PAE is a hack, and you are stuck with the same amount of addressable memory per process as you are with normal 32-bit addressing. Also, a correction, PAE adds up to 64 GB, with a 36 bit address space.
The Itanium architecture fails because of total lack of backwards compatibility with 32-bit without emulation. Also, even after licensing the amd64 instruction set, they continued to make CPUs without it. And now, even with a WinXP VM included with Win7, they are still making x64 CPUs that won't support the required virtualization tech. Intel just can't seem to get their shit together with 64-bit.
As far as accessing 64-bit registers in 32-bit mode, I thought that was one of the things that "VT-x" or whatever adds. I know that after enabling that I was able to run 64-bit guests VMs on my 32-bit host system.
Funny that you used the word counterfeit, a word that means to make a copy that infringes upon a production monopoly, such as a copyright, design patent, etc. Again, this is not stealing, it is illegitimate copying. In fact, you gave a great example on why it is not stealing. Theft is like robbing a bank, copyright infringement is like printing counterfeit money. Both are wrong, and need to be dealt with. However, one directly deprives someone of a tangible object, while the other may have many indirect consequences, such as dilution of value, but no direct deprivation of something tangible. Most adult humans should be able to understand this difference. They are different problems and need to be treated differently.
Also, please do not put words in my mouth. I never said that I have the right to pirate software and media. In fact, I am arguing that I do not, that is what copyright is, the right to copy. I feel current copyright laws have many problems, especially the endless extensions they keep adding, but I do feel that it needs to exist. They were created to give a limited monopoly to artists and creators so that there is greater incentive to make fantastic things for the public domain. However, those limited rights were supposed end after a specified period of time and then the work becomes public domain. With the many extensions, that purpose is lost and the public domain loses because of that. By your definition of stealing, copyright extensions are stealing from the public.
So using the "#include" mentioned by the AC above in your main application would require that your application be GPL as well, while creating a separate app to include the library would make it so that only the separate app to load the library need to be released as GPL? It does seem a bit heavy-handed to require this for libraries, but I'd assume that is why many libraries are released under LGPL or another less restrictive license. Thanks!
I guess I just do not understand what constitutes linking that requires you open your own source as well. If I write a program that contains the following:
Check for GPL-licensed 'library' If available, run 'library' and get output Use output in own program
Would this require the rest of my program to be released under the GPL?
It seems to me that a lot of closed source applications require open-source libraries, like CutePDF. Or is Ghostscript LGPL?
I can see this being a pretty big headache for lawyers. For example, what if the computers are owned by the company, but used as a kiosk for customers, or if independent contractors use them? Then again, I don't think I have ever seen a GPL violation go to lawsuit without a big effort on the part of the copyright holder to get the offender to comply beforehand.
I have very little programming experience, so perhaps I am missing something. How are Microsoft's drivers in this case different from, lets say, Nvidia's linux drivers? Honestly curious.
Actually, in reality, it is copying, not stealing. If I copy something you made, have I deprived you of anything in reality? Theoretical lost sales are not a real thing. I'm not saying that it is not wrong, I'm saying that it is not theft.
Both of these positions are "rediculas", but yours is taking a far extreme. Software and media "piracy" are not theft, and will never be theft. "Piracy" is akin to going to an art gallery from an artist, taking a picture, and printing it and hanging it on your wall and/or give copies to your friends. You are infringing on their copyright (unless the works are public domain). Stealing/theft would be akin to physically taking one of the artist's prints or one of the paintings on display. While you (and the BSA, ESA, RIAA, MPAA, etc) can't seem to tell the difference, the legal system does. Copyright infringement is a tort offense(not a crime, unless covered by criminal copyright law, i.e. huge provable damages) and can get you sued for monetary damages by the damaged party, while theft is normally treated as a crime and can get you jail time.
While it does not justify the wrong, there is a possible benefit to pirated/bootleg copies in that they can generate discussion and could boost sales. This is probably what they were referring to when they said that UBISOFT should thank the pirates.
Look through your adblock whitelist and remove or disable anything for that site. The whitelist was probably added in the earlier version and never removed.
My payment is that you need to distribute the entire source, including your own changes.
should say this:
My payment is that if you distribute, you need to distribute the entire source, including your own changes.
The GPL does not require distribution of changes if I modify but do not distribute.
Also, I am unsure of how internal distribution is mandated. For example, if I deploy a modified Debian or Ubuntu as a desktop OS for workstations in the company I work for, do i need to deploy a copy of the source code on each machine or include a copy of the license with a form for requesting a CD or DVD of the source code?
DD-WRT is an open-source (though there is talk that they are violating GPL) firmware replacement for some routers. It is pretty unlikely that you will see this on a router not managed by someone with a reasonably high degree of technical knowledge. In this case, a self-signed certificate is far more secure than an open network.
We need browsers to make a clear warning that you are dealing with an unverified connection for self-signed certificates. However, there is little to no warning when you submit credentials over a completely insecure network. In fact, it seems that it would be trivial for a man in the middle attack to create a secure session with the bank site they are spoofing, and a standard http session with the end user that gives practically no warning. Unless the user specifically goes to "https://mybank.com" they might never notice a problem.
I haven't RTFA, but the summary states that the defendant admitted to "sharing files". In my mind, that consists of uploading as well as downloading the content. While I feel that downloading should not be considered copyright infringement(someone else is doing the unauthorized distribution, not the person downloading), uploading seems to definitely infringing on copyright. Also, while I feel fair use should cover things like time and media shifting (I've read somewhere that it technically does not), I don't believe it should ever cover unauthorized distribution.
IANAL, and I am also very much against the tactics employed by the RIAA/MPAA and am for a much reduced copyright term, but by my understanding, "fair use" doesn't apply here.
Too many people seem to think that GPL is a trap to get you to release their precious code. However, it only requires them to release their code if it contains GPL code. At its heart, it is like saying, here is my code, I grant you a license to use, modify, and distribute as much as you would like. My payment is that you need to distribute the entire source, including your own changes.
The bottom line is, if you don't want to be held to the GPL license, either work out a different license with the copyright holders, or write it yourself. If you want free code from someone else with little to no restrictive licensing, use BSD-style licensed code or public domain code.
In my opinion, writing and using GPL code makes more sense from a business perspective than BSD, because you get a community of free and paid developers to add to your own, and other businesses need to release their improvements so that you can use them as well, protecting your ability to compete.
Do you know how HTTPS works? Granted, your browser will give you a warning that it cannot verify your self-signed certificate against Verisign or any of the other SSL certificate issuers, but all you need to do is install the certificate when you connect the first time and it is no longer a problem. Also, unless you are worried that something else on YOUR network is spoofing your router, you can be reasonably sure that when you connect to "https://192.168.1.1/" or whatever that you are on a secure channel with your own router. Self-signed certificates are only defeated when you have no way to verify that they are who they say there are, not that the encryption is less secure.
On the other hand, you are correct that HTTPS does not fix it in this case, because it has the same vulnerability. This doesn't invalidate the need for secure communications through.
How would you react if you were served papers to appear in court against a patent troll for a business you no longer run and for a patent that you did not violate? I would be absolutely furious and would probably not react any better. It is much easier to act high and mighty from behind a computer screen and your ass is not on the line.
It is obvious that he was only sued so because he lives in East Texas presently and had a software-related business. He is being used as a gateway to sue in that patent-holder friendly district. It is total bullshit and he called them out on it.
Copy-pasta trolling is guaranteed right in the U.S.
Seriously though, while I find that post atrocious, outlawing free speech would be far worse. Your right to not be offended does not outweigh my right to speak my mind.
No that would not be a good defense on its own, but they are not selling or even distributing the code as far as I can tell. The summary seems to be incorrect in calling them a "software company", as from what I gather they were more of a webhosting company. If patent lawsuits can include what amounts to end-users that could in no way have known they were using something that was patented, then the patent system has moved from merely totally fucked to being an outright travesty. Say, for example, that Microsoft Windows violates a patent, should the patent holders be able to sue every user of Microsoft Windows?
Linux on the desktop is the same as linux on the server. While the workload and applications might be different(often called the userland), the base system is very much going to be the same. Also, the security model is the same. I feel one thing keeping standard users from using it is that the security model is so much different than what they are used to. Look at the backlash against Vista. Much of it was due to the different security model that is very similar to how many of the more popular linux distributions behave. In essence, it is/was common practice in Windows to run as an administrative account ALL of the time. This means anything you do has nearly unlimited access to the rest of the system. This is why a flaw in image viewer code in Internet Explorer can infect an entire computer. In most linux distributions, you cannot even log into the desktop environment (gui) as root (administrator account). Also, when you need to install something or make a change that you need administrator access for, you will be prompted for your password and the administrator account will be invoked. This is slightly different from (and, in my opinion, better than) UAC in Vista where you run as an administrator but your privileges are limited until it prompts you to do something with the full rights. For one, not needing to enter your password means that users get accustomed to just clicking OK when the prompt comes up. Anyway, the idea is still similar and is a big part of why Vista is far more secure than XP in standard use. Another reason is that MS has actually put a heavier emphasis on coding securely to begin with, which linux has been keeping an emphasis on for much longer.
Not only could someone just put up an infected repository,
At which point the user would need to add the repository themselves. The average user will use only the default repositories, which are far more secure than downloading the applications you want from random websites.
but after gaining control of a system in the first place, a hacker could inject their own repositories into the infected computer's list as a secondary means of updating their code or adding extra infections.
This argument is moot. After gaining control of any system, the "hacker" could do whatever the hell they want. This is the point where you are fucked, doesn't matter whether it is windows, linux, mac, or a toaster. Adding an infected repository would actually be easier to fix than if they installed a rootkit that runs invisibly to most of the system.
Linux is far from security by obscurity. It is only obscure on the desktop. In server rooms and especially on web servers it has a huge marketshare. There is no "linux home edition" that is running a very different base system like there is with windows.
I grant that MS would need to walk on eggshells here to prevent even more lawsuits, but I can't see how it wouldn open the door to malware any more than any other update mechanism for Windows. Not doing something just because it is possible (not even that it increases the risk) for it to be exploited would mean nothing would ever get done.
As for toolbars, they should stick with the current MSI/MSP model. When you install using an MSI file, there is normally a section asking what sections of the application that you want to install. When you run an MSP over that, it only updates what was installed. This means if you said no to the toolbar on the first install, the patch will not install the toolbar either. If the user goes to the Add/Remove Programs and chooses Modify, they can install the other sections of the application, like the toolbar. If a new feature is added, a mechanism should be put in place to prompt the user if they want to install this new toolbar/widget/dancing bear. Its probably possible for an MSP to force the toolbar, but that is not MS's fault, it is an application maker that is ignoring user preferences. If an application maker did this to me, I would stop using their app.
To counter the argument that this would give MS more power and lawsuits to follow, they would probably have to make this optional for the application to us. Not having to write and maintain your own updater should be a pretty sufficient reason for an application maker to use the updater. It also will mean users are more likely to keep their programs up to date and they will have less support cases about issues already fixed by an update.
I do agree that the Apple App store model would be terrible, especially since that means MS would need to host and control the single repository. This almost certainly would lead to lawsuits, and would add a huge burden of overhead for them to maintain.
Certificates. When a user purchases software, issue them a certificate that is added to the package manager along with the repository location and its signing key. Configure your repository server to not issue updates if the user's certificate is either revoked, expired or invalid. Although one thing I believe probably should have its own updater would be antivirus/antimalware because you may want that on a separate schedule from your usual updates. For example, I may want my applications to update weekly or monthly, but my antivirus signatures to update daily or hourly.
I've read that using dd to write straight zeros is actually more effective than even using a full Gutmann wipe with DBAN. And now that I've said this, I can't find the article with just a few google searches and don't really feel like looking further. Then again, nothing quite beats a large hammer and/or some explosives.
They might be taking the lazy way out and instead of providing a new full package and updates for the older package, they are just providing the updates and expecting new users to download the patches right away. This is more work than just redirecting the link, as they would actually need to build the entire installer.
Slashdot Mirror
PAE is a hack, and you are stuck with the same amount of addressable memory per process as you are with normal 32-bit addressing. Also, a correction, PAE adds up to 64 GB, with a 36 bit address space.
The Itanium architecture fails because of total lack of backwards compatibility with 32-bit without emulation. Also, even after licensing the amd64 instruction set, they continued to make CPUs without it. And now, even with a WinXP VM included with Win7, they are still making x64 CPUs that won't support the required virtualization tech. Intel just can't seem to get their shit together with 64-bit.
As far as accessing 64-bit registers in 32-bit mode, I thought that was one of the things that "VT-x" or whatever adds. I know that after enabling that I was able to run 64-bit guests VMs on my 32-bit host system.
Well, 0.3 usually translates to 30%, so that is how I read it. I see McAfee is involved somehow, so that is likely an improvement for them.
Funny that you used the word counterfeit, a word that means to make a copy that infringes upon a production monopoly, such as a copyright, design patent, etc. Again, this is not stealing, it is illegitimate copying. In fact, you gave a great example on why it is not stealing. Theft is like robbing a bank, copyright infringement is like printing counterfeit money. Both are wrong, and need to be dealt with. However, one directly deprives someone of a tangible object, while the other may have many indirect consequences, such as dilution of value, but no direct deprivation of something tangible. Most adult humans should be able to understand this difference. They are different problems and need to be treated differently.
Also, please do not put words in my mouth. I never said that I have the right to pirate software and media. In fact, I am arguing that I do not, that is what copyright is, the right to copy. I feel current copyright laws have many problems, especially the endless extensions they keep adding, but I do feel that it needs to exist. They were created to give a limited monopoly to artists and creators so that there is greater incentive to make fantastic things for the public domain. However, those limited rights were supposed end after a specified period of time and then the work becomes public domain. With the many extensions, that purpose is lost and the public domain loses because of that. By your definition of stealing, copyright extensions are stealing from the public.
So using the "#include" mentioned by the AC above in your main application would require that your application be GPL as well, while creating a separate app to include the library would make it so that only the separate app to load the library need to be released as GPL? It does seem a bit heavy-handed to require this for libraries, but I'd assume that is why many libraries are released under LGPL or another less restrictive license. Thanks!
I guess I just do not understand what constitutes linking that requires you open your own source as well. If I write a program that contains the following:
Check for GPL-licensed 'library'
If available, run 'library' and get output
Use output in own program
Would this require the rest of my program to be released under the GPL?
It seems to me that a lot of closed source applications require open-source libraries, like CutePDF. Or is Ghostscript LGPL?
I can see this being a pretty big headache for lawyers. For example, what if the computers are owned by the company, but used as a kiosk for customers, or if independent contractors use them? Then again, I don't think I have ever seen a GPL violation go to lawsuit without a big effort on the part of the copyright holder to get the offender to comply beforehand.
I have very little programming experience, so perhaps I am missing something. How are Microsoft's drivers in this case different from, lets say, Nvidia's linux drivers? Honestly curious.
Actually, in reality, it is copying, not stealing. If I copy something you made, have I deprived you of anything in reality? Theoretical lost sales are not a real thing. I'm not saying that it is not wrong, I'm saying that it is not theft.
Both of these positions are "rediculas", but yours is taking a far extreme. Software and media "piracy" are not theft, and will never be theft. "Piracy" is akin to going to an art gallery from an artist, taking a picture, and printing it and hanging it on your wall and/or give copies to your friends. You are infringing on their copyright (unless the works are public domain). Stealing/theft would be akin to physically taking one of the artist's prints or one of the paintings on display. While you (and the BSA, ESA, RIAA, MPAA, etc) can't seem to tell the difference, the legal system does. Copyright infringement is a tort offense(not a crime, unless covered by criminal copyright law, i.e. huge provable damages) and can get you sued for monetary damages by the damaged party, while theft is normally treated as a crime and can get you jail time.
While it does not justify the wrong, there is a possible benefit to pirated/bootleg copies in that they can generate discussion and could boost sales. This is probably what they were referring to when they said that UBISOFT should thank the pirates.
IANAL, etc.
Look through your adblock whitelist and remove or disable anything for that site. The whitelist was probably added in the earlier version and never removed.
Whoops, this:
My payment is that you need to distribute the entire source, including your own changes.
should say this:
My payment is that if you distribute, you need to distribute the entire source, including your own changes.
The GPL does not require distribution of changes if I modify but do not distribute.
Also, I am unsure of how internal distribution is mandated. For example, if I deploy a modified Debian or Ubuntu as a desktop OS for workstations in the company I work for, do i need to deploy a copy of the source code on each machine or include a copy of the license with a form for requesting a CD or DVD of the source code?
DD-WRT is an open-source (though there is talk that they are violating GPL) firmware replacement for some routers. It is pretty unlikely that you will see this on a router not managed by someone with a reasonably high degree of technical knowledge. In this case, a self-signed certificate is far more secure than an open network.
We need browsers to make a clear warning that you are dealing with an unverified connection for self-signed certificates. However, there is little to no warning when you submit credentials over a completely insecure network. In fact, it seems that it would be trivial for a man in the middle attack to create a secure session with the bank site they are spoofing, and a standard http session with the end user that gives practically no warning. Unless the user specifically goes to "https://mybank.com" they might never notice a problem.
I haven't RTFA, but the summary states that the defendant admitted to "sharing files". In my mind, that consists of uploading as well as downloading the content. While I feel that downloading should not be considered copyright infringement(someone else is doing the unauthorized distribution, not the person downloading), uploading seems to definitely infringing on copyright. Also, while I feel fair use should cover things like time and media shifting (I've read somewhere that it technically does not), I don't believe it should ever cover unauthorized distribution.
IANAL, and I am also very much against the tactics employed by the RIAA/MPAA and am for a much reduced copyright term, but by my understanding, "fair use" doesn't apply here.
This.
Too many people seem to think that GPL is a trap to get you to release their precious code. However, it only requires them to release their code if it contains GPL code. At its heart, it is like saying, here is my code, I grant you a license to use, modify, and distribute as much as you would like. My payment is that you need to distribute the entire source, including your own changes.
The bottom line is, if you don't want to be held to the GPL license, either work out a different license with the copyright holders, or write it yourself. If you want free code from someone else with little to no restrictive licensing, use BSD-style licensed code or public domain code.
In my opinion, writing and using GPL code makes more sense from a business perspective than BSD, because you get a community of free and paid developers to add to your own, and other businesses need to release their improvements so that you can use them as well, protecting your ability to compete.
Do you know how HTTPS works? Granted, your browser will give you a warning that it cannot verify your self-signed certificate against Verisign or any of the other SSL certificate issuers, but all you need to do is install the certificate when you connect the first time and it is no longer a problem. Also, unless you are worried that something else on YOUR network is spoofing your router, you can be reasonably sure that when you connect to "https://192.168.1.1/" or whatever that you are on a secure channel with your own router. Self-signed certificates are only defeated when you have no way to verify that they are who they say there are, not that the encryption is less secure.
On the other hand, you are correct that HTTPS does not fix it in this case, because it has the same vulnerability. This doesn't invalidate the need for secure communications through.
How would you react if you were served papers to appear in court against a patent troll for a business you no longer run and for a patent that you did not violate? I would be absolutely furious and would probably not react any better. It is much easier to act high and mighty from behind a computer screen and your ass is not on the line.
It is obvious that he was only sued so because he lives in East Texas presently and had a software-related business. He is being used as a gateway to sue in that patent-holder friendly district. It is total bullshit and he called them out on it.
Copy-pasta trolling is guaranteed right in the U.S.
Seriously though, while I find that post atrocious, outlawing free speech would be far worse. Your right to not be offended does not outweigh my right to speak my mind.
No that would not be a good defense on its own, but they are not selling or even distributing the code as far as I can tell. The summary seems to be incorrect in calling them a "software company", as from what I gather they were more of a webhosting company. If patent lawsuits can include what amounts to end-users that could in no way have known they were using something that was patented, then the patent system has moved from merely totally fucked to being an outright travesty. Say, for example, that Microsoft Windows violates a patent, should the patent holders be able to sue every user of Microsoft Windows?
Linux on the desktop is the same as linux on the server. While the workload and applications might be different(often called the userland), the base system is very much going to be the same. Also, the security model is the same. I feel one thing keeping standard users from using it is that the security model is so much different than what they are used to. Look at the backlash against Vista. Much of it was due to the different security model that is very similar to how many of the more popular linux distributions behave. In essence, it is/was common practice in Windows to run as an administrative account ALL of the time. This means anything you do has nearly unlimited access to the rest of the system. This is why a flaw in image viewer code in Internet Explorer can infect an entire computer. In most linux distributions, you cannot even log into the desktop environment (gui) as root (administrator account). Also, when you need to install something or make a change that you need administrator access for, you will be prompted for your password and the administrator account will be invoked. This is slightly different from (and, in my opinion, better than) UAC in Vista where you run as an administrator but your privileges are limited until it prompts you to do something with the full rights. For one, not needing to enter your password means that users get accustomed to just clicking OK when the prompt comes up. Anyway, the idea is still similar and is a big part of why Vista is far more secure than XP in standard use. Another reason is that MS has actually put a heavier emphasis on coding securely to begin with, which linux has been keeping an emphasis on for much longer.
Not only could someone just put up an infected repository,
At which point the user would need to add the repository themselves. The average user will use only the default repositories, which are far more secure than downloading the applications you want from random websites.
but after gaining control of a system in the first place, a hacker could inject their own repositories into the infected computer's list as a secondary means of updating their code or adding extra infections.
This argument is moot. After gaining control of any system, the "hacker" could do whatever the hell they want. This is the point where you are fucked, doesn't matter whether it is windows, linux, mac, or a toaster. Adding an infected repository would actually be easier to fix than if they installed a rootkit that runs invisibly to most of the system.
Linux is far from security by obscurity. It is only obscure on the desktop. In server rooms and especially on web servers it has a huge marketshare. There is no "linux home edition" that is running a very different base system like there is with windows.
I grant that MS would need to walk on eggshells here to prevent even more lawsuits, but I can't see how it wouldn open the door to malware any more than any other update mechanism for Windows. Not doing something just because it is possible (not even that it increases the risk) for it to be exploited would mean nothing would ever get done.
As for toolbars, they should stick with the current MSI/MSP model. When you install using an MSI file, there is normally a section asking what sections of the application that you want to install. When you run an MSP over that, it only updates what was installed. This means if you said no to the toolbar on the first install, the patch will not install the toolbar either. If the user goes to the Add/Remove Programs and chooses Modify, they can install the other sections of the application, like the toolbar. If a new feature is added, a mechanism should be put in place to prompt the user if they want to install this new toolbar/widget/dancing bear. Its probably possible for an MSP to force the toolbar, but that is not MS's fault, it is an application maker that is ignoring user preferences. If an application maker did this to me, I would stop using their app.
To counter the argument that this would give MS more power and lawsuits to follow, they would probably have to make this optional for the application to us. Not having to write and maintain your own updater should be a pretty sufficient reason for an application maker to use the updater. It also will mean users are more likely to keep their programs up to date and they will have less support cases about issues already fixed by an update.
I do agree that the Apple App store model would be terrible, especially since that means MS would need to host and control the single repository. This almost certainly would lead to lawsuits, and would add a huge burden of overhead for them to maintain.
Nothing like a good old-fashioned Freudian sex^H^H^Hslip to make your day.
Certificates. When a user purchases software, issue them a certificate that is added to the package manager along with the repository location and its signing key. Configure your repository server to not issue updates if the user's certificate is either revoked, expired or invalid. Although one thing I believe probably should have its own updater would be antivirus/antimalware because you may want that on a separate schedule from your usual updates. For example, I may want my applications to update weekly or monthly, but my antivirus signatures to update daily or hourly.
I've read that using dd to write straight zeros is actually more effective than even using a full Gutmann wipe with DBAN. And now that I've said this, I can't find the article with just a few google searches and don't really feel like looking further. Then again, nothing quite beats a large hammer and/or some explosives.
They might be taking the lazy way out and instead of providing a new full package and updates for the older package, they are just providing the updates and expecting new users to download the patches right away. This is more work than just redirecting the link, as they would actually need to build the entire installer.