I do have a serious grudge with the education system. Everything useful I learned, I learned on my own, or in college. Mostly on my own. School was of very little help. It was mostly about power, authority, and the abuse thereof. Learning anything else took a back seat to those important lessons.
Maybe you were someone who 'played the game' and lived with the system. I couldn't stand it, and bucked the system from the time I was in kindergarten. I can count the number of times I destroyed property, hurt other students or disrupted classrooms on the fingers of one hand.
I just didn't play the game. I didn't value the things I was supposed to value. I didn't think the things that were supposed to be fun were fun. I didn't care about the approval of teachers, I cared about learning things.
It seems to me then that the government didn't get a good value for the patent when it sold it in the first place. If the government is going to sell my freedom to do something (in this case manufacture a particular molecule for use as a drug) they'd better be selling it a fair market value.
Fair market value is what the drug company paid the government in the first place, IMHO.
Patents are government granted monopolies. What the government grants, the government can taketh away. When you spend ceaser's coins, don't complain when he taxes you.
Yep, as long as you never, ever even think of buying or using any software other than Microsoft software, you're fine. That certainly isn't underhanded, it's just good business sense.
After all, why on earth would you ever want to use anything else?
Only the first copy of Windows takes any time and effort. Subsequent copies of Windows are practically free. I can (not saying I do) make them in my basement in a few minutes with capital measuring in the paltry hundreds of dollars and a per-unit cost measured in 10s of dollars (if you count my time).
Same with the wheel. The first wheel took an awful lot of time and effort to create. Someone had to have some interesting insights and intuition about the physical world, and translate that into a physical form. After that, making new wheels was pretty easy, though still a lot more difficult than me making a copy of Windows.
I think that corporations can exist without copyright. Trademarks, OTOH, are a very necessary part of corporate identity and branding. But I don't think copyright is that important. Redhat exists as a profitable corporation, and they even make some interesting software. They don't ask for copyright coverage that excludes rivals to do this.
I don't even think that copyright is necessary for the existence of professional software developers.
But, those are my opinions. It's quite possible (I think even probable) that there are benefits to some form of copyright protection (not the current form though) that justify the loss of freedom it entails.
My main point is that the reasoning tack that must be followed is a measure of the cost in freedom vs. the anticipated or actual benefit. Too often copyright conversations revolve around questions of ownership, which is not an appropriate way of framing the question.
Yep. Innocent people get convicted all the time. But, the courts are the only way we have of deciding if someone is guilty or not. So, unless you have a better system, we are forced to assume that everybody who's been convicted is guilty unless they can prove otherwise in a court of law.
Doing anything else is fundamentally undermining the justice system. You'd better have something better to put in its place if you do that.
At least the person is just having a GPS tracking device attached to them. They aren't being put to death even though they're innocent.
How are the specific bits of Windows more like a particular physical wheel and not like the idea of a wheel? It seems to me that they more closely resemble the idea than the actual wheel.
Besides, the debate includes patents, and patents do very specifically attempt to prevent you from copying the idea of a wheel.
How is the public interest served by the government creating a monopoly on the bits making up the implementation of Microsoft Windows? Why shouldn't it be able to be freely copied by anybody? Why is my natural freedom to make as many copies of Windows as I want worth trading away?
The wheel took someone an awful lot of time and effort to make the first one of. It also took a lot of time and effort to make the first sheet of paper, or the first alphabet. But they got made, and there weren't any patents or copyrights involved.
You can talk as much as you like about incentive and things. But, IMHO, you must start with the basic idea that the natural state of things is for stuff to be freely copyable. Then you must argue about a balance of the cost of giving away that freedom versus some benefit you think you will get from giving it away. Then you must argue why everybody, not just you should make that same trade.
That's a hard case to make. And your answer about Microsoft and Windows is a bit glib and ill-thought out.
There is a huge body of software that was conciously and purposely made without requiring that the people who use it trade away their freedom. So, why do we have to trade away our freedom in order to get software? Where is the benefit to us, as a society for doing so? Will we really get more software that way?
It seems to me like the Open Source community is signficantly more productive without that trade being the norm.
Re:Info on what exactly SHA-1 is ...
on
SHA-1 Broken
·
· Score: 2, Insightful
I don't think the NSA would gain a lot from a weakness in a secure hash algorithm. In an encryption algorithm, yes, but not a secure hash algorithm.
I've come to the same conclusion that you have. It just so happens though that Stallman is right, and Bill Gates isn't. But, yes, they are both egocentric megalomaniacs. Perhaps it takes that kind of personality for them both to have gotten to where they are. I am pretty sure that if Richard Stallman hadn't been such a persnickety jerk about little details of his message when he caught other people getting it a little wrong that we wouldn't have an Open Source movement today.
I did not get the impression from the quote that Bill Gates had shifted his views from the time of the quote until now. It merely indicates that all the high-minded ideals Gates talks about when he talked about 'intellectual property' count for squat, and that what he's really interested in is a world where the large players can shut the small ones out before they get a chance.
Here is a more complete version of the quote:
If people had understood how patents would be granted when most of today's ideas were invented, and had taken out patents, the industry would be at a complete standstill today. I feel certain that some large company will patent some obvious thing related to interface, object orientation, algorithm, application extension or other crucial technique. If we assume this company has no need of any of our patents then the have a 17-year right to take as much of our profits as they want. The solution to this is patent exchanges with large companies and patenting as much as we can.
Bill Gates in a 1991 memo called Challenges and Strategy
So, yes, you are correct. But the first part of his quote clearly illustrates that he knows exactly what kind of world strong and pervasive patent protection will create. That's the world he wants, a world where the IT industry is at a standstill because everything is owned by Microsoft and they have no interest in going anywhere anymore.
The only reason it isn't standard industry practice is that not enough companies have done it and gotten away with it. As soon as they have, you can bet industry practice will change.
Software who's source is not available cannot be trusted to act in your best interests. Whenever you run such software, you're giving some other organization control over your computer, and they will make your computer do whatever is in their best interests.
There are only two preventive measures I can think of, and only one that will work.
The first is to have some 'trusted' organization vet all the software you run to make sure it doesn't have any tricks in it. Of course, it will be easy for that organization to collude with the software makers without anybody finding out until possibly much later.
The second is to require that all software that runs on your machine have the full and complete source code available for your inspection.
Note that drafting all kinds of regulations that require companies to not do things like this is a very inefficient and inexact form of the first. We see how well it's been working for spam and spyware.
Actually, the abuse reports I've filed that havee been responded to have all been from people with compromised Unix (Linux in particular actually) boxes. But, you're right, they _could_ be Windows boxes. There are just various things that make me highly doubt it.
I was assuming they were running a Unix variant since they were scripting attempts to login to other boxes. It is possible that they were launching this script from Windows, but the script has some of the hallmarks of a worm, so I'm strongly suspect they aren't.
Also, the abuse reports I've filed that have been responded to have all been from people with compromised Linux boxes.
You know you didn't. I know you didn't. So who are you trying to fool?:D
Actually, no. I remember trying to hunt down the maintainer of a particular Ethernet card driver for quite some time and eventually giving up, ditching that Ethernet card and getting a different one. Sadly, I can't remember which driver it was. But, the experience told me that the stuff listed in the files for the driver isn't particularly useful.
I wouldn't have pulled 'out-of-date' out of thin air.
As for the rest of the conversation, there's no sense in talking about it any further. I still think filing a bug report with a patch in some reputable vendor's bug database is the easiest way to go.
It's all about what OTHER PEOPLE should do to make YOUR life easier.
Looking up a name in a list is TOO HARD for YOU!
No, I'm afraid that's where you're wrong. It's the problem of the Linux kernel developers and their reputation. That's what's at stake, and if that community of people chooses to make people jump through a bunch of hoops just to submit a patch for a security related problem then I wish them the kernel security they deserve.
Not obvious? It's where you go to get the source for the latest kernel.
I can't write patches for the kernel and even I can find it.
Congratulations. When I've looked through the Changelog or through the source for a particular module, I've largely found out-of-date email addresses unless it's for something recent. It's not reliable, and it's a stupidly obscure process.
Rather, it seems that that one person has a problem and your "solution" would only make MORE work for someone(s) who had to be the single point of failure (do you know that term) for processing patches.
Such an email address does not have to send email to just one person. So, there might be a single point of failure, but it would be the server for the email address, not a particular person.
Just to make life easier for the dumb people? I don't think so.
Yep, everybody who has a problem with how the current system works must be dumb. You sure showed me with your marvelous rhetorical style. I'll be sure not to argue with you again. The crushing grip of logic is just too much to bear.
So, show me either an instance of Intel admitting they are now playing follow-the-leader, or an instance where they are actually leading. Is there any reason at all to pay the price premium they charge for their hardware?
I don't care who looks at it, I just want a single email I can send a security flaw to no matter what system it's in. I, personally, wouldn't have had any idea how to figure out who to send the patch to without you having just outlined the process right here. That process is not obvious and too complicated.
There needs to be one single email address listed in a prominent place where you can send such things to. Perhaps all that happens is someone promptly sends you an email back saying who the patch really needs to go to, but the process you outline is not a tenable process for a kernel used by millions of people, some who are programmers who may have no familiarity with the Linux kernel development process, but are none-the-less capable of finding and fixing a security flaw all by themselves.
Oh, and I've gotten on average of one ssh login scan per day for the past 3-4 months, each from a different IP. That amounts to over a hundred boxes compromised enough to allow people to run attack toolkits. I highly doubt any of them have been run from the attacker's computer.
I didn't misread the article. Yes, going from 72 hours to 3 months is good. Yes, 3 months is still far and away better than any offering from Microsoft, and I can't imagine Microsoft's security ever getting any better than Linux's. I also can't imagine Microsoft's security getting that much better than it is now. The company's internal mindset won't allow it.
But Linux can and should do better than it is. I find self-congratulatory stuff about security to be kind of dangerous because it's so easy to get complacent. And, security _still_ isn't that great.
I'm saying that the Linux community doesn't. From reading that article, it looks like the people had a security patch they wanted to submit, and couldn't figure out who to submit it to. They got all kinds of conflicting answers, and there were no obvious "Submit Security Patches Here" email address listed anywhere.
Those things should've been in place already. From all the backpatting about security that happens around here, you would've thought they were in place. There still isn't a link on kernel.org. My approach right now would be to file the patch in a Fedora Bugzilla entry, but that feels pretty imperfect to me.
Slashdot Mirror
I do have a serious grudge with the education system. Everything useful I learned, I learned on my own, or in college. Mostly on my own. School was of very little help. It was mostly about power, authority, and the abuse thereof. Learning anything else took a back seat to those important lessons.
Maybe you were someone who 'played the game' and lived with the system. I couldn't stand it, and bucked the system from the time I was in kindergarten. I can count the number of times I destroyed property, hurt other students or disrupted classrooms on the fingers of one hand.
I just didn't play the game. I didn't value the things I was supposed to value. I didn't think the things that were supposed to be fun were fun. I didn't care about the approval of teachers, I cared about learning things.
It seems to me then that the government didn't get a good value for the patent when it sold it in the first place. If the government is going to sell my freedom to do something (in this case manufacture a particular molecule for use as a drug) they'd better be selling it a fair market value.
Fair market value is what the drug company paid the government in the first place, IMHO.
Patents are government granted monopolies. What the government grants, the government can taketh away. When you spend ceaser's coins, don't complain when he taxes you.
Yep, as long as you never, ever even think of buying or using any software other than Microsoft software, you're fine. That certainly isn't underhanded, it's just good business sense.
After all, why on earth would you ever want to use anything else?
Only the first copy of Windows takes any time and effort. Subsequent copies of Windows are practically free. I can (not saying I do) make them in my basement in a few minutes with capital measuring in the paltry hundreds of dollars and a per-unit cost measured in 10s of dollars (if you count my time).
Same with the wheel. The first wheel took an awful lot of time and effort to create. Someone had to have some interesting insights and intuition about the physical world, and translate that into a physical form. After that, making new wheels was pretty easy, though still a lot more difficult than me making a copy of Windows.
I think that corporations can exist without copyright. Trademarks, OTOH, are a very necessary part of corporate identity and branding. But I don't think copyright is that important. Redhat exists as a profitable corporation, and they even make some interesting software. They don't ask for copyright coverage that excludes rivals to do this.
I don't even think that copyright is necessary for the existence of professional software developers.
But, those are my opinions. It's quite possible (I think even probable) that there are benefits to some form of copyright protection (not the current form though) that justify the loss of freedom it entails.
My main point is that the reasoning tack that must be followed is a measure of the cost in freedom vs. the anticipated or actual benefit. Too often copyright conversations revolve around questions of ownership, which is not an appropriate way of framing the question.
Yep. Innocent people get convicted all the time. But, the courts are the only way we have of deciding if someone is guilty or not. So, unless you have a better system, we are forced to assume that everybody who's been convicted is guilty unless they can prove otherwise in a court of law.
Doing anything else is fundamentally undermining the justice system. You'd better have something better to put in its place if you do that.
At least the person is just having a GPS tracking device attached to them. They aren't being put to death even though they're innocent.
How are the specific bits of Windows more like a particular physical wheel and not like the idea of a wheel? It seems to me that they more closely resemble the idea than the actual wheel.
Besides, the debate includes patents, and patents do very specifically attempt to prevent you from copying the idea of a wheel.
How is the public interest served by the government creating a monopoly on the bits making up the implementation of Microsoft Windows? Why shouldn't it be able to be freely copied by anybody? Why is my natural freedom to make as many copies of Windows as I want worth trading away?
The wheel took someone an awful lot of time and effort to make the first one of. It also took a lot of time and effort to make the first sheet of paper, or the first alphabet. But they got made, and there weren't any patents or copyrights involved.
You can talk as much as you like about incentive and things. But, IMHO, you must start with the basic idea that the natural state of things is for stuff to be freely copyable. Then you must argue about a balance of the cost of giving away that freedom versus some benefit you think you will get from giving it away. Then you must argue why everybody, not just you should make that same trade.
That's a hard case to make. And your answer about Microsoft and Windows is a bit glib and ill-thought out.
There is a huge body of software that was conciously and purposely made without requiring that the people who use it trade away their freedom. So, why do we have to trade away our freedom in order to get software? Where is the benefit to us, as a society for doing so? Will we really get more software that way?
It seems to me like the Open Source community is signficantly more productive without that trade being the norm.
I don't think the NSA would gain a lot from a weakness in a secure hash algorithm. In an encryption algorithm, yes, but not a secure hash algorithm.
I've come to the same conclusion that you have. It just so happens though that Stallman is right, and Bill Gates isn't. But, yes, they are both egocentric megalomaniacs. Perhaps it takes that kind of personality for them both to have gotten to where they are. I am pretty sure that if Richard Stallman hadn't been such a persnickety jerk about little details of his message when he caught other people getting it a little wrong that we wouldn't have an Open Source movement today.
Here's a link to the original source for this quote.
I did not get the impression from the quote that Bill Gates had shifted his views from the time of the quote until now. It merely indicates that all the high-minded ideals Gates talks about when he talked about 'intellectual property' count for squat, and that what he's really interested in is a world where the large players can shut the small ones out before they get a chance.
Here is a more complete version of the quote:
So, yes, you are correct. But the first part of his quote clearly illustrates that he knows exactly what kind of world strong and pervasive patent protection will create. That's the world he wants, a world where the IT industry is at a standstill because everything is owned by Microsoft and they have no interest in going anywhere anymore.
You know, maybe (s)he was. Does it matter?
I rather agree. It would've been better had they used the 'Foot' icon. :-)
The only reason it isn't standard industry practice is that not enough companies have done it and gotten away with it. As soon as they have, you can bet industry practice will change.
Software who's source is not available cannot be trusted to act in your best interests. Whenever you run such software, you're giving some other organization control over your computer, and they will make your computer do whatever is in their best interests.
There are only two preventive measures I can think of, and only one that will work.
The first is to have some 'trusted' organization vet all the software you run to make sure it doesn't have any tricks in it. Of course, it will be easy for that organization to collude with the software makers without anybody finding out until possibly much later.
The second is to require that all software that runs on your machine have the full and complete source code available for your inspection.
Note that drafting all kinds of regulations that require companies to not do things like this is a very inefficient and inexact form of the first. We see how well it's been working for spam and spyware.
Actually, the abuse reports I've filed that havee been responded to have all been from people with compromised Unix (Linux in particular actually) boxes. But, you're right, they _could_ be Windows boxes. There are just various things that make me highly doubt it.
I was assuming they were running a Unix variant since they were scripting attempts to login to other boxes. It is possible that they were launching this script from Windows, but the script has some of the hallmarks of a worm, so I'm strongly suspect they aren't.
Also, the abuse reports I've filed that have been responded to have all been from people with compromised Linux boxes.
Actually, no. I remember trying to hunt down the maintainer of a particular Ethernet card driver for quite some time and eventually giving up, ditching that Ethernet card and getting a different one. Sadly, I can't remember which driver it was. But, the experience told me that the stuff listed in the files for the driver isn't particularly useful.
I wouldn't have pulled 'out-of-date' out of thin air.
As for the rest of the conversation, there's no sense in talking about it any further. I still think filing a bug report with a patch in some reputable vendor's bug database is the easiest way to go.
No, I'm afraid that's where you're wrong. It's the problem of the Linux kernel developers and their reputation. That's what's at stake, and if that community of people chooses to make people jump through a bunch of hoops just to submit a patch for a security related problem then I wish them the kernel security they deserve.
Congratulations. When I've looked through the Changelog or through the source for a particular module, I've largely found out-of-date email addresses unless it's for something recent. It's not reliable, and it's a stupidly obscure process.
Such an email address does not have to send email to just one person. So, there might be a single point of failure, but it would be the server for the email address, not a particular person.
Yep, everybody who has a problem with how the current system works must be dumb. You sure showed me with your marvelous rhetorical style. I'll be sure not to argue with you again. The crushing grip of logic is just too much to bear.
So, show me either an instance of Intel admitting they are now playing follow-the-leader, or an instance where they are actually leading. Is there any reason at all to pay the price premium they charge for their hardware?
I don't care who looks at it, I just want a single email I can send a security flaw to no matter what system it's in. I, personally, wouldn't have had any idea how to figure out who to send the patch to without you having just outlined the process right here. That process is not obvious and too complicated.
There needs to be one single email address listed in a prominent place where you can send such things to. Perhaps all that happens is someone promptly sends you an email back saying who the patch really needs to go to, but the process you outline is not a tenable process for a kernel used by millions of people, some who are programmers who may have no familiarity with the Linux kernel development process, but are none-the-less capable of finding and fixing a security flaw all by themselves.
Oh, and I've gotten on average of one ssh login scan per day for the past 3-4 months, each from a different IP. That amounts to over a hundred boxes compromised enough to allow people to run attack toolkits. I highly doubt any of them have been run from the attacker's computer.
I didn't misread the article. Yes, going from 72 hours to 3 months is good. Yes, 3 months is still far and away better than any offering from Microsoft, and I can't imagine Microsoft's security ever getting any better than Linux's. I also can't imagine Microsoft's security getting that much better than it is now. The company's internal mindset won't allow it.
But Linux can and should do better than it is. I find self-congratulatory stuff about security to be kind of dangerous because it's so easy to get complacent. And, security _still_ isn't that great.
I'm saying that the Linux community doesn't. From reading that article, it looks like the people had a security patch they wanted to submit, and couldn't figure out who to submit it to. They got all kinds of conflicting answers, and there were no obvious "Submit Security Patches Here" email address listed anywhere.
Those things should've been in place already. From all the backpatting about security that happens around here, you would've thought they were in place. There still isn't a link on kernel.org. My approach right now would be to file the patch in a Fedora Bugzilla entry, but that feels pretty imperfect to me.