That leads to the other obvious missing element: a "forum selection" clause. All disputes should be settled under US law.
I see one risk with such a clause. People in other countries could be tempted to release their software under a license in which they replace "US law" by "law of country X" (with X being their own country). This would make it even harder to enforce the GPL.
On a more personal note, since I come from a country which doesn't (yet) have software patents and a DMCA-like law, I'm quite glad that the GPL doesn't refer to US law specifically. :-)
Fourthly, I would propose that the licence should designate that any disputes be settled by arbitration by the FSF or by the EFF if the FSF is a party with the loser to bear all reasonable costs incurred by both sides.
This would make it unnecessarily difficult to enforce the GPL outside the US (ie, with both parties outside the US). Also, some countries do not have arbitration at all, and it's hard to predict what a judge in such a country would say to such a designation.
I actually find the advertising useful on google.com. [...] I wound up using two of them.
... which shows that advertising on the internet can work even without large colorful animated flashing obnoxious banners. Sigh. Wish the advertisers would learn this.
Boy, I do hate piracy! If I were on a ship, and it'd be entered by strangers who'd kill me and the other crew members, I'd really hate that.
Oh wait, you were talking about copyright infringement...
Re:Bah. Weak argument at best.
on
The Crime of Sharing
·
· Score: 4, Interesting
You talk about "stealing" and "theft", when in fact you seem to mean copyright infringement. Please don't confuse these, they're totally unrelated. (I'm not saying that copyright infringement is okay, but it's not theft!)
Serious question though: How is "theft" defined in U.S. law? Im my country, it only applies if you take something away (sorry, link to German site), which is different from copying something.
You seem to contradict yourself. If you steal a car from the dealer, the dealer doesn't have it any more. But as you have pointed out yourself, if you copy something, the original owner still has it.
To the contrary, monopolies are allowed in Germany, even if a company did not grow to that by itself. The Deutsche Telekom (telecommunications) and the Deutsche Post (postal service) are two examples of such companies. The latter even has its monopoly on delivering letters granted by the government (albeit for a limited time only).
Like in the U.S., abuse of a monopoly is not allowed in Germany.
The aim is apparently to be able to compile ANY C/C++ Linux application, in fact the complete system, including the kernel. Thus it will need to emulate gcc's extensions. [...] But if so it would be pretty sweet, assuming you're not a Free Software zealot.
Even though I am a Free Software zealot (i.e., I wouldn't use a proprietary compiler even if it was both technically better and available at no cost:-)), I think this would be a good thing. The more compilers support gcc's extentions, the easier it'll be to have them included in the next versions of the language standards.
I never said it was easy, but since you seem to agree with me that it is not impossible, you maybe also agree that Schneier's "digital signatures are not signatures" is a bit exaggerated.
And forget trying to do it securely on a PC running Windows and MS Outlook
Forget doing it on any PC.:-) BTW, I find it kind of scary how it is actually done in Germany...
If the ISP's blocked outgoing packets with forged IP src addresses, and known bad packets, then the severity of the problem would greatly diminish.
I don't think this would help much in the case of DDoS attacks. If the distributed attackers are victims themselves, unintentionally running some malware, the malware needn't forge the source IP. The initiator doesn't care if the distributed attackers can be tracked down.
The gap in the digital case is that it's not necessarily even clear which document the signer meant to sign.
Unless malicious software is involved (i.e., it presents document X to the user to be signed, and when he inserts his smartcard, it really uploads document Y to the smartcard), I don't see why this is unclear. To the contrary, it is next to impossible to alter a digitally signed document in an undetectable way, while this is quite easy for manually signed paper documents.
While I appreciate Schneier's scepticism about such an important issue, I don't fully agree with him. From his article:
Mathematically, it works beautifully. Semantically, it fails miserably. There's nothing in the description above that constitutes signing. In fact, calling whatever Alice creates a "digital signature" was probably the most unfortunate nomenclature mistake in the history of cryptography.
There is always a semantic gap between a "signature" and a "declaration of intention". It is not an inherent property of a hand-written name under some text to mean "I agree", but it is widely agreed in our society that such a hand-written name constitutes some form of agreement. The society could accept the same for digital signatures, so I don't really see the difference.
Remember the car that parked in front of your house while you copied the data to the floppy disk?
In the car, someone intercepted the electromagnetic waves coming from your computer and reconstructed the data from them. He then made a million copies of the data and distributed them to hidden places all over the world.
Hey, if their algorithm works on random data, re-apply it to the output, and it will be compressed again. You can do this again and again, until only one bit is left!
Now, let's uncompress a 0 bit and a 1 bit. All software ever written and ever to be written in the future must come out, since there cannot be anything which compresses to anything else than a 0 or 1 bit, if compressed to a single bit.
My point is: Never run a command as complex as make, which can invoke other commands, as root!
Since I run make install as ordinary user, an rm could "only" delete my home directory (which would admittedly be bad enough), but not destroy the system.
It doesn't help against a trojan in the code to be installed, but it does help against a trojan in the Makefile. A trojan in the code is at least not executed by root; root only runs cp in the process.
There should IMHO only be extremely few commands which root ever runs. I often though of creating a special bin directory for root, and then pointing root's PATH to this directory only, but I have been too lazy to set this up so far.
Re:Running binaries as root
on
Linux Virus Alert
·
· Score: 5, Informative
How many times have you run "make install" as root?
Never. I want to have full control over and knowledge of where each file is installed.
If the Makefile has been generated with GNU Automake (which is true for maybe 90% of all Makefiles I encounter), there is an easy solution: Install with make install DESTDIR=~/tmp as ordinary user, and if you agree with the file layout under ~/tmp, cp the files to their final location as root.
Fun with mathematics
on
The Eyes Have It
·
· Score: 2, Insightful
Let's assume that one out of a million people is a terrorist and will lie when tested with the device. This means that in a group of a hundered million people, 100 liars exist.
If the device identifies a liar with 75% success rate, 75 out of the 100 liars will be found. On the other hand, if the device misidentifies 10% of the truth-tellers as liar, 9,999,990 out of the 99,999,900 truth-tellers will be misidentified.
Therefore, under these assumptions, if the devices indicates someone as a liar, the probability that he's actually lying is 75/(75+9,999,990), roughly 0.000749995%.
Re:Issues with the euro in day-to-day life
on
The Euro
·
· Score: 1
There's no 25 cents coin. Someone tell me why, because I don't understand it. Specially since a coffe here is about 125 pesetas, which is roughly 0.75 euro.
There is also no 99 Cents coin, which is really a shame, given that many things cost some Euros plus 99 Cents.;-)
Sorry, but I don't understand your comment about Loki. Most Loki products are not Open Source, so how does their downfall show that Open Source is failing? If anything, I'd assume it shows that proprietary software is failing.
Slashdot Mirror
I see one risk with such a clause. People in other countries could be tempted to release their software under a license in which they replace "US law" by "law of country X" (with X being their own country). This would make it even harder to enforce the GPL.
On a more personal note, since I come from a country which doesn't (yet) have software patents and a DMCA-like law, I'm quite glad that the GPL doesn't refer to US law specifically. :-)
This would make it unnecessarily difficult to enforce the GPL outside the US (ie, with both parties outside the US). Also, some countries do not have arbitration at all, and it's hard to predict what a judge in such a country would say to such a designation.
However, while a physicist wouldn't dare to design a bridge, computer scientists do write code.
Huh? No longer being able to deny a problem is something else than admitting it.
... which shows that advertising on the internet can work even without large colorful animated flashing obnoxious banners. Sigh. Wish the advertisers would learn this.
From the article (sidebox):
Oops, I didn't know that "source code" and "kernel" are synonyms. ;-)
Boy, I do hate piracy! If I were on a ship, and it'd be entered by strangers who'd kill me and the other crew members, I'd really hate that.
Oh wait, you were talking about copyright infringement...
You talk about "stealing" and "theft", when in fact you seem to mean copyright infringement. Please don't confuse these, they're totally unrelated. (I'm not saying that copyright infringement is okay, but it's not theft!)
Serious question though: How is "theft" defined in U.S. law? Im my country, it only applies if you take something away (sorry, link to German site), which is different from copying something.
You seem to contradict yourself. If you steal a car from the dealer, the dealer doesn't have it any more. But as you have pointed out yourself, if you copy something, the original owner still has it.
To the contrary, monopolies are allowed in Germany, even if a company did not grow to that by itself. The Deutsche Telekom (telecommunications) and the Deutsche Post (postal service) are two examples of such companies. The latter even has its monopoly on delivering letters granted by the government (albeit for a limited time only).
Like in the U.S., abuse of a monopoly is not allowed in Germany.
Even though I am a Free Software zealot (i.e., I wouldn't use a proprietary compiler even if it was both technically better and available at no cost :-)), I think this would be a good thing. The more compilers support gcc's extentions, the easier it'll be to have them included in the next versions of the language standards.
I never said it was easy, but since you seem to agree with me that it is not impossible, you maybe also agree that Schneier's "digital signatures are not signatures" is a bit exaggerated.
Forget doing it on any PC. :-) BTW, I find it kind of scary how it is actually done in Germany...
I don't think this would help much in the case of DDoS attacks. If the distributed attackers are victims themselves, unintentionally running some malware, the malware needn't forge the source IP. The initiator doesn't care if the distributed attackers can be tracked down.
Unless malicious software is involved (i.e., it presents document X to the user to be signed, and when he inserts his smartcard, it really uploads document Y to the smartcard), I don't see why this is unclear. To the contrary, it is next to impossible to alter a digitally signed document in an undetectable way, while this is quite easy for manually signed paper documents.
While I appreciate Schneier's scepticism about such an important issue, I don't fully agree with him. From his article:
There is always a semantic gap between a "signature" and a "declaration of intention". It is not an inherent property of a hand-written name under some text to mean "I agree", but it is widely agreed in our society that such a hand-written name constitutes some form of agreement. The society could accept the same for digital signatures, so I don't really see the difference.
Remember the car that parked in front of your house while you copied the data to the floppy disk?
In the car, someone intercepted the electromagnetic waves coming from your computer and reconstructed the data from them. He then made a million copies of the data and distributed them to hidden places all over the world.
There are various patents on this or similar compression techniques, for example US #5,533,051, US #5,488,364, US #5,486,826, or US #5,594,435.
Hey, if their algorithm works on random data, re-apply it to the output, and it will be compressed again. You can do this again and again, until only one bit is left!
Now, let's uncompress a 0 bit and a 1 bit. All software ever written and ever to be written in the future must come out, since there cannot be anything which compresses to anything else than a 0 or 1 bit, if compressed to a single bit.
Seriously though, the comp.compression FAQ is really worth a read, especially question #9.
The home directories of the other users are most important to me. They'd really hate me if I messed up their data as root.
My point is: Never run a command as complex as make, which can invoke other commands, as root!
Since I run make install as ordinary user, an rm could "only" delete my home directory (which would admittedly be bad enough), but not destroy the system.
It doesn't help against a trojan in the code to be installed, but it does help against a trojan in the Makefile. A trojan in the code is at least not executed by root; root only runs cp in the process.
There should IMHO only be extremely few commands which root ever runs. I often though of creating a special bin directory for root, and then pointing root's PATH to this directory only, but I have been too lazy to set this up so far.
Never. I want to have full control over and knowledge of where each file is installed.
If the Makefile has been generated with GNU Automake (which is true for maybe 90% of all Makefiles I encounter), there is an easy solution: Install with make install DESTDIR=~/tmp as ordinary user, and if you agree with the file layout under ~/tmp, cp the files to their final location as root.
Let's assume that one out of a million people is a terrorist and will lie when tested with the device. This means that in a group of a hundered million people, 100 liars exist.
If the device identifies a liar with 75% success rate, 75 out of the 100 liars will be found. On the other hand, if the device misidentifies 10% of the truth-tellers as liar, 9,999,990 out of the 99,999,900 truth-tellers will be misidentified.
Therefore, under these assumptions, if the devices indicates someone as a liar, the probability that he's actually lying is 75/(75+9,999,990), roughly 0.000749995%.
There is also no 99 Cents coin, which is really a shame, given that many things cost some Euros plus 99 Cents. ;-)
Sorry, but I don't understand your comment about Loki. Most Loki products are not Open Source, so how does their downfall show that Open Source is failing? If anything, I'd assume it shows that proprietary software is failing.