This reminds me of our experience with mysql.. they changed the license of their drivers (the jdbc driver, in this instance) to GPL from LGPL a while ago, and also affirmed a legal position (at least in their marketing materials) that using the now GPL library would require any application dynamically linking/loading it to also be GPL, with the exception of being able to buy licenses to a separate non-GPL'd commercial instantiation of the library.
I've been wondering for a while about the correctness of their idea here. It falls down in one key respect: an application that uses a JDBC driver is not a derivitive work of that driver. In almost all cases, you would use only the interfaces published by Sun, and hence your software would be a derivitive of Java, not MySQL's driver. There is therefore nothing that stops you from distributing your application with instructions telling the user how to download and install an appropriate driver. Or using the "mere aggregation" term of the GPL to distribute them together.
There is one small exception: the class name of the driver (which you must specify when opening the data source) and the format of the connection URL (specifically, the string "jdbc:mysql:") are derived directly from MySQL's code, and must be included in yours (unless you get the user to put them in a configuration file for you...). As these are functional items, however, and quite small, I find it hard to believe they would rise to the level of creativity required for a work to be subject to copyright. As a comparable, it has been held that the titles of books are not subject to copyright; the name of a class is very similar to this.
He'll come back to it sooner or later, I'm sure. It just might take him a while. I understand his problem with writing more... he's started with a beginning that promises a particular kind of ending, and it's hard to wrap your head around how he can get to that ending. That doesn't mean it's impossible, though, and I'll bet one day he'll come up with an answer...
The summary seems reasonable to me, if a little brief. Addressing your specific comments:
They did not call header and footer arbitrary or unnecessary. They questioned the implementation as to validity for printing.
About these tags (among others), they said: "It's not clear why these new elements in particular are necessary." This implies that they see them as unnecessary, and question why the particular set was chosen (i.e. that they consider the set arbitrary). "Arbitrary and unnecessary" is a perfectly reasonable summary of the sentiment of this sentence.
The printing issue is probably secondary; they are no better or worse for printing than the div/span tags that MS appear to prefer.
Basically the point MS seem to be making is that they see little value in standardizing the semantic markup of these (and other) elements. They appear to be approaching it from a rather limited perspective of browser implementation (whether traditional or of the screen-reader type), without considering that there may be other ways of processing the documents in question where the new tags make a lot more sense.
From reading the post, I see a lot of good insights into what might be an overly-cluttered and, in places, badly written standard. While there is always an element of Microsoft playing their own games, this does raise valid questions.
I don't see that. WHATWG had good reasons for including the tags they chose as semantic markup that extend beyond browser implementation concerns, and MS seem to be ignoring those reasons (which are well documented in the mailing list archives). There are one or two comments that make some sense (the date/time input field concern, that the format of date specifications passed as attributes to the tag does not allow specification of a timezone, is somewhat serious, and a lot of what they're saying about the application installation feature makes sense), but overall the impression I get is that they've failed to see the bigger picture.
This *is* the process for this. The HTML 5 spec is not even remotely close to being done. "Too late" does not apply.
Yes, it is. We're _already_ past the original target date for the release of the candidate specification (which was slated for June 09, according to the HTML working group's home page). AFAICT the latest plan was to have development of the spec wrapped up within the next month or two. Development began over 2 years ago. So I'd say "close to being done" is a fairly accurate assessment. Substantial contributions to the process from MS at this point will almost certainly delay it yet further.
That reminded me of the times I played Lemmings in my 386. Whenever i got bored or frustrated I would just put two lemmings in "guard" mode right where they came out into the level, and after getting them all packed into the 3 or 4 pixels left between the guards, I would hit the suicide button and watch all of those lemmings blow up. It was like fireworks! Pretty fireworks!
Wait... you mean that's not how lemmings was supposed to work?!
I think that aforementioned several sources are confusing dropping Vorbis/Theora as a required codec with dropping audio/video elements from HTML5 altogether.
The two might as well be the same. There is now no video codec that is supported by all browsers, meaning Flash is still the best option for playing videos.
You disagree with software patents, but this one's a-ok? That doesn't sound right.
I disagree with software patents, but this one is no worse than most, and plays by the established rules for them. I'd like to see those rules changed, but this is legally valid and well within the boundaries of normality.
Or maybe, just maybe it's about control of the applications that manipulates said documents, rather than MS wanting to protect their amazingly genius document format?
Yes, obviously nobody really cares about the _format_, and a format as such isn't patentable anyway. The patent concerns applications to manipulate documents, or more specifically to produce them, and that's clearly what MS has an interest in preventing.
Oh...! You mean kind of like <a name="chapter-1">text</a>? Yeah, that's definitely novel and non-obvious... To anyone who has never seen HTML.
No, the specific point is that it uses an open & close tag to start the bookmark, then another open & close one to end it. Presumably the intent is to allow bookmarks to be inserted without having to open and close formatting tags (e.g. <startbookmark name="bookmark1"/>some stuff with <b>formatting<endbookmark name="bookmark1"/> embedded in it</b>).
I broke into Manic Miner so I could change the title music. It had the best polyphonic tone generator I could find on the Spectrum.
I once tried to play Elite without using the jump drive. Turns out you don't actually move when you're not using it.
I used to play Doom II with the intent of minimizing the number of things I killed.
I built ships in Master of Orion that had huge numbers of the smallest missile launcher available and no defensive systems at all. Perhaps this isn't quite playing it outside of the way it was intended to be played, but the results could be quite amusing anyway.
Played GTA (the original, not the funky new 3D versions) by just sitting and driving along in traffic, trying not to attract police attention.
These cards seem to be ICAO compliant, so the biometrics cannot be changed unless you are able to break X509 certificate infrastructure or either RSA or ECC signatures or SHA-2 hashes. Come on guys, you can see the gold coloured chip logo for ICAO compliant ePassports right above the name of the name of the holder. Ian Grant (author of the article), you are a misinformed idiot.
Yes. The problem is that there's no central signing authority for ICAO documents. There's a central key repository, but my understanding is that most systems that check such documents _don't bother to validate the keys used to sign them_.
Also, many of the security features are optional and implementations do not complain if they are not present. Also there was a presentation at BlackHat Asia 2008 that showed that most readers only flag a small warning if the hash values on the chip don't match the data stored in the data files, and it seems likely that most operatives would ignore such a warning.
There's not much point using X.509 if you're just going to ignore the validity of the signatures...
Then maybe the real story here is how Microsoft has extended XML to include non-standard features, which they can implement in their own software while restricting third parties from implementing the same features...
Isn't this basically the point of patents? To give inventors monopolies on their inventions for a limited time?
Extending the use of it is what it was designed to do in the fist place.
Yes. But this doesn't stop any _particular_ extension from being innovative and therefore patentable. As much as I disagree with software patents, I don't actually see an awful lot wrong with this one. The format described in the patent has some interesting and non-obvious features, and a format would have to combine all of them to be infringing.
The 'hints' element particularly is something I don't suspect other applications have used before.
Also unusual and unlikely to have been used in other applications are bookmarking sections using a start bookmark marker and an end bookmark marker that are not the same tag (i.e. <startbookmark/>text<endbookmark/>), and including a text-only copy of the document without markup alongside the marked-up copy.
So, yeah, as software patents go this one isn't particularly bad, is the only real conclusion I can come to from actually, you know, reading it.
Processing.js is used to render Processing code, a subset of Java, not JavaScript
Processing code is _not_ a subset of Java. It's a language that has a Java-like syntax. Processing programs cannot be compiled by the Java compiler; Java programs cannot be compiled by the Processing compiler. Therefore, neither is a subset of the other.
IANAL, but that's not really true. They do have possession of email as it passes through. If I send Google a subpoena, then at least for 15-30 days they'd have to retain copies of all the responsive emails that they receive. But clearly that's not the case, otherwise I'd subpoena monthly the opposing party and get a continuous copy of their emails. Law firms can hire any number of outside agencies to handle privileged docs, e.g. paralegals from temp agency, graphic artists, etc and not lose privilege.
AIUI, in order to get a subpoena from a court, you must provide evidence that the party you wish to subpoena _already has_ the information you want from them. I don't believe it is possible to acquire a subpoena for information that does not yet exist. I also believe a subpoena can only force someone to reveal documents that they already have in their posession; it cannot be used to compel somebody to collect information that they would not otherwise collect.
Google's Postini is the the email service provider for many (most) of the nation's best and/or biggest lawfirms. (e.g. lookup the mx records of steptoe.com, chadbourne.com, perkinscoie.com, gibsondunn.com, bakernet.com, dlapiper.com, whitecase.com, sidley.com, mayerbrown.com). All *.psmtp.com.
Although it's impossible to tell whether they're just using the spam/virus filtering service or they're using the full service including message archiving. The former would be no problem at all from a subpoena point of view as google don't hold the messages after processing so would have nothing to produce.
Hmmm Virgin Media must have updated their T&Cs recently without notifying me. They announced they're outsourcing all email to google.
"G. Your details and how we look after them 7. By having our services activated in your home and/or by using them you consent to our transferring your information to countries which do not provide the same level of data protection as the UK if necessary for providing the services. If we do make such a transfer, we will put a contract in place to ensure your information is protected."
There. Fixed it for you. Works better if the VM server has a high volume entropy source, but even if not it is still pretty damn good.
Except this is somewhat harder to do if you're running a service where you provide virtual machines that run OS images from unknown sources, that could be running basically any OS/distribution the user wishes, with the image using practically any file system that has ever been designed. Sure, if you limit your service so it can only run images that are based on ext3 and conform to the linux file system standard you can do this. But that's not the business most of these services (e.g. Amazon EC2) are in.
is that it doesn't exist. It's a farce, a meaningless buzzword, just like web 2.0.
A more appropriate word would be servers.
You miss the point. We aren't talking about servers, and any ordinary server-provision system wouldn't have the problem highlighted in TFA. We are talking about servers that are initialised on-demand, with a pay-by-the-hour pricing model, so that individual OS installations typically only run for a few hours at a time before being shut down and essentially wiped back to the base installation image. That's a model that's different enough from traditional virtual hosting that it warrants a different name, and while I think "cloud computing" is a _ridiculous_ name, it's the name the model's ended up with.
This is not a "cloud" problem. This is a virtual server and image problem. Clouds have nothing to do with virtual servers. If you use a service like NewServers.com, you can get dedicated physical servers for your cloud, on-demand and at hourly prices.
Expanding on the other answer you've, here's the basic problem:
I can take a virtual server, install an image with a well-known PRNG seed in it, and use it for a little while. While it's used the PRNG is updated by entropy in an unpredictable way, resulting eventually in a virtual server image that produces effectively random numbers. When I shut it down the entropy pool is stored in its disk image, and reread when I start it up again. There is a small problem, but it goes away after a little while.
That isn't the usage model for "cloud" servers, however. In a cloud environment, e.g. Amazon EC2, the servers are quite likely to run for only a few hours at a time (because you start them up when you need extra capacity, and stop them when you no longer need that capacity), so the image has no time to accumulate much entropy, and worst of all when you shut it down _the data on the OS image, including the entropy pool, is lost_. The basic model is that you have many servers, all sharing a read-only base disk image. The problem occurs each time you start up a new host, which can be quite frequently.
Now, you could modify your images to stick their entropy pools in permanent storage (e.g. Amazon S3), but then you'll need some mechanism to prevent two servers from starting up with the same entropy pool, which is a non-trivial problem to solve, and I'll bet that very few EC2 users have thought to do it (I certainly didn't when I trialled EC2 a few months ago).
If you "need" cloud computing, then you're bright enough to install an entropy daemon on one of the machines and maybe even slap a hardware-based RNG on it (probably worth sourcing a VIA or similar just for this purpose, to be honest). It's not hard.
Err... yes, it is. Where does your entropy daemon get its entropy from? How do you install the hardware given that you're running in a VM hosted on somebody else's machine, located in somebody else's datacentre? This is an issue that can only be solved by the service providers, not the users of the service.
BTW, it's absolutely the wrong solution to get entropy from another source on the network (for many reasons, but one is that you can't do a secure HTTPS handshake without, you guessed it, unguessable random numbers). The whole point here is that we are looking for a way for 500 Linux instances on EC2 to have different entropy pools before the kernel completes boot.
If we're talking about a VM, what's wrong with setting up a point-to-point link with the host machine and accessing an entropy source over that, with no HTTPS handshake necessary?
Can you link binary made from GPL'd code dynamically to non-GPL'd library? I would guess yes.
No. The GPL does not distinguish static and dynamic linking; the requirements of distributing source code for linked libraries still apply. The major difference between the GPL and LGPL is that this is permissible with LGPL projects.
And another question. If you need iPhone SDK (or whatever) from Apple to compile your GPL'd code to binary, are you linking anything statically from the SDK? And if yes, is SDK GPL'd and if not, isn't this in violation of the GPL?
No. The GPL specifically states that "the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable." The SDK is clearly a "major component" under this definition, and hence is excluded from the requirement that it be redistributed in source form along with the software.
If this weren't the case, you wouldn't be able to compile GPL software with any compiler that uses a non-GPL standard library, which would mean GPL wasn't viable on Windows, where even gcc compilers like MinGW link against MS's libraries.
Slashdot Mirror
This reminds me of our experience with mysql.. they changed the license of their drivers (the jdbc driver, in this instance) to GPL from LGPL a while ago, and also affirmed a legal position (at least in their marketing materials) that using the now GPL library would require any application dynamically linking/loading it to also be GPL, with the exception of being able to buy licenses to a separate non-GPL'd commercial instantiation of the library.
I've been wondering for a while about the correctness of their idea here. It falls down in one key respect: an application that uses a JDBC driver is not a derivitive work of that driver. In almost all cases, you would use only the interfaces published by Sun, and hence your software would be a derivitive of Java, not MySQL's driver. There is therefore nothing that stops you from distributing your application with instructions telling the user how to download and install an appropriate driver. Or using the "mere aggregation" term of the GPL to distribute them together.
There is one small exception: the class name of the driver (which you must specify when opening the data source) and the format of the connection URL (specifically, the string "jdbc:mysql:") are derived directly from MySQL's code, and must be included in yours (unless you get the user to put them in a configuration file for you...). As these are functional items, however, and quite small, I find it hard to believe they would rise to the level of creativity required for a work to be subject to copyright. As a comparable, it has been held that the titles of books are not subject to copyright; the name of a class is very similar to this.
He'll come back to it sooner or later, I'm sure. It just might take him a while. I understand his problem with writing more... he's started with a beginning that promises a particular kind of ending, and it's hard to wrap your head around how he can get to that ending. That doesn't mean it's impossible, though, and I'll bet one day he'll come up with an answer...
The summary seems reasonable to me, if a little brief. Addressing your specific comments:
They did not call header and footer arbitrary or unnecessary. They questioned the implementation as to validity for printing.
About these tags (among others), they said: "It's not clear why these new elements in particular are necessary." This implies that they see them as unnecessary, and question why the particular set was chosen (i.e. that they consider the set arbitrary). "Arbitrary and unnecessary" is a perfectly reasonable summary of the sentiment of this sentence.
The printing issue is probably secondary; they are no better or worse for printing than the div/span tags that MS appear to prefer.
Basically the point MS seem to be making is that they see little value in standardizing the semantic markup of these (and other) elements. They appear to be approaching it from a rather limited perspective of browser implementation (whether traditional or of the screen-reader type), without considering that there may be other ways of processing the documents in question where the new tags make a lot more sense.
From reading the post, I see a lot of good insights into what might be an overly-cluttered and, in places, badly written standard. While there is always an element of Microsoft playing their own games, this does raise valid questions.
I don't see that. WHATWG had good reasons for including the tags they chose as semantic markup that extend beyond browser implementation concerns, and MS seem to be ignoring those reasons (which are well documented in the mailing list archives). There are one or two comments that make some sense (the date/time input field concern, that the format of date specifications passed as attributes to the tag does not allow specification of a timezone, is somewhat serious, and a lot of what they're saying about the application installation feature makes sense), but overall the impression I get is that they've failed to see the bigger picture.
This *is* the process for this. The HTML 5 spec is not even remotely close to being done. "Too late" does not apply.
Yes, it is. We're _already_ past the original target date for the release of the candidate specification (which was slated for June 09, according to the HTML working group's home page). AFAICT the latest plan was to have development of the spec wrapped up within the next month or two. Development began over 2 years ago. So I'd say "close to being done" is a fairly accurate assessment. Substantial contributions to the process from MS at this point will almost certainly delay it yet further.
At ED you can never be entirely sure. Even if it is today, tomorrow it might not be...
That reminded me of the times I played Lemmings in my 386. Whenever i got bored or frustrated I would just put two lemmings in "guard" mode right where they came out into the level, and after getting them all packed into the 3 or 4 pixels left between the guards, I would hit the suicide button and watch all of those lemmings blow up. It was like fireworks! Pretty fireworks!
Wait... you mean that's not how lemmings was supposed to work?!
Wouldn't this be better to be made as a java library of some form that allows for java applets to have direct access to opengl in browser?
You mean like this?
BTW re: javascript, I find that browsers crash a lot less with it turned off.
Funny. I don't remember the last time I had a browser crash while using a non-beta browser.
I think that aforementioned several sources are confusing dropping Vorbis/Theora as a required codec with dropping audio/video elements from HTML5 altogether.
The two might as well be the same. There is now no video codec that is supported by all browsers, meaning Flash is still the best option for playing videos.
You disagree with software patents, but this one's a-ok? That doesn't sound right.
I disagree with software patents, but this one is no worse than most, and plays by the established rules for them. I'd like to see those rules changed, but this is legally valid and well within the boundaries of normality.
Or maybe, just maybe it's about control of the applications that manipulates said documents, rather than MS wanting to protect their amazingly genius document format?
Yes, obviously nobody really cares about the _format_, and a format as such isn't patentable anyway. The patent concerns applications to manipulate documents, or more specifically to produce them, and that's clearly what MS has an interest in preventing.
Oh...! You mean kind of like <a name="chapter-1">text</a>? Yeah, that's definitely novel and non-obvious... To anyone who has never seen HTML.
No, the specific point is that it uses an open & close tag to start the bookmark, then another open & close one to end it. Presumably the intent is to allow bookmarks to be inserted without having to open and close formatting tags (e.g. <startbookmark name="bookmark1" />some stuff with <b>formatting<endbookmark name="bookmark1" /> embedded in it</b>).
I broke into Manic Miner so I could change the title music. It had the best polyphonic tone generator I could find on the Spectrum.
I once tried to play Elite without using the jump drive. Turns out you don't actually move when you're not using it.
I used to play Doom II with the intent of minimizing the number of things I killed.
I built ships in Master of Orion that had huge numbers of the smallest missile launcher available and no defensive systems at all. Perhaps this isn't quite playing it outside of the way it was intended to be played, but the results could be quite amusing anyway.
Played GTA (the original, not the funky new 3D versions) by just sitting and driving along in traffic, trying not to attract police attention.
Struggling to think of any more right now.
These cards seem to be ICAO compliant, so the biometrics cannot be changed unless you are able to break X509 certificate infrastructure or either RSA or ECC signatures or SHA-2 hashes. Come on guys, you can see the gold coloured chip logo for ICAO compliant ePassports right above the name of the name of the holder. Ian Grant (author of the article), you are a misinformed idiot.
Yes. The problem is that there's no central signing authority for ICAO documents. There's a central key repository, but my understanding is that most systems that check such documents _don't bother to validate the keys used to sign them_.
Also, many of the security features are optional and implementations do not complain if they are not present. Also there was a presentation at BlackHat Asia 2008 that showed that most readers only flag a small warning if the hash values on the chip don't match the data stored in the data files, and it seems likely that most operatives would ignore such a warning.
There's not much point using X.509 if you're just going to ignore the validity of the signatures...
Then maybe the real story here is how Microsoft has extended XML to include non-standard features, which they can implement in their own software while restricting third parties from implementing the same features...
Isn't this basically the point of patents? To give inventors monopolies on their inventions for a limited time?
Extending the use of it is what it was designed to do in the fist place.
Yes. But this doesn't stop any _particular_ extension from being innovative and therefore patentable. As much as I disagree with software patents, I don't actually see an awful lot wrong with this one. The format described in the patent has some interesting and non-obvious features, and a format would have to combine all of them to be infringing.
The 'hints' element particularly is something I don't suspect other applications have used before.
Also unusual and unlikely to have been used in other applications are bookmarking sections using a start bookmark marker and an end bookmark marker that are not the same tag (i.e. <startbookmark />text<endbookmark />), and including a text-only copy of the document without markup alongside the marked-up copy.
So, yeah, as software patents go this one isn't particularly bad, is the only real conclusion I can come to from actually, you know, reading it.
Processing.js is used to render Processing code, a subset of Java, not JavaScript
Processing code is _not_ a subset of Java. It's a language that has a Java-like syntax. Processing programs cannot be compiled by the Java compiler; Java programs cannot be compiled by the Processing compiler. Therefore, neither is a subset of the other.
IANAL, but that's not really true. They do have possession of email as it passes through. If I send Google a subpoena, then at least for 15-30 days they'd have to retain copies of all the responsive emails that they receive. But clearly that's not the case, otherwise I'd subpoena monthly the opposing party and get a continuous copy of their emails. Law firms can hire any number of outside agencies to handle privileged docs, e.g. paralegals from temp agency, graphic artists, etc and not lose privilege.
AIUI, in order to get a subpoena from a court, you must provide evidence that the party you wish to subpoena _already has_ the information you want from them. I don't believe it is possible to acquire a subpoena for information that does not yet exist. I also believe a subpoena can only force someone to reveal documents that they already have in their posession; it cannot be used to compel somebody to collect information that they would not otherwise collect.
This is amazingly exploitable. It even lets you inject arbitrary html in the query.
So? What can you achieve by doing this?
Google's Postini is the the email service provider for many (most) of the nation's best and/or biggest lawfirms. (e.g. lookup the mx records of steptoe.com, chadbourne.com, perkinscoie.com, gibsondunn.com, bakernet.com, dlapiper.com, whitecase.com, sidley.com, mayerbrown.com). All *.psmtp.com.
Although it's impossible to tell whether they're just using the spam/virus filtering service or they're using the full service including message archiving. The former would be no problem at all from a subpoena point of view as google don't hold the messages after processing so would have nothing to produce.
Hmmm Virgin Media must have updated their T&Cs recently without notifying me.
They announced they're outsourcing all email to google.
"G. Your details and how we look after them
7. By having our services activated in your home and/or by using them you consent to our transferring your information to countries which do not provide the same level of data protection as the UK if necessary for providing the services. If we do make such a transfer, we will put a contract in place to ensure your information is protected."
(Virgin's T&Cs)
As part of cloning the image just do this:
dd if=/dev/urandom of=/target/var/lib/urandom count=1 bs=4096
There. Fixed it for you. Works better if the VM server has a high volume entropy source, but even if not it is still pretty damn good.
Except this is somewhat harder to do if you're running a service where you provide virtual machines that run OS images from unknown sources, that could be running basically any OS/distribution the user wishes, with the image using practically any file system that has ever been designed. Sure, if you limit your service so it can only run images that are based on ext3 and conform to the linux file system standard you can do this. But that's not the business most of these services (e.g. Amazon EC2) are in.
is that it doesn't exist. It's a farce, a meaningless buzzword, just like web 2.0.
A more appropriate word would be servers.
You miss the point. We aren't talking about servers, and any ordinary server-provision system wouldn't have the problem highlighted in TFA. We are talking about servers that are initialised on-demand, with a pay-by-the-hour pricing model, so that individual OS installations typically only run for a few hours at a time before being shut down and essentially wiped back to the base installation image. That's a model that's different enough from traditional virtual hosting that it warrants a different name, and while I think "cloud computing" is a _ridiculous_ name, it's the name the model's ended up with.
This is not a "cloud" problem. This is a virtual server and image problem. Clouds have nothing to do with virtual servers. If you use a service like NewServers.com, you can get dedicated physical servers for your cloud, on-demand and at hourly prices.
Expanding on the other answer you've, here's the basic problem:
I can take a virtual server, install an image with a well-known PRNG seed in it, and use it for a little while. While it's used the PRNG is updated by entropy in an unpredictable way, resulting eventually in a virtual server image that produces effectively random numbers. When I shut it down the entropy pool is stored in its disk image, and reread when I start it up again. There is a small problem, but it goes away after a little while.
That isn't the usage model for "cloud" servers, however. In a cloud environment, e.g. Amazon EC2, the servers are quite likely to run for only a few hours at a time (because you start them up when you need extra capacity, and stop them when you no longer need that capacity), so the image has no time to accumulate much entropy, and worst of all when you shut it down _the data on the OS image, including the entropy pool, is lost_. The basic model is that you have many servers, all sharing a read-only base disk image. The problem occurs each time you start up a new host, which can be quite frequently.
Now, you could modify your images to stick their entropy pools in permanent storage (e.g. Amazon S3), but then you'll need some mechanism to prevent two servers from starting up with the same entropy pool, which is a non-trivial problem to solve, and I'll bet that very few EC2 users have thought to do it (I certainly didn't when I trialled EC2 a few months ago).
If you "need" cloud computing, then you're bright enough to install an entropy daemon on one of the machines and maybe even slap a hardware-based RNG on it (probably worth sourcing a VIA or similar just for this purpose, to be honest). It's not hard.
Err... yes, it is. Where does your entropy daemon get its entropy from? How do you install the hardware given that you're running in a VM hosted on somebody else's machine, located in somebody else's datacentre? This is an issue that can only be solved by the service providers, not the users of the service.
BTW, it's absolutely the wrong solution to get entropy from another source on the network (for many reasons, but one is that you can't do a secure HTTPS handshake without, you guessed it, unguessable random numbers). The whole point here is that we are looking for a way for 500 Linux instances on EC2 to have different entropy pools before the kernel completes boot.
If we're talking about a VM, what's wrong with setting up a point-to-point link with the host machine and accessing an entropy source over that, with no HTTPS handshake necessary?
Can you link binary made from GPL'd code dynamically to non-GPL'd library? I would guess yes.
No. The GPL does not distinguish static and dynamic linking; the requirements of distributing source code for linked libraries still apply. The major difference between the GPL and LGPL is that this is permissible with LGPL projects.
And another question. If you need iPhone SDK (or whatever) from Apple to compile your GPL'd code to binary, are you linking anything statically from the SDK? And if yes, is SDK GPL'd and if not, isn't this in violation of the GPL?
No. The GPL specifically states that "the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable." The SDK is clearly a "major component" under this definition, and hence is excluded from the requirement that it be redistributed in source form along with the software.
If this weren't the case, you wouldn't be able to compile GPL software with any compiler that uses a non-GPL standard library, which would mean GPL wasn't viable on Windows, where even gcc compilers like MinGW link against MS's libraries.