Evolution doesn't work that way. And neither does intelligence. (Idiocracy was not a documentary.)
If these idiots were hurting themselves, I'd be fine with it. But they're hurting innocent children. Children who, despite what bad pop science might have you believe, are likely to be as intelligent as the next random person.
They're also hurting unrelated people who cannot, for legitimate medical reasons, get vaccinated.
I don't care how libertarian you are, that doesn't pass the "your right to swing your fist ends at my nose" test.
The pace of improvements slowed...until 2018, when they finally finished integrating babl and gegl with the UI. This was a massive effort, and side issues were put on hold until the work was complete, because without it, The Gimp could no longer remain competitive. However, the release of v2.10 back in April, which was a massive improvement over the 2.8 series, meant that they could finally turn their attention back to features. (Not counting all the ones which magically appeared once gegl was accessible through the UI.)
I think you have things backwards here. The EFF and the others are asking to make it easier to appeal if your content does get taken down. In other words, they want to make it easier to reverse or cancel a takedown.
And as far as a MITM? I have my browser locked down with Ublock AND Privacy Badger, the DNS automatically blacklists malware addresses
First of all, none of that helps with a MITM attack which modifies the data coming to your system. It may help if the only thing injected is a url where the malware is located, but it doesn't help one bit if the malware is injected directly. The whole point of a MITM attack is that the data seems to be coming from the main host you're connected to.
Second, even if those were effective protection, they're only used by a tiny percentage of the population, and that's unlikely to change anytime soon. So the fact that your system wouldn't become part of a hostile botnet (if your protections were effective, which, again, they're not) doesn't mean that hostile botnets would become less common.
I mean is there a reason I should give a single flying flipping fuck if someone knows I'm looking at a simple website serving only.txt and.jpg of ancient CPUs designs like 8088 and AMD K2?
You may not care if someone knows you're looking at that site, but you should care that you only recieve.txt and.jpg of ancient CPUs. Without https, a man-in-the-middle can inject whatever they want into the data, and hijack your system. Not a good thing.
Basically, it's the same reason that Linux vendors use crypto on their packages. Except they just use signatures rather than encrypting the actual data--but nothing in the w3c standards supports just using signatures, so full encryption is the only available solution.
So, no. I don't care how old and static and simple your site is. You should be using https for the safety of your users.
(And no, it doesn't help Google collect data. It does, however, reduce the number of DDoSes and the amount of clickfraud they experience from pwned systems.)
Yes, it's such a drag to have your application come back and allow you to continue working quickly. So much better to have it make you sit around waiting with your thumb up your ass while the entire IO operation completes.
Thanks but no thanks. I'll take the very minor inconvenience of an eject operation (with an occasional delay while the system finishes writing before completing the eject) over the constant inconvenience of waiting on IO.
Yup, C++11 is what stopped me from abandoning C++ entirely. In addition to the new versions of "for" and "auto", which were insanely huge improvements, there's the first-class lambdas, which eliminate most of the need for all those contrived, horrible binding and function templates which 98 relied so heavily on.
And rvalue references may look a bit confusing, but the end result is a huge performance boost (especially in the standard library) for very little cost.
C++98 was a terrible language. C++11 (and later) is turning into a halfway decent one.
Because without https, your site becomes a danger to others, since it can be so easily hijacked by a MITM attack. Which is why the EFF (Winer is simply wrong about blaming it on Google) is working so hard to get https adopted everywhere.
I bet if you serve static html pages and only allow http access from the net that box in the closet will never get hacked.
The box may never get hacked (emphasis on may), but that doesn't do much to stop MITM attacks. Which is where https comes in.
(I realize that isn't the point you were addressing, and your comment was perfectly correct. I'm just bringing this back around to the original topic.)
Yes, the Chinese Government always has access to any servers hosted on American soil. And vice versa. No reason either country (or any others) would ever have to use MITM attacks. Oh no, of course not. All the countries in the world are happy to work together at all times.:rolleyes:
The problem with that theory is that HTTPS Everywhere is run by the EFF and Tor, not Google!
Let's Encrypt is the joint project which Google is involved with. But again, the EFF is also a major backer of the project. And frankly? The EFF has a much better record of supporting my privacy and freedom than Anonymous Coward. Forgive me if I continue to find them more reliable and trustworthy than some random Internet guy.
It will certainly help Google sell certificates...
How will it do that when the Internet Security Research Group (which is backed by the EFF among others--including, yes, Google) is giving them away for free?
The problem here is the assumption (which Winer got from God-only-knows where) that Google is the one behind the drive to use https, when, in fact, the EFF and Tor are major backers of the push. And, while I don't trust Google as far as I could throw them, I trust the EFF and Tor a lot more than I trust this Winer guy.
Dave Winer seems to think this is a Google thing. In point of fact, HTTPS Everywhere is sponsored by the EFF and Tor. And Let's Encrypt is run by an umbrella organization whose members include the EFF and Mozilla as well as Google, Cisco, and Akamai.
I don't have much trust for Google, but I do have a lot more trust for the EFF than I do for some random software developer. Even if he's old. I'm sure Winer is well-intentioned (given his history), but he doesn't seem to have done his research very well, in this case.
The EFF's reasons for supporting https are a lot stronger than Winer seems to realize. Google's reasons, I can't address, since I'm not familiar with them, but the EFF's arguments are pretty strong. MITM attacks at the government actor level are not just hypothetical.
From the EFF's page:
Content injection is when someone adds data or code to your communications with an HTTP web page. For example, it's how GCHQ and NSA took over a Belgian ISP's computers. Content injection is also how China took down GitHub with a massive DDoS attack, dubbed "The Great Cannon". Content injection is also becoming popular with ISPs. Verizon injected tracking headers into every request made by their customers. And Comcast injects pop-ups into sites where they don't belong. All of these attacks can be stopped by HTTPS, provided it is implemented and made default on enough sites.
Now, I admit there are still some questions which aren't as frequently discussed as they should be, such as private LANs where https isn't an option. (I have http services running on such a LAN myself.) But that can be dealt with. For IP4, it's fairly easy--whitelist private ranges. For IP6, you'd have to have a way of designating your trusted network. But it can be dealt with. And the public Internet should be encrypted. Anyone who argues otherwise is simply clueless. (Or culpable.)
No one in this thread (neither me nor anyone else) has claimed that "the GPL is copyright"--your reasoning here is pure strawman--but that doesn't change the fact that all possible violations of the GPL are also copyright violations. In the eyes of the law, this is purely a coincidence (even though the GPL was carefully written to ensure that this would be the case). Thus, the violation of copyright and the breach of contract are separate matters to be judged separately.
The GPL explicitly allows anything copyright allows. Thus, all violations of the GPL are violations of copyright law. Not because the law says so, but because it's logically impossible for it to be otherwise.
But because they're separate issues in the eyes of the law, you can still be guilty of both. The contract issue isn't going to be dismissed just because it happens to involve copyright violation. Even though all possible contract violations happen to be copyright violations, the law is still going to judge on a case-by-case basis, since the GPL is a contract/license, not a law.
So, the bottom line is that the OP's claim ("violating the GPL is violating the law") is true, not because the GPL is part of copyright law (your bizarre strawman theory), but because only actions which would otherwise violate copyright law are capable of violating the GPL. There doesn't have to be an explicit legal link if one set of actions is a strict subset of the other. Which it is.
A single action can be the subject of multiple charges. In this case, Artifex decided to sue for both copyright infringement and breach of contract for the same action--distributing a derived version of their software. Why? 1. it's considered good practice to throw all the charges you can in court, in case some of them don't stick. 2. It can result in a bigger judgment/more money to win on multiple charges.
And no, the courts wouldn't have dismissed the claim just because it was also a copyright violation. That's not how things work. If you steal from your employer, they're likely to charge you with both theft (or embezzlement) and breach of your employment contract. The fact that your behavior was against the law doesn't change the fact that it also violated your contract, and certainly doesn't render it irrelevant. Why would it? Why on earth would those charges be dismissed? The things you people come up with. Sheesh!
Bottom line, the GPL only covers the distribution of software, and thus, it is impossible to violate the GPL without distributing the software, and distributing without the permission granted by the GPL is a copyright violation, so any violation of the GPL is, inherently, a copyright violation.
It doesn't matter that it's a contract. You still can't violate the GPL without violating copyright, because you can't agree to the GPL except by engaging in behavior (distribution) which would be a copyright violation if not for the GPL. If you haven't distributed the code, you're not bound by the contract. If you have, and you violate the GPL, then you've also violated copyright, because you distributed the code without a valid contract/license. There are no other possibilities with the GPL (even if there certainly are with contracts in general).
Not all automobiles are trucks, but all automobiles which are trucks are trucks, and all violations of the GPL are copyright infringements, because the GPL doesn't apply to any not-potentially-infringing activities.
And I'm not sure what you think Artifex proves, since Artifex sued for copyright violation as well as contract violation. Which is sensible, because it's impossible to violate the GPL without violating copyright law.
No, if you violate the GPL, you violate the GPL. You do not necessarily violate copyright.
The GPL says that you do not have to accept its terms, and can simply abide by normal copyright rules instead. So, unless you're doing something that would otherwise violate copyright, it doesn't even apply. And you can't violate the GPL when it doesn't even apply!
So that only leaves cases where 1. you're violating what copyright law would allow, but following the GPL (which is fine) or 2. violating what copyright law would allow and violating the GPL. Thus, if you're violating the GPL, you're violating copyright law.
It's really that simple.
Specifically, you may modify the source code but you must publish your modifications if you re-distribute.
That's not a restriction. Copyright law doesn't allow you to redistribute in the first place, so that's a merely a limited grant of permission. You can redistribute (which copyright law doesn't allow) if and only if you do X. That doesn't make X a restriction. It makes X a contingent condition on the permission you wouldn't otherwise have. The sum total is still more permissions than you would have had otherwise. Even if you don't like the specific conditions.
After all, if you don't like the GPL's conditions, you can ignore them and follow copyright law instead. So how can that possibly be a restriction of any sort? The only immutable restrictions are those which are not allowed by copyright law or by the GPL. And the only reason you have to obey those restrictions is because they're part of copyright law. The GPL doesn't restrict you at all. Copyright law does all the restricting. The GPL simply outlines the very specific terms under which you can ignore the normal restrictions of copyright law.
In the US, at least, a lawyer (robo- or otherwise) cannot sue on your behalf without permission from you. So you can't be bankrupted by these evil robo-lawyers unless you agree to pursue the suit. In which case, you probably deserve to be bankrupt.
If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked.
The GPL doesn't have to be "codified into law", because nothing else gives you permission to distribute the code in question. The only purpose of the GPL, really, is to provide people with a defense against infringement charges by the copyright holders. And technically, it contains no restrictions at all--it simply has limits on the otherwise-illegal things allows you to do. Anything copyright law allows, the GPL allows. So the only way to "violate the GPL" is to do something against the law.
That said, we still have no idea whether GR Security is violating the GPL (and thus copyright law). All we really know is that Bruce is entitled to his opinion.
A "privately operated company" that only still exists because of decades of government support.
They're "privately operat[ing]" on government handouts. So, yeah, seems pretty reasonable to me that the government gets a say in how they operate. You might question whether they should be operating at all, but that's a separate question.
Slashdot Mirror
Evolution doesn't work that way. And neither does intelligence. (Idiocracy was not a documentary.)
If these idiots were hurting themselves, I'd be fine with it. But they're hurting innocent children. Children who, despite what bad pop science might have you believe, are likely to be as intelligent as the next random person.
They're also hurting unrelated people who cannot, for legitimate medical reasons, get vaccinated.
I don't care how libertarian you are, that doesn't pass the "your right to swing your fist ends at my nose" test.
Emacs has shipped with a systemd unit file since v26.0.
http://git.savannah.gnu.org/cg...
The version I always heard was: "Looks nice on the outside but...Intel Inside".
http://lmgtfy.com/?s=d&q=whingeing
The pace of improvements slowed...until 2018, when they finally finished integrating babl and gegl with the UI. This was a massive effort, and side issues were put on hold until the work was complete, because without it, The Gimp could no longer remain competitive. However, the release of v2.10 back in April, which was a massive improvement over the 2.8 series, meant that they could finally turn their attention back to features. (Not counting all the ones which magically appeared once gegl was accessible through the UI.)
I think you have things backwards here. The EFF and the others are asking to make it easier to appeal if your content does get taken down. In other words, they want to make it easier to reverse or cancel a takedown.
And as far as a MITM? I have my browser locked down with Ublock AND Privacy Badger, the DNS automatically blacklists malware addresses
First of all, none of that helps with a MITM attack which modifies the data coming to your system. It may help if the only thing injected is a url where the malware is located, but it doesn't help one bit if the malware is injected directly. The whole point of a MITM attack is that the data seems to be coming from the main host you're connected to.
Second, even if those were effective protection, they're only used by a tiny percentage of the population, and that's unlikely to change anytime soon. So the fact that your system wouldn't become part of a hostile botnet (if your protections were effective, which, again, they're not) doesn't mean that hostile botnets would become less common.
I mean is there a reason I should give a single flying flipping fuck if someone knows I'm looking at a simple website serving only .txt and .jpg of ancient CPUs designs like 8088 and AMD K2?
You may not care if someone knows you're looking at that site, but you should care that you only recieve .txt and .jpg of ancient CPUs. Without https, a man-in-the-middle can inject whatever they want into the data, and hijack your system. Not a good thing.
Basically, it's the same reason that Linux vendors use crypto on their packages. Except they just use signatures rather than encrypting the actual data--but nothing in the w3c standards supports just using signatures, so full encryption is the only available solution.
So, no. I don't care how old and static and simple your site is. You should be using https for the safety of your users.
(And no, it doesn't help Google collect data. It does, however, reduce the number of DDoSes and the amount of clickfraud they experience from pwned systems.)
Yes, it's such a drag to have your application come back and allow you to continue working quickly. So much better to have it make you sit around waiting with your thumb up your ass while the entire IO operation completes.
Thanks but no thanks. I'll take the very minor inconvenience of an eject operation (with an occasional delay while the system finishes writing before completing the eject) over the constant inconvenience of waiting on IO.
Yup, C++11 is what stopped me from abandoning C++ entirely. In addition to the new versions of "for" and "auto", which were insanely huge improvements, there's the first-class lambdas, which eliminate most of the need for all those contrived, horrible binding and function templates which 98 relied so heavily on.
And rvalue references may look a bit confusing, but the end result is a huge performance boost (especially in the standard library) for very little cost.
C++98 was a terrible language. C++11 (and later) is turning into a halfway decent one.
Because without https, your site becomes a danger to others, since it can be so easily hijacked by a MITM attack. Which is why the EFF (Winer is simply wrong about blaming it on Google) is working so hard to get https adopted everywhere.
I bet if you serve static html pages and only allow http access from the net that box in the closet will never get hacked.
The box may never get hacked (emphasis on may), but that doesn't do much to stop MITM attacks. Which is where https comes in.
(I realize that isn't the point you were addressing, and your comment was perfectly correct. I'm just bringing this back around to the original topic.)
Yes, the Chinese Government always has access to any servers hosted on American soil. And vice versa. No reason either country (or any others) would ever have to use MITM attacks. Oh no, of course not. All the countries in the world are happy to work together at all times. :rolleyes:
Now there's a winning argument for you:
"Hey Webmaster!"
"Yes?"
"You shouldn't use https!"
"Oh? Why not?"
"With regular http, it's easier for people to block the ads which fund your site."
"I see. Yes, I certainly do hate having an income."
The problem with that theory is that HTTPS Everywhere is run by the EFF and Tor, not Google!
Let's Encrypt is the joint project which Google is involved with. But again, the EFF is also a major backer of the project. And frankly? The EFF has a much better record of supporting my privacy and freedom than Anonymous Coward. Forgive me if I continue to find them more reliable and trustworthy than some random Internet guy.
It will certainly help Google sell certificates ...
How will it do that when the Internet Security Research Group (which is backed by the EFF among others--including, yes, Google) is giving them away for free?
The problem here is the assumption (which Winer got from God-only-knows where) that Google is the one behind the drive to use https, when, in fact, the EFF and Tor are major backers of the push. And, while I don't trust Google as far as I could throw them, I trust the EFF and Tor a lot more than I trust this Winer guy.
Dave Winer seems to think this is a Google thing. In point of fact, HTTPS Everywhere is sponsored by the EFF and Tor. And Let's Encrypt is run by an umbrella organization whose members include the EFF and Mozilla as well as Google, Cisco, and Akamai.
I don't have much trust for Google, but I do have a lot more trust for the EFF than I do for some random software developer. Even if he's old. I'm sure Winer is well-intentioned (given his history), but he doesn't seem to have done his research very well, in this case.
The EFF's reasons for supporting https are a lot stronger than Winer seems to realize. Google's reasons, I can't address, since I'm not familiar with them, but the EFF's arguments are pretty strong. MITM attacks at the government actor level are not just hypothetical.
From the EFF's page:
Content injection is when someone adds data or code to your communications with an HTTP web page. For example, it's how GCHQ and NSA took over a Belgian ISP's computers. Content injection is also how China took down GitHub with a massive DDoS attack, dubbed "The Great Cannon". Content injection is also becoming popular with ISPs. Verizon injected tracking headers into every request made by their customers. And Comcast injects pop-ups into sites where they don't belong. All of these attacks can be stopped by HTTPS, provided it is implemented and made default on enough sites.
Now, I admit there are still some questions which aren't as frequently discussed as they should be, such as private LANs where https isn't an option. (I have http services running on such a LAN myself.) But that can be dealt with. For IP4, it's fairly easy--whitelist private ranges. For IP6, you'd have to have a way of designating your trusted network. But it can be dealt with. And the public Internet should be encrypted. Anyone who argues otherwise is simply clueless. (Or culpable.)
No one in this thread (neither me nor anyone else) has claimed that "the GPL is copyright"--your reasoning here is pure strawman--but that doesn't change the fact that all possible violations of the GPL are also copyright violations. In the eyes of the law, this is purely a coincidence (even though the GPL was carefully written to ensure that this would be the case). Thus, the violation of copyright and the breach of contract are separate matters to be judged separately.
The GPL explicitly allows anything copyright allows. Thus, all violations of the GPL are violations of copyright law. Not because the law says so, but because it's logically impossible for it to be otherwise.
But because they're separate issues in the eyes of the law, you can still be guilty of both. The contract issue isn't going to be dismissed just because it happens to involve copyright violation. Even though all possible contract violations happen to be copyright violations, the law is still going to judge on a case-by-case basis, since the GPL is a contract/license, not a law.
So, the bottom line is that the OP's claim ("violating the GPL is violating the law") is true, not because the GPL is part of copyright law (your bizarre strawman theory), but because only actions which would otherwise violate copyright law are capable of violating the GPL. There doesn't have to be an explicit legal link if one set of actions is a strict subset of the other. Which it is.
A single action can be the subject of multiple charges. In this case, Artifex decided to sue for both copyright infringement and breach of contract for the same action--distributing a derived version of their software. Why? 1. it's considered good practice to throw all the charges you can in court, in case some of them don't stick. 2. It can result in a bigger judgment/more money to win on multiple charges.
And no, the courts wouldn't have dismissed the claim just because it was also a copyright violation. That's not how things work. If you steal from your employer, they're likely to charge you with both theft (or embezzlement) and breach of your employment contract. The fact that your behavior was against the law doesn't change the fact that it also violated your contract, and certainly doesn't render it irrelevant. Why would it? Why on earth would those charges be dismissed? The things you people come up with. Sheesh!
Bottom line, the GPL only covers the distribution of software, and thus, it is impossible to violate the GPL without distributing the software, and distributing without the permission granted by the GPL is a copyright violation, so any violation of the GPL is, inherently, a copyright violation.
It doesn't matter that it's a contract. You still can't violate the GPL without violating copyright, because you can't agree to the GPL except by engaging in behavior (distribution) which would be a copyright violation if not for the GPL. If you haven't distributed the code, you're not bound by the contract. If you have, and you violate the GPL, then you've also violated copyright, because you distributed the code without a valid contract/license. There are no other possibilities with the GPL (even if there certainly are with contracts in general).
Not all automobiles are trucks, but all automobiles which are trucks are trucks, and all violations of the GPL are copyright infringements, because the GPL doesn't apply to any not-potentially-infringing activities.
And I'm not sure what you think Artifex proves, since Artifex sued for copyright violation as well as contract violation. Which is sensible, because it's impossible to violate the GPL without violating copyright law.
No, if you violate the GPL, you violate the GPL. You do not necessarily violate copyright.
The GPL says that you do not have to accept its terms, and can simply abide by normal copyright rules instead. So, unless you're doing something that would otherwise violate copyright, it doesn't even apply. And you can't violate the GPL when it doesn't even apply!
So that only leaves cases where 1. you're violating what copyright law would allow, but following the GPL (which is fine) or 2. violating what copyright law would allow and violating the GPL. Thus, if you're violating the GPL, you're violating copyright law.
It's really that simple.
Specifically, you may modify the source code but you must publish your modifications if you re-distribute.
That's not a restriction. Copyright law doesn't allow you to redistribute in the first place, so that's a merely a limited grant of permission. You can redistribute (which copyright law doesn't allow) if and only if you do X. That doesn't make X a restriction. It makes X a contingent condition on the permission you wouldn't otherwise have. The sum total is still more permissions than you would have had otherwise. Even if you don't like the specific conditions.
After all, if you don't like the GPL's conditions, you can ignore them and follow copyright law instead. So how can that possibly be a restriction of any sort? The only immutable restrictions are those which are not allowed by copyright law or by the GPL. And the only reason you have to obey those restrictions is because they're part of copyright law. The GPL doesn't restrict you at all. Copyright law does all the restricting. The GPL simply outlines the very specific terms under which you can ignore the normal restrictions of copyright law.
Now children. Behave yourselves. :p ;)
In the US, at least, a lawyer (robo- or otherwise) cannot sue on your behalf without permission from you. So you can't be bankrupted by these evil robo-lawyers unless you agree to pursue the suit. In which case, you probably deserve to be bankrupt.
If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked.
The GPL doesn't have to be "codified into law", because nothing else gives you permission to distribute the code in question. The only purpose of the GPL, really, is to provide people with a defense against infringement charges by the copyright holders. And technically, it contains no restrictions at all--it simply has limits on the otherwise-illegal things allows you to do. Anything copyright law allows, the GPL allows. So the only way to "violate the GPL" is to do something against the law.
That said, we still have no idea whether GR Security is violating the GPL (and thus copyright law). All we really know is that Bruce is entitled to his opinion.
A "privately operated company" that only still exists because of decades of government support.
They're "privately operat[ing]" on government handouts. So, yeah, seems pretty reasonable to me that the government gets a say in how they operate. You might question whether they should be operating at all, but that's a separate question.