Of course I wouldn't, but it all boils down to intent.
I completely understand why the guy who got caught as a young man breaking into computers (probably just for fun) did what he did. I know I did the same thing, and just never got caught. I don't see what he did as a 'sickness', and don't see it as any worse than a *lot* of technically illegal things younger people do.
A child molester, on the other hand, treads into animilastic behavior and the roots of civilised society; I belive that child molesters don't deserve prison, they deserve death.
I believe you may be under the impression that I think reverse engineering is bad; quite the opposite. I am not opposed to things like DeCSS, the cuecat fiasco, satellite decoding, or anything else whatseover. I am very much in favor of it.
If we use DeCSS as a rough example, we see that, once accused of doing something 'illegal', the DeCSS crowd responds with 'but we had a moral cause; we wanted a linux DVD player'. This is nothing but 'making an excuse'. The *REAL* answer should be 'we don't NEED an excuse to do what we did. It is our right'.
I very much understand the history of software in use today.
If you make excuses for the reverse-engineering you do, based on some high moral cause, or whatever, you simply give your opponents (the industry) ammunition to fight back with. If you flat out come out and say 'I've always had the right to do this.' what can they say? They cannot fight you other than to try to show how you do not have that right.
All too often, I cringe when I see the open-source community make 'excuses' as to why they do what they do.
For instance, the DECSS thing. Everyone says 'we did it to make a fre eplayer for linux'. Bullshit. It was done simply because it was possible.
And before someone tears me a new one for saying this, please realizet hat what I'm saying is you shouldn't NEED an excuse to reverse-engineer stuff. YOu don't NEED a noble purpose; it's your RIGHT to rip stuff apart and figure out how it works!
Saying 'oh but I just wanted to make a free player' or 'but htere is no linux version of the cuecat and I wanted to make one' is just FEEBLE! Stand up for the truth.. the fact that you did it because IT IS YOUR RIGHT.
Not the same thing at all. I don't recall being presented with any sort of 'license' for the cuecat.
Besides.. unlike *software*, the transfer of material goods has VERY LONG STANDING basis in law.
If they said 'here's your free cuecat' and didn't give you any contract to sign.. THEY GAVE YOU THE HARDWARE.
Software is a different matter altogether.
If someone did what you said with our GPL code, we would go ape shit because they *illegally* broke the license.
As per guidelines as to what constitutes 'employment', the fact that an employer and employee (regardless of the terms they use, ie: contractor) agree on a lesser wage does not exempt the employer from his legal obligation to pay minimum wage.
If you do work and get free hardware, that is a taxable benefit, or income, however you want to slice it. Generally, *anything* of value given in exchange for work (or anything else) is income, unless specifically exempt.(Lotteries.. oh wait.. that's only exempt in Canada)
What can (and does) happen are situations like this:
An employer states that you are on 'contract' (or rather, you both 'agree' to this) and he doesn't have to actually pay you a minimum hourly wage. Part of your 'contract' is that you attend from 9-5.
The courts see this as 'employment' regardless of how it's packaged, and he is required to pay the equivalent of minimum wage.
I agree that hardware in exchagne for some code is not wrong.. however, labor law indicates that, if you are performing a service, or giving something of value to the company, they must pay you fairly for it. This means minimum wage.
by a department or a worker who's 'goal' is to convert the company to linux.
The 'goal' should be to have the necessary services running with the necessary stability with the best budget possible. If the solution to that is linux, great.
But the reason for doing anything must be to solve the problems at hand, not to 'get this certain OS into play'.
Or perhaps I'm just misunderstanding and being a whiner.. which is all too possible this early in the morning.
Your motives are incorrect, I think.
It is valid to not want the convict working for you.. but the reason should be fear of litigaton *if* something happens, not fear that he will actually do something.
I would trust someone equally, had they been conviceted or not. What I don't trust is my clients feeling the same way.
Unfortunately, that's what happens when you live in the most litigous society on earth.
Why would it make a difference? Risk analysis. If Phiber ever did something bad (which I have no doubt he would never do.. but that's not how risk management works), and the client who was violated could show that the company *KNEW* he was a convicted felon.. who's negligent? This is the US man.. they would sue @stake for knowingly hiring a convicted hacker.
Sucks, eh?
What you refer to is copyright, not patent, and it's entirely valid.
The sealed envelope with a dated postal mark on it would be rather good proof that the enclosed items existed on the date of stamping.
Point is, people shoudl be able to file antipatents for *ver little money*. The reason? simple.
- If other companies try to patent something, that matches a previous anti-patent, then they cannot, as obviously, it's not 'new'.
- If the antipatent actually covers something previously patented, (because an expensive patent search wasn't done) that's okay too. The original patent owner takes precedence. in other words, make it so the presence of an antipatent does *not* necessarily mean there is no patent, just that if there is, it was filed previous.
Nothing in that article really qualifies as a 'security hole' in Debian. And most of the things in the article are common to *ALL* distributions. LEt's look at them.
- Single partition / for whole system as a *default*.
Well.. first, you *DO* have the option of changing this when you install. It's not an 'automatic' thing insomuch as windows does this automatically. And from what I know, most home users do this anyway Servers no, Home use, yes.
Crypt passwords (instead of md5) by default. HELLO.. the screen ASKS you what you want to use, and just happens to have 'crypt' already selected. And they *are* right.
Now.. basic inetd services (time, echo, discard). Yes, those of us security minded tend to shut these off.. however... I think it's common knowledge that the *FIRST* thing you do with a new distro is go in and disble these. I have yet to use a distro that doesn't put these in. And I'm unaware of any current (or past) security holes in the basic inetd services. These services are *internal* to inetd. If you are *really* worried about inetd's security, why not STOP RUNNING IT ALTOGETHER?
As for 'login' and such... see above. Commenting out inetd is standard pratcice. EVERYBODY knows that.
'gnuplot' is mentioned for some reason.. even though they install it correctly (as the article says).
And EXIM using RBL? What has that to do with security (whether or not RBL is currently working?).
Okay. Calling DPKG a security problem because it doesn't allow package signing? I'll grant that's kind of valid.. but how many signed packages are their in any other linux distribution? I don't believe I've ever seen even a single one! (in other words.. who cares if RPM can do this if nobody uses it). Oh wait.. you could always just INSTALL RPM!
The users home directory thing.. that's something to always check on every distro, because it's always different wherever you go. As the admin, if you don't like it, change it. Also.. the permissions suggested on users home directories lulls them into a sense of security;)
lilo doesn't use sulogin? C'mon.. if you are local, you can break in *anyway*. Lots of distros don't use sulogin, and nobody has a problem.
I have to catch a plane, so I can't get the rest of the article (There look to actually be acouple of valid thigns that could use patching mentioned).
But that whole first section of the article is just whining about settings not being exactly the way the author would have liked them,.
'abuse' their patent? if they really DO have a patent to things used by 3dfx, then how is it 'abusing' their patent?
They can't sue 3dfx for past uses, before 3dfx was notified of the problem.
They can get them for everything past that point.
They have a legeal right to enforce their patent.
Of course, none of this changes the fact that patents are largely rediculous in the first place.
First, the background.
I've used Sun for years in various projects and jobs. I like Sun. I know what it's like, what it's capable of.
So.. my company needed a couple workstations. I already knew what I wanted. So. I called my local Sun office and asked for a quote.
Then.. this sales guy *insisited* on coming to have coffee. Okay.. sure. no sweat.
He brings his 'engineer' with him. While sipping our fresh coffee, I show them around our place, tell them about what we do... and explain to them why I need the two workstations. I show them my *already* new network room freshly populated with servers.
What do they do? They sit down with me to give me their 'presentation' about how great Sun is and how crappy everyone else is, and keep trying to convince met o buy Sun workstations. HUNH? I think? WHAT? I alreadyh TOLD them I was going to buy them. WHy are they still trying to sell them to me?
Oh. And THEN they got on about servers. I had to cut the meeting off, saying 'Look fellows.. I do know about your servers... I just bought servers, and there is no way it's changing for the moment.'
Of course, then they invited me to their demo center to see how their little 450 acting as a 'file server' was so much cooler than the NetApp filer that I was about to buy... okay, I thought.. I'll go see that.
The entire meeting consisted of some guy from Sun showing me their 'NT' integration package, how it does CIFS and how it does domain control, and explaining how it was derived from actual MS source code. Whoppie, I said. I *have* NT servers to do this stuff. Does it do dynamic NIS to NT domain mappings? Oh.. no. Does it let me edit NT ACL's with vi? No.. sorry, they didn't know. Oh, and in order to make it *just* like NT, it has the same bugs in the file sharing code.
Great, I said. Guys... I want the benefits of unix here... not just another NT box. You are offering me a file server solution that is a) more expensive b) only has software raid and c) although i'll grant it has Solaris on it, and is flexible, it still doesn[t have some of the basic snapshot and backup features of the NetApp. And it's far slower at file serving.
I pointed out (politely) that here they were, demonstrating me a product that was designed to get NT admins to get into Sun (and NOT designed to let unix admins do anything cool), even though I already explained to them that I *LOVE* solaris, and already know this crap.
Then, they phoned and phoned and phoned.
Now.. this is *NOT* the behavior I expect from a professional company when I am nice enough to call THEM already ready to buy something.
Firs they have a reputation for stability because they earned it.
Now they want to keep it through legal agreements preventing people from reporting failures in the system.
It shouldn't matter if Sun knows what the problem is or not.. if it's a commercial product (not beta) and it fails, especially at that price, the consumers have a RIGHT to know.
I would almost think that forcing customers to not reveal flaws in your system should be illegal.. it's very anti-consumer.
True.
But it's not hard to believe. THey aren't saying that their internal stuff all runs unix.. they are saying that things that were designed and previously run by companies who were assimilated by microsoft used unix, and microsoft could'nt migrate away.
Of course if they develop new services they are going to do it on NT.
American rampant consumerism... I'm wondering what the problem is.
You can either a) Buy the books at regular price or
b) Buy a limited-time licensed DVD-Rom with ALL the books on it, for a cheaper price. This is like a subscription.
Where is the problem? If you don't LIKE the idea of time-limited books, don't BUY them!
No. They are licensing your use of a CD to 'read' those books.
It's legal, but it's bunk.
W
The difference between paying $600 a term for the 'vitabook' and paying $2000 for 'real' books is that YOU GET TO KEEP THE REAL BOOKS!
Of course I wouldn't, but it all boils down to intent.
I completely understand why the guy who got caught as a young man breaking into computers (probably just for fun) did what he did. I know I did the same thing, and just never got caught. I don't see what he did as a 'sickness', and don't see it as any worse than a *lot* of technically illegal things younger people do.
A child molester, on the other hand, treads into animilastic behavior and the roots of civilised society; I belive that child molesters don't deserve prison, they deserve death.
Neat. Wasn't sure how long it had been around.
Sure was neat though.
I believe you may be under the impression that I think reverse engineering is bad; quite the opposite. I am not opposed to things like DeCSS, the cuecat fiasco, satellite decoding, or anything else whatseover. I am very much in favor of it.
If we use DeCSS as a rough example, we see that, once accused of doing something 'illegal', the DeCSS crowd responds with 'but we had a moral cause; we wanted a linux DVD player'. This is nothing but 'making an excuse'. The *REAL* answer should be 'we don't NEED an excuse to do what we did. It is our right'.
I very much understand the history of software in use today.
If you make excuses for the reverse-engineering you do, based on some high moral cause, or whatever, you simply give your opponents (the industry) ammunition to fight back with. If you flat out come out and say 'I've always had the right to do this.' what can they say? They cannot fight you other than to try to show how you do not have that right.
All too often, I cringe when I see the open-source community make 'excuses' as to why they do what they do.
For instance, the DECSS thing. Everyone says 'we did it to make a fre eplayer for linux'. Bullshit. It was done simply because it was possible.
And before someone tears me a new one for saying this, please realizet hat what I'm saying is you shouldn't NEED an excuse to reverse-engineer stuff. YOu don't NEED a noble purpose; it's your RIGHT to rip stuff apart and figure out how it works!
Saying 'oh but I just wanted to make a free player' or 'but htere is no linux version of the cuecat and I wanted to make one' is just FEEBLE! Stand up for the truth.. the fact that you did it because IT IS YOUR RIGHT.
Not the same thing at all. I don't recall being presented with any sort of 'license' for the cuecat.
Besides.. unlike *software*, the transfer of material goods has VERY LONG STANDING basis in law.
If they said 'here's your free cuecat' and didn't give you any contract to sign.. THEY GAVE YOU THE HARDWARE.
Software is a different matter altogether.
If someone did what you said with our GPL code, we would go ape shit because they *illegally* broke the license.
Shouldn't Stratus be suing them for trademark violation? Stratus has had an OS called 'VOS' for 10+ years (and boy was it neat).
As per guidelines as to what constitutes 'employment', the fact that an employer and employee (regardless of the terms they use, ie: contractor) agree on a lesser wage does not exempt the employer from his legal obligation to pay minimum wage.
If you do work and get free hardware, that is a taxable benefit, or income, however you want to slice it. Generally, *anything* of value given in exchange for work (or anything else) is income, unless specifically exempt.(Lotteries.. oh wait.. that's only exempt in Canada)
They VOLUNTEERED!
They were told 'you can do this if you like, and in exchange, we will give you your account for free'.
Yes, under minimum wage laws, they could be considered 'employees'.. but there must be an ounce of sanity here.
20 hours in a factory is a heck of a lot different than 20 hours on aol..
Yes.. but it's a bit more abstract than that.
What can (and does) happen are situations like this:
An employer states that you are on 'contract' (or rather, you both 'agree' to this) and he doesn't have to actually pay you a minimum hourly wage. Part of your 'contract' is that you attend from 9-5.
The courts see this as 'employment' regardless of how it's packaged, and he is required to pay the equivalent of minimum wage.
I agree that hardware in exchagne for some code is not wrong.. however, labor law indicates that, if you are performing a service, or giving something of value to the company, they must pay you fairly for it. This means minimum wage.
by a department or a worker who's 'goal' is to convert the company to linux.
The 'goal' should be to have the necessary services running with the necessary stability with the best budget possible. If the solution to that is linux, great.
But the reason for doing anything must be to solve the problems at hand, not to 'get this certain OS into play'.
Or perhaps I'm just misunderstanding and being a whiner.. which is all too possible this early in the morning.
No such thing as 'degrees kelvin' anymore. It's 'kelvins'.
Your motives are incorrect, I think.
It is valid to not want the convict working for you.. but the reason should be fear of litigaton *if* something happens, not fear that he will actually do something.
I would trust someone equally, had they been conviceted or not. What I don't trust is my clients feeling the same way.
Unfortunately, that's what happens when you live in the most litigous society on earth.
Why would it make a difference? Risk analysis. If Phiber ever did something bad (which I have no doubt he would never do.. but that's not how risk management works), and the client who was violated could show that the company *KNEW* he was a convicted felon.. who's negligent? This is the US man.. they would sue @stake for knowingly hiring a convicted hacker.
Sucks, eh?
So much for the olympics as a great event to pit man against man (and woman against woman) in different physical events.
It's now about countries, politics, technology, and now, nothing but money.
What you refer to is copyright, not patent, and it's entirely valid.
The sealed envelope with a dated postal mark on it would be rather good proof that the enclosed items existed on the date of stamping.
Point is, people shoudl be able to file antipatents for *ver little money*. The reason? simple.
- If other companies try to patent something, that matches a previous anti-patent, then they cannot, as obviously, it's not 'new'.
- If the antipatent actually covers something previously patented, (because an expensive patent search wasn't done) that's okay too. The original patent owner takes precedence. in other words, make it so the presence of an antipatent does *not* necessarily mean there is no patent, just that if there is, it was filed previous.
Since when can you not use linux as a print client?
This thing supports LPR and SMB, no? Linux can do both.
Nothing in that article really qualifies as a 'security hole' in Debian. And most of the things in the article are common to *ALL* distributions. LEt's look at them.
;)
- Single partition / for whole system as a *default*.
Well.. first, you *DO* have the option of changing this when you install. It's not an 'automatic' thing insomuch as windows does this automatically. And from what I know, most home users do this anyway Servers no, Home use, yes.
Crypt passwords (instead of md5) by default. HELLO.. the screen ASKS you what you want to use, and just happens to have 'crypt' already selected. And they *are* right.
Now.. basic inetd services (time, echo, discard). Yes, those of us security minded tend to shut these off.. however... I think it's common knowledge that the *FIRST* thing you do with a new distro is go in and disble these. I have yet to use a distro that doesn't put these in. And I'm unaware of any current (or past) security holes in the basic inetd services. These services are *internal* to inetd. If you are *really* worried about inetd's security, why not STOP RUNNING IT ALTOGETHER?
As for 'login' and such... see above. Commenting out inetd is standard pratcice. EVERYBODY knows that.
'gnuplot' is mentioned for some reason.. even though they install it correctly (as the article says).
And EXIM using RBL? What has that to do with security (whether or not RBL is currently working?).
Okay. Calling DPKG a security problem because it doesn't allow package signing? I'll grant that's kind of valid.. but how many signed packages are their in any other linux distribution? I don't believe I've ever seen even a single one! (in other words.. who cares if RPM can do this if nobody uses it). Oh wait.. you could always just INSTALL RPM!
The users home directory thing.. that's something to always check on every distro, because it's always different wherever you go. As the admin, if you don't like it, change it. Also.. the permissions suggested on users home directories lulls them into a sense of security
lilo doesn't use sulogin? C'mon.. if you are local, you can break in *anyway*. Lots of distros don't use sulogin, and nobody has a problem.
I have to catch a plane, so I can't get the rest of the article (There look to actually be acouple of valid thigns that could use patching mentioned).
But that whole first section of the article is just whining about settings not being exactly the way the author would have liked them,.
'abuse' their patent? if they really DO have a patent to things used by 3dfx, then how is it 'abusing' their patent?
They can't sue 3dfx for past uses, before 3dfx was notified of the problem.
They can get them for everything past that point.
They have a legeal right to enforce their patent.
Of course, none of this changes the fact that patents are largely rediculous in the first place.
Perhaps it's the joker with the HERF gun next door..
Let me tell you my sun story.
First, the background.
I've used Sun for years in various projects and jobs. I like Sun. I know what it's like, what it's capable of.
So.. my company needed a couple workstations. I already knew what I wanted. So. I called my local Sun office and asked for a quote.
Then.. this sales guy *insisited* on coming to have coffee. Okay.. sure. no sweat.
He brings his 'engineer' with him. While sipping our fresh coffee, I show them around our place, tell them about what we do... and explain to them why I need the two workstations. I show them my *already* new network room freshly populated with servers.
What do they do? They sit down with me to give me their 'presentation' about how great Sun is and how crappy everyone else is, and keep trying to convince met o buy Sun workstations. HUNH? I think? WHAT? I alreadyh TOLD them I was going to buy them. WHy are they still trying to sell them to me?
Oh. And THEN they got on about servers. I had to cut the meeting off, saying 'Look fellows.. I do know about your servers... I just bought servers, and there is no way it's changing for the moment.'
Of course, then they invited me to their demo center to see how their little 450 acting as a 'file server' was so much cooler than the NetApp filer that I was about to buy... okay, I thought.. I'll go see that.
The entire meeting consisted of some guy from Sun showing me their 'NT' integration package, how it does CIFS and how it does domain control, and explaining how it was derived from actual MS source code. Whoppie, I said. I *have* NT servers to do this stuff. Does it do dynamic NIS to NT domain mappings? Oh.. no. Does it let me edit NT ACL's with vi? No.. sorry, they didn't know. Oh, and in order to make it *just* like NT, it has the same bugs in the file sharing code.
Great, I said. Guys... I want the benefits of unix here... not just another NT box. You are offering me a file server solution that is a) more expensive b) only has software raid and c) although i'll grant it has Solaris on it, and is flexible, it still doesn[t have some of the basic snapshot and backup features of the NetApp. And it's far slower at file serving.
I pointed out (politely) that here they were, demonstrating me a product that was designed to get NT admins to get into Sun (and NOT designed to let unix admins do anything cool), even though I already explained to them that I *LOVE* solaris, and already know this crap.
Then, they phoned and phoned and phoned.
Now.. this is *NOT* the behavior I expect from a professional company when I am nice enough to call THEM already ready to buy something.
Firs they have a reputation for stability because they earned it.
Now they want to keep it through legal agreements preventing people from reporting failures in the system.
It shouldn't matter if Sun knows what the problem is or not.. if it's a commercial product (not beta) and it fails, especially at that price, the consumers have a RIGHT to know.
I would almost think that forcing customers to not reveal flaws in your system should be illegal.. it's very anti-consumer.
True.
But it's not hard to believe. THey aren't saying that their internal stuff all runs unix.. they are saying that things that were designed and previously run by companies who were assimilated by microsoft used unix, and microsoft could'nt migrate away.
Of course if they develop new services they are going to do it on NT.
American rampant consumerism... I'm wondering what the problem is.
You can either a) Buy the books at regular price or
b) Buy a limited-time licensed DVD-Rom with ALL the books on it, for a cheaper price. This is like a subscription.
Where is the problem? If you don't LIKE the idea of time-limited books, don't BUY them!
No. They are licensing your use of a CD to 'read' those books.
It's legal, but it's bunk.
W
The difference between paying $600 a term for the 'vitabook' and paying $2000 for 'real' books is that YOU GET TO KEEP THE REAL BOOKS!