To think "Microsoft is supporting OSS" = "Microsoft is supporting Linux" is to commit a grievous logical error. OSS includes lots of applications and infrastructure that runs on Windows and MS Platforms.
Our patch uninstalls itself when you apply the MSFT patch, whenever it shows up. And the eEye patch isn't a memory patch, but a patch to a copy of the JScript.DLL file that prevents passing of the exploit to the vulnerable component in MSHTML.DLL.
70,000 downloads so far and no reported bugs...Just for the record, Derek Soeder is the best coder I've ever seen.
Actually, that's the way the Determina patch works. Our patch works differently than a memory patch; it actually makes a copy of the JScript.dll file and prevents it from passing the malicious code to MSHTML.DLL.
The source code is available at www.eeye.com if you want to review it or have any questions about the approach, send a note to alerts (at) eeye.com for the research team to respond.
They will be different - the patch we created at eEye actually is quite different from the Determina patch. The eEye patch generically fixes the JScript.dll file to prevent the exploit from being passed to the MSHTML.DLL file, while the Determina patch injects a memory patch into every process calling the vulnerable DLL. Microsoft's patch will most likely be a correction to the actual vulnerability in the MSHTML.DLL file (or so we hope...)
Better than 4/5ths of venture capital funded projects don't make any money, but the 1/5th that do make enough money to pay for the 80% that lost everything and return a substantial profit to the VC fund and it's investors.
Movies are the same way. For every 2 'Catwoman' s that crap out at the box office, there is a 'Spiderman 2' that earns back the money and pays for the Litterbox. It's their business model - it's as stupid as a VC claiming they need protection because 80% of their investments lose money!
I have this rule that hasn't failed me yet: Never run away from something, but always run to something.
If you are unhappy for reasons other than the money AND you have a reasonable belief that the new employer will challenge you more, allow more quality of life, etc. then don't take the counter offer - take the new job.
If you are unhappy for reasons other than the money and you DO NOT have a reasonable belief that the new employer will satisfy you more; if you don't know or haven't done your homework, if you are interested 'just to get away' from your employer, etc - don't take the new job.
The market has spoken, in effect, with a validation of what you are worth. Stop and look around a bit before making a decision - you might be able to find the job you want that matches the salary you want as well.
RMS condemns it? Hey, that means enterprise CIO's are gonna buy it in droves!
Seriously, this does pervert the hell out of the 'free as in liberated' concept; it would have been much, much more clever for them to call it Microsoft Linux. Sales would have gone through the roof once the lemmings saw that!
The author of this piece is a tad misleading about the reality of lemon laws - a lemon law prohibits exemption from liability when the product fails to perform in the primary manner for which it was designed, not that the product is error free.
For example, if your car has a transmission that regularly falls out every time you try to put it in gear, it is a lemon. However, if the error in manufacturing doesn't impede the primary purpose of the vehicle, such as a cosmetic problem, lemon laws don't apply. Typically, if the problem is pervasive or impacting customers badly, they issue a service bulletin and fix it.
Lemon laws for software is a good idea if implemented in this form - if SQL Server fails at the basic function of keeping data in tables, it rightly should face liability for failing to perform as intended. If SQL Server has an error in a wizard that does minor administration but the commmand line still works, that isn't critical to the functionality, just critical to user satisfaction.
Bottom line: If the bugs are bad enough to keep the product from working at the core tasks it was designed for, liability should be there. If the bugs are minor, correctible and/or cosmetic, no liability should exist.
De Facto - A standard created by market consensus that is based on the dominate standard in the marketplace, see also "What people buy"
De Jure - A standard created by a committee seeking to create a standard that is inclusive enough to be practical, yet specific enough to ensure quality, see also "What has little impact on the world"
The very premise in this original post belies an naive view on what purposes standards bodies serve - they exist to clean up older technology, often for the express purpose of making older technology a safer foundation to build on. They have little bearing on innovation and the creation of new standards.
Quick Quiz - name a standard that was established before it was implemented in the market as a de jure standard (disclaimer - 'process' standards like ISO 9002 don't count, they don't really exist in nature).
Dang, it gets hard to read Slashdot at times - Soft Wifi is a really great idea that will work and the suckerpunch underlying all of it is the general reluctance of the open source community to innovate on things that drive the market.
Want to make Linux succeed on the desktop? Move as much cost of intelligence for devices like networking cards, USB, sound, etc. into the OS and innovate on driving that cost out of these markets. When a fully loaded desktop PC costs $100's less than a Windows PC AND contains innovations that I can't get on Windows, then you will see switching behavior.
Making Linux as good as Windows is a recipe for disaster and hubris. Make it better.
Until ISP's can deploy differentiated class of service offerings with tiered pricing, don't expect broadband to be flying across the market. The problem isn't technical, its business.
10.5 million cable users. Current capacity is roughly 2 million users before you have brownouts across the routers they use to connect the cable end to the backbones (aggregate). Need to get average subscriber rates up to around $80 a month.
The trick will be getting differentiated class of service. Want VPN? Get your employer to cough up the extra $30 a month. Want a static ip? An extra $10.
Information wants to be free, but the deliveryman wants his fee.
Nice assumption. Do you actually know any priests?
I do and the vast majority of them are dedicated, devoted workers who have given their life to improve the social conditions of the poor, provide comfort and support to the grieving and to help others find meaning in life. Take any organization with more than 700,000 employees and you are going to find some that abuse power, some that break the law and some that are hypocrits, but for the vast majority of priests, they have dedicated their lives to improving the world.
We should be critical of the closed nature of communication around misconduct in the Church, but to claim that they are 'oppressed' by their religion is making an illogical extension to an argument unsupported by data.
Your premise that "to truly be theft, it must take away from a party. This is not the same as just taking without the "away" part" is incorrect. Loss of scarcity is a form of theft, if an object has value because of it's scarcity. Stealing identities is theft because an identity has value because it belongs to one person.
You are correct in stating that the Mplayer folks stole from the open source community in that they removed the right for downstream innovation by not releasing source code. However, the form of that theft is both in removing the rights of the community to develop AND in removing the scarcity rights preserved by the author to force downstream innovation (that is, the authors reserved right to force openness, which the prime author held alone over all downstream authors).
Semantic point? Yes, but an important one in that your posts, while arguably correct in result, get there through murky premises that detract from your argument, saving throw or not.
Because of its robustness, modularity and stability, Linux is highly able to replace Solaris, HP-UX and AIX type licensed OS's in the enterprise. The people who buy these systems buy them to get the best technical solution to their problems and consider cost of ownership, which is high in any OS choice given the task, secondarily.
Trying to get Linux to beat Windows on the desktop is fighting yesterday's battle. Want to kill Microsoft? Sap it's growth, which is in server OS's and embedded systems (XBox, Pocket PC, etc.)
The amount of energy spent by the development community in trying to be the next Microsoft is astounding, but very few vocal developers seem to even focus on what Microsoft is trying to become.
To borrow a phrase from the Old West, "Cut 'em off at the pass" and focus on making an OS that runs devices better than Windows ever will, an OS that runs DB2 and Oracle better than any other and an OS that can be extended and integrated with server side applications at compile time with more ease.
If you take away Microsoft's revenue growth, you take away their stock price. Take away their stock price and you take away their monopoly.
Easy with the assumptions, someone could get their panties in a knot. I said digital computers and pointed at the mainframe systems to make a point about mass market effects on innovation driven systems. The typewriter division, while innovative, wasn't facing the same innovation driven threats or ecosystem dynamics that affect the industry now.
IBM was started by Herman Hollerith as a result of the Computing and Tabulating Company. I know they existed prior to 1961 and the introduction of the S/360 platform. I've been the private museum in New York and seen the original tabulating machine, as well as their Babbage engines and an original pascal calculator. I worked for IBM for several years.
Good lord, I would kill any company that I was a shareholder of if they made decisions for any other reason than the efficacy of the technology in controlling costs and improving revenue.
Of course it's about the money. It's about freakin' time it was about the money, given their historic performance.
Want someone to love you for your OS choices? Visit Linuxsex.org, otherwise, adapt.
I saw a couple of comments, even from Rob, that seemed to say, "We've seen this before" in regards the Amazon announcement. I would like to submit that Amazon's announcement matters, not because of their company size, but because of how they behave. They are not early adopters or innovators, they are a technology risk averse company that bets their business on technology. In short, Amazon illustrates the critical tension facing both the Linux community and Microsoft.
There has never been a technology company to last for more than 20 years on a single family of technologies, and, more to the point, the failure of technology companies has never come from having their dominance in what they do well attacked. Technology companies fail because someone else steals their avenues of growth.
If you look at IBM, it went through waves of changes, starting in the digital age with mainframes, which dominated the marketplace from 1960-1980; selling to enterprise customers digital computers that would dramatically change their business. It saturated the enterprise with mainframes by 1980 and had, starting in the 70's, tried to maintain their growth rate by selling mainframes to middle market (500-5000 employee) companies who had not purchased mainframes.
Along came Digital Equipment Corporation, with the VAX, which just completely took that midrange market by storm, sapping the growth from IBM. IBM built the PC and launched a new market targeted at small business, but Apple, Compaq and a host of clones sought that market and, in the past 15 years, largely took that growth away from IBM.
IBM has been growing it's services business and it is paying off, driving an increasing portion of revenue. They are in year 8 of fantastic growth, but already, they are making noise about trying to sell services to businesses in the middle market; a sure sign that something else is about to come along to meet that need.
Why the history lesson? Because it illustrates the fundamental forces at work that are affecting the Linux and the Microsoft worlds.
The technology industry is characterized by several constraining forces; the innovation force, that seeks the best solution for a given problem, and leverage, the drive to extend technologies from one market to another to extract the best return on investment for that innovation.
Best solution is a subjective term, but in this case, it refers to the solution that is most applicable to a given problem, with the required supportive ecosystem around it and with the lowest cost of aquisition and the cost of ownership over the life of the technology. Hold onto those four points, they will become important.
Microsoft truly came up with the best solution for desktop productivity. Windows was a unique technology in that it brought the ease of use of the macintosh (meeting the test of applicability) that had the lowest cost of acquisition (OEM pricing included it with the computer), the required ecosystem (cheap PC's, compared to expensive proprietary Apples) and a decent cost of ownership (compared to the alternatives at the time, like DOS, which required extensive training).
Fast forward to today. Microsoft is now limited by the slowing growth rate of the personal computer industry, so it seeks to adapt its technology to other markets, in the name of leverage (internally) or compatibility (externally). So we see Windows in the Pocket PC format, where it is touted as an embedded system for extending the productivity brought by your PC. This embedded systems market is large, and fractious, as it extends from cell phones to pda's to robotic industrial arms to game consoles.
Linux is a contender for this market, using our criteria of best. Linux has the best applicability, as it is a modular OS that is compiled for the specific use. Want to use it in a robotic arm? Ditch the graphics processor and X-windows, strip it down to just what you need. Cell phone? Take out large portions of the OS that support complex sound and graphics, devices, hard drives, etc. Game console? Build up the graphics processor support and sound, device drivers and ethernet, get rid of the general use stuff that isn't needed for running really fast games.
Windows isn't nearly as modular, you can turn off functions, but it causes the OS to behave in funny ways because it was never meant to have these things turned off. So, Linux wins the applicability aspect of it.
As far as supportive ecosystem, this is where the battle really lies for embedded systems. Microsoft has brought it's armada of partners to the Pocket PC, to the XBox and to other embedded system projects, but these partners suffer from the same applicability problems that Microsoft faces. Do you really need MS Money running on your PDA, or would a simpler checkbook program that can interface with MS Money easily be better? Do you really need MS Access running on the PDA, or could a simpler program do the trick more efficiently.
In general, it is always more advantageous for the customer and more costly to the provider to innovate for a specific use than to stretch innovations across uses. As the embedded systems market grows, the viability of applications in this space will grow along with it, especially as standards for hardware coalesce.
Between Windows and Linux, the ecosystem criteria is a tie for now, but what about cost?
For manufacturers of hand held devices and specialty use devices, like game consoles, cost is a primary concern. When you are building super computers, the cost per component is a moot point, but for consumer goods, it becomes paramount. Cost of aquisition for Linux is not, as commonly percieved, zero - there is a cost in modifying the OS to get what you need and the cost of support, which is the very business model of Red Hat, but it is substantially lower than the cost of aquiring OS licenses from Microsoft.
Cost of ownership is another issue, as Linux isn't as remotely upgradable yet as it needs to be for these uses, but that innovation is coming for both Microsoft and Linux in time.
Over all, looking at just the embedded device market, Linux presents a credible threat to Microsoft, sapping the growth rate needed out of this marketplace that would have gone to the Windows hegemony as Microsoft tried to leverage it's existing innovation.
Looking at the server market, it is more bleak for Microsoft. In short, Linux wins the applicability (due to customization capabilities - want a fast database server? Build the OS to specifically run the database). Linux loses the ecosystem argument for now, but ecosystems are far less important the more you move away from mass production markets; this one is shifting towards Linux rapidly. Linux wins the cost of aquisition aspect hands down and cost of ownership is being proven to be the Achille's heel of Microsoft.
If Linux saps away a significant portion of Microsoft's growth, what impact does that have on the company? Microsoft, even in this down economy has a P/E ratio of 51. This means that a tremendous expectation of earnings growth is built into the company's stock price and if that growth doesn't materialize, the stock is in jeopardy. Microsoft stock is priced in the market expecting a 30% growth rate in earnings. If their market growth is capped by competition, they will need to cut costs and raise prices in their existing markets to keep the stock price up, which will exacerbate the situation. In short, the embedded systems market and the server market represent two rocks, and their shareholder expectations are the proverbial hard place.
So what if the stock drops? Microsoft has underpaid it's employees by as much as 30% compared to market wages, compensating them with stock options. Lose the option value and the operating expense for the company goes up 17%, further depressing earnings, or they lose employees. The dastardly side of losing employees is what IBM learned - when a company is in trouble, the highly valued employees (ie. the ones that can get other employement quickly), scatter first, leaving the undesirables behind to screw things up.
Additionally, losing the stock value takes Microsoft's credit card away. Microsoft has, to a large extent, built it's new businesses through acquisition of other technology companies (webTV, Foxpro, Great Plains, etc.) and the ability to swallow new technologies on credit (stock given away in exchange for future accretive earnings) goes away, leaving them with the challenge of paying cash, which is abhored by Wall Street for a variety of reasons (screws with earnings, risk no longer tracks reward during the acquisition process, etc.)
So, where does this leave us? The PC market is a graveyard, software for consumers is relegated to games and utilities and the whole IT industry is in a slump. Microsoft is a big, fat juicy target for a lot of IT directors looking to cut costs and, as Geoffrey Moore pointed out, markets shift when the early majority customer base makes their move. Amazon is clearly not an early adopter or an innovator (in the sense of the Moore term). Where there is one early majority customer, there are typically many many others at work.
Want to beat Microsoft? Give up on the wasted energy behind creating a better desktop; there is no growth in that market to do any real damage to Microsoft. Instead, build a better Xbox with Linux, build a better PDA, build a better server (oops, already there) and sap the growth from the company. The efforts in the Linux community to innovate is best exerted in the direction of markets to come, not markets that are.
All licensing models are a double edge sword; in order to get some protection you have to give up the ability to use the licenses in some situations. The difficulty in licensing discussion is in determining whether what you gave up is worth the protection you gained.
Closed source licenses basically state to the market, and development community as well, that the owner of the license believes they have the resources internally to create a product that the market will want (as measured by use, not necessarily revenue). In the typical EULA, much of the restrictions of use prohibit things that impact revenue, but much of it prohibits inspection of the internal workings. This is a strategy to prevent sharing of technology, which is a choice the these license holders use.
GPL and LGPL licenses make these same choices, but my issue with these licenses are:
Never create a policy with a person in mind - It appears that much of the GPL license was oriented towards a black and white world of Microsoft vs. Everyone, which doesn't track with reality, where there is clearly shades of gray. In the current form of the GPL license, it prevents existing *nix vendors from easily getting a green light to port needed portions of historical code, especially code that gives stability and manageability to the Linux/GPL code base.
The GPL license was written more as a manifesto than a legal document and it contains loopholes, due to the lack of clarity of the language, that a truck could drive through. In the Vidomi/VirtualDub brouhaha that is current going on, clearly the issue at hand is the non-specificity of the language of the GPL license terms. In order to have a viable license, it must be based on legally testable language and, in its current form, the GPL and LGPL license terms are likely to be ruled against in court, creating a case law history that could be very damaging to open source.
The FSF, while correct in spirit, seems to abhore inspection of the license - This one is based on personal experience and I would love to hear others experiences, but our firm was doing work for a large, established hardware vendor that owns a license for a variant of Unix that has been heavily modified to squeeze out power from the hardware. They had asked us to evalutate the GPL license to discover if there was a way they could open the source code for some of their code, with the intent of releasing it to the community; however, they wanted to understand the terms of the GPL and LGPL better before moving forward. I called the FSF and inquired as to some of the license terms and was promptly accused of "trying to find a way to subvert the license"! Such histrionic reactions to inquiry indicate that the document, while admirably in spirit, won't stand to inspection in court and hence, represents a real risk to users of it. The lack of open dialogue on the GPL/LGPL with the FSF, especially dialogue that tests the limits of the license, ultimately hurts the idea of open sourcing.
I guess my expectations of the GPL/LGPL are probably too high, given the relative age of the license language, but I do fear a legal test of it.
They say in every experience you either get what you wanted or you get wisdom. Future legal tests of the GPL license will probably bring more wisdom to the FSF and open source movement, rather than what they want.
Um, using Entropy to explain copyright and IP issues? That's a stretch and fundamentally wrong on a basic premise
Nitrogen particles are basic elemental particles. So are bits. If you want free bits, you can have them all you want.
However, if you want bits in a pattern that has value, you must realize that a work effort went into creating that value. To take the pattern of bits by saying they are only bits is akin to taking a car for free, saying it is only bits of iron, hydrogen, carbon and other elements - that is, stealing.
The fundamental flaw in "Information wants to be free", besides the anthropomorphising of a concept, is focusing on the cost of duplication. The cost behind information is in assembling the pattern that makes it relevant, which does carry a labor cost. To say "no one can own it" is akin to saying "No one can own the earth", a concept that only works when everyone agrees with it, which for the record, not very many people do anymore.
If you want information to be free, be prepared to do away with your possession as well. I could use a new car, anyway.
As for the level of work needed to enforce copyright and IP laws, that doesn't really rest with the government. It rests with the owners of the work product to set licensing schemes that match the publics willingness to compensate them fairly for it. The government is just a proxy for the people, as always.
Well, as John Bigboote once said, "Damn Lord Worfin and the horse he rode in on!"
I agree re: your example of the moon, however, what was missing from my earlier post was the notion of work product as well. In short, when someone puts in the effort of creating some information, they do so to create a value for it. This value can be anything, from compensation for creating it (wages), to appreciation of peers or an audience (works of art, GPL code, etc), etc.
When that work effort is expended, the compensation for that work effort is determine either prior to work (such as signing a work for hire contract, or accepting wages) or afterwards (in the form of licensing fees or appreciation).
When that work effort is completed, the resultant work product is property precisely due to the value of effort that was expended in creating it. It may have a subjective value of zero (as some art and code does) or a utility value of zero (pet rocks), however, it still has an ownership attributed to it that was established either prior to its creation or after the fact.
To assume that you can use the work output of others without compensation is a form of slavery by proxy and stealing, as it disregards the work effort AND the terms of use that the creator assigned. If the creator assigned a value to it that you don't think is reasonable, don't buy it. But to assert that the information, in whatever form, is not property is to ignore that intellectual work is still work, just as it is work to create a car.
I have run into plenty of things that I wished were free, but unless the creator of that work agrees with me, I am unfairly stealing his work effort.
Sorry, but saying information wants to be free carries a hidden premise that information cannot be property
Property is something that has value of two kinds: scarcity value and subjective value.
Scarcity value is the value that something has because it is scarce. There is only so much real estate in the world and people want it to live on, hence, it has value
Subjective value is the value that something has because it serves to meet a need, such as a screwdriver or a painting that makes you happy. What I value, such as my shoes, may not be equally valued.
Which of these doesn't information have? Scarcity. Unless, of course, that scarcity is contrived through restricted access.
However, having subjective value makes it still property.
Ever been around people that have know each other for a very long time, where there are lots of inside jokes? You know, where they can just say the punchline and everyone who was around 7 years ago for the original telling of it, they all laugh and the people who just got there stare politely for a little bit. Some of them actually pretend like they 'got' the joke, laughing politely at first and then, after the 20th telling of just the punchline, they are laughing harder, not because they get the joke, but because they feel included now?
That is the nature of religion. Religion, in any form, is the punchline. Gnostic experiences, where you feel the presence of God in your life, is the actual 'set up' of the joke.
Now, for almost everyone, genuine gnostic experience is a very powerful and rare thing. It doesn't happen often and when it does, it changes your view. You lose sight, for a moment, of the temporal confinement of man, seeing your soul as part of a greater consciousness. When that happens, most people struggle for a bit, trying to get a handle of what happened, what did it mean, etc.
Religion evolves as a codified way of reminding people about the gnostic experiences in their lives. In some sense, it can help make it easier for you to have that gnostic experience, that awareness of God's presence and role, but in general, it is there to remind you of a prior experience. In essence, religion is the repeated telling of a punchline of the funniest, most powerful joke you ever heard.
Where does intolerance come from? In my opinion, it comes from people who never heard the set up, only the punchline. These people generally believe that they know the actual joke, both the set up and the punchline, but they really only have heard the punchline and it is really threatening to them to have it possibly come out that they really never heard the whole joke, that they don't really know why it is funny, but someone once told them they would:
* Never go to heaven
* Go to hell
* Be a bad person
If they didn't understand the joke. Where Christianity, Paganism, Wiccanism, Buddhism, Shintoism, Islam, etc., all of them; where every single last religion fails is in this one aspect:
They spend more time telling the punchline than helping people get the joke.
Hackers, coders, tech writers, all of the people with balanced brains out there (left and right in full tune and hitting all cylinders) have a trait in common with other intelligent people - curiousity and a desire to understand why the joke is so funny to everyone else
Most anti-christian sentiment arises from the problem that is similar to what occurs when a person asks someone laughing why they are laughing so hard and the laughing person replies,
"I can't explain it, but you are going to die if you don't start laughing with me"
It doesn't mean they are evil, or bad (although some are). It does mean that they really need to have the joke explained to them, ie. to have a gnostic experience genuinely occur to them.
Is mysticism or paganism bad? I don't know, I can't say for sure. My test for any religion is whether or not it helps explain the whole joke, not just the punchline. I am Catholic and I am constantly appalled at how bad we are at telling the whole joke well, even thought, to me at least, I found it very very funny.
For anyone who make take offense at this, please realize that I use the Joke symbolism as a metaphor, not to make fun of any religion. I do, however, find the gnostic experiences I have had to be far more rewarding than a hearty belly laugh, but very similar in feel.
Lion,
I think you are skipping an important part of both patent law and of copyright protection, which is the idea of contrived scarcity.
I may decide to patent an invention, such as what Amazon did with 1-click, not as a way of deriving revenue from the particular ownership (getting licensing fees from the patent) but to prevent competitors from using a similar device. In essence, sometime patents are not used to derive direct economic benefits, but are used as a part of a defense of a market.
Now, whether you consider this moral or not, it is important to remember that as with all applications of the law, there are examples where this works to the advantage of the industry as a whole and times when it is applied stupidly. I personally believe the Patent office is in need of a serious rebuild to deal with these things, because they aren't applying the "obvious to those in the field" test at all in these cases.
However, consider for a moment the role of IBM research. IBM has a group that does nothing but turn basic research into products through the patenting process. Without the licensing fees from the patent, they couldn't economically justify the money spent on pure research for things like copper conductor chips, or magneto-resistive hard drives - things that have advanced the industry as a whole over all. Copyright law can't cover the development of methods like this, as it allows for derivative works, yet patents cover them. If you change copyright to cover derivatives, you have reinvented patents.
The idea of patenting business models is just stupid, they should be covered under copyright. 5 Years is enough time to establish or not establish a primacy of brand and position to defend from copy cats (Check Harvard Business Journal Sept. Issue for a lucid explanation of why entering a market 5 years late with a copy cat idea is a death sentence)
In short (too late), I think it is really critical for the patent office to go through a serious cranial rectal inversion as it regards to applying the tests more rigorously, rather than scrapping a system that can work well.
Slashdot Mirror
Linux!=OSS
To think "Microsoft is supporting OSS" = "Microsoft is supporting Linux" is to commit a grievous logical error. OSS includes lots of applications and infrastructure that runs on Windows and MS Platforms.
Our patch uninstalls itself when you apply the MSFT patch, whenever it shows up. And the eEye patch isn't a memory patch, but a patch to a copy of the JScript.DLL file that prevents passing of the exploit to the vulnerable component in MSHTML.DLL.
70,000 downloads so far and no reported bugs...Just for the record, Derek Soeder is the best coder I've ever seen.
RB
Actually, that's the way the Determina patch works. Our patch works differently than a memory patch; it actually makes a copy of the JScript.dll file and prevents it from passing the malicious code to MSHTML.DLL.
The source code is available at www.eeye.com if you want to review it or have any questions about the approach, send a note to alerts (at) eeye.com for the research team to respond.
RB
They will be different - the patch we created at eEye actually is quite different from the Determina patch. The eEye patch generically fixes the JScript.dll file to prevent the exploit from being passed to the MSHTML.DLL file, while the Determina patch injects a memory patch into every process calling the vulnerable DLL. Microsoft's patch will most likely be a correction to the actual vulnerability in the MSHTML.DLL file (or so we hope...)
Full Disclosure - I work at eEye
Better than 4/5ths of venture capital funded projects don't make any money, but the 1/5th that do make enough money to pay for the 80% that lost everything and return a substantial profit to the VC fund and it's investors.
Movies are the same way. For every 2 'Catwoman' s that crap out at the box office, there is a 'Spiderman 2' that earns back the money and pays for the Litterbox. It's their business model - it's as stupid as a VC claiming they need protection because 80% of their investments lose money!
Like, say, Lindows (tm)?
"fast follower" is a highly effective marketing strategy. In the context of the article, 'best' implies market acceptance, not quality.
RB
I have this rule that hasn't failed me yet: Never run away from something, but always run to something.
If you are unhappy for reasons other than the money AND you have a reasonable belief that the new employer will challenge you more, allow more quality of life, etc. then don't take the counter offer - take the new job.
If you are unhappy for reasons other than the money and you DO NOT have a reasonable belief that the new employer will satisfy you more; if you don't know or haven't done your homework, if you are interested 'just to get away' from your employer, etc - don't take the new job.
The market has spoken, in effect, with a validation of what you are worth. Stop and look around a bit before making a decision - you might be able to find the job you want that matches the salary you want as well.
TA
RMS condemns it? Hey, that means enterprise CIO's are gonna buy it in droves!
Seriously, this does pervert the hell out of the 'free as in liberated' concept; it would have been much, much more clever for them to call it Microsoft Linux. Sales would have gone through the roof once the lemmings saw that!
TA
The author of this piece is a tad misleading about the reality of lemon laws - a lemon law prohibits exemption from liability when the product fails to perform in the primary manner for which it was designed, not that the product is error free.
For example, if your car has a transmission that regularly falls out every time you try to put it in gear, it is a lemon. However, if the error in manufacturing doesn't impede the primary purpose of the vehicle, such as a cosmetic problem, lemon laws don't apply. Typically, if the problem is pervasive or impacting customers badly, they issue a service bulletin and fix it.
Lemon laws for software is a good idea if implemented in this form - if SQL Server fails at the basic function of keeping data in tables, it rightly should face liability for failing to perform as intended. If SQL Server has an error in a wizard that does minor administration but the commmand line still works, that isn't critical to the functionality, just critical to user satisfaction.
Bottom line: If the bugs are bad enough to keep the product from working at the core tasks it was designed for, liability should be there. If the bugs are minor, correctible and/or cosmetic, no liability should exist.
TA
De Facto - A standard created by market consensus that is based on the dominate standard in the marketplace, see also "What people buy"
De Jure - A standard created by a committee seeking to create a standard that is inclusive enough to be practical, yet specific enough to ensure quality, see also "What has little impact on the world"
The very premise in this original post belies an naive view on what purposes standards bodies serve - they exist to clean up older technology, often for the express purpose of making older technology a safer foundation to build on. They have little bearing on innovation and the creation of new standards.
Quick Quiz - name a standard that was established before it was implemented in the market as a de jure standard (disclaimer - 'process' standards like ISO 9002 don't count, they don't really exist in nature).
Dang, it gets hard to read Slashdot at times - Soft Wifi is a really great idea that will work and the suckerpunch underlying all of it is the general reluctance of the open source community to innovate on things that drive the market.
Want to make Linux succeed on the desktop? Move as much cost of intelligence for devices like networking cards, USB, sound, etc. into the OS and innovate on driving that cost out of these markets. When a fully loaded desktop PC costs $100's less than a Windows PC AND contains innovations that I can't get on Windows, then you will see switching behavior.
Making Linux as good as Windows is a recipe for disaster and hubris. Make it better.
Until ISP's can deploy differentiated class of service offerings with tiered pricing, don't expect broadband to be flying across the market. The problem isn't technical, its business.
10.5 million cable users. Current capacity is roughly 2 million users before you have brownouts across the routers they use to connect the cable end to the backbones (aggregate). Need to get average subscriber rates up to around $80 a month.
The trick will be getting differentiated class of service. Want VPN? Get your employer to cough up the extra $30 a month. Want a static ip? An extra $10.
Information wants to be free, but the deliveryman wants his fee.
Nice assumption. Do you actually know any priests?
I do and the vast majority of them are dedicated, devoted workers who have given their life to improve the social conditions of the poor, provide comfort and support to the grieving and to help others find meaning in life. Take any organization with more than 700,000 employees and you are going to find some that abuse power, some that break the law and some that are hypocrits, but for the vast majority of priests, they have dedicated their lives to improving the world.
We should be critical of the closed nature of communication around misconduct in the Church, but to claim that they are 'oppressed' by their religion is making an illogical extension to an argument unsupported by data.
Your premise that "to truly be theft, it must take away from a party. This is not the same as just taking without the "away" part" is incorrect. Loss of scarcity is a form of theft, if an object has value because of it's scarcity. Stealing identities is theft because an identity has value because it belongs to one person.
You are correct in stating that the Mplayer folks stole from the open source community in that they removed the right for downstream innovation by not releasing source code. However, the form of that theft is both in removing the rights of the community to develop AND in removing the scarcity rights preserved by the author to force downstream innovation (that is, the authors reserved right to force openness, which the prime author held alone over all downstream authors).
Semantic point? Yes, but an important one in that your posts, while arguably correct in result, get there through murky premises that detract from your argument, saving throw or not.
TA
Because of its robustness, modularity and stability, Linux is highly able to replace Solaris, HP-UX and AIX type licensed OS's in the enterprise. The people who buy these systems buy them to get the best technical solution to their problems and consider cost of ownership, which is high in any OS choice given the task, secondarily.
Trying to get Linux to beat Windows on the desktop is fighting yesterday's battle. Want to kill Microsoft? Sap it's growth, which is in server OS's and embedded systems (XBox, Pocket PC, etc.)
The amount of energy spent by the development community in trying to be the next Microsoft is astounding, but very few vocal developers seem to even focus on what Microsoft is trying to become.
To borrow a phrase from the Old West, "Cut 'em off at the pass" and focus on making an OS that runs devices better than Windows ever will, an OS that runs DB2 and Oracle better than any other and an OS that can be extended and integrated with server side applications at compile time with more ease.
If you take away Microsoft's revenue growth, you take away their stock price. Take away their stock price and you take away their monopoly.
Easy with the assumptions, someone could get their panties in a knot. I said digital computers and pointed at the mainframe systems to make a point about mass market effects on innovation driven systems. The typewriter division, while innovative, wasn't facing the same innovation driven threats or ecosystem dynamics that affect the industry now.
IBM was started by Herman Hollerith as a result of the Computing and Tabulating Company. I know they existed prior to 1961 and the introduction of the S/360 platform. I've been the private museum in New York and seen the original tabulating machine, as well as their Babbage engines and an original pascal calculator. I worked for IBM for several years.
Dude. Chill.
Tommy
Good lord, I would kill any company that I was a shareholder of if they made decisions for any other reason than the efficacy of the technology in controlling costs and improving revenue.
Of course it's about the money. It's about freakin' time it was about the money, given their historic performance.
Want someone to love you for your OS choices? Visit Linuxsex.org, otherwise, adapt.
I saw a couple of comments, even from Rob, that seemed to say, "We've seen this before" in regards the Amazon announcement. I would like to submit that Amazon's announcement matters, not because of their company size, but because of how they behave. They are not early adopters or innovators, they are a technology risk averse company that bets their business on technology. In short, Amazon illustrates the critical tension facing both the Linux community and Microsoft.
There has never been a technology company to last for more than 20 years on a single family of technologies, and, more to the point, the failure of technology companies has never come from having their dominance in what they do well attacked. Technology companies fail because someone else steals their avenues of growth.
If you look at IBM, it went through waves of changes, starting in the digital age with mainframes, which dominated the marketplace from 1960-1980; selling to enterprise customers digital computers that would dramatically change their business. It saturated the enterprise with mainframes by 1980 and had, starting in the 70's, tried to maintain their growth rate by selling mainframes to middle market (500-5000 employee) companies who had not purchased mainframes.
Along came Digital Equipment Corporation, with the VAX, which just completely took that midrange market by storm, sapping the growth from IBM. IBM built the PC and launched a new market targeted at small business, but Apple, Compaq and a host of clones sought that market and, in the past 15 years, largely took that growth away from IBM.
IBM has been growing it's services business and it is paying off, driving an increasing portion of revenue. They are in year 8 of fantastic growth, but already, they are making noise about trying to sell services to businesses in the middle market; a sure sign that something else is about to come along to meet that need.
Why the history lesson? Because it illustrates the fundamental forces at work that are affecting the Linux and the Microsoft worlds.
The technology industry is characterized by several constraining forces; the innovation force, that seeks the best solution for a given problem, and leverage, the drive to extend technologies from one market to another to extract the best return on investment for that innovation.
Best solution is a subjective term, but in this case, it refers to the solution that is most applicable to a given problem, with the required supportive ecosystem around it and with the lowest cost of aquisition and the cost of ownership over the life of the technology. Hold onto those four points, they will become important.
Microsoft truly came up with the best solution for desktop productivity. Windows was a unique technology in that it brought the ease of use of the macintosh (meeting the test of applicability) that had the lowest cost of acquisition (OEM pricing included it with the computer), the required ecosystem (cheap PC's, compared to expensive proprietary Apples) and a decent cost of ownership (compared to the alternatives at the time, like DOS, which required extensive training).
Fast forward to today. Microsoft is now limited by the slowing growth rate of the personal computer industry, so it seeks to adapt its technology to other markets, in the name of leverage (internally) or compatibility (externally). So we see Windows in the Pocket PC format, where it is touted as an embedded system for extending the productivity brought by your PC. This embedded systems market is large, and fractious, as it extends from cell phones to pda's to robotic industrial arms to game consoles.
Linux is a contender for this market, using our criteria of best. Linux has the best applicability, as it is a modular OS that is compiled for the specific use. Want to use it in a robotic arm? Ditch the graphics processor and X-windows, strip it down to just what you need. Cell phone? Take out large portions of the OS that support complex sound and graphics, devices, hard drives, etc. Game console? Build up the graphics processor support and sound, device drivers and ethernet, get rid of the general use stuff that isn't needed for running really fast games.
Windows isn't nearly as modular, you can turn off functions, but it causes the OS to behave in funny ways because it was never meant to have these things turned off. So, Linux wins the applicability aspect of it.
As far as supportive ecosystem, this is where the battle really lies for embedded systems. Microsoft has brought it's armada of partners to the Pocket PC, to the XBox and to other embedded system projects, but these partners suffer from the same applicability problems that Microsoft faces. Do you really need MS Money running on your PDA, or would a simpler checkbook program that can interface with MS Money easily be better? Do you really need MS Access running on the PDA, or could a simpler program do the trick more efficiently.
In general, it is always more advantageous for the customer and more costly to the provider to innovate for a specific use than to stretch innovations across uses. As the embedded systems market grows, the viability of applications in this space will grow along with it, especially as standards for hardware coalesce.
Between Windows and Linux, the ecosystem criteria is a tie for now, but what about cost?
For manufacturers of hand held devices and specialty use devices, like game consoles, cost is a primary concern. When you are building super computers, the cost per component is a moot point, but for consumer goods, it becomes paramount. Cost of aquisition for Linux is not, as commonly percieved, zero - there is a cost in modifying the OS to get what you need and the cost of support, which is the very business model of Red Hat, but it is substantially lower than the cost of aquiring OS licenses from Microsoft.
Cost of ownership is another issue, as Linux isn't as remotely upgradable yet as it needs to be for these uses, but that innovation is coming for both Microsoft and Linux in time.
Over all, looking at just the embedded device market, Linux presents a credible threat to Microsoft, sapping the growth rate needed out of this marketplace that would have gone to the Windows hegemony as Microsoft tried to leverage it's existing innovation.
Looking at the server market, it is more bleak for Microsoft. In short, Linux wins the applicability (due to customization capabilities - want a fast database server? Build the OS to specifically run the database). Linux loses the ecosystem argument for now, but ecosystems are far less important the more you move away from mass production markets; this one is shifting towards Linux rapidly. Linux wins the cost of aquisition aspect hands down and cost of ownership is being proven to be the Achille's heel of Microsoft.
If Linux saps away a significant portion of Microsoft's growth, what impact does that have on the company? Microsoft, even in this down economy has a P/E ratio of 51. This means that a tremendous expectation of earnings growth is built into the company's stock price and if that growth doesn't materialize, the stock is in jeopardy. Microsoft stock is priced in the market expecting a 30% growth rate in earnings. If their market growth is capped by competition, they will need to cut costs and raise prices in their existing markets to keep the stock price up, which will exacerbate the situation. In short, the embedded systems market and the server market represent two rocks, and their shareholder expectations are the proverbial hard place.
So what if the stock drops? Microsoft has underpaid it's employees by as much as 30% compared to market wages, compensating them with stock options. Lose the option value and the operating expense for the company goes up 17%, further depressing earnings, or they lose employees. The dastardly side of losing employees is what IBM learned - when a company is in trouble, the highly valued employees (ie. the ones that can get other employement quickly), scatter first, leaving the undesirables behind to screw things up.
Additionally, losing the stock value takes Microsoft's credit card away. Microsoft has, to a large extent, built it's new businesses through acquisition of other technology companies (webTV, Foxpro, Great Plains, etc.) and the ability to swallow new technologies on credit (stock given away in exchange for future accretive earnings) goes away, leaving them with the challenge of paying cash, which is abhored by Wall Street for a variety of reasons (screws with earnings, risk no longer tracks reward during the acquisition process, etc.)
So, where does this leave us? The PC market is a graveyard, software for consumers is relegated to games and utilities and the whole IT industry is in a slump. Microsoft is a big, fat juicy target for a lot of IT directors looking to cut costs and, as Geoffrey Moore pointed out, markets shift when the early majority customer base makes their move. Amazon is clearly not an early adopter or an innovator (in the sense of the Moore term). Where there is one early majority customer, there are typically many many others at work.
Want to beat Microsoft? Give up on the wasted energy behind creating a better desktop; there is no growth in that market to do any real damage to Microsoft. Instead, build a better Xbox with Linux, build a better PDA, build a better server (oops, already there) and sap the growth from the company. The efforts in the Linux community to innovate is best exerted in the direction of markets to come, not markets that are.
Closed source licenses basically state to the market, and development community as well, that the owner of the license believes they have the resources internally to create a product that the market will want (as measured by use, not necessarily revenue). In the typical EULA, much of the restrictions of use prohibit things that impact revenue, but much of it prohibits inspection of the internal workings. This is a strategy to prevent sharing of technology, which is a choice the these license holders use.
GPL and LGPL licenses make these same choices, but my issue with these licenses are:
Never create a policy with a person in mind - It appears that much of the GPL license was oriented towards a black and white world of Microsoft vs. Everyone, which doesn't track with reality, where there is clearly shades of gray. In the current form of the GPL license, it prevents existing *nix vendors from easily getting a green light to port needed portions of historical code, especially code that gives stability and manageability to the Linux/GPL code base.
The GPL license was written more as a manifesto than a legal document and it contains loopholes, due to the lack of clarity of the language, that a truck could drive through. In the Vidomi/VirtualDub brouhaha that is current going on, clearly the issue at hand is the non-specificity of the language of the GPL license terms. In order to have a viable license, it must be based on legally testable language and, in its current form, the GPL and LGPL license terms are likely to be ruled against in court, creating a case law history that could be very damaging to open source.
The FSF, while correct in spirit, seems to abhore inspection of the license - This one is based on personal experience and I would love to hear others experiences, but our firm was doing work for a large, established hardware vendor that owns a license for a variant of Unix that has been heavily modified to squeeze out power from the hardware. They had asked us to evalutate the GPL license to discover if there was a way they could open the source code for some of their code, with the intent of releasing it to the community; however, they wanted to understand the terms of the GPL and LGPL better before moving forward. I called the FSF and inquired as to some of the license terms and was promptly accused of "trying to find a way to subvert the license"! Such histrionic reactions to inquiry indicate that the document, while admirably in spirit, won't stand to inspection in court and hence, represents a real risk to users of it. The lack of open dialogue on the GPL/LGPL with the FSF, especially dialogue that tests the limits of the license, ultimately hurts the idea of open sourcing.
I guess my expectations of the GPL/LGPL are probably too high, given the relative age of the license language, but I do fear a legal test of it.
They say in every experience you either get what you wanted or you get wisdom. Future legal tests of the GPL license will probably bring more wisdom to the FSF and open source movement, rather than what they want.
RB
Nitrogen particles are basic elemental particles. So are bits. If you want free bits, you can have them all you want.
However, if you want bits in a pattern that has value, you must realize that a work effort went into creating that value. To take the pattern of bits by saying they are only bits is akin to taking a car for free, saying it is only bits of iron, hydrogen, carbon and other elements - that is, stealing.
The fundamental flaw in "Information wants to be free", besides the anthropomorphising of a concept, is focusing on the cost of duplication. The cost behind information is in assembling the pattern that makes it relevant, which does carry a labor cost. To say "no one can own it" is akin to saying "No one can own the earth", a concept that only works when everyone agrees with it, which for the record, not very many people do anymore.
If you want information to be free, be prepared to do away with your possession as well. I could use a new car, anyway.
As for the level of work needed to enforce copyright and IP laws, that doesn't really rest with the government. It rests with the owners of the work product to set licensing schemes that match the publics willingness to compensate them fairly for it. The government is just a proxy for the people, as always.
I agree re: your example of the moon, however, what was missing from my earlier post was the notion of work product as well. In short, when someone puts in the effort of creating some information, they do so to create a value for it. This value can be anything, from compensation for creating it (wages), to appreciation of peers or an audience (works of art, GPL code, etc), etc.
When that work effort is expended, the compensation for that work effort is determine either prior to work (such as signing a work for hire contract, or accepting wages) or afterwards (in the form of licensing fees or appreciation).
When that work effort is completed, the resultant work product is property precisely due to the value of effort that was expended in creating it. It may have a subjective value of zero (as some art and code does) or a utility value of zero (pet rocks), however, it still has an ownership attributed to it that was established either prior to its creation or after the fact.
To assume that you can use the work output of others without compensation is a form of slavery by proxy and stealing, as it disregards the work effort AND the terms of use that the creator assigned. If the creator assigned a value to it that you don't think is reasonable, don't buy it. But to assert that the information, in whatever form, is not property is to ignore that intellectual work is still work, just as it is work to create a car.
I have run into plenty of things that I wished were free, but unless the creator of that work agrees with me, I am unfairly stealing his work effort.
John Smallberries.
Property is something that has value of two kinds: scarcity value and subjective value.
Scarcity value is the value that something has because it is scarce. There is only so much real estate in the world and people want it to live on, hence, it has value
Subjective value is the value that something has because it serves to meet a need, such as a screwdriver or a painting that makes you happy. What I value, such as my shoes, may not be equally valued.
Which of these doesn't information have? Scarcity. Unless, of course, that scarcity is contrived through restricted access.
However, having subjective value makes it still property.
That is the nature of religion. Religion, in any form, is the punchline. Gnostic experiences, where you feel the presence of God in your life, is the actual 'set up' of the joke.
Now, for almost everyone, genuine gnostic experience is a very powerful and rare thing. It doesn't happen often and when it does, it changes your view. You lose sight, for a moment, of the temporal confinement of man, seeing your soul as part of a greater consciousness. When that happens, most people struggle for a bit, trying to get a handle of what happened, what did it mean, etc.
Religion evolves as a codified way of reminding people about the gnostic experiences in their lives. In some sense, it can help make it easier for you to have that gnostic experience, that awareness of God's presence and role, but in general, it is there to remind you of a prior experience. In essence, religion is the repeated telling of a punchline of the funniest, most powerful joke you ever heard.
Where does intolerance come from? In my opinion, it comes from people who never heard the set up, only the punchline. These people generally believe that they know the actual joke, both the set up and the punchline, but they really only have heard the punchline and it is really threatening to them to have it possibly come out that they really never heard the whole joke, that they don't really know why it is funny, but someone once told them they would:
* Never go to heaven
* Go to hell
* Be a bad person
If they didn't understand the joke. Where Christianity, Paganism, Wiccanism, Buddhism, Shintoism, Islam, etc., all of them; where every single last religion fails is in this one aspect:
They spend more time telling the punchline than helping people get the joke.
Hackers, coders, tech writers, all of the people with balanced brains out there (left and right in full tune and hitting all cylinders) have a trait in common with other intelligent people - curiousity and a desire to understand why the joke is so funny to everyone else
Most anti-christian sentiment arises from the problem that is similar to what occurs when a person asks someone laughing why they are laughing so hard and the laughing person replies,
"I can't explain it, but you are going to die if you don't start laughing with me"
It doesn't mean they are evil, or bad (although some are). It does mean that they really need to have the joke explained to them, ie. to have a gnostic experience genuinely occur to them.
Is mysticism or paganism bad? I don't know, I can't say for sure. My test for any religion is whether or not it helps explain the whole joke, not just the punchline. I am Catholic and I am constantly appalled at how bad we are at telling the whole joke well, even thought, to me at least, I found it very very funny.
For anyone who make take offense at this, please realize that I use the Joke symbolism as a metaphor, not to make fun of any religion. I do, however, find the gnostic experiences I have had to be far more rewarding than a hearty belly laugh, but very similar in feel.
I may decide to patent an invention, such as what Amazon did with 1-click, not as a way of deriving revenue from the particular ownership (getting licensing fees from the patent) but to prevent competitors from using a similar device. In essence, sometime patents are not used to derive direct economic benefits, but are used as a part of a defense of a market.
Now, whether you consider this moral or not, it is important to remember that as with all applications of the law, there are examples where this works to the advantage of the industry as a whole and times when it is applied stupidly. I personally believe the Patent office is in need of a serious rebuild to deal with these things, because they aren't applying the "obvious to those in the field" test at all in these cases.
However, consider for a moment the role of IBM research. IBM has a group that does nothing but turn basic research into products through the patenting process. Without the licensing fees from the patent, they couldn't economically justify the money spent on pure research for things like copper conductor chips, or magneto-resistive hard drives - things that have advanced the industry as a whole over all. Copyright law can't cover the development of methods like this, as it allows for derivative works, yet patents cover them. If you change copyright to cover derivatives, you have reinvented patents.
The idea of patenting business models is just stupid, they should be covered under copyright. 5 Years is enough time to establish or not establish a primacy of brand and position to defend from copy cats (Check Harvard Business Journal Sept. Issue for a lucid explanation of why entering a market 5 years late with a copy cat idea is a death sentence)
In short (too late), I think it is really critical for the patent office to go through a serious cranial rectal inversion as it regards to applying the tests more rigorously, rather than scrapping a system that can work well.
Ross