The trouble with the traffic shaper is that what it does is let you create limited-bandwidth network interfaces... but the routing table, which decides which interface a datagram should go out on, doesn't consider source addresses... and the ipchains facility, which does consider source addresses, doesn't let you change the interface the datagram will go out on.
In other words, shaper and route let you limit interfaces all you like, but ipchains won't let you send the troublesome hosts' packets to those interfaces instead of to the unlimited one.
If purchasing the CD does not give me the right to use the software on it, then there's no way I can get as far as seeing the EULA onscreen without exceeding my rights, because the software that displays the EULA is part of the software on the CD.
If, on the other hand, purchasing the CD does give me the right to use the software on it, then I do not need the EULA to grant me that right.
In other words: if I am within my rights to stick the CD in the drive and run the installer that displays the EULA, then I am within my rights to refuse the EULA and yet continue to use the software.
That the software attempts to prevent this (by aborting the install unless I click on the "Agree" button) constitutes an attempt to make me waive my rights for no good reason -- a waiver, not a contract, as I get nothing for accepting it. Since I already own my copy of the software, I also have the right to modify that copy (just as you have the right to write comments all over a book you own, or black out sections you don't like) -- and I may thus use a third-party utility to install the software without clicking on the "Agree" button.
Furthermore, because the software company is offering to sell me something I already own (namely the right to use the software I bought) they are not entering the agreement in good faith; they're being deceptive. An agreement not made in good faith isn't valid, and I may freely disregard it.
I don't think so. When you buy the CD, you already have the right to use the software on it. You don't need to be granted any additional rights in order to do that.
Consider a book. If I buy a legitimate copy of "SedentaryZ's Guide to Getting Karma on Slashdot", then I already have the right to read it and to make use of the instructions within it. (By "legitimate" I mean that you, as the author, have granted the publisher the right to make copies and distribute them.) I don't need to be granted any additional rights in order to make use of it; it's mine.
(I would need to be granted additional rights if I wanted to legally copy and distribute the book, because I don't hold copyright on it. I could make any number of copies for my own personal use; I could even distribute excerpts from the book as part of a review of it (under Fair Use); but if I wanted to give out or sell copies, I'd need to obtain the right to do so from you (the author) or from someone else to whom you'd assigned that right.)
Since I don't need any new rights in order to use the book, any "contract" that purports to grant me those rights is pulling my leg: trying to sell me something that's already mine. If the only thing I'm "gaining" from this "contract" is these rights I already have, it isn't a contract -- there's no exchange. It may be a waiver (which I may disagree with and still use the book) or it may well be an act of fraud.
You can't waive a right by refusing to sign something. Refusing to sign something means that you don't have whatever rights signing it would give you, but it can't take away rights you already had (in this case, from buying a product). Refusal to sign an agreement leaves you in the same state, rights-wise, that you were in if the agreement was never written.
(If that were not the case, then I could write the following into an "agreement": "If you agree to this agreement, you owe me $500. If you do not agree to it, you owe me $500.")
That's (my non-lawyerly interpretation of) the state of common law. That's what UCITA would change. UCITA would (among other things) make statute law which let software companies create just that kind of Catch-22 agreement: "If you agree, you waive the right to use this product to do X, Y, and Z; if you disagree, you waive the right to use this product at all."
(Please note that this entire discussion, including the state of common law as well as UCITA, is founded on the notion of the legitimacy of copyright and other "intellectual property" models. These "rights" are constructs of statute and common law. In other words, they are monopolies created by government -- in the United States, monopolies proposed in the Constitution -- and are not natural rights in any sense.)
Do you know any good tools with which to do this? Our firewall is a Linux box with ipchains; it's fine for blocking the abusers, but I haven't found any good tools to simply limit them. I had hopes for the "traffic shaper" kernel module, but it doesn't seem to be the Right Thing either: it's good for creating a limited-bandwidth network interface, not for limiting the bandwidth of one host over an interface.
What I suppose I'd like is an extended version of fair-queueing. Fair-queueing is a mechanism used in gateways which prevents transmitting hosts from bogging down the gateway machine with too many datagrams (as in the case of an over-enthusiastic TCP implementation). The trouble is, it only deals with the originators of traffic, not the recipients; further, it doesn't directly deal with the sizes of the datagrams, only their number.
(Fair-queueing is described in RFC 970. It's very interesting reading. A quote:
We would like to protect the network from hosts that are not well-behaved. More specifically, we would like, in the presence of both well-behaved and badly-behaved hosts, to insure that well-behaved hosts receive better service than badly-behaved hosts. We have devised a means of achieving this.
There's a good deal of material in there about applying game theory to network overloading.)
I'd like to be able to take the fair-queueing model and throw a choke on each host's queue tighter than the "natural" one imposed by network and gateway load. But so far I haven't seen a means to do this. Ideas?
I am the primary network administrator for a small college. Last term we had a serious problem here with one student consuming huge quantities of bandwidth moving bootleg movies in VCD format, so we've been doing a lot of thinking about this issue.
Let me tell you this: I have zero interest in wasting time blocking you just because you happen to be bootlegging. I won't even notice that you're bootlegging unless you're being a bandwidth hog in doing so: one FTP session looks much like another from the outside.
If you are being a bandwidth hog, you're harming your neighbors, and I will stop you from doing that. Everyone on campus should be able to get a fair share of the bandwidth, and if you and your pals are hogging it all, I don't care if you're moving VCDs or Linux ISO images; I'm going to raise a fuss and, if necessary, happily shut you down.
If I get a note from the RIAA saying you're bootlegging, I'll do what's necessary to keep them from suing the college's pants off, because it's damn cold in Massachusetts right now and we can use all the pants we can get. But if you're bootlegging without hogging, I honestly don't give a damn.
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted....
... You are not required to accept this License.... However, nothing else grants you permission to modify or distribute the Program or its derivative works.
The GPL is not a contract; it's also not a "license agreement" like the MS EULA. It is a license, pure and simple. It doesn't say "You may not use this software in certain ways"; it says "You may copy and distribute this software in certain ways". It grants you privileges you would not otherwise have; that's what a license does. Without any license to do so, you have no right to copy the software (no "copy-right"); with a license, you do.
Contrast this with the MS EULA, which claims that by using the software, you are waiving certain rights which you would otherwise have. MS wants you to think that's a contract: in exchange for a "license to use" the software, you're agreeing to waive certain rights.
The thing is, you already had the right to use the software, because you bought a legally-made copy of it. When you buy a book, you have the right to use it, that is, to read it and make use of the information in it. The same applies to software, or any other work. This does not, of course, give you the right to distribute copies of these works; the right to use your purchase is not the same as the right to copy it.
So in fact the MS EULA is a waiver, not a contract: if you agree to it, you're waiving rights you had, but you're not getting anything in return. If you don't agree to it, you still have the right to use the software, just as if the EULA had never been written.
(A contract, FYI, requires an exchange of "considerations" --- goods, services, rights, or something else of value. If there isn't an exchange, there isn't a contract. The GPL isn't a contract because you're not giving the software author anything; the MS EULA isn't a contract because MS isn't giving you anything.)
(It may seem that under the GPL, you are giving the software author something: your agreement to follow the terms of the GPL. Yet this isn't the case. In fact, the terms of the GPL are the limits around the gift you are being given. If I give you an easement on my property, that you may fish in my pond from noon to 3PM on weekends, you aren't giving up a right to fish in my pond at other times; you never had such a right to give. Similarly, when you make a copy of GPLed software, you don't give up your right to turn it into a proprietary product; you never had such a right to begin with.)
In my non-lawyerly opinion, the GPL may freely apply to minors, because the minor isn't giving anything up; s/he is only receiving. Minors may, after all, receive gifts. However, the EULA may not apply to minors, because the minor is waiving rights s/he may not be competent to waive.
Neither is a "contract", but minors are protected from waivers as well as from contracts; they're not "protected" from being given gifts, which is what the GPL does.
Considering the number of people who mentioned Project Gutenberg in the original discussion of this category, I am moderately disappointed it isn't an option.
... that Bob Sullivan and Anatoliy Prokhorov would admit, in a news article published worldwide, to having committed several counts (possibly 2500 counts, to judge by the example of Kevin Mitnick) of a few major felonies. Plus, of course, listing the names of the sites from which they stole the credit card numbers... is this reportage, or script-kiddie-age? "Gimm3 y3r k0d3z, d00d!!!!"
MSNBC may be a touch more honest than Microsoft proper, but that doesn't mean they entirely have their clue on straight. Yes, tell the world that MS SQL has security holes in its defaults... Yes, tell the world that hiring a Microsoft Certified-Clueless Database Administrator is a bad idea... but no, don't publicly admit committing felonies like that. At least, not under your real name, Bob and Anatoliy.
And tell me what kind of legal basis does anyone have for doing something like this? I mean I am sure that high ideals are nice and various forms of protest are also ok but also extremists cannot be tollerated.
Legal basis? If I own a news server, I can accept whatever kind of article I want to -- and refuse to accept whatever kind of article I want to, as well. That's called "private property". A UDP is just a large number of news server administrators saying "We're not going to accept articles from this site, because they have refused to stop spamming."
As for "extremists" -- these aren't extremists. These are the sysadmins who built the fucking thing. If we're playing baseball with my ball, and you decide that you'd rather use my ball to bean your little sister instead of playing the game, I'm going to take my ball away and not let you play with it.
They're going to scan their network for customer-operated NNTP services and take those customers' news access away, because external spammers have been relaying through the customer-operated systems to the main news server?
Why not just block inbound NNTP connections going to customer systems? If what they want to say is "Our users have no business running their own news servers", then why let them?
This "solution" seems excessively punitive and insufficiently preventative: sure, it'll get the current batch of insecure proxies, but it will not stop the next batch.
"Tools, not rules", people... if you want a certain kind of network traffic not to happen, you don't just tell people not to do it and beat them with wet noodles when they do. You block it at the firewall.
First, is the reform party really any diffrent from the other 2? I sorta assumed it was diffrent when I heard about Jesse Ventura, but then the reform party tried to kick him out when he said something about organized religion being a problem and Pat Buchanen joined it.
When was the last time you heard of a Republican get in trouble with the Republican Party for saying something controversial? When it comes out that a Republican congressman has been giving speeches at meetings of racist and racialist groups, the party tries to hush it up. Controversy in the Reform Party is subject to a lot more disclosure than that in the Democrat or Republican parties. Being too politically correct is hardly the Reform Party's biggest problem.
The Reform Party is still practically brand new, much newer than (say) the Libertarians or Greens. It doesn't yet have much of a handle on what it wants to be. Because the Reform Party's platform is not based on any particular historical or philosophical position -- it's basically just "We don't like the status quo!" -- it's pretty much free for the taking for anyone to move in on. "If you don't stand for something, you'll fall for anything."
Contrast this with the Libertarian Party, which is founded on very straightforward philosophical principles; or the Green Party, which has a basis in the whole history of the environmental movement, as well as in the Green movement in Europe. If Buchanan had tried to move in on either the Libertarians or the Greens, he'd be booed off the stage, because he clearly doesn't fit in with either. But a party whose own identity is little more than "misfit" isn't going to be able to muster much fuss against a misfit like Buchanan.
As the Reform Party develops a history (which will, of course, only come with time) it will have to grow a more stable political position and philosophy. If it doesn't, it will doom itself to irrelevance as a bunch of malcontents who will follow any candidate who's a bigger malcontent than any of them.
See the end of this comment for links to American third parties you should consider supporting.
At this point, both the Democrats and Republicans are largely "conservative" in the sense of supporting the status quo. They don't want any major changes in the nation's political structure because of the risk that change would upset their balance of power and all the perks that come with it. They want the present system of corruption to continue unchallenged, for fear that if it were upset, their gravy train would go away.
What is that present system which the ruling parties support? It is the system of mass public fear. That's what's behind their advocacy of Net censorship. They, like Clinton and Exon before them, foster and then feed on fear of "online pedophiles", "terrorists", "psychotic schoolchildren downloading bomb recipes", or whatever the latest fashionable breed of scary social reject is.
Consistently the targets of this fear fail to exist. Take, for instance, the much-hyped "school shootings" non-issue. It is not a trend in student behavior; it is a trend in reportage (not to say "journalism") and in political speechmaking. That is to say, it is a trend in paranoia: fear which is not rooted in reality. Violent crime in schools, like violent crime in all other areas of American life except for FBI and police operations, has been decreasing for years.
Despite the nonexistence of the objects of fear, the populace is not permitted to feel relief or security. Relief and security don't sell papers, nor do they sell candidates. For instance, despite the decline in violent crime, the count of newspaper articles and TV news segments on the subject of violent crime has increased dramatically over the past severla years. And, of course, the candidates make political hay of all the fear generated, by promising always to assuage the current fear, while building up the next. A populace in fear of bandits is a populace which can be relied upon to support the one big gang of bandits which promises to rid them of all other bandits.
The solution? Quit supporting the fear-and-banditry regime. Vote -- and don't vote for the ruling parties. I happen to be a Libertarian myself, but I'd rather you voted Green, Reform, or even Socialist than voting Democrat or Republican. We have in America a convenient system of carrying out a peaceful revolution whenever the hell we want to: it's called free elections. It's just a matter of getting off our asses and doing it.
I agree that to "call the cops" is overall a pretty useless thing to do if someone tries to break into your system.
However, the right answer to security isn't to "buy software" either. As Bruce Schneier is fond of pointing out, security is not a checklist feature: it's not something that can be slapped onto the side of a fundamentally poorly-designed system.
"Poorly-designed" here refers not only to the software and other instrumentality, but also to your administrative methodology. Administrative methodology has to do with the things you do as routine system upkeep. Do you monitor security-related mailing lists (CERT-CC, BugTraq)? When setting up a new system, do you close unneeded services? Do you make a habit of knowing everything that should be running on your system, and noticing when things that shouldn't be there appear? Do you run security audits against your system? Do you regularly check for security updates to your software and install them?
My new favorite security procedure: Go to a script-kiddie Web site, download some k00l t00lz (cracking tools, DoS utilities, etc.) and wield them against your own system (over your own network)... see what happens. Keep abreast of the newest script-kiddie fads and they won't surprise you.
Security is a way of thinking -- some would say a way of life. It's not something you can just buy a program to install.
There may be some bullshit in this article, but it is not entirely bullshit. For instance, Red Flag Linux apparently does indeed exist, as a Google Linux search will reveal. Linux Weekly News covered it in this article back in August of last year. It also refers to an article in ComputerWorld China (in Chinese, of course).
Now that I've got the "Informative" part of this comment out of the way, I'll add the "Flamebait": For the Chinese government to use a Linux-based OS does not demean Linux. There are millions of people in the world who use Linux-based systems already. Some number of these people are assholes; this does not make Linux an assholes' operating system. Some number of them beat their spouses or children; this does not make Linux a domestically violent operating system. By now there's probably been a serial killer or two who's used Linux... does this make Linux the operating system of serial killers?
It is true that by using a more efficient, less crash-prone operating system, the Chinese government may become more efficient itself. In theory, this could be bad for the Chinese people: an efficient tyranny is likely worse than an inefficient one. However, I suspect that this would be more than balanced by the fact that involvement with Linux has the potential to lead to greater integration of China with the Net: how are they to keep up with new software developments if they don't have connectivity? And greater integration with the Net might very well lead to the spread of democratic ideals in the Chinese population, especially in the technologically adept population sectors who are most likely to come in direct contact with Linux-based systems.
Finally, I must add the following: China (says the Guide) is big. Really really big. You may have thought Texas was the epitome of big-itude, but that's just peanuts to China. China has big history, big culture, and lots of other big things too. The Chinese civilization has survived other bogus and tyrannical dynasties, and it will survive the "Mao Dynasty" as well. Right now things are obviously getting a bit shaky over there -- the Falun Gong crackdown indicates to me that the regime is scared of imminent popular uprising. In some sense, wouldn't adoption of Linux (and all that it entails) throw that much more Blessed Chaos into the mixture?
Originally the Paladins, or Palatine Knights, were a group of 12 knights at the court of Charlemagne. "Paladin" and "Palatine" mean "of the palace", and also refer to the Palatine Hill, the first of the seven hills of ancient Rome.
Both these Paladins and the AD&D character class were of necessity born to the warrior aristocracy -- not necessarily an image fitting the more meritocratic free-software movement. There used to be flamewars in Dragon magazine, back in the days of original AD&D, over the fact that because paladins had to be aristocrats by birth, they could not rise from the masses.
Conversational space and technology non-neutrality
on
Cybernauts Awake!
·
· Score: 2
"Technology has the power to change relationships between people. It is not neutral."
So, if it's not neutral, is it good or evil? Inquiring Slashdotters want to know!
I believe that the kind of 'neutrality' being referred to in this sense doesn't directly relate to goodness or evil (and yes, I caught the AD&D reference...). What's meant rather is that because our communications technologies alter the shape of the 'space' (in the mathematical sense) in which we engage in relationships with others, they are not 'neutral' to the forms of relations we have.
Take, for instance, the telephone. When the telephone was new, phone calls were rare and momentous, and the fact that someone is calling you was a very important thing to know. For this reason, phones were equipped with loud bells which could interrupt 'real-world' conversations to draw attention to the phone appliance itself.
Phone conversations became more commonplace, and people began to use the telephone to hold conversations of lesser importance. However, the interrupting nature of the ringing phone did not go away -- and so we now live in a world where many people will postpone or cut off a real-world conversation when the phone rings, even if the phone conversation is of less importance than the real-world one. Thus, the phone technology has biased the 'conversational space' away from the less-interrupting mode of average, polite, real-world conversations and towards the more-interrupting mode of telephone conversations. Rather than deciding which of two conversations to engage in on the basis of their importance or on the basis of 'first come, first serve', people tend to favor with their time the phone conversation over the real-world one. The telephone also increased the level of interruption through which people must work.
(Another way of saying the same thing is that regardless of the content of the conversations, people give telephone conversations disproportionately more attention because they come in at a higher level of interruption.)
This is by far not the only example. Different communications media all have different 'biases'. Consider, for instance, the difference between typed and spoken conversations. In writing -- be it in a letter, email, Slashdot post, or IRC -- you cannot hear people's tone of voice or see their facial expressions, and thus emotional content is more difficult to convey accurately. (One can say "I am angry!", for instance, in many ways, but it lacks the immediacy and the subconscious mammalian signaling present in a stern look and a harsh voice. Worse yet, your reader may read emotions into your text which are not there, based on their own emotions; flamers tend to see perfectly reasonable posts as being flames themselves.) Thus written media are biased towards emotionally detached content, while spoken ones are in a sense biased against it (because the 'distractions' of emotional signaling cannot be eliminated).
That is the non-neutrality of communications technologies.
The bloke who tried to patent the waterbed got his application thrown out because Heinlein had already described waterbeds in "Stranger in a Strange Land".
So "it's in Heinlein" ought to be as good a reason for a mechanical contrivance to be unpatentable as "it's in Knuth" is for an algorithm....
If you recall the original story, it was not Victor Frankenstein's lack of control over his artificial son which made the "monster" become hostile: it was first his revulsion and abandonment, and later his refusal to give his creation an equal for a wife.
What Frankenstein failed to do had nothing to do with control and everything to do with responsibility for the consequences of his actions. He was afraid and disgusted by what he had created, and so he ran off.
Yes, that's right -- Victor Frankenstein was a deadbeat dad.
So the question for the TIGR researchers is this: What are the consequences and risks of creating life at this level? Clearly, a baby mycobacterium is not going to require a daddy in order to grow up to be a socially well-adjusted mycobacterium, so Herrdoktorprofessor Frankenstein's particular act of irresponsibility is irrelevant here. It seems to me that the worst risk is that the newly-engineered bacterium might either be infectious and deleterious itself, or else that it might mutate into something dangerous.
What precautions are being taken against this risk? I would hope that they are conducting their experiments in clean-room environments and taking all reasonable steps to ensure that their engineered microbes do not escape. They should make sure that if they give their little baby bacteria to anyone else, that the recipient also knows how to care for them (i.e. how to contain them). Furthermore, they should have a means of reliably killing the bacteria when they're done with them, to make sure they do not spread into the wild.
I didn't ask "Why should CoSource exist?". Its existence is obviously valuable. I asked rather "Why is CoSource being characterized as moving free software into the free market?"
I believe that there exists an attitude, which I called "Red-baiting" above, which roughly claims that if there isn't money involved in a particular activity, that activity must be socialist, and therefore not a part of the free market. I think that the Red-baiting attitude is erroneous, and I think that the idea "CoSource is moving free software into the free market" is an example of the Red-baiting attitude, and is also erroneous.
I reiterate: Free software is already in the free market, because it consists of voluntary rather than compulsory economic action. CoSource is a good thing; however, it cannot move something to the free market which already was in the free market.
Or, in the popular jargon of a few years ago: Don't call it a comeback; we've been here for years -- but CoSource is welcome to join the party.
Free software doesn't need to be made into a part of the free market -- it already is a part of the free market. The "freedom" of the free market is non-coercion: a free economy is the opposite of a command economy, in which economic activity is controlled through the use of force by the government.
You can have a free market without money exchanging hands: for instance, a barter economy or a gift economy. Provided that the economic acts of individuals -- the creation and exchange of wealth -- are not restricted "from above" by a government or similar entity, the market is free.
Already free software is competitive against proprietary software in the marketplace: consider the case of Apache vs. MS-IIS for instance. Is a user's choice of Apache over IIS a choice made in a free market? Of course it is. It is a choice made, after all, without coercion. The user picks the Web server s/he will use on the basis of price and performance (with the latter including support, stability, &c. as well as speed). This is economically a free-market decision.
So why in the world would someone characterize the CoSource effort as moving free software into the free market if in fact free software already is part of the free market? I'd say it was out of fear of free software -- the old misguided Red-baiting, in other words. Unfortunate, that.
"It used to be that Joe or Jane User would never do a network install because s/he only had a dial-up connection, and it would be ridiculously slow or impractical to install that way. Today, however, more and more people have cable modems, xDSL, or other high-speed connections, and delivery of software over the Net is correspondingly increasing."
... and...
"Linux-based OSes need to make security upgrades as straightforward as possible, and to make a point of encouraging users to do them. This is even more important for Joe and Jane User than it is for sysadmins -- because sysadmins already know to do security upgrades; average desktop users by and large do not."
So no, I wasn't at all suggesting that network installs and upgrades are just for sysadmins. On the contrary, they are important for desktop users. I am seriously concerned about the ease with which desktop users can do upgrades, because upgrades are essential to security. Users of Linux-based systems have more to lose from insecurity than do users of conventional desktop OSes (i.e. MacOS and Windows 9x) because Linux systems have so much more network functionality by default. A compromised Linux box is a stepping-stone for powerful attacks on other systems, too.
If we are to recommend Linux-based OSes such as Red Hat and Debian to desktop users, then we need to be certain that they can and will keep their systems up to date. Otherwise we are not only exposing them to insecurity, but we are increasing the overall insecurity of the Net.
It is a far more straightforward process to do upgrades over the Net than to ship out CDs to all the users with the upgrades; this is even true for commercial products (like antivirus software -- virtually all antivirus upgrades are over the Net) and even more so for free software. For this reason, the network-upgrade process needs to be made an obvious and simple part of the use of the software distribution.
Debian has both network installs and CD installs (as well as hybrid installs booted from CD but using HTTP and FTP mirrors to get the files), and has the most simple and effective network upgrade process of any I've seen. apt-get update ; apt-get upgrade (or dist-upgrade to go to a new version.) This kind of functionality needs to be acknowledged in any comparison of Linux-based OSes.
I don't think a review of Linux-based operating systems is complete without a mention of network installs or upgrades.
Network installation is increasingly important. It used to be that Joe or Jane User would never do a network install because s/he only had a dial-up connection, and it would be ridiculously slow or impractical to install that way. Today, however, more and more people have cable modems, xDSL, or other high-speed connections, and delivery of software over the Net is correspondingly increasing. System administrators, of course, love network installs for lots of reasons, one of them being that there aren't any CDs to lose in a messy office!
Upgrades are also of prime importance, especially for security reasons. Linux-based OSes need to make security upgrades as straightforward as possible, and to make a point of encouraging users to do them. This is even more important for Joe and Jane User than it is for sysadmins -- because sysadmins already know to do security upgrades; average desktop users by and large do not.
Upgrades are also ideally done over the network, primarily for speed of delivery: if you have to wait for a CD to ship with your upgrades, you are exposed to security holes for far longer than if you can get the upgrades in real time over the Net.
For these reasons, one of the factors that must be considered in judging Linux-based systems is the quality of their infrastructure for doing network installs and upgrades. There are two components to this: the installation and upgrade software itself, and the presence of sites on the Net to get reliable installs and upgrades from. It is my considered opinion that Debian wins out handily in these departments. The dpkg/apt systemry makes it quite straightforward to do network installations and upgrades; security upgrades are prompt, well-publicized, and well-tested; and the mirror sites are both remarkably fast and available all over the globe.
But what do they mean? Here's the best I could come up with...
Quincenta -- either "quality" + "incentive" or "500" (quint- + cent-). No idea what to use it for, though.
Protiqua -- "professional" or "proto-" ("first") + "-ique" ("mystique"). A training company? Better with "Protique", then.
Dynistrix -- "dynamic" + ???
Interique -- "Internet" (or any other "inter-" word) + "mystique". A group that designs VR environments?
Cenplexon -- "cent-" ("100") + "-plex-" (simultaneous signals, a la "duplex" and "multiplexer"). A switch/router with hundreds of ports. Probably "Centiplex" instead, to play on "centipede", though.
Ulta -- a mutation of "ultra". A car, or a video card: Ulta G-3DX.
Megalta -- "mega-" ("big" or "million) + "alt-" ("alternate"). Something with lots of choices available to the user -- a television satellite carrying some stupidly large number of channels. Don't throw this one at Robotech fans; they'll think it sounds like "Regault". Heck, I think it sounds like "Regault" and I'm not that big on Robotech.
Actidyne -- "action" + "dynamic". An industrial cleanser, or some sort of chemical at least.
Slashdot Mirror
The trouble with the traffic shaper is that what it does is let you create limited-bandwidth network interfaces ... but the routing table, which decides which interface a datagram should go out on, doesn't consider source addresses ... and the ipchains facility, which does consider source addresses, doesn't let you change the interface the datagram will go out on.
In other words, shaper and route let you limit interfaces all you like, but ipchains won't let you send the troublesome hosts' packets to those interfaces instead of to the unlimited one.
That position is self-contradictory.
If purchasing the CD does not give me the right to use the software on it, then there's no way I can get as far as seeing the EULA onscreen without exceeding my rights, because the software that displays the EULA is part of the software on the CD.
If, on the other hand, purchasing the CD does give me the right to use the software on it, then I do not need the EULA to grant me that right.
In other words: if I am within my rights to stick the CD in the drive and run the installer that displays the EULA, then I am within my rights to refuse the EULA and yet continue to use the software.
That the software attempts to prevent this (by aborting the install unless I click on the "Agree" button) constitutes an attempt to make me waive my rights for no good reason -- a waiver, not a contract, as I get nothing for accepting it. Since I already own my copy of the software, I also have the right to modify that copy (just as you have the right to write comments all over a book you own, or black out sections you don't like) -- and I may thus use a third-party utility to install the software without clicking on the "Agree" button.
Furthermore, because the software company is offering to sell me something I already own (namely the right to use the software I bought) they are not entering the agreement in good faith; they're being deceptive. An agreement not made in good faith isn't valid, and I may freely disregard it.
I don't think so. When you buy the CD, you already have the right to use the software on it. You don't need to be granted any additional rights in order to do that.
Consider a book. If I buy a legitimate copy of "SedentaryZ's Guide to Getting Karma on Slashdot", then I already have the right to read it and to make use of the instructions within it. (By "legitimate" I mean that you, as the author, have granted the publisher the right to make copies and distribute them.) I don't need to be granted any additional rights in order to make use of it; it's mine.
(I would need to be granted additional rights if I wanted to legally copy and distribute the book, because I don't hold copyright on it. I could make any number of copies for my own personal use; I could even distribute excerpts from the book as part of a review of it (under Fair Use); but if I wanted to give out or sell copies, I'd need to obtain the right to do so from you (the author) or from someone else to whom you'd assigned that right.)
Since I don't need any new rights in order to use the book, any "contract" that purports to grant me those rights is pulling my leg: trying to sell me something that's already mine. If the only thing I'm "gaining" from this "contract" is these rights I already have, it isn't a contract -- there's no exchange. It may be a waiver (which I may disagree with and still use the book) or it may well be an act of fraud.
You can't waive a right by refusing to sign something. Refusing to sign something means that you don't have whatever rights signing it would give you, but it can't take away rights you already had (in this case, from buying a product). Refusal to sign an agreement leaves you in the same state, rights-wise, that you were in if the agreement was never written.
(If that were not the case, then I could write the following into an "agreement": "If you agree to this agreement, you owe me $500. If you do not agree to it, you owe me $500.")
That's (my non-lawyerly interpretation of) the state of common law. That's what UCITA would change. UCITA would (among other things) make statute law which let software companies create just that kind of Catch-22 agreement: "If you agree, you waive the right to use this product to do X, Y, and Z; if you disagree, you waive the right to use this product at all."
(Please note that this entire discussion, including the state of common law as well as UCITA, is founded on the notion of the legitimacy of copyright and other "intellectual property" models. These "rights" are constructs of statute and common law. In other words, they are monopolies created by government -- in the United States, monopolies proposed in the Constitution -- and are not natural rights in any sense.)
What I suppose I'd like is an extended version of fair-queueing. Fair-queueing is a mechanism used in gateways which prevents transmitting hosts from bogging down the gateway machine with too many datagrams (as in the case of an over-enthusiastic TCP implementation). The trouble is, it only deals with the originators of traffic, not the recipients; further, it doesn't directly deal with the sizes of the datagrams, only their number.
(Fair-queueing is described in RFC 970. It's very interesting reading. A quote:
There's a good deal of material in there about applying game theory to network overloading.)
I'd like to be able to take the fair-queueing model and throw a choke on each host's queue tighter than the "natural" one imposed by network and gateway load. But so far I haven't seen a means to do this. Ideas?
I am the primary network administrator for a small college. Last term we had a serious problem here with one student consuming huge quantities of bandwidth moving bootleg movies in VCD format, so we've been doing a lot of thinking about this issue.
Let me tell you this: I have zero interest in wasting time blocking you just because you happen to be bootlegging. I won't even notice that you're bootlegging unless you're being a bandwidth hog in doing so: one FTP session looks much like another from the outside.
If you are being a bandwidth hog, you're harming your neighbors, and I will stop you from doing that. Everyone on campus should be able to get a fair share of the bandwidth, and if you and your pals are hogging it all, I don't care if you're moving VCDs or Linux ISO images; I'm going to raise a fuss and, if necessary, happily shut you down.
If I get a note from the RIAA saying you're bootlegging, I'll do what's necessary to keep them from suing the college's pants off, because it's damn cold in Massachusetts right now and we can use all the pants we can get. But if you're bootlegging without hogging, I honestly don't give a damn.
The GPL is not a contract; it's also not a "license agreement" like the MS EULA. It is a license, pure and simple. It doesn't say "You may not use this software in certain ways"; it says "You may copy and distribute this software in certain ways". It grants you privileges you would not otherwise have; that's what a license does. Without any license to do so, you have no right to copy the software (no "copy-right"); with a license, you do.
Contrast this with the MS EULA, which claims that by using the software, you are waiving certain rights which you would otherwise have. MS wants you to think that's a contract: in exchange for a "license to use" the software, you're agreeing to waive certain rights.
The thing is, you already had the right to use the software, because you bought a legally-made copy of it. When you buy a book, you have the right to use it, that is, to read it and make use of the information in it. The same applies to software, or any other work. This does not, of course, give you the right to distribute copies of these works; the right to use your purchase is not the same as the right to copy it.
So in fact the MS EULA is a waiver, not a contract: if you agree to it, you're waiving rights you had, but you're not getting anything in return. If you don't agree to it, you still have the right to use the software, just as if the EULA had never been written.
(A contract, FYI, requires an exchange of "considerations" --- goods, services, rights, or something else of value. If there isn't an exchange, there isn't a contract. The GPL isn't a contract because you're not giving the software author anything; the MS EULA isn't a contract because MS isn't giving you anything.)
(It may seem that under the GPL, you are giving the software author something: your agreement to follow the terms of the GPL. Yet this isn't the case. In fact, the terms of the GPL are the limits around the gift you are being given. If I give you an easement on my property, that you may fish in my pond from noon to 3PM on weekends, you aren't giving up a right to fish in my pond at other times; you never had such a right to give. Similarly, when you make a copy of GPLed software, you don't give up your right to turn it into a proprietary product; you never had such a right to begin with.)
In my non-lawyerly opinion, the GPL may freely apply to minors, because the minor isn't giving anything up; s/he is only receiving. Minors may, after all, receive gifts. However, the EULA may not apply to minors, because the minor is waiving rights s/he may not be competent to waive.
Neither is a "contract", but minors are protected from waivers as well as from contracts; they're not "protected" from being given gifts, which is what the GPL does.
Considering the number of people who mentioned Project Gutenberg in the original discussion of this category, I am moderately disappointed it isn't an option.
... that Bob Sullivan and Anatoliy Prokhorov would admit, in a news article published worldwide, to having committed several counts (possibly 2500 counts, to judge by the example of Kevin Mitnick) of a few major felonies. Plus, of course, listing the names of the sites from which they stole the credit card numbers ... is this reportage, or script-kiddie-age? "Gimm3 y3r k0d3z, d00d!!!!"
... Yes, tell the world that hiring a Microsoft Certified-Clueless Database Administrator is a bad idea ... but no, don't publicly admit committing felonies like that. At least, not under your real name, Bob and Anatoliy.
MSNBC may be a touch more honest than Microsoft proper, but that doesn't mean they entirely have their clue on straight. Yes, tell the world that MS SQL has security holes in its defaults
Clues?
As for "extremists" -- these aren't extremists. These are the sysadmins who built the fucking thing. If we're playing baseball with my ball, and you decide that you'd rather use my ball to bean your little sister instead of playing the game, I'm going to take my ball away and not let you play with it.
They're going to scan their network for customer-operated NNTP services and take those customers' news access away, because external spammers have been relaying through the customer-operated systems to the main news server?
... if you want a certain kind of network traffic not to happen, you don't just tell people not to do it and beat them with wet noodles when they do. You block it at the firewall.
Why not just block inbound NNTP connections going to customer systems? If what they want to say is "Our users have no business running their own news servers", then why let them?
This "solution" seems excessively punitive and insufficiently preventative: sure, it'll get the current batch of insecure proxies, but it will not stop the next batch.
"Tools, not rules", people
The Reform Party is still practically brand new, much newer than (say) the Libertarians or Greens. It doesn't yet have much of a handle on what it wants to be. Because the Reform Party's platform is not based on any particular historical or philosophical position -- it's basically just "We don't like the status quo!" -- it's pretty much free for the taking for anyone to move in on. "If you don't stand for something, you'll fall for anything."
Contrast this with the Libertarian Party, which is founded on very straightforward philosophical principles; or the Green Party, which has a basis in the whole history of the environmental movement, as well as in the Green movement in Europe. If Buchanan had tried to move in on either the Libertarians or the Greens, he'd be booed off the stage, because he clearly doesn't fit in with either. But a party whose own identity is little more than "misfit" isn't going to be able to muster much fuss against a misfit like Buchanan.
As the Reform Party develops a history (which will, of course, only come with time) it will have to grow a more stable political position and philosophy. If it doesn't, it will doom itself to irrelevance as a bunch of malcontents who will follow any candidate who's a bigger malcontent than any of them.
The real revolution will not be televised.
The real revolution also will not use animated background images.
At this point, both the Democrats and Republicans are largely "conservative" in the sense of supporting the status quo. They don't want any major changes in the nation's political structure because of the risk that change would upset their balance of power and all the perks that come with it. They want the present system of corruption to continue unchallenged, for fear that if it were upset, their gravy train would go away.
What is that present system which the ruling parties support? It is the system of mass public fear. That's what's behind their advocacy of Net censorship. They, like Clinton and Exon before them, foster and then feed on fear of "online pedophiles", "terrorists", "psychotic schoolchildren downloading bomb recipes", or whatever the latest fashionable breed of scary social reject is.
Consistently the targets of this fear fail to exist. Take, for instance, the much-hyped "school shootings" non-issue. It is not a trend in student behavior; it is a trend in reportage (not to say "journalism") and in political speechmaking. That is to say, it is a trend in paranoia: fear which is not rooted in reality. Violent crime in schools, like violent crime in all other areas of American life except for FBI and police operations, has been decreasing for years.
Despite the nonexistence of the objects of fear, the populace is not permitted to feel relief or security. Relief and security don't sell papers, nor do they sell candidates. For instance, despite the decline in violent crime, the count of newspaper articles and TV news segments on the subject of violent crime has increased dramatically over the past severla years. And, of course, the candidates make political hay of all the fear generated, by promising always to assuage the current fear, while building up the next. A populace in fear of bandits is a populace which can be relied upon to support the one big gang of bandits which promises to rid them of all other bandits.
The solution? Quit supporting the fear-and-banditry regime. Vote -- and don't vote for the ruling parties. I happen to be a Libertarian myself, but I'd rather you voted Green, Reform, or even Socialist than voting Democrat or Republican. We have in America a convenient system of carrying out a peaceful revolution whenever the hell we want to: it's called free elections. It's just a matter of getting off our asses and doing it.
Some American Third Parties:
I agree that to "call the cops" is overall a pretty useless thing to do if someone tries to break into your system.
... see what happens. Keep abreast of the newest script-kiddie fads and they won't surprise you.
However, the right answer to security isn't to "buy software" either. As Bruce Schneier is fond of pointing out, security is not a checklist feature: it's not something that can be slapped onto the side of a fundamentally poorly-designed system.
"Poorly-designed" here refers not only to the software and other instrumentality, but also to your administrative methodology. Administrative methodology has to do with the things you do as routine system upkeep. Do you monitor security-related mailing lists (CERT-CC, BugTraq)? When setting up a new system, do you close unneeded services? Do you make a habit of knowing everything that should be running on your system, and noticing when things that shouldn't be there appear? Do you run security audits against your system? Do you regularly check for security updates to your software and install them?
My new favorite security procedure: Go to a script-kiddie Web site, download some k00l t00lz (cracking tools, DoS utilities, etc.) and wield them against your own system (over your own network)
Security is a way of thinking -- some would say a way of life. It's not something you can just buy a program to install.
There may be some bullshit in this article, but it is not entirely bullshit. For instance, Red Flag Linux apparently does indeed exist, as a Google Linux search will reveal. Linux Weekly News covered it in this article back in August of last year. It also refers to an article in ComputerWorld China (in Chinese, of course).
... does this make Linux the operating system of serial killers?
Now that I've got the "Informative" part of this comment out of the way, I'll add the "Flamebait": For the Chinese government to use a Linux-based OS does not demean Linux. There are millions of people in the world who use Linux-based systems already. Some number of these people are assholes; this does not make Linux an assholes' operating system. Some number of them beat their spouses or children; this does not make Linux a domestically violent operating system. By now there's probably been a serial killer or two who's used Linux
It is true that by using a more efficient, less crash-prone operating system, the Chinese government may become more efficient itself. In theory, this could be bad for the Chinese people: an efficient tyranny is likely worse than an inefficient one. However, I suspect that this would be more than balanced by the fact that involvement with Linux has the potential to lead to greater integration of China with the Net: how are they to keep up with new software developments if they don't have connectivity? And greater integration with the Net might very well lead to the spread of democratic ideals in the Chinese population, especially in the technologically adept population sectors who are most likely to come in direct contact with Linux-based systems.
Finally, I must add the following: China (says the Guide) is big. Really really big. You may have thought Texas was the epitome of big-itude, but that's just peanuts to China. China has big history, big culture, and lots of other big things too. The Chinese civilization has survived other bogus and tyrannical dynasties, and it will survive the "Mao Dynasty" as well. Right now things are obviously getting a bit shaky over there -- the Falun Gong crackdown indicates to me that the regime is scared of imminent popular uprising. In some sense, wouldn't adoption of Linux (and all that it entails) throw that much more Blessed Chaos into the mixture?
Originally the Paladins, or Palatine Knights, were a group of 12 knights at the court of Charlemagne. "Paladin" and "Palatine" mean "of the palace", and also refer to the Palatine Hill, the first of the seven hills of ancient Rome.
Both these Paladins and the AD&D character class were of necessity born to the warrior aristocracy -- not necessarily an image fitting the more meritocratic free-software movement. There used to be flamewars in Dragon magazine, back in the days of original AD&D, over the fact that because paladins had to be aristocrats by birth, they could not rise from the masses.
I believe that the kind of 'neutrality' being referred to in this sense doesn't directly relate to goodness or evil (and yes, I caught the AD&D reference...). What's meant rather is that because our communications technologies alter the shape of the 'space' (in the mathematical sense) in which we engage in relationships with others, they are not 'neutral' to the forms of relations we have.
Take, for instance, the telephone. When the telephone was new, phone calls were rare and momentous, and the fact that someone is calling you was a very important thing to know. For this reason, phones were equipped with loud bells which could interrupt 'real-world' conversations to draw attention to the phone appliance itself.
Phone conversations became more commonplace, and people began to use the telephone to hold conversations of lesser importance. However, the interrupting nature of the ringing phone did not go away -- and so we now live in a world where many people will postpone or cut off a real-world conversation when the phone rings, even if the phone conversation is of less importance than the real-world one. Thus, the phone technology has biased the 'conversational space' away from the less-interrupting mode of average, polite, real-world conversations and towards the more-interrupting mode of telephone conversations. Rather than deciding which of two conversations to engage in on the basis of their importance or on the basis of 'first come, first serve', people tend to favor with their time the phone conversation over the real-world one. The telephone also increased the level of interruption through which people must work.
(Another way of saying the same thing is that regardless of the content of the conversations, people give telephone conversations disproportionately more attention because they come in at a higher level of interruption.)
This is by far not the only example. Different communications media all have different 'biases'. Consider, for instance, the difference between typed and spoken conversations. In writing -- be it in a letter, email, Slashdot post, or IRC -- you cannot hear people's tone of voice or see their facial expressions, and thus emotional content is more difficult to convey accurately. (One can say "I am angry!", for instance, in many ways, but it lacks the immediacy and the subconscious mammalian signaling present in a stern look and a harsh voice. Worse yet, your reader may read emotions into your text which are not there, based on their own emotions; flamers tend to see perfectly reasonable posts as being flames themselves.) Thus written media are biased towards emotionally detached content, while spoken ones are in a sense biased against it (because the 'distractions' of emotional signaling cannot be eliminated).
That is the non-neutrality of communications technologies.
The bloke who tried to patent the waterbed got his application thrown out because Heinlein had already described waterbeds in "Stranger in a Strange Land".
....
So "it's in Heinlein" ought to be as good a reason for a mechanical contrivance to be unpatentable as "it's in Knuth" is for an algorithm
What Frankenstein failed to do had nothing to do with control and everything to do with responsibility for the consequences of his actions. He was afraid and disgusted by what he had created, and so he ran off.
Yes, that's right -- Victor Frankenstein was a deadbeat dad.
So the question for the TIGR researchers is this: What are the consequences and risks of creating life at this level? Clearly, a baby mycobacterium is not going to require a daddy in order to grow up to be a socially well-adjusted mycobacterium, so Herrdoktorprofessor Frankenstein's particular act of irresponsibility is irrelevant here. It seems to me that the worst risk is that the newly-engineered bacterium might either be infectious and deleterious itself, or else that it might mutate into something dangerous.
What precautions are being taken against this risk? I would hope that they are conducting their experiments in clean-room environments and taking all reasonable steps to ensure that their engineered microbes do not escape. They should make sure that if they give their little baby bacteria to anyone else, that the recipient also knows how to care for them (i.e. how to contain them). Furthermore, they should have a means of reliably killing the bacteria when they're done with them, to make sure they do not spread into the wild.
I didn't ask "Why should CoSource exist?". Its existence is obviously valuable. I asked rather "Why is CoSource being characterized as moving free software into the free market?"
I believe that there exists an attitude, which I called "Red-baiting" above, which roughly claims that if there isn't money involved in a particular activity, that activity must be socialist, and therefore not a part of the free market. I think that the Red-baiting attitude is erroneous, and I think that the idea "CoSource is moving free software into the free market" is an example of the Red-baiting attitude, and is also erroneous.
I reiterate: Free software is already in the free market, because it consists of voluntary rather than compulsory economic action. CoSource is a good thing; however, it cannot move something to the free market which already was in the free market.
Or, in the popular jargon of a few years ago: Don't call it a comeback; we've been here for years -- but CoSource is welcome to join the party.
Free software doesn't need to be made into a part of the free market -- it already is a part of the free market. The "freedom" of the free market is non-coercion: a free economy is the opposite of a command economy, in which economic activity is controlled through the use of force by the government.
You can have a free market without money exchanging hands: for instance, a barter economy or a gift economy. Provided that the economic acts of individuals -- the creation and exchange of wealth -- are not restricted "from above" by a government or similar entity, the market is free.
Already free software is competitive against proprietary software in the marketplace: consider the case of Apache vs. MS-IIS for instance. Is a user's choice of Apache over IIS a choice made in a free market? Of course it is. It is a choice made, after all, without coercion. The user picks the Web server s/he will use on the basis of price and performance (with the latter including support, stability, &c. as well as speed). This is economically a free-market decision.
So why in the world would someone characterize the CoSource effort as moving free software into the free market if in fact free software already is part of the free market? I'd say it was out of fear of free software -- the old misguided Red-baiting, in other words. Unfortunate, that.
If we are to recommend Linux-based OSes such as Red Hat and Debian to desktop users, then we need to be certain that they can and will keep their systems up to date. Otherwise we are not only exposing them to insecurity, but we are increasing the overall insecurity of the Net.
It is a far more straightforward process to do upgrades over the Net than to ship out CDs to all the users with the upgrades; this is even true for commercial products (like antivirus software -- virtually all antivirus upgrades are over the Net) and even more so for free software. For this reason, the network-upgrade process needs to be made an obvious and simple part of the use of the software distribution.
Debian has both network installs and CD installs (as well as hybrid installs booted from CD but using HTTP and FTP mirrors to get the files), and has the most simple and effective network upgrade process of any I've seen. apt-get update ; apt-get upgrade (or dist-upgrade to go to a new version.) This kind of functionality needs to be acknowledged in any comparison of Linux-based OSes.
I don't think a review of Linux-based operating systems is complete without a mention of network installs or upgrades.
Network installation is increasingly important. It used to be that Joe or Jane User would never do a network install because s/he only had a dial-up connection, and it would be ridiculously slow or impractical to install that way. Today, however, more and more people have cable modems, xDSL, or other high-speed connections, and delivery of software over the Net is correspondingly increasing. System administrators, of course, love network installs for lots of reasons, one of them being that there aren't any CDs to lose in a messy office!
Upgrades are also of prime importance, especially for security reasons. Linux-based OSes need to make security upgrades as straightforward as possible, and to make a point of encouraging users to do them. This is even more important for Joe and Jane User than it is for sysadmins -- because sysadmins already know to do security upgrades; average desktop users by and large do not.
Upgrades are also ideally done over the network, primarily for speed of delivery: if you have to wait for a CD to ship with your upgrades, you are exposed to security holes for far longer than if you can get the upgrades in real time over the Net.
For these reasons, one of the factors that must be considered in judging Linux-based systems is the quality of their infrastructure for doing network installs and upgrades. There are two components to this: the installation and upgrade software itself, and the presence of sites on the Net to get reliable installs and upgrades from. It is my considered opinion that Debian wins out handily in these departments. The dpkg/apt systemry makes it quite straightforward to do network installations and upgrades; security upgrades are prompt, well-publicized, and well-tested; and the mirror sites are both remarkably fast and available all over the globe.
Want to use these names for your company or product? I'll give you a discount