In america you can say "Black people are the dumbest, most stupid assholes I've ever seen", but you cannot say "encryption X works like so...".
Not only is it not likely that one could say that and continue to enjoy a full set of teeth in most places in America, but there are a few jurisdictions that have made it illegal as well under hate crimes law (one guy in Idaho is facing up to five years in prison for something similar). The whole concept seems to be that we are free to use speech any way we want as long as it isn't causing harm to someone else, which is why slander and libel laws are still on the books despite their apparent conflict with the First Amendment. I don't know if any case involving hate crimes vs. free speech has gone to the Supreme Court yet, however.
Anything you do within the "sovereignty" of a country is governed over by the laws of a country. Since you americans have apparently decided that you fully control the DNS space, and thus the visible part of the internet, you should really not be surprised that antother country does the same
If you think 'us americans' fully control the DNS space, run an alternative. I'd use it. The whole.com,.org,.net concept is outdated and springs out of the concept that the Internet started here. We'd probably be better off if that was scrapped and country codes were mandatory for every address so that whatever legal craziness abounds is mostly tied to a national scale. BTW: This paranoia that all Americans think as one to do things to piss you off is an unhealthy thing.
You might not be aware that the U.S. has recently decided that it has jurisdiction over its wires as well (see http://www.politechbot.com/p-02845.html). Most Internet traffic passes through our country. This may mean that if you are transmitting something between two sites in your own country that is legal there and illegal here and your connection happens to pass through our country (willing or unwilling) you have just committed a crime in the U.S. I don't know if that sounds stupid to you, but it sounds pretty stupid to me. How is Europe's decision any less stupid? Should the channel of distribution matter any more than the two points doing the communicating? What kind of impact could this concept have on satellite or radio transmissions that may bathe an unintended region with illegal content as part of the process of delivering that content to an area where it is perfectly legal?
I've got no argument with your take on the game industry today... in fact, I'd like to add that I thought we were supposed to be over the hideous copy-protection schemes a decade ago and that 'expansion packs' (aka 'A $30 part 2 to that $50 part 1 you bought three months ago.') are a blight on the industry. I'm back to console gaming until they start pulling similar tricks.
However, I think that the reason you believe that shareware is almost dead is because the mainstream producers/publishers we got accustomed to (Apogee, Epic Megagames, iD) have either replaced the word 'shareware' with 'demo' or went the commercial boxed route because they were successful enough. Well, that and the exodus of BBS users to the Internet. Anyway, there is still decent shareware gaming to be found. It is admittedly a couple of steps behind the Hollywood-style production process you see in most commercial games today, but in many cases that is made up for by the gameplay itself, the cheaper pricing, and the appreciation from the developer. I've been following the comp.sys.ibm.pc.games.strategic and comp.sys.ibm.pc.games.space-sim newsgroups lately, and aside from a 6+ year flamewar there were a couple of suggestions for decent games from small developers. The first, Dominions (http://www.illwinter.com/dominions.html), is a turn-based strategy game that is somewhat similar in style to Master of Magic. The other, Starships Unlimited (http://www.apezone.com/), is a turn-based strategy game that is not unlike Master of Orion. I like turn-based strategy games. Also, I bought a game a couple of months ago called Pontifex (http://www.chroniclogic.com/pfx.html) in which you engineer bridges on a budget that are supposed to hold up under the stress of a train with a variable weight passing over it a variable number of times.
All of these are pretty neat games and meet your definition of shareware. I heard about all of them by wandering off of the normal game-finding path. (http://www.swreg.org) is one avenue many shareware developers (including all of the above) are turning to to sell their games; they should have a storefront on there somewhere where you can browse titles to download or buy, but I think the site might be broken right now. If you don't mind wading through it, Usenet is a good place to spot game reviews or announcements. (http://www.isonews.com) also has a pretty good game review forum on it, though given the general direction of the site these tend to be about standard commercial games and not shareware.
Anyway, I just wanted to mention that shareware is still alive and still worthy of trying out if you know where to look.
Just because something is written in a contract doesn't always mean that it is legally binding. Still, it is better IMHO to avoid 'signing' contracts that you don't agree with and can't amend.
I can't help but wonder if we'd have a software industry left if developers became completely liable to the individual for lousy products. How does one prove that his program fails because Windows sucks? How does Microsoft prove that Windows sucks because hardware manufacturers write crappy drivers for inconsistent peripheral interfaces? How could Free Software survive in an environment where it is still impossible to write once, run anywhere?
There is a middle ground, I'm sure, but we're not going to get there as long as software developers are the only ones writing the rules regarding liability for faulty software development.
Having separate levels of security access for different user accounts/programs is still a very nice thing even when running single-user systems. True, it won't stop a temporarily-not-thinking individual or malfunctioning script from having the potential to toast every accessible file, but the situation would probably not be improved by permitting everything on the system to be wiped out as well.
On the plus side of things, having to log in as root to make important changes reminds users to pay more careful attention. Having the ability to run programs under dummy accounts like 'web' firewalls the rest of the system from potential damage from malfunction. One can't set up a chroot jail in a Windows environment AFAIK, but you can run programs that must run as root in their own little sandbox in most (all?) Unix environments to prevent useful exploitation of remote-accessible security flaws that might be discovered later. Even desktop systems will probably end up running servers or daemons that benefit from user-level security features, such as IRC bots, game servers, Gnutella clients, DHCP clients, FTP servers, Samba, or NTP (network time protocol) synchronizers. It's one more layer available to protect the system from things going horribly wrong.
I used BeOS for a while. It felt more-or-less like a single-user always-root Unix system. I can't say that it seemed any more friendly because of this, but I did miss being able to lock down a server application from time to time. I think that a free-as-in-beer version is still available on Be's site for download if you want to try it out. There are other parts in a Linux/*BSD-based system that could be improved on to make the desktop experience more enjoyable and seamless, such as a concentrated effort to make interfaces more consistent across applications yet themeable by the user or encouraging a compatible configuration template for applications that could be fed into a GUI form to make it easier for new users to configure their system and again make things more consistent yet still permit easy editing from a command line. Current window managers seem to be making progress in both areas, though apparently not always in ways compatible with each other... which kind of defeats the purpose.
But if we talk about novels, songs etc we're not talking about information. Anyway, why should information be free?
Disregarding the semantics about whether or not books, songs, movies, software, or anything else you can copyright is information, I believe that we can agree on one thing: none of them are created in a vaccum. A chess program I (hypothetically) write today is built with basic programming principles that others have shared, inspired by several other chess programs that I have executed on my computer, created to emulate the styles of different chess masters over the years, and developed with artifical intelligence algorithms pioneered by others to work with hardware documented by others and designed years ago with components invented decades ago. I depend on inventions and theories of hundreds or thousands of people to develop my product, and so does anyone else.
What you (or some here) seem to be saying is that if I write a novel, all and sundry have a right to copy it at will, now whose screwing the author and artist????
I'm a different user than the one you're replying to, but I'd argue that very few people here are saying "Scrap copyright." I certainly don't think that copyright is something we should do away with. The feeling I get is that many of the posters here (including me) believe that copyright terms have been extended much too far. I had always been taught that copyright is intended to fairly compensate content creators for their work. However, I've also read that the copyright term was set to expire at a non-ludicrous point so that authors, musicians, etc. will continue to create and benefit society.
If this is the case, copyright terms should actually be getting shorter. We've got faster publication times, better shipping, and this global economy thang that they didn't have at the end of the 16th century. Extended copyright terms are putting a brake on the sharing of information and culture both on those holding the copyrights who have less incentive to develop and on those who would bring us the innovations of tomorrow but can no longer borrow from yesterday to create them.
The RIAA doesn't need to prosecute everybody using the systems to win; they need to make it impossible or at the least inefficient to copy material rather than to buy it. One way that they seem to think will be effective is to blast away file-sharing services using their massively superior legal budget -- but as you mention attempting to carry over this attack from the companies or individuals providing these services to the individuals using these services isn't feasible, particularly when you're talking about completely peer-to-peer filesharing with no central servers (like Gnutella).
Their other tactics are more frightening, however. They are already coercing software and hardware manufacturers to add copy prevention and access controls to their products. They are trying to get laws pushed through to mandate these controls in products in which manufacturers are not already convinced to add them. I am not convinced that they aren't lobbying Congress to make file sharing using peer-to-peer methods (without some form of RIAA or government surveillance) illegal as well; and just as their other ideas have proven to be damaging to our rights well beyond simply protecting their material from massive copying (by, for example, getting Congress to give their tacit approval to copyright holders defining what fair use is on a per-product basis via the DMCA) I sudder to think about what plans they might have for us in the future... but I have little doubt that the EFF will once again be integral to whatever defense we can put up.
I've hit two problems that seem to be related to the 2.4.10 kernel when trying to roll my own boot+root router floppy.
Problem 1: Writes to/dev/fd0 with 'dd' were corrupted when dumping a disk image to a 3.5 floppy. I tested this a couple of times on two new floppies dumping a chunk of bytes from/dev/urandom into a floppy-sized file, using 'dd' to dump the file to floppy, and doing a 'cmp' between the file and floppy. When I looked at the floppy with a hexeditor, I saw that a chunk of bytes from the source file were repeated at the beginning of the floppy. I went back to 2.4.9 to test writes, and they all seemed to work properly.
Problem 2: 2.4.10 didn't boot properly when I dumped it to a floppy. I got a oops and a kernel panic when it would reach the point where it loads the rootdisk portion of the floppy into the ramdisk. Again, regressing to 2.4.9 with a similar configuration fixed the problem first try.
The first one worries me a bit, although I didn't notice any corruption elsewhere. I wonder if one of the later -ac patches would be safer.
The most logical possibility that I can come up with is that they got it for a very reasonable price and are relying on a revival of the controversy surrounding the original product to boost sales and get free advertising for their company in the mainstream press.
I can't help but think how this would have added some flavor to Infocom's games as well:
ZORK I: The Great Underground Empire
Copyright (c) 1981, 1982, 1983 Infocom, Inc. All rights reserved.
ZORK is a registered trademark of Infocom, Inc.
West of House
You are standing in an open field west of a white house, with a boarded front door. There is a gigantic neon sign next to a small mailbox. On the sign, the words "25% off all Zork® walkthroughs for new customers at Amazon.com®!" blink above a green arrow pointing at the mailbox.
>go west
Don't you want to see what's in that temptingly-placed mailbox?
>go west
A gnome wearing a Nike® shirt comes jogging up the path from the west. He tries to tell you something, but he is out of breath.
>go east
Just before you can leave, the gnome begins to cough. You turn around to see if he's alright, and notice that he's pulling an icy Gatorade® and the latest Michael Jackson single 'You Rock My World' out of the mailbox.
>kill self
That wouldn't be very polite to the gnome now, would it? Besides, he's just quenched that killer thirst of his with your Gatorade, so you might as well listen to what he has to say.
>run south
"Hey, " shouts the gnome, "you forgot your CD!" At that very moment, a very dirty music thief comes running up from the south and knocks you over. By the time you get up, both the pirate and the hot new Michael Jackson single are gone. "Don't worry about that," says the gnome, "Borders® is giving those away free with the purchase of any Michael Jackson CD and you'll be inflicting some justice on him after you go through the trapdoor in the house. You'll probably want to pick up an Energizer® for that lantern in the attic first, though, so that it doesn't kick out on you like competing brands will when you get to the maze of twisty passages."
The thing that irritates me about this is that colleges feel that they need to restrict or remove the technology to solve this problem. In most of my classes, students were respectful enough of the speaker and each other to not subject everybody to keyboard clacking and mouse clicks. In the few where they didn't get the hint the professor would clue them in without making a scene in front of the class and the situation would be resolved in a professional and adult manner.
So many of the 'problems' we've got with technology are really problems with human interaction. Another example is all the jumping through hoops businesses do to restrict employee usage of the internet using expensive hardware and software rather than handling misuse of the internet as stated in company policy in a similar way to handling employee tardiness or any other situation in the employer-employee relationship that you can't fit a fancy software filter between. In school/college of all places teaching people to correct inappropriate behavior rather than trying to simulate an environment where it will never occur seems more productive to me in the long run, even if it is inconvenient when trying to run a class.
Your reaction is certainly... colorful... but a reminder for the three or four of us who are going to take this opportunity to contact our representatives that when we bring up an issue we must be focused on one topic at a time. Whether or not the Florida process produced an illegitimate result may be an important subject for discussion, but it is irrelevant to the individual argument that mandatory backdoors in U.S. cryptographic software runs counter to logic even in light of the recent attacks. As your reaction points out, when Stallman brings up his opinion on a topic that a member of his audience doesn't agree with, it may color that member's reception to the more relevant opinion in Stallman's piece.
In other news, Congressman Bob Barr (of Georgia) was on CNN today saying that enforcement of current laws is more important than cracking down on our civil liberties. If you are in Georgia, please give him your support and bring up how either the mandatory encryption backdoor issue or the amendment tacked on to H.R. 2500 vastly increasing the authority of law enforcement to wiretap with reduced oversight will impact civil liberties without any proof that they are necessary to combat terrorism.
In addition, the concept that an innocent person can be accidentally identified as a known shoplifter by a security guard seems to be easier to grasp than the possibility that an innocent person would be misidentified by a computer... because as we all know, computers never make mistakes. The first situation is less likely to happen than the second, because while a (decent) security guard won't hassle someone who kind of looks like someone who was a shoplifter, it won't be as easy to tell when the computer isn't so sure. I look forward to getting harsh glares and the presumption of guilt from employees every time I step into a Borders because my rough facial features filtered through the crappy Borders security camera happen to be a 78% match with the town thief.
Like you say, I'm not going to spend money at a store that makes me feel uncomfortable. I would hope other people follow suit, but given how apathetic the majority tends to be I think the rest of us are going to have little alternative but to adjust in the long run as more and more places pick this technology up. After all, only criminals have something to hide, right?
I went through school using Apple IIe computers and rather pathetic IBM-PC/compatibles without too much scarring. Even if my schools had chosen to buy state-of-the-art "standard" computers, most of what I would have learned would still be mostly obsolete by the time I needed to put it to practical use. The basic information and techniques relating to computer use (powering one up, operating a keyboard, understanding the difference between a word processor, a spreadsheet, and a database) are mostly platform-independent anyway, so the choice of Linux, Windows, or Macintosh really doesn't make a whole lot of difference provided that a student can be taught how to print a document.
The process of installing and operating Linux usually entails learning something about the hardware it's running on, so sitting a child interested in computers in front of a computer running it might actually have that additional benefit over just plunking him/her down in front of a locked-down Windows system. Besides, are you that certain that Windows will remain a standard over the next five to ten years?
I agree that those new laws (DMCA and alike) is unfortune and it would be better if they was not needed.
The problem is that copyright law are so horrible abused by huge amounts of people that the situation just has to be dealt with.
The DMCA is not needed to criminalize copyright infringement in a digital environment (despite what U.S. lawmakers appeared to believe when they helped it coast through our system) -- existing laws do this, and they aren't harder to enforce than the DMCA. Even if you believe that society is abusing copyright law and not vice versa, the DMCA is just lumping groups like 'people who make tools with the potential for being used for copyright violation' and 'people who give details publicly about a scheme to restrict access to copyrighted material' in with the same group as 'copyright infringers'. In the sense that it is more likely for a corporation looking to threaten potential copyright infringers to find someone to make an example of in the courts, I suppose one could say enforcement is easier... but creating an atmosphere where free speech is no longer tolerated is IMHO more immoral than letting minor cases (or even Napster-sized cases) of copyright infringement slide.
Port 27374 is usually used by the SubSeven trojan (Windows). I've heard of at least one opportunistic worm that actively seeks out SubSeven-infected machines and uses the trojan to install itself, but it most likely isn't related to Code Red. I've had pretty good success at using Google to look up strange port numbers caught by my firewall; doing a search like "port 27374" (including the quotation marks) usually pulls up enough information in the first set of hits to tell me what I'm dealing with.
You've got a good point about being able to down a server with my suggestion (I used 30 seconds as a placeholder for N seconds such that N seconds wouldn't be too long for a server to spend calculating a key and N*2^32 seconds would be too inconvenient for one to calculate a lookup database). N could be one second, which would cause the generation of an entire lookup database take 49,710 days (this also assumes that a cracker knows the key... hope his school can afford Crays:). While the hash-calculation time would only be incurred the first time an IP/domain address is used to log in, my scheme would be open to abuse through a denial-of-service attack by someone who accumulates a fair number of machines on IPs that haven't logged into the server before.
It didn't hit me until the night after I posted that I was staring at the obvious; if the server operators can be trusted to share a secret key that they use to generate hashes, the algorithm doesn't need to be secret or take an inconvenient amount of time to run. I was solving the wrong problem. I decided to graft some code to the latest version of ircd-hybrid (the EFNet server of choice) to see what the ramifications would be if they ran my revised scheme (TripleDES over the hostname, MD5 over the result, append enough plaintext information about the domain to the end of the hash so that chanops can still ban problematic domains). The following is a log of me testing it out (ShtRck1 and ShtRck2 are both on locally, ShtRck3 is logging on from an address that is looked up through DNS... Slashdot is inserting spaces in wierd places but you can get the general idea).
------ /WHOIS shtrck1
*** ShtRck1 is sheetrck@0676a057.10ffd120.74043469.f0ca9fc1.127.0 (Debian User)
*** on channels: @#asdf
*** on irc via server noop (hybrid-7 test server)
*** ShtRck1 has been idle 13 minutes, signed on at Sat Jul 14 19:21:00 2001
*** shtrck1 : End of/WHOIS list.
*** ShtRck2 (sheetrck@0676a057.10ffd120.74043469.f0ca9fc1.127. 0) has joined channel #asdf
*** ShtRck3 (sheetrck@cc972d09.d9f38191.49dbe927.93a4eff0.aol. com) has joined channel #asdf /KICK #asdf ShtRck3 Testing...
*** ShtRck3 has been kicked off channel #asdf by ShtRck1 (Testing...)
*** ShtRck3 (sheetrck@cc972d09.d9f38191.49dbe927.93a4eff0.aol. com) has joined channel #asdf /MODE #asdf +b *@*.aol.com
*** Mode change "+b *!*@*.aol.com" on channel #asdf by ShtRck1 /KICK #asdf shtrck3
*** ShtRck3 has been kicked off channel #asdf by ShtRck1 (shtrck3) /MODE #asdf -b
*** #asdf *!*@*.aol.com ShtRck1!sheetrck@0676a057.10ffd120.74043469.f0ca9f c1.127.0 995156621
*** Total number of bans on #asdf - 1
------
The two awkward things I see in this scheme are the length of the fake addresses (which do fit comfortably within the hostname space allocated by Hybrid) and the need to trust every operator on EFNet to guard the key. Should the key become compromised, it would be simple enough to generate a new one and distribute it to server ops, but as you mention it would invalidate everybody's autoban/autoop lists. Then again, server ops are trusted to not maliciously modify their servers or randomly kill other servers and that's worked out pretty well so far. Given the ease of writing this patch, I'm kind of surprised they haven't done it already; the server already optionally links to OpenSSL. My guess is that they haven't seen much of a need beyond spoofing server operator hostnames (something they've made provision for in the source) so they decided it's a non-priority.
Do you think VWorld would be interested in strengthening their system like this? Are there any other obviously incorrect assumptions in my design?
Generating a database would be tougher if you follow the same basic concept as VWorld but substitute an encrypting/hashing algorithm that is costly in CPU time to apply for whatever algorithm they're currently using to hide the domain (this idea is mostly lifted from Adam Back's Hashcash concept for fighting spam). Here's the idea:
The algorithm should take something like 30 seconds or a minute to perform on a domain or IP address by an average IRC server, which could cache calculated hashes for speedier subsequent logins from that address. Take the entire IP address/domain name to use in generating the hash and don't reveal any part of the user's real address to other IRC users. This would give roughly 2^32 addresses to guess at, as you mention. The IRC server should only use the IP address of a client to compute the hash as a last resort when a domain lookup doesn't work. This scenario would make it computationally infeasible to generate a lookup database client-side.
Additionally, if a secret numerical seed was used in generating this hash and shared only amongst server operators, the threat of someone generating (or stealing from an IRC server, assuming generated hashes are cached to improve future performance) a lookup database could be softened somewhat by the potential of server operators choosing a new key if a compromise occurs or on a periodic basis. This would make the database worthless. It's similar to the way Unix crypt() fights lookups using 'salt', but this secret key can't be randomly generated because then the hash would be worthless for doing autobans and the like (it'd change every login).
This scheme will decrease in effectiveness as computing strength grows. The only way to combat this is to increase the computing needed to process the algorithm. The algorithm must be adjustable, perhaps by adjusting its key length or by running it more than once.
So, basically, if VWorld can find a one-way cryptographic function where the time required to encrypt can be adjusted periodically and the function can be seeded by a large key provided by IRC operators, I think they'd be better off. Perhaps something like Blowfish run a particular number of times or with a particular key size (to slow it down) over the domain name/IP address, then MD5 over the output from the cipher to get short, consistently-lengthed output for the fake domain name shown to other IRC users.
Please ignore my comment; I'm posting to remove the -1 Troll moderation I accidentally stuck on your post while testing a recent Mozilla build (as well as three positive moderations under this article that I -meant- to put in, unfortunately...)
BTW (in an attempt to add some meaningful content to this post), Toxic Sludge Is Good For You IS a good read, and once you know the ways corporations influence the government and the media it becomes a lot easier to see just how little meaningful investigative journalism goes on anymore.
While it is obvious that the easiest way to clean up the problem of DDOS attacks (or website defacements) is to remove the capability of the people executing the attacks to compromise servers, creating or using legal punishments for rootkit designers is not as clean an approach as some would hype it to be. In fact, I can use much the same arguments as I'd use in favor of full disclosure.
First of all, even if rootkits were declared illegal tomorrow, they'd still get made and distributed -- they just wouldn't be as available to the people who need to detect them and clean them up. Additionally, illegal in the U.S. doesn't necessarily mean illegal overseas or even illegal in Canada... though I'm sure our government is working on that.
Additionally, if developing rootkits is deemed illegal, we start making our way down that famed slippery slope. How does one define a rootkit? Will 'certified' security experts be able to design proof-of-concept rootkits while the rest of us amateurs are considered to be criminals for doing so even in the interest of proving security vulnerabilities? How about individual exploits; will a chunk of code that demonstrates a vulnerability allowing the spawning of a remote root shell be considered a rootkit? Given the rather loose definitions in our laws, I'd bet so. This would effectively kill the idea of full disclosure and much of the amateur research into computer security.
Finally, the more legal intervention that occurs in Internet activities, the better the chances the things that have always made the Internet useful and unique will get stamped out. Cutting down on the free exchange of ideas is a bad idea except where it is absolutely necessary, and in this case I doubt it would be even slightly effective. The focus should be on fixing the software and the infrastructure, because not having public knowledge of the flaws in these systems isn't going to make the flaws any less exploitable to someone who already doesn't care about the law.
It would be nearly impossible to prove that Microsoft has deliberately altered their API to break competitors' software without an internal memo stating that they were going to do something to that effect because it is just as easily to explain these malfunctions by the 'evolution' of the Windows API or shoddy programming habits (using undocumented interfaces or using documented interfaces incorrectly) in the software that isn't working. So I'll just point to places where Microsoft seems to have broken compatibility where it used to exist.
First, DR-DOS. I can't argue that this is a matter of a Windows API breaking code, but it is an example of Microsoft deliberately introducing an incompatibility for the sake of defeating competition. This page explains that it was likely that only developers and computer makers saw this message because the routine (which was encrypted to prevent easy discovery) to display it was disabled before Windows 3.1 went to market (it was only in a beta, as you claim, but it still did significant harm to DR-DOS because computer makers saw it). The message was still present in the shipped binary, disproving the Microsoft assertion that this was all an urban legend, and this page has a utility you can grab (in addition to the source code) to find the message in Windows 3.1. The page also mentions that Microsoft QuickC under DR-DOS would emit an ominous message (but would presumably still run). So you can't say that malicious coding has never been on their mind and you can't blame people for being a bit suspicious when things break strangely.
Another example, though one I'm less likely to attribute to malicious incompatibility for the reason I give at the top of this reply, can be found under 'Smothering Freeware' on this site. Equally interesting (and also mentioned on this page) was the breaking of Professor Felten's demonstration in the recent antitrust trial of Microsoft that Internet Explorer did not need to be integrated into the operating system for the operating system to function. Felten had to provide his program to Microsoft as part of discovery and at some point between then and the trial his program no longer functioned properly. There was some speculation that Microsoft deliberately broke the program, though I tend to believe that their updates just didn't take the functioning of this program into account because, by definition, Felten's program was trying to convert Windows 98 into a non-standard state.
Finally, Kerberos in Windows 2000. Though that was broken from the start (i.e., it wasn't a change to break existing software on Windows), one could argue that it was specifically broken to discourage compatibility of a nature Microsoft didn't want between their system and competitors' systems. Or one could argue that Microsoft liked the technology but didn't want to invest any more effort into development than was necessary to meet their goals (compatibility with other Win2k, whatever other compatibility exists is purely a bonus). Discussion here (search for 'Kerberos') suggests that the incompatibility is a benign by-product of innovation. This (search for 'clickwrap') suggests that it wasn't... putting the specification of the Microsoft changes to the protocol under NDA clickwrap forces an incompatibility between standard Kerberos and MS Kerberos. A matter of perspective, to be sure, but a reminder that seamless compatibility is hardly a priority.
That isn't necessarily so... the passwords could have been plaintext somewhere along the chain. Let's say that a cryptographic hash of the passwords was stored... the computer still needs to retrieve the password from the developer to compare against the hash. If that password wasn't sent via SSL or something similar, it could be sniffed off of the wire from the compromised machine. If it is being sent SSL to an Apache-SSL server, an attacker could compromise the server program or the validation utility that compares the password against the hash.
The password file is an obvious point of vulnerability, but it isn't the only one.
How many popular commercial software packages have been put together or sold for Linux that weren't half-assed versions of their Windows counterparts? Quake? Java? (I guess I like Loki's work, too.) If you sit a user in front of a Windows system and a Linux system each loaded with office-type platforms like Corel Wordperfect, Netscape, and ICQ (Linux still gets the crappy experimental Java version, right?), said user is going to be pretty disappointed with the Linux offering. Few commercial vendors are willing to take Linux seriously, and will only offer support for Windows versions of their software. It's pretty depressing to watch their half-hearted attempts to drag a fishhook with cheap bait on it through the Linux community and just pack up and call it a failure when no one bites.
Still, StarOffice has worked as well for me as a word processor as Microsoft Word does (frequent crashes). The GIMP has worked better for me than any paint package I can afford and it lets me script, too. Between Netscape and Konqueror I can visit most worthwhile websites. I'd hardly call my setup dead. The fact that a desktop this functional can be cobbled together on a budget might even mean the quick revival of the Linux desktop once commercial software licenses become easier to verify.
I was able to use a towel to help get a car out of being stuck. We were pulling into an alley with something like 9-12 inches of snow covering the entrance (the city only plowed the main roads) and the car got about halfway in before getting stuck on the ridge with ice under the front wheels (it was a front-wheel drive). After trying unsuccessfully to get the car moving by shifting from reverse to drive a few times and flooring it, I took a towel that I noticed in the back seat and put it under one of the tires in front and we drove off.
They really are more useful than they're given credit for.
Isn't a large part of the growing Linux code base hardware support (drivers/alternate architectures?) The exponential increase in the number of lines of code in *.c/*.h files doesn't necessarily mean that Linux is bloatware; rather, I think that it's a result of better support for the hardware out there.
I'd worry more if vmlinuz and modules start to grow exponentially.
First, let me assure you that there are other Linux nerds and/. readers that don't think stealing intellectual property is cool. In addition to filmmakers, I'm sure that there is a fair population of readers who are artists, authors, and programmers creating commercial works. I also don't appreciate the thought that a project I've invested a lot of time and money into could be enjoyed by others without giving me fair compensation (or better) for my effort just because it happens to be in a form that's easier to take than, say, a car. Napster, in my opinion, is one of the most distasteful ways that something like this can occur, because a corporation is turning an artist's work into profit for themselves while not giving a damn whether or not that artist is going to be able to eat tomorrow (much like the labels under the RIAA, which is why using the "RIAA is screwing the artists" as a pro-Napster argument doesn't wash).
However, there's a group out there that's getting shafted worse than the artists/authors/programmers, and they're known as the consumers. The various industries that trade primarily in intellectual property have made the use and consumption of intellectual property into a black & white issue; as a consumer, you can choose between using the content that you've paid for within the narrow confines laid out for you by the copyright holder, or be labeled a pirate and a thief. Intellectual property rules run counter to everything we've learned about ownership because they're being applied to the content and not the medium, and aside from the wanks that just want to get something for nothing many of us that aren't willing to lump Aimster, Gnutella, et. al. in with Napster have some very serious concerns about the way intellectual property ownership is being handled. Let me give a few examples of why I think our current method of dealing with intellectual property sucks.
Example 1: the DeCSS fiasco. Hypothetical situation: I buy a DVD-ROM. I buy a DVD. I run Linux and only Linux. I want to access the content that is bought and paid for and in theory is legally mine to do with what I will within the fair use exceptions of U.S. Copyright law. In practice, the MPAA has screwed me out of my rights by making it legally impossible to exercise them. They're exploiting a law intended to make sure that copyright holders are fairly compensated by sheltering their content within a digital barricade that is illegal for anyone but CSS licensees to remove. They're doing this to make it more convenient for them to sell the same product at different times and at different prices based on geographical location, which permits them to extract more profit by setting higher prices on markets willing to pay them and forbids people in one market from being able to purchase the same product from a different market.
Example 2: return policies. If I buy a CD, movie, or software package that sucks, I can't return it unless it's damaged, in which case I can return it for the same thing. One usually can't preview any of these things to see if it's something worth buying. Sometimes I feel like I've really been screwed on a deal (I buy a CD that has been censored and there's no warning that I'm buying an altered copy on the label or I get software that won't do what it's advertised to do until the manufacturer decides to release a bugfix a couple of months from now) and I've got no alternative but to take the same crapshoot the next time I want to buy any of the above.
Example 3: the definition of piracy. It changes from person to person. Some people think it's stealing music to download it and listen to it before buying it. "But no one does that... why would you pay money for music if it's already on your hard drive?" Because I like to support the artist, damnit. I wouldn't have ever gotten into Air if I hadn't listened to their MP3s first, and now I own three of their CDs. Other people think piracy is when the artist isn't being compensated for their work. Imagine all those fools who own extensive used-CD/used-DVD collections -- little did they know that they're just as guilty of stealing intellectual property as any Gnutella user. Software companies like Microsoft are on top of this, fortunately, by burying prohibitively restrictive clauses in their EULAs that stop pirates like me from letting friends borrow a game or selling off an operating system they're never going to use but ended up paying for anyway.
Food for thought, or at least it ought to be. I hope that you get modded up (if you aren't already) for pointing out that content doesn't create itself and that it isn't morally justifiable to steal from one group just because you feel like another is giving you a raw deal. I don't think that either of our concepts are given more than lip service by copyright holders or the P2P users who are seeking excuses to keep the free stuff coming, but it's obvious that some compromise needs to be made to stop both the producer and the consumer from getting screwed.
Slashdot Mirror
Not only is it not likely that one could say that and continue to enjoy a full set of teeth in most places in America, but there are a few jurisdictions that have made it illegal as well under hate crimes law (one guy in Idaho is facing up to five years in prison for something similar). The whole concept seems to be that we are free to use speech any way we want as long as it isn't causing harm to someone else, which is why slander and libel laws are still on the books despite their apparent conflict with the First Amendment. I don't know if any case involving hate crimes vs. free speech has gone to the Supreme Court yet, however.
Anything you do within the "sovereignty" of a country is governed over by the laws of a country. Since you americans have apparently decided that you fully control the DNS space, and thus the visible part of the internet, you should really not be surprised that antother country does the same
If you think 'us americans' fully control the DNS space, run an alternative. I'd use it. The whole .com, .org, .net concept is outdated and springs out of the concept that the Internet started here. We'd probably be better off if that was scrapped and country codes were mandatory for every address so that whatever legal craziness abounds is mostly tied to a national scale. BTW: This paranoia that all Americans think as one to do things to piss you off is an unhealthy thing.
You might not be aware that the U.S. has recently decided that it has jurisdiction over its wires as well (see http://www.politechbot.com/p-02845.html). Most Internet traffic passes through our country. This may mean that if you are transmitting something between two sites in your own country that is legal there and illegal here and your connection happens to pass through our country (willing or unwilling) you have just committed a crime in the U.S. I don't know if that sounds stupid to you, but it sounds pretty stupid to me. How is Europe's decision any less stupid? Should the channel of distribution matter any more than the two points doing the communicating? What kind of impact could this concept have on satellite or radio transmissions that may bathe an unintended region with illegal content as part of the process of delivering that content to an area where it is perfectly legal?
However, I think that the reason you believe that shareware is almost dead is because the mainstream producers/publishers we got accustomed to (Apogee, Epic Megagames, iD) have either replaced the word 'shareware' with 'demo' or went the commercial boxed route because they were successful enough. Well, that and the exodus of BBS users to the Internet. Anyway, there is still decent shareware gaming to be found. It is admittedly a couple of steps behind the Hollywood-style production process you see in most commercial games today, but in many cases that is made up for by the gameplay itself, the cheaper pricing, and the appreciation from the developer. I've been following the comp.sys.ibm.pc.games.strategic and comp.sys.ibm.pc.games.space-sim newsgroups lately, and aside from a 6+ year flamewar there were a couple of suggestions for decent games from small developers. The first, Dominions (http://www.illwinter.com/dominions.html), is a turn-based strategy game that is somewhat similar in style to Master of Magic. The other, Starships Unlimited (http://www.apezone.com/), is a turn-based strategy game that is not unlike Master of Orion. I like turn-based strategy games. Also, I bought a game a couple of months ago called Pontifex (http://www.chroniclogic.com/pfx.html) in which you engineer bridges on a budget that are supposed to hold up under the stress of a train with a variable weight passing over it a variable number of times.
All of these are pretty neat games and meet your definition of shareware. I heard about all of them by wandering off of the normal game-finding path. (http://www.swreg.org) is one avenue many shareware developers (including all of the above) are turning to to sell their games; they should have a storefront on there somewhere where you can browse titles to download or buy, but I think the site might be broken right now. If you don't mind wading through it, Usenet is a good place to spot game reviews or announcements. (http://www.isonews.com) also has a pretty good game review forum on it, though given the general direction of the site these tend to be about standard commercial games and not shareware.
Anyway, I just wanted to mention that shareware is still alive and still worthy of trying out if you know where to look.
I can't help but wonder if we'd have a software industry left if developers became completely liable to the individual for lousy products. How does one prove that his program fails because Windows sucks? How does Microsoft prove that Windows sucks because hardware manufacturers write crappy drivers for inconsistent peripheral interfaces? How could Free Software survive in an environment where it is still impossible to write once, run anywhere?
There is a middle ground, I'm sure, but we're not going to get there as long as software developers are the only ones writing the rules regarding liability for faulty software development.
On the plus side of things, having to log in as root to make important changes reminds users to pay more careful attention. Having the ability to run programs under dummy accounts like 'web' firewalls the rest of the system from potential damage from malfunction. One can't set up a chroot jail in a Windows environment AFAIK, but you can run programs that must run as root in their own little sandbox in most (all?) Unix environments to prevent useful exploitation of remote-accessible security flaws that might be discovered later. Even desktop systems will probably end up running servers or daemons that benefit from user-level security features, such as IRC bots, game servers, Gnutella clients, DHCP clients, FTP servers, Samba, or NTP (network time protocol) synchronizers. It's one more layer available to protect the system from things going horribly wrong.
I used BeOS for a while. It felt more-or-less like a single-user always-root Unix system. I can't say that it seemed any more friendly because of this, but I did miss being able to lock down a server application from time to time. I think that a free-as-in-beer version is still available on Be's site for download if you want to try it out. There are other parts in a Linux/*BSD-based system that could be improved on to make the desktop experience more enjoyable and seamless, such as a concentrated effort to make interfaces more consistent across applications yet themeable by the user or encouraging a compatible configuration template for applications that could be fed into a GUI form to make it easier for new users to configure their system and again make things more consistent yet still permit easy editing from a command line. Current window managers seem to be making progress in both areas, though apparently not always in ways compatible with each other... which kind of defeats the purpose.
Disregarding the semantics about whether or not books, songs, movies, software, or anything else you can copyright is information, I believe that we can agree on one thing: none of them are created in a vaccum. A chess program I (hypothetically) write today is built with basic programming principles that others have shared, inspired by several other chess programs that I have executed on my computer, created to emulate the styles of different chess masters over the years, and developed with artifical intelligence algorithms pioneered by others to work with hardware documented by others and designed years ago with components invented decades ago. I depend on inventions and theories of hundreds or thousands of people to develop my product, and so does anyone else.
What you (or some here) seem to be saying is that if I write a novel, all and sundry have a right to copy it at will, now whose screwing the author and artist????
I'm a different user than the one you're replying to, but I'd argue that very few people here are saying "Scrap copyright." I certainly don't think that copyright is something we should do away with. The feeling I get is that many of the posters here (including me) believe that copyright terms have been extended much too far. I had always been taught that copyright is intended to fairly compensate content creators for their work. However, I've also read that the copyright term was set to expire at a non-ludicrous point so that authors, musicians, etc. will continue to create and benefit society.
If this is the case, copyright terms should actually be getting shorter. We've got faster publication times, better shipping, and this global economy thang that they didn't have at the end of the 16th century. Extended copyright terms are putting a brake on the sharing of information and culture both on those holding the copyrights who have less incentive to develop and on those who would bring us the innovations of tomorrow but can no longer borrow from yesterday to create them.
Their other tactics are more frightening, however. They are already coercing software and hardware manufacturers to add copy prevention and access controls to their products. They are trying to get laws pushed through to mandate these controls in products in which manufacturers are not already convinced to add them. I am not convinced that they aren't lobbying Congress to make file sharing using peer-to-peer methods (without some form of RIAA or government surveillance) illegal as well; and just as their other ideas have proven to be damaging to our rights well beyond simply protecting their material from massive copying (by, for example, getting Congress to give their tacit approval to copyright holders defining what fair use is on a per-product basis via the DMCA) I sudder to think about what plans they might have for us in the future... but I have little doubt that the EFF will once again be integral to whatever defense we can put up.
Problem 1: Writes to /dev/fd0 with 'dd' were corrupted when dumping a disk image to a 3.5 floppy. I tested this a couple of times on two new floppies dumping a chunk of bytes from /dev/urandom into a floppy-sized file, using 'dd' to dump the file to floppy, and doing a 'cmp' between the file and floppy. When I looked at the floppy with a hexeditor, I saw that a chunk of bytes from the source file were repeated at the beginning of the floppy. I went back to 2.4.9 to test writes, and they all seemed to work properly.
Problem 2: 2.4.10 didn't boot properly when I dumped it to a floppy. I got a oops and a kernel panic when it would reach the point where it loads the rootdisk portion of the floppy into the ramdisk. Again, regressing to 2.4.9 with a similar configuration fixed the problem first try.
The first one worries me a bit, although I didn't notice any corruption elsewhere. I wonder if one of the later -ac patches would be safer.
The most logical possibility that I can come up with is that they got it for a very reasonable price and are relying on a revival of the controversy surrounding the original product to boost sales and get free advertising for their company in the mainstream press.
ZORK I: The Great Underground Empire
Copyright (c) 1981, 1982, 1983 Infocom, Inc. All rights reserved.
ZORK is a registered trademark of Infocom, Inc.
West of House
You are standing in an open field west of a white house, with a boarded front door. There is a gigantic neon sign next to a small mailbox. On the sign, the words "25% off all Zork® walkthroughs for new customers at Amazon.com®!" blink above a green arrow pointing at the mailbox.
>go west
Don't you want to see what's in that temptingly-placed mailbox?
>go west
A gnome wearing a Nike® shirt comes jogging up the path from the west. He tries to tell you something, but he is out of breath.
>go east
Just before you can leave, the gnome begins to cough. You turn around to see if he's alright, and notice that he's pulling an icy Gatorade® and the latest Michael Jackson single 'You Rock My World' out of the mailbox.
>kill self
That wouldn't be very polite to the gnome now, would it? Besides, he's just quenched that killer thirst of his with your Gatorade, so you might as well listen to what he has to say.
>run south
"Hey, " shouts the gnome, "you forgot your CD!" At that very moment, a very dirty music thief comes running up from the south and knocks you over. By the time you get up, both the pirate and the hot new Michael Jackson single are gone. "Don't worry about that," says the gnome, "Borders® is giving those away free with the purchase of any Michael Jackson CD and you'll be inflicting some justice on him after you go through the trapdoor in the house. You'll probably want to pick up an Energizer® for that lantern in the attic first, though, so that it doesn't kick out on you like competing brands will when you get to the maze of twisty passages."
So many of the 'problems' we've got with technology are really problems with human interaction. Another example is all the jumping through hoops businesses do to restrict employee usage of the internet using expensive hardware and software rather than handling misuse of the internet as stated in company policy in a similar way to handling employee tardiness or any other situation in the employer-employee relationship that you can't fit a fancy software filter between. In school/college of all places teaching people to correct inappropriate behavior rather than trying to simulate an environment where it will never occur seems more productive to me in the long run, even if it is inconvenient when trying to run a class.
In other news, Congressman Bob Barr (of Georgia) was on CNN today saying that enforcement of current laws is more important than cracking down on our civil liberties. If you are in Georgia, please give him your support and bring up how either the mandatory encryption backdoor issue or the amendment tacked on to H.R. 2500 vastly increasing the authority of law enforcement to wiretap with reduced oversight will impact civil liberties without any proof that they are necessary to combat terrorism.
Like you say, I'm not going to spend money at a store that makes me feel uncomfortable. I would hope other people follow suit, but given how apathetic the majority tends to be I think the rest of us are going to have little alternative but to adjust in the long run as more and more places pick this technology up. After all, only criminals have something to hide, right?
The process of installing and operating Linux usually entails learning something about the hardware it's running on, so sitting a child interested in computers in front of a computer running it might actually have that additional benefit over just plunking him/her down in front of a locked-down Windows system. Besides, are you that certain that Windows will remain a standard over the next five to ten years?
The problem is that copyright law are so horrible abused by huge amounts of people that the situation just has to be dealt with.
The DMCA is not needed to criminalize copyright infringement in a digital environment (despite what U.S. lawmakers appeared to believe when they helped it coast through our system) -- existing laws do this, and they aren't harder to enforce than the DMCA. Even if you believe that society is abusing copyright law and not vice versa, the DMCA is just lumping groups like 'people who make tools with the potential for being used for copyright violation' and 'people who give details publicly about a scheme to restrict access to copyrighted material' in with the same group as 'copyright infringers'. In the sense that it is more likely for a corporation looking to threaten potential copyright infringers to find someone to make an example of in the courts, I suppose one could say enforcement is easier... but creating an atmosphere where free speech is no longer tolerated is IMHO more immoral than letting minor cases (or even Napster-sized cases) of copyright infringement slide.
---
Port 27374 is usually used by the SubSeven trojan (Windows). I've heard of at least one opportunistic worm that actively seeks out SubSeven-infected machines and uses the trojan to install itself, but it most likely isn't related to Code Red. I've had pretty good success at using Google to look up strange port numbers caught by my firewall; doing a search like "port 27374" (including the quotation marks) usually pulls up enough information in the first set of hits to tell me what I'm dealing with.
---
It didn't hit me until the night after I posted that I was staring at the obvious; if the server operators can be trusted to share a secret key that they use to generate hashes, the algorithm doesn't need to be secret or take an inconvenient amount of time to run. I was solving the wrong problem. I decided to graft some code to the latest version of ircd-hybrid (the EFNet server of choice) to see what the ramifications would be if they ran my revised scheme (TripleDES over the hostname, MD5 over the result, append enough plaintext information about the domain to the end of the hash so that chanops can still ban problematic domains). The following is a log of me testing it out (ShtRck1 and ShtRck2 are both on locally, ShtRck3 is logging on from an address that is looked up through DNS... Slashdot is inserting spaces in wierd places but you can get the general idea).
------
/WHOIS shtrck1 0 (Debian User) /WHOIS list.. 0) has joined channel #asdf. com) has joined channel #asdf
/KICK #asdf ShtRck3 Testing... . com) has joined channel #asdf
/MODE #asdf +b *@*.aol.com
/KICK #asdf shtrck3
/MODE #asdf -b f c1.127.0 995156621
*** ShtRck1 is sheetrck@0676a057.10ffd120.74043469.f0ca9fc1.127.
*** on channels: @#asdf
*** on irc via server noop (hybrid-7 test server)
*** ShtRck1 has been idle 13 minutes, signed on at Sat Jul 14 19:21:00 2001
*** shtrck1 : End of
*** ShtRck2 (sheetrck@0676a057.10ffd120.74043469.f0ca9fc1.127
*** ShtRck3 (sheetrck@cc972d09.d9f38191.49dbe927.93a4eff0.aol
*** ShtRck3 has been kicked off channel #asdf by ShtRck1 (Testing...)
*** ShtRck3 (sheetrck@cc972d09.d9f38191.49dbe927.93a4eff0.aol
*** Mode change "+b *!*@*.aol.com" on channel #asdf by ShtRck1
*** ShtRck3 has been kicked off channel #asdf by ShtRck1 (shtrck3)
*** #asdf *!*@*.aol.com ShtRck1!sheetrck@0676a057.10ffd120.74043469.f0ca9
*** Total number of bans on #asdf - 1
------
The two awkward things I see in this scheme are the length of the fake addresses (which do fit comfortably within the hostname space allocated by Hybrid) and the need to trust every operator on EFNet to guard the key. Should the key become compromised, it would be simple enough to generate a new one and distribute it to server ops, but as you mention it would invalidate everybody's autoban/autoop lists. Then again, server ops are trusted to not maliciously modify their servers or randomly kill other servers and that's worked out pretty well so far. Given the ease of writing this patch, I'm kind of surprised they haven't done it already; the server already optionally links to OpenSSL. My guess is that they haven't seen much of a need beyond spoofing server operator hostnames (something they've made provision for in the source) so they decided it's a non-priority.
Do you think VWorld would be interested in strengthening their system like this? Are there any other obviously incorrect assumptions in my design?
---
The algorithm should take something like 30 seconds or a minute to perform on a domain or IP address by an average IRC server, which could cache calculated hashes for speedier subsequent logins from that address. Take the entire IP address/domain name to use in generating the hash and don't reveal any part of the user's real address to other IRC users. This would give roughly 2^32 addresses to guess at, as you mention. The IRC server should only use the IP address of a client to compute the hash as a last resort when a domain lookup doesn't work. This scenario would make it computationally infeasible to generate a lookup database client-side.
Additionally, if a secret numerical seed was used in generating this hash and shared only amongst server operators, the threat of someone generating (or stealing from an IRC server, assuming generated hashes are cached to improve future performance) a lookup database could be softened somewhat by the potential of server operators choosing a new key if a compromise occurs or on a periodic basis. This would make the database worthless. It's similar to the way Unix crypt() fights lookups using 'salt', but this secret key can't be randomly generated because then the hash would be worthless for doing autobans and the like (it'd change every login).
This scheme will decrease in effectiveness as computing strength grows. The only way to combat this is to increase the computing needed to process the algorithm. The algorithm must be adjustable, perhaps by adjusting its key length or by running it more than once.
So, basically, if VWorld can find a one-way cryptographic function where the time required to encrypt can be adjusted periodically and the function can be seeded by a large key provided by IRC operators, I think they'd be better off. Perhaps something like Blowfish run a particular number of times or with a particular key size (to slow it down) over the domain name/IP address, then MD5 over the output from the cipher to get short, consistently-lengthed output for the fake domain name shown to other IRC users.
---
BTW (in an attempt to add some meaningful content to this post), Toxic Sludge Is Good For You IS a good read, and once you know the ways corporations influence the government and the media it becomes a lot easier to see just how little meaningful investigative journalism goes on anymore.
---
First of all, even if rootkits were declared illegal tomorrow, they'd still get made and distributed -- they just wouldn't be as available to the people who need to detect them and clean them up. Additionally, illegal in the U.S. doesn't necessarily mean illegal overseas or even illegal in Canada... though I'm sure our government is working on that.
Additionally, if developing rootkits is deemed illegal, we start making our way down that famed slippery slope. How does one define a rootkit? Will 'certified' security experts be able to design proof-of-concept rootkits while the rest of us amateurs are considered to be criminals for doing so even in the interest of proving security vulnerabilities? How about individual exploits; will a chunk of code that demonstrates a vulnerability allowing the spawning of a remote root shell be considered a rootkit? Given the rather loose definitions in our laws, I'd bet so. This would effectively kill the idea of full disclosure and much of the amateur research into computer security.
Finally, the more legal intervention that occurs in Internet activities, the better the chances the things that have always made the Internet useful and unique will get stamped out. Cutting down on the free exchange of ideas is a bad idea except where it is absolutely necessary, and in this case I doubt it would be even slightly effective. The focus should be on fixing the software and the infrastructure, because not having public knowledge of the flaws in these systems isn't going to make the flaws any less exploitable to someone who already doesn't care about the law.
---
First, DR-DOS. I can't argue that this is a matter of a Windows API breaking code, but it is an example of Microsoft deliberately introducing an incompatibility for the sake of defeating competition. This page explains that it was likely that only developers and computer makers saw this message because the routine (which was encrypted to prevent easy discovery) to display it was disabled before Windows 3.1 went to market (it was only in a beta, as you claim, but it still did significant harm to DR-DOS because computer makers saw it). The message was still present in the shipped binary, disproving the Microsoft assertion that this was all an urban legend, and this page has a utility you can grab (in addition to the source code) to find the message in Windows 3.1. The page also mentions that Microsoft QuickC under DR-DOS would emit an ominous message (but would presumably still run). So you can't say that malicious coding has never been on their mind and you can't blame people for being a bit suspicious when things break strangely.
Another example, though one I'm less likely to attribute to malicious incompatibility for the reason I give at the top of this reply, can be found under 'Smothering Freeware' on this site. Equally interesting (and also mentioned on this page) was the breaking of Professor Felten's demonstration in the recent antitrust trial of Microsoft that Internet Explorer did not need to be integrated into the operating system for the operating system to function. Felten had to provide his program to Microsoft as part of discovery and at some point between then and the trial his program no longer functioned properly. There was some speculation that Microsoft deliberately broke the program, though I tend to believe that their updates just didn't take the functioning of this program into account because, by definition, Felten's program was trying to convert Windows 98 into a non-standard state.
Finally, Kerberos in Windows 2000. Though that was broken from the start (i.e., it wasn't a change to break existing software on Windows), one could argue that it was specifically broken to discourage compatibility of a nature Microsoft didn't want between their system and competitors' systems. Or one could argue that Microsoft liked the technology but didn't want to invest any more effort into development than was necessary to meet their goals (compatibility with other Win2k, whatever other compatibility exists is purely a bonus). Discussion here (search for 'Kerberos') suggests that the incompatibility is a benign by-product of innovation. This (search for 'clickwrap') suggests that it wasn't... putting the specification of the Microsoft changes to the protocol under NDA clickwrap forces an incompatibility between standard Kerberos and MS Kerberos. A matter of perspective, to be sure, but a reminder that seamless compatibility is hardly a priority.
---
The password file is an obvious point of vulnerability, but it isn't the only one.
---
Still, StarOffice has worked as well for me as a word processor as Microsoft Word does (frequent crashes). The GIMP has worked better for me than any paint package I can afford and it lets me script, too. Between Netscape and Konqueror I can visit most worthwhile websites. I'd hardly call my setup dead. The fact that a desktop this functional can be cobbled together on a budget might even mean the quick revival of the Linux desktop once commercial software licenses become easier to verify.
---
They really are more useful than they're given credit for.
---
---
I'd worry more if vmlinuz and modules start to grow exponentially.
---
---
However, there's a group out there that's getting shafted worse than the artists/authors/programmers, and they're known as the consumers. The various industries that trade primarily in intellectual property have made the use and consumption of intellectual property into a black & white issue; as a consumer, you can choose between using the content that you've paid for within the narrow confines laid out for you by the copyright holder, or be labeled a pirate and a thief. Intellectual property rules run counter to everything we've learned about ownership because they're being applied to the content and not the medium, and aside from the wanks that just want to get something for nothing many of us that aren't willing to lump Aimster, Gnutella, et. al. in with Napster have some very serious concerns about the way intellectual property ownership is being handled. Let me give a few examples of why I think our current method of dealing with intellectual property sucks.
Example 1: the DeCSS fiasco. Hypothetical situation: I buy a DVD-ROM. I buy a DVD. I run Linux and only Linux. I want to access the content that is bought and paid for and in theory is legally mine to do with what I will within the fair use exceptions of U.S. Copyright law. In practice, the MPAA has screwed me out of my rights by making it legally impossible to exercise them. They're exploiting a law intended to make sure that copyright holders are fairly compensated by sheltering their content within a digital barricade that is illegal for anyone but CSS licensees to remove. They're doing this to make it more convenient for them to sell the same product at different times and at different prices based on geographical location, which permits them to extract more profit by setting higher prices on markets willing to pay them and forbids people in one market from being able to purchase the same product from a different market.
Example 2: return policies. If I buy a CD, movie, or software package that sucks, I can't return it unless it's damaged, in which case I can return it for the same thing. One usually can't preview any of these things to see if it's something worth buying. Sometimes I feel like I've really been screwed on a deal (I buy a CD that has been censored and there's no warning that I'm buying an altered copy on the label or I get software that won't do what it's advertised to do until the manufacturer decides to release a bugfix a couple of months from now) and I've got no alternative but to take the same crapshoot the next time I want to buy any of the above.
Example 3: the definition of piracy. It changes from person to person. Some people think it's stealing music to download it and listen to it before buying it. "But no one does that... why would you pay money for music if it's already on your hard drive?" Because I like to support the artist, damnit. I wouldn't have ever gotten into Air if I hadn't listened to their MP3s first, and now I own three of their CDs. Other people think piracy is when the artist isn't being compensated for their work. Imagine all those fools who own extensive used-CD/used-DVD collections -- little did they know that they're just as guilty of stealing intellectual property as any Gnutella user. Software companies like Microsoft are on top of this, fortunately, by burying prohibitively restrictive clauses in their EULAs that stop pirates like me from letting friends borrow a game or selling off an operating system they're never going to use but ended up paying for anyway.
Food for thought, or at least it ought to be. I hope that you get modded up (if you aren't already) for pointing out that content doesn't create itself and that it isn't morally justifiable to steal from one group just because you feel like another is giving you a raw deal. I don't think that either of our concepts are given more than lip service by copyright holders or the P2P users who are seeking excuses to keep the free stuff coming, but it's obvious that some compromise needs to be made to stop both the producer and the consumer from getting screwed.
---
---