I once tried to use guile in the Gimp to do a few simple filters. Between the abysmal documentation and the clumsy syntax, I gave up in disgust after a couple of hours, and installed the Python Image Library instead. My sanity was saved.
GIMP doesn't use Guile. It currently uses an embedded fork of Tinyscheme, which is somewhere between R4RS and R5RS compliant, and somewhat not.
Some people like Scheme (it is well suited to represent order of graphics operations), and some hate it. That's why GIMP supports Python and C too for extending.
I guess that sums up what other apps can do. You don't have to stick with "an" extension language when you can support many.
It's not all about top-notch brains. It's also about many not-so-clever brains at lesser salary. This was the reason why US companies hired foreign labor, and this is the reason why thanks to the H1B caps, companies are happy to go east to other countries.
Most CEOs (especially American CEOs) don't care about how well it will be for the company 10 years down the line. They care about the next quarter.
More and more jobs are global now in computer science. If there is a programming job, it can be had anywhere in this world, not just in America.
Plus, isn't America so well off thanks to migrants? Who invented your rockets and your bombs near in the past as 50 years ago? Who makes your microprocessors? Suddenly, you want to stop immigration and be protectionist?
This professor needs to stop dining and think a little.
OTOH, there's the big problem of Indian companies gobbling up H1B slots like it was property.. but that's a different problem. There's also the problem of poor quality labour --- programmers who can't code, thanks to sneaky HRs and those who undercut salary, fire the good programmers and hire the cheap ones. It looks good this quarter, but they'll soon find out. Again, this has nothing to do with migration.
Here, we have Biotech, Commerce students recruited into the CS industry. "Don't worry we'll train you in 4 weeks."
Why? Because we can sell this to the western company whose CEO is more than eager to pick up this plate because it's cheaper.
Imagine if a CS worker were hired in an airline as a pilot (Don't worry we'll train you in 4 weeks), or *shudder* as a surgeon. Quality programming is harder and needs more experience than all this.
In the end, the Indian programmers who actually studied CS and are good at what they do get a bad name on Slashdot and elsewhere, cause they're a part of the lot.
Where's the news for nerds in this?
on
Pocket Wars and Cores
·
· Score: 2, Insightful
I had always loved Slashdot, but is there any alternative community run site without the Slashvertisements?
Hetzner is OK, no comment here, but you do have to mention the downsides, such as absolutely no erotic content allowed (nudity, art, regular porn - have one person post a NSFW picture on your forum and you may get terminated) and relatively poor speed to some parts of US (I've seen average of 400 KB/s to Texas)
I did not know that. We run a company website, so this should not be a problem. However, we do run public forums. I wonder how _anyone_ can enforce any rules about posting in a forum. Even if you were to delete offending posts, there is still the time between when it was posted and when it was deleted. If they are policing, I hope they do it with a large grain of salt.
This restriction about ordinary porn is very weird though. Is there something in German laws which disallows it?
Not sure. I live in India, so most of the internet has worse latency than that. Germany is closer as long as we don't get routed through Singapore and the Pacific, kinda like touching your nose around your head.:) However, 120ms is not something I'd call bad for ordinary use. We use interactive SSH shells from here, and it feels good. If you are running something time sensitive like stock trading, maybe then you'd need something closer.
Where are the servers located? Their own in Germany? Or reselling US-based?
They run their own datacenters in Germany. Check their website for details.
Also, does Banu or Mukund require enough resources to warrant your own server, as opposed to shared hosting?
Banu is a company. We serve the main HTTPS website, DNS, email, XMPP chat, mailman lists, bugzilla, git repositories, rsync for/pub, run virtual machines for builds, run other bits like IRC bots, bittorrent tracker + seed for large files, shells for people, etc. We are also working on a shop section.
Granted some of these can be done using free services on the net, but:
1. We lose identity by distributing things all around the net instead of handling our own infrastructure.
2. There would be a lack of absolute privacy for emails, private repositories, customer data, etc. This is very relevant now that we are launching a shop website.
3. Free services on the net tend to go away without a prior notice period to transition things.
4. The shared hosting scenario is not much different given the services that we run. It would need a beefy shared setup, and there'd always be restrictions compared to running your own server.
I used to host with ThePlanet for my websites. Though their services were pretty stable, they charge so much that I looked for other vendors after a couple of years. Switched this year to Hetzner.de. They provide a dedicated server for 49 EUR that gives me i7-920 quad core, 8 GB of RAM, 2 * 750 GB of disk space and 5 TB of bandwidth per month. Plus they have a great web-based system for remote rescue, reboots, and all services that run on the machine are now available on native IPv6. I haven't had any hiccups so far, and it seems well worth the money.
Their support staff seem to struggle a little bit with English, but their web-based rescue interface leaves little to ask the service staff about.
Oracle dismissing LibreOffice folks is pretty much what anyone else would do in their shoes. Let's say you have a project X. Some people with relatively less power in your project fork it to project Y, and say they do it because project X sucks. What would you do? Still keep them in project X? Replace X with an organization you head, and this will make more sense.
This is the definition of conflict of interest, and the outcome is exactly what happens in such a case.
How about sending some targeted "Hello world" transmissions towards that object first?
If they have any intelligent life and a SETI program in place, they may hear us and answer back.
I had the same story, until Google started asking for my mobile phone number as verification to link to my Google account. IMO, this is over the edge, as in this country you have to use your real identity to get a mobile number.
Then, I switched to a self-hosted Tiny Tiny RSS and never looked back. I don't use Google accounts anymore, and don't have cookies or javascript enabled for any of Google's websites.
Except search and maps, I self host everything (email, websites, Jabber, RSS reader, calendar, etc.) on a dedicated server. There's a small price to pay, but as an example, I have the same email address for the last 10 years. I have all my emails for the last 10 years. There's no worry about privacy. As a programmer, it's useful to run irssi from it under screen, host my own websites, pretty much run anything network oriented..
Stop thinking about your Wifi device. You emit a lot of information without knowing about it anyway. Read about TEMPEST.
Some people even believe that just cause they have swapped CRTs with LCDs, they are not vulnerable. They are usually wrong.
There are way many things that are private to you, but that anyone can collect on a mass scale and raise hairs. Like the time period during which your home's lights are on, and when they are off, the contents of your trash, what type of car you use, what colors/types of clothes you wear, etc. just by noticing you in public. Not all such information may be useful or cost-worthy to use today, but it's all information that says something about you.
Being willfully ignorant is hardly a compelling argument. Either your relatives are terminally stupid, deliberately unwilling to learn or you aren't very effective at teaching them what they need to know to keep themselves safe and secure. I don't buy this kind of argument at all. People aren't that stupid and they understand things of similar complexity in other contexts just fine. Stop making excuses for laziness.
These arguments on technicality are sidestepping the point.
Use of encryption has no bearing on whether listening in is legal or not.
Encryption is tough to get right in practice. It is tough for someone to learn all the nuances behind encryption. You can believe you have mastered it in a public multi-implementation environment, and have some sort of consolation that your data is safe, or was safely transmitted. But there are no guarantees. Algorithms, software and the general implementation may be weak. I provided the example of a rogue CA in an earlier comment. Encryption is a measure that _you_ and your recipient take to protect your data. It doesn't give anyone the right to snoop.
We don't know if Google snooped, or intended to snoop. It's for the courts to decide.
There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).
You broadcast a lot of information anyway. Don't think of just devices built as radio transmitters.
TEMPEST was available eons ago. Think what is possible with technology today.
I don't know if it's legal to snoop or not. I don't think we can even tell if this data collection was malicious or just a stupid mistake, going by the information that is available to us. It's for the courts to judge.
But the possibility of data that might have been collected by such passive listening alarms me. It is not compatible with their "Do no evil" ethic. No corporation should be allowed to collect data like this. You can also add all sorts of excuses like "Use encryption", etc. As a techie, my data and network are secure. But not everybody in the general public is savvy about such things.
Yes. If you want to have a private conversation, a public park is not the best place for it.
It was an example:) With technology available these days, it doesn't matter if you are in a park or not. TEMPEST is old stuff. You put out a lot of signals out there. Try and enumerate the information one can access (if they could) based on the signals that you transmit (don't automatically think just of devices built as radio transmitters).
Use SSH/SSL
I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the internet" without any wires. Read your wireless router's documentation. It most probably uses fancy words like WPA, encryption keys, etc. How many of the general public really understand it? Encryption is VERY difficult to get right and one of the main elements is educating the proper use of it.
Do you know how SSL works? Have you kept track with all the latest in how SSL clients validate certificates, OCSP, what the various classes of CA validation are and what difference does it make in practise? If you use SSL, are you sure a rogue CA in China won't help its government thanks to the Chinese CA certificates registered in your web browser?
Encryption is a layer I use for my peace of mind, knowing that my data is very likely not listened to by some MITM. But this has no bearing on whether listening in is legal or not.
The entire purpose of Facebook is to broadcast stuff. I would be very upset if I posted a comment to Facebook and it wasn't immediately available for everyone to see.
I am upset that Facebook keeps stuff that I have deleted in their records.
I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.
If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.
I don't know what you'll think.. whether I am naive or you are.
So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?
Yes, if you can prove malice.
You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?
You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?
You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?
Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?
No, the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.
There are ways to fight software patents within the current legal system.
Create a very large patent pool, but one that isn't defensive. All it takes is for every single company with commercial interest in free software to pool their patents together. Let's call this the good-pool. The companies donate legal fees to this entity. Now,
1. Wait for _ANY_ other software patent licensing pool to be created, such as the MPEG-LA. Call this the bad-pool. Such a group basically consists of companies that have 'donated' their software patents for threatening/suing others and getting paid. Once such a pool is formed, go after the member companies by asserting relevant patents from the good-pool. Don't wait to defend, but go on the offensive. Also, if any individual company threatens/sues another company with software patents, the good-pool again goes on the offensive.
After some time, no company will dare join a pool, or threaten another company again. This works, except for patent troll companies that have no valid business, but that of suing others. We'll come to this in a moment.
2. Software engineers in the community *read the patents in the bad-pool*, and engineer methods very similar to such patents, but those that do not infringe claims in the patents. This is not so tough. Most software patents are ridiculous. Create a wiki and provide alternative methods to avoid each patent.
After some time, no company will dare join a pool again.
In the case of patent trolls, where the company's only reason for existing is to sue others, follow the money. Find out who's behind the company. Even if litigation happens, and there's a payout, the matter doesn't end there. Find out who is benefiting. These people definitely have investments in other companies. Use the good pool to sue these other companies.
Note that this approach is much like the MPEG-LA licensing pool and does not involve companies giving up patents to the pool.
Say you work for a big company like Google or Goldman Sachs, and their magic secret program uses libraries and other code distributed under the GNU GPL license.
They are under no obligation to publish as they use the code internally and do not distribute anything.
What if an employee leaves the company and takes the code to the magic secret program with him? It uses GNU GPL licensed code, which grants _him_ a license to redistribute it, because he has a copy of the program already.
Slashdot Mirror
There is a rate limiting patch for BIND. The BIND package in RHEL/CentOS has it now:
https://bugzilla.redhat.com/show_bug.cgi?id=873624
A person has also attached a graph showing its effect on that bug page. I know of some other places which are using this patch.
(Disclaimer: I work for the organization that produces BIND.)
Evacuate cities?
People need to get out of buildings and away from things that can fall on them when there's a major earthquake.
Here most people die when they're crushed under concrete and other building materials (stone, bricks, etc.) in poorly constructed homes.
Something that says an earthquake is imminent would definitely help.
I once tried to use guile in the Gimp to do a few simple filters. Between the abysmal documentation and the clumsy syntax, I gave up in disgust after a couple of hours, and installed the Python Image Library instead. My sanity was saved.
GIMP doesn't use Guile. It currently uses an embedded fork of Tinyscheme, which is somewhere between R4RS and R5RS compliant, and somewhat not.
Some people like Scheme (it is well suited to represent order of graphics operations), and some hate it. That's why GIMP supports Python and C too for extending.
I guess that sums up what other apps can do. You don't have to stick with "an" extension language when you can support many.
Fabrice is also the reason for Qemu, FFmpeg and LZEXE.
I hope he has a lot of kids :)
It's not all about top-notch brains. It's also about many not-so-clever brains at lesser salary. This was the reason why US companies hired foreign labor, and this is the reason why thanks to the H1B caps, companies are happy to go east to other countries.
Most CEOs (especially American CEOs) don't care about how well it will be for the company 10 years down the line. They care about the next quarter.
More and more jobs are global now in computer science. If there is a programming job, it can be had anywhere in this world, not just in America.
Plus, isn't America so well off thanks to migrants? Who invented your rockets and your bombs near in the past as 50 years ago? Who makes your microprocessors? Suddenly, you want to stop immigration and be protectionist?
This professor needs to stop dining and think a little.
OTOH, there's the big problem of Indian companies gobbling up H1B slots like it was property.. but that's a different problem. There's also the problem of poor quality labour --- programmers who can't code, thanks to sneaky HRs and those who undercut salary, fire the good programmers and hire the cheap ones. It looks good this quarter, but they'll soon find out. Again, this has nothing to do with migration.
Here, we have Biotech, Commerce students recruited into the CS industry. "Don't worry we'll train you in 4 weeks."
Why? Because we can sell this to the western company whose CEO is more than eager to pick up this plate because it's cheaper.
Imagine if a CS worker were hired in an airline as a pilot (Don't worry we'll train you in 4 weeks), or *shudder* as a surgeon. Quality programming is harder and needs more experience than all this.
In the end, the Indian programmers who actually studied CS and are good at what they do get a bad name on Slashdot and elsewhere, cause they're a part of the lot.
I had always loved Slashdot, but is there any alternative community run site without the Slashvertisements?
Using Firefox + Adblock Plus + NoScript:
No. Time Source Destination Protocol Info /story/11/01/24/1657252/Mozilla-Proposes-Do-Not-Track-HTTP-Header HTTP/1.1
27 3.918190 10.4.12.92 216.34.181.48 HTTP GET
Frame 27 (582 bytes on wire, 582 bytes captured) /story/11/01/24/1657252/Mozilla-Proposes-Do-Not-Track-HTTP-Header HTTP/1.1\r\n
Linux cooked capture
Internet Protocol, Src: 10.4.12.92 (10.4.12.92), Dst: 216.34.181.48 (216.34.181.48)
Transmission Control Protocol, Src Port: 34619 (34619), Dst Port: http (80), Seq: 1, Ack: 1, Len: 514
Hypertext Transfer Protocol
GET
Host: tech.slashdot.org\r\n
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Fedora Firefox/3.6.12\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 115\r\n
X-Do-Not-Track: 1\r\n
Referer: http://slashdot.org/\r\n
Connection: keep-alive\r\n
Cache-Control: max-age=0\r\n
\r\n
Oh and Slashdot, how the heck am I supposed to post on your system when I'm behind my ISP's NAT and someone else has already beat me to it?
Hetzner is OK, no comment here, but you do have to mention the downsides, such as absolutely no erotic content allowed (nudity, art, regular porn - have one person post a NSFW picture on your forum and you may get terminated) and relatively poor speed to some parts of US (I've seen average of 400 KB/s to Texas)
I did not know that. We run a company website, so this should not be a problem. However, we do run public forums. I wonder how _anyone_ can enforce any rules about posting in a forum. Even if you were to delete offending posts, there is still the time between when it was posted and when it was deleted. If they are policing, I hope they do it with a large grain of salt. This restriction about ordinary porn is very weird though. Is there something in German laws which disallows it?
Not sure. I live in India, so most of the internet has worse latency than that. Germany is closer as long as we don't get routed through Singapore and the Pacific, kinda like touching your nose around your head. :) However, 120ms is not something I'd call bad for ordinary use. We use interactive SSH shells from here, and it feels good. If you are running something time sensitive like stock trading, maybe then you'd need something closer.
Apologies for the delay in replying.
Where are the servers located? Their own in Germany? Or reselling US-based?
They run their own datacenters in Germany. Check their website for details.
Also, does Banu or Mukund require enough resources to warrant your own server, as opposed to shared hosting?
Banu is a company. We serve the main HTTPS website, DNS, email, XMPP chat, mailman lists, bugzilla, git repositories, rsync for /pub, run virtual machines for builds, run other bits like IRC bots, bittorrent tracker + seed for large files, shells for people, etc. We are also working on a shop section.
Granted some of these can be done using free services on the net, but:
1. We lose identity by distributing things all around the net instead of handling our own infrastructure.
2. There would be a lack of absolute privacy for emails, private repositories, customer data, etc. This is very relevant now that we are launching a shop website.
3. Free services on the net tend to go away without a prior notice period to transition things.
4. The shared hosting scenario is not much different given the services that we run. It would need a beefy shared setup, and there'd always be restrictions compared to running your own server.
What we have now is well worth the money.
In reply to my own comment, I sound like a shill.. I wish I could delete the parent comment.
I pay Hetzner ;) and they have done well to be appreciated. Websites I host on this box include banu.com and mukund.org.
I used to host with ThePlanet for my websites. Though their services were pretty stable, they charge so much that I looked for other vendors after a couple of years. Switched this year to Hetzner.de. They provide a dedicated server for 49 EUR that gives me i7-920 quad core, 8 GB of RAM, 2 * 750 GB of disk space and 5 TB of bandwidth per month. Plus they have a great web-based system for remote rescue, reboots, and all services that run on the machine are now available on native IPv6. I haven't had any hiccups so far, and it seems well worth the money.
Their support staff seem to struggle a little bit with English, but their web-based rescue interface leaves little to ask the service staff about.
Oracle dismissing LibreOffice folks is pretty much what anyone else would do in their shoes. Let's say you have a project X. Some people with relatively less power in your project fork it to project Y, and say they do it because project X sucks. What would you do? Still keep them in project X? Replace X with an organization you head, and this will make more sense. This is the definition of conflict of interest, and the outcome is exactly what happens in such a case.
How about sending some targeted "Hello world" transmissions towards that object first? If they have any intelligent life and a SETI program in place, they may hear us and answer back.
I had the same story, until Google started asking for my mobile phone number as verification to link to my Google account. IMO, this is over the edge, as in this country you have to use your real identity to get a mobile number.
Then, I switched to a self-hosted Tiny Tiny RSS and never looked back. I don't use Google accounts anymore, and don't have cookies or javascript enabled for any of Google's websites.
Except search and maps, I self host everything (email, websites, Jabber, RSS reader, calendar, etc.) on a dedicated server. There's a small price to pay, but as an example, I have the same email address for the last 10 years. I have all my emails for the last 10 years. There's no worry about privacy. As a programmer, it's useful to run irssi from it under screen, host my own websites, pretty much run anything network oriented..
The bad sleep well indeed.
The law doesn't care.
Stop thinking about your Wifi device. You emit a lot of information without knowing about it anyway. Read about TEMPEST.
Some people even believe that just cause they have swapped CRTs with LCDs, they are not vulnerable. They are usually wrong.
There are way many things that are private to you, but that anyone can collect on a mass scale and raise hairs. Like the time period during which your home's lights are on, and when they are off, the contents of your trash, what type of car you use, what colors/types of clothes you wear, etc. just by noticing you in public. Not all such information may be useful or cost-worthy to use today, but it's all information that says something about you.
Being willfully ignorant is hardly a compelling argument. Either your relatives are terminally stupid, deliberately unwilling to learn or you aren't very effective at teaching them what they need to know to keep themselves safe and secure. I don't buy this kind of argument at all. People aren't that stupid and they understand things of similar complexity in other contexts just fine. Stop making excuses for laziness.
These arguments on technicality are sidestepping the point.
Use of encryption has no bearing on whether listening in is legal or not.
Encryption is tough to get right in practice. It is tough for someone to learn all the nuances behind encryption. You can believe you have mastered it in a public multi-implementation environment, and have some sort of consolation that your data is safe, or was safely transmitted. But there are no guarantees. Algorithms, software and the general implementation may be weak. I provided the example of a rogue CA in an earlier comment. Encryption is a measure that _you_ and your recipient take to protect your data. It doesn't give anyone the right to snoop.
We don't know if Google snooped, or intended to snoop. It's for the courts to decide.
There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).
You broadcast a lot of information anyway. Don't think of just devices built as radio transmitters.
TEMPEST was available eons ago. Think what is possible with technology today.
I don't know if it's legal to snoop or not. I don't think we can even tell if this data collection was malicious or just a stupid mistake, going by the information that is available to us. It's for the courts to judge.
But the possibility of data that might have been collected by such passive listening alarms me. It is not compatible with their "Do no evil" ethic. No corporation should be allowed to collect data like this. You can also add all sorts of excuses like "Use encryption", etc. As a techie, my data and network are secure. But not everybody in the general public is savvy about such things.
Yes. If you want to have a private conversation, a public park is not the best place for it.
It was an example :) With technology available these days, it doesn't matter if you are in a park or not. TEMPEST is old stuff. You put out a lot of signals out there. Try and enumerate the information one can access (if they could) based on the signals that you transmit (don't automatically think just of devices built as radio transmitters).
Use SSH/SSL
I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the internet" without any wires. Read your wireless router's documentation. It most probably uses fancy words like WPA, encryption keys, etc. How many of the general public really understand it? Encryption is VERY difficult to get right and one of the main elements is educating the proper use of it.
Do you know how SSL works? Have you kept track with all the latest in how SSL clients validate certificates, OCSP, what the various classes of CA validation are and what difference does it make in practise? If you use SSL, are you sure a rogue CA in China won't help its government thanks to the Chinese CA certificates registered in your web browser?
Encryption is a layer I use for my peace of mind, knowing that my data is very likely not listened to by some MITM. But this has no bearing on whether listening in is legal or not.
The entire purpose of Facebook is to broadcast stuff. I would be very upset if I posted a comment to Facebook and it wasn't immediately available for everyone to see.
I am upset that Facebook keeps stuff that I have deleted in their records.
I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.
If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.
I don't know what you'll think.. whether I am naive or you are.
So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?
Yes, if you can prove malice.
You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?
You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?
You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?
Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?
No, the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.
There are ways to fight software patents within the current legal system.
Create a very large patent pool, but one that isn't defensive. All it takes is for every single company with commercial interest in free software to pool their patents together. Let's call this the good-pool. The companies donate legal fees to this entity. Now,
1. Wait for _ANY_ other software patent licensing pool to be created, such as the MPEG-LA. Call this the bad-pool. Such a group basically consists of companies that have 'donated' their software patents for threatening/suing others and getting paid. Once such a pool is formed, go after the member companies by asserting relevant patents from the good-pool. Don't wait to defend, but go on the offensive. Also, if any individual company threatens/sues another company with software patents, the good-pool again goes on the offensive.
After some time, no company will dare join a pool, or threaten another company again. This works, except for patent troll companies that have no valid business, but that of suing others. We'll come to this in a moment.
2. Software engineers in the community *read the patents in the bad-pool*, and engineer methods very similar to such patents, but those that do not infringe claims in the patents. This is not so tough. Most software patents are ridiculous. Create a wiki and provide alternative methods to avoid each patent.
After some time, no company will dare join a pool again.
In the case of patent trolls, where the company's only reason for existing is to sue others, follow the money. Find out who's behind the company. Even if litigation happens, and there's a payout, the matter doesn't end there. Find out who is benefiting. These people definitely have investments in other companies. Use the good pool to sue these other companies.
Note that this approach is much like the MPEG-LA licensing pool and does not involve companies giving up patents to the pool.
Say you work for a big company like Google or Goldman Sachs, and their magic secret program uses libraries and other code distributed under the GNU GPL license.
They are under no obligation to publish as they use the code internally and do not distribute anything.
What if an employee leaves the company and takes the code to the magic secret program with him? It uses GNU GPL licensed code, which grants _him_ a license to redistribute it, because he has a copy of the program already.
Didn't they (the famed Red Adair) use explosives to put out the fire in Kuwait? Did they use explosives to cap a leak? I don't remember it that way.