And these guys in Dallas are screwed. They gave away control of layer 1 connectivity, and now they are faced with multiple third-party incusions into the physical layer provisioning of data services within the geography of their WiFi network.
Additionally, unless the FCC is going to make/has made an exception for higher ed institutions, the Denver ruling is the standard. If the tenant, reguardless of who owns the building, has a data connection to the internet not regulated by the University IT infrastructure policies, and they hook a WAP to it, there really isn't much they can do except renegotioate the ownership of the telecom service infrastructure with the apartment management company and get all the cable and telphone lines back under university control.
The key point here is not that it is on University property, or that it is a contracted livingspace, but that the University has divested itself of the telecom infrastructure, so these WAPs are not on the University network. If they were, this would be a no-brainer and the University could regulate them all they wanted.
Is it necessarily a foregone conclusion that privacy and security are in opposition to one another? I'll grant that privacy and sloppy security are opposed, but why have sloppy security at all?
It seems to me that we (anyone who is the subject of either privacy or security) should be expecting BOTH, not accepting the proposition that the privacy-security issue (or the liberty-security issue) is a zero-sum equation.
Yes, in the U.S. the current politics seem to indicate that 'They' don't care, but what I'm really saying is, even if the government doesn't care, shouldn't the governed?
At the risk of sounding like a zealot, semantics matter and when we speak of privacy and liberty being 'traded' for security, we are tacitly conceding that we can do without either if we are scared enough. I personally want more liberty and privacy when I'm scared, not less.
Just a thought to the writers of headlines and story titles.
You guys can bitch all you want, but the problem of having an entire ResNet filled with unpatched, virus/worm/trojan infected windows boxes show up on the last week in August is very real. As is the problem of outbound traffic from compromised windows machines consuming all the available bandwidth. The quarentine until proven clean methodology is becoming fairly standard in the ResNet management circles, as is some sort of authenticated access control that ties a human being to a machine address.
The notion of putting clients on a PC is something that I personally don't advocate, but I know people who do, and I understand their reasons. Joining Windows boxes to a domain and using Windows Update Server to keep them up to date is another thing being tossed about.
Basically, we are talking about keeping the network 'up' and providing 'the best for the most' in terms of access and bandwidth. If it means having to do some vulnerability scanning before you can get on the net, it may mean that.
There are stories just now breaking into the general consciousness of IIS servers that have been compromised for months and feeding executable code tacked on the end of http calls to IE and spreading malicious code and feeding something (reports and opinions vary) to servers in Russia (also with varying opinions as to the owners - organized crime seems to be the evil de jour).
These compromised IIS servers often have the server attached to the explorer.exe process and are therefore not detectable by virus scans. Using netstat or filemon you can find the open ports. The only solution is a bare-metal rebuild.
Have fun if that is what you are dealing with.
As an aside, if this company is unconcerned about the compromise of credit card information you might want to find a new place to hang your hat. The civil and criminal liabilities are pretty steep for the compromise of financial transaction information (if you are in the U.S.) and they extend to individuals inside the company, not just the board and officers.
With that many systems, the only rational access control seems to be to be using public keys and SSH agent to deal with the logon issue. Once in the system, the only way to keep track of so many cooks in the kitchen is to have sudo running and logging sysadmin actions. Finally, if there are specific files or groups of files that need special attention, I'd probably use ACLs to control access. Another thing that seems like a pain in the ass until it saves you is RCS. Especially with so many admins, being able to roll back a config change quickly is a lifesaver.
Build a small blimp with a payload consisting of an embedded linux SBC with GPS and WiFi recievers. Program it to fly along arbitrary signal strength boundaries (think lines of flux) and chart its location either to an onboard storage location, like CF, or broadcast it back to a server on the WiFi network, then layer the GPS info onto your campus map like its GIS.
First, why can't they just set up an RSS or ATOM feed so that the news can be syndicated? And toss in the current threat condition while they're at it.
Second, why is the DHS better than CERT? Anything the US gov is going to know first isn't likely to be released to the masses.
Third, why do I need to give you my e-mail address, can't you just use Echelon and the various IE vulns to insert a message onto my desktop?
If the contracts say don't share the derivations, then sharing them is a breach of contract.
The Caldera-SCO rep kept saying this is about contracts not copyright, so I think that they believe that one of the contracts they hold with IBM contains a 'don't share clause'. As I said, I don't think IBM would have agreed to it, but it might be a matter of interpretation, or it might be that it was a 'friendly' contract that has been passed into Caldera-SCO's hands. Who knows, but Caldera-SCO thinks they have the right contractual paperwork.
This is a pretty big deal, because its the first article that confirms what i have been thinking all week - the Caldera-SCO strategy is to say that all of IBM's AIX development efforts, and all the experience gained from them, are derivative works of System V Unix.
This is a seriously different approach and it constitutes a valid approach to Caldera-SCO's grievance with IBM.
I don't know if they can win, but I know that winning a derivative works argument is substantially easier than winning a copyright violation argument. And if they can convince a judge and jury that they have derivative rights to the AIX code base copyrighted by IBM, either by contract or by copyright, then the contribution of that code base to the Linux kernel is a violation of either the contract or the copyright on System V.
That is the strategy, it seems, and its not something that anyone should be scoffing at, becuase it just might be enough to win.
That said, what would have to happen to undermine that strategy?
An agent of Caldera actively circumventing an existing contract with IBM, if Caldera was the owner of the contract in question at the time of the action, would be a strike against Caldera. That seems to have been shown to be the case by the statements of the former Caldera CEO and a 'Unix-Linux Kernel Integration Engineer' working for Caldera.de making contributions of code and advice to the Linux kernel development team.
A ruling that the AIX code base is sufficiently independant from the System V code base would invalidate the whole issue, regardless of the contract, unless the contract specifically prohibits all copyright distribution rights of code developed on top of the System V code base - something I doubt IBM's legal team would have agreed to.
A ruling in the original BSD case settlement, which is still sealed, that would invalidate the subsequent System V contracts with IBM. I'm not holding my breath.
A body of evidence that proves some Enterprise capabilities in the Linux kernel evolved from non System V / AIX origins. This certainly could be the case with SMP.
It seems important that as the Caldera-SCO strategy becomes clearer, that the opposition is able to dissect the various parts of it into manageable parts with independant solutions.
Ranting about Caldera-SCO is no longer sufficient.
I like it, but seems that it would face the same hurdles to widespread adoption that PKI does... complicated, not intuitive, and geeky. And the point remains that there has to be a two party network for the hash to have meaning.
It works for you and I, but will it work for everyone? I don't know. Forcing technology upon a culture to solve a problem only shifts the problem to another context within that society.
Being the bridge between the current era of technological acceptance within a culture to another is part of the responsibilities of Sovereigns. All regulatory legislature (non-criminal guidance) can be viewed as short-term solutions to phenomeonon that will work themselves out in the long-term, but need to have their effect on society mitigated until they do.
The bulk of so called negligent disclosures occur because there is no positive control over database records by the subject of the information - its an actual technical challenge to accomplish that.
In the absence of a technological means, it seems to me that the legislation ought to acknowledge that assigned identity information is a contract between two parties and treat it as such, awarding damages simply on the basis of breach of contract.
The law doesn't say that, so it will be interesting to see how the Court rules.
The rational that I see for this is something like this - I can't make up my SSN and not give it to the government, since it would not be an identifier of anything. The government can't assign me an SSN but not give it to me, because I have to know what it is and use it in order to establish it as an identifying label. It takes two parties and a link to establish the identity network, and if either party expands the network, it has to be with the consent of the other party or the identity becomes too diluted to have meaning or be trustworthy.
My experience is that Enterprises which do not view software as a capital investment, don't treat the procurement of software as an investment. In that respect, they get trapped into the same vicious cycle of vendor lock-in as the common consumer, and it costs them a lot of money later.
I think that as Enterprise IT managers start to wake up to the costs of vendor lock-in for tailored or custom applications, the response will be a demand for greater control.
Total control is obviously Free and Open source. Code escrow it the next degree of control - think, when the corporate development and support ends, the source is delivered to the Enterprise. Finally, proprietary code with an extended waranty that provides no-cost fixes for custom or tailored software that fails to perform as advertised is the minimum degree of control that would be required by the Enterprise for it to be considered a capital investment.
I can think of a half-dozen crappy custom product vendors that couldn't survive such a method being adopted by a broad slice of their market, and I think it would make the world a better place.
hence the term "thought experiment" - I was simply wondering if the Objectivist use of the term looters was in Hall's mind, even sub-consciously, what it might lead to.
And in that context, the practice of "locking-in" a customer to an endless upgrade cycle without ever pulling back the curtain to show what is going on, or giving access to code, even code that is no longer being marketed, is looting both the intellectual commons and the capital marketplace by fencing off plentiful resources as if they were scarce through legislation and litigation.
The prosecution of campaigns by copyright and license holders against consumers is another form of looting that focuses on keeping the market captive to a distribution channel that has decayed in the absence of true competition and now cannot defend itself against the innovations of those who can innovate.
Both of these, unfortunately common, methodologies are, in some sense, theft since they are depriving human beings of their freedom to act as they will for their own sake - a fundemental right of man in the Objectivist philosophy by my reading.
Yes, that does open a can of worms for those who will argue that without limits on the liberty to act, mankind will take license to become degenerate and depraved, but I believe that one of the points Atlas Shrugged tried to display was that the excess concern for the dangers of lisence leads to depravity beyond imagination. It also is contrary to both Adam Smith's Theory of Moral Sentiments and Robert Wright's Non-zero to say that individuals acting as they will for their own sake is always intrinsicly detrimental to the health of a community.
She may not have, but within her philosophy is the principle that when there is no expectation of assistance by those who cannot placed upon those who can AND there is no force to compel those can to act for the sake of those that cannot, there is a moral and just transaction that can take place between those that can and those that cannot, for the sake of those that can.
In my mind, this is the model of transaction that Free software is strongest in, and that works the best.
I wonder if the use of "looters" is intended to point towards the Ayn Rand novel Atlas Shrugged.
Casting the Free software movement in the mold of objectivist capitalism might be an interesting thought experiment.
If proprietary software vendors are the "looters" the intellectual efforts of those who can for the sake of those who cannot, it turns a lot of the corporate FUD on its head.
The comment about the untechnical users being deprived off fair use by technological means makes me think that "literacy" has been given a new legal power:
If you are unable to understand and comprehend the work, that is you are illiterate to the communication means utilized to create the work, you are not entitled to fair use rights. Fair use in this context seems to have nothing to do with the presentation or distribution of the work to the audience, only the means of production - a distinction not present in a written work, which combines production and presentation, but starkly clear in computer software.
It seems to be saying that since I don't have fair use rights to timeshift a movie on opening day, to store a live performance by calling in the artist to play at 4 am, or to experience a baseball game with out a ticket, I also don't have the right to acquire the work of another person which will give me by proxy the technical expertise that I don't have, namely the literacy required to exercise my fair use rights over technologically protected works.
Sounds a lot like polling tests in the South that kept the illiterate from voting in elections.
This report appears to be making comparisons for the enterprise in using Windows and Linux in exactly the same way. What I mean is that the Windows topology is the most expensive part of the equation; to which you add license fees and hardware upgrades. The Windows topology is many servers each doing a few things, and a high power PC on every desk connected by high bandwidth networks. If, as the study assumes, want to maintain the topology and simply migrate users, with their learned traits, from a Windows OS to a Linux kernel OS, you DO NOT ADDRESS the most expensive portion of your enterprise information system.
Much of the TCO savings that are found in Linux-centric systems come from dispensing with the Microsoft topology and taking the bset lessons from the PC era AND from the mainframe era to deliver serrvices to the desktop.
Truely interesting would be the comparison between a very large enterprise solution from Mircosoft using x86 server farms and desktop PCs and one from IBM using thin clients and virtual servers on microcomputers. Only then would you begin to get a fair comparison between the two methodologies of providing access to information processing resources.
If your organizational structure is autonomous as you say it it, and the AD implementation isn't being done in conjunction with some sort of hierarchical reformation in the Enterprise, the more elegant solution is to become a Tree in the AD Forest - not a sub-domain but another domain inside the AD Forest. This saves you from a lot of administration headaches caused by several geographically distributed administrators trying to perform policy-based user administration in the vaious domains - especially because the OS has no real good way of logging administrative activity (no rcs functionality) so you can spend all day trying to understand why Joe can't print and it turns out to be caused by a policy change initiated in Witchita, or whatever, where his primary OU has most of its staff.
Obviously if your Enterprise IT dept can't or won't do the schematic work required to create an AD Forest with multiple trees, or your vendor's can't or won't ship an SAP product that supports them, you are screwed and will end up as another OU in the AD.
Being a sub-domain in a single tree is just a bad idea all around for this circumstance - its not like you want to have a truely subordinate entity with local administration like a research lab or a test network.
It seems pretty evident that this law wasn't written by datacomm interests, it was written by telecom interests - namely the satellite and cable tv industry. Look at the gist of this in the context of digital satellite and cable, and you'll stop worrying about your home IP networks and start worrying about your TiVO.
Obviously that won't stop a zealot from trying to use it to prosecute you for having a Linksys Cable/DSL router, but I think the money to buy this silly law came from the studios and the distributors of TV shows, not the (re)issuers of IP addresses, IPSs and GSPs.
I work on a small college network (~1000 users) and have set up the residential network as a seperate network with routes to the academic network and the Internet. Access to academic resources is controlled by router ACLs and LDAP authentication.
We monitor usage with ntop and nessus and post the names of the heaviest users of network capacity (but not the greatest security violations). If the community has a problem with the activity of the user, they can deal with that through the student government. The school lets the students have a pretty free environment, but it does force an authentication for outbound Internet traffic and enforces a ban on duplication of college provided services (like DNS and SMTP servers).
This has worked well for about a year and a half without much trouble and has let the residential network maximize the capacity of their their 10Mbs network and its T-1 uplink.
Not being a patent lawyer, I don't know what qualifies as prior art, but this looks like it is for their book review and discussion method, and if so, I know of an institution that has been dedicated to the practice of a 'Method and system for conducting a discussion relating to an item' since 1937. Is it so different to do it on-line that you get to have a patent?
the Human Computer Interaction Lab at the U of Maryland might be a place to look. I don't know that they have exactly what you are looking for, but the are spending a bit of effort working on interfaces specifically for learning and special access needs and they are designed with commercialization of their products in mind.
Slashdot Mirror
And these guys in Dallas are screwed. They gave away control of layer 1 connectivity, and now they are faced with multiple third-party incusions into the physical layer provisioning of data services within the geography of their WiFi network.
Additionally, unless the FCC is going to make/has made an exception for higher ed institutions, the Denver ruling is the standard. If the tenant, reguardless of who owns the building, has a data connection to the internet not regulated by the University IT infrastructure policies, and they hook a WAP to it, there really isn't much they can do except renegotioate the ownership of the telecom service infrastructure with the apartment management company and get all the cable and telphone lines back under university control.
The key point here is not that it is on University property, or that it is a contracted livingspace, but that the University has divested itself of the telecom infrastructure, so these WAPs are not on the University network. If they were, this would be a no-brainer and the University could regulate them all they wanted.
Is it necessarily a foregone conclusion that privacy and security are in opposition to one another? I'll grant that privacy and sloppy security are opposed, but why have sloppy security at all?
It seems to me that we (anyone who is the subject of either privacy or security) should be expecting BOTH, not accepting the proposition that the privacy-security issue (or the liberty-security issue) is a zero-sum equation.
Yes, in the U.S. the current politics seem to indicate that 'They' don't care, but what I'm really saying is, even if the government doesn't care, shouldn't the governed?
At the risk of sounding like a zealot, semantics matter and when we speak of privacy and liberty being 'traded' for security, we are tacitly conceding that we can do without either if we are scared enough. I personally want more liberty and privacy when I'm scared, not less.
Just a thought to the writers of headlines and story titles.
quite funny, the boss and I are actually thinking of doing just that - and taking all the little yellow stickies with us.
Damn the Man! Save the Empire!
You guys can bitch all you want, but the problem of having an entire ResNet filled with unpatched, virus/worm/trojan infected windows boxes show up on the last week in August is very real. As is the problem of outbound traffic from compromised windows machines consuming all the available bandwidth. The quarentine until proven clean methodology is becoming fairly standard in the ResNet management circles, as is some sort of authenticated access control that ties a human being to a machine address.
The notion of putting clients on a PC is something that I personally don't advocate, but I know people who do, and I understand their reasons. Joining Windows boxes to a domain and using Windows Update Server to keep them up to date is another thing being tossed about.
Basically, we are talking about keeping the network 'up' and providing 'the best for the most' in terms of access and bandwidth. If it means having to do some vulnerability scanning before you can get on the net, it may mean that.
There are stories just now breaking into the general consciousness of IIS servers that have been compromised for months and feeding executable code tacked on the end of http calls to IE and spreading malicious code and feeding something (reports and opinions vary) to servers in Russia (also with varying opinions as to the owners - organized crime seems to be the evil de jour).
These compromised IIS servers often have the server attached to the explorer.exe process and are therefore not detectable by virus scans. Using netstat or filemon you can find the open ports. The only solution is a bare-metal rebuild.
Have fun if that is what you are dealing with.
As an aside, if this company is unconcerned about the compromise of credit card information you might want to find a new place to hang your hat. The civil and criminal liabilities are pretty steep for the compromise of financial transaction information (if you are in the U.S.) and they extend to individuals inside the company, not just the board and officers.
With that many systems, the only rational access control seems to be to be using public keys and SSH agent to deal with the logon issue. Once in the system, the only way to keep track of so many cooks in the kitchen is to have sudo running and logging sysadmin actions. Finally, if there are specific files or groups of files that need special attention, I'd probably use ACLs to control access. Another thing that seems like a pain in the ass until it saves you is RCS. Especially with so many admins, being able to roll back a config change quickly is a lifesaver.
Build a small blimp with a payload consisting of an embedded linux SBC with GPS and WiFi recievers. Program it to fly along arbitrary signal strength boundaries (think lines of flux) and chart its location either to an onboard storage location, like CF, or broadcast it back to a server on the WiFi network, then layer the GPS info onto your campus map like its GIS.
First, why can't they just set up an RSS or ATOM feed so that the news can be syndicated? And toss in the current threat condition while they're at it.
Second, why is the DHS better than CERT? Anything the US gov is going to know first isn't likely to be released to the masses.
Third, why do I need to give you my e-mail address, can't you just use Echelon and the various IE vulns to insert a message onto my desktop?
Czech it out?
Sitting around all day like a housewife jonesing for her soaps, and I'll I get is this limp SCO news release about a 'Fortune 500 company'.
:(
So disheartening.
Where are my bon bons?
Contracts trump precedent, period.
If the contracts say don't share the derivations, then sharing them is a breach of contract.
The Caldera-SCO rep kept saying this is about contracts not copyright, so I think that they believe that one of the contracts they hold with IBM contains a 'don't share clause'. As I said, I don't think IBM would have agreed to it, but it might be a matter of interpretation, or it might be that it was a 'friendly' contract that has been passed into Caldera-SCO's hands. Who knows, but Caldera-SCO thinks they have the right contractual paperwork.
This is a pretty big deal, because its the first article that confirms what i have been thinking all week - the Caldera-SCO strategy is to say that all of IBM's AIX development efforts, and all the experience gained from them, are derivative works of System V Unix.
This is a seriously different approach and it constitutes a valid approach to Caldera-SCO's grievance with IBM.
I don't know if they can win, but I know that winning a derivative works argument is substantially easier than winning a copyright violation argument. And if they can convince a judge and jury that they have derivative rights to the AIX code base copyrighted by IBM, either by contract or by copyright, then the contribution of that code base to the Linux kernel is a violation of either the contract or the copyright on System V.
That is the strategy, it seems, and its not something that anyone should be scoffing at, becuase it just might be enough to win.
That said, what would have to happen to undermine that strategy?
An agent of Caldera actively circumventing an existing contract with IBM, if Caldera was the owner of the contract in question at the time of the action, would be a strike against Caldera. That seems to have been shown to be the case by the statements of the former Caldera CEO and a 'Unix-Linux Kernel Integration Engineer' working for Caldera.de making contributions of code and advice to the Linux kernel development team.
A ruling that the AIX code base is sufficiently independant from the System V code base would invalidate the whole issue, regardless of the contract, unless the contract specifically prohibits all copyright distribution rights of code developed on top of the System V code base - something I doubt IBM's legal team would have agreed to.
A ruling in the original BSD case settlement, which is still sealed, that would invalidate the subsequent System V contracts with IBM. I'm not holding my breath.
A body of evidence that proves some Enterprise capabilities in the Linux kernel evolved from non System V / AIX origins. This certainly could be the case with SMP.
It seems important that as the Caldera-SCO strategy becomes clearer, that the opposition is able to dissect the various parts of it into manageable parts with independant solutions.
Ranting about Caldera-SCO is no longer sufficient.
I like it, but seems that it would face the same hurdles to widespread adoption that PKI does... complicated, not intuitive, and geeky. And the point remains that there has to be a two party network for the hash to have meaning.
It works for you and I, but will it work for everyone? I don't know. Forcing technology upon a culture to solve a problem only shifts the problem to another context within that society.
Being the bridge between the current era of technological acceptance within a culture to another is part of the responsibilities of Sovereigns. All regulatory legislature (non-criminal guidance) can be viewed as short-term solutions to phenomeonon that will work themselves out in the long-term, but need to have their effect on society mitigated until they do.
The bulk of so called negligent disclosures occur because there is no positive control over database records by the subject of the information - its an actual technical challenge to accomplish that.
In the absence of a technological means, it seems to me that the legislation ought to acknowledge that assigned identity information is a contract between two parties and treat it as such, awarding damages simply on the basis of breach of contract.
The law doesn't say that, so it will be interesting to see how the Court rules.
The rational that I see for this is something like this - I can't make up my SSN and not give it to the government, since it would not be an identifier of anything. The government can't assign me an SSN but not give it to me, because I have to know what it is and use it in order to establish it as an identifying label. It takes two parties and a link to establish the identity network, and if either party expands the network, it has to be with the consent of the other party or the identity becomes too diluted to have meaning or be trustworthy.
My experience is that Enterprises which do not view software as a capital investment, don't treat the procurement of software as an investment. In that respect, they get trapped into the same vicious cycle of vendor lock-in as the common consumer, and it costs them a lot of money later.
I think that as Enterprise IT managers start to wake up to the costs of vendor lock-in for tailored or custom applications, the response will be a demand for greater control.
Total control is obviously Free and Open source.
Code escrow it the next degree of control - think, when the corporate development and support ends, the source is delivered to the Enterprise.
Finally, proprietary code with an extended waranty that provides no-cost fixes for custom or tailored software that fails to perform as advertised is the minimum degree of control that would be required by the Enterprise for it to be considered a capital investment.
I can think of a half-dozen crappy custom product vendors that couldn't survive such a method being adopted by a broad slice of their market, and I think it would make the world a better place.
hence the term "thought experiment" - I was simply wondering if the Objectivist use of the term looters was in Hall's mind, even sub-consciously, what it might lead to.
And in that context, the practice of "locking-in" a customer to an endless upgrade cycle without ever pulling back the curtain to show what is going on, or giving access to code, even code that is no longer being marketed, is looting both the intellectual commons and the capital marketplace by fencing off plentiful resources as if they were scarce through legislation and litigation.
The prosecution of campaigns by copyright and license holders against consumers is another form of looting that focuses on keeping the market captive to a distribution channel that has decayed in the absence of true competition and now cannot defend itself against the innovations of those who can innovate.
Both of these, unfortunately common, methodologies are, in some sense, theft since they are depriving human beings of their freedom to act as they will for their own sake - a fundemental right of man in the Objectivist philosophy by my reading.
Yes, that does open a can of worms for those who will argue that without limits on the liberty to act, mankind will take license to become degenerate and depraved, but I believe that one of the points Atlas Shrugged tried to display was that the excess concern for the dangers of lisence leads to depravity beyond imagination. It also is contrary to both Adam Smith's Theory of Moral Sentiments and Robert Wright's Non-zero to say that individuals acting as they will for their own sake is always intrinsicly detrimental to the health of a community.
She may not have, but within her philosophy is the principle that when there is no expectation of assistance by those who cannot placed upon those who can AND there is no force to compel those can to act for the sake of those that cannot, there is a moral and just transaction that can take place between those that can and those that cannot, for the sake of those that can.
In my mind, this is the model of transaction that Free software is strongest in, and that works the best.
I wonder if the use of "looters" is intended to point towards the Ayn Rand novel Atlas Shrugged.
Casting the Free software movement in the mold of objectivist capitalism might be an interesting thought experiment.
If proprietary software vendors are the "looters" the intellectual efforts of those who can for the sake of those who cannot, it turns a lot of the corporate FUD on its head.
The comment about the untechnical users being deprived off fair use by technological means makes me think that "literacy" has been given a new legal power:
If you are unable to understand and comprehend the work, that is you are illiterate to the communication means utilized to create the work, you are not entitled to fair use rights. Fair use in this context seems to have nothing to do with the presentation or distribution of the work to the audience, only the means of production - a distinction not present in a written work, which combines production and presentation, but starkly clear in computer software.
It seems to be saying that since I don't have fair use rights to timeshift a movie on opening day, to store a live performance by calling in the artist to play at 4 am, or to experience a baseball game with out a ticket, I also don't have the right to acquire the work of another person which will give me by proxy the technical expertise that I don't have, namely the literacy required to exercise my fair use rights over technologically protected works.
Sounds a lot like polling tests in the South that kept the illiterate from voting in elections.
This report appears to be making comparisons for the enterprise in using Windows and Linux in exactly the same way. What I mean is that the Windows topology is the most expensive part of the equation; to which you add license fees and hardware upgrades. The Windows topology is many servers each doing a few things, and a high power PC on every desk connected by high bandwidth networks. If, as the study assumes, want to maintain the topology and simply migrate users, with their learned traits, from a Windows OS to a Linux kernel OS, you DO NOT ADDRESS the most expensive portion of your enterprise information system.
Much of the TCO savings that are found in Linux-centric systems come from dispensing with the Microsoft topology and taking the bset lessons from the PC era AND from the mainframe era to deliver serrvices to the desktop.
Truely interesting would be the comparison between a very large enterprise solution from Mircosoft using x86 server farms and desktop PCs and one from IBM using thin clients and virtual servers on microcomputers. Only then would you begin to get a fair comparison between the two methodologies of providing access to information processing resources.
If your organizational structure is autonomous as you say it it, and the AD implementation isn't being done in conjunction with some sort of hierarchical reformation in the Enterprise, the more elegant solution is to become a Tree in the AD Forest - not a sub-domain but another domain inside the AD Forest. This saves you from a lot of administration headaches caused by several geographically distributed administrators trying to perform policy-based user administration in the vaious domains - especially because the OS has no real good way of logging administrative activity (no rcs functionality) so you can spend all day trying to understand why Joe can't print and it turns out to be caused by a policy change initiated in Witchita, or whatever, where his primary OU has most of its staff.
Obviously if your Enterprise IT dept can't or won't do the schematic work required to create an AD Forest with multiple trees, or your vendor's can't or won't ship an SAP product that supports them, you are screwed and will end up as another OU in the AD.
Being a sub-domain in a single tree is just a bad idea all around for this circumstance - its not like you want to have a truely subordinate entity with local administration like a research lab or a test network.
It seems pretty evident that this law wasn't written by datacomm interests, it was written by telecom interests - namely the satellite and cable tv industry. Look at the gist of this in the context of digital satellite and cable, and you'll stop worrying about your home IP networks and start worrying about your TiVO.
Obviously that won't stop a zealot from trying to use it to prosecute you for having a Linksys Cable/DSL router, but I think the money to buy this silly law came from the studios and the distributors of TV shows, not the (re)issuers of IP addresses, IPSs and GSPs.
I work on a small college network (~1000 users) and have set up the residential network as a seperate network with routes to the academic network and the Internet. Access to academic resources is controlled by router ACLs and LDAP authentication.
We monitor usage with ntop and nessus and post the names of the heaviest users of network capacity (but not the greatest security violations). If the community has a problem with the activity of the user, they can deal with that through the student government. The school lets the students have a pretty free environment, but it does force an authentication for outbound Internet traffic and enforces a ban on duplication of college provided services (like DNS and SMTP servers).
This has worked well for about a year and a half without much trouble and has let the residential network maximize the capacity of their their 10Mbs network and its T-1 uplink.
Not being a patent lawyer, I don't know what qualifies as prior art, but this looks like it is for their book review and discussion method, and if so, I know of an institution that has been dedicated to the practice of a 'Method and system for conducting a discussion relating to an item' since 1937. Is it so different to do it on-line that you get to have a patent?
the Human Computer Interaction Lab at the U of Maryland might be a place to look. I don't know that they have exactly what you are looking for, but the are spending a bit of effort working on interfaces specifically for learning and special access needs and they are designed with commercialization of their products in mind.