Sorry Mr. Coward, but that's just not how contracts work. A person is bound by a contract only if it is actively agreed upon somehow -- a handshake, a signature, or (debatably) a click-through or tear-through device. My receipt of my C:u:e:C:a:t was nothing at all like that. The fact that a license agreement was floating around in space has nothing to do with my specific posession of my specific scanner.
You are under no obligation to believe me, and I encourage you to abide by whatever blanket licenses you believe are in effect for members of the public at large, but I personally am only going to obey contracts that I've explicitly agreed to.
"Just because I give you the Cat scanner, it does not immediately give you the right to go into business against me with my own technology," Davis said. "We have an intended use for it."
Gee, Doug, if you're so sure that there's no such "right", why not get your fancy New York lawyers to actually sue somebody? Why not let a court decide whether handing 10 million people a piece of hardware and telling them that it's a free gift doesn't give them the right to do whatever they damn well please with the things? Why not see if you can get a court to overturn the myriad rulings supporting the right to reverse engineer products for purposes of interoperation? Hell, with all the partners listed on that letterhead, those Kenyon boys ought be able to deal with any defense those filthy hackers could dream up!
If you're really protecting the valuable intellectual property of your company, then what's all this pussyfooting around? Clearly your "gentle" lawyer letters aren't working, as plenty of mirror sites are available with all the software anybody could want. If I were one of your board members, I'd be pissed. The "any publicity is good publicity" line is gonna start wearing thin pretty soon here. I want action, dammit!
Drug use is so much a part of the engineering and technology culture that at least one company has recognized the inevitability of drug use, and has
codified policies and procedures for drug use
and abuse. It's just a matter of time before this kind of thing is commonplace.
Has anybody posted the hardware/software bundles to a newsgroup? Seems like that'd spread the stuff around pretty effectively. I'm not advocating spamming usenet, of course.
(Is there an alt.hardware.cuecat yet?)
Well, yes, it sure has made the Cue Cat popular, but keep in mind that they're free. We didn't rush out and buy the things, we accepted them as gifts. DC has made no money from all this, nor has their consumer database grown at all (since the majority of/. readers who've picked them up are not running their software).
The only benefit to this is that it inflates the number of scanners in the hands of the public, which will be an important number for them to wave around when doing their IPO road show.
When someone shatters your own world-view, it is your right and duty to shatter his means, at whatever cost and to whatever ends.
Huh? I don't see the parallel here at all. A hypothetical reaction against forced installation of a particular piece of technology is just not the same as a fundamental resistance to technology in general.
In any case, I just don't get that last sentence, unless it's supposed to be a joke (and clearly I still don't get it).
Well, unless you've got the analytical chops to verify the output of your cryptosystem, you're taking a tremendous risk if you use it without professional review. And note that no professional cryptographer would approach the problem as a private affair. Algorithms have properties that affect the nature of the cyphertext, and a good cryptanalyst knows how to find that.
"Classifying" the code, or keeping it secret by whatever means, better be something you can rely on and whose failure you can positively detect. Otherwise, it just takes one disgruntled ex-employee who happened to know the algorithm and your security is gone.
That's the whole attraction of mathematically strong cryptosystems: secrecy of the algorithm is unimportant. That's the real point of the "assume the enemy knows your cryptosystem" addage. Since it's very hard to positively know whether the enemy knows, you're taking an incalculable risk if you don't assume they do.
Re:A rant on licensing and open source
on
CueCat At It Again
·
· Score: 1
What if you asked "Does this come with any kind of license agreement?" Or you knew that it came with a license agreement prior to getting one -- you just chose to ignore it?
Well what if? Big deal! None of those things are legally binding in any universe I'm familiar with. Certainly the clerk at Radio Shack didn't have any idea what I thought, and she was effectively a legal representative of the company during that transaction. She gave it to me for free, I walked out with it, end of story.
There may be room for debate over the validity of click-through licenses, because I do indeed have to take an explicit action that acknowledges agreement with the license - even if I don't read it. But here, I just don't buy any claim that I'm bound by anything.
The catch is you're supposed to use it to scan Radio Shack catalogs, go to their site and drive advertiser (and purchasing) traffic. Not break the damn thing apart and use it as a toy to scan bar codes for no reason.
Says who? I don't recall reading that anywhere. I use the free stuff I get in my Happy Meals for all sorts of purposes never dreamt of (I hope) by McDonald's executives, and I haven't gotten any "cease and desist" letters from them.
There was a business plan here -- a business plan you chose to ignore but still applies.
Boy, I need your mail address for a long list of direct marketing campaigns I've been thinking about:-)
I don't think any of us are under any obligation to help stupid people make money. Clearly the company doesn't have any power to ensure I help them make money. Their business plan "applies" to them and them only. They don't gain special legal powers simply by creating and carrying out a business plan.
If you want to play ball and do what they say, that's fine by me. And again, please let me know how to contact you, because I'm going to be working on a few business plans of my own...
Re:A rant on licensing and open source
on
CueCat At It Again
·
· Score: 1
Well, you believe whatever you want, but the analogy to driver's licenses is just completely flawed. The "DMV's rules" and whether I read them are irrelevant details, because one way or the other I have to actively sign a legal document attesting to the fact that I understand it and accept the fact of the laws it binds me to, or else I just don't get a license. (And note that it's nothing like a contract anyway.)
If you're walking down the street and somebody hands you a pamphlet, you might throw it away in a block or two. But be careful!! That pamphlet may contain a contract that stipulates you must keep the contents of the pamphlet confidential or be liable for damages to the issuer!! Clearly that's ridiculous.
When I got my Cue:Cat the person at Radio Shack handed it to me with no mention of any obligation. I even asked, "Is this really free? I can keep it?" and the clerk responded in the affirmative. To claim that because a piece of software given to me at the same time - and which I had no intention of using - contained a license that extends to the use of the piece of hardware, and that the license is in force whether I accepted it or not, is quite a legal stretch.
We'll see, of course. If there actually is a lawsuit, we'll see whether those fancy New York lawyers are worth what DC is paying them. (I strongly suspect that the license would not be what they'd build a case on. Instead, they'd probably lean on the DMCA, and claim that the "codebreaking" necessary to use their device without their software is a DMCA violation. Still seems like a stretch, but I just can't imagine the license thing holding water.)
Re:A rant on licensing and open source
on
CueCat At It Again
·
· Score: 1
Geez, Mr. Fervent, it looks like somebody isn't paying attention.
There is absolutely no license involved in getting a Cue:Cat. Hell, they mailed the thing unasked for to thousands of magazine subscribers. When I picked up mine at Radio Shack, the clerk simply handed me the bag.
Now, there is a license on the CD they include with the device. I don't have one of those anymore, as I threw it in the trash can just outside the Radio Shack. I hear tell that it's got a pretty standard EULA on it that you must click through in order to complete installation. Those who have installed the software may (may) be bound by that contract, whatever it is. I, however, am not because I have not read it and (of course) have not signed it or otherwise made a legally-binding statement of acceptance.
No, not Richard III, but Jack Cade in Henry VI Part 2. Richard III did not overthrow the "rightful government"; he was the legitimate heir to the throne. He didn't need to kill lawyers to either become or remain king (just Henry Tudor, but he unfortunately failed to do that).
Fast-forward a few years. SDMI has evolved into a massive sweeping new initiative, complete with some trendy name. A fabulous new way to listen to music, using a fabulous new generation of Hi-Fi equipment. No more bulky, unsightly speaker wires! Your Media Control Center communicates to your speakers using a 2GHz digital protocol. Absolutely pure digital sound materializes from the built-in amplifier/decoder in each speaker. Think of the possibilities! Your control center can route different media streams to separate digital devices all around the house! The control center is directly connected to the Internet, so you can pull in digital samples of the latest hits!
Of course, the thing is that all those digitized media streams are encrypted until the last possible instant. The only place an analog signal exists is on the short epoxy-bound length of wire inside each loudspeaker cabinet. (For video, it's all digital until you get to the LCD electronics or the amplifiers on the tube.) Well that's no problem, you say, because you can always just hack into the cabinets. Just watch out for the DMCA enforcement squad.
For your protection, of course, your Media Control Center will automatically reject any media that's not digitally certified as being Genuine Digital Stuff. Sure, this means you won't be able to make your own recordings without paying to become an Official Genuine Digital Stuff producer (which obligates you to sign this very reasonable contractual agreement), but it's worth it to make sure we don't have to worry about pirates, terrorists, and drug pushers.
Will there be resistance to throwing away all that investment in old CD's and expensive stereo systems? Sure, but over the span of twenty years the vast bulk of the consumer population will replace equipment anyway. And the new Genuine Digital Stuff is so cool!
While everybody's strutting around talking about how awful it is that the RIAA or MPAA "just doesn't get it", what we really should be worrying about is the day that they DO get it: they'll realize that their wildest dreams are finally possible. They'll realize that through the combination of new technology and new laws, the content industry can have complete control over how its content is consumed. No more "piracy". No more skipping-over-commercials. Want to make a party tape? Sure, but by the way we're going to sell space on your tape to some advertisers. It's a sure bet that lots of smart people in the industry have figured all this out already. They just need a way to get the ball rolling.
So basically what you're saying is that you want an open-source version because it's easier to hack?
No, that's what you said, not what the original writer said. I think it was clear that the comment meant that availability of the source makes it possible to know what information the system gathers, or more generally, what exactly it is that the thing does. Note that with Carnivore we don't know such things. And I see nothing whatsoever wrong with "planning a defence" against a perceived threat to privacy.
In short, the original comment has absolutely nothing to do with the impact of the open source model on the quality of software security systems.
If you explicitly tell the patent attorneys working on the filing about prior art or other reasons why the patent should not be granted, they are obligated to let the patent office know. If it ls later discovered that they knew of reasons for the patent not to be granted but did not tell the patent office, they "get in trouble".
I used to do a lot of work with the intellectual property office of a Large Company known for its abundance of patents, and that was one of the things they always told me. I mean, they didn't twist anybody's arm to get information about prior art, but they were forced to consider it if it was volunteered. (At this place they would generally just not bother to file.)
I think that should read, "one trick among many tricks is how to avoid deadlocks".
To have decent real-time performance, they need to:
Optimize interrupt handling code so that drivers get out of the handlers and into preemptible threads as quickly as possible;
Find an efficient synchronization mechanism for dealing with multi-processor system lock issues;
Deal with the priority inversion problem, which happens when a low-priority thread has control of a resource needed by a ready-to-preempt high-priority thread;
Optimize the scheduler
None of these problems are new, they're just a pain, particularly when you're trying to wedge them into a kernel that wasn't really written with these things in mind from the start.
This looks like another chapter in the endless saga of completely bogus garage startups whose primary goal appears to be attracting investors. The weirdest thing about people like this is the generally crappy job they do with their "marketing" materials. This web site in particular is just over-the-top cheesy.
My favorite site of this nature remains Star Bridge Systems, who should be shipping their pentaflop computer any day now...
I agree, that sucks. Also, there's no explicit mention of whether the thing supports its own TCP/IP stack internally, allowing it to do the equivalent of the Palm "network hot sync". That's an extremely useful feature.
A device like this with PCMCIA support and therefore wireless LAN (as at least a possibility), the attractiveness will go up considerably. On the other hand, it seems to me that there's an inherent limitation to using PDAs as peer components in a world of information presented to/for the Internet. What will be the equivalent of a banner ad that'll provide a commercial foothold for content targetted specifically for PDAs?
Let's see, that's about 600bps per student. Even if only a moderate fraction are on line, a single T1 for that kind of population is ludicrous. No wonder they wail about Napster.
The bandwidth argument is going to go away someday for all sorts of things. Napster happens to be an early example of why everything on the Internet will eventually be a server; the "family sitting around passively consuming TV" model of use just does not apply, intrinsically.
Software and devices that claim to be a solution for this sort of "abuse" are a wonderful way to suck money from vulnerable IT budgets. Gee, it's not working so well six months after the check's cleared due to revs in Napster? Well, looks like you need to upgrade to Version 2.0. What? There's a whole new problem that the product you spent your wad on last year just doesn't address at all? You're in luck, because our new product suite will get you back on track. And of course our Professional Services team can provide you with the expertise you need to tune it up for your own particular problems.
In practice I find you can often synchronize on a data structure object directly in the code that needs it locked. (If you use JGL then they're all thread safe anyway.)
Slashdot Mirror
Gee, when I was in high school I think I could have mobilized a small army who'd have explained why Adult Content sites were of tremendous use.
You are under no obligation to believe me, and I encourage you to abide by whatever blanket licenses you believe are in effect for members of the public at large, but I personally am only going to obey contracts that I've explicitly agreed to.
Gee, Doug, if you're so sure that there's no such "right", why not get your fancy New York lawyers to actually sue somebody? Why not let a court decide whether handing 10 million people a piece of hardware and telling them that it's a free gift doesn't give them the right to do whatever they damn well please with the things? Why not see if you can get a court to overturn the myriad rulings supporting the right to reverse engineer products for purposes of interoperation? Hell, with all the partners listed on that letterhead, those Kenyon boys ought be able to deal with any defense those filthy hackers could dream up!
If you're really protecting the valuable intellectual property of your company, then what's all this pussyfooting around? Clearly your "gentle" lawyer letters aren't working, as plenty of mirror sites are available with all the software anybody could want. If I were one of your board members, I'd be pissed. The "any publicity is good publicity" line is gonna start wearing thin pretty soon here. I want action, dammit!
Chicken.
Drug use is so much a part of the engineering and technology culture that at least one company has recognized the inevitability of drug use, and has codified policies and procedures for drug use and abuse. It's just a matter of time before this kind of thing is commonplace.
Has anybody posted the hardware/software bundles to a newsgroup? Seems like that'd spread the stuff around pretty effectively. I'm not advocating spamming usenet, of course. (Is there an alt.hardware.cuecat yet?)
The only benefit to this is that it inflates the number of scanners in the hands of the public, which will be an important number for them to wave around when doing their IPO road show.
Huh? I don't see the parallel here at all. A hypothetical reaction against forced installation of a particular piece of technology is just not the same as a fundamental resistance to technology in general.
In any case, I just don't get that last sentence, unless it's supposed to be a joke (and clearly I still don't get it).
"Classifying" the code, or keeping it secret by whatever means, better be something you can rely on and whose failure you can positively detect . Otherwise, it just takes one disgruntled ex-employee who happened to know the algorithm and your security is gone.
That's the whole attraction of mathematically strong cryptosystems: secrecy of the algorithm is unimportant. That's the real point of the "assume the enemy knows your cryptosystem" addage. Since it's very hard to positively know whether the enemy knows, you're taking an incalculable risk if you don't assume they do.
Well what if? Big deal! None of those things are legally binding in any universe I'm familiar with. Certainly the clerk at Radio Shack didn't have any idea what I thought, and she was effectively a legal representative of the company during that transaction. She gave it to me for free, I walked out with it, end of story.
There may be room for debate over the validity of click-through licenses, because I do indeed have to take an explicit action that acknowledges agreement with the license - even if I don't read it. But here, I just don't buy any claim that I'm bound by anything.
The catch is you're supposed to use it to scan Radio Shack catalogs, go to their site and drive advertiser (and purchasing) traffic. Not break the damn thing apart and use it as a toy to scan bar codes for no reason.
Says who? I don't recall reading that anywhere. I use the free stuff I get in my Happy Meals for all sorts of purposes never dreamt of (I hope) by McDonald's executives, and I haven't gotten any "cease and desist" letters from them.
There was a business plan here -- a business plan you chose to ignore but still applies.
Boy, I need your mail address for a long list of direct marketing campaigns I've been thinking about :-)
I don't think any of us are under any obligation to help stupid people make money. Clearly the company doesn't have any power to ensure I help them make money. Their business plan "applies" to them and them only. They don't gain special legal powers simply by creating and carrying out a business plan.
If you want to play ball and do what they say, that's fine by me. And again, please let me know how to contact you, because I'm going to be working on a few business plans of my own ...
If you're walking down the street and somebody hands you a pamphlet, you might throw it away in a block or two. But be careful!! That pamphlet may contain a contract that stipulates you must keep the contents of the pamphlet confidential or be liable for damages to the issuer!! Clearly that's ridiculous.
When I got my Cue:Cat the person at Radio Shack handed it to me with no mention of any obligation. I even asked, "Is this really free? I can keep it?" and the clerk responded in the affirmative. To claim that because a piece of software given to me at the same time - and which I had no intention of using - contained a license that extends to the use of the piece of hardware, and that the license is in force whether I accepted it or not, is quite a legal stretch.
We'll see, of course. If there actually is a lawsuit, we'll see whether those fancy New York lawyers are worth what DC is paying them. (I strongly suspect that the license would not be what they'd build a case on. Instead, they'd probably lean on the DMCA, and claim that the "codebreaking" necessary to use their device without their software is a DMCA violation. Still seems like a stretch, but I just can't imagine the license thing holding water.)
There is absolutely no license involved in getting a Cue:Cat. Hell, they mailed the thing unasked for to thousands of magazine subscribers. When I picked up mine at Radio Shack, the clerk simply handed me the bag.
Now, there is a license on the CD they include with the device. I don't have one of those anymore, as I threw it in the trash can just outside the Radio Shack. I hear tell that it's got a pretty standard EULA on it that you must click through in order to complete installation. Those who have installed the software may (may) be bound by that contract, whatever it is. I, however, am not because I have not read it and (of course) have not signed it or otherwise made a legally-binding statement of acceptance.
Check out deBarcode.com
No, not Richard III, but Jack Cade in Henry VI Part 2. Richard III did not overthrow the "rightful government"; he was the legitimate heir to the throne. He didn't need to kill lawyers to either become or remain king (just Henry Tudor, but he unfortunately failed to do that).
Of course, the thing is that all those digitized media streams are encrypted until the last possible instant. The only place an analog signal exists is on the short epoxy-bound length of wire inside each loudspeaker cabinet. (For video, it's all digital until you get to the LCD electronics or the amplifiers on the tube.) Well that's no problem, you say, because you can always just hack into the cabinets. Just watch out for the DMCA enforcement squad.
For your protection, of course, your Media Control Center will automatically reject any media that's not digitally certified as being Genuine Digital Stuff. Sure, this means you won't be able to make your own recordings without paying to become an Official Genuine Digital Stuff producer (which obligates you to sign this very reasonable contractual agreement), but it's worth it to make sure we don't have to worry about pirates, terrorists, and drug pushers.
Will there be resistance to throwing away all that investment in old CD's and expensive stereo systems? Sure, but over the span of twenty years the vast bulk of the consumer population will replace equipment anyway. And the new Genuine Digital Stuff is so cool!
While everybody's strutting around talking about how awful it is that the RIAA or MPAA "just doesn't get it", what we really should be worrying about is the day that they DO get it: they'll realize that their wildest dreams are finally possible. They'll realize that through the combination of new technology and new laws, the content industry can have complete control over how its content is consumed. No more "piracy". No more skipping-over-commercials. Want to make a party tape? Sure, but by the way we're going to sell space on your tape to some advertisers. It's a sure bet that lots of smart people in the industry have figured all this out already. They just need a way to get the ball rolling.
I'll stop now because I'm depressing myself.
Maybe it was just too much like having fun, and god forbid that any public schooler would actually enjoy themselves at the taxpayers' expense.
No, that's what you said, not what the original writer said. I think it was clear that the comment meant that availability of the source makes it possible to know what information the system gathers, or more generally, what exactly it is that the thing does. Note that with Carnivore we don't know such things. And I see nothing whatsoever wrong with "planning a defence" against a perceived threat to privacy.
In short, the original comment has absolutely nothing to do with the impact of the open source model on the quality of software security systems.
deBarcode.
I used to do a lot of work with the intellectual property office of a Large Company known for its abundance of patents, and that was one of the things they always told me. I mean, they didn't twist anybody's arm to get information about prior art, but they were forced to consider it if it was volunteered. (At this place they would generally just not bother to file.)
I think that should read, "one trick among many tricks is how to avoid deadlocks".
To have decent real-time performance, they need to:
- Optimize interrupt handling code so that drivers get out of the handlers and into preemptible threads as quickly as possible;
- Find an efficient synchronization mechanism for dealing with multi-processor system lock issues;
- Deal with the priority inversion problem, which happens when a low-priority thread has control of a resource needed by a ready-to-preempt high-priority thread;
- Optimize the scheduler
None of these problems are new, they're just a pain, particularly when you're trying to wedge them into a kernel that wasn't really written with these things in mind from the start.My favorite site of this nature remains Star Bridge Systems, who should be shipping their pentaflop computer any day now ...
Why was that moderated up to "informative"?!?
I agree, that sucks. Also, there's no explicit mention of whether the thing supports its own TCP/IP stack internally, allowing it to do the equivalent of the Palm "network hot sync". That's an extremely useful feature. A device like this with PCMCIA support and therefore wireless LAN (as at least a possibility), the attractiveness will go up considerably. On the other hand, it seems to me that there's an inherent limitation to using PDAs as peer components in a world of information presented to/for the Internet. What will be the equivalent of a banner ad that'll provide a commercial foothold for content targetted specifically for PDAs?
Let's see, that's about 600bps per student. Even if only a moderate fraction are on line, a single T1 for that kind of population is ludicrous. No wonder they wail about Napster.
The bandwidth argument is going to go away someday for all sorts of things. Napster happens to be an early example of why everything on the Internet will eventually be a server; the "family sitting around passively consuming TV" model of use just does not apply, intrinsically.
Software and devices that claim to be a solution for this sort of "abuse" are a wonderful way to suck money from vulnerable IT budgets. Gee, it's not working so well six months after the check's cleared due to revs in Napster? Well, looks like you need to upgrade to Version 2.0. What? There's a whole new problem that the product you spent your wad on last year just doesn't address at all? You're in luck, because our new product suite will get you back on track. And of course our Professional Services team can provide you with the expertise you need to tune it up for your own particular problems.
Cha ching.
So declare an Object and synchronize on it:
In practice I find you can often synchronize on a data structure object directly in the code that needs it locked. (If you use JGL then they're all thread safe anyway.)