That depends on the hardware. If you have to deal with legacy ISA devices, yes. Anything in the last 5 years or so doesn't have an ISA bus. The PCI bus has a defined way for devices to identify themselves and what I/O addresses and interrupts they need. USB similarly has a defined way to determine what's on the bus. Since the BIOS itself controls things like on-motherboard serial ports, it already knows which ones it's turning on and where they go. So basic initialization should be relatively quick and easy.
Frankly the only things the BIOS should need to do with modern OSes is to reset the hardware and provide the basic I/O interface to the disks, screen and keyboard that any boot loader's going to need (so the boot loader doesn't need drivers for video, USB vs. keyboard-port keyboards, etc.).
Alternatively, the BIOS should initialize all hardware, assign all interrupts etc., and the OS should simply take what the BIOS gave it. But IMO having the BIOS do only the minimum required and leaving the bulk of the work up to the OS gives more flexibility and resilience in the face of hardware changes or failures.
Now compare that to Digitally Signed - you have a public key that gets distributed for verification, and you sign the private key. The set stays constant - you keep the private key, but you pass around the public key in plain text. So then, someone can get a hold of your public key and derive the private key. Once they have done that, you are compromised as they can then pretend to be you.
The trick is in the "derives the private key" part. In a public-key system, doing that involves factoring a very large number. Large as in the product of two 1024-bit primes, which is over a million bits. 300,000+ digits is a big number to factor. And that's at the bottom end, the minimum key length for public-key encryption. We know how fast the best factoring algorithm works, so we can calculate how long it's going to take to do that job and it's measured in hundreds of years. So to make your concern an issue we'd need one or more fundamental breakthroughs in mathematics that make factoring at least 2 orders of magnitude faster than we can currently manage. As someone's noted, betting on fundamental breakthroughs happening is usually not a winning proposition.
The problem may be there, but it's a lot smaller when the code's compiled. It can't immediately be read by a human. Microsoft would have to show that a) we had decompilation tools and b) we actually decompiled the code, and if they did manage that they still wouldn't have explicit agreement with their license to use against us. If the programmer had had direct access, by contrast, all MS would have to show is sufficient similarity of the code and then the rest would be assumed unless we could prove otherwise.
It's the same reason editors and authors will return unsolicited manuscripts not just unread but completely unopened if at all possible: once they've had access the burden of proof shifts towards them, so they minimize access.
It does introduce a big problem, though. Suppose someone's seen Microsoft's code, and in code they've written there's a stretch that's suspiciously similar to Microsoft's code. How does one go about proving that they didn't copy that code from Microsoft's in violation of the license? Access may be great for the programmer themselves, but if I'm not them and I'm using their code I suddenly acquired a big headache. And for me this isn't a theoretical excercise, I've been caught up in a lawsuit about exactly that sort of illicit propagation of code. I'd have to recommend not employing anyone for.NET work who's agreed to that license, and not using any.NET code created or touched by anyone who has, unless and until we've gotten our own license covering the Microsoft code in question. Anything else leaves too many legal question marks that're too easily avoided by just not tempting fate.
The problem is at step 2. The test message is going to a domain that's got nothing to do with the original message and isn't running the special software. To the receiver of the test message, it's indistinguishable from either a) a joe-job bounce or b) spam itself. Except that currently it's considered a bad idea to bounce messages based on possibly-forged From addresses, so the number is kept down. This scheme considers it a good thing, so the number of junk messages in my mailbox suddenly jumps.
Bad idea: requiring people to participate in a scheme in order to handle the flood of junk created solely as a result of implementing the scheme.
The proposed scheme ignores one thing: the majority of bounce messages today are false bounces caused by spammer joe-jobs, therefore they themselves get flagged as spam and deleted/ignored. In addition, it also increases the annoyance of greylist authentication schemes, since a spammer forging my address in the From field will cause every host participating in this scheme to send me a verification e-mail for a message I didn't send which I'll have to deal with. The proposed scheme makes a very fundamental mistake: assuming that you can trust the sender's address in a message to be the true sender's address. You can do that only after you've determined the message is authentic and not spam, at which point you don't need this scheme anymore.
If the speech is defamatory, the hospital's concerns can be addressed by digging deeper. But at this point we have only the hospital's assertion that the speech is defamatory. So. The speech is public. The words are right there. Let the hospital address that first. Let them show in court that the blogger did in fact defame them. If they can show that, then let them find out who defamed them so they can collect damages. And if they can't, if the blog posts aren't in fact defamatory, then they have no need to know who made them in the first place.
As far as not being afraid of not being anonymous, how about that comment you made to your wife/girlfriend about how stupid your boss is? You've a right to free speech, you were completely honest in it, do you really want your boss knowing it was you made that statement? After all, you shouldn't be afraid of being anonymous to him, should you?
Unfortunately activation plays hob with that idea. When you replace the machine, your old copy won't activate since the hardware signature doesn't match. You need to call Microsoft to get a new code that'll work. If Microsoft starts refusing to give out those codes (they can legally do that already if you've an OEM copy of Windows that's only legal on the original hardware), your XP disc becomes a nice shiny coaster and your license a not-very-good paper to sop up a coffee spill with.
No, just that he can change his URLs at will. Note that URLs do not name files in a filesystem, that's merely one common way of implementing things. I've got a Web server that's at the opposite extreme: all URLs are equivalent to "/" and get handled identically (a 404 error gets returned) and there's no filesystem backing at all.
Because http://thief.com/login.html and http://thief.com/Login.html both hash to radically different values, but both have in the plaintext a characteristic fingerprint of a phishing attempt. A service that gets the plaintext can trivially identify both, but a service that only gets a hash would be fooled by the second if it only had seen the first before.
It's already in the version of Firefox I'm using, 2.0.0.6 downloaded directly from Mozilla's web site. In fact you've got the choice to enable it or leave it disabled, and if you enable it you've got the choice between downloading a list and doing the check internally or checking each URL interactively with a service (currently Google's the only one in the list, but more could easily be added).
Right of public display. Without the model's permission, the photographer has no right to display their likeness publicly. That's why the standard paperwork you fill out for a portrait photo includes language saying the photographer has the right to use that photo in their portfolio if they wish: if they didn't, they wouldn't.
Except that if the subject hasn't given the photographer rights, he's got no right to publish the photo on Flickr at all under any license. But there it is on Flickr. Would a reasonable third party conclude from this that the photographer's breaking the law, or that he's got those rights?
Except that by putting it up under a license which would clearly allow exactly the use Virgin made of it, the photographer's representing that he does have the right to grant that license for that use. Virgin accepted that in good faith, they'd no obvious reason to believe he didn't. My guess is that the photographer will be found to be primarily liable, with Virgin possibly held liable for actual damages due to their use and probably enjoined from using the photograph in the future but no more than that. Creative Commons will move to be removed from the suit and they'll get that. Since the family didn't name the photographer in their suit, they're likely to end up holding the bag for a big legal bill and a very small award unless their lawyer convinces them to shift their target fairly quickly.
Because we tried that, and it didn't work. When ARPANet was starting, the namespace was flat. Every host had a name, there wasn't any hierarchical organization. When the network was less than 0.01% the size it is today, it was already too hard to handle name conflicts in that flat namespace. The hierarchical namespace with dot seperators that we use in DNS today was introduced to solve the problem, segregating the namespace so you only had to worry about conflicts between names in a single domain and not with names in everyone else's domain. And once you have a hierarchy, you have to have a top level to it. If you remove the current top level, then what used to be the second level becomes the top level. And you have to resolve all the conflicts when two different organizations own the same second-level name.
Actually that is easy to remember: the name of the rhyme you used plus the fact that you take the first letter of each word. The rhyme itself should come to mind instantly once you think of the name. The problem is that it's so hard to extract the letters and type it in that even I wouldn't want to have to use it.
And frankly, concentrating on password security misses the obvious: most attacks these days aren't on the passwords. Why should I (as an attacker) waste my time trying to crack your user's passwords when I can send them a simple phishing e-mail that'll get them to give me their passwords? Or maybe just a little trojan disguised as a neat-o screen saver or Web control that'll silently grab all the saved password lists from IE, Outlook, OE, etc. and send it to me? Or that'll install itself under your user account, authenticated and all, and let Windows handle the details of supplying your credentials whenever I want to do something? The big problem isn't keeping unauthorized users out, it's in what authorized users do with their authorization that they shouldn't be doing but are allowed to do anyway.
Note that that won't restrict use of your nameservers. It just means a rogue machine has to find out what the IP addresses of the nameservers are so it can configure them. That may be easy if the rogue machine is an unauthorized laptop belonging to a legitimate user who's got the configuration of his desktop readily to hand to copy information from.
And autoconfig pretty much makes it impossible to restrict access to the network at all. Autoconfig'd machines probably can't get through the router and may not be able to get DNS service because they don't know the nameserver IP addresses, but they can still talk to everything in the local broadcast domain. That's sufficient for running an Nmap scan of the segment to find out what's there.
Not quite. In the case of the royalty money, the rulings thus far are that the royalties are Novell's, not SCO's, money. There's a question of the dollar amount to be determined, but that money isn't a debt owed to Novell so bankruptcy doesn't shield it. Read up on "conversion", which is the term the judge used. If you steal money from someone, you can't use bankruptcy protection to retain it since it's not yours in the first place.
There's only really one way: install a Web proxy with filtering software on the gateway to the Internet, configure that gateway's routing tables to redirect all outbound connections to ports 80 and 443 to the gateway itself (so they'll go to the proxy) (add other ports supported by the proxy as needed), block all ports that aren't handled by the proxy (this is critical, without it the proxy can be bypassed, but it also breaks IM software and a bunch of other things), and make sure the kid has no logons whatsoever on the gateway and doesn't have any passwords to anything running on it. Oh, and make sure he doesn't have physical access to it, because if he does he'll be able to give himself a logon.
Yeah, that's a lot of work and calls for a full-time geek to install and manage it. And it'll break lots of things, and require constant maintenance of the filtering software to update it for new sites and problems. And you'll find the filtering software misses 50% of what you want it to block and blocks a goodly percentage of things you don't want it to. And the kid can take a laptop down to the local coffee-shop and browse porn to his heart's content anyway.
I wouldn't get too enthusiastic about this being a way out from under these lawsuits. It's a good win, but it's on very technical grounds and easy for the RIAA to deal with if they have even a shred of a tenuous case.
It's mainly about the technical requirements for a filing. Let's take the hypothetical case of me suing you for having stolen a car from my car lot. All I state in my complaint is that on information and belief I think you stole a car from me, and I attach a long list of cars (make, model, VIN, plate number, etc.). The problems with this complaint at this level are:
I haven't specified a crime. I've made an accusation, but where in there do I say what car was stolen, when it was stolen or where it was stolen from? Essentially the complaint can't say "You stole a car." but has to say "You stole this car.". And what's that list? I never say in the complaint whether it's a list of cars I allege you stole, a list of all the cars I have of which the one you stole is one. It could even be a list of all the cars left on my lot after the theft. Without some mention of what the list is, it's meaningless.
Even assuming the above is corrected, there are no facts alleged connecting you to the incident. The bar here is low. I don't have to offer enough to prove my case. I don't have to offer anything credible enough to survive even a cursory response from you. But I have to offer some speck of evidence that, if believed completely and not responded to at all by you, could possibly be grounds for finding in my favor.
That's basically what the judge found here: the RIAA had failed on those two points. The bad news is that it's fairly easy for the RIAA to fix this. Name a song, name a file on the list that contained it, and allege that you were offering it for download to them and the first part's dealt with. As for the second, alleging the files were offered by a particular IP address along with a statement by the ISP that that IP address was assigned to a particular person's account at the time in question suffices. There's lots of technical problems with it, but it meets the minimal bar involved. The good news is that even those minor fixes give the defendant more places to attack the RIAA's complaint. For instance, if they allege a particular file contains some specific song, the defendant can respond by asserting that that file contains something that'd justify it's name but isn't the song in question.
I suspect the RIAA got tripped up here because they never intended these cases to go to court. The filings were supposed to be merely clubs to wave at people to get them to settle, they were never supposed to actually be looked at as real lawsuits. We're going to see a lot of these for a while, but we're going to see a second round from the RIAA with these sorts of obvious errors fixed as they react to people actually fighting back. I'm not a lawyer, but I think one piece of advice is warranted: don't pick questionable defendants to fight this second wave. Pick ones that really are clean and can prove it and fight the RIAA on those. It's much easier to win judges over when you can present solid evidence in your favor, and much easier to fight the questionable defendants when you've got previous clean wins to cite.
Security. Don't underestimate the usefulness of simply requiring physical access to the wiring to get on the network. For most home users that's sufficient security to completely prevent outsiders from getting on their home networks. They can forget about all the headaches of securing a wireless network from outsiders. The same thing goes for corporate networks where there's already good physical security controlling access to the inside of the building.
Convenience. Not so much an issue for a corporate network, but for a home user it's nice to just plug things in and go without having to worry about all the setup needed on both clients and the access point to get a wireless network operating securely.
Power. Power-over-Ethernet works for low-draw devices, power-over-airwaves... doesn't.
Speed. Gamers in particular are picky about ping times and latency, and wireless still has worse latency. It's improving, but it's still not on a par with wired. And in a corporate setting switches and high-capacity backbone segments and VLANs give each port a much bigger chunk of visible bandwidth than you can get with those same systems all sharing a handful of access points.
Wireless has a lot of uses, even situations where it's the best fit as the primary network, but it's no more going to replace wired Ethernet than public transit is going to replace the private car in most of the US.
Drive-by malware installations. Floating ads that block the content until you click on them (with no indication what clicking on them will actually do). Ads that auto-play loud sounds that're highly inappropriate in an office environment. Advertising networks that try to do highly invasive user tracking above and beyond merely displaying an ad. Those are why I block ads, and why I'll continue to block ads. Those ads represent anything from merely a disruption to an outright threat to my system. I can't evaluate them after they've loaded, by then they've already done their thing. The only safe thing I can do is block them from ever loading in the first place. And no, a web site's right to put up ads doesn't trump my right and responsibility to protect my system.
Yes, I'm grouchy. BT,DT,GTTS. The whole line of t-shirts, in fact, in every color variation. Not interested in collecting any more.
Yes, the GPL (all versions) restrict certain of the user's rights. Specifically, they restrict the right of a user to restrict other user's rights under the GPL. If I grant you through the GPL a right to modify and distribute my code and you include my code in your product, the GPL takes away your right to not grant the same rights to my code to recipients of your product that I granted you. Yes, this makes life hard for commercial users. They can't benefit from my code and then turn around and deny those same benefits to their own users. This is what I intended, and why I chose the GPL. I'm not going to choose the BSD license specifically because it doesn't restrict recipients' rights in that specific way. Part of the payment I get is "pay it forward": you benefit from my work, you "pay" for that in part by letting others benefit from your work in turn. And I'd note that commercial users who don't want to pay in kind like that have an option: go to the original creator and negotiate a license just like they would with any commercial software. They'll probably have to pay in some other form, but that's hardly unexpected.
I seriously doubt many creators of GPL'd software will move to a BSD license. If they were inclined that way they wouldn't have chosen the GPL in the first place, they'd've gone with a BSD license from the start.
Slashdot Mirror
That depends on the hardware. If you have to deal with legacy ISA devices, yes. Anything in the last 5 years or so doesn't have an ISA bus. The PCI bus has a defined way for devices to identify themselves and what I/O addresses and interrupts they need. USB similarly has a defined way to determine what's on the bus. Since the BIOS itself controls things like on-motherboard serial ports, it already knows which ones it's turning on and where they go. So basic initialization should be relatively quick and easy.
Frankly the only things the BIOS should need to do with modern OSes is to reset the hardware and provide the basic I/O interface to the disks, screen and keyboard that any boot loader's going to need (so the boot loader doesn't need drivers for video, USB vs. keyboard-port keyboards, etc.).
Alternatively, the BIOS should initialize all hardware, assign all interrupts etc., and the OS should simply take what the BIOS gave it. But IMO having the BIOS do only the minimum required and leaving the bulk of the work up to the OS gives more flexibility and resilience in the face of hardware changes or failures.
Now compare that to Digitally Signed - you have a public key that gets distributed for verification, and you sign the private key. The set stays constant - you keep the private key, but you pass around the public key in plain text. So then, someone can get a hold of your public key and derive the private key. Once they have done that, you are compromised as they can then pretend to be you.
The trick is in the "derives the private key" part. In a public-key system, doing that involves factoring a very large number. Large as in the product of two 1024-bit primes, which is over a million bits. 300,000+ digits is a big number to factor. And that's at the bottom end, the minimum key length for public-key encryption. We know how fast the best factoring algorithm works, so we can calculate how long it's going to take to do that job and it's measured in hundreds of years. So to make your concern an issue we'd need one or more fundamental breakthroughs in mathematics that make factoring at least 2 orders of magnitude faster than we can currently manage. As someone's noted, betting on fundamental breakthroughs happening is usually not a winning proposition.
The problem may be there, but it's a lot smaller when the code's compiled. It can't immediately be read by a human. Microsoft would have to show that a) we had decompilation tools and b) we actually decompiled the code, and if they did manage that they still wouldn't have explicit agreement with their license to use against us. If the programmer had had direct access, by contrast, all MS would have to show is sufficient similarity of the code and then the rest would be assumed unless we could prove otherwise.
It's the same reason editors and authors will return unsolicited manuscripts not just unread but completely unopened if at all possible: once they've had access the burden of proof shifts towards them, so they minimize access.
It does introduce a big problem, though. Suppose someone's seen Microsoft's code, and in code they've written there's a stretch that's suspiciously similar to Microsoft's code. How does one go about proving that they didn't copy that code from Microsoft's in violation of the license? Access may be great for the programmer themselves, but if I'm not them and I'm using their code I suddenly acquired a big headache. And for me this isn't a theoretical excercise, I've been caught up in a lawsuit about exactly that sort of illicit propagation of code. I'd have to recommend not employing anyone for .NET work who's agreed to that license, and not using any .NET code created or touched by anyone who has, unless and until we've gotten our own license covering the Microsoft code in question. Anything else leaves too many legal question marks that're too easily avoided by just not tempting fate.
The problem is at step 2. The test message is going to a domain that's got nothing to do with the original message and isn't running the special software. To the receiver of the test message, it's indistinguishable from either a) a joe-job bounce or b) spam itself. Except that currently it's considered a bad idea to bounce messages based on possibly-forged From addresses, so the number is kept down. This scheme considers it a good thing, so the number of junk messages in my mailbox suddenly jumps.
Bad idea: requiring people to participate in a scheme in order to handle the flood of junk created solely as a result of implementing the scheme.
The proposed scheme ignores one thing: the majority of bounce messages today are false bounces caused by spammer joe-jobs, therefore they themselves get flagged as spam and deleted/ignored. In addition, it also increases the annoyance of greylist authentication schemes, since a spammer forging my address in the From field will cause every host participating in this scheme to send me a verification e-mail for a message I didn't send which I'll have to deal with. The proposed scheme makes a very fundamental mistake: assuming that you can trust the sender's address in a message to be the true sender's address. You can do that only after you've determined the message is authentic and not spam, at which point you don't need this scheme anymore.
If the speech is defamatory, the hospital's concerns can be addressed by digging deeper. But at this point we have only the hospital's assertion that the speech is defamatory. So. The speech is public. The words are right there. Let the hospital address that first. Let them show in court that the blogger did in fact defame them. If they can show that, then let them find out who defamed them so they can collect damages. And if they can't, if the blog posts aren't in fact defamatory, then they have no need to know who made them in the first place.
As far as not being afraid of not being anonymous, how about that comment you made to your wife/girlfriend about how stupid your boss is? You've a right to free speech, you were completely honest in it, do you really want your boss knowing it was you made that statement? After all, you shouldn't be afraid of being anonymous to him, should you?
Unfortunately activation plays hob with that idea. When you replace the machine, your old copy won't activate since the hardware signature doesn't match. You need to call Microsoft to get a new code that'll work. If Microsoft starts refusing to give out those codes (they can legally do that already if you've an OEM copy of Windows that's only legal on the original hardware), your XP disc becomes a nice shiny coaster and your license a not-very-good paper to sop up a coffee spill with.
I do.
No, just that he can change his URLs at will. Note that URLs do not name files in a filesystem, that's merely one common way of implementing things. I've got a Web server that's at the opposite extreme: all URLs are equivalent to "/" and get handled identically (a 404 error gets returned) and there's no filesystem backing at all.
Bah. SlashDot mangled the URLs, there's supposed to be a "www.bankofamerica.com@" in front of the "thief.com".
Because http://thief.com/login.html and http://thief.com/Login.html both hash to radically different values, but both have in the plaintext a characteristic fingerprint of a phishing attempt. A service that gets the plaintext can trivially identify both, but a service that only gets a hash would be fooled by the second if it only had seen the first before.
It's already in the version of Firefox I'm using, 2.0.0.6 downloaded directly from Mozilla's web site. In fact you've got the choice to enable it or leave it disabled, and if you enable it you've got the choice between downloading a list and doing the check internally or checking each URL interactively with a service (currently Google's the only one in the list, but more could easily be added).
Right of public display. Without the model's permission, the photographer has no right to display their likeness publicly. That's why the standard paperwork you fill out for a portrait photo includes language saying the photographer has the right to use that photo in their portfolio if they wish: if they didn't, they wouldn't.
Except that if the subject hasn't given the photographer rights, he's got no right to publish the photo on Flickr at all under any license. But there it is on Flickr. Would a reasonable third party conclude from this that the photographer's breaking the law, or that he's got those rights?
Except that by putting it up under a license which would clearly allow exactly the use Virgin made of it, the photographer's representing that he does have the right to grant that license for that use. Virgin accepted that in good faith, they'd no obvious reason to believe he didn't. My guess is that the photographer will be found to be primarily liable, with Virgin possibly held liable for actual damages due to their use and probably enjoined from using the photograph in the future but no more than that. Creative Commons will move to be removed from the suit and they'll get that. Since the family didn't name the photographer in their suit, they're likely to end up holding the bag for a big legal bill and a very small award unless their lawyer convinces them to shift their target fairly quickly.
Because we tried that, and it didn't work. When ARPANet was starting, the namespace was flat. Every host had a name, there wasn't any hierarchical organization. When the network was less than 0.01% the size it is today, it was already too hard to handle name conflicts in that flat namespace. The hierarchical namespace with dot seperators that we use in DNS today was introduced to solve the problem, segregating the namespace so you only had to worry about conflicts between names in a single domain and not with names in everyone else's domain. And once you have a hierarchy, you have to have a top level to it. If you remove the current top level, then what used to be the second level becomes the top level. And you have to resolve all the conflicts when two different organizations own the same second-level name.
Actually that is easy to remember: the name of the rhyme you used plus the fact that you take the first letter of each word. The rhyme itself should come to mind instantly once you think of the name. The problem is that it's so hard to extract the letters and type it in that even I wouldn't want to have to use it.
And frankly, concentrating on password security misses the obvious: most attacks these days aren't on the passwords. Why should I (as an attacker) waste my time trying to crack your user's passwords when I can send them a simple phishing e-mail that'll get them to give me their passwords? Or maybe just a little trojan disguised as a neat-o screen saver or Web control that'll silently grab all the saved password lists from IE, Outlook, OE, etc. and send it to me? Or that'll install itself under your user account, authenticated and all, and let Windows handle the details of supplying your credentials whenever I want to do something? The big problem isn't keeping unauthorized users out, it's in what authorized users do with their authorization that they shouldn't be doing but are allowed to do anyway.
Note that that won't restrict use of your nameservers. It just means a rogue machine has to find out what the IP addresses of the nameservers are so it can configure them. That may be easy if the rogue machine is an unauthorized laptop belonging to a legitimate user who's got the configuration of his desktop readily to hand to copy information from.
And autoconfig pretty much makes it impossible to restrict access to the network at all. Autoconfig'd machines probably can't get through the router and may not be able to get DNS service because they don't know the nameserver IP addresses, but they can still talk to everything in the local broadcast domain. That's sufficient for running an Nmap scan of the segment to find out what's there.
Not quite. In the case of the royalty money, the rulings thus far are that the royalties are Novell's, not SCO's, money. There's a question of the dollar amount to be determined, but that money isn't a debt owed to Novell so bankruptcy doesn't shield it. Read up on "conversion", which is the term the judge used. If you steal money from someone, you can't use bankruptcy protection to retain it since it's not yours in the first place.
There's only really one way: install a Web proxy with filtering software on the gateway to the Internet, configure that gateway's routing tables to redirect all outbound connections to ports 80 and 443 to the gateway itself (so they'll go to the proxy) (add other ports supported by the proxy as needed), block all ports that aren't handled by the proxy (this is critical, without it the proxy can be bypassed, but it also breaks IM software and a bunch of other things), and make sure the kid has no logons whatsoever on the gateway and doesn't have any passwords to anything running on it. Oh, and make sure he doesn't have physical access to it, because if he does he'll be able to give himself a logon.
Yeah, that's a lot of work and calls for a full-time geek to install and manage it. And it'll break lots of things, and require constant maintenance of the filtering software to update it for new sites and problems. And you'll find the filtering software misses 50% of what you want it to block and blocks a goodly percentage of things you don't want it to. And the kid can take a laptop down to the local coffee-shop and browse porn to his heart's content anyway.
I wouldn't get too enthusiastic about this being a way out from under these lawsuits. It's a good win, but it's on very technical grounds and easy for the RIAA to deal with if they have even a shred of a tenuous case.
It's mainly about the technical requirements for a filing. Let's take the hypothetical case of me suing you for having stolen a car from my car lot. All I state in my complaint is that on information and belief I think you stole a car from me, and I attach a long list of cars (make, model, VIN, plate number, etc.). The problems with this complaint at this level are:
- I haven't specified a crime. I've made an accusation, but where in there do I say what car was stolen, when it was stolen or where it was stolen from? Essentially the complaint can't say "You stole a car." but has to say "You stole this car.". And what's that list? I never say in the complaint whether it's a list of cars I allege you stole, a list of all the cars I have of which the one you stole is one. It could even be a list of all the cars left on my lot after the theft. Without some mention of what the list is, it's meaningless.
- Even assuming the above is corrected, there are no facts alleged connecting you to the incident. The bar here is low. I don't have to offer enough to prove my case. I don't have to offer anything credible enough to survive even a cursory response from you. But I have to offer some speck of evidence that, if believed completely and not responded to at all by you, could possibly be grounds for finding in my favor.
That's basically what the judge found here: the RIAA had failed on those two points. The bad news is that it's fairly easy for the RIAA to fix this. Name a song, name a file on the list that contained it, and allege that you were offering it for download to them and the first part's dealt with. As for the second, alleging the files were offered by a particular IP address along with a statement by the ISP that that IP address was assigned to a particular person's account at the time in question suffices. There's lots of technical problems with it, but it meets the minimal bar involved. The good news is that even those minor fixes give the defendant more places to attack the RIAA's complaint. For instance, if they allege a particular file contains some specific song, the defendant can respond by asserting that that file contains something that'd justify it's name but isn't the song in question.I suspect the RIAA got tripped up here because they never intended these cases to go to court. The filings were supposed to be merely clubs to wave at people to get them to settle, they were never supposed to actually be looked at as real lawsuits. We're going to see a lot of these for a while, but we're going to see a second round from the RIAA with these sorts of obvious errors fixed as they react to people actually fighting back. I'm not a lawyer, but I think one piece of advice is warranted: don't pick questionable defendants to fight this second wave. Pick ones that really are clean and can prove it and fight the RIAA on those. It's much easier to win judges over when you can present solid evidence in your favor, and much easier to fight the questionable defendants when you've got previous clean wins to cite.
- Security. Don't underestimate the usefulness of simply requiring physical access to the wiring to get on the network. For most home users that's sufficient security to completely prevent outsiders from getting on their home networks. They can forget about all the headaches of securing a wireless network from outsiders. The same thing goes for corporate networks where there's already good physical security controlling access to the inside of the building.
- Convenience. Not so much an issue for a corporate network, but for a home user it's nice to just plug things in and go without having to worry about all the setup needed on both clients and the access point to get a wireless network operating securely.
- Power. Power-over-Ethernet works for low-draw devices, power-over-airwaves... doesn't.
Wireless has a lot of uses, even situations where it's the best fit as the primary network, but it's no more going to replace wired Ethernet than public transit is going to replace the private car in most of the US.Speed. Gamers in particular are picky about ping times and latency, and wireless still has worse latency. It's improving, but it's still not on a par with wired. And in a corporate setting switches and high-capacity backbone segments and VLANs give each port a much bigger chunk of visible bandwidth than you can get with those same systems all sharing a handful of access points.
Drive-by malware installations. Floating ads that block the content until you click on them (with no indication what clicking on them will actually do). Ads that auto-play loud sounds that're highly inappropriate in an office environment. Advertising networks that try to do highly invasive user tracking above and beyond merely displaying an ad. Those are why I block ads, and why I'll continue to block ads. Those ads represent anything from merely a disruption to an outright threat to my system. I can't evaluate them after they've loaded, by then they've already done their thing. The only safe thing I can do is block them from ever loading in the first place. And no, a web site's right to put up ads doesn't trump my right and responsibility to protect my system.
Yes, I'm grouchy. BT,DT,GTTS. The whole line of t-shirts, in fact, in every color variation. Not interested in collecting any more.
Yes, the GPL (all versions) restrict certain of the user's rights. Specifically, they restrict the right of a user to restrict other user's rights under the GPL. If I grant you through the GPL a right to modify and distribute my code and you include my code in your product, the GPL takes away your right to not grant the same rights to my code to recipients of your product that I granted you. Yes, this makes life hard for commercial users. They can't benefit from my code and then turn around and deny those same benefits to their own users. This is what I intended, and why I chose the GPL. I'm not going to choose the BSD license specifically because it doesn't restrict recipients' rights in that specific way. Part of the payment I get is "pay it forward": you benefit from my work, you "pay" for that in part by letting others benefit from your work in turn. And I'd note that commercial users who don't want to pay in kind like that have an option: go to the original creator and negotiate a license just like they would with any commercial software. They'll probably have to pay in some other form, but that's hardly unexpected.
I seriously doubt many creators of GPL'd software will move to a BSD license. If they were inclined that way they wouldn't have chosen the GPL in the first place, they'd've gone with a BSD license from the start.