All they have to do is invoke the clause saying that a violator permanantly forfeits rights to distribute the work in question.
I don't see a clause like that in
the GPL. Could you point it out?
I do see section 4, which says that "[a]ny attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License."
However, that provision does not imply that the violator is attainted against receiving a new license... which is as simple as downloading a new piece of the covered software.
(In programmatic terms, you need an instance of permission in order to legally redistribute copyrighted works. If you violate GPL, you destroy your instance of permission (and, more importantly, you break the law in so doing). However, just because you destroyed an object doesn't keep you from getting a new object of the same class later on... and you get a new GPL license with every copy of the software.
License * foo;/* pointer to a license instance */
foo = new License(LGPL, glibc);/* get a license */
foo->violate();/* implicitly deletes foo */
foo = new License(LGPL, glibc);/* can still get a new one */
To summarize: The GPL does not contain any terms which "taint" violators from re-accepting the license in the future, nor which withdraw the offer of future licensing. The GPL's "teeth", basically, are not license revocation but copyright law.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted (...).
The GPL assumes that since you have legally obtained a copy of the program -- recorded onto a hard disk, CD-ROM, book, or other piece of your property -- that you already have the right to use it. In doing so, you're simply legally using a piece of your private property, an action to which copyright traditionally does not address.
Well-established, constitutionally upheld, internationally valid, largely uncontroversial Berne-Convention-class copyright only affects you when you copy, publicly perform, redistribute, etc. a covered work. It is only the experimental, alpha-test-quality, constitutionally untested, and controversial DMCA-class laws which attempt to extend copyright from the right to copy and publish to the right to enslave and deprive the user.
Stop assuming that solutions from MS end up costing the most in the long run.
That's not an assumption... it's a conclusion, and a well-confirmed one.
Assumptions involved are things like "downtime costs money", "data loss costs money", "working late restoring the mail spool from backup is less fun than going home and having a beer", "calling a product a 'solution' does not make it any better", and so forth.
HTH. HAND.
The Zen of Spam
on
Haiku vs Spam
·
· Score: 5, Funny
Drop by drop by drop Sweet rain turns to killing flood One mail, ten mails, spam.
Second of all, I'm wondering why the ACLU gets such a bad rap here on./, a place that seems to stand by some of the same basic principles that the organization swears by.
Slashdot does not have a consensus on the value of the ACLU,
"basic principles", the quality of various operating systems
or programming languages, the best drugs to take while coding,
or just about anything else.
And what's all the fuss about "Zero Day" viruses? As far as I can tell via Google, "Zero Day" was 1/1/2000. So what's a "Zero Day virus"?
Well, ten years ago when I hung out with warez d00dz, "zero-day warez" meant bootleg software that had been cracked (the copy prevention routines removed) and released to BBSes by a cracker group on the same day it was released commercially. Surpassing that were "negative-day warez", where the software had been leaked from the manufacturer during mastering, and the cracked version was out before the "real" one. The sysop of one BBS I frequented had internal builds of a Microsoft product called "Chicago" in 1993; that product became what you may know as Windows 95.
In any event, the same terminology can apply to attacks. A "zero-day worm" is a worm written to exploit a vulnerability on the same day that the vulnerability is released (i.e. made public). In fact, this is not a very useful expression, for two reasons:
First, it implies that such a worm would be worse, or indeed more notable in any way, than a worm using an older vulnerability. Given that the most potent worms we have seen -- Code Red, Nimda, and Klez -- have used attacks that were known and patched for months at the time of the worms' release, this is an unfounded implication.
Second, it implies that the publishing of the vulnerability is necessary for the writing of a worm, or leads naturally to the writing of a worm -- and therefore that publishing is a bad thing. In fact, most published vulnerabilities are never widely exploited, and worms are written for only a tiny fraction. Moreover, a truly aggressive worm-writer would go out and discover new, unpublished holes, and write worms for those.
The worms we have seen recently have actually been a net benefit to security. They have shown us what is possible with old vulnerabilities on unpatched Microsoft systems, and their payloads have been, all in all, relatively mild. Sure, Code Red II spread a backdoor, and Sircam sent your files around -- but consider the damage if they had instead altered figures in spreadsheets or databases, or just gone writing random numbers to random sectors of your disk, like some of the old DOS viruses did. DoS floods go away; data corruption can take years to discover.
So it isn't the zero-day worms I'm worried about. It's the negative-day worms with real payloads. After all, unlike that from some vendors, the software I use has an established reputation for zero-day patches....
Presumably, affinity worm is Mr. Schmidt's coined phrase for Microsoft email worms such as Klez, which use the victim's address book as a list of targets. That is to say, they spread from Windows host to Windows host on the basis of the users' affinities.
A comparison of Klez to Code Red and Nimda suggests that while such a worm does not spread as quickly to vulnerable Windows systems, it is capable of staying resident in the Windows population at a higher level for quite a long time. My workplace currently sees a handful of Code Red and Nimda attacks every day -- but our mail exchanger rejects a couple hundred Klez per day.
Short form: What motivations can or
should we give to autonomous AI systems? What
moral obligations can humans have to AIs, or AIs
to humans?
Long form:
One of the classic bits of worry about AI,
and about advanced computing systems in general,
is that "computers will take over the world".
That is, if we give computer systems motivations
such as survival and growth, and the autonomy and
judgement to fulfill those motivations, that they
will do so without regard for us poor dumb humans
-- and indeed see us as either an obstacle or an
exploitable part of their environment.
This is the premise behind numerous popular SF
works, such as "Terminator" and "The Matrix":
that the moral judgement of an AI is necessarily
inhuman and without respect for humanity.
One response to this concern in SF (which in fact
long pre-dates those works) is Asimov's "Laws of
Robotics" -- the idea of designing AI systems
(robots, in his case) such that respect for
humans is one of their primary motivations. This
seems to permit the robot to have moral judgement
and autonomy without placing humans at risk.
The question of creating an AI system capable
of moral judgement is both philosophically
fascinating and evidently of survival interest to
humanity. What kinds of design parameters --
motivations, "laws of robotics", and so forth --
do you think will be necessary as AI systems
become more autonomous? How must AI morals differ
from the morals that evolution (both genetic and
cultural) has emplaced in humanity?
For that matter, we as humans feel morally
obligated to one class of entities which we
"create" -- our children. Recently, genetic
science has brought to light an ethical quandary
for many potential parents: whether it is right
to attempt to create a genetically "optimized"
child, or for that matter to abort a genetically
"flawed" one. The argument on one side is that
flawed persons have a right to exist, and that
the quest to optimize humanity despises or
disrespects what humanity is today. On the other
side is the view that given the ability to create
stronger, smarter, healthier children that we are
morally amiss to refuse to take that step. Peter
Singer in particular has become both famous and
infamous over this matter.
Do you see the same quandary possible in the
creation of AI systems? Positing the possibility
of AI systems capable of suffering -- is it wrong
to create one with this capacity? Given that the
choice to create or not to create an AI does not
involve the ethical hazards of abortion, eugenics,
or euthanasia -- what obligations can we have
towards our future AI creations in this regard?
Spelling flames suck, but I really need to get this one out, since this mistake seems to be widespread: the law enforcement officer is spelled "marshal", with one "L". "Marshall" is a name, as in Chief Justice John Marshall. The verb, meaning to arrange, to rally, or to serialize, is likewise "to marshal". The participle is "marshalling", as in "Python has several libraries for marshalling data structures."
Anyway.
About the only thing I see it accomplishing is guaranteeing that there is a gun to be had on the airplane and everybody knows where to get it.
Sure -- behind the armored cockpit door. The gun is there so that the pilot has one more advantage in defending the controls (and him/herself) if an attacker makes it that far. Presumably, breaking through the door will take some time, make some noise, and alert the pilot to get the gun from its secured location.
The gun is not for the purposes a police officer carries a gun -- i.e. chiefly to serve as a threat. It isn't there to say "don't fuck with pilots," and it isn't in a holster on the guy's belt. Its presence need not be advertised. You don't put a sticker on the cockpit door saying "HEY TERRORISTS! GUN IN HERE! GET YOURS TODAY!" Like the fire extinguisher or the crash axe, it is there as a tool for use in emergencies: The fire extinguisher is for putting out fires; the gun is for defending the cockpit.
Alternately, you could have goo sprayers built into the cockpit door, so that whenever anyone tries to break through it, they get covered with purple sticky goo. Terrorists probably don't like being covered in goo.
We've already figured years ago that giving guns to prison guards is a bad idea, so why is it that everybody is cheering the idea of giving guns to pilots?
Pilots are law-abiding citizens. They don't watch and laugh while passengers rape one another.
Perhaps. I think you're exaggerating the case in several ways, most specifically the chance of explosive decompression. (In fact, there are rounds manufactured today specifically not to penetrate airplane skins.) Your "element of surprise" bit is precisely the sort of thing that air marshals are trained to look for and handle, which kind of takes the element of surprise away.
However, "How do you prevent a hijacking attempt from succeeding?" is a tactical question; whatever the answers are, they will be located aboard the plane where the attempt is taking place -- armored cockpits, air marshals, electric stun seatbelts, kung-fu flight attendants, or what-have-you. ID checks don't fit the bill -- knowing a guy's name, SSN, and favorite color does not make it easier to shoot him, beat him up, lock him out of the cockpit, zap him with phaser beams, or otherwise stop him from hijacking the plane he's on.
Remember the millenium plot was foiled by just this kind of asinine "useless" "easily-foiled", security check. [...] A border guard noticed a middle-eastern man acting very nervous and sweating profusely (In December on the Canadian border) waiting in line to cross at the check point. [...] Lo and behold it was stuffed with explosives intended for an Al Queada sponsored millenium celebration fireworks show at LAX.
This example is certainly vivid, but it has nothing to do with ID checks. I do not recall the details of the case myself, so I will work from your description of it. As you describe the incident, the customs agent's discovery of explosives in the van in no way depended upon the determination of the identity of the van's driver. Indeed, you do not mention the customs agent having used information disclosed by an ID check -- such as the driver's name being on an "enemies list" -- as reason to search. Rather, the agent used his suspicions about the driver as he appeared, possibly including his apparent ethnicity as well as his nervousness.
While racial profiling on the part of law-enforcement agents is not compatible with the maintenance of a free nation, it is precisely correct for a customs agent to search the cargo of a person who behaves suspiciously. The agent would be remiss not to do so. Searching cargo for explosives at the border is not analogous to ID checking at airports; it is analogous to X-raying and searching of bags -- a procedure that neither Gilmore in his suit nor I in my post above object to.
Legally speaking, one must note that your example differs in one more overwhelming way from Gilmore's: it involves crossing the border, whereas Gilmore's argument is specifically about travel within the United States. Entering a nation subjects one to customs and immigration process, which do not apply to a person traveling within a nation. The responsibilities and powers of customs agents are not the same as police powers, or regulatory powers of executive agencies such as FAA.
One of the establishing points of Union (the formation of the United States as a single nation rather than separate but allied nations) was the rejection of tariffs and customs at internal (state) borders. Indeed, restriction and tracking of citizens' internal travel is a hallmark of two forms of government: feudalism, in which the common man is a serf "tied to the land"; and totalitarianism of the Nazi or Soviet breed, with "internal passports" and "Do you haff your papers?"
The reality of life in the US in the 21st century is that without ID checks and other security measures at airports, someone may fly the plane that you have a right to travel on into a building.
An ID check at the gate does not and cannot
prevent a hijacking. An ID check tells you who
a person is -- his/her name, SSN, DOB, possibly
criminal record, and so forth. It does not tell
you what the person's intentions are.
There are terrorists who are U.S. citizens. There
are terrorists who are white Christian boys with
no connection to Axis of Evil[tm] nations, much
less to Al-Qaida. There are terrorists with clean
criminal records, and with honorable military
discharges. These folks are just as capable of
hijacking a plane, should they wish to, as Osama's
boys are. As it happens, the last bunch decided
to blow up some Federal employees in Oklahoma City instead.
Tools to prevent a hijacking cannot be tools that
are used on the ground, because hijacking attempts
do not take place on the ground; they take place
in the air. You don't know if a person wants to
hijack a plane until he tries, just as you don't
know if a person wants to hold up a store until
he tries. So when he tries, you need to be able
to stop him.
Armed persons charged with defense of the
airplane seem to be a good idea in this regard.
Federal air marshals are one way to accomplish
this; arming and training pilots is another;
hiring security guards is another. There are
other methods as well. Pick a few of them.
(Naturally, this logic only applies if the goal is
to prevent hijackings. If the goal is to cast a
segment of the population as "suspect" or as
second-class citizens on the basis of some datum
which can be divulged by an ID check,
it does not. However, despite a few isolated
cases of what look to me like unjust discrimination on
the basis of race or political affiliation, I have
not seen any evidence that it has become a policy
goal.)
Now if she Liebeck was driving with coffee between her legs (hot beverage between legs doesn't lead me to believe she's very intelligent) then one could say she was driving while distracted.
What people have to realize about law suits is that it is irrelevant whether the plaintiff is at fault. The question is whether the defendant is also at fault.
In fact, as documented in the link I gave above,
the court in Liebeck v. McDonald's found that Mrs.
Liebeck was 20% responsible for her injuries,
and reduced the compensatory damages accordingly.
Compensatory damages are awarded to make up for
the actual harm caused by a wrongdoing. Since
McDonald's was only 80% responsible for the harm,
they only pay 80% of the costs that harm caused.
Punitive damages are awarded to penalize the
wrongdoer for having done wrong. They are
awarded to the victim rather than to "the
government" (as some in this thread have suggested)
because government is not an interested party
in civil suits.
If McDonald's had been prosecuted for
criminal negligence (or, I don't know,
"negligent GBH" if the law calls it that) and convicted
then they could be fined, which would go to the state. If
prosecutors regularly pressed charges against
corporate offenders in this fashion, judges and
juries would probably not find punitive damages
so necessary.
Tea should be made with boiling water, not boiled water.
That's quite true; one should make tea
with boiling water, unless it is Chinese tea in
which case one makes it with water around 180
degrees F. However, one does not serve it to
one's guests at that temperature, since it loses
some heat while steeping or brewing. One
never leaves tea or coffee on a heater
for hours, maintaining its temperature at 180 F
until the moment of service; the subtle aromatics
of either beverage will quickly evaporate, leaving
a soulless and bitter brew.
Moreover, in proper society one does not serve
tea or coffee in heat-insulating styrofoam cups.
One serves both in china, which does retain heat
but not quite as well as styrofoam. (It is
because china takes on and dissipates some of the
heat that teacups have handles whereas foam cups
do not.)
One also serves coffee at table in an open cup,
so one's guest can add milk or other adulterants.
One does not expect one's guest to remove a
tightly fitting lid first, nor to perform said
operation without the stability and protection
of a table. Presenting such a puzzle to one's
guest -- especially a puzzle loaded with the gory
surprise of a near-boiling liquid within, ready
to scald the loser in this hideous parlor-game --
is beyond the pale of hospitality.
Thus, the standards of proper society for the
preparation and serving of tea and coffee do not
form a defense for McDonald's in this case.
And who precisely was it who placed an open cup of coffee between her legs in a moving vehicle? Could she have been more stupid? Why is it that I continually have to pay for your stupidity?
Sure. Go into the computer business. Manufacture
computers with a big red button on the front,
which when you press it makes the four sticks of
dynamite inside the case explode. When someone
sues you for their kid being killed, tell them
that they were stupid for pushing big red buttons
without knowing what they do.
If McDonald's had been following the established
(restaurant) industry practice of serving coffee
hot but not hazardously so, Ms. Liebeck putting
it between her legs would have been risking
stained pants and perhaps an Uncomfortable Crotch
Experience. It was McDonald's considered and
deliberate choice to continue selling
hazardously hot coffee even after having
burned 700 people with it that made them
liable.
Products liability litigation does not lead to safer products, only more expensive ones.
Really? Is it that much more expensive to make a
car which won't explode? If customer-hurting
companies have to raise their prices in order to
pay off damages to the people they've hurt, then
their non-hurtful competitors will be able to
offer more competitive prices. Hurting your
customers will no longer be cheaper.
IF YOU DELIBERATELY, KNOWINGLY PUT
PEOPLE IN HARM'S WAY, YES, YOU ARE FUCKING
RESPONSIBLE FOR WHAT HAPPENS! IT'S REALLY THAT
SIMPLE, DUMBASS! IT'S THE SAME AS DRIVING DRUNK!
OR TOSSING JARS OF NITROGLYCERINE AT PEOPLE AND
SAYING "HERE, CATCH!"
Ahem, pardon me, I got a little carried away there.
(I'm not even supposed to be here today...)
Expecting customers to bear the burden of being
hurt by products, in order to keep corporate costs
down, is absurd. Allowing corporations to blow
up, burn, and poison people to save a buck has
no place under the rule of law.
This is America. Hot coffee, anyone? Reparations for the ancestors of the slaves?
Misleading examples, anyone?
The judgement in the "coffee case",
Liebeck v. McDonald's,
followed after over 700 other cases
between 1982 and 1992 in which a McDonald's
customer was burned by overheated coffee. Coffee
is usually served around 140 degrees Fahrenheit;
McDonald's was serving it at over 180. A liquid
at 180 degrees F. will cause third-degree burns
to human skin in between two and seven seconds.
(A "third-degree burn" does not refer to the skin
being burned away, but to the full thickness of
the skin being burnt.) Coffee at 180 degrees is
not fit for consumption, as it will severely burn
the mouth and throat.
Stella Liebeck did not set out to mooch millions
of dollars from McDonald's. She initially wanted
a settlement of $20,000 to cover her medical costs
-- which included eight days in the hospital and
skin-grafting operations. A jury awarded
her the $2.7 million dollars in punitive damages
-- to punish McDonald's for knowingly continuing
to put its customers in harm's way. The judge
reduced punitive damages to $480,000 despite
calling the company "reckless, callous, and
willful" in its deliberate risking of customers'
well-being in order to save costs.
See the link above for details. If you want to say
that our society is too litigious, go ahead -- it
is -- but please do not Ms. Liebeck for that.
She was the victim of another of our society's
problems -- corporations who believe it will be
cheaper to pay off (or toss aside) victims of their recklessness
rather than do the right thing in the first place.
Slashdot, as well as the other Linux sites are constantly bombarding us with news of Microsoft's dastardly deeds.
I doubt it would be necessary if Microsoft were not still bombarding us with dastardly deeds. Slashdot and other Linux sites are in a peculiarly good position to notice Microsoft's dirty tricks, seeing as Linux has been since 1998 a chief target of said tricks. (October 1998, as you may recall, was the date of the leaking of the first Halloween Document, an internal Microsoft report which called for the company to "deny [open-source software] entry into the market" rather than out-competing it within the market.)
Perhaps you find it boring that Microsoft critics are saying the same things today as in 1998 and before -- that Microsoft destroys free markets, perjures itself before courts and Congress, harms democracy and fair & free trade, curtails user freedoms, and so forth. Sadly, it's still true, and I suspect that people will keep saying it as long as it is.
I believe that many, if not all, webphones use this IP protocol. I also think that GSM and US telephones(that use IP networks) use this protocol to transfer voice data.
Taking a look at the RFC might raise some doubts in your mind regarding that belief. This protocol was designed for use with the old ARPANET protocols, which pre-dated IPv4. I'm guessing the only reason there's a code point for it in/etc/protocols is for old, old compatibility reasons, back when ARPANET was migrating from the old protocol to IP.
1. You're not telling the truth. The link and count you gave was for all patches against Red Hat 7.2 since its release, not "alone in 2002" -- and includes enhancements as well as security patches. Microsoft doesn't hand out enhancements to its software as patches -- it charges for them as new releases.
2. Red Hat has more software. The amount of functionality Red Hat ships dwarfs that available in Windows. The diversity of software shipped on two or three CDs of Red Hat dwarfs that in a comparable amount of OS and application distribution from Microsoft. Microsoft has a few large "integrated" applications, whereas Red Hat has many smaller, intercompatible ones.
3. Red Hat doesn't delay and hide. Microsoft has a practice of delaying patches and releasing several in one bundled "service pack" -- whereas Red Hat releases one patch per problem, promptly. That inflates the counts on Red Hat's side, but improves the actual security -- and actions count more than words, or numbers.
4. Red Hat actually releases fixes!Microsoft's software has at least 18 publicly known, exploitable, unpatched vulnerabilities -- and that's just in one product, Internet Explorer. Show me a comparable list for any current version of any open-source product or distribution.
Sorry, Bill -- you lose this round. Red Hat is far from the best of Linux distributors or open-source operating systems in its security record, but it's far and away above your little offering. Maybe you should spend less time plotting ways to subvert democracy, destroy the public domain, and harm your customers -- and more time checking your code?
Yes, they produced an update. No, it wasn't fast enough.
For what it's worth, Apple has responded more promptly to the Apache vulnerability than have other commercial Unix vendors. I do security work for my employer (a research institution with dozens of independent Web servers). We have all manner of systems running Apache -- but mostly Red Hat, Sun, and SGI. Guess which one of those three is the only one to have an officially supported patch out -- and which two I'm telling people they need to compile the new version from source?
No, Apple didn't have the patch out as quickly as Red Hat or Debian. Nevertheless, it is interesting to note that the open-source distributors patched quickest, the closed-source vendors (Sun and SGI) haven't patched yet -- and halfway-open Apple is right in the middle. For a company with precious little experience on the server side of things, Apple has done quite nicely.
Since you are a technician with some significant
Net experience, I can only presume that you are
already familiar with
the harms of
spamming. One of the notable developments in
spamming of recent has been the widespread use of
spamware -- mail client software designed for
the express purpose of abusing other people's
networks by spamming.
Dealing in spamware is illegal in several U.S. states and European nations. By and large,
spamware programs have no lawful use -- they are
built to abuse open relays and proxies,
fraudulently alter mail headers, and obfuscate
spammed messages to make it harder for victims to
track down the spammer. Spamware is not merely a
"burglar's tool" useful for lawless
action -- it is like a locksmithing kit
specifically tailored to be excellent for burglary
and no good for legitimate locksmithing, or a gun
somehow built to be perfect for murder but
nonfunctional for self defense.
Nevertheless,
Google accepts ads for spamware -- as well as ads for other spamming services. Google today carries advertisements and thereby accepts sponsorship from dealers in network abuse. Given the real and present danger that spamming poses to the usefulness of the email facility, and the amount of time and money that today's Internet-using businesses and people spend defending themselves from this form of theft -- how can Google justify accepting this sponsorship?
It was socially unthinkable in my parents and grandparents childhood environments for men to stalk and harass teenage girls,
Which means that when it happened
(which it did -- don't fool yourself)
the society was not equipped to deal with it.
Rape, child molestation, and the like were shoved
under the rug. Rape victims were told that they must
have "asked for it". Child victims were scolded
and abused for "making up stories" about "upright
members of the community" (like, oh, say,
priests) sexually abusing them.
We know better than that now. Don't you dare
try to drag us back to the bad old days.
You're free to use it any way you want, so long as you're using it in a way I want.
Not at all. If you're looking for a short, pithy
expression of what RMS is after, try this:
I'll let you copy and fiddle with my code
-- but only if you'll let your users copy and
fiddle with it, too.
What RMS has done with GNU is to create a
commons -- a body of code which
everyone may use and modify, but nobody may
restrict others from using and modifying.
It's a fallacy, by the way, to say that the GPL
expresses restrictions on what you may do with
covered code. In fact, what restrictions there
are exist by default under copyright law.
The default condition of any work is "all rights
reserved" -- unless I give you my permission, you
are breaking the law when you copy and redistribute
my work. The GPL is a grant of permission -- not
an unconditional grant, but a grant
nonetheless.
By the way, it sounds like you have some serious
confusion goin' on between use and
copying. The GPL does not discuss the
use of programs -- that is, whether or
not you may run them and benefit from their
usefulness. It only deals with copying,
modification, and redistribution. Copyright
doesn't give the copyright holder any rights to
restrict your use of his work -- only
your copying of it. The GPL assumes
that you have come by the software legitimately, and
thus already have the right to use the copy
in your possession.
Slashdot Mirror
I don't see a clause like that in the GPL. Could you point it out?
I do see section 4, which says that "[a]ny attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License." However, that provision does not imply that the violator is attainted against receiving a new license ... which is as simple as downloading a new piece of the covered software.
(In programmatic terms, you need an instance of permission in order to legally redistribute copyrighted works. If you violate GPL, you destroy your instance of permission (and, more importantly, you break the law in so doing). However, just because you destroyed an object doesn't keep you from getting a new object of the same class later on ... and you get a new GPL license with every copy of the software.
License * foo; /* pointer to a license instance */
/* get a license */
/* implicitly deletes foo */
/* can still get a new one */
foo = new License(LGPL, glibc);
foo->violate();
foo = new License(LGPL, glibc);
To summarize: The GPL does not contain any terms which "taint" violators from re-accepting the license in the future, nor which withdraw the offer of future licensing. The GPL's "teeth", basically, are not license revocation but copyright law.
Sorry, no. Section 0 of the GPL clearly states:
The GPL assumes that since you have legally obtained a copy of the program -- recorded onto a hard disk, CD-ROM, book, or other piece of your property -- that you already have the right to use it. In doing so, you're simply legally using a piece of your private property, an action to which copyright traditionally does not address.
Well-established, constitutionally upheld, internationally valid, largely uncontroversial Berne-Convention-class copyright only affects you when you copy, publicly perform, redistribute, etc. a covered work. It is only the experimental, alpha-test-quality, constitutionally untested, and controversial DMCA-class laws which attempt to extend copyright from the right to copy and publish to the right to enslave and deprive the user.
That's not an assumption ... it's a conclusion, and a well-confirmed one.
Assumptions involved are things like "downtime costs money", "data loss costs money", "working late restoring the mail spool from backup is less fun than going home and having a beer", "calling a product a 'solution' does not make it any better", and so forth.
HTH. HAND.
Drop by drop by drop
Sweet rain turns to killing flood
One mail, ten mails, spam.
Slashdot does not have a consensus on the value of the ACLU, "basic principles", the quality of various operating systems or programming languages, the best drugs to take while coding, or just about anything else.
Well, ten years ago when I hung out with warez d00dz, "zero-day warez" meant bootleg software that had been cracked (the copy prevention routines removed) and released to BBSes by a cracker group on the same day it was released commercially. Surpassing that were "negative-day warez", where the software had been leaked from the manufacturer during mastering, and the cracked version was out before the "real" one. The sysop of one BBS I frequented had internal builds of a Microsoft product called "Chicago" in 1993; that product became what you may know as Windows 95.
In any event, the same terminology can apply to attacks. A "zero-day worm" is a worm written to exploit a vulnerability on the same day that the vulnerability is released (i.e. made public). In fact, this is not a very useful expression, for two reasons:
The worms we have seen recently have actually been a net benefit to security. They have shown us what is possible with old vulnerabilities on unpatched Microsoft systems, and their payloads have been, all in all, relatively mild. Sure, Code Red II spread a backdoor, and Sircam sent your files around -- but consider the damage if they had instead altered figures in spreadsheets or databases, or just gone writing random numbers to random sectors of your disk, like some of the old DOS viruses did. DoS floods go away; data corruption can take years to discover.
So it isn't the zero-day worms I'm worried about. It's the negative-day worms with real payloads. After all, unlike that from some vendors, the software I use has an established reputation for zero-day patches ....
Presumably, affinity worm is Mr. Schmidt's coined phrase for Microsoft email worms such as Klez, which use the victim's address book as a list of targets. That is to say, they spread from Windows host to Windows host on the basis of the users' affinities.
A comparison of Klez to Code Red and Nimda suggests that while such a worm does not spread as quickly to vulnerable Windows systems, it is capable of staying resident in the Windows population at a higher level for quite a long time. My workplace currently sees a handful of Code Red and Nimda attacks every day -- but our mail exchanger rejects a couple hundred Klez per day.
Long form:
One of the classic bits of worry about AI, and about advanced computing systems in general, is that "computers will take over the world". That is, if we give computer systems motivations such as survival and growth, and the autonomy and judgement to fulfill those motivations, that they will do so without regard for us poor dumb humans -- and indeed see us as either an obstacle or an exploitable part of their environment. This is the premise behind numerous popular SF works, such as "Terminator" and "The Matrix": that the moral judgement of an AI is necessarily inhuman and without respect for humanity.
One response to this concern in SF (which in fact long pre-dates those works) is Asimov's "Laws of Robotics" -- the idea of designing AI systems (robots, in his case) such that respect for humans is one of their primary motivations. This seems to permit the robot to have moral judgement and autonomy without placing humans at risk.
The question of creating an AI system capable of moral judgement is both philosophically fascinating and evidently of survival interest to humanity. What kinds of design parameters -- motivations, "laws of robotics", and so forth -- do you think will be necessary as AI systems become more autonomous? How must AI morals differ from the morals that evolution (both genetic and cultural) has emplaced in humanity?
For that matter, we as humans feel morally obligated to one class of entities which we "create" -- our children. Recently, genetic science has brought to light an ethical quandary for many potential parents: whether it is right to attempt to create a genetically "optimized" child, or for that matter to abort a genetically "flawed" one. The argument on one side is that flawed persons have a right to exist, and that the quest to optimize humanity despises or disrespects what humanity is today. On the other side is the view that given the ability to create stronger, smarter, healthier children that we are morally amiss to refuse to take that step. Peter Singer in particular has become both famous and infamous over this matter.
Do you see the same quandary possible in the creation of AI systems? Positing the possibility of AI systems capable of suffering -- is it wrong to create one with this capacity? Given that the choice to create or not to create an AI does not involve the ethical hazards of abortion, eugenics, or euthanasia -- what obligations can we have towards our future AI creations in this regard?
Spelling flames suck, but I really need to get this one out, since this mistake seems to be widespread: the law enforcement officer is spelled "marshal", with one "L". "Marshall" is a name, as in Chief Justice John Marshall. The verb, meaning to arrange, to rally, or to serialize, is likewise "to marshal". The participle is "marshalling", as in "Python has several libraries for marshalling data structures."
Anyway.
Sure -- behind the armored cockpit door. The gun is there so that the pilot has one more advantage in defending the controls (and him/herself) if an attacker makes it that far. Presumably, breaking through the door will take some time, make some noise, and alert the pilot to get the gun from its secured location.
The gun is not for the purposes a police officer carries a gun -- i.e. chiefly to serve as a threat. It isn't there to say "don't fuck with pilots," and it isn't in a holster on the guy's belt. Its presence need not be advertised. You don't put a sticker on the cockpit door saying "HEY TERRORISTS! GUN IN HERE! GET YOURS TODAY!" Like the fire extinguisher or the crash axe, it is there as a tool for use in emergencies: The fire extinguisher is for putting out fires; the gun is for defending the cockpit.
Alternately, you could have goo sprayers built into the cockpit door, so that whenever anyone tries to break through it, they get covered with purple sticky goo. Terrorists probably don't like being covered in goo.
Pilots are law-abiding citizens. They don't watch and laugh while passengers rape one another.
Perhaps. I think you're exaggerating the case in several ways, most specifically the chance of explosive decompression. (In fact, there are rounds manufactured today specifically not to penetrate airplane skins.) Your "element of surprise" bit is precisely the sort of thing that air marshals are trained to look for and handle, which kind of takes the element of surprise away.
However, "How do you prevent a hijacking attempt from succeeding?" is a tactical question; whatever the answers are, they will be located aboard the plane where the attempt is taking place -- armored cockpits, air marshals, electric stun seatbelts, kung-fu flight attendants, or what-have-you. ID checks don't fit the bill -- knowing a guy's name, SSN, and favorite color does not make it easier to shoot him, beat him up, lock him out of the cockpit, zap him with phaser beams, or otherwise stop him from hijacking the plane he's on.
This example is certainly vivid, but it has nothing to do with ID checks. I do not recall the details of the case myself, so I will work from your description of it. As you describe the incident, the customs agent's discovery of explosives in the van in no way depended upon the determination of the identity of the van's driver. Indeed, you do not mention the customs agent having used information disclosed by an ID check -- such as the driver's name being on an "enemies list" -- as reason to search. Rather, the agent used his suspicions about the driver as he appeared, possibly including his apparent ethnicity as well as his nervousness.
While racial profiling on the part of law-enforcement agents is not compatible with the maintenance of a free nation, it is precisely correct for a customs agent to search the cargo of a person who behaves suspiciously. The agent would be remiss not to do so. Searching cargo for explosives at the border is not analogous to ID checking at airports; it is analogous to X-raying and searching of bags -- a procedure that neither Gilmore in his suit nor I in my post above object to.
Legally speaking, one must note that your example differs in one more overwhelming way from Gilmore's: it involves crossing the border, whereas Gilmore's argument is specifically about travel within the United States. Entering a nation subjects one to customs and immigration process, which do not apply to a person traveling within a nation. The responsibilities and powers of customs agents are not the same as police powers, or regulatory powers of executive agencies such as FAA.
One of the establishing points of Union (the formation of the United States as a single nation rather than separate but allied nations) was the rejection of tariffs and customs at internal (state) borders. Indeed, restriction and tracking of citizens' internal travel is a hallmark of two forms of government: feudalism, in which the common man is a serf "tied to the land"; and totalitarianism of the Nazi or Soviet breed, with "internal passports" and "Do you haff your papers?"
An ID check at the gate does not and cannot prevent a hijacking. An ID check tells you who a person is -- his/her name, SSN, DOB, possibly criminal record, and so forth. It does not tell you what the person's intentions are.
There are terrorists who are U.S. citizens. There are terrorists who are white Christian boys with no connection to Axis of Evil[tm] nations, much less to Al-Qaida. There are terrorists with clean criminal records, and with honorable military discharges. These folks are just as capable of hijacking a plane, should they wish to, as Osama's boys are. As it happens, the last bunch decided to blow up some Federal employees in Oklahoma City instead.
Tools to prevent a hijacking cannot be tools that are used on the ground, because hijacking attempts do not take place on the ground; they take place in the air. You don't know if a person wants to hijack a plane until he tries, just as you don't know if a person wants to hold up a store until he tries. So when he tries, you need to be able to stop him.
Armed persons charged with defense of the airplane seem to be a good idea in this regard. Federal air marshals are one way to accomplish this; arming and training pilots is another; hiring security guards is another. There are other methods as well. Pick a few of them.
(Naturally, this logic only applies if the goal is to prevent hijackings. If the goal is to cast a segment of the population as "suspect" or as second-class citizens on the basis of some datum which can be divulged by an ID check, it does not. However, despite a few isolated cases of what look to me like unjust discrimination on the basis of race or political affiliation, I have not seen any evidence that it has become a policy goal.)
She wasn't; she was in the passenger seat in a stopped car, just ahead of the drive-through window. Read the story.
In fact, as documented in the link I gave above, the court in Liebeck v. McDonald's found that Mrs. Liebeck was 20% responsible for her injuries, and reduced the compensatory damages accordingly.
Compensatory damages are awarded to make up for the actual harm caused by a wrongdoing. Since McDonald's was only 80% responsible for the harm, they only pay 80% of the costs that harm caused. Punitive damages are awarded to penalize the wrongdoer for having done wrong. They are awarded to the victim rather than to "the government" (as some in this thread have suggested) because government is not an interested party in civil suits.
If McDonald's had been prosecuted for criminal negligence (or, I don't know, "negligent GBH" if the law calls it that) and convicted then they could be fined, which would go to the state. If prosecutors regularly pressed charges against corporate offenders in this fashion, judges and juries would probably not find punitive damages so necessary.
That's quite true; one should make tea with boiling water, unless it is Chinese tea in which case one makes it with water around 180 degrees F. However, one does not serve it to one's guests at that temperature, since it loses some heat while steeping or brewing. One never leaves tea or coffee on a heater for hours, maintaining its temperature at 180 F until the moment of service; the subtle aromatics of either beverage will quickly evaporate, leaving a soulless and bitter brew.
Moreover, in proper society one does not serve tea or coffee in heat-insulating styrofoam cups. One serves both in china, which does retain heat but not quite as well as styrofoam. (It is because china takes on and dissipates some of the heat that teacups have handles whereas foam cups do not.)
One also serves coffee at table in an open cup, so one's guest can add milk or other adulterants. One does not expect one's guest to remove a tightly fitting lid first, nor to perform said operation without the stability and protection of a table. Presenting such a puzzle to one's guest -- especially a puzzle loaded with the gory surprise of a near-boiling liquid within, ready to scald the loser in this hideous parlor-game -- is beyond the pale of hospitality.
Thus, the standards of proper society for the preparation and serving of tea and coffee do not form a defense for McDonald's in this case.
Sure. Go into the computer business. Manufacture computers with a big red button on the front, which when you press it makes the four sticks of dynamite inside the case explode. When someone sues you for their kid being killed, tell them that they were stupid for pushing big red buttons without knowing what they do.
If McDonald's had been following the established (restaurant) industry practice of serving coffee hot but not hazardously so, Ms. Liebeck putting it between her legs would have been risking stained pants and perhaps an Uncomfortable Crotch Experience. It was McDonald's considered and deliberate choice to continue selling hazardously hot coffee even after having burned 700 people with it that made them liable.
Really? Is it that much more expensive to make a car which won't explode? If customer-hurting companies have to raise their prices in order to pay off damages to the people they've hurt, then their non-hurtful competitors will be able to offer more competitive prices. Hurting your customers will no longer be cheaper.
IF YOU DELIBERATELY, KNOWINGLY PUT PEOPLE IN HARM'S WAY, YES, YOU ARE FUCKING RESPONSIBLE FOR WHAT HAPPENS! IT'S REALLY THAT SIMPLE, DUMBASS! IT'S THE SAME AS DRIVING DRUNK! OR TOSSING JARS OF NITROGLYCERINE AT PEOPLE AND SAYING "HERE, CATCH!"
Ahem, pardon me, I got a little carried away there. (I'm not even supposed to be here today...)
Expecting customers to bear the burden of being hurt by products, in order to keep corporate costs down, is absurd. Allowing corporations to blow up, burn, and poison people to save a buck has no place under the rule of law.
Misleading examples, anyone?
The judgement in the "coffee case", Liebeck v. McDonald's, followed after over 700 other cases between 1982 and 1992 in which a McDonald's customer was burned by overheated coffee. Coffee is usually served around 140 degrees Fahrenheit; McDonald's was serving it at over 180. A liquid at 180 degrees F. will cause third-degree burns to human skin in between two and seven seconds. (A "third-degree burn" does not refer to the skin being burned away, but to the full thickness of the skin being burnt.) Coffee at 180 degrees is not fit for consumption, as it will severely burn the mouth and throat.
Stella Liebeck did not set out to mooch millions of dollars from McDonald's. She initially wanted a settlement of $20,000 to cover her medical costs -- which included eight days in the hospital and skin-grafting operations. A jury awarded her the $2.7 million dollars in punitive damages -- to punish McDonald's for knowingly continuing to put its customers in harm's way. The judge reduced punitive damages to $480,000 despite calling the company "reckless, callous, and willful" in its deliberate risking of customers' well-being in order to save costs.
See the link above for details. If you want to say that our society is too litigious, go ahead -- it is -- but please do not Ms. Liebeck for that. She was the victim of another of our society's problems -- corporations who believe it will be cheaper to pay off (or toss aside) victims of their recklessness rather than do the right thing in the first place.
No. That was Unisys, who hold (or held) a government-created thought monopoly over the LZW compression algorithm used in GIF.
I doubt it would be necessary if Microsoft were not still bombarding us with dastardly deeds. Slashdot and other Linux sites are in a peculiarly good position to notice Microsoft's dirty tricks, seeing as Linux has been since 1998 a chief target of said tricks. (October 1998, as you may recall, was the date of the leaking of the first Halloween Document, an internal Microsoft report which called for the company to "deny [open-source software] entry into the market" rather than out-competing it within the market.)
Perhaps you find it boring that Microsoft critics are saying the same things today as in 1998 and before -- that Microsoft destroys free markets, perjures itself before courts and Congress, harms democracy and fair & free trade, curtails user freedoms, and so forth. Sadly, it's still true, and I suspect that people will keep saying it as long as it is.
Well, simple really:
- 1. You're not telling the truth. The link and count you gave was for all patches against Red Hat 7.2 since its release, not "alone in 2002" -- and includes enhancements as well as security patches. Microsoft doesn't hand out enhancements to its software as patches -- it charges for them as new releases.
- 2. Red Hat has more software. The amount of functionality Red Hat ships dwarfs that available in Windows. The diversity of software shipped on two or three CDs of Red Hat dwarfs that in a comparable amount of OS and application distribution from Microsoft. Microsoft has a few large "integrated" applications, whereas Red Hat has many smaller, intercompatible ones.
- 3. Red Hat doesn't delay and hide. Microsoft has a practice of delaying patches and releasing several in one bundled "service pack" -- whereas Red Hat releases one patch per problem, promptly. That inflates the counts on Red Hat's side, but improves the actual security -- and actions count more than words, or numbers.
- 4. Red Hat actually releases fixes! Microsoft's software has at least 18 publicly known, exploitable, unpatched vulnerabilities -- and that's just in one product, Internet Explorer. Show me a comparable list for any current version of any open-source product or distribution.
Sorry, Bill -- you lose this round. Red Hat is far from the best of Linux distributors or open-source operating systems in its security record, but it's far and away above your little offering. Maybe you should spend less time plotting ways to subvert democracy, destroy the public domain, and harm your customers -- and more time checking your code?For what it's worth, Apple has responded more promptly to the Apache vulnerability than have other commercial Unix vendors. I do security work for my employer (a research institution with dozens of independent Web servers). We have all manner of systems running Apache -- but mostly Red Hat, Sun, and SGI. Guess which one of those three is the only one to have an officially supported patch out -- and which two I'm telling people they need to compile the new version from source?
No, Apple didn't have the patch out as quickly as Red Hat or Debian. Nevertheless, it is interesting to note that the open-source distributors patched quickest, the closed-source vendors (Sun and SGI) haven't patched yet -- and halfway-open Apple is right in the middle. For a company with precious little experience on the server side of things, Apple has done quite nicely.
Dealing in spamware is illegal in several U.S. states and European nations. By and large, spamware programs have no lawful use -- they are built to abuse open relays and proxies, fraudulently alter mail headers, and obfuscate spammed messages to make it harder for victims to track down the spammer. Spamware is not merely a "burglar's tool" useful for lawless action -- it is like a locksmithing kit specifically tailored to be excellent for burglary and no good for legitimate locksmithing, or a gun somehow built to be perfect for murder but nonfunctional for self defense.
Nevertheless, Google accepts ads for spamware -- as well as ads for other spamming services. Google today carries advertisements and thereby accepts sponsorship from dealers in network abuse. Given the real and present danger that spamming poses to the usefulness of the email facility, and the amount of time and money that today's Internet-using businesses and people spend defending themselves from this form of theft -- how can Google justify accepting this sponsorship?
Which means that when it happened (which it did -- don't fool yourself) the society was not equipped to deal with it. Rape, child molestation, and the like were shoved under the rug. Rape victims were told that they must have "asked for it". Child victims were scolded and abused for "making up stories" about "upright members of the community" (like, oh, say, priests) sexually abusing them.
We know better than that now. Don't you dare try to drag us back to the bad old days.
Not at all. If you're looking for a short, pithy expression of what RMS is after, try this: I'll let you copy and fiddle with my code -- but only if you'll let your users copy and fiddle with it, too. What RMS has done with GNU is to create a commons -- a body of code which everyone may use and modify, but nobody may restrict others from using and modifying.
It's a fallacy, by the way, to say that the GPL expresses restrictions on what you may do with covered code. In fact, what restrictions there are exist by default under copyright law. The default condition of any work is "all rights reserved" -- unless I give you my permission, you are breaking the law when you copy and redistribute my work. The GPL is a grant of permission -- not an unconditional grant, but a grant nonetheless.
By the way, it sounds like you have some serious confusion goin' on between use and copying. The GPL does not discuss the use of programs -- that is, whether or not you may run them and benefit from their usefulness. It only deals with copying, modification, and redistribution. Copyright doesn't give the copyright holder any rights to restrict your use of his work -- only your copying of it. The GPL assumes that you have come by the software legitimately, and thus already have the right to use the copy in your possession.