This is why I always do my personal e-mail from work on a remote machine using SSH. Actually, I use SSH because the machine got rooted a couple of years back and now the admins won't let anyone access it by telnet, but it's still nice to know that the same features that keep crackers from sniffing my password also keep my boss from sniffing my e-mail.
I don't even want to imagine what it's like to weld.
It is indeed a major bitch to weld. It is quite chemically reactive, even more so than aluminum which is part of the reason that it's been damn expensive to produce until now. The result is that you need a more than ususually inert atmosphere to do your welding. You can't even use nitrogen as your intert gas because Titanium will burn in a pure nitrogen atmosphere; you have to use Argon instead which is a fair bit more expensive. IIRC, for really large welding jobs, like airframes and submarine hulls, they've found that it's actually cheapest to put the thing that they're welding into a room with an inert atmosphere and have the welders wear breathing masks. This is obviously quite a hassle compared to working with Aluminum and absolutely outrageous compared to steel.
The recent Ford/Firestone tire recall brought a similar problem to light - there was strong rumors that at one point,
Firestone weighed the cost of a recall of the tires in the US to the cost of settling any wrongful death lawsuits that
may come from the problem. As I said, that's a rumor, but that seems to be a bottom line for many companies
nowadays -- if it means more profits after paying the penalties, harm (physical or not) against the consumer is worth
it.
And this is exactly the reason that so many of the proposed punative damage caps are such a terrible idea. In a lot of cases, the only restraint on the behavior of these companies is the fear that they'll be sued. If you put some kind of cap on punative damages, it greatly increases the chance that a company will do the math and come to the conclusion that it's cheaper to do something unsafe and settle any resulting lawsuits than to do the right thing and stop the unsafe behavior.
Yes, it seems unreasonable that the relatives of Firestone tire-related crash victims (or whatever other group you're talking about) will pick up a windfall from those punative damages. But unless the damages are not just greater but much greater than the cost of a recall (or other safe action) then companies will continue to be unsafe- and it makes more sense for the people actually hurt to get the money than anyone else.
Bach and Beethoven were definitely paid for their compositions. (I imagine Brahms was too, but I don't know for sure.)
The people who paid them had the power to dictate what was to be composed, and when it should be ready.
And this kind of pay for composition still takes place all the time. John Williams didn't just happen to write a bunch of music that people liked and decided to turn into movie scores. Big Hollywood studios came to him and asked him to write the scores for their new movies. The same thing is true of a lot of other artists who write for movies, Broadway, TV, etc.
There's still plenty of space for commissioned compositions in the world today. Even apart from themes for movies and TV, there are many successful live performing groups that commission new pieces. Major metripolitan orchestras and operas want new music for their listeners, and they're willing to pay for it. With a bit of work, I'm pretty confident that we could also re-popularize the idea of having works commissioned for special occasions. Imagine Paul Allen opening his new mansion with a song written to celebrate Jimmi Hendrix, or Intel accompanying the rollout of the Itanium with The Itanium March by John Williams. It just takes a couple of big wheels doing it to make it really popular.
A funny point was also made; Valanti stated that 2 out of every 10 movies made (at an average of $56mill) get movie back, so therefore the motion picture industry needs 'protection' to keep all their profits. Except that most reports indicate declining audiences, decreasing satisfaction with movies, and increasing money spent on making and promoting the movie. Hint, Hollywood: not every picture you release needs to be IML-ed or big star-ed to the gills
A bigger and, IMO, more important point is that Hollywood bookkeeping is notoriously fishy. You're talking about companies that can make a movie that costs $50 million and sells $400 million in tickets worldwide but still shows a large book loss. In some cases, I've heard, the books are actually so crooked that a movie will lose more money on paper the more tickets it sells. This is done by allowing some of the people involved in making the movie- usually the studio, the director, and big star actors- to skim a percentage of the gross recepts from ticket sales. If the gross profit participants get to skim 75% of receipts, the movie has to make 4 times the combined film, distribution, and marketing costs before it will make money on paper, despite the fact that the big interests in the movie will already be laughing all the way to the bank.
It's actually worse than it sounds because the gross is actually only a fraction of the ticket sales, since the movie theaters get to keep a share. The result is that almost any movie out there will need box office receipts 5-10 times the nominal production cost before it shows a paper profit. Of course the studio will have more than recouped its costs well before they reach that point, since their share of the gross isn't counted as part of the net profit/loss. The whole system is set up to bilk the small investors who help to fund a lot of movies. I'm amazed that even 20% of movies make money under Hollywood bookkeeping principles.
Personally, I think that it's great to see the Republicans getting interested in this. For quite a while they've been much more inclined to take a pro-police power stance as part of a tough on crime platform, while Democrats have generally taken more of a civil liberties attitude. If the Republicans are starting to see internet monitoring as a problem, the chances are very good that it's going to get canned, since both major parties are going to be against it.
a) Your ability to turn a vague idea into a concrete reality that addresses a real problem ?
b) A specific solution to a specific problem ?
If it is a) you will, by definition, always be one step in front of any imitators
This is, unfortunately, not necessarily true. Difficult problems tend to be of two types: those with obvious but difficult to implement solutions and those with non-obvious but easy to implement solutions. People who implement solutions to the first class of problem genuinely don't need patent protection because the difficulty of implementation is a strong barrier to competetion. People who implement the second class of solutions, though, do need patent protection because once the answer has been discovered there's no real barrier to others getting into the game.
The big problem is that the second class of solutions are of much greater real benefit to society than the first class. Real long term gain is built around making it easy for anyone to solve a problem, not just making it possible. Some kind of encouragment is needed, and patents have proven themselves to be effective. That's not to say that the implementation of patents couldn't be improved, but the fundamental idea of guaranteeing an inventor temporarily exclusive rights to his invention in exchange for it becoming generally available in time is reasonable.
I am constantly putting Linux onto old hardware...
Linux is a UNIX for cheap Intel hardware first. That's where its roots are, and I don't see why it should sacrifice its roots
for big iron that can quite happily run a UNIX designed for big iron.
OTOH, there's no reason why you can't keep around an old distribution of Linux based on a 2.0 or 2.2 kernel and use that for your old hardware. After all, a big driving force behind the development of new versions of the kernel is to add support for new hardware, so it makes little sense to cripple that forward development by demanding perfect backward compatibility. It's not as though Linus is going to stop providing the old kernels and demand that you upgrade (as some monopolistic OS vendors one could name are apt to do).
In fact, you could view the current continued development of the 2.0 series kernels as being, in effect, a Linus approved fork for old hardware. They're just getting set to release 2.0.39, so the older versions are still under active if slow development to squash bugs. It's not as though you're going to be putting most of the features of the new kernel, like USB and AGP support, into use on old hardware anyway.
If we can't charge people an extra $500/year on car insurance because they're black or jewish, why can we charge
people an extra $500/year because they're 22?
You might want to check your insurance a bit more carefully. Mine doesn't make any mention of age, but does mention driving experience. IOW, someone who started driving at age 26 would have the same rate as someone 10 years younger who started driving at 16. FWIW, in California it's also common practice, although nominally against the law, to use place of residence as the largest single factor in insurance rates, which results in a lot of racial and ethnic discrimination.
There are reasons why you need to have an administrative ability to access a file that a user doesn't want other ordinary users to see. Suppose, for instance, that an abnoxious user greatly exceeds his (soft) disk quota. An administrator for the system needs to have the ability to go in and archive and delete some files that are using up the common space. In general, users can be selfish and obnoxious, and somebody has to have the right to override their stupid decisions that can hurt other users. You need some kind of administrative right to step in and do that.
The problem is not in letting an administrator play god. The system needs to have someone with godlike powers to do that stuff, and it's very useful to have programs that can proxy for the administrator and do tasks that ordinary users shouldn't be allowed to do, like reading the encrypted form of user passwords. The problem with Unix and the like is that there's no segmentation of those powers. You can't easily delegate to a program the right to look at/etc/shadow and nothing else. The result is that you have a lot of daemons running with full administrative privelege when they need only limited privelege, and a failure in any one of those programs can give an attacker full privelege. That means that you need OpenBSD levels of auditing and care, because any single failure can result in catastrophy. Unix needs to add some kind of compartmentalization of administrative privelege in order to have real security. That way, even if you miss something, an attacker won't have absolute free reign on your box.
If Transmeta doesn't defend these patents, they will revert to the public domain. Also, anyone could do a "clean room"
implementation and be in the clear.
Wow. That's an amazing amount of misinformation to squeeze into such a small space. FYI, patents do not revert to public domain if they aren't defended- that's trademarks. Patents can be selectively enforced, if the holder chooses to do so, or even unenforced to let products based on them get popular and then enforced to reap money from the entrenched standard. For an example, see Unisys and GIFs. Furthermore, patents cover all applications of the technology contained therein. You can't get around them by doing a "clean room" implementation, unless the result is so different from the original that it isn't actually covered by the patent. If the patent is broad enough, this just isn't going to be possible.
Hope this helps.
It would help a lot more if it were factually correct.
I personally think that there is at least some value in getting your software audited. OpenBSD is clearly a good test case for the value of internal audits in producing secure code. OTOH, internal audits are never going to be as convincing to some people of the quality of security as external audits are because of the temptation to cheat.
I think that the government standards for secure computing bases are very valuable in giving you good ideas of what to do. It's clearly the result of careful thought by some very intelligent people. I think that they're missing out on an intermediate security level between their C and B levels that includes horizontal mandatory access controls (basically capabilities) without security levels.
That being said, I think that all flavors of Unix are always going to be inherently insecure as long as they maintain their "root is god" attitude. As it is there's no room for error. One security hole is enough to give an attacker complete control over your box, and OpenBSD levels of paranoia and auditing are necessary in order to achieve security against anything but a casual attacker. Unix isn't going to be reasonably secure until it implements some kind of mandatory controls, either capabilities or a full class B access control with security levels.
I just about puked when I saw the basketball "Dream Team" a few years ago.
In defense of USA Basketball (and admittedly off topic) the US was one of the few countries that voted against letting pros play basketball in the olympics. Why? Because they knew that it was going to be disgustingly lopsided and thought that it would turn people off. The whole complaint about the US demanding to let pros play so that they could wipe the floor with all of the other countries, which many people make, is 180 degrees off.
I think that the problem is quite deep. The question is about the status of a work that is the result of run-time linking a GPL driver with a non-GPL kernel. If run-time linking of the two creates a derived work, the the kernel would then either have to be GPLed or not link with the driver. If run-time linking does not produce a derived work, then there's no violation.
Now Sun's role is also a bit unclear. It doesn't sound as though they're actually producing run-time linked drivers themselves, just producing a kit that makes it easy for others to do so. That's why there's a claim of contributory infringement- that Sun is basically aiding and abetting others in GPL violations.
It seems to me that Sun would probably be best of creating a kit that would grab drivers from the free BSDs. They're obviously released under a license that's much friendlier toward this kind of thing, and I'd guess that Solaris's closer kinship to the BSDs might even make it easier.
And this may be where the cause and effect of the Yahoo/Google agreement comes into play. Before there was an agreement between Yahoo and Google, Yahoo would have some reason not to want Google to be spidering their site. After all, you don't want your competitor to take advantage of your hard work. After the agreement, though, they would certainly want Google to spider their site, since they now want to show up as well as possible on Google. The result is that Google is taken off their spiders.txt (and we now know that Google is polite and obeys spiders.txt) and their ranking start shooting up.
Redhat actually seems to have gotten a clue on this point. The default configuration of RH6.2 now does essentially what you suggest- turns on only necessary services for a workstation setup. This is obviously a step forward. Similarly, Mandrake has a security question as part of the install, with choices ranging from "paranoid" to "hello crackers". It sounds as though at least some of the distributions are improving their practices. Let's hope that the others who are weak in this area follow suit.
You raise an important issue. Currently, sexual harassment is essentially determined by whether the claimant
felt harassed. In other words, if you claim you have been harassed by me, then you have; my actual statements & behavior are largely irrelevant.
This isn't really true. The jury in a sexual harassment case has to determine if a resonable person would have felt harassed in those circumstances, not whether the plaintif claims to have felt harassed. IOW, you can't just claim that any old action felt like harassment; you have to make claims regarding something that a jury of your peers will agree was harassment.
Furthermore, the liability for damages depends to some extent on the steps that were taken to prevent the situation. If the defendant did something that might be construed as harassment, the plaintif complains about it, and it never happens again, there's no grounds for a suit. If the defendant does something that is possibly harassing and the plaintif flys off the handle and sues immediately without lodging an internal complaint, the defendant is unlikely to get anything more than a slap on the wrist and an order not to do it again. The plaintif can only win a sizable award if either A) he complains and the harassment continues or B) the harassment is so blatant that everyone would agree that the defendant should have known better.
The whole thing about workplace harassment being an easy road to riches for anyone who feels like concocting a bogus claim is a load of crap. As far as I can see, it's either a product of people who have never looked at the actual law or of people dislike the idea of protecting workers and are happy lying through their teeth about what it actually says.
The government has never really been too "security-conscious" as far as I'm concerned.. just look at all the breakins
that government agency websites have experienced in the past, and still experience - or the breakins that were
publicized at least.. who knows how many more systems were just cracked into.
Of course the government is also in something of a double blind. If they actually institute security sufficient to keep all crackers out (presuming that such a thing is actually possible) they get accused of being paranoid and spending too much on security. If they relax to the point that there are breakins, people will be unhappy because they aren't taking security seriously enough. And, of course, for a lot of levels of security they get hit from both sides because their security still isn't good enough to please the security conscious, but their expense and paranoia are too much to please the other side.
Of course that's not to say that the current situation is a good middle ground. It sounds very much as though they're trying hard to achieve security but still not managing to do so, which is the worst of all possible situations. Still, though, you have to be at least a little bit sympathetic to the fact that the government gets very mixed signals about what people want it to do.
You're going to have to go to some kind of disk memory instead of flash, that's for sure. There are currently two appropriate systems in use in marketed devices; the Sony system using 3 inch CD-R's and the IBM microdrive. The microdrive looks like a much more reasonable approach to me, especially because you're only going to be able to get about 5 completely uncompressed images on the 340 MB version (maybe 20-30 using reasonable compression levels).
It may turn out that the best approach is to give up on total compactness and just use a laptop harddrive. That would be out of the question as a built-in device, but you could probably work out a belt pack with batteries, a drive, and an embedded processor to run a 1384/Firewire/i-Link port. Not exactly cheap or compact, but it would give you a shitload of storage. Of course it wouldn't be limited to the market for this camera; you could also use it with other cameras or even portable MP3 players, PDA's, etc.
Too bad this neat methodology will be patented to death, so only the big boys can play with it.
Not if you publish it first- and you can make a reasonable claim that you have now- and press your claim to prior art. Just because big companies have been vigorous in playing the patent game doesn't mean that you have to give up. When you have a good idea like that, work out the details and publish them. That will allow you to produce a claim of prior art and keep the idea in the public domain.
Come on, does anyone really think that the end result would have been any different if this had been handled through the formal dispute resolution system? It doesn't matter how reasonable the registrant's claim to the domain name is (they could even be someone with the name Albert Olbeta) you know that WIPO is going to side with the big corporate interest. I know damn well I'm never going to be able to register rogermoore.com even though that's my name just because there's someone much more famous with the same name.
And one of the results is that Japanese companies do many things that are anti-consumer because they're not afraid of getting sued. (As an aside, I'm rather amused by the fact that in Scandal, Akira Kurosawa had a Japanese lawyer talking about how Japan was at a real disadvantage compared to the USA because of their lack of lawyers.) Just in the past few weeks, there have been two separate major issues involving major Japanese companies in the automotive industry (Bridgestone/Firestone and Mitsubishi) hiding serious safety problems rather than issuing recalls. Why? Because in Japan they expect not to suffer any penalty for doing so (no real risk of a class-action lawsuit) and they hope to avoid the cost and negative publicity involved in a recall.
Getting back to RMS and the FSF, if they weren't so vigorous about licensing issues you might see proprietary software companies being as cavalier about the GPL as Japanese companies are about product saftey recalls. Would Unix have fragmented badly in the 1980s if it had been GPLed and had someone like RMS vigorously chasing violators?
And what freedom was restricted that the GPL grants?
None.
Wrong. The QPL does not grant two moderately important rights that the GPL does grant. The QPL does not grant the right to release modified versions integrated into the source files; all non-Troll Tech modifications must be released as patches. While not enough to prevent the software from being free, that's certainly obnoxious.
The QPL also does not grant you the right to make private modifications and keep them private. Under the QPL, Troll Tech has the right to ask you for copies of any modifications you make and you must provide them. Remember that under the GPL, you are only obligated to give copies of the source to people who received copies of the binaries; giving away both for the price of FTP is common practice but not required. The right to make modifications that way makes it possible to make money selling GPL software, since you can sell the binaries and only give the source to people who pay you for them. With the QPL, you have to turn over your work to Troll Tech even if they aren't willing to pay for your modifications or able to get one of your customers to give the mods to them. Even if you are the only person who uses your modifications and don't release them to anyone else, Troll Tech has a right to demand them, presuming that they find out about them. This last point was, IIRC, the real sticking point of the QPL/GPL incompatibility.
It's very similar to the NCAA in the USA (college athletic association for non USA-types). They were once dedicated to the concept of genuinely amateur athletics, but then money came on the scene. Now they use the concept of amateur athletics as a convenient excuse not to pay the athletes, but the result is that all of the money winds up in the pockets of the organizers.
Both the IOC and the NCAA have drastic, fascist rules to prevent the athletes from gaining financial benefit from competetion. In the NCAA, athletes aren't allowed to accept anything more than a scholarship and some equipment. They can't receive any money, they can't get jobs from the school, they can't even accept discounts from local merchants. Coaches and schools, OTOH, can sign multi-million dollar endorsement contracts. Now the IOC is imposing ridiculous anti-internet-press rules so that nobody can undermine the profitability of their corporate sponsors. IOC members, though, get treated to 5 star hotels and fat bribes wherever they go. It's quite disgusting to watch these people pay lip service to amateurism to ensure that all the money winds up in their own pockets.
An even more amusing excercise would be to not print out the list as a big long bar code. Instead, find a series of products whose UPC symbols would, when concatenated, give you the code. It may be necessary to create a simple format conversion system to accomodate the characteristics of the UPC system. Then you can convert DeCSS into a shopping list.
Slashdot Mirror
This is why I always do my personal e-mail from work on a remote machine using SSH. Actually, I use SSH because the machine got rooted a couple of years back and now the admins won't let anyone access it by telnet, but it's still nice to know that the same features that keep crackers from sniffing my password also keep my boss from sniffing my e-mail.
It is indeed a major bitch to weld. It is quite chemically reactive, even more so than aluminum which is part of the reason that it's been damn expensive to produce until now. The result is that you need a more than ususually inert atmosphere to do your welding. You can't even use nitrogen as your intert gas because Titanium will burn in a pure nitrogen atmosphere; you have to use Argon instead which is a fair bit more expensive. IIRC, for really large welding jobs, like airframes and submarine hulls, they've found that it's actually cheapest to put the thing that they're welding into a room with an inert atmosphere and have the welders wear breathing masks. This is obviously quite a hassle compared to working with Aluminum and absolutely outrageous compared to steel.
And this is exactly the reason that so many of the proposed punative damage caps are such a terrible idea. In a lot of cases, the only restraint on the behavior of these companies is the fear that they'll be sued. If you put some kind of cap on punative damages, it greatly increases the chance that a company will do the math and come to the conclusion that it's cheaper to do something unsafe and settle any resulting lawsuits than to do the right thing and stop the unsafe behavior.
Yes, it seems unreasonable that the relatives of Firestone tire-related crash victims (or whatever other group you're talking about) will pick up a windfall from those punative damages. But unless the damages are not just greater but much greater than the cost of a recall (or other safe action) then companies will continue to be unsafe- and it makes more sense for the people actually hurt to get the money than anyone else.
And this kind of pay for composition still takes place all the time. John Williams didn't just happen to write a bunch of music that people liked and decided to turn into movie scores. Big Hollywood studios came to him and asked him to write the scores for their new movies. The same thing is true of a lot of other artists who write for movies, Broadway, TV, etc.
There's still plenty of space for commissioned compositions in the world today. Even apart from themes for movies and TV, there are many successful live performing groups that commission new pieces. Major metripolitan orchestras and operas want new music for their listeners, and they're willing to pay for it. With a bit of work, I'm pretty confident that we could also re-popularize the idea of having works commissioned for special occasions. Imagine Paul Allen opening his new mansion with a song written to celebrate Jimmi Hendrix, or Intel accompanying the rollout of the Itanium with The Itanium March by John Williams. It just takes a couple of big wheels doing it to make it really popular.
A bigger and, IMO, more important point is that Hollywood bookkeeping is notoriously fishy. You're talking about companies that can make a movie that costs $50 million and sells $400 million in tickets worldwide but still shows a large book loss. In some cases, I've heard, the books are actually so crooked that a movie will lose more money on paper the more tickets it sells. This is done by allowing some of the people involved in making the movie- usually the studio, the director, and big star actors- to skim a percentage of the gross recepts from ticket sales. If the gross profit participants get to skim 75% of receipts, the movie has to make 4 times the combined film, distribution, and marketing costs before it will make money on paper, despite the fact that the big interests in the movie will already be laughing all the way to the bank.
It's actually worse than it sounds because the gross is actually only a fraction of the ticket sales, since the movie theaters get to keep a share. The result is that almost any movie out there will need box office receipts 5-10 times the nominal production cost before it shows a paper profit. Of course the studio will have more than recouped its costs well before they reach that point, since their share of the gross isn't counted as part of the net profit/loss. The whole system is set up to bilk the small investors who help to fund a lot of movies. I'm amazed that even 20% of movies make money under Hollywood bookkeeping principles.
Personally, I think that it's great to see the Republicans getting interested in this. For quite a while they've been much more inclined to take a pro-police power stance as part of a tough on crime platform, while Democrats have generally taken more of a civil liberties attitude. If the Republicans are starting to see internet monitoring as a problem, the chances are very good that it's going to get canned, since both major parties are going to be against it.
This is, unfortunately, not necessarily true. Difficult problems tend to be of two types: those with obvious but difficult to implement solutions and those with non-obvious but easy to implement solutions. People who implement solutions to the first class of problem genuinely don't need patent protection because the difficulty of implementation is a strong barrier to competetion. People who implement the second class of solutions, though, do need patent protection because once the answer has been discovered there's no real barrier to others getting into the game.
The big problem is that the second class of solutions are of much greater real benefit to society than the first class. Real long term gain is built around making it easy for anyone to solve a problem, not just making it possible. Some kind of encouragment is needed, and patents have proven themselves to be effective. That's not to say that the implementation of patents couldn't be improved, but the fundamental idea of guaranteeing an inventor temporarily exclusive rights to his invention in exchange for it becoming generally available in time is reasonable.
OTOH, there's no reason why you can't keep around an old distribution of Linux based on a 2.0 or 2.2 kernel and use that for your old hardware. After all, a big driving force behind the development of new versions of the kernel is to add support for new hardware, so it makes little sense to cripple that forward development by demanding perfect backward compatibility. It's not as though Linus is going to stop providing the old kernels and demand that you upgrade (as some monopolistic OS vendors one could name are apt to do).
In fact, you could view the current continued development of the 2.0 series kernels as being, in effect, a Linus approved fork for old hardware. They're just getting set to release 2.0.39, so the older versions are still under active if slow development to squash bugs. It's not as though you're going to be putting most of the features of the new kernel, like USB and AGP support, into use on old hardware anyway.
You might want to check your insurance a bit more carefully. Mine doesn't make any mention of age, but does mention driving experience. IOW, someone who started driving at age 26 would have the same rate as someone 10 years younger who started driving at 16. FWIW, in California it's also common practice, although nominally against the law, to use place of residence as the largest single factor in insurance rates, which results in a lot of racial and ethnic discrimination.
There are reasons why you need to have an administrative ability to access a file that a user doesn't want other ordinary users to see. Suppose, for instance, that an abnoxious user greatly exceeds his (soft) disk quota. An administrator for the system needs to have the ability to go in and archive and delete some files that are using up the common space. In general, users can be selfish and obnoxious, and somebody has to have the right to override their stupid decisions that can hurt other users. You need some kind of administrative right to step in and do that.
The problem is not in letting an administrator play god. The system needs to have someone with godlike powers to do that stuff, and it's very useful to have programs that can proxy for the administrator and do tasks that ordinary users shouldn't be allowed to do, like reading the encrypted form of user passwords. The problem with Unix and the like is that there's no segmentation of those powers. You can't easily delegate to a program the right to look at /etc/shadow and nothing else. The result is that you have a lot of daemons running with full administrative privelege when they need only limited privelege, and a failure in any one of those programs can give an attacker full privelege. That means that you need OpenBSD levels of auditing and care, because any single failure can result in catastrophy. Unix needs to add some kind of compartmentalization of administrative privelege in order to have real security. That way, even if you miss something, an attacker won't have absolute free reign on your box.
Wow. That's an amazing amount of misinformation to squeeze into such a small space. FYI, patents do not revert to public domain if they aren't defended- that's trademarks. Patents can be selectively enforced, if the holder chooses to do so, or even unenforced to let products based on them get popular and then enforced to reap money from the entrenched standard. For an example, see Unisys and GIFs. Furthermore, patents cover all applications of the technology contained therein. You can't get around them by doing a "clean room" implementation, unless the result is so different from the original that it isn't actually covered by the patent. If the patent is broad enough, this just isn't going to be possible.
It would help a lot more if it were factually correct.
I personally think that there is at least some value in getting your software audited. OpenBSD is clearly a good test case for the value of internal audits in producing secure code. OTOH, internal audits are never going to be as convincing to some people of the quality of security as external audits are because of the temptation to cheat.
I think that the government standards for secure computing bases are very valuable in giving you good ideas of what to do. It's clearly the result of careful thought by some very intelligent people. I think that they're missing out on an intermediate security level between their C and B levels that includes horizontal mandatory access controls (basically capabilities) without security levels.
That being said, I think that all flavors of Unix are always going to be inherently insecure as long as they maintain their "root is god" attitude. As it is there's no room for error. One security hole is enough to give an attacker complete control over your box, and OpenBSD levels of paranoia and auditing are necessary in order to achieve security against anything but a casual attacker. Unix isn't going to be reasonably secure until it implements some kind of mandatory controls, either capabilities or a full class B access control with security levels.
In defense of USA Basketball (and admittedly off topic) the US was one of the few countries that voted against letting pros play basketball in the olympics. Why? Because they knew that it was going to be disgustingly lopsided and thought that it would turn people off. The whole complaint about the US demanding to let pros play so that they could wipe the floor with all of the other countries, which many people make, is 180 degrees off.
I think that the problem is quite deep. The question is about the status of a work that is the result of run-time linking a GPL driver with a non-GPL kernel. If run-time linking of the two creates a derived work, the the kernel would then either have to be GPLed or not link with the driver. If run-time linking does not produce a derived work, then there's no violation.
Now Sun's role is also a bit unclear. It doesn't sound as though they're actually producing run-time linked drivers themselves, just producing a kit that makes it easy for others to do so. That's why there's a claim of contributory infringement- that Sun is basically aiding and abetting others in GPL violations.
It seems to me that Sun would probably be best of creating a kit that would grab drivers from the free BSDs. They're obviously released under a license that's much friendlier toward this kind of thing, and I'd guess that Solaris's closer kinship to the BSDs might even make it easier.
And this may be where the cause and effect of the Yahoo/Google agreement comes into play. Before there was an agreement between Yahoo and Google, Yahoo would have some reason not to want Google to be spidering their site. After all, you don't want your competitor to take advantage of your hard work. After the agreement, though, they would certainly want Google to spider their site, since they now want to show up as well as possible on Google. The result is that Google is taken off their spiders.txt (and we now know that Google is polite and obeys spiders.txt) and their ranking start shooting up.
Redhat actually seems to have gotten a clue on this point. The default configuration of RH6.2 now does essentially what you suggest- turns on only necessary services for a workstation setup. This is obviously a step forward. Similarly, Mandrake has a security question as part of the install, with choices ranging from "paranoid" to "hello crackers". It sounds as though at least some of the distributions are improving their practices. Let's hope that the others who are weak in this area follow suit.
This isn't really true. The jury in a sexual harassment case has to determine if a resonable person would have felt harassed in those circumstances, not whether the plaintif claims to have felt harassed. IOW, you can't just claim that any old action felt like harassment; you have to make claims regarding something that a jury of your peers will agree was harassment.
Furthermore, the liability for damages depends to some extent on the steps that were taken to prevent the situation. If the defendant did something that might be construed as harassment, the plaintif complains about it, and it never happens again, there's no grounds for a suit. If the defendant does something that is possibly harassing and the plaintif flys off the handle and sues immediately without lodging an internal complaint, the defendant is unlikely to get anything more than a slap on the wrist and an order not to do it again. The plaintif can only win a sizable award if either A) he complains and the harassment continues or B) the harassment is so blatant that everyone would agree that the defendant should have known better.
The whole thing about workplace harassment being an easy road to riches for anyone who feels like concocting a bogus claim is a load of crap. As far as I can see, it's either a product of people who have never looked at the actual law or of people dislike the idea of protecting workers and are happy lying through their teeth about what it actually says.
Of course the government is also in something of a double blind. If they actually institute security sufficient to keep all crackers out (presuming that such a thing is actually possible) they get accused of being paranoid and spending too much on security. If they relax to the point that there are breakins, people will be unhappy because they aren't taking security seriously enough. And, of course, for a lot of levels of security they get hit from both sides because their security still isn't good enough to please the security conscious, but their expense and paranoia are too much to please the other side.
Of course that's not to say that the current situation is a good middle ground. It sounds very much as though they're trying hard to achieve security but still not managing to do so, which is the worst of all possible situations. Still, though, you have to be at least a little bit sympathetic to the fact that the government gets very mixed signals about what people want it to do.
You're going to have to go to some kind of disk memory instead of flash, that's for sure. There are currently two appropriate systems in use in marketed devices; the Sony system using 3 inch CD-R's and the IBM microdrive. The microdrive looks like a much more reasonable approach to me, especially because you're only going to be able to get about 5 completely uncompressed images on the 340 MB version (maybe 20-30 using reasonable compression levels).
It may turn out that the best approach is to give up on total compactness and just use a laptop harddrive. That would be out of the question as a built-in device, but you could probably work out a belt pack with batteries, a drive, and an embedded processor to run a 1384/Firewire/i-Link port. Not exactly cheap or compact, but it would give you a shitload of storage. Of course it wouldn't be limited to the market for this camera; you could also use it with other cameras or even portable MP3 players, PDA's, etc.
Not if you publish it first- and you can make a reasonable claim that you have now- and press your claim to prior art. Just because big companies have been vigorous in playing the patent game doesn't mean that you have to give up. When you have a good idea like that, work out the details and publish them. That will allow you to produce a claim of prior art and keep the idea in the public domain.
Come on, does anyone really think that the end result would have been any different if this had been handled through the formal dispute resolution system? It doesn't matter how reasonable the registrant's claim to the domain name is (they could even be someone with the name Albert Olbeta) you know that WIPO is going to side with the big corporate interest. I know damn well I'm never going to be able to register rogermoore.com even though that's my name just because there's someone much more famous with the same name.
And one of the results is that Japanese companies do many things that are anti-consumer because they're not afraid of getting sued. (As an aside, I'm rather amused by the fact that in Scandal, Akira Kurosawa had a Japanese lawyer talking about how Japan was at a real disadvantage compared to the USA because of their lack of lawyers.) Just in the past few weeks, there have been two separate major issues involving major Japanese companies in the automotive industry (Bridgestone/Firestone and Mitsubishi) hiding serious safety problems rather than issuing recalls. Why? Because in Japan they expect not to suffer any penalty for doing so (no real risk of a class-action lawsuit) and they hope to avoid the cost and negative publicity involved in a recall.
Getting back to RMS and the FSF, if they weren't so vigorous about licensing issues you might see proprietary software companies being as cavalier about the GPL as Japanese companies are about product saftey recalls. Would Unix have fragmented badly in the 1980s if it had been GPLed and had someone like RMS vigorously chasing violators?
Wrong. The QPL does not grant two moderately important rights that the GPL does grant. The QPL does not grant the right to release modified versions integrated into the source files; all non-Troll Tech modifications must be released as patches. While not enough to prevent the software from being free, that's certainly obnoxious.
The QPL also does not grant you the right to make private modifications and keep them private. Under the QPL, Troll Tech has the right to ask you for copies of any modifications you make and you must provide them. Remember that under the GPL, you are only obligated to give copies of the source to people who received copies of the binaries; giving away both for the price of FTP is common practice but not required. The right to make modifications that way makes it possible to make money selling GPL software, since you can sell the binaries and only give the source to people who pay you for them. With the QPL, you have to turn over your work to Troll Tech even if they aren't willing to pay for your modifications or able to get one of your customers to give the mods to them. Even if you are the only person who uses your modifications and don't release them to anyone else, Troll Tech has a right to demand them, presuming that they find out about them. This last point was, IIRC, the real sticking point of the QPL/GPL incompatibility.
It's very similar to the NCAA in the USA (college athletic association for non USA-types). They were once dedicated to the concept of genuinely amateur athletics, but then money came on the scene. Now they use the concept of amateur athletics as a convenient excuse not to pay the athletes, but the result is that all of the money winds up in the pockets of the organizers.
Both the IOC and the NCAA have drastic, fascist rules to prevent the athletes from gaining financial benefit from competetion. In the NCAA, athletes aren't allowed to accept anything more than a scholarship and some equipment. They can't receive any money, they can't get jobs from the school, they can't even accept discounts from local merchants. Coaches and schools, OTOH, can sign multi-million dollar endorsement contracts. Now the IOC is imposing ridiculous anti-internet-press rules so that nobody can undermine the profitability of their corporate sponsors. IOC members, though, get treated to 5 star hotels and fat bribes wherever they go. It's quite disgusting to watch these people pay lip service to amateurism to ensure that all the money winds up in their own pockets.
An even more amusing excercise would be to not print out the list as a big long bar code. Instead, find a series of products whose UPC symbols would, when concatenated, give you the code. It may be necessary to create a simple format conversion system to accomodate the characteristics of the UPC system. Then you can convert DeCSS into a shopping list.