Re:"technically illegal"
on
Perens on Patents
·
· Score: 2, Interesting
Maybe the term "illegal" needs further qualifiction. True, you may not be in breach of the Laws of the US Government (or other gov't). But as you said you are still liable. This has the same effect, that of doing something is okay as long as you don't get caught.
The problem with patents is that instead of the govenment defining the "law" and hence what's legal or not, that power is transfered to the patent holder. The patent holder now has the complete authority to define who and under what circumstances praticing their patent is "illegal" or not [okay, the courts do get veto power if you have enough money to pay for it, but by that point the "chilling" damage has been done]. And unlike the government, the patent holders can be completely unfair about it. IBM could say "only people with blue eyes may use our patent". And patent holders can change their mind any any point too (look no further than the MP3 mess, or the GIF/LZW fiasco).
So those who wish to practice patents are always left looking over their shoulders, knowing that they are in effect in breach of the patent and just hoping that they don't get caught or that the patent holder continues to not care. This is a kind of "illegality", if not technically part of the US legal definition. It's not much different than speeding, you just never know when you will be the unlucky one that gets pulled over.
So Patents in my opinion are NEVER just defensive. They are ALWAYS are offensive, if nothing more than just by imposing a potential threat of "being caught", or that suddenly the holder decides they don't like people with brown eyes.
This is off topic, but your macro itself has problems. It permits its use without a statement-terminating semicolon. It is always best to define multi-statement macro blocks with a do-while loop as:
#define return(x) do{..... }while(0)
Notice no semicolon after the "while(0)". This makes it an error to omit the semicolon after the macro's use, and thus behaves more like an actual function in syntax. Oh, and this is one case where you really DO want the parenthesis around the return "value" x inside the macro, since "x" is not a variable but a macro argument which could contain a semicolon.
Yes you're right. Anybody who writes code can write security bugs equally well; doesn't matter if you do it in the open or locked up in some Redmond cubicle. And although Open Source software in general may be more secure, the Open Source model does not itself prevent security bugs (nor does the proprietary model).
But the most important part of being Open Source (err Free Software to be more correct), is the Open part. That's not primarily and advantage for the developers, but for users! Thanks to it being open, I personally have the ability to apply the two-line patch myself...oh, and knowing what those two lines are. I don't have to wait on Redmond to do it, if ever, or worry about what kind of mandatory DRM feature comes hidden with the security patch.
I just checked the current Red Hat 9 kernel source RPM and it does not have the patch yet [kernel-2.4.20-20.9.src.rpm]. I would expect a new kernel to show up soon though....I hope. The supposed patch which fixed this was in do_brk() [a/. comment further down provides the bk url]
From an open/free software view this is a wonderful announcement (an obvious role-model for the e-voting devices), but from a security perspective the issue you bring up is important.
Of course with the software (or in fact with just complete specs) you could build your own phone (or simulation of one) which you could then use for interoperability testing with a real phone. This could verify that the phone at least appeared to operate as the code specifies...black box testing.
It's also not mandatory that they allow your to install your own software....they could have this in a ROM which is not reprogrammable. But if there's a way for you to inspect the ROM or checksum it, you could still compare it against the source code they gave you....without having to give you the ability to install your own code.
But of course these kinds of tests do not mean that there aren't any backdoors in the phone, either in software or hardware. Anybody remember the Clipper Chip? If you had the source and specs, minus the backdoor part, you would not be able to determine that there was a problem. And even if the cryptography has no backdoor, you still have to trust the hardware itself to not just turn around and rebroadcast/record your conversations over another connection or some other type of intentional leaking outside of the encryption protocol itself. Some of this can be checked with the right equipment, but covert channels can be extremely difficult to detect.
But at some point you just have to trust the company and its products, or if you don't trust them then build your own encryption device.
And you have a 1/100,000,000 chance that a van full of kevlar-wearing miltiamen with night-scope goggles and oodles of weaponry break down your door and take whatever they want without fingerprints, or make you do it for them as they hold your girlfriend with a grenade in her mouth.
More seriously, some biometrics are more unique than others...but most are pretty good. Things like facial thermal patterns (blood veins under the skin) or retinal patterns are supposed to be twin-proof. Also, did you realize that even those super-strong 8096-bit RSA keys or elliptic-curve keys also reduce to just a number! They must not be secure either. It's all a matter of risk/cost. The main problems with biometrics are false positive/negatives, reputability, and norevokability. But uniqueness, although a legitimate metric, is usually not the main problem.
You should definitely read Ferguson and Schneier's book Practical Cryptography (ISBN 0-471-22357-3).
We evaluated many biometric products a while back (mostly fingerprint readers), and I was surprised to learn that most were nothing more than fancy ways to have the computer memorize passwords. So they really provided no additional security. This is especially true if you're using them in a distributed environment, and moreso if it's not 100% Windows. And even those that offered SDK's basically only provided ways to map fingerprints to passwords.
Basically most of them were just convienient shortcuts where the software would, much like a programmable keyboard, just send your username/password across for you to some application's password-entry dialog. Most technologists just didn't have a clue as to why this is not secure. And even scarier, many of the vendors I spoke with also seemed to not understand that or just downplayed it pretending I didn't notice. And good luck figuring this out, vendor FUD seems to be very deep and commonplace.
Now, get me one that is actually securely integrated with something like Kerberos or smart-cards with RSA keys, etc. But if all it does is memorize passwords, then it's not security...and may be worse.
November 14, Redmond, Washington - ipRus Inc. has just released the next generation computer game, SimPatent(R)(TM)(SM). It is a massively distributed multiplayer sinulation environment which allows gamers worldwide to participate in the fun world of intellectual property. Previously reserved only for high class CEOs and high payed lawyers (and an occasional 12-year old), this new simulation allows anybody to wield the power of intelectual control to crush their opponents. Cheating is not only allowed, but encouraged as a way to help out those players who are not very good. If an opponent is stronger than you, you may within the game reduce him to nothing by using our patented simulated legal system. Plans are already underway for enhancements, including a legislative system that can be manipulated by players to alter the game rules in their favor. ipRus's game servers are to go online in early December 2003, however the company is already accepting player applications, requiring only the exchange of personal information and email addresses.
What makes Enterprise ES more attractive than either WS or AS, or even Fedora? Your website only makes vague short descriptions of each of the variants, and I have yet to find any advantage that ES may hold over its two peers. Even partners like Oracle are reluctant/refusing to support ES.
One thing that would make a huge difference to us involved in purchasing Linux would be more detailed technical descriptions on your website. Even just having a package listing would I think relieve much confusion.
If you read the
complete Title 15 Section 2 (15USC2) and look at the amendments log at the end you'll see that the fee was updated to $10m in 1990 as part of Public Law 101-588, and a few times prior to that as well. In fact the original law in 1955 was only a $5,000 fine and only a misdemeanor. Note that those fees/punlishments are for the felony act. That doesn't necessarily limit what the government can do to end the monopoly or act in the public's interest.
However while pretending to be an informed/.'er, you should really read the whole law as it aplies to monopolies, not just the small section 2. See the 15USC Chapter 1. In particular you may want to read section 21, 24, 37 among others.
Good presentation of information IS being pragmatic. Too often people substitute the word "pragmatic" for the word "lazy".
Speaking of the PowerPoint generation, as a software developer who actually tries to study information presentation from the likes of Edward Tufte, Jakob Nielsen, and so forth I still get real frustrated when the PHB's dictate requirements with no insight at all. Often times colors choices are made just by picking the prettiest color amongst the 32-color palette available in the MS Word toolbar or something silly like that. I find that in the real world it's not that Tufte is not very pragmatic, its just that the people making the decisions have not even heard of Tufte.
So if an ISP were truely responsible then they should be blocking port 80 too, huh? Think of all the abuse that goes over port 80!
Yes, I will grant that mail transport and mail submission are two separate tasks. That is why sendmail for instance isolates each activity with separate processes and even security barriers (user/group permissions, etc.). But just because it's two tasks doesn't mean my own computer is incapable of doing both or that I must be forced to allow my ISP to handle one half of it (that would make them an ASP). The main functional difference is that submission is basically an interactive activity whereas transmission is anything but interactive; it's not about preventing me from being responsible for my own email.
However that is not an argument for disallowing SMTP (port 25). In fact one of the strengths of SMTP is its queuing ability...so ideally my mail reader (MUA) would use a mail submission protocol to insert my message into the queue of my MTA running on the same box (or perhaps one amongst my home network). Then my MTA (e.g., sendmail) can sit there happily trying to deliver my mail.
Now if an ISP wants to run an SMTP server for me and I don't mind giving up control of my email, thats an extra service that some may be willing to pay for. Or if an ISP wants to monitor my network usage and block on a case-by-case basis because of abuse then that's being responsible. But blindly disabling the Internet for everybody makes them an INSP (Internet NON-Service Provider).
As far as STARTTLS, it would be a disservice not to configure your SMTP server to use it. Since when is adding security considered a bad thing? Everybody in/. is always griping about how insecure SMTP (supposedly) is, but then turn around and ignore all the features it has.
And furthermore, the primary difficult of preventing spam is identification and authentication of the sender...not of disabling an entire network protocol and substituting another one. Authentication relies on identifying people, and usually involves a complex PKI system which nobody can figure out how to do (think Verisign here), or a haphazard trust-based model like PGP which doesn't scale well. And other experimental protocols do not change that fact. And no, alternative protocols like SMTP+AUTH are not solutions.
Blocking entire ports is like using like using a sledge hammer to affix a staple. First the majority of spam email wouldn't be affected. And if you're delivering mail via some other protocol spammers will still get through. Port blocking is not really a good policy, except on an individual basis where there is proof of such activity; or in cases where the client is paying for an intentionally crippled partial Internet access.
There is nothing wrong with using port 25. And if you want to use TLS/SSL, you should still use port 25 via the well established STARTTLS extension to the SMTP protocol. There is no reason to waste additional port numbers on experimental protocols when the SMTP protocol already does all that and is fairly mature with lots of supported software.
Oh, and I for one rely on having egress port-25 traffic from my home DSL. I am not a spammer, but I am a network administrator of a large company and find it very useful to "test" my own servers from an external unrelated addresses.
The exemptions are only for the so-called anti-circumvention clauses in the DMCA legilation. They do not remove the force of copyright. So MAME may very well be legal to distribute now, but sharing of copyrighted ROM images is by no means covered. A copyright violation is still a copyright violation.
Note that the exemptions also do not necessarily allow for the circumvention of non-obsolete formats; which they define as having commercially or reasonably available systems. So hacking X-boxes or Playstations, or providing programs to let you play Playstation games on a PC are not covered....yet. But I guess those old Atari, Intellivisions, etc. crowd may now finally be able to legally re-access the games they had purchased many decades ago.
According to this product page copper is much better at resisting corrosion than aluminum if it's subject to a lot of dog urine. So you don't have to worry if you put your tower on the floor where your pet will try to prove Murphy correct.
But assuming you've trained Spot to stay away, copper corrosion is not usually a problem in open air inside a computer case, just look at all the copper heat sinks on the market now. But in places where it can be an issue (such as in water cooling systems) copper is sometimes nickel plated, or a bronze-like allow may be used. For a more serious look at copper and copper-alloy corrosion see this copper corrosion paper. There's also this useful science experiment that explains how having different types of metals touch each other (like copper and aluminum) affects the corrosion rates of each.
Why not. Don't forget about the absurdly large pile of cash MS has; this is like pocket change. They could buy a couple more of those stupid 1-degree of separation commericals or the goofy guy in a ill-fitting butterfly costume, or they could help keep the SCO lawsuit and FUD campaign against GNU/Linux going strong. The real question would be why would MS *not* do this? Bill didn't get an illegal monopoly by taking the high road and not taking advantage of unethical opportunities. And MS couldn't have wished for a better opportunity for world domination than this SCO thing; well, except that SCO's case has more holes than a wad of cheesecloth.
Then you must be excluding MSIE from your tests. Getting web pages to successfully validate against the W3C validators is just the beginning.
So, do you serve up your latest XHTML pages with a standard mime type of "application/xml+xhtml"? Or are you still using the old deprecated "text/html"? Ooops, IE doesn't understand the new standard mime type. Or oops, you didn't realize that was the new standard (it's burried out there on W3C). That's just one very small example of the details you have to deal with if you are very serious about standards conformance.
I'm not trying to discourage you though. I have spent countless hours making web pages just about as perfectly conforming as I can, using the STRICT standards. I have throughly read every related W3C spec, RFC, Unicode specs, etc. Also throw in usability standards, and other related standards. I've also done this with dynamically generated webpages, which means I had to code the whole thing myself because almost no web application "platforms" are fully compliant or even capable of producing strictly-compliant webpages. It's a really tough job to do it well, and not to break stupid browsers (but it is selfishly satifying once you achieve that and prove that it can be done).
Yes, they do identify resources, or things. No, they don't tell you how or where to find them. This is the difference between a URI and a URL. A URI is just a name that identifies something, and that something doesn't even have to exist in the electronic world nor be reachable over the Internet.
It is always up to applications to determine what to do, if anything, with a URI which is not also a URL. It is foreseeable that Mozilla could develop a "info" uri plugin model, whereby a plugin could be written which processes an "info:isbn" uri for instance and does take you to an Amazon/BN webpage. But that's an advantage of a URI over a URL; the "location" is not hardcoded into the identifier.
The URI namespace is already quite broad and has many ways to define "public" namespaces, usually based upon the URN subset of the URI specification. Just a few open-ended namespaces so far include the OID-based URI namespace, such as "urn:oid:1.3.6.1.2.1.27", (RFC 3061). You also have RFC 3151 for public identifier URIs.
Really, there is nothing new technically here. The only useful thing it brings beyond the URN spec is the new registration authority. It can still prove useful, but it's not like it's actually solving any real technical limitation in our current set of URIs.
Well, there perhaps is a little more overlap than you may think. Remember some of Google's appendages such as Froogle and Google Catalogs. Granted however, Google is generally about finding information, and it seems like Amazon is really positioning themselves to find products/vendors.
But serious competition may be good, even if its not directly the same market. Things like this help keep great companies like Google working hard. As long as it is competition. I really don't want non-competitive devices such as patents or other legalease destructiveness to be raised.
If you think back to how Amazon got started, selling books, what I'd really like to see some day is something more along the lines of a library. And one which was indexed with something like Google's technology. I'd like to be able to search for books on something other than just the title, author, ISBN, etc. Granted Amazon has made some book searching progress, with the introduction of buyer-reviews and linking similar books together based upon who buys what other books. But wouldn't it be great to be able to find books based upon some text in the book? But given the sad state of copyright law, that will probably remain science fiction.
I don't understand why being philosophically against software patents is always equated with socialism, and that patents are the ultimate expression of capitalism. I don't agree.
Patents in general are entirely anti-capitalistic devices. Their primary purpose is to inhibit competition, by making it illegal to compete. They enforce monopolies at best, and at their worst totally destroy entire fields of endeavor due to their mutually-assured destruction effect. They are not just about protecting theft of trade secrets, dumpster diving, or espionoge; but about controlling both thought and activity. If I completely and totally independently discover the same trivial algorithm, but you patented it somehow I'm breaking the law...I certainly didn't steal anything. Is anybody else worried about how IBM is dealing with SCO? I'll be as glad as anyone when IBM flattens them, but using their patent treasure chest to do so really bothers me.
And it also drives me crazy when I hear companies say they obtain patents for defense only. Patents by their very nature always offensive, they prevent others from independently working even if they never harm you or your market in any way and you don't sue them. That's agression plain and simple. If you want a defense then publish, don't patent (go to ip.com's Prior Art Database as an example of this approach).
And another misinformed justification is that patents are only dangerous if you try to make money with the patented idea. That is so wrong, go read the actual patent law! (yes it is very long, but still more readable than most patents). Even if you "practice" a patented idea in your home for your own amusement you are still breaking the law. You may get by with it, just like speeding, but patents intrude on everybody's rights.
I had an employer approach me once with the idea of patenting some software I wrote for them, and I took it as a serious ethical threat, and I told them that too. But when that happens, you tend to be very careful about how you apply your talent afterwards...being careful not to invent anything new, which I'm sure has resulted in some less than optimal solutions. But again, this is not socialist thinking. My company makes money from selling software I write, and I give them ownership over it in exchange for a salary, and I'm not distributing this code to the world. But likewise, I'm definitely against preventing somebody else from independently inventing the same software.
And the only reasonable argument for patents (as eliquently stated in the US Consitution) is to discourage the hording of information, so that others may build upon and progress technology. But look at how the patent system really works to completely subvert and prevent that one goal: submarine patents (those that through legal trickery stay in a filed state for perhaps decades without ever being divuldged). Patent laywers make sure that patents are entirely unreadable...even most lawyers who don't specialize in patent law are completely inept at reading them, let alone inventors and technologists who supposedly should be benefiting from them. Also it's almost impossible to ever find anything or make any sense of all that knowledge as its locked up so tight that it's completely worthless for anything but legal agression. The patent office should operate like a well indexed library of human knowledge, but instead it acts like a black hole locking away information so it is illegal to use.
I for one mostly agree with the capitalistic society, not the socialistic view. But I'm still extremely anti-patent, especially for non-physicial inventions of thought and expression. Patents are an extreme offense to humankind, captialism is not.
They've been doing that for a while. They also do chipsets. Now you're also starting to see watercooled hard drives.
But I still remember back when I was in college and I got to take a tour of Cray headquaters. I can still remember seeing one of the first Cray-2's there, in its clear shell. It was about 3 feet tall and 3 or 4 feet in diameter, and the whole computer sat inside completely submerged in fluid (not water). You could see little bubbles rising up through the densely packed circuit boards and wires. And nearby was a really cool lighted fountain. So cool. Of course the engineer there said it created so much heat that there was an entire building out back which was just the heat exchanger for the fluid.
For those who run a Linux firewall between a network of Windows boxes and the Internet you should rate limit those IP echo (ping) packets. Refer to my previous posting where I showed some sample iptables rules.
Of course my firewalls have port 135 (and a lot more) blocked. Still, it is very hard to keep out of a large network, it doesn't have to get through a firewall. But once inside it can quickly spread and then your firewall or border router will get flooded with pings. I was seeing well over 1 million pings per minute. At that rate my stateful Linux firewall was crawing on its knees as the connection tracking table filled up trying to remember all those echo requests so it could match them up with the echo responses. It didn't crash Linux, but it did render it near useless.
The scariest thing with all these worms is thinking about what could have been. What if they actually did something much more serious? What if they throttled back on the network scanning just a bit so they didn't take the network completely down and it took longer to notice?
Actually with Peltiers your risk can be larger due to condensation. Peltiers can cool the chip down way below ambient temperature, so water can collect. This is why serious applications of Peltier coolers include rubber seals and other devices to manage the water problem.
A passive water cooling system won't lower the temperature below ambient, so condensation is not an issue..the water stays inside the tubing, not dripping from the bottom of your motherboard. (Now active water cooling is a different story).
Slashdot Mirror
Maybe the term "illegal" needs further qualifiction. True, you may not be in breach of the Laws of the US Government (or other gov't). But as you said you are still liable. This has the same effect, that of doing something is okay as long as you don't get caught.
The problem with patents is that instead of the govenment defining the "law" and hence what's legal or not, that power is transfered to the patent holder. The patent holder now has the complete authority to define who and under what circumstances praticing their patent is "illegal" or not [okay, the courts do get veto power if you have enough money to pay for it, but by that point the "chilling" damage has been done]. And unlike the government, the patent holders can be completely unfair about it. IBM could say "only people with blue eyes may use our patent". And patent holders can change their mind any any point too (look no further than the MP3 mess, or the GIF/LZW fiasco).
So those who wish to practice patents are always left looking over their shoulders, knowing that they are in effect in breach of the patent and just hoping that they don't get caught or that the patent holder continues to not care. This is a kind of "illegality", if not technically part of the US legal definition. It's not much different than speeding, you just never know when you will be the unlucky one that gets pulled over.
So Patents in my opinion are NEVER just defensive. They are ALWAYS are offensive, if nothing more than just by imposing a potential threat of "being caught", or that suddenly the holder decides they don't like people with brown eyes.
This is off topic, but your macro itself has problems. It permits its use without a statement-terminating semicolon. It is always best to define multi-statement macro blocks with a do-while loop as:
Notice no semicolon after the "while(0)". This makes it an error to omit the semicolon after the macro's use, and thus behaves more like an actual function in syntax. Oh, and this is one case where you really DO want the parenthesis around the return "value" x inside the macro, since "x" is not a variable but a macro argument which could contain a semicolon.
Yes you're right. Anybody who writes code can write security bugs equally well; doesn't matter if you do it in the open or locked up in some Redmond cubicle. And although Open Source software in general may be more secure, the Open Source model does not itself prevent security bugs (nor does the proprietary model).
But the most important part of being Open Source (err Free Software to be more correct), is the Open part. That's not primarily and advantage for the developers, but for users! Thanks to it being open, I personally have the ability to apply the two-line patch myself...oh, and knowing what those two lines are. I don't have to wait on Redmond to do it, if ever, or worry about what kind of mandatory DRM feature comes hidden with the security patch.
I just checked the current Red Hat 9 kernel source RPM and it does not have the patch yet [kernel-2.4.20-20.9.src.rpm]. I would expect a new kernel to show up soon though....I hope. The supposed patch which fixed this was in do_brk() [a /. comment further down provides the bk url]
From an open/free software view this is a wonderful announcement (an obvious role-model for the e-voting devices), but from a security perspective the issue you bring up is important.
Of course with the software (or in fact with just complete specs) you could build your own phone (or simulation of one) which you could then use for interoperability testing with a real phone. This could verify that the phone at least appeared to operate as the code specifies...black box testing.
It's also not mandatory that they allow your to install your own software....they could have this in a ROM which is not reprogrammable. But if there's a way for you to inspect the ROM or checksum it, you could still compare it against the source code they gave you....without having to give you the ability to install your own code.
But of course these kinds of tests do not mean that there aren't any backdoors in the phone, either in software or hardware. Anybody remember the Clipper Chip? If you had the source and specs, minus the backdoor part, you would not be able to determine that there was a problem. And even if the cryptography has no backdoor, you still have to trust the hardware itself to not just turn around and rebroadcast/record your conversations over another connection or some other type of intentional leaking outside of the encryption protocol itself. Some of this can be checked with the right equipment, but covert channels can be extremely difficult to detect.
But at some point you just have to trust the company and its products, or if you don't trust them then build your own encryption device.
And you have a 1/100,000,000 chance that a van full of kevlar-wearing miltiamen with night-scope goggles and oodles of weaponry break down your door and take whatever they want without fingerprints, or make you do it for them as they hold your girlfriend with a grenade in her mouth.
More seriously, some biometrics are more unique than others...but most are pretty good. Things like facial thermal patterns (blood veins under the skin) or retinal patterns are supposed to be twin-proof. Also, did you realize that even those super-strong 8096-bit RSA keys or elliptic-curve keys also reduce to just a number! They must not be secure either. It's all a matter of risk/cost. The main problems with biometrics are false positive/negatives, reputability, and norevokability. But uniqueness, although a legitimate metric, is usually not the main problem.
You should definitely read Ferguson and Schneier's book Practical Cryptography (ISBN 0-471-22357-3).
We evaluated many biometric products a while back (mostly fingerprint readers), and I was surprised to learn that most were nothing more than fancy ways to have the computer memorize passwords. So they really provided no additional security. This is especially true if you're using them in a distributed environment, and moreso if it's not 100% Windows. And even those that offered SDK's basically only provided ways to map fingerprints to passwords.
Basically most of them were just convienient shortcuts where the software would, much like a programmable keyboard, just send your username/password across for you to some application's password-entry dialog. Most technologists just didn't have a clue as to why this is not secure. And even scarier, many of the vendors I spoke with also seemed to not understand that or just downplayed it pretending I didn't notice. And good luck figuring this out, vendor FUD seems to be very deep and commonplace.
Now, get me one that is actually securely integrated with something like Kerberos or smart-cards with RSA keys, etc. But if all it does is memorize passwords, then it's not security...and may be worse.
November 14, Redmond, Washington - ipRus Inc. has just released the next generation computer game, SimPatent(R)(TM)(SM). It is a massively distributed multiplayer sinulation environment which allows gamers worldwide to participate in the fun world of intellectual property. Previously reserved only for high class CEOs and high payed lawyers (and an occasional 12-year old), this new simulation allows anybody to wield the power of intelectual control to crush their opponents. Cheating is not only allowed, but encouraged as a way to help out those players who are not very good. If an opponent is stronger than you, you may within the game reduce him to nothing by using our patented simulated legal system. Plans are already underway for enhancements, including a legislative system that can be manipulated by players to alter the game rules in their favor. ipRus's game servers are to go online in early December 2003, however the company is already accepting player applications, requiring only the exchange of personal information and email addresses.
What makes Enterprise ES more attractive than either WS or AS, or even Fedora? Your website only makes vague short descriptions of each of the variants, and I have yet to find any advantage that ES may hold over its two peers. Even partners like Oracle are reluctant/refusing to support ES.
One thing that would make a huge difference to us involved in purchasing Linux would be more detailed technical descriptions on your website. Even just having a package listing would I think relieve much confusion.
If you read the complete Title 15 Section 2 (15USC2) and look at the amendments log at the end you'll see that the fee was updated to $10m in 1990 as part of Public Law 101-588, and a few times prior to that as well. In fact the original law in 1955 was only a $5,000 fine and only a misdemeanor. Note that those fees/punlishments are for the felony act. That doesn't necessarily limit what the government can do to end the monopoly or act in the public's interest.
However while pretending to be an informed /.'er, you should really read the whole law as it aplies to monopolies, not just the small section 2. See the 15USC Chapter 1. In particular you may want to read section 21, 24, 37 among others.
Good presentation of information IS being pragmatic. Too often people substitute the word "pragmatic" for the word "lazy".
Speaking of the PowerPoint generation, as a software developer who actually tries to study information presentation from the likes of Edward Tufte, Jakob Nielsen, and so forth I still get real frustrated when the PHB's dictate requirements with no insight at all. Often times colors choices are made just by picking the prettiest color amongst the 32-color palette available in the MS Word toolbar or something silly like that. I find that in the real world it's not that Tufte is not very pragmatic, its just that the people making the decisions have not even heard of Tufte.
So if an ISP were truely responsible then they should be blocking port 80 too, huh? Think of all the abuse that goes over port 80!
Yes, I will grant that mail transport and mail submission are two separate tasks. That is why sendmail for instance isolates each activity with separate processes and even security barriers (user/group permissions, etc.). But just because it's two tasks doesn't mean my own computer is incapable of doing both or that I must be forced to allow my ISP to handle one half of it (that would make them an ASP). The main functional difference is that submission is basically an interactive activity whereas transmission is anything but interactive; it's not about preventing me from being responsible for my own email.
However that is not an argument for disallowing SMTP (port 25). In fact one of the strengths of SMTP is its queuing ability...so ideally my mail reader (MUA) would use a mail submission protocol to insert my message into the queue of my MTA running on the same box (or perhaps one amongst my home network). Then my MTA (e.g., sendmail) can sit there happily trying to deliver my mail.
Now if an ISP wants to run an SMTP server for me and I don't mind giving up control of my email, thats an extra service that some may be willing to pay for. Or if an ISP wants to monitor my network usage and block on a case-by-case basis because of abuse then that's being responsible. But blindly disabling the Internet for everybody makes them an INSP (Internet NON-Service Provider).
As far as STARTTLS, it would be a disservice not to configure your SMTP server to use it. Since when is adding security considered a bad thing? Everybody in /. is always griping about how insecure SMTP (supposedly) is, but then turn around and ignore all the features it has.
And furthermore, the primary difficult of preventing spam is identification and authentication of the sender...not of disabling an entire network protocol and substituting another one. Authentication relies on identifying people, and usually involves a complex PKI system which nobody can figure out how to do (think Verisign here), or a haphazard trust-based model like PGP which doesn't scale well. And other experimental protocols do not change that fact. And no, alternative protocols like SMTP+AUTH are not solutions.
Blocking entire ports is like using like using a sledge hammer to affix a staple. First the majority of spam email wouldn't be affected. And if you're delivering mail via some other protocol spammers will still get through. Port blocking is not really a good policy, except on an individual basis where there is proof of such activity; or in cases where the client is paying for an intentionally crippled partial Internet access.
There is nothing wrong with using port 25. And if you want to use TLS/SSL, you should still use port 25 via the well established STARTTLS extension to the SMTP protocol. There is no reason to waste additional port numbers on experimental protocols when the SMTP protocol already does all that and is fairly mature with lots of supported software.
Oh, and I for one rely on having egress port-25 traffic from my home DSL. I am not a spammer, but I am a network administrator of a large company and find it very useful to "test" my own servers from an external unrelated addresses.
You mean like,
The exemptions are only for the so-called anti-circumvention clauses in the DMCA legilation. They do not remove the force of copyright. So MAME may very well be legal to distribute now, but sharing of copyrighted ROM images is by no means covered. A copyright violation is still a copyright violation.
Note that the exemptions also do not necessarily allow for the circumvention of non-obsolete formats; which they define as having commercially or reasonably available systems. So hacking X-boxes or Playstations, or providing programs to let you play Playstation games on a PC are not covered....yet. But I guess those old Atari, Intellivisions, etc. crowd may now finally be able to legally re-access the games they had purchased many decades ago.
According to this product page copper is much better at resisting corrosion than aluminum if it's subject to a lot of dog urine. So you don't have to worry if you put your tower on the floor where your pet will try to prove Murphy correct.
But assuming you've trained Spot to stay away, copper corrosion is not usually a problem in open air inside a computer case, just look at all the copper heat sinks on the market now. But in places where it can be an issue (such as in water cooling systems) copper is sometimes nickel plated, or a bronze-like allow may be used. For a more serious look at copper and copper-alloy corrosion see this copper corrosion paper. There's also this useful science experiment that explains how having different types of metals touch each other (like copper and aluminum) affects the corrosion rates of each.
Why not. Don't forget about the absurdly large pile of cash MS has; this is like pocket change. They could buy a couple more of those stupid 1-degree of separation commericals or the goofy guy in a ill-fitting butterfly costume, or they could help keep the SCO lawsuit and FUD campaign against GNU/Linux going strong. The real question would be why would MS *not* do this? Bill didn't get an illegal monopoly by taking the high road and not taking advantage of unethical opportunities. And MS couldn't have wished for a better opportunity for world domination than this SCO thing; well, except that SCO's case has more holes than a wad of cheesecloth.
Then you must be excluding MSIE from your tests. Getting web pages to successfully validate against the W3C validators is just the beginning.
So, do you serve up your latest XHTML pages with a standard mime type of "application/xml+xhtml"? Or are you still using the old deprecated "text/html"? Ooops, IE doesn't understand the new standard mime type. Or oops, you didn't realize that was the new standard (it's burried out there on W3C). That's just one very small example of the details you have to deal with if you are very serious about standards conformance.
I'm not trying to discourage you though. I have spent countless hours making web pages just about as perfectly conforming as I can, using the STRICT standards. I have throughly read every related W3C spec, RFC, Unicode specs, etc. Also throw in usability standards, and other related standards. I've also done this with dynamically generated webpages, which means I had to code the whole thing myself because almost no web application "platforms" are fully compliant or even capable of producing strictly-compliant webpages. It's a really tough job to do it well, and not to break stupid browsers (but it is selfishly satifying once you achieve that and prove that it can be done).
Yes, they do identify resources, or things. No, they don't tell you how or where to find them. This is the difference between a URI and a URL. A URI is just a name that identifies something, and that something doesn't even have to exist in the electronic world nor be reachable over the Internet.
It is always up to applications to determine what to do, if anything, with a URI which is not also a URL. It is foreseeable that Mozilla could develop a "info" uri plugin model, whereby a plugin could be written which processes an "info:isbn" uri for instance and does take you to an Amazon/BN webpage. But that's an advantage of a URI over a URL; the "location" is not hardcoded into the identifier.
The URI namespace is already quite broad and has many ways to define "public" namespaces, usually based upon the URN subset of the URI specification. Just a few open-ended namespaces so far include the OID-based URI namespace, such as "urn:oid:1.3.6.1.2.1.27", (RFC 3061). You also have RFC 3151 for public identifier URIs.
Really, there is nothing new technically here. The only useful thing it brings beyond the URN spec is the new registration authority. It can still prove useful, but it's not like it's actually solving any real technical limitation in our current set of URIs.
Well, there perhaps is a little more overlap than you may think. Remember some of Google's appendages such as Froogle and Google Catalogs. Granted however, Google is generally about finding information, and it seems like Amazon is really positioning themselves to find products/vendors.
But serious competition may be good, even if its not directly the same market. Things like this help keep great companies like Google working hard. As long as it is competition. I really don't want non-competitive devices such as patents or other legalease destructiveness to be raised.
If you think back to how Amazon got started, selling books, what I'd really like to see some day is something more along the lines of a library. And one which was indexed with something like Google's technology. I'd like to be able to search for books on something other than just the title, author, ISBN, etc. Granted Amazon has made some book searching progress, with the introduction of buyer-reviews and linking similar books together based upon who buys what other books. But wouldn't it be great to be able to find books based upon some text in the book? But given the sad state of copyright law, that will probably remain science fiction.
I don't understand why being philosophically against software patents is always equated with socialism, and that patents are the ultimate expression of capitalism. I don't agree.
Patents in general are entirely anti-capitalistic devices. Their primary purpose is to inhibit competition, by making it illegal to compete. They enforce monopolies at best, and at their worst totally destroy entire fields of endeavor due to their mutually-assured destruction effect. They are not just about protecting theft of trade secrets, dumpster diving, or espionoge; but about controlling both thought and activity. If I completely and totally independently discover the same trivial algorithm, but you patented it somehow I'm breaking the law...I certainly didn't steal anything. Is anybody else worried about how IBM is dealing with SCO? I'll be as glad as anyone when IBM flattens them, but using their patent treasure chest to do so really bothers me.
And it also drives me crazy when I hear companies say they obtain patents for defense only. Patents by their very nature always offensive, they prevent others from independently working even if they never harm you or your market in any way and you don't sue them. That's agression plain and simple. If you want a defense then publish, don't patent (go to ip.com's Prior Art Database as an example of this approach).
And another misinformed justification is that patents are only dangerous if you try to make money with the patented idea. That is so wrong, go read the actual patent law! (yes it is very long, but still more readable than most patents). Even if you "practice" a patented idea in your home for your own amusement you are still breaking the law. You may get by with it, just like speeding, but patents intrude on everybody's rights.
I had an employer approach me once with the idea of patenting some software I wrote for them, and I took it as a serious ethical threat, and I told them that too. But when that happens, you tend to be very careful about how you apply your talent afterwards...being careful not to invent anything new, which I'm sure has resulted in some less than optimal solutions. But again, this is not socialist thinking. My company makes money from selling software I write, and I give them ownership over it in exchange for a salary, and I'm not distributing this code to the world. But likewise, I'm definitely against preventing somebody else from independently inventing the same software.
And the only reasonable argument for patents (as eliquently stated in the US Consitution) is to discourage the hording of information, so that others may build upon and progress technology. But look at how the patent system really works to completely subvert and prevent that one goal: submarine patents (those that through legal trickery stay in a filed state for perhaps decades without ever being divuldged). Patent laywers make sure that patents are entirely unreadable...even most lawyers who don't specialize in patent law are completely inept at reading them, let alone inventors and technologists who supposedly should be benefiting from them. Also it's almost impossible to ever find anything or make any sense of all that knowledge as its locked up so tight that it's completely worthless for anything but legal agression. The patent office should operate like a well indexed library of human knowledge, but instead it acts like a black hole locking away information so it is illegal to use.
I for one mostly agree with the capitalistic society, not the socialistic view. But I'm still extremely anti-patent, especially for non-physicial inventions of thought and expression. Patents are an extreme offense to humankind, captialism is not.
They've been doing that for a while. They also do chipsets. Now you're also starting to see watercooled hard drives.
But I still remember back when I was in college and I got to take a tour of Cray headquaters. I can still remember seeing one of the first Cray-2's there, in its clear shell. It was about 3 feet tall and 3 or 4 feet in diameter, and the whole computer sat inside completely submerged in fluid (not water). You could see little bubbles rising up through the densely packed circuit boards and wires. And nearby was a really cool lighted fountain. So cool. Of course the engineer there said it created so much heat that there was an entire building out back which was just the heat exchanger for the fluid.
For those who run a Linux firewall between a network of Windows boxes and the Internet you should rate limit those IP echo (ping) packets. Refer to my previous posting where I showed some sample iptables rules.
Of course my firewalls have port 135 (and a lot more) blocked. Still, it is very hard to keep out of a large network, it doesn't have to get through a firewall. But once inside it can quickly spread and then your firewall or border router will get flooded with pings. I was seeing well over 1 million pings per minute. At that rate my stateful Linux firewall was crawing on its knees as the connection tracking table filled up trying to remember all those echo requests so it could match them up with the echo responses. It didn't crash Linux, but it did render it near useless.
The scariest thing with all these worms is thinking about what could have been. What if they actually did something much more serious? What if they throttled back on the network scanning just a bit so they didn't take the network completely down and it took longer to notice?
Actually with Peltiers your risk can be larger due to condensation. Peltiers can cool the chip down way below ambient temperature, so water can collect. This is why serious applications of Peltier coolers include rubber seals and other devices to manage the water problem.
A passive water cooling system won't lower the temperature below ambient, so condensation is not an issue..the water stays inside the tubing, not dripping from the bottom of your motherboard. (Now active water cooling is a different story).