As tragic as it is, the Panama incident does not stand alone. In all, Baseline has found no fewer than a half-dozen cases in which software has contributed to loss of life. I'm surprised that they only found a half-dozen cases in which software contributed to loss of life. Back in the old days when I used to subscribe to the comp.risks digest it used to seem that every couple months there was some fatality or near fatality that could be traced to flawed software. If anything, given the increasing use of embedded systems in our society, I would have thought that the fatality rate would have increased.
This reminds me of a system I worked on several years ago. We used a tiny SQL package as our database support (MySQL, MiniSQL, I forget. Some Australian ShareWare package). It used a web interface and had some really snazzy login. You would authenticate with a token that you point at the login page. The token would read the challenge off the login page. You enter your password into the token and it gives you the proper response to the challenge which you dutifully enter into the login page's input form.
The problem is that our SQL package would accept unauthenticated connections from any IP address. Once connected, you could use SQL to change whatever you wanted in the database, including the security profile of the system. Fortunately we found that problem before release.
I thought of that system as a house. The house had a front door that was VERY secure. It was 8 inch thick oak with big iron bands. It had spikes on the face of the door. It had inch thick bolts that extended into casement and into the foundation. It had a lock that was very advanced and very difficult to pick. It's just that there weren't any walls in the house. Sigh.
My wife is in law school and she tells me that if you can get a civil judgement against a minor, that minor can be held responsible not just for the amount of the judgement, but for interest on that sum as well. Their minority offers no real safety from the consequences of their misdeeds. That student can end up in debt for a sizeable chunk of her adult life.
Tbo writes:
Drug companies spend a higher percentage of their revenues on R&D than any other industry.
A tour through a couple drug companies 10-K forms shows an interesting tidbit about their R&D budgets
Pharmacia 1999 R&D $1434M, SG&A $2800M
Merck 2000 R&D $2344M, Marketing & Admin $6167M Dividends $2904.7
Eli Lilly 2000 R&D $2018.5M, Other Expenses $4985M
Pfizer 2000 R&D $4435M, Selling, informational, & Admin $11,442M
In each case I tried to find a category on the income statement that would include "Advertising". Advertising didn't seem to be broken out in an obvious way so I just picked a category that seemed it would be most likely to include the advertising budget. ("Selling, informational, & admin" from the Pfizer income statment seems to me to be a wonderful euphamism for advertising btw)
Now, I'm more than willing to admit that these companies are spending a ton of money (billions and billions) on R&D. But I have heard before (and the 10-Ks seem to support the claim) that they are spending a hell of a lot more on advertising.
So, the claim that the pharmaceutical companies need IP protection and need to maintain an iron-clad worldwide monopoly on their IP, otherwise they would have no incentive to do the R&D strikes me as a bit disingenuous. A lot more money seems to be spent on advertising Claritin and Viagra than on looking for cures for AIDS or cancer.
Not much point responding to this since it's such an old topic, but there were a couple mistakes I thought I'd try to point out:
Tom7 says:
Yes, though this is typically only done in interpreted languages, like perl. Compiled languages (Java, O'Caml) are more likely to use execv-like system calls
I'm not sure that that would be the case. There is a ton of code out there that uses system(3) to invoke sub-processes, despite the fact that system(3) is known to be a problematic interface from a security point of view.
Tom7 says:
Yeah, this is a good point. In fact, I bet my ftpd is more vulnerable to DOS attacks than wu_ftpd. (I think the user would have to commit as many resources sending data as I commit to receiving it, though.)
Not necessarily. It is easy enough for the attacker to spoof the initial handshake of a TCP connection just by creating raw packets and writing them over a raw socket. Your server gets hit for a file descriptor per connection while the attacker gets hit for the cost of writing some packets. You'll definitely run out of file descriptors before they run out of anything unless you go to the trouble of culling old descriptors.
I've had several teachers that I would rate as excellent, but the one that really stands out would be Eugene Lawler. He taught (among other things) CS 170 which was the basic undergraduate CS Theory class at Berkeley. Turing machines, computabilty, NP Completeness, etc.
Professor Lawler was one of the most approachable professors I ever met. One of my favorite memories from his class was that each week he would appoint one student "The Dummy." It was the job of "The Dummy" to ask at least three stupid questions per class session. The thought was that when one person asked a stupid question other students would be encouraged to ask questions that they had, but which they thought were "too stupid" to ask.
As we were going through the class and I'm doing the reading and checking the bibliography I see that it was Professor Lawler along with Richard Karp that had originally proven quite a lot of the basic theorems presented in the course of the class. I remember being amazed that this fun, approachable, interesting man was at least partially responsible for real groundbreaking research.
I learned a year or so ago that Professor Lawler had, some years since, died of cancer. It makes me sad to think that his light has gone out in this world.
What you're overlooking is the fact that Intel volunteered to have their power shut off in emergencies. They did this in exchange for lower every day rates on power.
No, he's not saying that there's no social reason. He's saying that there's no financial reason. You point out correctly that there is a social reason for a digital divide. Specifically that the information "have-not"s have no interest in getting online. This is true.
On the other hand, your assertion that "only those relative few who have any access to computers can grow a serious interest in computers." is obviously false. When I was growing up, computers were almost inaccessable. But, I was definitely interested as were a handful of my friends. If I could have picked up a 486 PC and operating environment dirt cheap the way you can now, I assure you I would have.
The most powerful hacking tool ever created is the human mind. I have to assume that this will criminalize international travel by any except the mindless.
Motley Fool reports that Valenti believes that "Commerce trumpst the First Amendment."
This is a nit, but I thought I'd correct it anyway. That is not quite what the fool article said. The fool article attributed the "trumps the First Ammendment" to Judge Kaplan, not to Mr. Valenti. The point being that with enough money and power to influnce the system, the RIAA and MPAA can in effect buy whatever verdicts they want, no matter how absurd those verdicts might seem to we right thinking people.
On the brighter side, there is a limit to how far up the judicial system such influences can have an effect. As you get closer to the US Supreme court I suspect that reasoned arguments such as those you present will hold more sway. It's just a matter of surviving long enough to get there.
The least likely thing I saw in that article, the one thing that I think will happen only after there's ice skating and snowball fights in hell, is Steve Jobs saying "Choice is good." Anyone that thinks Steve Jobs wants consumers to have "a choice" of platform is (in my ever so humble opinion) severely deluded.
I tend to agree that it would be good for Apple to make some changes to that they get a larger percentage of their revenues off of software. I just don't think that it'll ever happen as long as Steve Jobs is in charge. As evidence supporting this view I have to point to the decision to kill the MacOS clone manufacturers right after Steve came back to run things at Apple. At least that's the way I remember it. If I'm misremembering recent history, please correct me.
Reminds me of Benjamin Franklin who said: "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
My concern is that that is where our country seems to be headed. From ID badges for high school students to insane government crypto policy to gun control, the message that our government is giving us is that safety is more important than liberty. The government, and the media seem to want us to believe that if we'll just give up this small civil liberty then we'll be much better off and that the government will take care of us.
Is anyone familiar with the work of John Taylor Gatto? Supposedly he was named New York State's "Teacher of the Year" for 1991. He's written and spoken quite a lot about the origins of the US education system.
He claims that the system was copied from the Prussian compulsory education system from the early 19th century. He further claims that a specific design goal of that system was the systematic elimination of 1) individuality, 2) curiosity, 3) independance, and many other characteristics that most people would consider desireable qualities. The goal that this was supposed to achieve was a manageable populace.
Perhaps this is why the powers that be strive to identify the flaw in the children or the children's parents, rather than the flaw in the system. That is, they have no desire to "fix" the system since they don't see the system as broken. It is performing the desired function. This notion certainly casts a different light on the behavior of administrators who allow bullying of "non-conforming" students. The bullies are just one means by which "the nail that stands above the rest" might be "hammered down."
I am somewhat reluctant to invoke Gatto's name in this discussion. Most of the references to Gatto seem to come from conspiracy nuts. And, I haven't checked ANY of his assertions for historical accuracy. But I have to ask myself, "What if he's right?". So just in case he is right and assuming that the slashdotters will check the facts before making up their minds, and with the forgoeing disclaimer, if anyone is interested in reading more, here's an interesting article . And he's published a book: "Dumbing Us Down: The Hidden Curriculum of Compulsory Schooling" which is available from Amazon.com.
Well, if someone says, "Watch your step" and immediately follows that with a quote about the pistol being the "best form of exercise", don't you think that you'd be a little concerned? I know that I would.
As a life member of the NRA, and a former rifle competitor and pistol competitor I have to say that I am very disapointed in ESR. People who are so public about their shooting hobby have to be very careful about what they say, just to make sure that they don't give the wrong impression. ESR should have known that. He let his judgement be clouded by his dislike of Mr. Perens.
This is just one more reason for me to think that ESR is doing more harm than good. Of course in this case the harm that he is doing is not just to the cause of his "tribe", but to the cause of the Right to Keep and Bear Arms.
(This comment is perhaps only tangentially on topic. I hope that doesn't offend.)
I read a book by David Drake ("Lacey And His Friends") that had a similar premise. Similar, but not exactly the same. Instead of being given a phobia of computers, the main character was given a phobia of women.
The main character had committed a rape in his past. After being caught, he was effectively reprogrammed. The intent was to render him incapable of rape. They accidentally went too far and rendered him incapable of even touching a woman. The mere thought the he might have touched a woman would give him violent nausea (as in "A Clockwork Orange")
A more interesting (and perhaps more relevant) theme from "Lacey And His Friends" is that in Lacey's future, privacy is against the law. By law everyone has to have a camera on them 24 hours a day. There are NO hidden places in this world. EVERY square centimeter in this world is under video surveillance 24x7. And everyone has access to these video streams. All Joe Citizen has to do is find the right camera and he can look in on the board room of multinational corporations, or the bedroom of his next door neighbor. In one of the short stories from the book, somebody mails a bomb to a victim. Lacey uses the video records to trace the bomb from explosion, backwards through the mail system right to the guy who mails it. (He gets substantial computer assist.)
This last reminds me of the Melissa case. I don't have enough information to say for sure, but it sounds as if they were able to trace Melissa's author after the fact, even though he was using a stolen AOL account. If you can even be traced through a stolen account, is there really any such thing as anonymity any more?
I have to take exception with parts of Mr. Loukides article. He seems somewhat inconsistent in his ethics when he declares, "...the GPL is fundamentally coercive, and was intended to be so. Morality aside, that just plain hurt the cause.... The net effect was to implse a potential penalty on developers who used GPL software: if you incorporated it into your code, you lost control of your code's use." It also forces me to reach the conclusion that he just plain misses the point.
First, the implication that the GPL is immoral is absurd, given that the GPL only limits the restrictions you can put on the use of the code. What is immoral about requiring that you grant the users of your derivitave work the same rights as you yourself were granted.
To use an analogy, suppose that you have a slave called Mike, toiling away in a salt mine. Along comes Richard who coughs up his own money to buy Mike. Richard offers Mike his freedom, and some money to get started. All Mike has to do is agree never to enslave another human being or to use the money to buy another slave, unless that purchase is for the sole purpose of freeing that third person. Would we call this immoral?
Aside from that, when Mr. Loukides asserts that you lose control of your code's use, he is being ethically inconsistent in that he wants to take control of the use of other people's code. He is saying that he wants to be free to use the code, AND to impose further restrictions on the use that other people make of his derivative work. Say what you want about RMS' abrasive manner, or about his level of maturity when it comes to what we call Linux. At least his ethics are consistent.
Finally, I have to mention that Mr. Loukides misses the point when he says, "The right way to popularize free software...". I don't think that the point of GNU or the GPL was to/popularize/ free software. The point was to/create/ free software. With a less aggressive license than the GPL, the software could become shackled. Rather, the software could become a tool with which to shackle the user.
I agree that ESR deserves a measure of respect for the job that he has done.
But, the problem that I have with his position on this issue is that his main complaint is that the community (or as he puts it, "the tribe") would dare to disagree with him.
He says that Stallman and Perens "threw bombs in public" when all that they did was to post their thoughts in a public forum. If anything, isn't that what this community is all about? We take pride in judging each other by the quality of our thinking (usually expressed in code, but sometimes in English) instead of by other more mainstream measures. We let each other state their case and then choose a position based on the merits of the argument. But when members of the community express a position contrary to that of ESR, he resorts to the ad hominem attack.
If ESR really wanted Perens, Stallman, et al to approach OSI and Apple privately, he should have consulted with them privately BEFORE he publicly stated his opinion that the APSL met the requirements of the Open Source Definition.
That's not the way that I read the "revenue through support" suggestion. To me it means that you are paid for your labor. You build software that people use. But, people ALWAYS want the software to do something slightly different. They want it ported to a new platform, they want new features, they want it optimized for different datasets.
Some of the people using your software have the ability and willingness to make those changes themselves. Some don't and they're the people who'll pay you for support, even if your software performs precisely to specification.
This post, like many of the other posts on this topic seem (to me) to miss an important point. Specifically, they all start by assuming that there is an inherent right to intellectual property. They then argue that the framers of the Constitution were correct to preserve this human right for us. This is like assuming the existence of God to prove that God is a benevolent god.
The point (and I suppose that I may misunderstand it) of the original poster is that there is no such thing as intellectual property. This is because "ideas" or expressions of those ideas can be copied without real damage to the originator of the idea. (despite the fiction perpetrated by the record companies and IP lawyers). As RMS points out, the patent monopoly is granted to inventors in order to encourage invention for the good of society, not for the good of the inventor.
When tomjanofsky (and many others) say that "people are more likely to create inventions if afforded protections for their intellectual property rights" (paraphrasing, my apologies) they are assuming that the inventors have intellectual property rights to be protected. This assumption is not justified. They are granted, by society, a privilege. The rights that they do have include the right to chose whether or not to share their invention.
An additional argument against the notion of IP "rights" is the fact that patents expire. If one has the "right" to control how people use one's idea, how can the government take that right away. Rights are an inherent part of being human. They are not for the government to grant or take away. The Bill Of Rights (for example) does not grant rights to citizens. What it does is specify a (non-exclusive) list of rights that people already possess and prohibits the government from infringing on those rights.
By way of disclaimer, I have yet to copyleft anything worthy of the GPL.
Perhaps a general intrusion detection system would be a good approach if you're concerned that it might be script kiddies. ISS makes a good one, but then I'm biased:-) Network Flight Recorder would probably also be a good one though I have no direct experience with them.
I think that you can download an evaluation copy of ISS' RealSecure from http://www.iss.net. Or, NFR is at http://www.nfr.com. They say that they have eval copies for download.
Slashdot Mirror
As tragic as it is, the Panama incident does not stand alone. In all, Baseline has found no fewer than a half-dozen cases in which software has contributed to loss of life.
I'm surprised that they only found a half-dozen cases in which software contributed to loss of life. Back in the old days when I used to subscribe to the comp.risks digest it used to seem that every couple months there was some fatality or near fatality that could be traced to flawed software. If anything, given the increasing use of embedded systems in our society, I would have thought that the fatality rate would have increased.
This reminds me of a system I worked on several years ago. We used a tiny SQL package as our database support (MySQL, MiniSQL, I forget. Some Australian ShareWare package). It used a web interface and had some really snazzy login. You would authenticate with a token that you point at the login page. The token would read the challenge off the login page. You enter your password into the token and it gives you the proper response to the challenge which you dutifully enter into the login page's input form.
The problem is that our SQL package would accept unauthenticated connections from any IP address. Once connected, you could use SQL to change whatever you wanted in the database, including the security profile of the system. Fortunately we found that problem before release.
I thought of that system as a house. The house had a front door that was VERY secure. It was 8 inch thick oak with big iron bands. It had spikes on the face of the door. It had inch thick bolts that extended into casement and into the foundation. It had a lock that was very advanced and very difficult to pick. It's just that there weren't any walls in the house. Sigh.
My wife is in law school and she tells me that if you can get a civil judgement against a minor, that minor can be held responsible not just for the amount of the judgement, but for interest on that sum as well. Their minority offers no real safety from the consequences of their misdeeds. That student can end up in debt for a sizeable chunk of her adult life.
Heh, good one. You had me for a couple minutes there. It was the infinite power source that gave it away for me.
Thanks for the chuckle slashdot.
Breck
A tour through a couple drug companies 10-K forms shows an interesting tidbit about their R&D budgets
Pharmacia 1999 R&D $1434M, SG&A $2800M
Merck 2000 R&D $2344M, Marketing & Admin $6167M Dividends $2904.7
Eli Lilly 2000 R&D $2018.5M, Other Expenses $4985M
Pfizer 2000 R&D $4435M, Selling, informational, & Admin $11,442M
In each case I tried to find a category on the income statement that would include "Advertising". Advertising didn't seem to be broken out in an obvious way so I just picked a category that seemed it would be most likely to include the advertising budget. ("Selling, informational, & admin" from the Pfizer income statment seems to me to be a wonderful euphamism for advertising btw)
Now, I'm more than willing to admit that these companies are spending a ton of money (billions and billions) on R&D. But I have heard before (and the 10-Ks seem to support the claim) that they are spending a hell of a lot more on advertising.
So, the claim that the pharmaceutical companies need IP protection and need to maintain an iron-clad worldwide monopoly on their IP, otherwise they would have no incentive to do the R&D strikes me as a bit disingenuous. A lot more money seems to be spent on advertising Claritin and Viagra than on looking for cures for AIDS or cancer.
Not much point responding to this since it's such an old topic, but there were a couple mistakes I thought I'd try to point out:
Tom7 says:
Yes, though this is typically only done in interpreted languages, like perl. Compiled languages (Java, O'Caml) are more likely to use execv-like system calls
I'm not sure that that would be the case. There is a ton of code out there that uses system(3) to invoke sub-processes, despite the fact that system(3) is known to be a problematic interface from a security point of view.
Tom7 says:
Yeah, this is a good point. In fact, I bet my ftpd is more vulnerable to DOS attacks than wu_ftpd. (I think the user would have to commit as many resources sending data as I commit to receiving it, though.)
Not necessarily. It is easy enough for the attacker to spoof the initial handshake of a TCP connection just by creating raw packets and writing them over a raw socket. Your server gets hit for a file descriptor per connection while the attacker gets hit for the cost of writing some packets. You'll definitely run out of file descriptors before they run out of anything unless you go to the trouble of culling old descriptors.
I've had several teachers that I would rate as excellent, but the one that really stands out would be Eugene Lawler. He taught (among other things) CS 170 which was the basic undergraduate CS Theory class at Berkeley. Turing machines, computabilty, NP Completeness, etc.
Professor Lawler was one of the most approachable professors I ever met. One of my favorite memories from his class was that each week he would appoint one student "The Dummy." It was the job of "The Dummy" to ask at least three stupid questions per class session. The thought was that when one person asked a stupid question other students would be encouraged to ask questions that they had, but which they thought were "too stupid" to ask.
As we were going through the class and I'm doing the reading and checking the bibliography I see that it was Professor Lawler along with Richard Karp that had originally proven quite a lot of the basic theorems presented in the course of the class. I remember being amazed that this fun, approachable, interesting man was at least partially responsible for real groundbreaking research.
I learned a year or so ago that Professor Lawler had, some years since, died of cancer. It makes me sad to think that his light has gone out in this world.
What you're overlooking is the fact that Intel volunteered to have their power shut off in emergencies. They did this in exchange for lower every day rates on power.
No, he's not saying that there's no social reason. He's saying that there's no financial reason. You point out correctly that there is a social reason for a digital divide. Specifically that the information "have-not"s have no interest in getting online. This is true.
On the other hand, your assertion that "only those relative few who have any access to computers can grow a serious interest in computers." is obviously false. When I was growing up, computers were almost inaccessable. But, I was definitely interested as were a handful of my friends. If I could have picked up a 486 PC and operating environment dirt cheap the way you can now, I assure you I would have.
The most powerful hacking tool ever created is the human mind. I have to assume that this will criminalize international travel by any except the mindless.
Motley Fool reports that Valenti believes that "Commerce trumpst the First Amendment."
This is a nit, but I thought I'd correct it anyway. That is not quite what the fool article said. The fool article attributed the "trumps the First Ammendment" to Judge Kaplan, not to Mr. Valenti. The point being that with enough money and power to influnce the system, the RIAA and MPAA can in effect buy whatever verdicts they want, no matter how absurd those verdicts might seem to we right thinking people.
On the brighter side, there is a limit to how far up the judicial system such influences can have an effect. As you get closer to the US Supreme court I suspect that reasoned arguments such as those you present will hold more sway. It's just a matter of surviving long enough to get there.
The least likely thing I saw in that article, the one thing that I think will happen only after there's ice skating and snowball fights in hell, is Steve Jobs saying "Choice is good." Anyone that thinks Steve Jobs wants consumers to have "a choice" of platform is (in my ever so humble opinion) severely deluded.
I tend to agree that it would be good for Apple to make some changes to that they get a larger percentage of their revenues off of software. I just don't think that it'll ever happen as long as Steve Jobs is in charge. As evidence supporting this view I have to point to the decision to kill the MacOS clone manufacturers right after Steve came back to run things at Apple. At least that's the way I remember it. If I'm misremembering recent history, please correct me.
Hmmm, wasn't that Hedy Lamarr?
Reminds me of Benjamin Franklin who said:
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
My concern is that that is where our country seems to be headed. From ID badges for high school students to insane government crypto policy to gun control, the message that our government is giving us is that safety is more important than liberty. The government, and the media seem to want us to believe that if we'll just give up this small civil liberty then we'll be much better off and that the government will take care of us.
He claims that the system was copied from the Prussian compulsory education system from the early 19th century. He further claims that a specific design goal of that system was the systematic elimination of 1) individuality, 2) curiosity, 3) independance, and many other characteristics that most people would consider desireable qualities. The goal that this was supposed to achieve was a manageable populace.
Perhaps this is why the powers that be strive to identify the flaw in the children or the children's parents, rather than the flaw in the system. That is, they have no desire to "fix" the system since they don't see the system as broken. It is performing the desired function. This notion certainly casts a different light on the behavior of administrators who allow bullying of "non-conforming" students. The bullies are just one means by which "the nail that stands above the rest" might be "hammered down."
I am somewhat reluctant to invoke Gatto's name in this discussion. Most of the references to Gatto seem to come from conspiracy nuts. And, I haven't checked ANY of his assertions for historical accuracy. But I have to ask myself, "What if he's right?". So just in case he is right and assuming that the slashdotters will check the facts before making up their minds, and with the forgoeing disclaimer, if anyone is interested in reading more, here's an interesting article . And he's published a book: "Dumbing Us Down: The Hidden Curriculum of Compulsory Schooling" which is available from Amazon.com.
Good luck to us all.
As a life member of the NRA, and a former rifle competitor and pistol competitor I have to say that I am very disapointed in ESR. People who are so public about their shooting hobby have to be very careful about what they say, just to make sure that they don't give the wrong impression. ESR should have known that. He let his judgement be clouded by his dislike of Mr. Perens.
This is just one more reason for me to think that ESR is doing more harm than good. Of course in this case the harm that he is doing is not just to the cause of his "tribe", but to the cause of the Right to Keep and Bear Arms.
I read a book by David Drake ("Lacey And His Friends") that had a similar premise. Similar, but not exactly the same. Instead of being given a phobia of computers, the main character was given a phobia of women.
The main character had committed a rape in his past. After being caught, he was effectively reprogrammed. The intent was to render him incapable of rape. They accidentally went too far and rendered him incapable of even touching a woman. The mere thought the he might have touched a woman would give him violent nausea (as in "A Clockwork Orange")
A more interesting (and perhaps more relevant) theme from "Lacey And His Friends" is that in Lacey's future, privacy is against the law. By law everyone has to have a camera on them 24 hours a day. There are NO hidden places in this world. EVERY square centimeter in this world is under video surveillance 24x7. And everyone has access to these video streams. All Joe Citizen has to do is find the right camera and he can look in on the board room of multinational corporations, or the bedroom of his next door neighbor. In one of the short stories from the book, somebody mails a bomb to a victim. Lacey uses the video records to trace the bomb from explosion, backwards through the mail system right to the guy who mails it. (He gets substantial computer assist.)
This last reminds me of the Melissa case. I don't have enough information to say for sure, but it sounds as if they were able to trace Melissa's author after the fact, even though he was using a stolen AOL account. If you can even be traced through a stolen account, is there really any such thing as anonymity any more?
Yet Another Open Source License. Oh boy!
... The net effect was to implse a potential penalty on developers who used GPL software: if you incorporated it into your code, you lost control of your code's use." It also forces me to reach the conclusion that he just plain misses the point.
/popularize/ free software. The point was to /create/ free software. With a less aggressive license than the GPL, the software could become shackled. Rather, the software could become a tool with which to shackle the user.
I have to take exception with parts of Mr. Loukides article. He seems somewhat inconsistent in his ethics when he declares, "...the GPL is fundamentally coercive, and was intended to be so. Morality aside, that just plain hurt the cause.
First, the implication that the GPL is immoral is absurd, given that the GPL only limits the restrictions you can put on the use of the code. What is immoral about requiring that you grant the users of your derivitave work the same rights as you yourself were granted.
To use an analogy, suppose that you have a slave called Mike, toiling away in a salt mine. Along comes Richard who coughs up his own money to buy Mike. Richard offers Mike his freedom, and some money to get started. All Mike has to do is agree never to enslave another human being or to use the money to buy another slave, unless that purchase is for the sole purpose of freeing that third person. Would we call this immoral?
Aside from that, when Mr. Loukides asserts that you lose control of your code's use, he is being ethically inconsistent in that he wants to take control of the use of other people's code. He is saying that he wants to be free to use the code, AND to impose further restrictions on the use that other people make of his derivative work. Say what you want about RMS' abrasive manner, or about his level of maturity when it comes to what we call Linux. At least his ethics are consistent.
Finally, I have to mention that Mr. Loukides misses the point when he says, "The right way to popularize free software...". I don't think that the point of GNU or the GPL was to
I agree that ESR deserves a measure of respect for the job that he has done.
But, the problem that I have with his position on this issue is that his main complaint is that the community (or as he puts it, "the tribe") would dare to disagree with him.
He says that Stallman and Perens "threw bombs in public" when all that they did was to post their thoughts in a public forum. If anything, isn't that what this community is all about? We take pride in judging each other by the quality of our thinking (usually expressed in code, but sometimes in English) instead of by other more mainstream measures. We let each other state their case and then choose a position based on the merits of the argument. But when members of the community express a position contrary to that of ESR, he resorts to the ad hominem attack.
If ESR really wanted Perens, Stallman, et al to approach OSI and Apple privately, he should have consulted with them privately BEFORE he publicly stated his opinion that the APSL met the requirements of the Open Source Definition.
That's not the way that I read the "revenue through support" suggestion. To me it means that you are paid for your labor. You build software that people use. But, people ALWAYS want the software to do something slightly different. They want it ported to a new platform, they want new features, they want it optimized for different datasets.
Some of the people using your software have the ability and willingness to make those changes themselves. Some don't and they're the people who'll pay you for support, even if your software performs precisely to specification.
This post, like many of the other posts on this topic seem (to me) to miss an important point. Specifically, they all start by assuming that there is an inherent right to intellectual property. They then argue that the framers of the Constitution were correct to preserve this human right for us. This is like assuming the existence of God to prove that God is a benevolent god.
The point (and I suppose that I may misunderstand it) of the original poster is that there is no such thing as intellectual property. This is because "ideas" or expressions of those ideas can be copied without real damage to the originator of the idea. (despite the fiction perpetrated by the record companies and IP lawyers). As RMS points out, the patent monopoly is granted to inventors in order to encourage invention for the good of society, not for the good of the inventor.
When tomjanofsky (and many others) say that "people are more likely to create inventions if afforded protections for their intellectual property rights" (paraphrasing, my apologies) they are assuming that the inventors have intellectual property rights to be protected. This assumption is not justified. They are granted, by society, a privilege. The rights that they do have include the right to chose whether or not to share their invention.
An additional argument against the notion of IP "rights" is the fact that patents expire. If one has the "right" to control how people use one's idea, how can the government take that right away. Rights are an inherent part of being human. They are not for the government to grant or take away. The Bill Of Rights (for example) does not grant rights to citizens. What it does is specify a (non-exclusive) list of rights that people already possess and prohibits the government from infringing on those rights.
By way of disclaimer, I have yet to copyleft anything worthy of the GPL.
Perhaps a general intrusion detection system would be a good approach if you're concerned that it might be script kiddies. ISS makes a good one, but then I'm biased :-) Network Flight Recorder would probably also be a good one though I have no direct experience with them.
I think that you can download an evaluation copy of ISS' RealSecure from http://www.iss.net. Or,
NFR is at http://www.nfr.com. They say that they have eval copies for download.
Good Luck