"I look at this as bad news for SCO," said Dion Cornett, an analyst for Decatur Jones Equity Partners - Soleil. "I don't think BayStar is going to be very successful in getting their money back. It's very difficult for a private equity investor to force a redemption on a company that doesn't want to redeem.
But it makes it very difficult for SCO to raise future financing."
SCO will certainly need lots of money if it wants to fight the likes of massive IBM, he noted. "I think they'll need all the $65 million they have in the bank to fund this fight. This is going to be a multi-year, very protracted lawsuit, if it's not dismissed."
(emphasis added) Thus, even if SCO eventually prevails over Baystar this may still sink SCO. SCO won't be able to obtain enough funding to battle IBM, et al.
Does the following tell you anything? (I'll leave it to the reader to decide "about what"... if anything.)
Trial 1
Artist:Red Hot Chilli Peppers Song Title: By the Way Quality: CD Environment: Office Record Time: 22 seconds Response Time: 14 seconds Verdict: Correct
Trial 2 Artist: Ludacris Song Title: What's Your Fantasy Quality: CD Environment: Office Record Time: 18 seconds Response Time: 16 seconds Verdict: Correct
Trial 3 Artist: AC/DC Song Title: You Shook Me All Night Long Quality: Radio Environment: Car Record Time: 25 seconds Response Time: 15 seconds Verdict: Correct
Trial 4 Artist: Mary Wells Song Title: My Guy Quality: Radio Environment: Car Record Time: 17 seconds Response Time: 18 seconds Verdict: Correct
Trial 5 Artist: Beethoven Song Title: Moonlight Sonata Quality: CD Environment: Office Record Time: 24 Seconds Response Time: About 3 Minutes Verdict: STUMPED
Let's see. Red Hot Chilli Peppers, yep. Ludacris, of course. AC/DC (even on the radio), check. Mary Wells (also on the radio), good to go.
Beethoven? Who the hell? "Moonlight Sonata???" Sure it was CD quality, but... Beethoven?
WUSB security will ensure the same level of security as wired USB. Connection-level security between devices will ensure that the appropriate device is associated and authenticated before operation of the device is permitted. Higher levels of security involving encryption should be implemented at the application level. Processing overhead supporting security should not impose noticeable performance impacts or add device costs.
The above is certainly a requirement for WUSB to take off. However, it does not specify either a means or a method to achieve that goal.
Also, what is this bit about, "Higher levels of security involving encryption should be implemented at the application level?" Will we need to replace our applications with WUSB-Security Enabled (tm) apps?
Finally, long range WUSB coupled with the same level of understanding of, and dedication to, security consumers re: WIFI could make WUSB truly exciting.
As my recent results [slashdot.org] showed, Grandma's only going to be okay if you're willing to come over and handle all hardware changed, and software installations. Good luck.
What you don't realize is that Grandma deliberately breaks things because, damn it, you don't come over and visit enough.
Just who do you think sets up the troubleshooting section of the RHCE exam?
And when in hell are you going to give her some grandkids?
Re:This could mean repercussions against others...
on
Injunction to Enforce GPL
·
· Score: 4, Informative
This could mean repercussions against others......big time. MSFT and their campaign against the GPL as "viral", perhaps?
I doubt that this case will cause repercussions against the MS campaign against the GPL as "viral." On the contrary, I suspect this will be misused by MS to further its attack on the GPL as "viral." The simplistic MS argument will me, "See, this company used GPL software, and all it got in return it was to be sued and hit with a preliminary injunction!"
According to the press release:
When asked about the reasons for the sudden rise in legal pressure for GPL compliance, Harald Welte, Chairman of the Netfilter Core Team states:
"We are not in any way opposing the commercial use of free and open source
software. Specifically, there is no legal risk of using GPL licensed
software in commercial products. But vendors have to comply with the license
terms, just like they would have to with any other, even proprietary software
license agreement."
(emphasis added) I'm not sure companies and PHBs who (superficially) read about this case (and particularly how it is spun) will be confident that "there is no legal risk of using GPL licensed
software in commercial products." Indeed, to be honest, there is of course a risk if one uses GPL licensed software without complying with the license. We need and want there to be such a risk. However, it is a point that may get lost in the spinning and propaganda.
The fact that Mr. Welte felt it was necessary to address the issue speak volumes.
Why? Did they decide to extend the mission because people love following it and want to keep it going? Or are they extending it because they haven't found anything "big" to report on yet?
I expect at least part of the reason is because it is inexpensive. According to the Reuters report, "NASA said it would spend $15 million more to keep the rivers exploring the planet's surface through September." Can you think of a more cost-effective way for NASA to spend that money?
This is an interesting idea, but not very secure. If there was, for example, a need to "knock" a server to activate some sort of access control, then anyone can send the TCP/UPD packets (AFAIK) someone correct me if i'm wrong.
If I understand it correctly, this could be very secure. Imagine trying to guess the combination of a combination lock where each port number represents a possible number of the combination, and the combination is of unknown length (e.g., a combination 3, 5, 45, or 105 numerals long, etc.). Moreover, it might be possible to have the system bar further attempts from a given IP address after two or three failed attempts during a given period of time.
Silver members can download the first three ISO images from the latest PowerPack along with its numerous proprietary drivers and plugins.
Full access to commercial applications which are normally only available in retail packs. Over 130 high-quality packages built & tested for Mandrake Linux can be installed with a single mouse click. Applications include easy-to-use web browser plugins, Java, powerful commercial applications and demo versions, software drivers, and lots more
(emphasis in original). Thus it appears that at least one of the differences between Communty and Official is that the latter contains proprietary software and drivers that need not and cannot be distributed pursuant to the GPL or other Open Source license.
And what about the safety of the products it degrades into? After all, according to the FAQ, "Novec 1230 fluid is photolitically sensitive to sunlight," "substantial decay occurs when exposed to UV radiation," and "an atmospheric lifetime of 5 days is appropriate for Novec 1230 fluid."
The problem is, that bar-code scanner thingy (Cuecat) wasn't a one-way data feed, and neither might this be.
With Cuecat, every time you swiped a barcode, it logged what you were doing and passed that information to the parent marketing firm.
[snip]
I'd guess the RFID thing might work the same way - use the RFID kit to read retail RFIDs and I wouldn't be surprised if it means there's a log somewhere that'll upload to Nokia/whomever. That would be a nice saleable resource for Nokia - I mean, people pay $000's for email lists of dubious provenance, what about a swipe-history of your RFID activity?
There is an additional obvious danger. That Nokia (or whomever uses the technology) will legally legitamize the practice by having the consumer sign a contract containing a provision allowing Nokia (or whomever uses the technology) to upload, use, etc. the information. Although consumers in general never read such contracts, often don't understand them when they do, and don't reject the deal when they do understand the contract (particularly when they can save money), the contract would probably be held to be valid and binding in the U.S.
The obvious solution is to legally forbid such practices. I suspect that in the face of efforts to outlaw the practice, corporations might support a legislative compromise allowing the practice, but requiring the type of "prominent" disclosure (e.g., bold face type of a minimum size, in a separate paragraph, on the front of the page, using clear language, etc.) required by various consumer credit laws. Not that such disclosures would as a practical matter make any difference.
I futher predict that when the issue again rears its ugly head, the Slashdot crowd will be divided between swashbuckling (and sometimes Ayn Rand worshiping) freedom of contract libertarians and privacy / consumer protection (and sometimes nanny-state) liberals.:)
"I'd guess the RFID thing might work the same way - use the RFID kit to read retail RFIDs and I wouldn't be surprised if it means there's a log somewhere that'll upload to Nokia/whomever.
That would be a nice saleable resource for Nokia - I mean, people pay $000's for email lists of dubious provenance, what about a swipe-history of your RFID activity?"
Don't forget that Nokia is an European company, and since the EU has very strict rules regarding collecting/keeping personal data, it is very unlikely that Nokia would try to pull such a move - and if it would, it would most probably result in some BIG fine from the EU.
Good point. However, while Nokia may be an European country: (a) the U.S. is a big market; and (b) EU law regarding data collection does not apply in the U.S. I have little doubt that EU would happily produce for the comparatively unregulated U.S. market cell phones and data collection technology that would be illegal in the EU.
The number of people whose PS2's have been modded by soldering is far greater than the number of people with PS2's who can solder. That's why there are companies providing this service. And because there are companies doing this, and making non-trivial amounts of money, it's worthwhile for some individuals to invest an effort into cracking the system.
A cell phone is not a PS2. Soldering a PS2 is trivial. I suspect that soldering a cell phone is non-trivial.:)
In addition, I don't know how many businesses will stay in business when that business is to circumvent copyright protection schemes and violate the DMCA -- while advertising that fact. Will some? Of course. Will be enough to cause problems to those who provide content to cell carriers? No.
Are you sure there is, and will be, no Linux support? I realize the link is not disposative. However, it indicates there may be Linux support that either hasn't been set forth in the web page yet, or is in progress.
Let's face it, Open Source projects are classically Marxist -- i.e., To each according to their needs, from each according to their ability. (...) it does require certain assumptions regarding human nature
If that were true, Open Source projects would never have got to where they are today.
I think that Open Source software has made tremendous strides and made great contributions. But it is perfectly possible that it has done so despite obvious free rider problems.
People have been charitable for thousands and thousands of years. Other people have been leaching for thousands and thousands of years, yet charity continues.
Unlike Marxism, the Open Source movement does not require everybody to be altruistic and unselfish.
Marxism does not require everybody to be alturistic and unselfish. It simply requires enought capable people to be sufficiently alturistic and unselfish to sufficiently take care of those who are unable or unwilling to take care of themselves.
The DSRC prototype initiative is a prerequisite for introducing new roadway applications such as new roadway applications such as issuing alerts to drivers about impending intersection collisions, rollovers, weather-related road hazards, or warning a driver that his vehicle is going too fast to safely negotiate an upcoming curve
No, the DSRC prototype initiative is NOT a prerequisite to introducing the proposed new roadway safety applications. None of the proposed safety applications require individual identification of a vehicle. An application could issue the planned alerts and warnings without specifying or identifying the vehicle or its owner. If you are issuing a warning about a road hazard, or that vehicle is going too fast to make an upcoming turn, the identity of the vehicle and of the owner are irrelevant.
I dont know about everyone else, but if a bug or security hole is found, I want a patch for it ASAP, and not in 2 months when the next 'service pack' or whatever comes out.
I dont think the issue has to do with patches coming out all the time, but having a better way to install said patches. Lets just say I am really looking forward to Novells Zenworks Patch Management solution.
What if the distribution of the patch is, as matter of emperical fact, what *causes* the development of the exploit? From the article:
Lastly, and most importantly, once the patch was released, the exploit was released the very next day. This wasn't a coincidence where the exploiters just missed having a zero-day exploit. If the patch had been released a week earlier, the worm also would have come out a week earlier.
The patch had the specific information embedded in it that the exploiters needed, and the exploiters already had the expertise and tools required to rapidly make use of the information.
Now I know that this looks like a call for security through obscurity (see also here), but it is an interesting point. It appears the argument is that but for the distribution of the patch, there woudn't have been an exploit. I don't know how often that is true, if ever. But it does appear worth investigation.
As to your last point, the article indicates that the issue is not finding a better way to install patches, but instead finding a better way to distribute them without, if possible, also disseminating information that can be exploited by black hats. Again, from the article:
The main idea is that vendors need to rethink the patch distribution process, slow it down rather than speed it up and deliver security patches in a way designed to defeat the reverse-engineering process.
Let's face it, Open Source projects are classically Marxist...
No, they aren't.
Marxism was an 19th-century economic theory. 19th-century economics treated the existence of scarcity as an axiom. Because of this and other reasons, neither it nor classic capitalism can explain what's going on in the open source movement.
I can't address your "other reasons" because you don't specify what they are. I can, however, address the issue of "scarcity."
Scarcity still exists. With regard to Source Forge, bandwidth is limited and still costs money. With regard to Open Source and Free Software projects, the great and continuing scacity is that of time.
How do you want to spend your time? Playing with your children? Helping them with their homework? With you wife? Working for money?
Or working on an Open Source or Free software project that many people will download and use without making compensation or making a contribution? If the latter, I thank you, and I mean that sincerely. However, the problem of scarcity -- the scarcity of your time -- remains.
Slashdot Mirror
According to the Street.com article "BayStar Says SCO Breached Note":
(emphasis added) Thus, even if SCO eventually prevails over Baystar this may still sink SCO. SCO won't be able to obtain enough funding to battle IBM, et al.
One may wonder whether people who shuffle their music had been children who watched a disproportionate amount of television between the ages of 1 and 3. See also:
Slashdot: TV, ADHD and Doing Useful Things.
Pediatrics Magazine: Early Television Exposure and Subsequent Attentional Problems in Children .
The LA Weekly had an article on this in the April 4-10, 2003, issue: Buckyballs and Screaming Cells: The amazing miniature world of UCLA chemist Jim Gimzewski
James Gimzewski's Website: Pico Lab
Does the following tell you anything? (I'll leave it to the reader to decide "about what"... if anything.)
Let's see. Red Hot Chilli Peppers, yep. Ludacris, of course. AC/DC (even on the radio), check. Mary Wells (also on the radio), good to go.
Beethoven? Who the hell? "Moonlight Sonata???" Sure it was CD quality, but... Beethoven?
From the whitepaper:
The above is certainly a requirement for WUSB to take off. However, it does not specify either a means or a method to achieve that goal.
Also, what is this bit about, "Higher levels of security involving encryption should be implemented at the application level?" Will we need to replace our applications with WUSB-Security Enabled (tm) apps?
Finally, long range WUSB coupled with the same level of understanding of, and dedication to, security consumers re: WIFI could make WUSB truly exciting.
What you don't realize is that Grandma deliberately breaks things because, damn it, you don't come over and visit enough.
Just who do you think sets up the troubleshooting section of the RHCE exam?
And when in hell are you going to give her some grandkids?
I doubt that this case will cause repercussions against the MS campaign against the GPL as "viral." On the contrary, I suspect this will be misused by MS to further its attack on the GPL as "viral." The simplistic MS argument will me, "See, this company used GPL software, and all it got in return it was to be sued and hit with a preliminary injunction!"
According to the press release:
(emphasis added) I'm not sure companies and PHBs who (superficially) read about this case (and particularly how it is spun) will be confident that "there is no legal risk of using GPL licensed
software in commercial products." Indeed, to be honest, there is of course a risk if one uses GPL licensed software without complying with the license. We need and want there to be such a risk. However, it is a point that may get lost in the spinning and propaganda.
The fact that Mr. Welte felt it was necessary to address the issue speak volumes.
Slippery slope arguments are not always (if, technically, ever) logical fallicies. UCLA Law professor Eugene Volokh recently published a great law review article on the subject: The Mechanisms of the Slippery Slope, 116 Harvard Law Review 1026 (2003). (See also PDF Version.)
I expect at least part of the reason is because it is inexpensive. According to the Reuters report, "NASA said it would spend $15 million more to keep the rivers exploring the planet's surface through September." Can you think of a more cost-effective way for NASA to spend that money?
If I understand it correctly, this could be very secure. Imagine trying to guess the combination of a combination lock where each port number represents a possible number of the combination, and the combination is of unknown length (e.g., a combination 3, 5, 45, or 105 numerals long, etc.). Moreover, it might be possible to have the system bar further attempts from a given IP address after two or three failed attempts during a given period of time.
According to the Mandrake Linux Users Club Page, among other things members of the club are entitled to:
(emphasis in original). Thus it appears that at least one of the differences between Communty and Official is that the latter contains proprietary software and drivers that need not and cannot be distributed pursuant to the GPL or other Open Source license.
How out of date can the book be? It was published in February 2004.
Then again, Ethereal version 0.10.3 was released on March 25, 2004.
Ethereal version 0.10.2 was released on February 23, 2004.
Ethereal version 0.10.1 was released on February 18, 2004.
Ethereal version 0.10.0 was released on December 12, 2003.
Perhaps most importantly, according to one Amazon.com review, "the book documents version 0.10.0." Another Amazon.com review states that, "the captures are up to date as of version 0.10.1."
And what about the safety of the products it degrades into? After all, according to the FAQ, "Novec 1230 fluid is photolitically sensitive to sunlight," "substantial decay occurs when exposed to UV radiation," and "an atmospheric lifetime of 5 days is appropriate for Novec 1230 fluid."
There is an additional obvious danger. That Nokia (or whomever uses the technology) will legally legitamize the practice by having the consumer sign a contract containing a provision allowing Nokia (or whomever uses the technology) to upload, use, etc. the information. Although consumers in general never read such contracts, often don't understand them when they do, and don't reject the deal when they do understand the contract (particularly when they can save money), the contract would probably be held to be valid and binding in the U.S.
The obvious solution is to legally forbid such practices. I suspect that in the face of efforts to outlaw the practice, corporations might support a legislative compromise allowing the practice, but requiring the type of "prominent" disclosure (e.g., bold face type of a minimum size, in a separate paragraph, on the front of the page, using clear language, etc.) required by various consumer credit laws. Not that such disclosures would as a practical matter make any difference.
I futher predict that when the issue again rears its ugly head, the Slashdot crowd will be divided between swashbuckling (and sometimes Ayn Rand worshiping) freedom of contract libertarians and privacy / consumer protection (and sometimes nanny-state) liberals.
Good point. However, while Nokia may be an European country: (a) the U.S. is a big market; and (b) EU law regarding data collection does not apply in the U.S. I have little doubt that EU would happily produce for the comparatively unregulated U.S. market cell phones and data collection technology that would be illegal in the EU.
Won't announcing the vulnerabilities cause them to be expoited??
Shouldn't Microsoft as a result slow down the security patch cycle?
A cell phone is not a PS2. Soldering a PS2 is trivial. I suspect that soldering a cell phone is non-trivial.
In addition, I don't know how many businesses will stay in business when that business is to circumvent copyright protection schemes and violate the DMCA -- while advertising that fact. Will some? Of course. Will be enough to cause problems to those who provide content to cell carriers? No.
By what? One person in 100,000?
Have you ever tried to solder the wiring of a cell phone... and still have it work?
If all Intel, ATT, etc., etc., have to worry about is people soldering their cell phones, they've won. And gotten a good laugh in the bargain.
Are you sure there is, and will be, no Linux support? I realize the link is not disposative. However, it indicates there may be Linux support that either hasn't been set forth in the web page yet, or is in progress.
I think that Open Source software has made tremendous strides and made great contributions. But it is perfectly possible that it has done so despite obvious free rider problems.
People have been charitable for thousands and thousands of years. Other people have been leaching for thousands and thousands of years, yet charity continues.
Marxism does not require everybody to be alturistic and unselfish. It simply requires enought capable people to be sufficiently alturistic and unselfish to sufficiently take care of those who are unable or unwilling to take care of themselves.
Sort of like Open Source software.
Well, if it is truly the "son of Jaz," then it looks like is should probably run under Linux.
No, the DSRC prototype initiative is NOT a prerequisite to introducing the proposed new roadway safety applications. None of the proposed safety applications require individual identification of a vehicle. An application could issue the planned alerts and warnings without specifying or identifying the vehicle or its owner. If you are issuing a warning about a road hazard, or that vehicle is going too fast to make an upcoming turn, the identity of the vehicle and of the owner are irrelevant.
What if the distribution of the patch is, as matter of emperical fact, what *causes* the development of the exploit? From the article:
Now I know that this looks like a call for security through obscurity (see also here), but it is an interesting point. It appears the argument is that but for the distribution of the patch, there woudn't have been an exploit. I don't know how often that is true, if ever. But it does appear worth investigation.
As to your last point, the article indicates that the issue is not finding a better way to install patches, but instead finding a better way to distribute them without, if possible, also disseminating information that can be exploited by black hats. Again, from the article:
Is this possible?
I can't address your "other reasons" because you don't specify what they are. I can, however, address the issue of "scarcity."
Scarcity still exists. With regard to Source Forge, bandwidth is limited and still costs money. With regard to Open Source and Free Software projects, the great and continuing scacity is that of time.
How do you want to spend your time? Playing with your children? Helping them with their homework? With you wife? Working for money?
Or working on an Open Source or Free software project that many people will download and use without making compensation or making a contribution? If the latter, I thank you, and I mean that sincerely. However, the problem of scarcity -- the scarcity of your time -- remains.
If WhenU.com is unhappy about Utah law, I can only imagine how they will respond if either the proposed Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK) Act or the Controlling Invasive and Unauthorized Software Act is passed and signed into law.
These bills have been covered by:
PC World
InfoWorld
ComputerWorld, and
TechNewsWorld