The same thing applies to any GPL software. For example, if my buddy downloaded some GPL package from the project site itself and then sent me a copy of that then the original author would still keep his copyright over my copy and my buddy's copy.
This is disingenuous, because it's not what we're talking about. The GPL goes above and beyond copyright by providing the right to redistribute the software or derivative works of the software under the condition that you pass along the notices you received (in the former case) or that you GPL your work and agree to the terms of the GPL (in the latter case.) That's where the viral nature comes in.
Copyright applies to the work. It's much more abstract than you're trying to make it. The pieces of paper on which a work is printed are not copyrighted--it's the work that's copyrighted. You can do whatever you like with the paper, but if you generate a new copy of the work, you're in violation.
Put another way, there's only one work, and only one copyright on it (a simplification, admittedly, but one which I do not believe tarnishes the argument.) With the derived works clause of the GPL, you may generate a new, derived work, and that work must be licensed under the GPL if you distribute it.
I disagree. Install Inkscape on the same machine as Word, and Word will not be affected (still sick, but hey).
Straw man. The GPL doesn't have anything to do with use-rights. It only deals with distribution rights for GPL software, and its viral nature only manifests when distributing derivative works.
How exactly are EULAs viral?
Argument by assertion? How are EULAs viral? A particular EULA could be viral, but in general, the are not. "In order to use this software, you must dance like a chicken for 30 seconds," is an example of a EULA. Please explain how it is viral.
Would you prefer it if we said that the GPL was a recursive, automatic program distribution copyright clause? That is to say, if GPL code is incorporated into your code, two things happen: 1) If you wish to distribute your code, you must distribute it under the GPL. 2) Anyone else incorporating your code must follow these terms.
Copyright isn't viral. If you integrate your code and someone else's code (to which you do not have a license), there's nothing viral about that. You simply violated copyright and neither party has rights to the combined code.
The GPL is viral, but that's ok. It's meant to be. The only problem is that the word "viral" has a negative connotation. That doesn't change the fact that the description is perfectly apt.
The point of my question was to demonstrate that changing passwords can be beneficial to security, assuming that password management requirements aren't such that everyone just uses yellow sticky-notes under their keyboards.
As an avid user of the web and an IT person, there are on the order of 100 passwords I need to know, but at any given time, I probably only need to know a handful, and the ability to cache them makes things easier. For the odd password, keeping it locked in a safe is the way to go (either a virtual safe--a secured computer with an encrypted file--or an actual safe with passwords on a notepad.)
It might be a misconception. The GPL generally forbids you from adding additional terms to the license (which the BSD license does in the form of retaining copyright notices.) However the GPL explicitly allows for this kind of additional term under section 7.
I don't think it's all that unreasonable. Intent is very important in law. If he bought the phone with the intent of using it and then returning it, I could believe that a judge would find that fraudulent.
It's kinda silly having a packet sniffer listening to all passing traffic, when all they really needed to do was look in common places for stored passwords, and have a keystroke logger intercept interesting things.
That was my initial reaction. Then I started really thinking about it.
It's probably harder to determine when those "interesting things" are, and even harder to programatically extract the really useful information from the keystroke logger. However protocol analyzer code already exists, and can detect usernames and passwords without human intervention. This means that the entire attack can be automated, from credential stealing to defacement.
That's not to say that keystroke loggers are going to go away any time soon, but I suspect that for now, they still require human intervention to detect the really useful bits (or at least to do so with a high degree of accuracy.)
What if the password is leaked through means other than cracking? It's certainly possible that a black-hat could get access to one or more passwords in a one-time compromise. Changing passwords regularly means that their access to the system is limited. If it's a regular user, they may not even be able to do much damage.
Do the unofficial patches fix the awful micromanagement required to level in a sane way? Because frankly, the first time I tried to play Oblivion, I gave up on it after getting to level 6 meant that I was no longer effective in combat at all.
I remember one time I was walking by the drugstore and I saw a guy in a mask run out with a bad leaking money. I thought about stopping him and detaining him, but then he took off his mask, walked next door to the coffee shop, and order a cuppa.
Since it was too late to stop him from robbing the bank, I asked if I could sit down and chat.
But if we're going to move to something, it would be nice if that something were more advanced than FAT/UDF. I guess there are two perspectives:
1) Things you'll do on your own. You can already format drives as UDF if you like, as long as you're only using systems which support it (lots of them do per your Wiki link.)
2) Things that we want other people to do. This one is much harder--it's hard to get people to change. Are flash drive makers going to change from FAT to UDF? If so, wouldn't it be nicer if they could change to something better?
I don't see any indication that UDF supports journaling or anything else to maintain filesystem integrity--is that the case? If this is true, I don't see how it will be suitable for general filesystem use....
@OP: If you think that Bioshock is just senseless violence, then you obviously do not understand what the game is about.
A problem with legislation banning violent games is that the legislators won't know what the game is about, either. They'll see "player can kill little kids" and that will be the end of it.
In fact, this is the very reason that freedom of speech is so important. Who should be tasked with determining what speech is okay? People who don't understand the medium? People who have flawed perceptions of reality, or predispositions against certain things (such as nudity or violence?)
Have you ever watched a 7 season TV series on DVD non-stop? It pretty much means you sit in front of the TV for a week and is quite a reality distorting experience.
I used to play Crazy Taxi in the arcade for hours on end. When I got in my car later, it took effort to shift my mental state to not flooring it and taking turns without braking.
How do you manage that? I mean, when you want to go to a page, do you really look for it in all of your tabs? What do you gain by leaving the tab open instead of just going back to the site when you want to view it again?
I tend to max out at about 10 tabs because I close them when I'm not actively using them. It's really, really rare that I even actively use that many.
It's a matter of the scope of the attack. Any resolver (including your ISP's caching nameserver) can be the target. It wouldn't make much sense for an individual's resolver (their PC) to be the target--first of all, it's hard to get them to query for thousands of requests. Second, your payoff is small--you got one machine to think that ns1.example.com resolves to your IP address.
The real target is any caching server that lots of people use. It's much easier to get these to make requests for lots of subdomains (nslookup aaaaaaa1.example.com; nslookup aaaaaaa2.example.com, etc.) And once you've compromised it, you've compromised the DNS for everyone using that server.
Implementing DNSSEC on the caching resolver fixes the wide-scale attack without ever having to touch the clients. Now, an attacker can only target individual PCs. It's an issue, but a much smaller one. For one thing, you don't compromise a million people by attacking one host anymore. You have to do it individually, which makes it much less attractive. For another, it's harder to get into a position to target that user, as you have to get their computer to make the queries. If you can do that, you probably have access to their computer and can make simpler attacks (such as modifying the hosts file.)
Slashdot Mirror
The same thing applies to any GPL software. For example, if my buddy downloaded some GPL package from the project site itself and then sent me a copy of that then the original author would still keep his copyright over my copy and my buddy's copy.
This is disingenuous, because it's not what we're talking about. The GPL goes above and beyond copyright by providing the right to redistribute the software or derivative works of the software under the condition that you pass along the notices you received (in the former case) or that you GPL your work and agree to the terms of the GPL (in the latter case.) That's where the viral nature comes in.
Copyright applies to the work. It's much more abstract than you're trying to make it. The pieces of paper on which a work is printed are not copyrighted--it's the work that's copyrighted. You can do whatever you like with the paper, but if you generate a new copy of the work, you're in violation.
Put another way, there's only one work, and only one copyright on it (a simplification, admittedly, but one which I do not believe tarnishes the argument.) With the derived works clause of the GPL, you may generate a new, derived work, and that work must be licensed under the GPL if you distribute it.
I disagree. Install Inkscape on the same machine as Word, and Word will not be affected (still sick, but hey).
Straw man. The GPL doesn't have anything to do with use-rights. It only deals with distribution rights for GPL software, and its viral nature only manifests when distributing derivative works.
How exactly are EULAs viral?
Argument by assertion? How are EULAs viral? A particular EULA could be viral, but in general, the are not. "In order to use this software, you must dance like a chicken for 30 seconds," is an example of a EULA. Please explain how it is viral.
Would you prefer it if we said that the GPL was a recursive, automatic program distribution copyright clause? That is to say, if GPL code is incorporated into your code, two things happen:
1) If you wish to distribute your code, you must distribute it under the GPL.
2) Anyone else incorporating your code must follow these terms.
Frankly, it sounds like pretty viral to me.
Copyright isn't viral. If you integrate your code and someone else's code (to which you do not have a license), there's nothing viral about that. You simply violated copyright and neither party has rights to the combined code.
The GPL is viral, but that's ok. It's meant to be. The only problem is that the word "viral" has a negative connotation. That doesn't change the fact that the description is perfectly apt.
Not really. We just want things for free. The GPL gives us things for free. Lack of copyright provides the same effect.
I think most of us, even if we don't regularly buy things on steam are agreeable to binding a purchase to an account.
I wouldn't mind binding things to an account, as long as I could unbind it and transfer it to another account.
My mommy thinks I'm funny.
*whoosh*
The point of my question was to demonstrate that changing passwords can be beneficial to security, assuming that password management requirements aren't such that everyone just uses yellow sticky-notes under their keyboards.
As an avid user of the web and an IT person, there are on the order of 100 passwords I need to know, but at any given time, I probably only need to know a handful, and the ability to cache them makes things easier. For the odd password, keeping it locked in a safe is the way to go (either a virtual safe--a secured computer with an encrypted file--or an actual safe with passwords on a notepad.)
Luckily, a lot of these companies don't want their employees watching Youtube. Maybe they'll stick with IE6 due to the lack of compatibility!
It might be a misconception. The GPL generally forbids you from adding additional terms to the license (which the BSD license does in the form of retaining copyright notices.) However the GPL explicitly allows for this kind of additional term under section 7.
I don't think it's all that unreasonable. Intent is very important in law. If he bought the phone with the intent of using it and then returning it, I could believe that a judge would find that fraudulent.
It's kinda silly having a packet sniffer listening to all passing traffic, when all they really needed to do was look in common places for stored passwords, and have a keystroke logger intercept interesting things.
That was my initial reaction. Then I started really thinking about it.
It's probably harder to determine when those "interesting things" are, and even harder to programatically extract the really useful information from the keystroke logger. However protocol analyzer code already exists, and can detect usernames and passwords without human intervention. This means that the entire attack can be automated, from credential stealing to defacement.
That's not to say that keystroke loggers are going to go away any time soon, but I suspect that for now, they still require human intervention to detect the really useful bits (or at least to do so with a high degree of accuracy.)
sniffing all of the traffic for the co-located boxes that were connected to the same switch.
Was it also doing arp poisoning? Because otherwise, something in this story doesn't add up.
What if the password is leaked through means other than cracking? It's certainly possible that a black-hat could get access to one or more passwords in a one-time compromise. Changing passwords regularly means that their access to the system is limited. If it's a regular user, they may not even be able to do much damage.
Do the unofficial patches fix the awful micromanagement required to level in a sane way? Because frankly, the first time I tried to play Oblivion, I gave up on it after getting to level 6 meant that I was no longer effective in combat at all.
I remember one time I was walking by the drugstore and I saw a guy in a mask run out with a bad leaking money. I thought about stopping him and detaining him, but then he took off his mask, walked next door to the coffee shop, and order a cuppa.
Since it was too late to stop him from robbing the bank, I asked if I could sit down and chat.
The poster to whom I originally replied mentioned cross-OS compatibility. I think the scope was pretty clear at that point.
That's fair.
But if we're going to move to something, it would be nice if that something were more advanced than FAT/UDF. I guess there are two perspectives:
1) Things you'll do on your own. You can already format drives as UDF if you like, as long as you're only using systems which support it (lots of them do per your Wiki link.)
2) Things that we want other people to do. This one is much harder--it's hard to get people to change. Are flash drive makers going to change from FAT to UDF? If so, wouldn't it be nicer if they could change to something better?
Wishful thinking, I guess.
I don't see any indication that UDF supports journaling or anything else to maintain filesystem integrity--is that the case? If this is true, I don't see how it will be suitable for general filesystem use....
@OP: If you think that Bioshock is just senseless violence, then you obviously do not understand what the game is about.
A problem with legislation banning violent games is that the legislators won't know what the game is about, either. They'll see "player can kill little kids" and that will be the end of it.
In fact, this is the very reason that freedom of speech is so important. Who should be tasked with determining what speech is okay? People who don't understand the medium? People who have flawed perceptions of reality, or predispositions against certain things (such as nudity or violence?)
Then what's the ultimate of gore?
(Penultimate means next to last, or one less than the ultimate, FYI.)
Have you ever watched a 7 season TV series on DVD non-stop? It pretty much means you sit in front of the TV for a week and is quite a reality distorting experience.
I used to play Crazy Taxi in the arcade for hours on end. When I got in my car later, it took effort to shift my mental state to not flooring it and taking turns without braking.
I know exactly what you're talking about.
How do you manage that? I mean, when you want to go to a page, do you really look for it in all of your tabs? What do you gain by leaving the tab open instead of just going back to the site when you want to view it again?
I tend to max out at about 10 tabs because I close them when I'm not actively using them. It's really, really rare that I even actively use that many.
It's a matter of the scope of the attack. Any resolver (including your ISP's caching nameserver) can be the target. It wouldn't make much sense for an individual's resolver (their PC) to be the target--first of all, it's hard to get them to query for thousands of requests. Second, your payoff is small--you got one machine to think that ns1.example.com resolves to your IP address.
The real target is any caching server that lots of people use. It's much easier to get these to make requests for lots of subdomains (nslookup aaaaaaa1.example.com; nslookup aaaaaaa2.example.com, etc.) And once you've compromised it, you've compromised the DNS for everyone using that server.
Implementing DNSSEC on the caching resolver fixes the wide-scale attack without ever having to touch the clients. Now, an attacker can only target individual PCs. It's an issue, but a much smaller one. For one thing, you don't compromise a million people by attacking one host anymore. You have to do it individually, which makes it much less attractive. For another, it's harder to get into a position to target that user, as you have to get their computer to make the queries. If you can do that, you probably have access to their computer and can make simpler attacks (such as modifying the hosts file.)
The uptake of cell phones has essentially created the need. There are fewer pay phones out there (and incidentally, they cost more than they used to.)