Yes, you are correct in that there is no explicit/correct way in SMTP to do this. That is the most annoying omission in the SMTP protocol in my opinion. The best you can do is to abort the connection early. The same goes for the the body as well, there is no way to reject just a single message halfway through without aborting the entire SMTP session. So you do have to be very careful when doing this, or you may start blocking legitimate mail too.
On the bright side, most spammers tend not to use retry logic on the SMTP side. Out of about the 80,000 per day I process the number that attempt resending is almost negligible.
As far as filtering...I agree I wish you didn't have to do it at all. But sometimes you're forced to just to keep email running at all. And as of right now, it's still pretty effective.
No, the bandwidth issue can be partially solved if the message is intercepted at the SMTP server, and not after it's deposited in the mailbox. True the subject header is part of the SMTP "payload" and not a verb, but all headers must proceed the email message body. And the SMTP server can decide to reject the message prior to the receipt of the whole message (although this is a stretching of the sematics of the SMTP protocol).
This subject line filtering is something that sendmail milter's do all the time. In fact I do this now and it's quite effective at reducing bandwidth/storage issues. Although the real resource problem is in the number of open TCP connections...a lot of mail servers (spammers and legit alike) open a connection and then can take 15 minutes or more just to send the commands v e r y s l o w l y.
Now if you're doing this in your mail client, you're probably using IMAP or POP, and not SMTP. And those protocols do support downloading of just message headers without the body.
And when I send a message to both Sam and to Jane? Or Sam forwards my email to his friend Mike, but leaves the subject as "Fwd: Sam...", so Mike's email rejects it.
Or spammers just start sending you more stuff until one "breaks through",
Sean, great dealz now
Susan, great dealz now
Steve, great dealz now
Selma, great dealz now
Sam, great dealz now...gotcha
Note the special keyword trick can still be useful for certain personal communications...for instance if I tell all my friends to put the word "green" in their subjects...and my mail client then *whitelists* all subjects that contain "green". This may prevent me accidentally deleting their mail. But it's not a general purpose solution to spam.
It's neither piracy or stealing, it's called "copyright infringement"...that's the term the LAW uses exclusively. And even then, it's only for those cases of P2P exchange which are done outside of the allowable exemptions to copyright law.
If nothing else, this study even deflates the already weak argument that P2P is "stealing", because the argument used to be that by downloading you are "stealing" the potential income of artists. Well, without the economic argument now, then what exactly is stolen? There is nothing missing.
You're correct in pointing out that 1/5000 is still a significant number. But also that the study does not concentrate on the other side; that P2P may inspire sales that never would have been made.
The funny thing, but not unexpected, is that most businesses would be jumping for joy if a study like this came out. That percieved threats to your business in fact turned out not to be that bad after all. The RIAA/MPAA *should* be pleased by this study. IF it was about economics. But their reaction shows that it's not about the money at all, it's about their ability to totally control and manipulate human behavior and destroy capitalism, e.g., power.
Yes, you are being unfair. The spelling mistake is called a typo. And you may not know me personally, but I guess you now do know someone who has read Cantor's own words...me! I'm glad you met Aczel, I've never had the pleasure.
And yes, I have read the Principia (English translation), several times. That's pretty much a mandatory read for anybody serious about pure mathematics. And I've also read original (translated) works from Cantor, Euclid, Barendregt, Godel (sorry for the missing accent, I know how to spell it), Curry, Dedekind, and I'm sure many others I'm forgetting now. Yes, Cantor's work is very challenging because of his strange notation; but that's one of the reasons I love reading the original works rather than the pop-rehashes, you get to really see the inner thoughts and reasoning of those mathemeticians. My personal favorite is Russell; I guess it's kind of ironic that his is the name I mispelled.
BTW, another great book about Cantor (by someone other than Cantor himself) is "Georg Cantor: His Mathematics and Philosophy of the Infinite" by Joseph Warren Dauben. It is more of a thorough history and does not shy away from hard math, so I didn't originally mention it to the/. crowd.
Also, for those who may be encouraged to attempt to read some original material if you find all these pop books too fluffy, I do highly recommend trying some of the real books. Dover is a great single source for many clasics, at
Some are definitely easier reads than others, but it's worth trying. You do of course have to be aware that some of the things said may have been proven wrong, but that doesn't take away from the enjoyment of reading the author's original words rather than a dumbed-down retelling by someone else. Godel's theorem is especially interesting in this respect, as his proof is way more complex than most of the modern retellings, after people have found short cuts and easier notations. But that makes reading the original that much more rewarding.
One of the best non-mathematical books I've read on the modern theory of Infinity is
"The Mystery of the Aleph: Mathematics, the Kabbalah, and the Search for Infinity"
And it's still the best book which also contains a lot of very interesting biographical treatments of Cantor, the father of the modern theories.
Of course nothing replaces actually reading the original (English-translated) works of say the great Georg Cantor or my favorite, Bertrand Russel. If you have the mathematical fortitude I highly recommend those, there is so much detail in those, not just mathematical but philosophical as well. Dover publishers is a great source to find these important original translated works of lots of mathemeticians, and they are surprisinly cheap too.
The chilling thing is that if MS could acquire Netscape, they could then do what so far they've been unable to...take the Netscape source code for themselves and make a closed-source branch!
True, they could not "steal" the already GPL'ed stuff away from the rest of us, but they would be able to take that code and use that as a starting point for their own close-source derivitives, WITHOUT re-releasing their changes back to the public.
It all comes down to who owns the copyright. If Netscape Inc. owns the copyright, even if they licensed it under the GPL, then if MS buys the copyright ownership, they are completely free to also license the code back to themselves sans-GPL. This is perhaps the most effective way to defeat the GPL. (Hence why free-software projects should probably consider assigning their copyrights to the FSF, rather than keeping it....MS will never be able to but the FSF).
On the positive side...perhaps we could finally see alpha-channel support in PNG images in IE?
Come on, this shows nothing. The ONLY conclusion you can draw from this is that OpenSSL 0.9.7c is probably less secure than OpenSSL 0.9.7d. That's it.
Reviewing source code does not make any software more secure; because reviewing code does not change the code. The only thing reviewing does is to potentially find security flaws you didn't know existed. And that's what happened in this case. The fact that it's open source means that people other than the authors are also able to perform reviews, which in theory means that potentially more flaws will be discovered. So the fact that this flaw was discovered, and it was by a group of people other than the authors, in my opinion means that the open source model worked. We now have version 0.9.7d which is more secure.
To try to make any kind of comparison to say MS code, or even to other open source software is mostly a waste of time. And to all you Java/GnuTLS pundants, no, this doesn't prove that your pet favorite implementation is any more or any less secure that OpenSSL. Facts are facts, which are not opinions.
It always seems that most arguments over IP tends to resolve around the issue of compensation. Yet both sides seem to be missing two fundamental assumptions they are both making in the economics of intellectual work.
Creators of intellectual work have a right to compensation, and
Compensation occurs after the work has been completed.
I think we all need to challenge both of those axioms. I find myself in a particularly unique position (on/. anyway it seems) of being both mostly conservative with strong belief in the capitalistic society, while also abhoring most IP facades and even the very idea of exclusive artifical ownership of ideas. And I think the apparent conflict between these extremes is actually the result of poorly chosen axioms.
Think about economics outside the IP arena. Compensation is most usually made *prior* to (or in synchronism with) the creation/product. Townsfolk pay farmers for eggs they will receive, not for the past egg-yield of the farmer. Employers pay programmers' salaries for new programs they will write, not their past work. The church commissioned artists for masterpieces they would paint on the ceilings of their cathederals, not for the right to view already prepared graffitti. And even music cartels hire musicians mostly based upon contract for future creations.
So why are we so eager to assume without question that artists and authors are always due compensation on what they have already done, rather than as encouragement for what we want them to do. I'm sure it must have something to do with intrinsic differences in the supply/demand models and the opportunity v. incremental costs between physical and intellectual works. Also the concept of inventory of intellectual "property" seems to make little sense. The "intellectual" industry seems to have the same effect on traditional economic laws, as black holes have on physics. We can't keep using the traditional models to argue the IP world.
Yes, I am aware that I am overgeneralizing and that this argument has some holes; but I do believe there is some insight to be gained in this line of thought, and I'm curious what others may think....by the way, you have my permission to mayke derivative works of this comment by making your own intelligent response to it.
Yes, IPv6 does address many of the issues they apparently have. In particular they gripe about wanting a mesh-like network. But IPv6's multicasting and new "anycasting" protocols are much more intelligent than in IPv4 and could be used to construct highly dynamic and scalable meshes.
The addressing scheme of IPv6, along with the corresponding routing/topology advances, should provide for a much more dynamic, autodiscoverable, and efficient topology for "wireless" too. Of course the real issue is not really wireless versus wired. That's layer 1 and 2 stuff. But the differences in behavior that a typical wired/wireless nodes have. And I still don't see where IPv6 falls short there. Perhaps all the issues really come down to applications.
Actually the group that really seems to ligitimately push the boundaries of IPv6 (or IPv4) is NASA. The latency and very high error rates of interplanatary communications really does create interesting and challenging networking problems.
Patent law, like all laws of mankind, have a jurisdiction within which they are enforceable, usually the borders of a nation. Who's patent laws extend their jusidiction to space?
Now if you painted an advert on the rocket while on the ground you could be at risk, but what if the construction of the advert happened once you were in space?
Actually the NULL encryption algorithm is by default completely disallowed...it is not considered low-grade encryption, since it is in fact NO encryption.
In Mozilla go to Preferences -> Privacy & Security -> SSL -> Edit Ciphers -> Extra SSL3/TLS.... Then you'll see the two modes of NULL encryption,
No encryption with RSA authentication and a SHA1 MAC
No encryption with RSA authentication and a MD5 MAC
If you click on the cipher details button, you'll see that the effective key size is 0 bits.
You should also consider disabling SSLv2, since it is cryptographically broken (unless you have to use a site which doesn't support the newer TLS).
Note that this TLS/SSL non-encryption mode potentially applies to all TLS/SSL-enabled applications, not just web servers/browsers. You could argue that in some of those (such as email SMTP+STARTSSL), that using these modes almost makes sense if all you want is authentication.
A little off-topic from Java, but modern C++ from my experience is quite portable (at the source code level)---as long as you don't use Microsoft C++. If you stick to the STL and any number of free C++ extension libraries it works pretty well. We have very large and complex code that works equally well under Linux/gcc3, HP-UX's C++ compiler, and AIX's C++ compiler.
C++ portability seems to mostly be a big issue for those how are using old pre-standard compilers, or are using Microsoft compilers and using their proprietary extensions without knowing it.
Python is copylefted and is somewhat more comparable to Java than C. It has is own VM and is bytecompiled. It consists of not only a language, but also a rather rich library layer. And it is mostly "write once, run everywhere"; unless you specifically create/use extensions which are platform-bound. But the vast majority of Python programs are extremely portable.
Any Python has not suffered from any forking issues! Nor has Microsoft corrupted it via it's usual extend/embrace strategy. But Python is really *free*, unlike Java.
Back when the GPL1 and later GPL2 were written, free software was a very foreign philosphy. Those carefully composed licenses have been remarkably important and comprehensive at advancing the general goals of free software. Of course other licenses like the FDL for documentation have come along to address issue that the GPL didn't do very well.
So today the idea of free software is more mainstream and many of the past threats relatively diffused. But the recent intellectual property [sic] madness has caused a new unignorable threat to emerge...patents. This is why a new revision of the GPL is needed, to more forcibly address IP issues. This is also a big issue with standards bodies, governments, other open source projects like Apache, and yes even many commercial proprietary software vendors. So perhaps this is one case where the Apache folks actually leapfrogged FSF in trying to address this modern problem.
I believe patents to be the most credible threat to free/open source. The SCO stuff is tiny in comparison as it can have no long-lasting permament effect, even if SCO is absolutely correct [grin].
In fact, if they made if Free Software, rather than the weaker Open Source, then the defense-against-MS argument would be moot as well. Face it, it's not really so much about protecting Java against MS's "innovations" as it is Sun being control freaks and wanting to be the sole owner of what's becoming a very important community asset. So yes, open sourcing it makes no sense for Sun, but FREE-SOURCING it makes a lot of sense and is the right thing to do.
Stewardship is an important issue, a very important one actually. But there are still those sticky semi-legal points which can't be completely ignored. In this respect RMS, and to a lesser extent ESR, both are our stewards of Free Software. Just because Sun may be doing a good job, doesn't mean that we can ignore the technicalities.
Compare this to other important commercial "stewardships", such as Postscript and PDF as managed by Adobe. Those "standards" are completely under the control of Adobe, but aside from some recent DMCA nonsense, they've been very good stewards from a technical perspective. I mean compare Postscript with HP's PCL...which one has served Open Source/Free Software better?
But I think the Free Software community should hold higher standards of Freedom to language technologies like Java, whereas we may be willing to give a little more slack to data formats like PDF. But you know what, if Adobe stopped being good stewards then we'd be in trouble. Same for Java, only moreso. That's the threat ESR is trying to address.
Re:C++ had its day...and it is today
on
Practical C++
·
· Score: 5, Insightful
I find that those who write off C++ really don't know the language, or at least the "modern" standardized language. C++ is incredibly powerful, and if you use solid OO techniques you really shouldn't have many issues with memory management. At least in C++ (as apposed to Java) the language guarantees that all destructors will be called and with well defined ordering. That allows you to use resource allocation patterns that greatly simplify memory manangement or resource issues entirely.
Although you can compare pure Java with C++ as languages, it is meaningless to compare a Java framework/JDK such as J2EE with C++, as the former is an entire environment, not just the underlying language. There's lots of stuff that C++ does better than Java (generics/templates, destructors, high-performance containers, abstract algorithms). Not to mention that C++ is a completely standardized and *free* language, whereas Java is a fast moving pseudo non-free standard.
Oh, and the syntax problems you complain about are not really all that different from Java, or even C#. Yes, they are each somewhat different and some have cleaner syntaxes for specific issues, but in the grand scheme of computer languages they are almost the same. And there are syntax problems with Java too which C++ doesn't suffer...they are both strongly based upon a C foundation, like C#, Javascript, etc.
And yes, I've written very large C++ projects with many developers very successfully, and C++ has proven to be a very nice language indeed as long as you take the initial time to learn it correctly rather than out of a C++ for Dummy's tutorial.
Now if you want to talk high-level languages (both Java and C++ are low-level of approximately the same power), then you should be talking about something like Python, or more academically Haskell. But Java is by no means a high level language, just as C++ is not.
You are exactly right, it's not about anti-counterfeiting technology, but rather the inevitable exploitation of this for other purposes with much darker motives. Although I believe that protection of currencies is extremely important, this mechanism is particularly open to abuse. Not abuse by our governments, but by corporations and other control-centric organizations. It's a simple watermarking technique which anybody can use for any print material.
This will essentially be free copy protection which may someday be ubiquitously enforced in all hardware and with the backing of law. And it will be law based upon fraud and counterfeiting, rather than copyright law. So what few "freedom" holes are left in the DMCA and its like will now be plugged up by anti-counterfeit laws. If laws are created (and they WILL come), are we going to have equivalent circumvention exemptions?
In fact I thought I had heard someplace that these anti-copying patterns were already being discovered in certain print publications. Even if laws aren't passed, there is nothing to stop the damage possible now. The hardware and software is already in place in the hand of the unsuspecting public.
Actually the Amiga 1000, the very first version of the Amiga line, supported auto-detect and auto-run of floppies. I believe the A1000 was released in 1985 (or maybe late 1984).
For those too young to remember, the Amiga's autodetect worked by having specialized floppy hardware which would send an interrupt to the processor when media was inserted or ejected. So there was no "polling", such as was done on early PC hardware. And "autorunning" was possible by a variety of means. The Amiga supported 4 floppy drives.
The Amiga floppies also fully supported partitioning too, I remember having a floppy disk that had four separate and independant filesystems on it. How cool.
Can somebody explain why this new 1.1 license is necessarily incompatible with GPL2 / LGPL? True, it is an annoying licence change as the FSF article explains, and may not be a smart move for the project. But annoying doesn't make it incompatible. And no one even said (that I can determine) that original flawed BSD license was in fact incompatible; just undesirable.
In fact, this seems to be less restrictive than the GNU FDL license for documentation. It's not the same as past famous GPL-incompatible licenses, such as an old version of the Python license.
And let's see, security advisories/patches this week:
sendmail: none
openssh: none
Okay, how about the WHOLE YEAR OF 2003:
sendmail: 3
openssh: 5
And most of those were very obscure and not exploitable under default configurations, or for already-obsolete versions which people refuse to upgrade. And patches were available almost immediately.
Those stats are way better than even the Linux kernel (sorry Linus).
Ever hear of the RSA patent? If ever there was a software patent that was as close to being a mathematical formula I don't know what it would be. And that single "math" patent had major influences on suppressing innovation and computer security for decades. The world of cryptography is filled with supposedly unpatentable math formula patents.
There are other computer science fields that are also overly-burdended by patent minefields, such as text searching algorithms, compression algorithms, graphics compositing algorithms, and so forth. It's not just the GUIs, it's lots of stuff that actually looks and acts like math, and in many cases is actually represented by actual mathematical formulas! And yet they were patented.
Slashdot Mirror
Yes, you are correct in that there is no explicit/correct way in SMTP to do this. That is the most annoying omission in the SMTP protocol in my opinion. The best you can do is to abort the connection early. The same goes for the the body as well, there is no way to reject just a single message halfway through without aborting the entire SMTP session. So you do have to be very careful when doing this, or you may start blocking legitimate mail too.
On the bright side, most spammers tend not to use retry logic on the SMTP side. Out of about the 80,000 per day I process the number that attempt resending is almost negligible.
As far as filtering...I agree I wish you didn't have to do it at all. But sometimes you're forced to just to keep email running at all. And as of right now, it's still pretty effective.
No, the bandwidth issue can be partially solved if the message is intercepted at the SMTP server, and not after it's deposited in the mailbox. True the subject header is part of the SMTP "payload" and not a verb, but all headers must proceed the email message body. And the SMTP server can decide to reject the message prior to the receipt of the whole message (although this is a stretching of the sematics of the SMTP protocol).
This subject line filtering is something that sendmail milter's do all the time. In fact I do this now and it's quite effective at reducing bandwidth/storage issues. Although the real resource problem is in the number of open TCP connections...a lot of mail servers (spammers and legit alike) open a connection and then can take 15 minutes or more just to send the commands v e r y s l o w l y.
Now if you're doing this in your mail client, you're probably using IMAP or POP, and not SMTP. And those protocols do support downloading of just message headers without the body.
And when I send a message to both Sam and to Jane? Or Sam forwards my email to his friend Mike, but leaves the subject as "Fwd: Sam ...", so Mike's email rejects it.
Or spammers just start sending you more stuff until one "breaks through",
Sean, great dealz now
Susan, great dealz now
Steve, great dealz now
Selma, great dealz now
Sam, great dealz now...gotcha
Note the special keyword trick can still be useful for certain personal communications...for instance if I tell all my friends to put the word "green" in their subjects...and my mail client then *whitelists* all subjects that contain "green". This may prevent me accidentally deleting their mail. But it's not a general purpose solution to spam.
It's neither piracy or stealing, it's called "copyright infringement"...that's the term the LAW uses exclusively. And even then, it's only for those cases of P2P exchange which are done outside of the allowable exemptions to copyright law.
If nothing else, this study even deflates the already weak argument that P2P is "stealing", because the argument used to be that by downloading you are "stealing" the potential income of artists. Well, without the economic argument now, then what exactly is stolen? There is nothing missing.
You're correct in pointing out that 1/5000 is still a significant number. But also that the study does not concentrate on the other side; that P2P may inspire sales that never would have been made.
The funny thing, but not unexpected, is that most businesses would be jumping for joy if a study like this came out. That percieved threats to your business in fact turned out not to be that bad after all. The RIAA/MPAA *should* be pleased by this study. IF it was about economics. But their reaction shows that it's not about the money at all, it's about their ability to totally control and manipulate human behavior and destroy capitalism, e.g., power.
Yes, you are being unfair. The spelling mistake is called a typo. And you may not know me personally, but I guess you now do know someone who has read Cantor's own words...me! I'm glad you met Aczel, I've never had the pleasure.
And yes, I have read the Principia (English translation), several times. That's pretty much a mandatory read for anybody serious about pure mathematics. And I've also read original (translated) works from Cantor, Euclid, Barendregt, Godel (sorry for the missing accent, I know how to spell it), Curry, Dedekind, and I'm sure many others I'm forgetting now. Yes, Cantor's work is very challenging because of his strange notation; but that's one of the reasons I love reading the original works rather than the pop-rehashes, you get to really see the inner thoughts and reasoning of those mathemeticians. My personal favorite is Russell; I guess it's kind of ironic that his is the name I mispelled.
BTW, another great book about Cantor (by someone other than Cantor himself) is "Georg Cantor: His Mathematics and Philosophy of the Infinite" by Joseph Warren Dauben. It is more of a thorough history and does not shy away from hard math, so I didn't originally mention it to the /. crowd.
Also, for those who may be encouraged to attempt to read some original material if you find all these pop books too fluffy, I do highly recommend trying some of the real books. Dover is a great single source for many clasics, at
doverpublications.com
Some are definitely easier reads than others, but it's worth trying. You do of course have to be aware that some of the things said may have been proven wrong, but that doesn't take away from the enjoyment of reading the author's original words rather than a dumbed-down retelling by someone else. Godel's theorem is especially interesting in this respect, as his proof is way more complex than most of the modern retellings, after people have found short cuts and easier notations. But that makes reading the original that much more rewarding.
One of the best non-mathematical books I've read on the modern theory of Infinity is
"The Mystery of the Aleph: Mathematics, the Kabbalah, and the Search for Infinity"
And it's still the best book which also contains a lot of very interesting biographical treatments of Cantor, the father of the modern theories.
Of course nothing replaces actually reading the original (English-translated) works of say the great Georg Cantor or my favorite, Bertrand Russel. If you have the mathematical fortitude I highly recommend those, there is so much detail in those, not just mathematical but philosophical as well. Dover publishers is a great source to find these important original translated works of lots of mathemeticians, and they are surprisinly cheap too.
The chilling thing is that if MS could acquire Netscape, they could then do what so far they've been unable to...take the Netscape source code for themselves and make a closed-source branch!
True, they could not "steal" the already GPL'ed stuff away from the rest of us, but they would be able to take that code and use that as a starting point for their own close-source derivitives, WITHOUT re-releasing their changes back to the public.
It all comes down to who owns the copyright. If Netscape Inc. owns the copyright, even if they licensed it under the GPL, then if MS buys the copyright ownership, they are completely free to also license the code back to themselves sans-GPL. This is perhaps the most effective way to defeat the GPL. (Hence why free-software projects should probably consider assigning their copyrights to the FSF, rather than keeping it....MS will never be able to but the FSF).
On the positive side...perhaps we could finally see alpha-channel support in PNG images in IE?
Come on, this shows nothing. The ONLY conclusion you can draw from this is that OpenSSL 0.9.7c is probably less secure than OpenSSL 0.9.7d. That's it.
Reviewing source code does not make any software more secure; because reviewing code does not change the code. The only thing reviewing does is to potentially find security flaws you didn't know existed. And that's what happened in this case. The fact that it's open source means that people other than the authors are also able to perform reviews, which in theory means that potentially more flaws will be discovered. So the fact that this flaw was discovered, and it was by a group of people other than the authors, in my opinion means that the open source model worked. We now have version 0.9.7d which is more secure.
To try to make any kind of comparison to say MS code, or even to other open source software is mostly a waste of time. And to all you Java/GnuTLS pundants, no, this doesn't prove that your pet favorite implementation is any more or any less secure that OpenSSL. Facts are facts, which are not opinions.
It always seems that most arguments over IP tends to resolve around the issue of compensation. Yet both sides seem to be missing two fundamental assumptions they are both making in the economics of intellectual work.
I think we all need to challenge both of those axioms. I find myself in a particularly unique position (on /. anyway it seems) of being both mostly conservative with strong belief in the capitalistic society, while also abhoring most IP facades and even the very idea of exclusive artifical ownership of ideas. And I think the apparent conflict between these extremes is actually the result of poorly chosen axioms.
Think about economics outside the IP arena. Compensation is most usually made *prior* to (or in synchronism with) the creation/product. Townsfolk pay farmers for eggs they will receive, not for the past egg-yield of the farmer. Employers pay programmers' salaries for new programs they will write, not their past work. The church commissioned artists for masterpieces they would paint on the ceilings of their cathederals, not for the right to view already prepared graffitti. And even music cartels hire musicians mostly based upon contract for future creations.
So why are we so eager to assume without question that artists and authors are always due compensation on what they have already done, rather than as encouragement for what we want them to do. I'm sure it must have something to do with intrinsic differences in the supply/demand models and the opportunity v. incremental costs between physical and intellectual works. Also the concept of inventory of intellectual "property" seems to make little sense. The "intellectual" industry seems to have the same effect on traditional economic laws, as black holes have on physics. We can't keep using the traditional models to argue the IP world.
Yes, I am aware that I am overgeneralizing and that this argument has some holes; but I do believe there is some insight to be gained in this line of thought, and I'm curious what others may think....by the way, you have my permission to mayke derivative works of this comment by making your own intelligent response to it.
Yes, IPv6 does address many of the issues they apparently have. In particular they gripe about wanting a mesh-like network. But IPv6's multicasting and new "anycasting" protocols are much more intelligent than in IPv4 and could be used to construct highly dynamic and scalable meshes.
The addressing scheme of IPv6, along with the corresponding routing/topology advances, should provide for a much more dynamic, autodiscoverable, and efficient topology for "wireless" too. Of course the real issue is not really wireless versus wired. That's layer 1 and 2 stuff. But the differences in behavior that a typical wired/wireless nodes have. And I still don't see where IPv6 falls short there. Perhaps all the issues really come down to applications.
Actually the group that really seems to ligitimately push the boundaries of IPv6 (or IPv4) is NASA. The latency and very high error rates of interplanatary communications really does create interesting and challenging networking problems.
Patent law, like all laws of mankind, have a jurisdiction within which they are enforceable, usually the borders of a nation. Who's patent laws extend their jusidiction to space?
Now if you painted an advert on the rocket while on the ground you could be at risk, but what if the construction of the advert happened once you were in space?
Actually the NULL encryption algorithm is by default completely disallowed...it is not considered low-grade encryption, since it is in fact NO encryption.
In Mozilla go to Preferences -> Privacy & Security -> SSL -> Edit Ciphers -> Extra SSL3/TLS.... Then you'll see the two modes of NULL encryption,
No encryption with RSA authentication and a SHA1 MAC
No encryption with RSA authentication and a MD5 MAC
If you click on the cipher details button, you'll see that the effective key size is 0 bits.
You should also consider disabling SSLv2, since it is cryptographically broken (unless you have to use a site which doesn't support the newer TLS).
Note that this TLS/SSL non-encryption mode potentially applies to all TLS/SSL-enabled applications, not just web servers/browsers. You could argue that in some of those (such as email SMTP+STARTSSL), that using these modes almost makes sense if all you want is authentication.
A little off-topic from Java, but modern C++ from my experience is quite portable (at the source code level)---as long as you don't use Microsoft C++. If you stick to the STL and any number of free C++ extension libraries it works pretty well. We have very large and complex code that works equally well under Linux/gcc3, HP-UX's C++ compiler, and AIX's C++ compiler.
C++ portability seems to mostly be a big issue for those how are using old pre-standard compilers, or are using Microsoft compilers and using their proprietary extensions without knowing it.
Python is copylefted and is somewhat more comparable to Java than C. It has is own VM and is bytecompiled. It consists of not only a language, but also a rather rich library layer. And it is mostly "write once, run everywhere"; unless you specifically create/use extensions which are platform-bound. But the vast majority of Python programs are extremely portable.
Any Python has not suffered from any forking issues! Nor has Microsoft corrupted it via it's usual extend/embrace strategy. But Python is really *free*, unlike Java.
Yeah, that was HAL's excuse too.
Seriously, hats off to all the JPL programmers. Proving to the Martians that there is indeed intelligent life on Earth, very intelligent.
Back when the GPL1 and later GPL2 were written, free software was a very foreign philosphy. Those carefully composed licenses have been remarkably important and comprehensive at advancing the general goals of free software. Of course other licenses like the FDL for documentation have come along to address issue that the GPL didn't do very well.
So today the idea of free software is more mainstream and many of the past threats relatively diffused. But the recent intellectual property [sic] madness has caused a new unignorable threat to emerge...patents. This is why a new revision of the GPL is needed, to more forcibly address IP issues. This is also a big issue with standards bodies, governments, other open source projects like Apache, and yes even many commercial proprietary software vendors. So perhaps this is one case where the Apache folks actually leapfrogged FSF in trying to address this modern problem.
I believe patents to be the most credible threat to free/open source. The SCO stuff is tiny in comparison as it can have no long-lasting permament effect, even if SCO is absolutely correct [grin].
In fact, if they made if Free Software, rather than the weaker Open Source, then the defense-against-MS argument would be moot as well. Face it, it's not really so much about protecting Java against MS's "innovations" as it is Sun being control freaks and wanting to be the sole owner of what's becoming a very important community asset. So yes, open sourcing it makes no sense for Sun, but FREE-SOURCING it makes a lot of sense and is the right thing to do.
Stewardship is an important issue, a very important one actually. But there are still those sticky semi-legal points which can't be completely ignored. In this respect RMS, and to a lesser extent ESR, both are our stewards of Free Software. Just because Sun may be doing a good job, doesn't mean that we can ignore the technicalities.
Compare this to other important commercial "stewardships", such as Postscript and PDF as managed by Adobe. Those "standards" are completely under the control of Adobe, but aside from some recent DMCA nonsense, they've been very good stewards from a technical perspective. I mean compare Postscript with HP's PCL...which one has served Open Source/Free Software better?
But I think the Free Software community should hold higher standards of Freedom to language technologies like Java, whereas we may be willing to give a little more slack to data formats like PDF. But you know what, if Adobe stopped being good stewards then we'd be in trouble. Same for Java, only moreso. That's the threat ESR is trying to address.
I find that those who write off C++ really don't know the language, or at least the "modern" standardized language. C++ is incredibly powerful, and if you use solid OO techniques you really shouldn't have many issues with memory management. At least in C++ (as apposed to Java) the language guarantees that all destructors will be called and with well defined ordering. That allows you to use resource allocation patterns that greatly simplify memory manangement or resource issues entirely.
Although you can compare pure Java with C++ as languages, it is meaningless to compare a Java framework/JDK such as J2EE with C++, as the former is an entire environment, not just the underlying language. There's lots of stuff that C++ does better than Java (generics/templates, destructors, high-performance containers, abstract algorithms). Not to mention that C++ is a completely standardized and *free* language, whereas Java is a fast moving pseudo non-free standard.
Oh, and the syntax problems you complain about are not really all that different from Java, or even C#. Yes, they are each somewhat different and some have cleaner syntaxes for specific issues, but in the grand scheme of computer languages they are almost the same. And there are syntax problems with Java too which C++ doesn't suffer...they are both strongly based upon a C foundation, like C#, Javascript, etc.
And yes, I've written very large C++ projects with many developers very successfully, and C++ has proven to be a very nice language indeed as long as you take the initial time to learn it correctly rather than out of a C++ for Dummy's tutorial.
Now if you want to talk high-level languages (both Java and C++ are low-level of approximately the same power), then you should be talking about something like Python, or more academically Haskell. But Java is by no means a high level language, just as C++ is not.
You are exactly right, it's not about anti-counterfeiting technology, but rather the inevitable exploitation of this for other purposes with much darker motives. Although I believe that protection of currencies is extremely important, this mechanism is particularly open to abuse. Not abuse by our governments, but by corporations and other control-centric organizations. It's a simple watermarking technique which anybody can use for any print material.
This will essentially be free copy protection which may someday be ubiquitously enforced in all hardware and with the backing of law. And it will be law based upon fraud and counterfeiting, rather than copyright law. So what few "freedom" holes are left in the DMCA and its like will now be plugged up by anti-counterfeit laws. If laws are created (and they WILL come), are we going to have equivalent circumvention exemptions?
In fact I thought I had heard someplace that these anti-copying patterns were already being discovered in certain print publications. Even if laws aren't passed, there is nothing to stop the damage possible now. The hardware and software is already in place in the hand of the unsuspecting public.
/* Copyright FSF^H^H^H SCO Group */
#define EABORT 1
#define ERETRY EABORT
#define ECANCEL EABORT
#define EADMIRAL_PROTECTION 4
#define EGENERAL_PROTECTION EADMIRAL_PROTECTION
#define EBLUE_SCREEN 5
#define ELOCKUP 6
#define EPIRACY_DETECTED 7
#define EEND_OF_LIFE_TIME_BOMB 8
#define EINVOKE_CLIPPY 9
#define EI_WISH_I_WERE_LINUX 10
Actually the Amiga 1000, the very first version of the Amiga line, supported auto-detect and auto-run of floppies. I believe the A1000 was released in 1985 (or maybe late 1984).
For those too young to remember, the Amiga's autodetect worked by having specialized floppy hardware which would send an interrupt to the processor when media was inserted or ejected. So there was no "polling", such as was done on early PC hardware. And "autorunning" was possible by a variety of means. The Amiga supported 4 floppy drives.
The Amiga floppies also fully supported partitioning too, I remember having a floppy disk that had four separate and independant filesystems on it. How cool.
Can somebody explain why this new 1.1 license is necessarily incompatible with GPL2 / LGPL? True, it is an annoying licence change as the FSF article explains, and may not be a smart move for the project. But annoying doesn't make it incompatible. And no one even said (that I can determine) that original flawed BSD license was in fact incompatible; just undesirable.
In fact, this seems to be less restrictive than the GNU FDL license for documentation. It's not the same as past famous GPL-incompatible licenses, such as an old version of the Python license.
And let's see, security advisories/patches this week:
sendmail: none
openssh: none
Okay, how about the WHOLE YEAR OF 2003:
sendmail: 3
openssh: 5
And most of those were very obscure and not exploitable under default configurations, or for already-obsolete versions which people refuse to upgrade. And patches were available almost immediately.
Those stats are way better than even the Linux kernel (sorry Linus).
Now, want to go pick on somebody else? (MS????)
Ever hear of the RSA patent? If ever there was a software patent that was as close to being a mathematical formula I don't know what it would be. And that single "math" patent had major influences on suppressing innovation and computer security for decades. The world of cryptography is filled with supposedly unpatentable math formula patents.
There are other computer science fields that are also overly-burdended by patent minefields, such as text searching algorithms, compression algorithms, graphics compositing algorithms, and so forth. It's not just the GUIs, it's lots of stuff that actually looks and acts like math, and in many cases is actually represented by actual mathematical formulas! And yet they were patented.