Listening to Pink Floyd singles is the exact wrong way to do it, literally. The proper way to listen to certain Pink Floyd albums is in their entirety except for one track. For example, when I listen to Dark Side of the Moon, I always skip "Money" if I'm paying attention. That song totally kills the vibe—not the fault of Waters et al. so much as having had to hear that song so many times in the company of assholes. Perhaps they could sell a deluxe edition of that album, in two volumes available for separate purchase: Volume I, Tracks 1–4, 6–9 and Volume II, Frat-Party Mixtape (a combination of "Money" and other bonus tracks).
Re:LISP a bad choice as a starter language.
on
Land of Lisp
·
· Score: 2, Informative
I agree that Python is a better beginning language than Lisp, but I think the book is pitched more as an introduction to Lisp (and functional programming) than as an introduction to programming. That said, I'd like to say a few words in defense of Lisp as a first language.
In my experience (having taught a number of courses that involve coding), beginning programmers love to write bad code. The path of least resistance for them is to write monolithic blocks of code with one-character variable names and zero documentation, and to perform tasks in a remarkably contrived way that reflects a resistance to thinking ahead, somehow managing to do in cubic time what the "obvious" (to me) approach would do in linear time. Python tolerates this--it's such an awesome language that it is often easy to get something done even in the presence of terrible habits and lazy thinking (e.g., its readability makes monolithic code manageable).
Lisp does not make it so easy to get away with being a bad programmer. Writing monolithic functions, for instance, is relatively hard work in Lisp; the programmer who attempts this is punished with parentheses, and soon finds that the path of least resistance involves many relatively short functions with well-defined purposes. In other words, Lisp requires a level of care and forethought that other languages don't. Pedagogically, this is a virtue (though it comes with the heavy drawback that beginners can easily get discouraged).
There are exceptions, certainly. For instance, the easiest way to compute the nth Fibonacci number in Lisp is naive recursion, resulting in exponential runtime. Less naive recursion allows linear time, but a beginner would have trouble with that. (And a mathematically inclined programmer can compute it in constant time, if you assume arithmetic operations take constant time.)
In my view, the only *bad choice* of a starting language is one that causes brain damage, such as BASIC. Python tolerates brain damage (since it accommodates almost any programming style), but is safe under proper supervision. Lisp avoids brain damage.
To those saying that a+b+c != c+b+a is about noncommutativity rather than nonassociativity: if you look carefully, this is about nonassociativity. The left expression (typically) parses as (a+b)+c; the right expression parses as (c+b)+a. In the presence of commutativity, which we do have with f.p. arithmetic, this is saying (a+b)+c != a+(b+c), which is nonassociativity.
Autoconfiguration of network interfaces makes computers easier to use,
not harder, but autoconfiguration requires the computer to be able to
figure out on its own whether or not it's okay to access a network. If we
say, "What appears to your computer to be open is not really open," then we
prevent computers from figuring out permissions on their own, and require
human intervention. More human intervention makes computers harder to use.
This isn't a huge issue now, when so much use of hotspots involves explicitly
sitting in front of your computer and being conscious that you're using
that hotspot, but as software improves and computers act more
independently on our behalf (e.g., delivering email messages for us
that we wrote when we were not near a hotspot), the requirement of human
intervention becomes a bigger obstacle to usability.
As for the store owner who wants to restrict access to customers,
she can have a sign that says, "Wireless access for customers only,"
and settle for the fact that most people will obey this, and
maybe an occasional computer in the backpack of a passerby will
connect and deliver an enqueued email message. If she wants something
more stringent, then she can put up a sign that says, "Wireless access
for customers only. Password: coffee." That won't keep dishonest
people out, but neither did the outright open access, and it doesn't
interfere with the idea that what appears to the computer to be
open really is open--an idea that
makes computers easier to use.
If she wants
something more stringent than that, then she should be prepared to be
a nerd or find herself one.
The law may very well say that just because an access point is open doesn't
mean you're allowed to use it. But laws like this ultimately make computers
harder to use, by requiring human intervention in situations where a
computer would otherwise be able to sort things out on its own, and
thereby making the computer harder to use.
Requiring the client of a wireless connection to get permission above
and beyond the digital equivalent of "come on in" is
unreasonable. The problem is that computers are (a) often
autonomous, but (b) lack human judgment. Consider the following
example of using wireless: In a park that lacks wireless, I write an
email and hit "send". My computer is unable to deliver the message at
that time. However, while I'm walking downtown to catch a bus, my
computer finds that a wireless connection is available, sends my
email, and possibly downloads other emails. (That's the autonomy
in this situation.) I think that that's a good use of wireless
technology.
How does my computer know whether or not it's okay to use the wireless
connection that it found? Requiring the human operator to intervene
undermines the ability for the computer to act autonomously, and
additionally, mundane things like asking permission to use a wireless
network are exactly the kind of thing that we should get computers to
do for us. Faced with factors (a) and (b), we have to either forgo
(a), or move the process of gaining permission out of the human realm
and into the protocols. Well, forward-thinking designers
did move the process of gaining permission into the
protocols, allowing us to keep (a). In other words, letting the protocol
be a substitute for human judgment--to the extent that a
digital "come on in" really amounts to a "come on in"--allows computers to
work on our behalf, without incessant intervention from humans.
Allowing computers to go ahead and make connections to services that are
digitally announced as available, without human intervention, is good.
It does mean, though, that if you don't want computers connecting to your
wireless network all willy-nilly,
then you have to say no via the protocol. But this is quite feasible.
You can have a password, or you can have a click-through.
The principle is simple: don't make services publically available unless
your intention is to make them publically available. Computers can't tell
the difference between "publically available (yes, really)" and "publically
available (no, not really)" when that parenthetical part is absent from
the information the computer receives, and requiring human intervention
hobbles the technology.
What other precedents are their for this kind of thing, were a newspaper willfully defied what it knows are documents that are secret, and claimed to be needed to stay secret in context of a war?
Most famously, there are the Pentagon Papers. In 1971, the New York Times published excerpts of Department of Defense documents leaked by Daniel Ellsberg. Roughly, the documents showed that the government had lied about the Vietnam War. The US government obtained an injunction against the Times, on national security grounds. The Supreme Court later overturned the injunction, but the decision, as my not-a-lawyer brain understands it, did not make it clear when the press can get away with this sort of thing.
This is not perfectly analogous to the current situation, because it is AT&T's documents that are being leaked, not the government's.
While I believe that computers have enormous potential as a medium, I
am wary of the attitude that computers are "just another medium" and
that the only obstacle for digital art is ignorance on the part of the
artistic community. The theoretical aspects of computers for art have
many practical consequences that make computers a medium filled with
pitfalls.
One advantage of oil on canvas as a medium is that it's relatively
transparent, in the sense that you can tell what the artist intended,
at least in terms of what pigments go where. This transparency comes
from the simplicity; even if you don't know the chemistry behind how
paint dries, you still--in most cases--understand the basic mechanics
of how the artist put the ideas on the canvas. I'm not saying the
physical process is what it's all about; on the contrary, the ability
for the viewer to understand the physical process gets it out of the
way, so that the channel of communication between the artist and the
viewer is that much clearer.
By having simple mechanics, understood well by the viewer, the viewer
can better separate intention from accident--that is, separate the
message from the line noise. (An artist might make an endeavor of
studying the interplay between intention and accident, or even
intentionally confuse the viewer, but it would be boring if that's all
artists did.)
Enter computers. What separates them as a medium is not their newness
so much as their incredible complexity. Computers are so complicated
as a medium, in fact, that the vast majority of artists who use
computers must work on some abstracted, intermediate medium (like
"Photoshop on Mac") that throws away most of that complexity. When a viewer sees a piece of digital art, they
may have little understanding of how it was created. This becomes
problematic when the artist uses the computer/software as a crutch to
make up for laziness or the lack of bandwidth between the artist and
computer. How much of what you see is the artist, and how much is the
software? I'm not saying that art is about figuring out who should
get credit for what, but separating what is deliberate from what is
mindless is more difficult with digital art than with other media.
And, when the viewer can tell how it was created, it is frequently
because the artist was really lazy. ("Ah, yes: an image of the Mona
Lisa, with crystallize effect, then swirl, inverted somewhere along
the way.")
One could argue that restricting oneself to the filters menu
constitutes a medium. In the hands of someone capable it could be used
expressively, but the piece would carry all sorts of "emotional
baggage" related to the medium. Unless the artist is so industrious
that they have really made every pixel matter, the viewer should have
some understanding of the medium in order to interpret the work. But
requiring the viewer to be familiar with Photoshop, especially if
Photoshop hasn't been compiled for any hardware produced in the last
50 years and emulation constitutes an infringement of someone's
intellectual property rights, is a burden on the viewer. Of course,
James Joyce puts a great burden on his readers, but it's a more
worthwhile burden.
Also, though this issue will hopefully go away, today's hardware and
software is generally awkward when it comes to creating art. With
most artists using software other people wrote, they have relatively
little control over their tools. What if you wanted the swirl effect
to taper off differently? Would you go to the trouble of writing your
own custom swirl alogorithm, or would you just decide that the
existing swirl is good enough? What if you wanted the swirl to
be off-center? Would you go to the trouble of shifting your image,
swirling, and then shifting back, or would you just decide that a
centered swirl is good enough? From what I've seen of digital
art, the authors of Photoshop are either geniuses who have managed to
create defaults everyone wants, or a lot of "artists" are just lazy.
Artists in other media have this problem (not being in perfect
control) as well, but not to the extent that digital artists do,
especially when they are relying on software in a non-trivial way.
You might say, "Well, the people who mindlessly apply Photoshop
filters will be recognized as hacks, just as the people who mindlessly
jangle on guitars are recognized as such." First of all, there are
plenty of people who mindlessly jangle on guitars and make a lot of
money at it. Second, computers are better at disguising the
artistically empty, especially when the viewer is not familiar with the software.
I've oversimplified these issues to save space and time, but I hope
you get my point about computers having often overlooked drawbacks as
a medium. Computers do present an artistic universe that is largely
unexplored, especially with the ability to mold the medium to the
needs of the artist. For example, say you wanted an image that would
be of money and pornography when in your peripheral vision, but would
switch to a picture of Don Rickles whenever you looked directly at
it--possible, with computers. You could call it "American Tantalus
Mindfuck 2000". Oh, yeah, and multimedia, blah blah blah...
You're right, but the Church-Turing hypothesis doesn't make any claim about runtime, and the definition of Turing machine does not include the restriction that the machine must stop in polynomial time--in that case, the Church-Turing hypothesis definitely fails. When it comes to computability, you can't do anything with a nondeterministic Turing machine that you can't do with an ordinary Turing machine. Perhaps you can do it faster, but what's computable doesn't change.
P is the class of sets that are computable by a Turing machine that only runs for a polynomial length of time, and NP is the class of sets that are computable by a nondeterministic TM running in polynomial time. A set X is NP-complete if it's in NP and any other set in NP can be reduced to it in polynomial time (by a deterministic Turing machine). Both P and NP, though, are proper subsets of the class of computable sets--those sets for which there's a Turing machine (that can use as much space and time as it wants) that will, given any string, eventually tell you if that string is in the set or not.
The Church-Turing hypothesis just says that Turing machines capture the intuitive notion of "computability". (Of course, the rigorous definition of computability is in terms of Turing machines, so the Church-Turing hypothesis really says that Turing machines are the "right" definition of computability. Fundamentally, it's subjective, although not that subjective: any reasonable notion of algorithm that has ever been produced has been reduced to Turing machines.) It doesn't say that Turing machines are necessarily efficient.
According to kolmogorov complexity, random
means that it can't be described in a shorter way. But it is also
'described' by the turing machine that is analysed and the
turing machine computing the number, which need not be of
infinite length.
The difference here is in what is allowed as a description. The Omega number for a particular universal self-delimiting Turing machine M has a short description: it's the sum of (1/2)^length(x) over all inputs x on which M halts. But this description is not particularly explicit (specifically, the formula that tells you whether a particular digit is 1 has an existential quantifier on it, so truth values can't be computed effectively). Kolmogorov complexity involves effective descriptions: codes for programs that tell you what some initial segment of Omega is. So there's no inconstency here.
Omega's big property is that as N grows, the length of the shortest program needed to output the first N digits of Omega is roughly N. In this sense, Omega is incompressible. This is (very loosely) accomplished by hashing together 2^n bits of the halting problem to get the nth digit of Omega--so even if the halting problem (encoded as a sequence of 0's and 1's) is compressible, any statistical bias or weak pattern gets wiped out when you mash the halting problem down like this.
I have to say, though, that I don't agree with the article's gloomy assessment of mathematics. "He shattered mathematics with a single number"? It makes a dramatic magazine article, but it doesn't ring true. (You should be warned that I'm an evil logic student, though!)
On a related note, can quantum computers solve NP
complete problems in P time?
I believe this is still an open question. If it's been resolved, then whoever solved it did so recently or didn't do a good job of getting the word out. I think the general belief, though, is that it's unlikely that quantum computers can do NP-complete problems in polynomial time. (Although, as you probably know, Peter Shor demonstrated an algorithm to factor numbers in polynomial time on a quantum computer.)
As for the nearby comment that quantum computers challenge the Church-Turing hypothesis: don't count on it. Turing machines can simulate quantum computers, albeit with an exponential slowdown. In other words, when it comes to computability, quantum computers can't do anything that Turing machines can't--they just do some things faster.
However, as mathematics advances, do we know if there are
theorems which can never be proven?
It depends what you mean by what's a proof and what isn't a proof. If you fix a particular proof system like ZFC, then yes, there are theorems which can never be proven. The Continuum Hypothesis (that there is no cardinality between the size of the natural numbers and the size of the real numbers) cannot be proven or disproven within ZFC.
Other proof systems do enjoy completeness; any theorem that can be expressed within that system can be proven or disproven. But these systems are generally too simple to be of any use.
If you don't fix a particular proof system, then things are fuzzier. Anything is provable, if you pick the right proof system. (To prove formula F, create a proof system with F as its only axiom.) It all comes down to what you choose as your axioms and your underlying logic. Mathematics will always have this issue at its foundations--mathematicians simply decide what they think the axioms should be. Whenever a mathematician proves a theorem, what they're really doing is saying, "If you believe this, this, and this, then you should also believe my theorem because..."
For example, when you learn the Mean Value Theorem, what you're really learning is that if you assume certain axioms, then the Mean Value Theorem is true. (In particular, if the axioms of Zermelo-Fraenkel set theory are true, then the Mean Value Theorem is also true. There are much simpler systems that can also prove the Mean Value Theorem.) Most mathematicians couldn't even tell you what the axioms of ZFC are, though, and this isn't as bad as it sounds. Foundational issues, like what axioms sit at the very bottom, don't have as much effect on the bulk of mathematical practice as people might think. When Russel produced his famous paradox, a few mathematicians scrambled to come up with a new foundation, and a few new systems were proposed, but 2+2=4 was not at much risk, and neither was the Mean Value Theorem. This is because the foundations are not chosen arbitrarily--they are chosen to capture, as simply as possible, what mathematicians see as mathematical reality. This has never changed overnight, but it has slowly evolved over time (and there's no consensus). Perhaps mathematicians of the future will take it as intuitively obvious that the continuum hypothesis should hold, and it will become common to assume that it's true.
The definition is oversimplified in the lecture
transcript. (I couldn't read the article.)
What you do is you fix a self-delimiting universal Turing machine M. This is a machine that takes its input, interprets it as another Turing machine, and simulates that other machine. Self-delimiting here essentially means that if it interprets "100011101" (or some other string) as a program, then it won't interpret any extension of that string as a program. In particular, if M halts on input "10001101", it won't halt on any extension of that string.
Define Omega_M (the halting probability of M) to be the sum of (1/2)^(length(x)) over all inputs x on which M converges. Because M was self-delimiting, this series will converge to some number between 0 and 1. (You can prove by induction on n that the sum restricted to x of length <=n is bounded by 1.)
This number depends on your choice of M, but that's no big deal.
So, to address your question a little more directly, we're calculating this probability by averaging over infinitely many Turing machines (as inputs to our universal Turing machine), and we're doing this by weighting the Turing machines with short codes more heavily--Turing machines of length n get weight (1/2)^n, and the self-delimiting nature of our universal TM makes the sum of these weights converge.
This isn't news. This is a carefully planned, orchestrated part of a sales campaign.
Yes, it's just marketing, but it's not as orchestrated as it might seem. In these cases, the news agency that publishes the story is often not "in on it"; they simply haven't put in the journalistic effort to separate news from marketing.
Bruce Schneier wrote about this marketing tactic a month ago in his Crypto-Gram. You can read the details there, but here's the gist: nCipher has a product that solves an insignificant problem, issues a press release about how horrible the vulnerability is, and the New York Times publishes an article about the vulnerability and nCipher's solution. I doubt that the NYTimes did this for the sake of advertising nCipher; they probably just didn't have the experience to see that the suggested attack was nothing remarkable.
The fact that Computer Currents just pulled the article indicates that they came to their senses:
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
Which is why the loser paying the costs is a better system. The law then cannot be used as a weapon of harassment.
Having the loser pay the winner's legal fees does not always prevent the law from being used as "a weapon of harassment." Suppose some poor grad student creates a legitimate Disney parody and puts it on his website. Disney's lawyers contact him, asking him to remove the parody or face legal action. Even if the student could find some pro-bono or cheap lawyer to defend him, the prospect of paying Disney's surely astronomical legal fees would probably deter him from going to court, and he would just back down. Disney wins by intimidation.
You can argue that the poor student shouldn't have to fear paying Disney's legal fees if his parody is legal, but the law does not always prevail in court, especially when one side has more legal resources. Even a small probability of losing to Disney would constitute a big risk.
I agree that making the loser pay the winner's legal fees would help prevent frivolous lawsuits between parties of comparable financial resources and by people who would have less to spend on lawyers than the potential defendant. However, in cases where a wealthy corporation is using the law for intimidation against a smaller company or individual, making the loser pay the winner's fees does not help much. For the corporation, the possibility of paying the other's fees presents perhaps a 10% increase in legal costs. For the smaller company, the possibility of paying the other's fees could be a 1000% increase in legal costs. If anything, it seems that this would only increase the effectiveness of the intimidation.
I am not altogether opposed to the idea of making the loser pay the winner's costs, but I think that a cap on this liability based on how much the loser spent on legal costs could be a good idea.
why not admit that we are really not that much more advanced and that the real value of our lives and era can be summarized on a few (or a few thousand) CD's a year.
The value of saving information is not purely to pass on what we think of as valuable or worthwhile. Keeping a lot of trash stored away so that people can look at it later is important if they are to understand us. How could a future historian understand the 1990's if they only had access to the "good" stuff? To understand late 20th century America, one would have to be able to see infomercials, read tabloids, and listen to crap. If we actively filter out what people of the future can or can't see about our society, we are trying to rewrite (or prewrite) history for them.
This does not mean we shouldn't pick out things that we think are particularly valuable and make them easier to find--that would be good. I'm just opposed to the idea of actively throwing out information in the name of making our culture easier to digest for others.
Also, our standard of what is worthwhile or not worthwhile could be very different from what people think 100 years from now. Today, we worship pieces of art that most people considered worthless when they were created. In the distant, distant future, perhaps, Ishtar will be rediscovered for the masterpiece that it is!
You can have technological innovation without IP protection--but the record of history is brutally clear: without IP protection the rate of technological innovation is dramatically lower.
What about mathematics? There is virtually no IP protection in mathematics; even if a mathematician copyrights a paper or a book, the math itself can be freely reused, and most mathematicians make their papers (and often their books) freely available on the Web. One might argue that there is a vague IP protection in mathematics in the form of giving/getting credit for work, but unfortunately, history has shown that mathematicians are bad at giving each other proper credit for their work.
So where's the financial incentive for mathematicians to create? There seems to be little. (Getting a math PhD is not a well paying job, and anyone holding a math PhD can generally make more money in industry than they can doing academic research.) Perhaps it's simply an interest in mathematics! Even if there is less incentive for mathematicians to create, the efficiency of operating in an open, cooperative environment allows mathematics to maintain a high rate of innovation despite a lack of enormous profit potential.
The fact that profitability and quality are somewhat independent is also relevant; if you set out to make the best technology you can, your long term technological contribution will probably be more significant than if you set out to produce the most profitable technology you can.
IP protection does offer financial incentive to create, but by restricting the use of protected work, it also holds technology back. This makes finding the right balance between IP protection and openness a subtle issue. I tend to favor more open approaches, because work that is created sincerely and not motivated purely by profit tends to have a greater lasting quality. I believe the reason for this is that accessibility and profoundness are often opposed to each other--this is precisely why top 40 music, while profitable, usually sucks. If artists only deliver what people expect (which is inherently more profitable), there will be no artistic progress, no matter how strong the IP protection on the work is. Generally, artistic progress is made by artists who are willing to take risks, and who are often not appreciated at first.
Can all this talk about artists be applied to technology? Not directly, I admit. Technology can be accessible and profound more easily than art can. However, is there an artistic aspect of technology that should be valued? I'd better shut up right now.
Plaintiff: they posted my closed-source code on their website! Defendant: But it's legal, because I can prove that the closed-source program incorporates GPL code, and therefore is itself covered by GPL. Judge: Plaintiff's code is ruled GPL and freely copyable. No damages. Plaintiff: Damn, there goes my revenue. Next time I'll pay attention to the license.
I don't think it works this way. The defendant could be found to be in violation of the copyright on the GPL code, but that doesn't automatically GPL all the code involved; it just means that whoever distributed the concoction is in violation of the GPL. This can be fixed by GPL'ing all the code involved, or by removing any GPL'ed code from the product, but the decision to GPL a piece of codes lies with the owner of the copyright on that code. (The defendant could still be liable for damages, even if they do straighten out.)
Judge: I rule for the plaintiff in the amount of $0.00.
IANAL (who is?), but copyright law isn't that simple. Yes, loss of profit is considered when deciding how much the plaintiff is entitled to. However, profit on the part of the offender is also considered. So if a commercial company ripped off some of your GPL'd code and made money off of it, you could get money from them. More info about copyright damages.
Also, even if you aren't awarded damages, the infringer has to stop distributing the product derived from your code (until they get all of your code out of it), which provides a strong incentive for software companies to not "pirate" GPL'd code. Even if they thought they could eventually win in court (which I hope they couldn't), the possibility of an injunction against the distribution of their product would likely deter them from trying it. Does this sound right to other people who are familiar with copyright law?
If I go to Slashdot (a generally anti-MS site to be sure), I'm directed to a poll that few people will take seriously. If I go to microsoft.com (likely a pro-MS site), I'm given links that let me conveniently write to congress, something that is more likely to have any tangible influence.
If you want the Slashdot effect to accomplish something, go here.
When BO was released, Microsoft didn't suffer, ordinary users suffered. To try to influence MS by hurting users is nothing more than terrorism.
The only way to prevent users from suffering is to have secure software. I understand that users did suffer from BO, but I think the blame lies with the people who used the program maliciously, and the people who created a product that allows such tools to be so successful.
"But why create tools that others can use maliciously?" When security holes exist and remain unfixed, they will be found and exploits will be created; it is merely a question of who knows about the hole, and who knows about the exploits. Before Back Orifice was released, how many users already knew that this sort of thing could happen to their computer? How many knew that similar tools already existed? As a system administrator, I appreciate the work these groups do because it helps me protect my systems and users; every security hole that they find and yell about publically is a security hole that I can prevent from being very harmful.
"So why not just let the vendor know about the hole in advance?" I want the people who write my software to care about security before the product ships, so I think it's important for security holes to be an embarrassment to the vendor. Anyway, when security holes are publically known, anyone who has important data to protect has the opportunity to protect it--the damage is limited to those who don't care about security, or those who think they care but are unwilling to put any effort into protecting themselves (and in this case, the "effort" could be nothing more than choosing products with a good reputation for security).
(I'm not a cDc member, but I find the above post to be the best introduction to what I have to say.)
Somebody should break into the CDC's computers and screw with their files so they can see how 'beneficial' it is.
Go for it! I'm sure you wouldn't be the first to try, and if you succeeded, you would have demonstrated that they should use better software.
2: It's MS' fault for having the security holes in the first place. Response: Bull. Microsoft's engineers have attempted to create a product that will be useful to people. There may be defects in the product, but that gives you no right to write a program whose primary purpose is to punish those who use it. If I leave my door unlocked that doesn't make it my fault when you steal my things. You're still the criminal.
Microsoft's engineers have most likely attempted to create a product that is as profitable as possible; that's how publically traded companies work. Unfortunately, the software market has demonstrated that what is most profitable is not what is most secure, stable, flexible, etc.
Also, I think that analogies to physical things like windows, cars, guns, and cows, are inaccurate. High physical security isn't feasible in our day to day lives; e.g. Kevlar vests are expensive and currently unfashionable. However, decent computer security is both feasible and sexy, so it is acceptable--and I believe beneficial--to create an environment in which it is necessary.
3: MS wouldn't fix the holes if we didn't exploit them. Response: If you're so concerned about MS fixing their security holes, why not give them an advance copy of the software so they can attempt to fix them _before_ all the jackass kids exploit them?
History has shown that MS drags their feet on fixing security holes that are given to them privately, in advance. Remember the IIS hole that eEye found? (See www.eeye.com for specifics.) To summarize, Microsoft was given a week of advance notice, but apparently did nothing until exploits were already available. Even then, they called eEye irresponsible for releasing an exploit after others already existed!
However, I don't feel that eEye had any ethical obligation to give Microsoft the advance notice that they did. If everyone always gives Microsoft (or any other company) advance notice about security holes, then Microsoft has little financial incentive to put more effort into releasing a product that is secure to begin with. I think it's shortsighted to look at the actions of a group like cDc in the context of a single exploit; you need to look at the long term effect they have on the market. If Microsoft has to pay dearly for each security hole in their products (in this case, paying in terms of lost revenue from people who decide to use more secure products), they will be more concerned about the security of their products, because it will increase their profitability.
The only way that users win when it comes to security holes is simply to have secure software. If vendors are treated with too much leniency, this will never be achieved.
(unless there is in an infrastructure IN PLACE to ensure the compensation of creators WHILE allowing freedom to copy)
Consider mathematics. Mathematics has been pressing forward consistently without restricting the copying of mathematical ideas. The creators, most often professors or grad students, are compensated, but not through the restriction of their ideas. There is some financial motivation (a good dissertation will get you a good position, for example) but the primary motivation is usually curiosity, with reputation as a secondary incentive.
If the world of mathematics were infiltrated with the philosophy of restricting the use of one's ideas, mathematics would stagnate. Mathematical progress is accelerated by the lack of restriction within the community, while the lack of strong restriction-oriented incentives does not seem to be a drawback.
So why does anyone pay mathematicians to sit around, think, and essentially give away their work? A strictly capitalist philosophy can't explain it well, but the benefits to the world are unquestionable. How much of your favorite technology would have been possible without the contributions that the mathematical community has made? We should keep that in mind before crediting the patent system of incentives for all of our technology.
The problematic pine binary didn't appear to have any glaring library issues--ldd found all the libraries that it was linked against. When the binary was run, though, it segfaulted.
Given that everything on Redhat's CD is GPL'ed, I can't see how they are supposed to maintain a monopoly.
Someone else already pointed out that it isn't all GPL'ed, but even if it were, RedHat could still lock people into their distribution; the key is in how they put it all together. A co-worker of mine compiled pine on a RedHat 5.2 machine, and it won't run on Debian 2.1. When we recompiled pine on the Debian machine, it ran on both platforms. Something about RedHat's development environment prevented the RedHat compiled binary from running on Debian. Whether or not this is intentional on RedHat's part is irrelevant, but this demonstrates that if a company develops a product on RedHat, users may have trouble running that product on other platforms. Unfortunately, many companies feel that they must develop on RedHat if most of their customers will be using RedHat.
The company I work for is using Debian 2.1 as the primary development environment for the libc6 version of our product, even though having our product work on RedHat is absolutely imperative. There are a number of reasons we chose Debian 2.1 over RedHat, but the one I would like to emphasize here is that I'm confident in Debian's development environment being as standard as possible. (Perhaps I'm wrong, but that's my perception.)
Slashdot Mirror
Listening to Pink Floyd singles is the exact wrong way to do it, literally. The proper way to listen to certain Pink Floyd albums is in their entirety except for one track. For example, when I listen to Dark Side of the Moon, I always skip "Money" if I'm paying attention. That song totally kills the vibe—not the fault of Waters et al. so much as having had to hear that song so many times in the company of assholes. Perhaps they could sell a deluxe edition of that album, in two volumes available for separate purchase: Volume I, Tracks 1–4, 6–9 and Volume II, Frat-Party Mixtape (a combination of "Money" and other bonus tracks).
I agree that Python is a better beginning language than Lisp, but I think the book is pitched more as an introduction to Lisp (and functional programming) than as an introduction to programming. That said, I'd like to say a few words in defense of Lisp as a first language.
In my experience (having taught a number of courses that involve coding), beginning programmers love to write bad code. The path of least resistance for them is to write monolithic blocks of code with one-character variable names and zero documentation, and to perform tasks in a remarkably contrived way that reflects a resistance to thinking ahead, somehow managing to do in cubic time what the "obvious" (to me) approach would do in linear time. Python tolerates this--it's such an awesome language that it is often easy to get something done even in the presence of terrible habits and lazy thinking (e.g., its readability makes monolithic code manageable).
Lisp does not make it so easy to get away with being a bad programmer. Writing monolithic functions, for instance, is relatively hard work in Lisp; the programmer who attempts this is punished with parentheses, and soon finds that the path of least resistance involves many relatively short functions with well-defined purposes. In other words, Lisp requires a level of care and forethought that other languages don't. Pedagogically, this is a virtue (though it comes with the heavy drawback that beginners can easily get discouraged).
There are exceptions, certainly. For instance, the easiest way to compute the nth Fibonacci number in Lisp is naive recursion, resulting in exponential runtime. Less naive recursion allows linear time, but a beginner would have trouble with that. (And a mathematically inclined programmer can compute it in constant time, if you assume arithmetic operations take constant time.)
In my view, the only *bad choice* of a starting language is one that causes brain damage, such as BASIC. Python tolerates brain damage (since it accommodates almost any programming style), but is safe under proper supervision. Lisp avoids brain damage.
To those saying that a+b+c != c+b+a is about noncommutativity rather than nonassociativity: if you look carefully, this is about nonassociativity. The left expression (typically) parses as (a+b)+c; the right expression parses as (c+b)+a. In the presence of commutativity, which we do have with f.p. arithmetic, this is saying (a+b)+c != a+(b+c), which is nonassociativity.
As for the store owner who wants to restrict access to customers, she can have a sign that says, "Wireless access for customers only," and settle for the fact that most people will obey this, and maybe an occasional computer in the backpack of a passerby will connect and deliver an enqueued email message. If she wants something more stringent, then she can put up a sign that says, "Wireless access for customers only. Password: coffee." That won't keep dishonest people out, but neither did the outright open access, and it doesn't interfere with the idea that what appears to the computer to be open really is open--an idea that makes computers easier to use. If she wants something more stringent than that, then she should be prepared to be a nerd or find herself one.
The law may very well say that just because an access point is open doesn't mean you're allowed to use it. But laws like this ultimately make computers harder to use, by requiring human intervention in situations where a computer would otherwise be able to sort things out on its own, and thereby making the computer harder to use.
How does my computer know whether or not it's okay to use the wireless connection that it found? Requiring the human operator to intervene undermines the ability for the computer to act autonomously, and additionally, mundane things like asking permission to use a wireless network are exactly the kind of thing that we should get computers to do for us. Faced with factors (a) and (b), we have to either forgo (a), or move the process of gaining permission out of the human realm and into the protocols. Well, forward-thinking designers did move the process of gaining permission into the protocols, allowing us to keep (a). In other words, letting the protocol be a substitute for human judgment--to the extent that a digital "come on in" really amounts to a "come on in"--allows computers to work on our behalf, without incessant intervention from humans. Allowing computers to go ahead and make connections to services that are digitally announced as available, without human intervention, is good.
It does mean, though, that if you don't want computers connecting to your wireless network all willy-nilly, then you have to say no via the protocol. But this is quite feasible. You can have a password, or you can have a click-through. The principle is simple: don't make services publically available unless your intention is to make them publically available. Computers can't tell the difference between "publically available (yes, really)" and "publically available (no, not really)" when that parenthetical part is absent from the information the computer receives, and requiring human intervention hobbles the technology.
Most famously, there are the Pentagon Papers. In 1971, the New York Times published excerpts of Department of Defense documents leaked by Daniel Ellsberg. Roughly, the documents showed that the government had lied about the Vietnam War. The US government obtained an injunction against the Times, on national security grounds. The Supreme Court later overturned the injunction, but the decision, as my not-a-lawyer brain understands it, did not make it clear when the press can get away with this sort of thing.
This is not perfectly analogous to the current situation, because it is AT&T's documents that are being leaked, not the government's.
One advantage of oil on canvas as a medium is that it's relatively transparent, in the sense that you can tell what the artist intended, at least in terms of what pigments go where. This transparency comes from the simplicity; even if you don't know the chemistry behind how paint dries, you still--in most cases--understand the basic mechanics of how the artist put the ideas on the canvas. I'm not saying the physical process is what it's all about; on the contrary, the ability for the viewer to understand the physical process gets it out of the way, so that the channel of communication between the artist and the viewer is that much clearer.
By having simple mechanics, understood well by the viewer, the viewer can better separate intention from accident--that is, separate the message from the line noise. (An artist might make an endeavor of studying the interplay between intention and accident, or even intentionally confuse the viewer, but it would be boring if that's all artists did.)
Enter computers. What separates them as a medium is not their newness so much as their incredible complexity. Computers are so complicated as a medium, in fact, that the vast majority of artists who use computers must work on some abstracted, intermediate medium (like "Photoshop on Mac") that throws away most of that complexity. When a viewer sees a piece of digital art, they may have little understanding of how it was created. This becomes problematic when the artist uses the computer/software as a crutch to make up for laziness or the lack of bandwidth between the artist and computer. How much of what you see is the artist, and how much is the software? I'm not saying that art is about figuring out who should get credit for what, but separating what is deliberate from what is mindless is more difficult with digital art than with other media. And, when the viewer can tell how it was created, it is frequently because the artist was really lazy. ("Ah, yes: an image of the Mona Lisa, with crystallize effect, then swirl, inverted somewhere along the way.")
One could argue that restricting oneself to the filters menu constitutes a medium. In the hands of someone capable it could be used expressively, but the piece would carry all sorts of "emotional baggage" related to the medium. Unless the artist is so industrious that they have really made every pixel matter, the viewer should have some understanding of the medium in order to interpret the work. But requiring the viewer to be familiar with Photoshop, especially if Photoshop hasn't been compiled for any hardware produced in the last 50 years and emulation constitutes an infringement of someone's intellectual property rights, is a burden on the viewer. Of course, James Joyce puts a great burden on his readers, but it's a more worthwhile burden.
Also, though this issue will hopefully go away, today's hardware and software is generally awkward when it comes to creating art. With most artists using software other people wrote, they have relatively little control over their tools. What if you wanted the swirl effect to taper off differently? Would you go to the trouble of writing your own custom swirl alogorithm, or would you just decide that the existing swirl is good enough? What if you wanted the swirl to be off-center? Would you go to the trouble of shifting your image, swirling, and then shifting back, or would you just decide that a centered swirl is good enough? From what I've seen of digital art, the authors of Photoshop are either geniuses who have managed to create defaults everyone wants, or a lot of "artists" are just lazy. Artists in other media have this problem (not being in perfect control) as well, but not to the extent that digital artists do, especially when they are relying on software in a non-trivial way.
You might say, "Well, the people who mindlessly apply Photoshop filters will be recognized as hacks, just as the people who mindlessly jangle on guitars are recognized as such." First of all, there are plenty of people who mindlessly jangle on guitars and make a lot of money at it. Second, computers are better at disguising the artistically empty, especially when the viewer is not familiar with the software.
I've oversimplified these issues to save space and time, but I hope you get my point about computers having often overlooked drawbacks as a medium. Computers do present an artistic universe that is largely unexplored, especially with the ability to mold the medium to the needs of the artist. For example, say you wanted an image that would be of money and pornography when in your peripheral vision, but would switch to a picture of Don Rickles whenever you looked directly at it--possible, with computers. You could call it "American Tantalus Mindfuck 2000". Oh, yeah, and multimedia, blah blah blah...
P is the class of sets that are computable by a Turing machine that only runs for a polynomial length of time, and NP is the class of sets that are computable by a nondeterministic TM running in polynomial time. A set X is NP-complete if it's in NP and any other set in NP can be reduced to it in polynomial time (by a deterministic Turing machine). Both P and NP, though, are proper subsets of the class of computable sets--those sets for which there's a Turing machine (that can use as much space and time as it wants) that will, given any string, eventually tell you if that string is in the set or not.
The Church-Turing hypothesis just says that Turing machines capture the intuitive notion of "computability". (Of course, the rigorous definition of computability is in terms of Turing machines, so the Church-Turing hypothesis really says that Turing machines are the "right" definition of computability. Fundamentally, it's subjective, although not that subjective: any reasonable notion of algorithm that has ever been produced has been reduced to Turing machines.) It doesn't say that Turing machines are necessarily efficient.
The difference here is in what is allowed as a description. The Omega number for a particular universal self-delimiting Turing machine M has a short description: it's the sum of (1/2)^length(x) over all inputs x on which M halts. But this description is not particularly explicit (specifically, the formula that tells you whether a particular digit is 1 has an existential quantifier on it, so truth values can't be computed effectively). Kolmogorov complexity involves effective descriptions: codes for programs that tell you what some initial segment of Omega is. So there's no inconstency here.
Omega's big property is that as N grows, the length of the shortest program needed to output the first N digits of Omega is roughly N. In this sense, Omega is incompressible. This is (very loosely) accomplished by hashing together 2^n bits of the halting problem to get the nth digit of Omega--so even if the halting problem (encoded as a sequence of 0's and 1's) is compressible, any statistical bias or weak pattern gets wiped out when you mash the halting problem down like this.
I have to say, though, that I don't agree with the article's gloomy assessment of mathematics. "He shattered mathematics with a single number"? It makes a dramatic magazine article, but it doesn't ring true. (You should be warned that I'm an evil logic student, though!)
I believe this is still an open question. If it's been resolved, then whoever solved it did so recently or didn't do a good job of getting the word out. I think the general belief, though, is that it's unlikely that quantum computers can do NP-complete problems in polynomial time. (Although, as you probably know, Peter Shor demonstrated an algorithm to factor numbers in polynomial time on a quantum computer.)
As for the nearby comment that quantum computers challenge the Church-Turing hypothesis: don't count on it. Turing machines can simulate quantum computers, albeit with an exponential slowdown. In other words, when it comes to computability, quantum computers can't do anything that Turing machines can't--they just do some things faster.
It depends what you mean by what's a proof and what isn't a proof. If you fix a particular proof system like ZFC, then yes, there are theorems which can never be proven. The Continuum Hypothesis (that there is no cardinality between the size of the natural numbers and the size of the real numbers) cannot be proven or disproven within ZFC.
Other proof systems do enjoy completeness; any theorem that can be expressed within that system can be proven or disproven. But these systems are generally too simple to be of any use.
If you don't fix a particular proof system, then things are fuzzier. Anything is provable, if you pick the right proof system. (To prove formula F, create a proof system with F as its only axiom.) It all comes down to what you choose as your axioms and your underlying logic. Mathematics will always have this issue at its foundations--mathematicians simply decide what they think the axioms should be. Whenever a mathematician proves a theorem, what they're really doing is saying, "If you believe this, this, and this, then you should also believe my theorem because..."
For example, when you learn the Mean Value Theorem, what you're really learning is that if you assume certain axioms, then the Mean Value Theorem is true. (In particular, if the axioms of Zermelo-Fraenkel set theory are true, then the Mean Value Theorem is also true. There are much simpler systems that can also prove the Mean Value Theorem.) Most mathematicians couldn't even tell you what the axioms of ZFC are, though, and this isn't as bad as it sounds. Foundational issues, like what axioms sit at the very bottom, don't have as much effect on the bulk of mathematical practice as people might think. When Russel produced his famous paradox, a few mathematicians scrambled to come up with a new foundation, and a few new systems were proposed, but 2+2=4 was not at much risk, and neither was the Mean Value Theorem. This is because the foundations are not chosen arbitrarily--they are chosen to capture, as simply as possible, what mathematicians see as mathematical reality. This has never changed overnight, but it has slowly evolved over time (and there's no consensus). Perhaps mathematicians of the future will take it as intuitively obvious that the continuum hypothesis should hold, and it will become common to assume that it's true.
What you do is you fix a self-delimiting universal Turing machine M. This is a machine that takes its input, interprets it as another Turing machine, and simulates that other machine. Self-delimiting here essentially means that if it interprets "100011101" (or some other string) as a program, then it won't interpret any extension of that string as a program. In particular, if M halts on input "10001101", it won't halt on any extension of that string.
Define Omega_M (the halting probability of M) to be the sum of (1/2)^(length(x)) over all inputs x on which M converges. Because M was self-delimiting, this series will converge to some number between 0 and 1. (You can prove by induction on n that the sum restricted to x of length <=n is bounded by 1.)
This number depends on your choice of M, but that's no big deal.
So, to address your question a little more directly, we're calculating this probability by averaging over infinitely many Turing machines (as inputs to our universal Turing machine), and we're doing this by weighting the Turing machines with short codes more heavily--Turing machines of length n get weight (1/2)^n, and the self-delimiting nature of our universal TM makes the sum of these weights converge.
Yes, it's just marketing, but it's not as orchestrated as it might seem. In these cases, the news agency that publishes the story is often not "in on it"; they simply haven't put in the journalistic effort to separate news from marketing.
Bruce Schneier wrote about this marketing tactic a month ago in his Crypto-Gram. You can read the details there, but here's the gist: nCipher has a product that solves an insignificant problem, issues a press release about how horrible the vulnerability is, and the New York Times publishes an article about the vulnerability and nCipher's solution. I doubt that the NYTimes did this for the sake of advertising nCipher; they probably just didn't have the experience to see that the suggested attack was nothing remarkable.
The fact that Computer Currents just pulled the article indicates that they came to their senses:
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
Having the loser pay the winner's legal fees does not always prevent the law from being used as "a weapon of harassment." Suppose some poor grad student creates a legitimate Disney parody and puts it on his website. Disney's lawyers contact him, asking him to remove the parody or face legal action. Even if the student could find some pro-bono or cheap lawyer to defend him, the prospect of paying Disney's surely astronomical legal fees would probably deter him from going to court, and he would just back down. Disney wins by intimidation.
You can argue that the poor student shouldn't have to fear paying Disney's legal fees if his parody is legal, but the law does not always prevail in court, especially when one side has more legal resources. Even a small probability of losing to Disney would constitute a big risk.
I agree that making the loser pay the winner's legal fees would help prevent frivolous lawsuits between parties of comparable financial resources and by people who would have less to spend on lawyers than the potential defendant. However, in cases where a wealthy corporation is using the law for intimidation against a smaller company or individual, making the loser pay the winner's fees does not help much. For the corporation, the possibility of paying the other's fees presents perhaps a 10% increase in legal costs. For the smaller company, the possibility of paying the other's fees could be a 1000% increase in legal costs. If anything, it seems that this would only increase the effectiveness of the intimidation.
I am not altogether opposed to the idea of making the loser pay the winner's costs, but I think that a cap on this liability based on how much the loser spent on legal costs could be a good idea.
The value of saving information is not purely to pass on what we think of as valuable or worthwhile. Keeping a lot of trash stored away so that people can look at it later is important if they are to understand us. How could a future historian understand the 1990's if they only had access to the "good" stuff? To understand late 20th century America, one would have to be able to see infomercials, read tabloids, and listen to crap. If we actively filter out what people of the future can or can't see about our society, we are trying to rewrite (or prewrite) history for them.
This does not mean we shouldn't pick out things that we think are particularly valuable and make them easier to find--that would be good. I'm just opposed to the idea of actively throwing out information in the name of making our culture easier to digest for others.
Also, our standard of what is worthwhile or not worthwhile could be very different from what people think 100 years from now. Today, we worship pieces of art that most people considered worthless when they were created. In the distant, distant future, perhaps, Ishtar will be rediscovered for the masterpiece that it is!
What about mathematics? There is virtually no IP protection in mathematics; even if a mathematician copyrights a paper or a book, the math itself can be freely reused, and most mathematicians make their papers (and often their books) freely available on the Web. One might argue that there is a vague IP protection in mathematics in the form of giving/getting credit for work, but unfortunately, history has shown that mathematicians are bad at giving each other proper credit for their work.
So where's the financial incentive for mathematicians to create? There seems to be little. (Getting a math PhD is not a well paying job, and anyone holding a math PhD can generally make more money in industry than they can doing academic research.) Perhaps it's simply an interest in mathematics! Even if there is less incentive for mathematicians to create, the efficiency of operating in an open, cooperative environment allows mathematics to maintain a high rate of innovation despite a lack of enormous profit potential.
The fact that profitability and quality are somewhat independent is also relevant; if you set out to make the best technology you can, your long term technological contribution will probably be more significant than if you set out to produce the most profitable technology you can.
IP protection does offer financial incentive to create, but by restricting the use of protected work, it also holds technology back. This makes finding the right balance between IP protection and openness a subtle issue. I tend to favor more open approaches, because work that is created sincerely and not motivated purely by profit tends to have a greater lasting quality. I believe the reason for this is that accessibility and profoundness are often opposed to each other--this is precisely why top 40 music, while profitable, usually sucks. If artists only deliver what people expect (which is inherently more profitable), there will be no artistic progress, no matter how strong the IP protection on the work is. Generally, artistic progress is made by artists who are willing to take risks, and who are often not appreciated at first.
Can all this talk about artists be applied to technology? Not directly, I admit. Technology can be accessible and profound more easily than art can. However, is there an artistic aspect of technology that should be valued? I'd better shut up right now.
Defendant: But it's legal, because I can prove that the closed-source program incorporates GPL code, and therefore is itself covered by GPL.
Judge: Plaintiff's code is ruled GPL and freely copyable. No damages.
Plaintiff: Damn, there goes my revenue. Next time I'll pay attention to the license.
I don't think it works this way. The defendant could be found to be in violation of the copyright on the GPL code, but that doesn't automatically GPL all the code involved; it just means that whoever distributed the concoction is in violation of the GPL. This can be fixed by GPL'ing all the code involved, or by removing any GPL'ed code from the product, but the decision to GPL a piece of codes lies with the owner of the copyright on that code. (The defendant could still be liable for damages, even if they do straighten out.)
IANAL (who is?), but copyright law isn't that simple. Yes, loss of profit is considered when deciding how much the plaintiff is entitled to. However, profit on the part of the offender is also considered. So if a commercial company ripped off some of your GPL'd code and made money off of it, you could get money from them. More info about copyright damages.
Also, even if you aren't awarded damages, the infringer has to stop distributing the product derived from your code (until they get all of your code out of it), which provides a strong incentive for software companies to not "pirate" GPL'd code. Even if they thought they could eventually win in court (which I hope they couldn't), the possibility of an injunction against the distribution of their product would likely deter them from trying it. Does this sound right to other people who are familiar with copyright law?
If you want the Slashdot effect to accomplish something, go here.
When BO was released, Microsoft didn't suffer, ordinary users suffered. To try to influence MS by hurting users is nothing more than terrorism.
The only way to prevent users from suffering is to have secure software. I understand that users did suffer from BO, but I think the blame lies with the people who used the program maliciously, and the people who created a product that allows such tools to be so successful.
"But why create tools that others can use maliciously?" When security holes exist and remain unfixed, they will be found and exploits will be created; it is merely a question of who knows about the hole, and who knows about the exploits. Before Back Orifice was released, how many users already knew that this sort of thing could happen to their computer? How many knew that similar tools already existed? As a system administrator, I appreciate the work these groups do because it helps me protect my systems and users; every security hole that they find and yell about publically is a security hole that I can prevent from being very harmful.
"So why not just let the vendor know about the hole in advance?" I want the people who write my software to care about security before the product ships, so I think it's important for security holes to be an embarrassment to the vendor. Anyway, when security holes are publically known, anyone who has important data to protect has the opportunity to protect it--the damage is limited to those who don't care about security, or those who think they care but are unwilling to put any effort into protecting themselves (and in this case, the "effort" could be nothing more than choosing products with a good reputation for security).
(I'm not a cDc member, but I find the above post to be the best introduction to what I have to say.)
Somebody should break into the CDC's computers and screw with their files so they can see how 'beneficial' it is.
Go for it! I'm sure you wouldn't be the first to try, and if you succeeded, you would have demonstrated that they should use better software.
2: It's MS' fault for having the security holes in the first place. Response: Bull. Microsoft's engineers have attempted to create a product that will be useful to people. There may be defects in the product, but that gives you no right to write a program whose primary purpose is to punish those who use it. If I leave my door unlocked that doesn't make it my fault when you steal my things. You're still the criminal.
Microsoft's engineers have most likely attempted to create a product that is as profitable as possible; that's how publically traded companies work. Unfortunately, the software market has demonstrated that what is most profitable is not what is most secure, stable, flexible, etc.
Also, I think that analogies to physical things like windows, cars, guns, and cows, are inaccurate. High physical security isn't feasible in our day to day lives; e.g. Kevlar vests are expensive and currently unfashionable. However, decent computer security is both feasible and sexy, so it is acceptable--and I believe beneficial--to create an environment in which it is necessary.
3: MS wouldn't fix the holes if we didn't exploit them. Response: If you're so concerned about MS fixing their security holes, why not give them an advance copy of the software so they can attempt to fix them _before_ all the jackass kids exploit them?
History has shown that MS drags their feet on fixing security holes that are given to them privately, in advance. Remember the IIS hole that eEye found? (See www.eeye.com for specifics.) To summarize, Microsoft was given a week of advance notice, but apparently did nothing until exploits were already available. Even then, they called eEye irresponsible for releasing an exploit after others already existed!
However, I don't feel that eEye had any ethical obligation to give Microsoft the advance notice that they did. If everyone always gives Microsoft (or any other company) advance notice about security holes, then Microsoft has little financial incentive to put more effort into releasing a product that is secure to begin with. I think it's shortsighted to look at the actions of a group like cDc in the context of a single exploit; you need to look at the long term effect they have on the market. If Microsoft has to pay dearly for each security hole in their products (in this case, paying in terms of lost revenue from people who decide to use more secure products), they will be more concerned about the security of their products, because it will increase their profitability.
The only way that users win when it comes to security holes is simply to have secure software. If vendors are treated with too much leniency, this will never be achieved.
(unless there is in an infrastructure IN PLACE to ensure the compensation of creators WHILE allowing freedom to copy)
Consider mathematics. Mathematics has been pressing forward consistently without restricting the copying of mathematical ideas. The creators, most often professors or grad students, are compensated, but not through the restriction of their ideas. There is some financial motivation (a good dissertation will get you a good position, for example) but the primary motivation is usually curiosity, with reputation as a secondary incentive.
If the world of mathematics were infiltrated with the philosophy of restricting the use of one's ideas, mathematics would stagnate. Mathematical progress is accelerated by the lack of restriction within the community, while the lack of strong restriction-oriented incentives does not seem to be a drawback.
So why does anyone pay mathematicians to sit around, think, and essentially give away their work? A strictly capitalist philosophy can't explain it well, but the benefits to the world are unquestionable. How much of your favorite technology would have been possible without the contributions that the mathematical community has made? We should keep that in mind before crediting the patent system of incentives for all of our technology.
At first glance I'm thingking that since RedHat 5.2 uses glibc6, and Debian 2.1 uses libc5...
/etc/debian_version /lib/libc.so.6 /lib/libc.so.5
Debian 2.1 uses libc6, as far as I know:
% cat
2.1
% ldconfig -p | grep libc.so
libc.so.6 (libc6) =>
libc.so.5 (libc5) =>
The problematic pine binary didn't appear to have any glaring library issues--ldd found all the libraries that it was linked against. When the binary was run, though, it segfaulted.
Given that everything on Redhat's CD is GPL'ed, I can't see how they are supposed to maintain a monopoly.
Someone else already pointed out that it isn't all GPL'ed, but even if it were, RedHat could still lock people into their distribution; the key is in how they put it all together. A co-worker of mine compiled pine on a RedHat 5.2 machine, and it won't run on Debian 2.1. When we recompiled pine on the Debian machine, it ran on both platforms. Something about RedHat's development environment prevented the RedHat compiled binary from running on Debian. Whether or not this is intentional on RedHat's part is irrelevant, but this demonstrates that if a company develops a product on RedHat, users may have trouble running that product on other platforms. Unfortunately, many companies feel that they must develop on RedHat if most of their customers will be using RedHat.
The company I work for is using Debian 2.1 as the primary development environment for the libc6 version of our product, even though having our product work on RedHat is absolutely imperative. There are a number of reasons we chose Debian 2.1 over RedHat, but the one I would like to emphasize here is that I'm confident in Debian's development environment being as standard as possible. (Perhaps I'm wrong, but that's my perception.)
Can anyone claim a trademark on any term or phrase even if there is a registered trademark holder for the same term or phrase?
See http://www.bitlaw.com/trademark/index.ht ml .