Isn't this basically what companies like Netcom and Compuserve did? Unix systems with large numbers of unrelated users all having logins. You'll need some sort of central directory for passwords (pam_ldap or something similar should work wonders there), but otherwise it sounds like what Unix-like systems have been doing for decades.
There's an intrinsic problem, but it's not specific to client-server. The basic problem is programmer attitude. There's two basic attitudes towards input data:
All input data is assumed to be valid and legal until proven otherwise.
All input data is assumed to be invalid and illegal until proven otherwise.
The correct attitude to take is #2: assume anything handed to your program from outside is completely screwy until you can validate it. So, for example, you assume an input stream is infinitely long and will overflow your buffers until you determine, by hitting an end-of-data mark without having overflowed your buffer, that it isn't. But this is hard to do, because your code has to handle arbitrary input and be prepared to handle anything thrown at it. It's easier to code to handle correct input and throw in a bit of error handling that you hope will catch all the invalid cases. That's attitude #1 at work, and as proven again and again it results in conditions that your program can't handle correctly and can't detect correctly.
Until attitude #1 is eradicated, we'll continue to see security holes that exploit problems in input data handling.
I do, but in restricted circumstances. The main criteria is that the package has to be checksum-verified and come from a developer and a site I recognize as trustworthy. Anything else gets compiled as a regular user and installed under a home directory, and I watch the output as make runs. Then if I decide to install the software I change ownership and move the installed copy to it's final location.
Yes, I'm paranoid. You'd be too if you'd spent time working at a university where you could virtually guarantee that one or another of those "helpful" classmates slipped something in to embarass you if you didn't watch out.
And, of course, how long before the root-owned Tripwire process detects the infection? That tells me when the infection occured, which gives me a known clean point for restores. That'll also put me on notice to clean things up before damage occurs, so unless I'm completely ignoring my own safety precautions it'll still be less than one day's worth of changes at risk.
What amazes me is that this is the same procedure I was using back in 1985 to protect myself from virus/trojan infestations. Different product, but same process.
And by the way, you can infect ls and ps and df. Every now and then, I log in as root, to do some maintenance-type thing, or install something. And while I'm root, if I run a virus-infected program, then the virus has root privilege, and can infect ls and ps and df and anything else it wants to.
This does ignore one trait of Unix users, though. Normally I run as a regular user, and I don't have permissions to write to system files or root's personal files. All I can infect is my own, and all my executables live below my home directory. When I su to root, I have things set so that the path automatically gets reset to the system defaults which do not include anything under home directories and most emphatically doesn't include the current directory. This means that, as root, I can't run any of the files that might have been infected by a virus run by any regular user without jumping through some hoops first (which I'm unlikely to do exactly because they're dangerous and unneccesary). This vastly reduces the ability of a virus to spread across the system. Not eliminates, I can always do something stupid, but vastly reduces.
A virus can destroy my data files, but that's why backups were invented. At worst I lose a day or so's worth of work, whatever was done since the last backup. The new generation may be different, but the older of us view backups as somewhere between a religion and an obsession. This should be system-independent, really, and in this day of cheap CD burners and large-capacity Zip and Orb drives and such there's no excuse.
Namely, what entry vectors it uses. So now we know there's a new virus out, but we don't have any idea how it's going to infect a system. We know we may be vulnerable, but we don't have any idea what we have to check or shut down to stop being vulnerable. This is why I get fanatic about full disclosure.
In a recent Mozilla RC or nightly build, pull up Preferences and look under Privacy and Security | Images. In the bottom section are radio buttons to control whether you want animated images to loop as specified, once only or never. Select once only or never and animated images won't bother you again.
In most of the cases of audits like this, the software was paid for, either at retail or when the software came with the machine. Over time, though, the license stickers and such get lost. So even though you've got a computer that came with the OS from the maker, and you've got all the original media and such that match it, you can't prove you were licensed and so are considered to have pirated the OS that the computer maker sold you along with the machine. This is one of the reasons MS and other software companies and the BSA keep harping so loudly on the "settle and we won't audit you" line: they're deathly afraid of the company that can in fact produce all the paperwork and is ticked off enough to countersue them for malicious prosecution, disruption of business, defamation and extortion.
Actually the problem is that Microsoft is right, just not from the perspective they're trying to say they're right from. As a software vendor you can't make a long-term business giving away free software. You can make a business as a consulting house charging for services with free software being one of the tools you use to deliver those services, but not as a software vendor.
Thing is, the customers aren't software vendors. To the customer the software is a tool used to do something. Microsoft's business model is irrelevant to the customer, except where it affects whether they can continue to get the tools they need in working condition. So whether Microsoft can see a business model in selling free software or not doesn't affect whether the schools see a business model in educating students using free software.
I'll have to agree. This is the bill that would explicitly make opt-out legally acceptable everywhere except it's few protected areas. I'd rather it died a horrible death so we can go for better ones at the state as well as Federal levels, than have it become law and trump potentially stronger state-level protections.
Not that I think this is why Lott killed it, but I'll still take it as a good thing in this instance.
No, the ruling in that case was specifically that the video store had the right to make edited copies for customers who'd bought or were in the process of buying the tape. No broadcast involved.
It isn't so much the judge as the plaintiff trying to persuade the judge that the fiddling details of the technology make a difference.
All the more reason to keep harping on the similarities. Just as you said, all the features of the PVR are available on a standard VCR or could be implemented, even sharing. Go Video fought that case around their double-well VCR and won. Rule #1: never ever fight a battle on your opponent's terms. The judge rules based on what's presented, and if the plaintiff's the only one bringing up options for how the judge treats things the plaintiff's likely to win. So why the hell aren't the defendants bringing up the string of cases starting with the Betamax case that say consistently that plaintiffs here haven't a legal leg to stand on?
If they were just interested in the sharing, they could request recording only of which programs a user shared with who and when. But their request was for what users watch, record to watch or skip commercials on in addition to what they share. There's no need for the first three, because under copyright law they're all legal. And even the sharing may be entirely legal under traditional copyright law, because copyright law has been held by the courts to include the right to make copies for personal use of things you own a copy of. One of the more recent decisions, involving a video store in Utah making edited copies of the movie Titanic with scenes involving nudity removed, even held that you could legally have someone make those copies for you.
Yes, the judge will almost certainly try to treat the PVR differently, but IMHO SonicBlue and the others should continue harping on the similarities. Movies didn't cease to be movies just because they were recorded on iron oxide instead of celluloid. VCRs don't cease to be VCRs just because they store video on silicon instead of iron oxide and can send what they've recorded from the living-room set to the bedroom set without you needing to take the tape out and put it back in the other machine. Make it as hard as possible for the judge to throw out the old precedents, because no judge wants to go on record as contradicting Federal appeals courts and the Supreme Court.
Bear in mind that the same arguments were made against the VCR as are being made against the PVR. The courts ruled that it didn't matter how large or small a percentage the legitimate uses were, because the VCR manufacturers didn't have control over that. All that mattered was that a) there were legitimate, non-copyright-infringing uses for VCRs, and b) the VCR makers were targeting their sales at those legitimate uses and not to the illegal ones. If one replaced PVR with VCR in the case, the court would have to ignore Federal appeals court precedent to rule in favor of plaintiffs here. So what precisely is different between a VCR and a PVR, other than that one records on iron oxide on a plastic substrate and the other records on silicon, that would demand that the two not be treated the same?
Privacy: police officers in pursuit of a search warrant are subject to more stringent rules when it comes to exceeding the scope of the warrant. This may discourage trawling expeditions through material not covered by the warrant, including other users' data, and certainly would expose the agency requesting the warrant to punishment if they did exceed it's scope. This would all tend to protect the privacy of other users.
Agency: when the ISP is doing the search at the request of law enforcement in pursuit of a search warrant, they are bound to the same rules as law enforcement would be. If the police are asking for the information, I see no reason why the same rules shouldn't apply whether they're getting it directly or asking someone else to get it for them.
Persons, Articles, Effects: this would be much like saying that a video store's records of what you rented aren't covered. This came up in a case some time back, and the final fall-out was exactly the opposite of your position.
Cost: the ISP bears the costs regardless of whether there's police present or not. Making the police be present merely imposes the same cost on the police pursuing the warrant as if they had to make an ordinary search of the subject's home. This would bring some balance back. They could no longer cheaply search everyone they feel like, they'd have to do some work first and concentrate the searches on those they have good reason to suspect.
Look at history. No culture that existed 10,000 years ago has survived intact to the present day, all of them either fell or reverted to primitivism (or never got out of it in the first place). If I had to bet, I would not bet against the track record.
It's capped at the modem to prevent saturating the bandwidth on the cable between the modem and the head-end. There's only a finite amount of it, and if they didn't control it from the modem you'd end up in the same shape as firing up a 50-megabyte download via FTP over a modem and then trying to play Counterstrike while the download was saturating the line.
And for those thinking that uncapping's good because you get the speed, think about this: what's going to happen when that little kid down the street uncaps his modem and starts running a file-sharing server sucking up 99% of the bandwidth, leaving you trying to compete with him just to read your e-mail? What goes around, comes around.
I think there's a disconnect here. Why would you first assume that the computer from Dell is the identical same product as the one from Gateway? Your modified version is based on the assumption that all products are identical, where the point of modular Windows is to allow them to be different depending on the market the OEM is selling to. It doesn't even have to be the OEM, the modular form would allow someone to create an "I've never used a computer before" version of Windows that could and would install on both the Dell and Gateway machines without hassle.
Having everyone start on the same footing assumes that all users are identical. As someone who's been jockeying computers since before MS-DOS existed, I don't want to have the same base apps as someone who's never seen a computer before. I want to discard all of that and pick and choose what I want without forcing everyone else to do so as well (same as I want to use Gnome as my default desktop on my home systems without forcing anyone else who uses them to do the same).
Isn't that kind of like being worried that if you buy a Ford Ranger you wouldn't get exactly the same thing as if you bought a Z3 sports car? Obviously you'd choose which product to buy based on which one offered what you wanted. If you wanted Opera and not Netscape you'd buy the Dell instead of going to Gateway, and vice versa. Another advantage: it'd be much more likely in a modular system that you could replace parts yourself as needed, eg. if the Gateway offered everything you wanted except for offering StarOffice where you wanted MSOffice it'd be much easier to remove StarOffice and install MSOffice without breaking everything else Gateway had installed. IMO all of this would be Good Things, yielding systems tailored more closely to what you wanted and with fewer interdependencies to keep you from getting exactly what you wanted.
As to the first, they only lose their rights to the degree that they agree to lose them. They didn't have to base their work on GPL'd software, and if they did then they did so knowing what the rules were. Remember that the guy who wrote the GPL'd software also has IP rights, and the right to license his code and enforce that license. By the argument that the GPL denies IP rights, MS's licenses also deny IP rights because they deny me the ability to add my IP to MS's code and distribute the result in source-code form (thus revealing the MS source code the MS license forbids me from revealing).
That's the rub with IP rights: if you account for anybody's you have to account for everybody's.
Only one problem: it'd only flag what's on the record. The ex-priest who got nailed in San Diego for child abuse back on the East Coast had no record. The guys who flew the planes into the WTC had no records. A national ID card, biometric or otherwise, wouldn't have done a damned thing to identify or stop any of them.
And their weasel doesn't fly. 50 cross-linked and cross-checkable databases are equivalent to a Federal database, and saying they aren't doesn't make it so. I see no compelling reason to give the government a one-stop record of everyone who isn't a threat but may be inconvenient or "undesirable", when doing so won't serve any of the purposes it's being put forward for.
Only one thing: the car dealer won't give you the car until after the paperwork's complete and you've given him the payment. With software they're taking your money and giving you the software, completing the transaction, and then requiring you to agree to new terms to use the software you've just bought. That's equivalent to the dealer taking your money, turning over the car, then when you go to get in finding a notice on the door saying that to drive your car you have to agree to drive the dealer anywhere he wants to go for the next year, at your expense. Any court would throw that out in a heartbeat, but software companies expect the equivalent to be upheld.
I meant the implementation is heavy on templates internally too. As in you can get templates nested 3 and 4 and more levels deep on even apparently simple code. The worst I saw working with it was a type signature for a 3-argument function that took 7 100-character lines to print out with all the types expanded all the way and enough angle-brackets to match up to make even a hardened Lisp programmer nauseous.
The big downside is executable code bloat if your compiler isn't good at optimizing away unneeded generated template code. The STL is almost entirely template-based. You could also call it a downside that you need a fairly current compiler because the STL makes heavy use of recently-introduced template features that even moderately old compiler versions won't understand.
You also get a certain amount of lock-in, where stuff that deals with STL-using modules also tends to need to use STL to pass the right containers around, but you can deal with that in wrapper layers and IMHO the gains make the little extra work worth it.
I think the Napster/etc. situation says otherwise. What people go on-line to find isn't the pap the majors are pushing this month, they can find that at the local store. What they're looking for is the odd, unusual, minor stuff that they like that the majors won't touch.
Slashdot Mirror
Isn't this basically what companies like Netcom and Compuserve did? Unix systems with large numbers of unrelated users all having logins. You'll need some sort of central directory for passwords (pam_ldap or something similar should work wonders there), but otherwise it sounds like what Unix-like systems have been doing for decades.
There's an intrinsic problem, but it's not specific to client-server. The basic problem is programmer attitude. There's two basic attitudes towards input data:
- All input data is assumed to be valid and legal until proven otherwise.
- All input data is assumed to be invalid and illegal until proven otherwise.
The correct attitude to take is #2: assume anything handed to your program from outside is completely screwy until you can validate it. So, for example, you assume an input stream is infinitely long and will overflow your buffers until you determine, by hitting an end-of-data mark without having overflowed your buffer, that it isn't. But this is hard to do, because your code has to handle arbitrary input and be prepared to handle anything thrown at it. It's easier to code to handle correct input and throw in a bit of error handling that you hope will catch all the invalid cases. That's attitude #1 at work, and as proven again and again it results in conditions that your program can't handle correctly and can't detect correctly.Until attitude #1 is eradicated, we'll continue to see security holes that exploit problems in input data handling.
Nope. Using gopher://somehost.somenet:80 in a URL will bypass your block with ease. The exploit's based on the protocol used, not the port used.
I do, but in restricted circumstances. The main criteria is that the package has to be checksum-verified and come from a developer and a site I recognize as trustworthy. Anything else gets compiled as a regular user and installed under a home directory, and I watch the output as make runs. Then if I decide to install the software I change ownership and move the installed copy to it's final location.
Yes, I'm paranoid. You'd be too if you'd spent time working at a university where you could virtually guarantee that one or another of those "helpful" classmates slipped something in to embarass you if you didn't watch out.
And, of course, how long before the root-owned Tripwire process detects the infection? That tells me when the infection occured, which gives me a known clean point for restores. That'll also put me on notice to clean things up before damage occurs, so unless I'm completely ignoring my own safety precautions it'll still be less than one day's worth of changes at risk.
What amazes me is that this is the same procedure I was using back in 1985 to protect myself from virus/trojan infestations. Different product, but same process.
And by the way, you can infect ls and ps and df. Every now and then, I log in as root, to do some maintenance-type thing, or install something. And while I'm root, if I run a virus-infected program, then the virus has root privilege, and can infect ls and ps and df and anything else it wants to.
This does ignore one trait of Unix users, though. Normally I run as a regular user, and I don't have permissions to write to system files or root's personal files. All I can infect is my own, and all my executables live below my home directory. When I su to root, I have things set so that the path automatically gets reset to the system defaults which do not include anything under home directories and most emphatically doesn't include the current directory. This means that, as root, I can't run any of the files that might have been infected by a virus run by any regular user without jumping through some hoops first (which I'm unlikely to do exactly because they're dangerous and unneccesary). This vastly reduces the ability of a virus to spread across the system. Not eliminates, I can always do something stupid, but vastly reduces.
A virus can destroy my data files, but that's why backups were invented. At worst I lose a day or so's worth of work, whatever was done since the last backup. The new generation may be different, but the older of us view backups as somewhere between a religion and an obsession. This should be system-independent, really, and in this day of cheap CD burners and large-capacity Zip and Orb drives and such there's no excuse.
Namely, what entry vectors it uses. So now we know there's a new virus out, but we don't have any idea how it's going to infect a system. We know we may be vulnerable, but we don't have any idea what we have to check or shut down to stop being vulnerable. This is why I get fanatic about full disclosure.
In a recent Mozilla RC or nightly build, pull up Preferences and look under Privacy and Security | Images. In the bottom section are radio buttons to control whether you want animated images to loop as specified, once only or never. Select once only or never and animated images won't bother you again.
In most of the cases of audits like this, the software was paid for, either at retail or when the software came with the machine. Over time, though, the license stickers and such get lost. So even though you've got a computer that came with the OS from the maker, and you've got all the original media and such that match it, you can't prove you were licensed and so are considered to have pirated the OS that the computer maker sold you along with the machine. This is one of the reasons MS and other software companies and the BSA keep harping so loudly on the "settle and we won't audit you" line: they're deathly afraid of the company that can in fact produce all the paperwork and is ticked off enough to countersue them for malicious prosecution, disruption of business, defamation and extortion.
Actually the problem is that Microsoft is right, just not from the perspective they're trying to say they're right from. As a software vendor you can't make a long-term business giving away free software. You can make a business as a consulting house charging for services with free software being one of the tools you use to deliver those services, but not as a software vendor.
Thing is, the customers aren't software vendors. To the customer the software is a tool used to do something. Microsoft's business model is irrelevant to the customer, except where it affects whether they can continue to get the tools they need in working condition. So whether Microsoft can see a business model in selling free software or not doesn't affect whether the schools see a business model in educating students using free software.
I'll have to agree. This is the bill that would explicitly make opt-out legally acceptable everywhere except it's few protected areas. I'd rather it died a horrible death so we can go for better ones at the state as well as Federal levels, than have it become law and trump potentially stronger state-level protections.
Not that I think this is why Lott killed it, but I'll still take it as a good thing in this instance.
This ruling probably protects broadcasters.
No, the ruling in that case was specifically that the video store had the right to make edited copies for customers who'd bought or were in the process of buying the tape. No broadcast involved.
It isn't so much the judge as the plaintiff trying to persuade the judge that the fiddling details of the technology make a difference.
All the more reason to keep harping on the similarities. Just as you said, all the features of the PVR are available on a standard VCR or could be implemented, even sharing. Go Video fought that case around their double-well VCR and won. Rule #1: never ever fight a battle on your opponent's terms. The judge rules based on what's presented, and if the plaintiff's the only one bringing up options for how the judge treats things the plaintiff's likely to win. So why the hell aren't the defendants bringing up the string of cases starting with the Betamax case that say consistently that plaintiffs here haven't a legal leg to stand on?
If they were just interested in the sharing, they could request recording only of which programs a user shared with who and when. But their request was for what users watch, record to watch or skip commercials on in addition to what they share. There's no need for the first three, because under copyright law they're all legal. And even the sharing may be entirely legal under traditional copyright law, because copyright law has been held by the courts to include the right to make copies for personal use of things you own a copy of. One of the more recent decisions, involving a video store in Utah making edited copies of the movie Titanic with scenes involving nudity removed, even held that you could legally have someone make those copies for you.
Yes, the judge will almost certainly try to treat the PVR differently, but IMHO SonicBlue and the others should continue harping on the similarities. Movies didn't cease to be movies just because they were recorded on iron oxide instead of celluloid. VCRs don't cease to be VCRs just because they store video on silicon instead of iron oxide and can send what they've recorded from the living-room set to the bedroom set without you needing to take the tape out and put it back in the other machine. Make it as hard as possible for the judge to throw out the old precedents, because no judge wants to go on record as contradicting Federal appeals courts and the Supreme Court.
Bear in mind that the same arguments were made against the VCR as are being made against the PVR. The courts ruled that it didn't matter how large or small a percentage the legitimate uses were, because the VCR manufacturers didn't have control over that. All that mattered was that a) there were legitimate, non-copyright-infringing uses for VCRs, and b) the VCR makers were targeting their sales at those legitimate uses and not to the illegal ones. If one replaced PVR with VCR in the case, the court would have to ignore Federal appeals court precedent to rule in favor of plaintiffs here. So what precisely is different between a VCR and a PVR, other than that one records on iron oxide on a plastic substrate and the other records on silicon, that would demand that the two not be treated the same?
Counterpoints:
Look at history. No culture that existed 10,000 years ago has survived intact to the present day, all of them either fell or reverted to primitivism (or never got out of it in the first place). If I had to bet, I would not bet against the track record.
It's capped at the modem to prevent saturating the bandwidth on the cable between the modem and the head-end. There's only a finite amount of it, and if they didn't control it from the modem you'd end up in the same shape as firing up a 50-megabyte download via FTP over a modem and then trying to play Counterstrike while the download was saturating the line.
And for those thinking that uncapping's good because you get the speed, think about this: what's going to happen when that little kid down the street uncaps his modem and starts running a file-sharing server sucking up 99% of the bandwidth, leaving you trying to compete with him just to read your e-mail? What goes around, comes around.
I think there's a disconnect here. Why would you first assume that the computer from Dell is the identical same product as the one from Gateway? Your modified version is based on the assumption that all products are identical, where the point of modular Windows is to allow them to be different depending on the market the OEM is selling to. It doesn't even have to be the OEM, the modular form would allow someone to create an "I've never used a computer before" version of Windows that could and would install on both the Dell and Gateway machines without hassle.
Having everyone start on the same footing assumes that all users are identical. As someone who's been jockeying computers since before MS-DOS existed, I don't want to have the same base apps as someone who's never seen a computer before. I want to discard all of that and pick and choose what I want without forcing everyone else to do so as well (same as I want to use Gnome as my default desktop on my home systems without forcing anyone else who uses them to do the same).
Isn't that kind of like being worried that if you buy a Ford Ranger you wouldn't get exactly the same thing as if you bought a Z3 sports car? Obviously you'd choose which product to buy based on which one offered what you wanted. If you wanted Opera and not Netscape you'd buy the Dell instead of going to Gateway, and vice versa. Another advantage: it'd be much more likely in a modular system that you could replace parts yourself as needed, eg. if the Gateway offered everything you wanted except for offering StarOffice where you wanted MSOffice it'd be much easier to remove StarOffice and install MSOffice without breaking everything else Gateway had installed. IMO all of this would be Good Things, yielding systems tailored more closely to what you wanted and with fewer interdependencies to keep you from getting exactly what you wanted.
As to the first, they only lose their rights to the degree that they agree to lose them. They didn't have to base their work on GPL'd software, and if they did then they did so knowing what the rules were. Remember that the guy who wrote the GPL'd software also has IP rights, and the right to license his code and enforce that license. By the argument that the GPL denies IP rights, MS's licenses also deny IP rights because they deny me the ability to add my IP to MS's code and distribute the result in source-code form (thus revealing the MS source code the MS license forbids me from revealing).
That's the rub with IP rights: if you account for anybody's you have to account for everybody's.
Only one problem: it'd only flag what's on the record. The ex-priest who got nailed in San Diego for child abuse back on the East Coast had no record. The guys who flew the planes into the WTC had no records. A national ID card, biometric or otherwise, wouldn't have done a damned thing to identify or stop any of them.
And their weasel doesn't fly. 50 cross-linked and cross-checkable databases are equivalent to a Federal database, and saying they aren't doesn't make it so. I see no compelling reason to give the government a one-stop record of everyone who isn't a threat but may be inconvenient or "undesirable", when doing so won't serve any of the purposes it's being put forward for.
Only one thing: the car dealer won't give you the car until after the paperwork's complete and you've given him the payment. With software they're taking your money and giving you the software, completing the transaction, and then requiring you to agree to new terms to use the software you've just bought. That's equivalent to the dealer taking your money, turning over the car, then when you go to get in finding a notice on the door saying that to drive your car you have to agree to drive the dealer anywhere he wants to go for the next year, at your expense. Any court would throw that out in a heartbeat, but software companies expect the equivalent to be upheld.
I meant the implementation is heavy on templates internally too. As in you can get templates nested 3 and 4 and more levels deep on even apparently simple code. The worst I saw working with it was a type signature for a 3-argument function that took 7 100-character lines to print out with all the types expanded all the way and enough angle-brackets to match up to make even a hardened Lisp programmer nauseous.
The big downside is executable code bloat if your compiler isn't good at optimizing away unneeded generated template code. The STL is almost entirely template-based. You could also call it a downside that you need a fairly current compiler because the STL makes heavy use of recently-introduced template features that even moderately old compiler versions won't understand.
You also get a certain amount of lock-in, where stuff that deals with STL-using modules also tends to need to use STL to pass the right containers around, but you can deal with that in wrapper layers and IMHO the gains make the little extra work worth it.
I think the Napster/etc. situation says otherwise. What people go on-line to find isn't the pap the majors are pushing this month, they can find that at the local store. What they're looking for is the odd, unusual, minor stuff that they like that the majors won't touch.