come out on the same date, you're going to grab the one you're currently using, and upgrade. Then you won't have as much incentive to try another one that came out on the same date, since you just finished the upgrade, and they'll all most likely have the same features.
On the other hand, having different distros purposefully unsynchronized allows for new features to be introduced and widely disseminated one distro at a time, so if there's a security or other problem, it doesn't affect almost everyone from day zero.
So, not only is the proposal anti-competitive, it's inherently insecure.
Geez, site has only been online a little while and already freakin' griefers have moved in. Last 3 games of ESP I played had dipshits that purposely gave answers that didn't even come close to describing the pictures. One idiot just kept guessing "YoMama". Fuckers.
What did you expect. Games are entertainment. Some people's idea of entertainment is f*cking with the system.
Only the naive YoMama! would expect YoMama to result in YoMama clean set of YoMama. The YoMama way YoMama you YoMama get YoMama results YoMama if YoMama paid YoMama to YoMama AND YoSista tied to performance.
Apologizing to Galileo, Hell is a metaphor, evolution is real, now aliens could exist. The Vatican is really taking their modernization seriously, aren't they?
Next week they'll be approving a new brand of condoms. They're open at both ends...
Out of curiosity, do you have a link to how the GPL 2.0 is interpreted for the Internet Age? GPL 2.0 predates the ubiquity of the internet, and I'm just wondering what the general consensus is with regards to applying the provisions to today's technologies and customs.
I can see your point. 1989 *is* a bit long in the tooth if you're on internet time. Heck, that was back in my BBS days (grapevine bbs w. a pair of modems so people could get their "joke of the day", file downloads, etc...)
As for interpretation in this day and age, I think the courts just supplied the answer:-)
much in the same way that a Mac formatted floppy could not be read in a Windows based machine
My old 286 was able to read, write, and format Mac floppies, as well as amiga, etc. (transcopy hardware controller for copy-protected floppies, transcopy software for all formats that weren't copy-protected).
Machine-readable just means that the machine can read the bytes recorded on the media, as opposed to, say, delivering a phonebook-sized printout (that would not only discourage compiling, but it would also be expensive, since you're allowed to charge the cost of distribution on physical media). Source code in machine-readable form means source that you can edit in a plain-text editor, then recompile. Note that the GPL states clearly that everything needed for recompiling (including the compiler) must be readily available, or, if not readily available, it must be included with any source distribution.
A dead-tree delivery of source code doesn't fulfill the GPL requirements for those 2 reasons: you can't compile dead tree source code directly, and the machine can't directly read it (you have to enter it into the computer manually or via ocr, and convert it from the dead trees to bytes that the compiler can work with as source code, rather than have the machine read it).
The courts usually take the "plain reading" of the text - the idea being that, where people are arguing for 2 different interpretations of a clause, the one that has a plain meaning must be used over the one that requires contortions. Since the GPL makes a distinction between delivery of binaries over the internet and delivery with a physical product, and specifies that full compliance wrt source code delivery is only accomplished via internet distribution in cases where the binary was likewise distributed, then the delivery of source by other means has to mean something different than via the internet.
The GPL isn't all that complicated. Skype tried to "read in" something that wasn't there, and failed.
Disclaimer: It's all good in any friendly debate;-)
Furthermore, you CAN transfer a copy of a web site (which would be partial copy of the internet), and given enough bandwidth and storage space, it is technically possible to transfer a copy of the entire internet, albeit practically infeasible, just as doing a backup of a modern enterprise server cluster would be practically infeasible using 5.25" floppies.
You would STILL have to store that copy on some media - a disk, a USB stick, whatever - the internet is only a transfer medium, not a storage medium. Again, you're making the same mistake that the lawyers for Skype made - confusing the transfer of information with its' storage in machine-readable form. The bitstream sent over the internet is not source code in machine-readable form. For example, you have 56 bits of header in each TCP/IP packet. It's only after your computer does the converting that IT can save a copy to your hard drive. The GPL is quite specific - a copy of the source code affixed to some media, not transferred via some media.
As to the "pc with no removable media" - that is irrelevant to the GPL. The GPL deals with licensing; once you have a physical copy, it's up to you to decide if and how to transfer it to a computer, or whether you'll just stick it on the shelf for future reference.
There's no real ambiguity here. Code developers understand what "source code in machine-readable format" on a "physical medium" is. Like SCO, Skype tried to "get cute" wrt the GPL; like SCO, they should have just asked slashdot;-) In a community this large, it is inevitable that some of us *do* have extensive legal experience.
Just goes to show you don't have as much experience interpreting legal documents as the judges who tried the case, and sided with the GPL.
The distribution on "a medium customarily used for software interchange" applies to the physical media used to store the progarm, not the method. The media can include floppies, cd and dvd roms, usb keys, etc. "The Internet" is not one of those media - you can't physically transfer a copy of the internet, unlike a cd or dvd.
Remember, this is a license - something that erxtends a permission where none otherwise exists. That which is not specifically allowed is forbidden. That's copyright law for you. If someone allows you to make a copy under certain specific conditions, that doesn't mean that you can also make copies under other conditions because they didn't expressly forbid them.
Again, from the GPL:
If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
As the gpl states, there's nothing forcing you to accept these conditions. There is nothing in the gpl that gives you or skype permission to ship a binary with a physical product, then claim that "making the source available for download over the internet" being sufficient to fulfill your gpl "distribution of source" obligations.
The gpl uses the legal principle of "same means". For example, if you send someone a notice by unregistered mail, they're not obliged to use registered mail to reply, absent an agreement to the contrary.
The section I qouted specifically states that you canonly use the internet to distribute source if you distributed the binary over the internet.
That excludes the internet as an "interchange medium" for any other method of distribution under the terms of the gpl. In other words, to offer to distribute the source via the internet when the binary was distributed by any other means is quite simply prohibited on a plain reading of the GPL.
The reason to target skype instead of smc is obvious from your comment - since there ARE many different skype-enabled devices, it's quicker and more efficient to go after skype than to target each individual device manufacturer.
So you'll be able to store the source code on your copy of "the internet"?
Turn the power off, and the internet disappears, along with access to the code. The GPL is clear that when a physical medium is used to transfer the binary, a copy of the source, stored on a physical medium, must also be conveyed on demand. The day you can physically convey a "copy of the internet" to someone, you'll have a point.
agreed...even after getting through the initial buggy-ness, this game was about as much fun/playable as masturbating with a cheese-grater...I quit after a very short period of gametime.
Tell Zuxxes: Zuxxez to be you
... Or Zuxxes Suxxez;
Perhaps they're doing this because it's the only way they'll make any money, since the game itself is a flop?
Of course, if the game is a massive flop, they can't really claim much in the way of real damages... since it obviously has no value.
Only if you distribute the binary via download can you use a download url as the same distribution medium.
From the GPL:
If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
Otherwise no, the internet is not a valid means of distributing the source code.
In other words, if the person received the binary by physical transfer (in this case, a phone), the medium for transferring the source code must also be physical:
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;
From the way this looks, should the GPL be targeting SMC, the company that actually makes and sells the device that Skype's software is running on?
As you pointed out, it's Skype's software that is in question here. Skype is the one who isn't releasing the source, which they were supposed to give to SMC when they gave the binaries.
However, just to be on the safe side, I'd name SMC as a codefendent and ask them if they received their copy - and if not, to stop distributing the software/hardware bundle.
You call THIS "recovered"??? More like "Houston,we have a problem..."
Error Executing Database Query. Data source rejected establishment of connection, message from server: "Too many connections"
The error occurred in/home/httpd/customtags/parameters.cfm: line 22 20 : 21 : 22 : 23 : SELECT tag, value FROM parameters 24 :
SQL SELECT tag, value FROM parameters DATASOURCE blocksandfiles VENDORERRORCODE 1040 SQLSTATE 08004
Resources: Check the ColdFusion documentation to verify that you are using the correct syntax. Search the Knowledge Base to find a solution to your problem.
Stack Trace at cfparameters2ecfm1715857017.runPage(/home/httpd/customtags/parameters.cfm:22) at cfApplication2ecfm1592932022.runPage(/home/httpd/vhosts/blocksandfiles.co.uk/sitedocs/Application.cfm:17)
com.mysql.jdbc.exceptions.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: "Too many connections"
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:921)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1055)
at com.mysql.jdbc.Connection.createNewIO(Connection.java:2749)
at com.mysql.jdbc.Connection.(Connection.java:1553)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
at coldfusion.server.j2ee.sql.pool.JDBCPool.createPhysicalConnection(JDBCPool.java:562)
at coldfusion.server.j2ee.sql.pool.ConnectionRunner$RunnableConnection.run(ConnectionRunner.java:67)
at java.lang.Thread.run(Thread.java:619)
Slashdot Mirror
It already HAS been done by botnet owners who hijack other botnets. Search for, um, I don't know ... try "hijack botnet" - currently, the first 5 results are relevant.
Problem is that integration testing has to be done against each distro independently, so there is zero time saved.
Most distros have at least some differences in libraries, file paths, compile-time settings, etc.
Better to stagger the releases, and let each distro maker find the bugs pertinent to their release, since they're going to have to test anyway. If a bug affects a competitors' release that is scheduled for a month down the road, so much the better.
Simultaneous release is one step closer to a monoculture, without any of the associated benefits.
Of course, there's nothing to stop you from setting up some honey-pots, figuring out the control commands, and taking control of a large chunk of the botnet, since it *isn't* centralized. then turn it on the parts you don't control, or the central c&c computers, or other "targets of interest."
Or use it to create "false flag" attacks.
Or a few rounds of "Do you want to play a game?"
This won't help your situation. It *will* make it worse. Remember, distros customize their products. This includes system libraries. So, instead of having to test 1 a month, and having the other distros fix that which is broken when they make their release, you'll have longer periods of no testing, then a mad rush to test against ALL the simultaneously-updated distros. And what do you do when they all have the same zero-day defect? You (and everyone else) is fucked.
Staggering release dates is the only sensible thing to do. Search for "linux brown bag release" to see how stupid simultaneous release can be.
Why? All the majors do customization of their distros, so "patch compatibility/cooperation" is not going to happen. It's not like you'll be able to apply the same patch to different distros, or even have the same set of bugs/failure modes, so forget the "major distributions can maintain their patches together." Besides, Ubuntu was the worst offender with the patch that disable booting. Imagine if that had been pushed out to all the distros ...
Same thing with the gcc printf bug in Mandrake a half-decade ago. Good thing I was running Redhat on another machine, and that they weren't both "coordinating" their updates and patches.
Come on - most people can figure out that things like rpm and apt aren't the "features" I'm referring to. I mean specific features, like Version XX.YY.ZZ of gcc or firefox or kde. If there's a problem with one, better to have only one distro get hit with it because of staggered release dates. Ditto with security problems.
Then there's the extra net traffic caused by more than one major distro releasing simultaneously.
The idea of simultaneous releases for all the major distros is wrong.
All this would do is ensure that people stick with their current distros. After all, if they all come out on the same date, you're going to grab the one you're currently using, and upgrade. Then you won't have as much incentive to try another one that came out on the same date, since you just finished the upgrade, and they'll all most likely have the same features.
On the other hand, having different distros purposefully unsynchronized allows for new features to be introduced and widely disseminated one distro at a time, so if there's a security or other problem, it doesn't affect almost everyone from day zero.
So, not only is the proposal anti-competitive, it's inherently insecure.
What did you expect. Games are entertainment. Some people's idea of entertainment is f*cking with the system.
Only the naive YoMama! would expect YoMama to result in YoMama clean set of YoMama. The YoMama way YoMama you YoMama get YoMama results YoMama if YoMama paid YoMama to YoMama AND YoSista tied to performance.
Nice way to put a dent in the hood. Then they can play "Bodyshop Bill Blues" or "PleaseYourHonourItWasJustAGame!!!"
Next week they'll be approving a new brand of condoms. They're open at both ends ...
I can see your point. 1989 *is* a bit long in the tooth if you're on internet time. Heck, that was back in my BBS days (grapevine bbs w. a pair of modems so people could get their "joke of the day", file downloads, etc ...)
As for interpretation in this day and age, I think the courts just supplied the answer :-)
You could always bring in a lappy and do like this guy did ...
My old 286 was able to read, write, and format Mac floppies, as well as amiga, etc. (transcopy hardware controller for copy-protected floppies, transcopy software for all formats that weren't copy-protected).
Machine-readable just means that the machine can read the bytes recorded on the media, as opposed to, say, delivering a phonebook-sized printout (that would not only discourage compiling, but it would also be expensive, since you're allowed to charge the cost of distribution on physical media). Source code in machine-readable form means source that you can edit in a plain-text editor, then recompile. Note that the GPL states clearly that everything needed for recompiling (including the compiler) must be readily available, or, if not readily available, it must be included with any source distribution.
A dead-tree delivery of source code doesn't fulfill the GPL requirements for those 2 reasons: you can't compile dead tree source code directly, and the machine can't directly read it (you have to enter it into the computer manually or via ocr, and convert it from the dead trees to bytes that the compiler can work with as source code, rather than have the machine read it).
The courts usually take the "plain reading" of the text - the idea being that, where people are arguing for 2 different interpretations of a clause, the one that has a plain meaning must be used over the one that requires contortions. Since the GPL makes a distinction between delivery of binaries over the internet and delivery with a physical product, and specifies that full compliance wrt source code delivery is only accomplished via internet distribution in cases where the binary was likewise distributed, then the delivery of source by other means has to mean something different than via the internet.
The GPL isn't all that complicated. Skype tried to "read in" something that wasn't there, and failed.
Disclaimer: It's all good in any friendly debate ;-)
Thanks for logging in :-)
Notice something in your own reply:
You would STILL have to store that copy on some media - a disk, a USB stick, whatever - the internet is only a transfer medium, not a storage medium. Again, you're making the same mistake that the lawyers for Skype made - confusing the transfer of information with its' storage in machine-readable form. The bitstream sent over the internet is not source code in machine-readable form. For example, you have 56 bits of header in each TCP/IP packet. It's only after your computer does the converting that IT can save a copy to your hard drive. The GPL is quite specific - a copy of the source code affixed to some media, not transferred via some media.
As to the "pc with no removable media" - that is irrelevant to the GPL. The GPL deals with licensing; once you have a physical copy, it's up to you to decide if and how to transfer it to a computer, or whether you'll just stick it on the shelf for future reference.
There's no real ambiguity here. Code developers understand what "source code in machine-readable format" on a "physical medium" is. Like SCO, Skype tried to "get cute" wrt the GPL; like SCO, they should have just asked slashdot ;-) In a community this large, it is inevitable that some of us *do* have extensive legal experience.
Just goes to show you don't have as much experience interpreting legal documents as the judges who tried the case, and sided with the GPL.
The distribution on "a medium customarily used for software interchange" applies to the physical media used to store the progarm, not the method. The media can include floppies, cd and dvd roms, usb keys, etc. "The Internet" is not one of those media - you can't physically transfer a copy of the internet, unlike a cd or dvd.
Guess that's why you have to keep posting AC -
See this post http://slashdot.org/comments.pl?sid=547036&cid=23341900
Remember, this is a license - something that erxtends a permission where none otherwise exists. That which is not specifically allowed is forbidden. That's copyright law for you. If someone allows you to make a copy under certain specific conditions, that doesn't mean that you can also make copies under other conditions because they didn't expressly forbid them.
Again, from the GPL:
As the gpl states, there's nothing forcing you to accept these conditions. There is nothing in the gpl that gives you or skype permission to ship a binary with a physical product, then claim that "making the source available for download over the internet" being sufficient to fulfill your gpl "distribution of source" obligations.
The gpl uses the legal principle of "same means". For example, if you send someone a notice by unregistered mail, they're not obliged to use registered mail to reply, absent an agreement to the contrary.
The section I qouted specifically states that you canonly use the internet to distribute source if you distributed the binary over the internet.
That excludes the internet as an "interchange medium" for any other method of distribution under the terms of the gpl. In other words, to offer to distribute the source via the internet when the binary was distributed by any other means is quite simply prohibited on a plain reading of the GPL.
The reason to target skype instead of smc is obvious from your comment - since there ARE many different skype-enabled devices, it's quicker and more efficient to go after skype than to target each individual device manufacturer.
So you'll be able to store the source code on your copy of "the internet"?
Turn the power off, and the internet disappears, along with access to the code. The GPL is clear that when a physical medium is used to transfer the binary, a copy of the source, stored on a physical medium, must also be conveyed on demand. The day you can physically convey a "copy of the internet" to someone, you'll have a point.
Tell Zuxxes: Zuxxez to be you
Perhaps they're doing this because it's the only way they'll make any money, since the game itself is a flop?
Of course, if the game is a massive flop, they can't really claim much in the way of real damages ... since it obviously has no value.
Only if you distribute the binary via download can you use a download url as the same distribution medium.
From the GPL:
Otherwise no, the internet is not a valid means of distributing the source code.
In other words, if the person received the binary by physical transfer (in this case, a phone), the medium for transferring the source code must also be physical:
It's pretty straight-forward.
As you pointed out, it's Skype's software that is in question here. Skype is the one who isn't releasing the source, which they were supposed to give to SMC when they gave the binaries.
However, just to be on the safe side, I'd name SMC as a codefendent and ask them if they received their copy - and if not, to stop distributing the software/hardware bundle.
If you think getting up is the hardest part of your day NOW, just wait until you've been bedridden for 3 months.
http://www.networkmirror.com/N132udsTg07EUt3b/blocksandfiles.com/article/5056.html
You call THIS "recovered"??? More like "Houston,we have a problem ..."
/home/httpd/customtags/parameters.cfm: line 22
Error Executing Database Query.
Data source rejected establishment of connection, message from server: "Too many connections"
The error occurred in
20 :
21 :
22 :
23 : SELECT tag, value FROM parameters
24 :
SQL SELECT tag, value FROM parameters
DATASOURCE blocksandfiles
VENDORERRORCODE 1040
SQLSTATE 08004
Resources:
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser Opera/9.23 (X11; Linux i686; U; en)
Remote Address 70.49.63.152
Referrer http://blocksandfiles.com/article/5056
Date/Time 07-May-08 07:30 PM
Stack Trace
at cfparameters2ecfm1715857017.runPage(/home/httpd/customtags/parameters.cfm:22) at cfApplication2ecfm1592932022.runPage(/home/httpd/vhosts/blocksandfiles.co.uk/sitedocs/Application.cfm:17)
com.mysql.jdbc.exceptions.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: "Too many connections"
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:921)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1055)
at com.mysql.jdbc.Connection.createNewIO(Connection.java:2749)
at com.mysql.jdbc.Connection.(Connection.java:1553)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
at coldfusion.server.j2ee.sql.pool.JDBCPool.createPhysicalConnection(JDBCPool.java:562)
at coldfusion.server.j2ee.sql.pool.ConnectionRunner$RunnableConnection.run(ConnectionRunner.java:67)
at java.lang.Thread.run(Thread.java:619)