Mostly empty isn't good enough at the energies involved. It really doesn't matter what the probability for an impact is, since it is almost always going to be > 0. Even at the relatively pedestrian speeds of highway travel, a tiny pebble to the windshield does huge damage if it hits right.
How is "Open source" different from "reverse engineered" in this scenario?
It's not, that's the point. You can't open source something that relies on obscurity to be secure. You can't come up with a DRM scheme that does not rely on you controlling both ends of the pipe. And even in the cases where big media does control both ends of the distribution pipe, you have people with cameras in theaters circumventing that - they've already lost the fight on their home field, this is our playground - they can't win. I, for one, am looking forward to attaching my debugger to their new "innovation".
The difference between SSH, PGP, SSL and the proposed DRM is that the former 3 are between trusted participants, the DRM scheme is trusted vs. untrusted (the user). Making that open source would completely undermine the whole idea behind DRM. SSL and friends are cryptographic solutions to keep communication private, it is implied that both participants in the communication are trusted. Not so with DRM, the whole reason these idiots even think that they need DRM is because they do not trust the receiving party.
DRM cannot win, the trusted vs. untrusted problem cannot be solved, for DRM to work you have to control both ends of the pipe. As soon as data enters the user side, the game is over and it becomes a matter of time before the scheme is circumvented.
I want patents abolished, but that is irrelevant to the merit of this author's case. The author is not arguing for patent reform the way you think he is, he wants patents to stay pretty much the same as now, but slightly tweak the length of each patent to hit his hypothetical sweet spot. Challenging straight up bad science is a good start at a patent reform, at the very least.
I am fully aware that a napkin graph is no way science. I'm challenging the authers premise, that there is a causal link between patent strength and innovation. In fact, slight search engine fu will turn up a veritable zoo of papers on that particular subject, many of which directly contradict what this guy is saying. TechDirt has a bunch of articles on this subject too, and they're sufficiently dumbed down so that anyone should be able to follow it.
Is there any evidence that innovation and technological progress are constrained by com- petition and fostered by monopoly power? Our results, based on a newly constructed dataset of US manufacturing industries observed over more than two decades, suggest that this is not the case. On the contrary, using both patent statistics and productivity growth as al- ternative measures of innovation and technological change, we observe faster technological advances in more competitive markets.
From the conclusion:
Our empirical findings suggest that there is a positive monotonic relationship between competition and innovation. Patent counts (simple or weighted by citations) are found to in- crease with more competition. Similarly, TFP* and LP* keep growing as we move from industries with signicant market power to more competitive industries. These findings seem to contradict the Schumpeterian hypothesis that ex-ante market power is necessary to foster innovation. They also cast serious doubts on the existence of an inverted-U relationship between competition and innovation in markets with well-defined intellectual property rights.
*TFP: total factor productivity *LP: labor productivity Both alternative measures of "technological progress" ie innovation.
Would things have been any better if the scientists said that they considered an earthquake extremely unlikely, just as I will go on the record and say that it is extremely unlikely that the sun will blow up before dinner?
Yes it would. The problem here is that they failed to stress that their answer was their best guess. They built their answer on the assumption, that since 400 minor quakes had released tension energy from the layers below them, an actual earthquake would be minimal due to this prior release. But nobody knows this, it is a guess that more or less plays ball with our understanding of Newtonian mechanics, but it also assumes that the energy in those layers aren't being replenished faster than the minor quakes can release it. The minor quakes could just as easily be the overflow energy from layers that are at maximum tension, and not the security valve they thought it was. Another point is that they overheard another researcher who disagreed with their assumption, he measured abnormal amounts of radon emissions and was concerned enough to evacuate his own family the day prior to the quake. But his data was not taken into consideration, despite their own model being a guess at best.
This! Spot on. And why is the Tabarrok curve not curving downwards? No justification for the shape in the article, other than "of course that is how it looks, d'uh".
If you're of the school that believes that patent protection is always bad, then his argument isn't meant for you.
Him having a different audience in mind does not exclude "us" from using his ill thought out arguments against him. Using the curve he presents, we could easily argue that zero strength patents yield the same amount of innovation as we see today (draw a horizontal line from the "we are here" point to the Y axis), but with the added benefit of having no patent trolls and litigation that produce nothing of value to society. If we factor in the side industry of patent litigation (and assume that patent litigation is bad), we are better off with no patents than with.
He is arguing for trying to find a theoretical global maximum somewhere along the curve "behind us". This, of course, assumes that we buy into his premise and accept that the matter can be simplified to the point of being a curve on a napkin. It also assumes that there is only one point on the curve with a global maximum value for innovation, yet is see no argument from him as to why that would be the case. In fact, there is nothing in the article that remotely constitutes a "proof" that this is how the curve should look.
Hah, I don't care, but that was funny. The sig is not to be taken literally, the key word being label. As in, the label most often applied to people who have differing views, especially by politicians in the western world. It also serves as a flamebaiter, some people around here have a tendency to go straight into the red when they see it. I find that amusing.
The cook should go free (unless you can prove he's the one who poisoned someone--good luck with that) because he's making minimum wage and if he doesn't keep his job, he starves.
That is just ridiculous. Nobody should be exempt from justice based on their salary, high or low. You're looking at this from the wrong side, this is not about the cook and his continued existence, it is about the numerous people that potentially got hurt by him or his colleagues. In any case, this analogy has far outlived it's usefulness.
Developers who deliver shitty work, no matter the cause, should have to answer for that. If the developer takes a short cut to produce a product, and that short cut in turn ruins the lives of a hundred people (for whatever reason), you bet he should burn. It might be his manager, his CEO, or whoever else ultimately is to blame, but I'm fucking sick of hearing of million-tuple leaks that don't have consequences - and even more sick of hearing people on here think that is a good thing.
If it had been proven wrong even a tenth to the time, don't you think the seismologists would stop saying it?
Yes I do. The point is not so much whether statistics back them up or not. The field of seismology hasn't evolved enough to do much other than look at statistics and guess at what is going to happen, most of us know this. But these scientists went one further, and in doing so, they crossed the line between true science and that murky region that lies between it and religion. Knowing full well that they had no basis on which to make any assurances, they did anyway, I presume because the data from a million other quakes told them that the likely outcome would be nothing.
They forgot to mention that they really didn't know. And the worst part of it is, that the people whose life depended on a straight answer were lied to. Had the scientists been honest, they'd have said something along the lines of "our data tells us that nothing is probably going to happen, but we don't know, take precautions". As it stands, their advice was followed, because these people were perceived to be experts with integrity, that is the horrible part of this story.
Their appeal is probably going to lessen the sentence, their jailing is just as much a knee jerk reaction as it is justice. They misrepresented their data, and people died as a consequence, but they were jailed from the assumption that all 307 people could have been saved, I'm doubtful of that. But the trial serves as a good reminder that you can't just go around propping up your pet theory, and worry about your reputation in the science community - sometimes what you say has dire consequences, and you might want to back it up with some facts, or at least temper what you say with some error bars.
The difference is that, if you're a cook in some shitty restaurant where they don't keep stuff clean, and someone gets sick and sues the restaurant or the health board investigate, it's the restaurant and its owners who get in trouble, have to pay judgments, lose their food service license, etc. As a cook, you'll probably lose your job when the restaurant goes belly-up, but you can walk down the street to another restaurant and just get another job.
Well sure, if we absolutely want to keep the analogy alive, I suppose you could see it that way. And then what happens? Is the cook not, in part, responsible for what happened at his former workplace? Unless he's the one who called the health board, he did nobody any good, but due to his willful ignorance, he may have caused harm. Why should he go free?
In your stupid world, software developers who are part of a team led by a shitty manager at a shitty company would be held personally liable for software defects, would have multi-million dollar judgments against them, and would never be able to work again after losing their license because of a mistake made by another team member, the boss's poor direction, the QA team's failure to catch the problem, or the upper management's failure to even have a QA team in the first place (they decided to lay off the QA department to save money and get a big bonus).
You aren't really arguing against what I said, you're just shuffling blame around between pretend people. And you do not have to chose either all black or all white when implementing responsible policy. A software defect is very much a different beast than half a million leaked user records, you can choose to handle each case differently. Who knows, maybe even apply some common sense.
Fact is though, that most of the breaches and failures of software is not due to typos in the source code, or innocent "oopsies". They're caused by ignoring common security practices in the name of profit, much like you say. When that happens, I would like to see some actual consequences for the people who made those decisions, no matter where they are placed on the organisational chart.
The problem with this sort of thinking is that it basically leads to useless perpetual states of alarm.
Yes it does and it should (in this case), because we don't really know much about the process that causes earthquakes. That is the whole point really, these scientists went on record saying that nothing would happen, yet it did, to the tune of 307 deaths. Had they not abused their position of authority, and instead told the truth: "we don't know", this would have been a non story.
As to the doomsday clock and the homeland security thingamagig, I don't have any comment on that, luckily I don't live in a country that employs such blatant scare tactics to generate a perpetual state of fear in it's citizenry.
Restaurant cooks don't have licenses. The restaurants themselves do, but the cooks and other low-level employees do not.
What's the difference? Either the cooks enforce the guidelines to avoid loosing their license, or the restaurant does. There is no practical difference from the view of the consumer. It is, as we would say, an implementation detail.
So why are you trying to make the low-level employees bear all the responsibility, instead of their bosses and the corporations they work for?
I'm not. Anyways, the question was asked an answered.
Software developers are just like line cooks
No, not any more or less than cooks are. In fact, you could probably find more self employed "developers" than cooks (discounting home cooking here), which is part of the overall problem. It is impossible to produce error free code, but good practises and a proper education reduces this risk enormously. But there is an misunderstanding in the rest of the world that "anybody can code", which in turn leads to self-taught imbeciles being let near critical code, and the failure of that logic is only exposed when someone gets hurt. I'm (apparently boldly) stating that it doesn't have to be that way
I guess the "whoosh" meme would apply here, if it hadn't already been raped and beaten to death. Well, I guess it applies nonetheless, so there ya go: whoosh.
Why should a developer be responsible for something failing when he was directed to write it in a half-ass manner by his boss?
Why should he or his boss be allowed off the hook when half a million records were just leaked? It's not so much about a license, that was an example, it is about enforcing due diligence in the business.
For instance, if you want to run a restaurant, you have to get a permit and will be subject to control visits to ensure that you comply with basic guidelines for handling food. Anyone can cook, but to be able to serve your food to other people, you have to have a permit. Same thing should apply to developers (and a whole host of other industries, but software development is the topic du jour), you can hack up a website all you want, but if you want to process payments or handle user data, get a permit and be subjected to control.
The problem is that programming is easy to begin doing, but hard to do right. And there are virtually no consequences when you screw something up royally. We've seen breach upon breach, malfunctions and abuse, yet every time it all boils down to "oops, sorry", and it fades away.
Oh right, forgot about those. I guess we need some kind of if (has_license || is_H1Bs_worker) { do_stuff(); }, yes... yes, much better. All is well now.
OP used the word "developers", your beef is with him/her/it. I don't care what they call themselves, being vulnerable to XSS, SQL injection or any of a number of different script kiddie techniques instantly disqualifies you from being called anything but a hack.
Pining for the olden days is no solution. I think what we need is to recognize that creating and deploying software has consequences, and a such we need a developer license, similar to how being a surgeon or a lawyer requires a license. And we need to enforce it with hard jail time / labor camp, when yet another douchebag leaks half a million rows of user data because he copy-pastaed from Stack Exchange.
Slashdot Mirror
Millions of people do that every year, this particular refugee was just dumb enough to start attention whoring before he was in a safe haven.
He's talking about warfare not pranks.
Mostly empty isn't good enough at the energies involved. It really doesn't matter what the probability for an impact is, since it is almost always going to be > 0. Even at the relatively pedestrian speeds of highway travel, a tiny pebble to the windshield does huge damage if it hits right.
How is "Open source" different from "reverse engineered" in this scenario?
It's not, that's the point. You can't open source something that relies on obscurity to be secure. You can't come up with a DRM scheme that does not rely on you controlling both ends of the pipe. And even in the cases where big media does control both ends of the distribution pipe, you have people with cameras in theaters circumventing that - they've already lost the fight on their home field, this is our playground - they can't win. I, for one, am looking forward to attaching my debugger to their new "innovation".
The difference between SSH, PGP, SSL and the proposed DRM is that the former 3 are between trusted participants, the DRM scheme is trusted vs. untrusted (the user). Making that open source would completely undermine the whole idea behind DRM. SSL and friends are cryptographic solutions to keep communication private, it is implied that both participants in the communication are trusted. Not so with DRM, the whole reason these idiots even think that they need DRM is because they do not trust the receiving party.
DRM cannot win, the trusted vs. untrusted problem cannot be solved, for DRM to work you have to control both ends of the pipe. As soon as data enters the user side, the game is over and it becomes a matter of time before the scheme is circumvented.
Of course you do, how would you localize it if you didn't? Man, some people...
View source -> Line 278.
<link rel="top" title="News for nerds, stuff that matters" href="//slashdot.org/" >
/raise_hand. This should be good.
I want patents abolished, but that is irrelevant to the merit of this author's case. The author is not arguing for patent reform the way you think he is, he wants patents to stay pretty much the same as now, but slightly tweak the length of each patent to hit his hypothetical sweet spot. Challenging straight up bad science is a good start at a patent reform, at the very least.
I am fully aware that a napkin graph is no way science. I'm challenging the authers premise, that there is a causal link between patent strength and innovation. In fact, slight search engine fu will turn up a veritable zoo of papers on that particular subject, many of which directly contradict what this guy is saying. TechDirt has a bunch of articles on this subject too, and they're sufficiently dumbed down so that anyone should be able to follow it.
COMPETITION & INNOVATION: New Evidence from US Patent and Productivity Data (PDF 29 pages).
From the abstract:
Is there any evidence that innovation and technological progress are constrained by com-
petition and fostered by monopoly power? Our results, based on a newly constructed dataset
of US manufacturing industries observed over more than two decades, suggest that this is
not the case. On the contrary, using both patent statistics and productivity growth as al-
ternative measures of innovation and technological change, we observe faster technological
advances in more competitive markets.
From the conclusion:
Our empirical findings suggest that there is a positive monotonic relationship between
competition and innovation. Patent counts (simple or weighted by citations) are found to in-
crease with more competition. Similarly, TFP* and LP* keep growing as we move from industries
with signicant market power to more competitive industries. These findings seem to contradict
the Schumpeterian hypothesis that ex-ante market power is necessary to foster innovation. They
also cast serious doubts on the existence of an inverted-U relationship between competition and
innovation in markets with well-defined intellectual property rights.
*TFP: total factor productivity
*LP: labor productivity
Both alternative measures of "technological progress" ie innovation.
Would things have been any better if the scientists said that they considered an earthquake extremely unlikely, just as I will go on the record and say that it is extremely unlikely that the sun will blow up before dinner?
Yes it would. The problem here is that they failed to stress that their answer was their best guess. They built their answer on the assumption, that since 400 minor quakes had released tension energy from the layers below them, an actual earthquake would be minimal due to this prior release. But nobody knows this, it is a guess that more or less plays ball with our understanding of Newtonian mechanics, but it also assumes that the energy in those layers aren't being replenished faster than the minor quakes can release it.
The minor quakes could just as easily be the overflow energy from layers that are at maximum tension, and not the security valve they thought it was. Another point is that they overheard another researcher who disagreed with their assumption, he measured abnormal amounts of radon emissions and was concerned enough to evacuate his own family the day prior to the quake. But his data was not taken into consideration, despite their own model being a guess at best.
This!
Spot on. And why is the Tabarrok curve not curving downwards? No justification for the shape in the article, other than "of course that is how it looks, d'uh".
If you're of the school that believes that patent protection is always bad, then his argument isn't meant for you.
Him having a different audience in mind does not exclude "us" from using his ill thought out arguments against him. Using the curve he presents, we could easily argue that zero strength patents yield the same amount of innovation as we see today (draw a horizontal line from the "we are here" point to the Y axis), but with the added benefit of having no patent trolls and litigation that produce nothing of value to society. If we factor in the side industry of patent litigation (and assume that patent litigation is bad), we are better off with no patents than with.
He is arguing for trying to find a theoretical global maximum somewhere along the curve "behind us". This, of course, assumes that we buy into his premise and accept that the matter can be simplified to the point of being a curve on a napkin. It also assumes that there is only one point on the curve with a global maximum value for innovation, yet is see no argument from him as to why that would be the case. In fact, there is nothing in the article that remotely constitutes a "proof" that this is how the curve should look.
Hah, I don't care, but that was funny. The sig is not to be taken literally, the key word being label. As in, the label most often applied to people who have differing views, especially by politicians in the western world. It also serves as a flamebaiter, some people around here have a tendency to go straight into the red when they see it. I find that amusing.
The cook should go free (unless you can prove he's the one who poisoned someone--good luck with that) because he's making minimum wage and if he doesn't keep his job, he starves.
That is just ridiculous. Nobody should be exempt from justice based on their salary, high or low. You're looking at this from the wrong side, this is not about the cook and his continued existence, it is about the numerous people that potentially got hurt by him or his colleagues. In any case, this analogy has far outlived it's usefulness.
Developers who deliver shitty work, no matter the cause, should have to answer for that. If the developer takes a short cut to produce a product, and that short cut in turn ruins the lives of a hundred people (for whatever reason), you bet he should burn. It might be his manager, his CEO, or whoever else ultimately is to blame, but I'm fucking sick of hearing of million-tuple leaks that don't have consequences - and even more sick of hearing people on here think that is a good thing.
If it had been proven wrong even a tenth to the time, don't you think the seismologists would stop saying it?
Yes I do. The point is not so much whether statistics back them up or not. The field of seismology hasn't evolved enough to do much other than look at statistics and guess at what is going to happen, most of us know this. But these scientists went one further, and in doing so, they crossed the line between true science and that murky region that lies between it and religion. Knowing full well that they had no basis on which to make any assurances, they did anyway, I presume because the data from a million other quakes told them that the likely outcome would be nothing.
They forgot to mention that they really didn't know. And the worst part of it is, that the people whose life depended on a straight answer were lied to. Had the scientists been honest, they'd have said something along the lines of "our data tells us that nothing is probably going to happen, but we don't know, take precautions". As it stands, their advice was followed, because these people were perceived to be experts with integrity, that is the horrible part of this story.
Their appeal is probably going to lessen the sentence, their jailing is just as much a knee jerk reaction as it is justice. They misrepresented their data, and people died as a consequence, but they were jailed from the assumption that all 307 people could have been saved, I'm doubtful of that. But the trial serves as a good reminder that you can't just go around propping up your pet theory, and worry about your reputation in the science community - sometimes what you say has dire consequences, and you might want to back it up with some facts, or at least temper what you say with some error bars.
The difference is that, if you're a cook in some shitty restaurant where they don't keep stuff clean, and someone gets sick and sues the restaurant or the health board investigate, it's the restaurant and its owners who get in trouble, have to pay judgments, lose their food service license, etc. As a cook, you'll probably lose your job when the restaurant goes belly-up, but you can walk down the street to another restaurant and just get another job.
Well sure, if we absolutely want to keep the analogy alive, I suppose you could see it that way. And then what happens? Is the cook not, in part, responsible for what happened at his former workplace? Unless he's the one who called the health board, he did nobody any good, but due to his willful ignorance, he may have caused harm. Why should he go free?
In your stupid world, software developers who are part of a team led by a shitty manager at a shitty company would be held personally liable for software defects, would have multi-million dollar judgments against them, and would never be able to work again after losing their license because of a mistake made by another team member, the boss's poor direction, the QA team's failure to catch the problem, or the upper management's failure to even have a QA team in the first place (they decided to lay off the QA department to save money and get a big bonus).
You aren't really arguing against what I said, you're just shuffling blame around between pretend people. And you do not have to chose either all black or all white when implementing responsible policy. A software defect is very much a different beast than half a million leaked user records, you can choose to handle each case differently. Who knows, maybe even apply some common sense.
Fact is though, that most of the breaches and failures of software is not due to typos in the source code, or innocent "oopsies". They're caused by ignoring common security practices in the name of profit, much like you say. When that happens, I would like to see some actual consequences for the people who made those decisions, no matter where they are placed on the organisational chart.
The problem with this sort of thinking is that it basically leads to useless perpetual states of alarm.
Yes it does and it should (in this case), because we don't really know much about the process that causes earthquakes. That is the whole point really, these scientists went on record saying that nothing would happen, yet it did, to the tune of 307 deaths. Had they not abused their position of authority, and instead told the truth: "we don't know", this would have been a non story.
As to the doomsday clock and the homeland security thingamagig, I don't have any comment on that, luckily I don't live in a country that employs such blatant scare tactics to generate a perpetual state of fear in it's citizenry.
Restaurant cooks don't have licenses. The restaurants themselves do, but the cooks and other low-level employees do not.
What's the difference? Either the cooks enforce the guidelines to avoid loosing their license, or the restaurant does. There is no practical difference from the view of the consumer. It is, as we would say, an implementation detail.
So why are you trying to make the low-level employees bear all the responsibility, instead of their bosses and the corporations they work for?
I'm not. Anyways, the question was asked an answered.
Software developers are just like line cooks
No, not any more or less than cooks are. In fact, you could probably find more self employed "developers" than cooks (discounting home cooking here), which is part of the overall problem. It is impossible to produce error free code, but good practises and a proper education reduces this risk enormously. But there is an misunderstanding in the rest of the world that "anybody can code", which in turn leads to self-taught imbeciles being let near critical code, and the failure of that logic is only exposed when someone gets hurt. I'm (apparently boldly) stating that it doesn't have to be that way
Currently living in a random European country, I will most certainly make that claim.
Labor camp, or [*snip*]
I guess the "whoosh" meme would apply here, if it hadn't already been raped and beaten to death. Well, I guess it applies nonetheless, so there ya go: whoosh.
Why should a developer be responsible for something failing when he was directed to write it in a half-ass manner by his boss?
Why should he or his boss be allowed off the hook when half a million records were just leaked? It's not so much about a license, that was an example, it is about enforcing due diligence in the business.
For instance, if you want to run a restaurant, you have to get a permit and will be subject to control visits to ensure that you comply with basic guidelines for handling food. Anyone can cook, but to be able to serve your food to other people, you have to have a permit. Same thing should apply to developers (and a whole host of other industries, but software development is the topic du jour), you can hack up a website all you want, but if you want to process payments or handle user data, get a permit and be subjected to control.
The problem is that programming is easy to begin doing, but hard to do right. And there are virtually no consequences when you screw something up royally. We've seen breach upon breach, malfunctions and abuse, yet every time it all boils down to "oops, sorry", and it fades away.
Oh right, forgot about those. I guess we need some kind of if (has_license || is_H1Bs_worker) { do_stuff(); }, yes... yes, much better. All is well now.
OP used the word "developers", your beef is with him/her/it. I don't care what they call themselves, being vulnerable to XSS, SQL injection or any of a number of different script kiddie techniques instantly disqualifies you from being called anything but a hack.
Pining for the olden days is no solution. I think what we need is to recognize that creating and deploying software has consequences, and a such we need a developer license, similar to how being a surgeon or a lawyer requires a license. And we need to enforce it with hard jail time / labor camp, when yet another douchebag leaks half a million rows of user data because he copy-pastaed from Stack Exchange.