True, but then on Unix all the configuration's on the filesystem anyway. Usually all you want in the end's a list of what changes the program made. Detailed step-by-step traces are useful only rarely, in debugging arcane problems. If I need more detail than Tripwire gives by default, I usually just diff the new files against a CD-RW backup from just before the install ( yes, I'm spoiled by being able to quickly back up my configuration that way ).
Hate to say it, but we do have that. It's called Tripwire. Been on Sourceforge since 1998, and I can recall mention of it back for years before that. Thing's a lifesaver when it comes to detecting anything messing with system directories.
Re:How these licenses actually work
on
Launchcast Sued
·
· Score: 1
Looks to me like the "interactivity" restriction isn't present in the rules. Thought: if adjusting the playlist based on what the listeners want isn't allowed by the statutory license even if that's not mentioned in the rules, then what about conventional radio stations that adjust their playlist based on what their listeners want ( eg. lots of listeners told them they don't want Gangsta Rap, so the station doesn't play any Gangsta Rap songs )? This would pretty much kill the use of ratings, wouldn't it?
The fact that it does something that wasn't done before isn't enough to make it patentable. It has to do something that wasn't done before, that's original enough that a competent practitioner in that field wouldn't think of it immediately. VCRs exist. Every feature they're claiming on the TiVo is already standard in every streaming-audio/video editing package out there. Making a VCR based around standard computer storage instead of a tape isn't exactly an incredible leap, especially not after things like the Rio did it for audio-only applications.
Face it, not every invention is patentable. Yes, this means there's things the business types can't lock up and monopolize. Life's tough, deal.
You can't do random-access while recording with a VCR because it's not physically possible to do that with tape. But every method of storing data on a computer has pretty much allowed it, and I fail to see how allowing the sort of access to the data files that's been standard for 30+ years is original either.
I'd say this is a bad patent though. What they describe is exactly a VCR, except that the VCR splits the audio and video before encoding instead of encoding before splitting. That's because of the mechanics of the way things are stored, though, and follows directly from those mechanics so it's hardly novel or original. Oh, and a VCR uses magnetic tape and doesn't compress the signal, but then the idea of compressing data for storage has been around for decades ( SEA ARC, anyone? ) and everyone's done it for storing any kind of audio or video since the beginning. I'm afraid I don't consider making a VCR using a hard drive instead of tape and MPEG-1 video and audio instead of NTSC video and audio particularly original.
But they'll probably win any challenges because nobody'll challenge it based on those grounds.
Both of them. Option #1 you state is the LGPL. Option #2 is the GPL. That's why the LGPL was created, to allow option #1. In this case the author considered the LGPL and decided against using specifically to prevent option #1 from being the case.
Then you need to find another company to work for, because MM is wide-open to being accessory to harrassment. Nowhere in that sequence does it do anything to prevent person A from filling out the forms with person B's information. You need step 4: contact that address entered in steps 1 or 2 and get a reply from them authorizing the subscription before sending. Without this, MM is being negligent.
She never did register her real e-mail address. The harrasser registered it for her, and since
the lists never confirmed that the person at that address wanted to register, she's getting several hundred pieces of spam every day.
Macromedia uses opt-in? Is this double-confirmation opt-in, or is it the "We'll tell you that your name was added and start bombarding you with spam unless and until you navigate our 37-step process for removing your name." style of pseudo-opt-in? If it's the latter, which I suspect it is, then I've no sympathy for Macromedia at all, seeing as a friend of mine is being harrassed by someone using the second "opt-in" method.
And JIT from the publisher's warehouse doesn't work, because the publishers don't want to carry inventory either ( they get taxed on it too heavily ). They try to print not much more than they will have immediate orders for, so if you depend on their inventory you're likely to get "Sorry, that book's out of print." when you call them 4 weeks later asking for more copies.
What problems obtaining the JVM? First time I hit a page that needed Java, it gave me the get-a-plugin dialog, which took me through the install steps and gave me Java just like it should've. Or you could go directly to Netscape's plug-ins page and download and install it and any other plug-ins you want in one fell swoop, if you don't want to wait.
Handles Javascript correctly: check. May not handle non-Javascript or non-DOM extensions, but then it shouldn't.
Handles Java: check for JVM 1.3.
Shockwave/Flash plugins run: check.
RealPlayer plugin runs: dunno, I don't use Real. I've heard people say it runs right now, though.
Launch speed: about 10 seconds on a K6-3 400.
Debug messages: don't see them in any of my windows. They do log to the session error file or to the browser error log depending on how I set the launcher up, which is usually what I want.
However, interesting question. If forking in open source software is so much of a risk, where are all the forked open-source projects? Where are all the forks in Sendmail, BIND, Apache, PHP, Perl, Linux, gcc...? The qualities that MS is naming as causing the risks of forking in reality tend to act to keep forks from happening. Forks happen when the needs of the users diverge from the path the prime developers want to take. In OSS, if this happens the user community will migrate fairly quickly to the branch that meets their needs and the other ones will wither away. The only time this doesn't happen is when there is an actual need for two sets of different functionality that cannot coexist in a single version, in which case you want a fork if you're a user.
The Windows 9x/NT/2000/XP situation isn't equivalent to forking. It's equivalent to having your choice of Sendmail, Qmail and Postfix available as mail-transport agents. Completely different pieces of software that do roughly the same thing. Except that I can pull Sendmail and replace it with Qmail and all my mail client programs will continue to work with it.
That's one of the points. You know it hasn't been tampered with since it was signed, but you've no assurance that someone didn't unpack it, trojan it, repack it and sign it with their certificate ( which happens to look very similar to the one that should be on it, perhaps even being in the right company name ). Nor does it give you any assurance that the server you got it from wasn't compromised and not only the packages altered but the certificates and signatures/fingerprints on the server as well. You end up having to go obtain the packages and the certificates to verify them directly from the original author to get those assurances, and do it over an untamperable connection with verification of the sender's identity ( not a certificate, actual out-of-band verifiable proof of identity ), at which point you don't need a digital signature on the package for either authentication of source or detection of tampering.
Well, if you're sending mail to people who have already bought from you and indicated they want more news and info from you, you aren't a spammer. However, it sounds more like you're sending mail to people who haven't bought anything from you, attempting to convince them to become customers, whether they've asked for you to contact them or not. Which is the definition of a spammer. Note that spamming until they ask you to stop is still spamming, so the 'reply to get off my list' doesn't change things one bit. Especially seeing as the laws usually used to justify that have never been signed into law.
So, flat-out: do you send mail to people who haven't contacted you first asking for you to send them information and/or news?
Only one problem: having the package be signed doesn't tell you anything about how safe it is to install it. All it tells you is that the package was built by the person who claims to have built it. It doesn't tell you whether you can trust the person who built it not to have trojaned it, or even whether the person actually is the person they claim to be ( see the recent obtaining of official Microsoft certificates from Verisign by parties not affiliated with Microsoft for an example ). Given that, signatures on the binary RPMs are completely inadequate for security ( just as signatures on ActiveX components are completely inadequate for security ), and if you do the things needed to make them secure then you wind up not needing the original binary RPM at all anyway.
Main difference is that software leasing would be leasing directly from the maker. Basically instead of buying a software package you buy the right to use it for a year, then buy another when the year's up. If you don't pay, you lose the software. If you do pay, you presumably get the most recent version, and usually updated versions at various times during the year.
Rob, I think software leasing will, if it catches on at all, last only a short time. There's one fundamental difference between leasing a car and leasing software: with a car you know what you're getting and what you'll get when the lease runs out. The car won't change on you for the life of the lease, and when the lease runs out you'll get to pick which car you want to lease again and won't be in the position of having the car company decide they'd rather you used station wagons instead of limos.
Compare that to leasing software. Take a look at the havoc that comes when you upgrade critical parts of an OS. Linux is less obnoxious when it comes to kernel and libc upgrades than Windows is when you jump versions, but it's still a headache and you don't do it to production servers quickly if you value your business's stability. Yet most software leases include provisions for automatic, unannounced updates of exactly that sort. RedHat's better about that in that you can avoid the update if you want, but I doubt Microsoft's leasing plan will let you continue to run 98 or NT4, no matter how well they work for you.
Software leasing may eventually work, but before it does it's going to have to not be designed as a revenue generator for the software companies and not have automatic upgrades and such added in to the basic concept.
Use. When I dub a CD onto a cassette to play in the car, it's for my use only. The publishers aren't converting the articles for their own use, they're converting them to make and sell copies in a format not covered by the original contract. They weren't given the right under those contracts to sell copies in electronic form, so they've no more right to do it than I have to distribute copies of their CD.
Actually that would be the best thing the RIAA could do for the rest of us. If they do that, and prohibit you from letting Napster distribute your music even though you have a legal right to authorize Napster to distribute it... can you say "restraint of trade lawsuit"? I knew you could.
Actually I don't think the Earthlink header reveals too much unpleasant. In any browser that has Javascript active, any Web page out there can pull out the same information. The only thing they can't is the POP ID, and they can infer that from the IP address you're using if they want to. I don't like that they're sending the info without saying they are, but the info itself isn't particularly distressing. Maybe we need something like P3P but working the other way, telling you what information your browser is going to send and making sure that matches your preferences before sending it?
I think they're referring not to just the number of bits but to the amount of variation ( or lack thereof ) between different headers for that number of bits. Sure you've got 192 bits, but they don't change enough between different user's browsers to be usably unique. Compart that to MS GUIDs, that vary drastically from one system to another.
This sounds an awful lot like he's saying that, given the information you can sniff over the net, you can predict the next number the PRNG used by the TCP stack will produce. I'm pretty sure that's true, if the stack's using a poor PRNG, and the only fix is to use a better PRNG. I don't see how his fixes affect this, though. Crypto algorithms that are worth anything basically attempt to produce an output string that is indistinguishable from random numbers if you don't have the key, which is the same goal that a good PRNG tries for. So exactly how does his fix differ from switching to a better PRNG? And how can it help systems that already have good PRNGs in them? As for adding in an administrative passphrase, sorry but that's likely to reduce the randomness thanks to the penchant of humans to pick memorable ( and thus non-random ) phrases.
You miss the point. Sure, I can not open that mail. Problem is, it's already cost my ISP money for bandwidth and disk space to handle the incoming spam, and me money for space to store it in my inbox and bandwidth to download it, before I have the opportunity to not open it. To solve the problem I need to keep the mail from leaving the spammer's system in the first place.
As for saving me from spam, let me give you the magnitude of the problem: about 50% of my e-mail is spam, after applying filters to it. That's a lot of spam.
True, but then on Unix all the configuration's on the filesystem anyway. Usually all you want in the end's a list of what changes the program made. Detailed step-by-step traces are useful only rarely, in debugging arcane problems. If I need more detail than Tripwire gives by default, I usually just diff the new files against a CD-RW backup from just before the install ( yes, I'm spoiled by being able to quickly back up my configuration that way ).
Hate to say it, but we do have that. It's called Tripwire. Been on Sourceforge since 1998, and I can recall mention of it back for years before that. Thing's a lifesaver when it comes to detecting anything messing with system directories.
Looks to me like the "interactivity" restriction isn't present in the rules. Thought: if adjusting the playlist based on what the listeners want isn't allowed by the statutory license even if that's not mentioned in the rules, then what about conventional radio stations that adjust their playlist based on what their listeners want ( eg. lots of listeners told them they don't want Gangsta Rap, so the station doesn't play any Gangsta Rap songs )? This would pretty much kill the use of ratings, wouldn't it?
The fact that it does something that wasn't done before isn't enough to make it patentable. It has to do something that wasn't done before, that's original enough that a competent practitioner in that field wouldn't think of it immediately. VCRs exist. Every feature they're claiming on the TiVo is already standard in every streaming-audio/video editing package out there. Making a VCR based around standard computer storage instead of a tape isn't exactly an incredible leap, especially not after things like the Rio did it for audio-only applications.
Face it, not every invention is patentable. Yes, this means there's things the business types can't lock up and monopolize. Life's tough, deal.
You can't do random-access while recording with a VCR because it's not physically possible to do that with tape. But every method of storing data on a computer has pretty much allowed it, and I fail to see how allowing the sort of access to the data files that's been standard for 30+ years is original either.
I'd say this is a bad patent though. What they describe is exactly a VCR, except that the VCR splits the audio and video before encoding instead of encoding before splitting. That's because of the mechanics of the way things are stored, though, and follows directly from those mechanics so it's hardly novel or original. Oh, and a VCR uses magnetic tape and doesn't compress the signal, but then the idea of compressing data for storage has been around for decades ( SEA ARC, anyone? ) and everyone's done it for storing any kind of audio or video since the beginning. I'm afraid I don't consider making a VCR using a hard drive instead of tape and MPEG-1 video and audio instead of NTSC video and audio particularly original.
But they'll probably win any challenges because nobody'll challenge it based on those grounds.
Both of them. Option #1 you state is the LGPL. Option #2 is the GPL. That's why the LGPL was created, to allow option #1. In this case the author considered the LGPL and decided against using specifically to prevent option #1 from being the case.
Then you need to find another company to work for, because MM is wide-open to being accessory to harrassment. Nowhere in that sequence does it do anything to prevent person A from filling out the forms with person B's information. You need step 4: contact that address entered in steps 1 or 2 and get a reply from them authorizing the subscription before sending. Without this, MM is being negligent.
She never did register her real e-mail address. The harrasser registered it for her, and since the lists never confirmed that the person at that address wanted to register, she's getting several hundred pieces of spam every day.
Macromedia uses opt-in? Is this double-confirmation opt-in, or is it the "We'll tell you that your name was added and start bombarding you with spam unless and until you navigate our 37-step process for removing your name." style of pseudo-opt-in? If it's the latter, which I suspect it is, then I've no sympathy for Macromedia at all, seeing as a friend of mine is being harrassed by someone using the second "opt-in" method.
And JIT from the publisher's warehouse doesn't work, because the publishers don't want to carry inventory either ( they get taxed on it too heavily ). They try to print not much more than they will have immediate orders for, so if you depend on their inventory you're likely to get "Sorry, that book's out of print." when you call them 4 weeks later asking for more copies.
What problems obtaining the JVM? First time I hit a page that needed Java, it gave me the get-a-plugin dialog, which took me through the install steps and gave me Java just like it should've. Or you could go directly to Netscape's plug-ins page and download and install it and any other plug-ins you want in one fell swoop, if you don't want to wait.
Mozilla 0.9:
However, interesting question. If forking in open source software is so much of a risk, where are all the forked open-source projects? Where are all the forks in Sendmail, BIND, Apache, PHP, Perl, Linux, gcc...? The qualities that MS is naming as causing the risks of forking in reality tend to act to keep forks from happening. Forks happen when the needs of the users diverge from the path the prime developers want to take. In OSS, if this happens the user community will migrate fairly quickly to the branch that meets their needs and the other ones will wither away. The only time this doesn't happen is when there is an actual need for two sets of different functionality that cannot coexist in a single version, in which case you want a fork if you're a user.
The Windows 9x/NT/2000/XP situation isn't equivalent to forking. It's equivalent to having your choice of Sendmail, Qmail and Postfix available as mail-transport agents. Completely different pieces of software that do roughly the same thing. Except that I can pull Sendmail and replace it with Qmail and all my mail client programs will continue to work with it.
That's one of the points. You know it hasn't been tampered with since it was signed, but you've no assurance that someone didn't unpack it, trojan it, repack it and sign it with their certificate ( which happens to look very similar to the one that should be on it, perhaps even being in the right company name ). Nor does it give you any assurance that the server you got it from wasn't compromised and not only the packages altered but the certificates and signatures/fingerprints on the server as well. You end up having to go obtain the packages and the certificates to verify them directly from the original author to get those assurances, and do it over an untamperable connection with verification of the sender's identity ( not a certificate, actual out-of-band verifiable proof of identity ), at which point you don't need a digital signature on the package for either authentication of source or detection of tampering.
Well, if you're sending mail to people who have already bought from you and indicated they want more news and info from you, you aren't a spammer. However, it sounds more like you're sending mail to people who haven't bought anything from you, attempting to convince them to become customers, whether they've asked for you to contact them or not. Which is the definition of a spammer. Note that spamming until they ask you to stop is still spamming, so the 'reply to get off my list' doesn't change things one bit. Especially seeing as the laws usually used to justify that have never been signed into law.
So, flat-out: do you send mail to people who haven't contacted you first asking for you to send them information and/or news?
Only one problem: having the package be signed doesn't tell you anything about how safe it is to install it. All it tells you is that the package was built by the person who claims to have built it. It doesn't tell you whether you can trust the person who built it not to have trojaned it, or even whether the person actually is the person they claim to be ( see the recent obtaining of official Microsoft certificates from Verisign by parties not affiliated with Microsoft for an example ). Given that, signatures on the binary RPMs are completely inadequate for security ( just as signatures on ActiveX components are completely inadequate for security ), and if you do the things needed to make them secure then you wind up not needing the original binary RPM at all anyway.
Main difference is that software leasing would be leasing directly from the maker. Basically instead of buying a software package you buy the right to use it for a year, then buy another when the year's up. If you don't pay, you lose the software. If you do pay, you presumably get the most recent version, and usually updated versions at various times during the year.
Rob, I think software leasing will, if it catches on at all, last only a short time. There's one fundamental difference between leasing a car and leasing software: with a car you know what you're getting and what you'll get when the lease runs out. The car won't change on you for the life of the lease, and when the lease runs out you'll get to pick which car you want to lease again and won't be in the position of having the car company decide they'd rather you used station wagons instead of limos.
Compare that to leasing software. Take a look at the havoc that comes when you upgrade critical parts of an OS. Linux is less obnoxious when it comes to kernel and libc upgrades than Windows is when you jump versions, but it's still a headache and you don't do it to production servers quickly if you value your business's stability. Yet most software leases include provisions for automatic, unannounced updates of exactly that sort. RedHat's better about that in that you can avoid the update if you want, but I doubt Microsoft's leasing plan will let you continue to run 98 or NT4, no matter how well they work for you.
Software leasing may eventually work, but before it does it's going to have to not be designed as a revenue generator for the software companies and not have automatic upgrades and such added in to the basic concept.
Use. When I dub a CD onto a cassette to play in the car, it's for my use only. The publishers aren't converting the articles for their own use, they're converting them to make and sell copies in a format not covered by the original contract. They weren't given the right under those contracts to sell copies in electronic form, so they've no more right to do it than I have to distribute copies of their CD.
Actually that would be the best thing the RIAA could do for the rest of us. If they do that, and prohibit you from letting Napster distribute your music even though you have a legal right to authorize Napster to distribute it... can you say "restraint of trade lawsuit"? I knew you could.
Actually I don't think the Earthlink header reveals too much unpleasant. In any browser that has Javascript active, any Web page out there can pull out the same information. The only thing they can't is the POP ID, and they can infer that from the IP address you're using if they want to. I don't like that they're sending the info without saying they are, but the info itself isn't particularly distressing. Maybe we need something like P3P but working the other way, telling you what information your browser is going to send and making sure that matches your preferences before sending it?
I think they're referring not to just the number of bits but to the amount of variation ( or lack thereof ) between different headers for that number of bits. Sure you've got 192 bits, but they don't change enough between different user's browsers to be usably unique. Compart that to MS GUIDs, that vary drastically from one system to another.
This sounds an awful lot like he's saying that, given the information you can sniff over the net, you can predict the next number the PRNG used by the TCP stack will produce. I'm pretty sure that's true, if the stack's using a poor PRNG, and the only fix is to use a better PRNG. I don't see how his fixes affect this, though. Crypto algorithms that are worth anything basically attempt to produce an output string that is indistinguishable from random numbers if you don't have the key, which is the same goal that a good PRNG tries for. So exactly how does his fix differ from switching to a better PRNG? And how can it help systems that already have good PRNGs in them? As for adding in an administrative passphrase, sorry but that's likely to reduce the randomness thanks to the penchant of humans to pick memorable ( and thus non-random ) phrases.
You miss the point. Sure, I can not open that mail. Problem is, it's already cost my ISP money for bandwidth and disk space to handle the incoming spam, and me money for space to store it in my inbox and bandwidth to download it, before I have the opportunity to not open it. To solve the problem I need to keep the mail from leaving the spammer's system in the first place.
As for saving me from spam, let me give you the magnitude of the problem: about 50% of my e-mail is spam, after applying filters to it. That's a lot of spam.