"His primary concern (and what he believes he's invented) is a method to be backward compatible with browers that have JavaScript turned off, and/or browsers that lack CSS support. (You actually want to support those guys?)"
Yes, you most certainly do.
Cellphones, pagers, "always-on" mobile Internet devices
PDAs and handhelds, handheld browsers
Devices for the blind, text-to-speech readers
WAP devices
Screen scrapers
RSS syndication
If CSS delivers the style, and the HTML still delivers the content, then those will continue to work.
Once you start using Javascript or CSS to deliver the CONTENT, then you're doing something wrong, and breaking lots of your visitors.
Many Flash developers don't seem to understand this either (modulo the huge list of problems with using Flash). HTML should deliver the Flash, not the reverse.
I can tell you exactly where the problem lies (and I know this because I have customers who behave this way):
When they write documents, they write them in HTML format. They send their email, they send itin HTML format. When I asked for them to prepare content for their website, they gave me a Microsoft Word document in HTML format, and said "You don't have to use the same fonts I used in this document, but please keep the layout the same on my website."
These users equate "a document" to "a website", and they think that once they stop using or sending that document out, that their "website" should be removed as well. They think websites are "sent" to people, not requested "by" people, and that when you close your browser, your "document" is gone.
That simply is not the case, and people need to be re-educated to understand these technologies and how they work. The Internet was MEANT to be self-healing, in case one node or another went down, information and information pathways would still be functioning.
First and foremost, the existance of a robots.txt does not constitute a contract between the client (a web surfer/browser agent) and the server (the site hosting the content proper). Repeat that over and over. There is nothing stating that the existance of robots.txt on your server must be requested by my crawler or spider.
Its preferred, but not required. Even so, I am free to ignore it if I want, and parse whatever links I see fit to grab. If you make the content public and I want to read that content, I'm going to get it, whether you have robots.txt in place or not.
Secondly, has anyone taken the time to validate the robots.txt file found on the site in question? Note too that they just changed robots.txt on July 8th of this year. Did the previous version validate? Are they trying to rewrite history again? What did the old version look like?
If there is even so much as one error, robots/crawlers are free to ignore/parse/merge/break it as they see fit. It happens all the time, and even when robots.txt is perfectly valid, many robots and crawlers ignore it anyway (msnbot and Yahoo's crawlers are two of the worst offenders here).
But back to the first point, robots.txt is a guideline, not a rule, not a contract, and certainly not something that can be enforced. Does lack of a robots.txt file constitute the legal right to publically redistribute the content? Or store it for later review and retrieval? How do you know any of your former employees from 1996 haven't stored your entire website on floppy, one page at a time? Did they adhere to robots.txt? Did ANYONE adhere to robots.txt in 1996? It seems that there was evaluation of the Robots Exclusion Standard in 1996, but was everyone using it? Not likely.
Microsoft Internet Explorer will certainly store the entire website for "reading offline" if you ask it to do so when bookmarking it. They don't parse robots.txt to exclude pages that shouldn't be stored locally.
Its too bad that people need to try to erase history to prevail in litigation. This isn't George Orwell's 1984... well, at least not yet anyway.
"The requirement is one placed by the airlines to gain access to their airplanes. If you want to set up an airline that doesn't require photo access to board, I'm sure that you are welcome to do so (and suffer the customer concern and insurance issues that will follow)."
It may be a requirement, set there by private industry, but every time I've been asked about my ID, I've been told its a Federal Law... and I've asked to see it, and they refused. If its a "Federal Law", it should be on the books. They can't show me, because it doesn't exist.
If they said "Its a requirement set by the airline industry, which is a private industry..", then I'd probably have no problem with it. Its the deception and fear-mongering that I have a problem with.
This exact issue actually sits in the Supreme Court right now, undecided. I can't find the exact case right now, but someone took the airline to the Supreme Court about the issue, and its at a standstill.
2 - Plant a bomb in the airplane, remotely triggered by a judiciously sent IP packet? unlikely, because airport security would have (theorically) screened the bomb before it gets onboard, and if it does get onboard, it takes a fraction of a second between the packet and the explosion, so the wiretapping is useless.
See, in current times, the plane IS "the bomb". We saw that on 9/11... and boxcutters were the threatening weapon of choice.
Excuse me, I've had some extensive martial arts training, and I'd much rather have a few boxcutter scars and lacerations on my arms/face/whatever, then die hitting an immovable skyscraper at 400+ mph, riding a 700 gallon tank of flammable commercial airplane fuel.
"Well, I suppose they could use the wiretap to gain enough evidence to decide to tell the Air Marshall on the plane to shoot the guy in the head."
And suppose the terrorist set up a script that would remotely detonate the bomb if he didn't log in every 15 minutes to some remote server? If the communications are cut and nobody logs in within 15 minutes, KABOOM!
"Furthermore, the fact that the Fibbies even think this is necessary is IMHO a very public no-confidence vote in the TSA and all the crap they make us go through to even get near a plane, much less on it."
One of the biggest ironies in the system, is that there is no law on the books that requires that you show a photo ID to board a plane. NONE. Yet every time you go to board a plane, they "require" your photo ID to do so.
Next time you fly, refuse to show them your photo ID at the check-in counter, and when they insist that its "..the law", ask them to show it to you. They can't, because there is no such law.
And everyone just happily hands over their ID, without a single second-thought about how much they're being tracked. Nice.
Its been Lenovo's notebook for a couple of years now. Lenovo has been manufacturing IBM's Thinkpad line of laptops for 2-3 years, maybe even longer. The whole reason for the "sale" was to get them to handle the whole operation, front-to-back, instead of just the manufacturing bit.
Basically, the ability to detect a fake fingerprint with a casual test has never existed. The sensors just aren't good enough, even if the software authors were willing to invest the resources to store really thorough images of fingerprints, which they're not.
The FingerChip(tm) has been doing exactly this since about 1998 or earlier (that's 7+ years). The FingerChip is about 1mm x 8mm in size (about 1/2" long, about the width of a wooden matchstick). I think the company sold its technology to someone else now over the years, but lots of companies are using it... including IBM.
I was investigating their scanners back in 1998 when I was doing biometric authentication on wireless tablets running Citrix Metaframe for $BIG_PHARMA. This was back in 1998!! Technology has, of course, improved considerably since then.
Basically you swipe your finger across the FingerChip and at least 52 separate datapoints are gathered, which include speed of the swipe, pressure, heat, and of course the standard whoops and swirls of your fingerprint itself. We tried using lifting techniques and other things on it (as did the manufacturer), and it was simply not possible.
It is similar to trying to forge a signature. Sure you can forge it so the end result looks identical, but did you press your pen with the same pressure? Did you dot your "I" before you finished the word, or after? Did you cross your "T" from left to right, or right to left?
Any biometric scanner that doesn't measure these kinds of things shouldn't be used.
Incidentally, we tried lots of different kinds of scanners, including voice. The voice biometric scanners had about a 90% failure rate in our tests. I could log in as my colleague, just by repeating his exact intonation and speed... I could not, of course, imitate his fingerprint.
"I wish companies and.gov would stop pushing biometrics as the end-all solution to password & user security.
[...]
The only benefit that fingerprint scanners offer is the instant ability to have 10 different passwords "at your fingertips"!"
Unfortunately, fingerprint authentication does NOT satisfy government requirements (not to mention the inherent insecurity should you ever be prosecuted).
CFR 21 part 11 (Code of Federal Regulations governing electronic signatures) mandates that you have to have at least 2 out of 3 things to be said to have securely authenticated:
Something you HAVE (card key, key fob, etc.)
Something you ARE (biometric, iris, fingerprint)
Something you KNOW (password, passphrase, etc.)
If any system is compromised, and 2 out of the 3 above are used, then there is a conspiracy (like you gave your keycard and password to someone else).
The issue about security when prosecuted, is that your physical body (fingerprints as well) are subject to "search and seizure" if you are ever arrested (even if 100% innocent). There was a case that went to the Supreme Court (which I can't recall the name of) where a man argued that his fingerprints were "property", and until he waived his rights to his property, he could not be fingerprinted. I'm not sure how that turned out though.
Basically if you're arrested and they fingerprint you, they could just as easily scan in your fingerprints electronically and "replay" those back later to gain access to your biometric laptop or other devices.
Best to use 2 out of the 3 (or 3 out of the 3) above, so they can't gain access to your protected data without your approval or consent.
Let's also not forget that you should regularly check and recheck the passwords of YOUR USERS, and enforce strong password strings (length, alphanumeric, punctuation at a minimum).
Very recently, someone I know who is a very well-known talking head in the Open Source community had his box rooted, because a colleague of his had an account on his server with a default password, and never logged in.
One of those recent ssh brute-force login bots came scanning along and got in using this account. They logged in, downloaded a rootkit from Romania into/tmp, built and executed the rootkit, replaced sshd, and as each user tried to log into the machine over ssh, they were forced to retype their password (ignoring ~/.ssh/authorized_keys).
Ever user logging in would blindly retype their password, thinking something was wrong.. Meanwhile their passwords were being sent back to Romania to someone to malisciously use elsewhere.
The smart part about this rooting, was that the user's ~/.ssh/known_hosts was scanned and used to further spider out and attempt more ssh attacks.
For example, user jdoe has his authorized_keys set up. He tries to log in over ssh, and instead of an un-prompted login, he is asked for his password. He dutifully enters it and is denied access. He enters it again (thus confirming it), and is still denied access. Now/home/jdoe/.ssh/known_hosts is parsed and remote hosts found in it are added to the "ssh attack these hosts" file for later brute-force sshd attacks.
It was ugly. We had to change passwords, generate new ssh keys, and check our local keys and machines as well... all because SOMEONE ELSE had a weak password in an account they never even used.
"AIDS is not a virus, but "AIDS virus" simply means "the virus that causes AIDS", just as "flu virus" means "the virus that causes the flu". Of course, the actual _name_ of the "AIDS virus" is HIV."
Not entirely true... you can get AIDS from quite a few places, many of which are completely unrelated to HIV. High dosages of the drug Prednisone for example, can cause patients to acquire AIDS (which later goes away as the dose is lowered again). There is quite a bit of research on this and similar issues.
HIV isn't the only thing that causes AIDS. I just wanted add that correction to your post.
They get some coporate funded enhancements that they wouldn't otherwise get, and we get to build on a software base to start what we want to do, so both sides get something. With GPL, none of it would happen.
I don't see why... Thousands of companies using GPL software return those improvements back to the community and continue to use their own proprietary versions internally. The GPL doesn't restrict or forbid that in any way.
Remember, the GPL only matters if you redistribute those changes as part of a closed (non-free) commercial venture.
It's very easy in an open project to get spread, diluted copyright ownership. With the GPL, relicensing to a commercial customer can become impossible. A developer can easily find themselves in a situation where he would want to license his work, but some earlier, relatively small contributions can have made this legally basically impossible.
This is easily solved with something like the following (which I use in my projects now):
In order to keep TheProject unencumbered by intellectual property abuses (for example, SCO), all external contributors to the project are asked to release any rights to the submission. This keeps the TheProject project a healthy, unencumbered GPL project. Please accompany your patch, code, or other submission with the following statement:
The author or authors of this submission hereby release any and all copyright interest in this code, documentation, or other materials included to the TheProject and its primary governors. We intend this relinquishment of copyright interest in perpetuity of all present and future rights to said submission under copyright law.
If anything, licensing under BSD instead of the GPL is the most selfless act a software developer can make. It means they are coding for the love of coding, not because of a political or philosophical agenda. Is there something wrong with that?
Precisely, and developing code under the GPL license guarantees that nobody can usurp or abuse the code you've written, that no commercial entity can abuse or hijack your codebase for their own needs.
The BSD license unfortunately allows this behavior and that is exactly why thousands of developers who care about the code and code for the love of coding, will not use the BSD license, as currently written. It encourages abuse (as this article and its replies document perfectly). How many enterprise customers can you think of that absorbed some BSD-licensed code, improved upon it, and then returned those improvements back to the BSD community? Now compare that with the number of companies that have done the same thing with the GPL... its quite an unbalanced scale.
It is the pinnacle of altruism, by guaranteeing that anyone present or future, can still take advantage of all of the improvements made to the code itself, without fear of commercial enterprises suffocating those updates away from the community that created them, for their own profit.
This is piss funny. Whoever wrote the answer to that FAQ must have gone on to a long career in politics.
What license is Qt covered by these days? By that FAQ entry, it absolutely cannot be GPL or GPL-compatible, because their terms (as defined by that FAQ entry) directly contradict the spirit and wording of the GPL itself.
If we couldn't do it that way (for example, if PostgresSQL was GPL), we wouldn't do the development at all, and nothing would go back to the community because it wouldn't be worth our investor's money to develop the software at all.
No, actually you would end up doing it just like the rest of us did, including those who WROTE PostgresSQL for you... by writing it yourself. You know, actually writing code..
After all, that's what programmers are hired to do. They're not hired to go mining through other OSS projects to help bolt together their solutions, they're hired to WRITE CODE.
Essentially, whenever Reader 5.0.9 or 5.0.10 opens a PDF file, it creates a randomly named duplicate in/tmp which can then be read by other users with the appropriate permissions, which makes it a local file disclosure vulnerability.
So in version 7, I see that it creates the temp copy in RAM (mkstmp()), but now its vulnerable to be read in a much different way. On Hyperthreaded processors (i.e. multicore from Intel), since the processor itself has a shared cache, both cores need to be able to read from it. If one core opens the pdf, any process running on the other core can read the contents as they pass across the cache. Oops!
In addition to the recommended upgrade to version 7, there is a version 5.0.11 which addresses this issue, otherwise, nice troll.
As others have mentioned, the recommended upgrade also adds some defaults to a new feature that allows the pdf to "phone home" when opened. Sure, 5.0.11 fixes the flaw, but 99% of the users who are asked to upgrade will try to find the latest version they can, and upgrade to that. In this case, that means the "phone home" version.
As much as you would like to believe all companies are "out t get you" it's smply not so. Some companies realize that treating customers with ameasure of respect actually helps drive sales.
You've entirely missed my point. The decision isn't up to Apple, its up to the media companies they're going to have to intersect with in order to be successful with their new hardware ventures.
As much as you would like to believe that I'm your typical Slashdot troll spewing unfounded nonsense, its simply not so. I don't care if "companies are out to get" anyone, because I don't use anything that is produced by a "a company" in this capacity, so it doesn't affect me.
"The iPods aren't free. Neither are concert tickets. The songs aren't free either, just very cheap from Apple's point of view. They still pay bandwidth fees and likely will have to count them as songs sold for royalty purposes."
Neither is the prize. You still have to pay your local state taxes on the $15k-$18k of prize winnings before they can be transferred to you, just like winning a car in the casino lottery. You don't get the keys until you pay the taxes on it.
Oh, and I've got a great opportunity to flip some of my iPods and free songs to cover any discrepancy
You still have to pay the tax on the original iPods you receive, and also the taxes when you sell them to others. You can't just pass that on. That's like buying a car, not paying the taxes on it and selling it a month later and rolling the sale price into the taxes you pay (not to mention the taxes your town will require for parking it on your property until you sell it, and then the interstate transport and conveyance taxes when you receive it and again when you sell it).
Ironically, the whole reason this country was created, was to get rid of senseless taxes and now look... taxes on everything except oxygen.
"It appears Intel plans on dropping the P4 line and going to enhancing the Pentium M edition. It is expected that Apple will be going with the Pentium Ms (which apparently have dual core slated in their lineup) instead of with the Pentium EE."
I think you meant to say the Pentium D + LaGrande (DRM in silicon), not Pentium M. The Pentium D (with not-yet-released updates and fixes), does exactly what Apple is after - controlled access to media with an architecture that provides lower-power (iPod-like devices and battery-powered Powerbooks).
In short, Apple wants to promote media in all forms; iMovie, iTunes, iLife, iPhoto, GarageBand, etc. In order to do this as broadly as they want (think iPod, ARM-based handhelds, media-on-the-go, etc.), the media conglomerates need to know they're protected. This means STRONG DRM built into the silicon itself. This means Project LaGrande.. and of course lower-power, lower-heat Intel chipsets. High-performance chips generate heat, thats the reality of PowerPC.
Apple isn't after power or performance, they're after portable media and long battery life (think better Powerbooks and next-gen iPod-type devices).
Slashdot Mirror
Yes, you most certainly do.
If CSS delivers the style, and the HTML still delivers the content, then those will continue to work.
Once you start using Javascript or CSS to deliver the CONTENT, then you're doing something wrong, and breaking lots of your visitors.
Many Flash developers don't seem to understand this either (modulo the huge list of problems with using Flash). HTML should deliver the Flash, not the reverse.
I can tell you exactly where the problem lies (and I know this because I have customers who behave this way):
When they write documents, they write them in HTML format. They send their email, they send itin HTML format. When I asked for them to prepare content for their website, they gave me a Microsoft Word document in HTML format, and said "You don't have to use the same fonts I used in this document, but please keep the layout the same on my website."
These users equate "a document" to "a website", and they think that once they stop using or sending that document out, that their "website" should be removed as well. They think websites are "sent" to people, not requested "by" people, and that when you close your browser, your "document" is gone.
That simply is not the case, and people need to be re-educated to understand these technologies and how they work. The Internet was MEANT to be self-healing, in case one node or another went down, information and information pathways would still be functioning.
First and foremost, the existance of a robots.txt does not constitute a contract between the client (a web surfer/browser agent) and the server (the site hosting the content proper). Repeat that over and over. There is nothing stating that the existance of robots.txt on your server must be requested by my crawler or spider.
Its preferred, but not required. Even so, I am free to ignore it if I want, and parse whatever links I see fit to grab. If you make the content public and I want to read that content, I'm going to get it, whether you have robots.txt in place or not.
Secondly, has anyone taken the time to validate the robots.txt file found on the site in question? Note too that they just changed robots.txt on July 8th of this year. Did the previous version validate? Are they trying to rewrite history again? What did the old version look like?
If there is even so much as one error, robots/crawlers are free to ignore/parse/merge/break it as they see fit. It happens all the time, and even when robots.txt is perfectly valid, many robots and crawlers ignore it anyway (msnbot and Yahoo's crawlers are two of the worst offenders here).
But back to the first point, robots.txt is a guideline, not a rule, not a contract, and certainly not something that can be enforced. Does lack of a robots.txt file constitute the legal right to publically redistribute the content? Or store it for later review and retrieval? How do you know any of your former employees from 1996 haven't stored your entire website on floppy, one page at a time? Did they adhere to robots.txt? Did ANYONE adhere to robots.txt in 1996? It seems that there was evaluation of the Robots Exclusion Standard in 1996, but was everyone using it? Not likely.
Microsoft Internet Explorer will certainly store the entire website for "reading offline" if you ask it to do so when bookmarking it. They don't parse robots.txt to exclude pages that shouldn't be stored locally.
Its too bad that people need to try to erase history to prevail in litigation. This isn't George Orwell's 1984... well, at least not yet anyway.
It may be a requirement, set there by private industry, but every time I've been asked about my ID, I've been told its a Federal Law... and I've asked to see it, and they refused. If its a "Federal Law", it should be on the books. They can't show me, because it doesn't exist.
If they said "Its a requirement set by the airline industry, which is a private industry..", then I'd probably have no problem with it. Its the deception and fear-mongering that I have a problem with.
This exact issue actually sits in the Supreme Court right now, undecided. I can't find the exact case right now, but someone took the airline to the Supreme Court about the issue, and its at a standstill.
I did find this case and an even scarier one regarding National DNA ID cards...
We're heading down a slippery slope, and at the bottom is George Orwell's 1984 as their rulebook.
The future looks doubleplus ungood.
See, in current times, the plane IS "the bomb". We saw that on 9/11... and boxcutters were the threatening weapon of choice.
Excuse me, I've had some extensive martial arts training, and I'd much rather have a few boxcutter scars and lacerations on my arms/face/whatever, then die hitting an immovable skyscraper at 400+ mph, riding a 700 gallon tank of flammable commercial airplane fuel.
Your equipment on their network, your rules (well, up to the point where your packets leave your equipment).
And suppose the terrorist set up a script that would remotely detonate the bomb if he didn't log in every 15 minutes to some remote server? If the communications are cut and nobody logs in within 15 minutes, KABOOM!
One of the biggest ironies in the system, is that there is no law on the books that requires that you show a photo ID to board a plane. NONE. Yet every time you go to board a plane, they "require" your photo ID to do so.
Next time you fly, refuse to show them your photo ID at the check-in counter, and when they insist that its "..the law", ask them to show it to you. They can't, because there is no such law.
And everyone just happily hands over their ID, without a single second-thought about how much they're being tracked. Nice.
Its been Lenovo's notebook for a couple of years now. Lenovo has been manufacturing IBM's Thinkpad line of laptops for 2-3 years, maybe even longer. The whole reason for the "sale" was to get them to handle the whole operation, front-to-back, instead of just the manufacturing bit.
The FingerChip(tm) has been doing exactly this since about 1998 or earlier (that's 7+ years). The FingerChip is about 1mm x 8mm in size (about 1/2" long, about the width of a wooden matchstick). I think the company sold its technology to someone else now over the years, but lots of companies are using it... including IBM.
I was investigating their scanners back in 1998 when I was doing biometric authentication on wireless tablets running Citrix Metaframe for $BIG_PHARMA. This was back in 1998!! Technology has, of course, improved considerably since then.
Basically you swipe your finger across the FingerChip and at least 52 separate datapoints are gathered, which include speed of the swipe, pressure, heat, and of course the standard whoops and swirls of your fingerprint itself. We tried using lifting techniques and other things on it (as did the manufacturer), and it was simply not possible.
It is similar to trying to forge a signature. Sure you can forge it so the end result looks identical, but did you press your pen with the same pressure? Did you dot your "I" before you finished the word, or after? Did you cross your "T" from left to right, or right to left?
Any biometric scanner that doesn't measure these kinds of things shouldn't be used.
Incidentally, we tried lots of different kinds of scanners, including voice. The voice biometric scanners had about a 90% failure rate in our tests. I could log in as my colleague, just by repeating his exact intonation and speed... I could not, of course, imitate his fingerprint.
Unfortunately, fingerprint authentication does NOT satisfy government requirements (not to mention the inherent insecurity should you ever be prosecuted).
CFR 21 part 11 (Code of Federal Regulations governing electronic signatures) mandates that you have to have at least 2 out of 3 things to be said to have securely authenticated:
If any system is compromised, and 2 out of the 3 above are used, then there is a conspiracy (like you gave your keycard and password to someone else).
The issue about security when prosecuted, is that your physical body (fingerprints as well) are subject to "search and seizure" if you are ever arrested (even if 100% innocent). There was a case that went to the Supreme Court (which I can't recall the name of) where a man argued that his fingerprints were "property", and until he waived his rights to his property, he could not be fingerprinted. I'm not sure how that turned out though.
Basically if you're arrested and they fingerprint you, they could just as easily scan in your fingerprints electronically and "replay" those back later to gain access to your biometric laptop or other devices.
Best to use 2 out of the 3 (or 3 out of the 3) above, so they can't gain access to your protected data without your approval or consent.
Let's also not forget that you should regularly check and recheck the passwords of YOUR USERS , and enforce strong password strings (length, alphanumeric, punctuation at a minimum).
Very recently, someone I know who is a very well-known talking head in the Open Source community had his box rooted, because a colleague of his had an account on his server with a default password, and never logged in.
One of those recent ssh brute-force login bots came scanning along and got in using this account. They logged in, downloaded a rootkit from Romania into /tmp, built and executed the rootkit, replaced sshd, and as each user tried to log into the machine over ssh, they were forced to retype their password (ignoring ~/.ssh/authorized_keys).
Ever user logging in would blindly retype their password, thinking something was wrong.. Meanwhile their passwords were being sent back to Romania to someone to malisciously use elsewhere.
The smart part about this rooting, was that the user's ~/.ssh/known_hosts was scanned and used to further spider out and attempt more ssh attacks.
For example, user jdoe has his authorized_keys set up. He tries to log in over ssh, and instead of an un-prompted login, he is asked for his password. He dutifully enters it and is denied access. He enters it again (thus confirming it), and is still denied access. Now /home/jdoe/.ssh/known_hosts is parsed and remote hosts found in it are added to the "ssh attack these hosts" file for later brute-force sshd attacks.
It was ugly. We had to change passwords, generate new ssh keys, and check our local keys and machines as well... all because SOMEONE ELSE had a weak password in an account they never even used.
Not entirely true... you can get AIDS from quite a few places, many of which are completely unrelated to HIV. High dosages of the drug Prednisone for example, can cause patients to acquire AIDS (which later goes away as the dose is lowered again). There is quite a bit of research on this and similar issues.
HIV isn't the only thing that causes AIDS. I just wanted add that correction to your post.
I don't see why... Thousands of companies using GPL software return those improvements back to the community and continue to use their own proprietary versions internally. The GPL doesn't restrict or forbid that in any way.
Remember, the GPL only matters if you redistribute those changes as part of a closed (non-free) commercial venture.
This is easily solved with something like the following (which I use in my projects now):
Precisely, and developing code under the GPL license guarantees that nobody can usurp or abuse the code you've written, that no commercial entity can abuse or hijack your codebase for their own needs.
The BSD license unfortunately allows this behavior and that is exactly why thousands of developers who care about the code and code for the love of coding, will not use the BSD license, as currently written. It encourages abuse (as this article and its replies document perfectly). How many enterprise customers can you think of that absorbed some BSD-licensed code, improved upon it, and then returned those improvements back to the BSD community? Now compare that with the number of companies that have done the same thing with the GPL... its quite an unbalanced scale.
It is the pinnacle of altruism, by guaranteeing that anyone present or future, can still take advantage of all of the improvements made to the code itself, without fear of commercial enterprises suffocating those updates away from the community that created them, for their own profit.
Two minor corrections:
The GPL doesn't cover the use of software, only re-distribution.
GPL doesn't prevent making money, it only prevents making Free software non-free.
No, actually you would end up doing it just like the rest of us did, including those who WROTE PostgresSQL for you... by writing it yourself. You know, actually writing code..
After all, that's what programmers are hired to do. They're not hired to go mining through other OSS projects to help bolt together their solutions, they're hired to WRITE CODE.
So in version 7, I see that it creates the temp copy in RAM (mkstmp()), but now its vulnerable to be read in a much different way. On Hyperthreaded processors (i.e. multicore from Intel), since the processor itself has a shared cache, both cores need to be able to read from it. If one core opens the pdf, any process running on the other core can read the contents as they pass across the cache. Oops!
As others have mentioned, the recommended upgrade also adds some defaults to a new feature that allows the pdf to "phone home" when opened. Sure, 5.0.11 fixes the flaw, but 99% of the users who are asked to upgrade will try to find the latest version they can, and upgrade to that. In this case, that means the "phone home" version.
You've entirely missed my point. The decision isn't up to Apple, its up to the media companies they're going to have to intersect with in order to be successful with their new hardware ventures.
As much as you would like to believe that I'm your typical Slashdot troll spewing unfounded nonsense, its simply not so. I don't care if "companies are out to get" anyone, because I don't use anything that is produced by a "a company" in this capacity, so it doesn't affect me.
Neither is the prize. You still have to pay your local state taxes on the $15k-$18k of prize winnings before they can be transferred to you, just like winning a car in the casino lottery. You don't get the keys until you pay the taxes on it.
You still have to pay the tax on the original iPods you receive, and also the taxes when you sell them to others. You can't just pass that on. That's like buying a car, not paying the taxes on it and selling it a month later and rolling the sale price into the taxes you pay (not to mention the taxes your town will require for parking it on your property until you sell it, and then the interstate transport and conveyance taxes when you receive it and again when you sell it).
Ironically, the whole reason this country was created, was to get rid of senseless taxes and now look... taxes on everything except oxygen.
I think you meant to say the Pentium D + LaGrande (DRM in silicon), not Pentium M. The Pentium D (with not-yet-released updates and fixes), does exactly what Apple is after - controlled access to media with an architecture that provides lower-power (iPod-like devices and battery-powered Powerbooks).
Two words: Project LaGrande.
In short, Apple wants to promote media in all forms; iMovie, iTunes, iLife, iPhoto, GarageBand, etc. In order to do this as broadly as they want (think iPod, ARM-based handhelds, media-on-the-go, etc.), the media conglomerates need to know they're protected. This means STRONG DRM built into the silicon itself. This means Project LaGrande.. and of course lower-power, lower-heat Intel chipsets. High-performance chips generate heat, thats the reality of PowerPC.
Apple isn't after power or performance, they're after portable media and long battery life (think better Powerbooks and next-gen iPod-type devices).