With the GIF patent, Unisys realised that Terry Welches patent on his improvement to Lempel-Ziv was applicable to various data-compression used for images and for data communications. They sent out infringement notices and Compuserve came to an agreement with Unisys whereby the viewing of gifs would be license free. Man modem manufacturers bought licenses to use LZW (part of MNP4 IIRC)
Once a submarine patent 'surfaces', doesn't the patentee have to persue infringers? It is clear that an infringement may often not be immediately obvious, but in the case where companies A, B and C clearly use a patented technology, you cant just persue company A and then later go to B and C without at least warning B and C.
Of course, the correct course for other browser developers would be to now attempt to acquire a license thus straightening things out.
I install cygwin on systems that I have to support. It isn't intended to be user visible, but some of my icons may run a bash script rather than a.bat or.exe.
I'm unhappy about IP law (and this patent) too but unless EOLAS gives a revocable license to Mozilla they can't suddenly decide to go after Mozilla next year. Even if EOLAS doesn't want to go to court yet, they need to send a formal infringement warning now otherwise they can be seen to be granting an implicit license. The same goes for the fully commercial products like Opera.
One time I was at a convention in Vegas about ten years ago. I was suprised to see a friend who I didn't believe was a gambling type blow about $150 gambling on arrival. He then took his "Frequent Gambler" card back to reception and secured a 50% rebate on the room for the rest of his stay. He didn't gamble again. Net win, around $350 or so. As he was attending on his own dollar, that was a nice plus.
A very important part of modern research in the US or the UK, is the economic part. No funding, no research. Faculty members are expected to get funding for the department. Tenure brings a salary, but it doesn't fund the grad students.
To be honest, given the current environment, I have my doubts that Richard Feynmann would get tenure at the moment especially inhis younger years.
You have your product 95% done. Yes, we all know about the other 5%.
Your VC is breathing down your neck for a release, threatening to sell the company from underneath you.
Now your source code is out, it would be hard to sell the company, as the trade secrets are compromised the resale value is low. It could also give a springboard for the people leaving the company because any purchaser would know the state of the code and be able to do a rapid "Due Dilligence" and decide they need the original coders to be quick to market.
This is a dreadful hypothesis but an interesting strategy for dealing with excessive pressure from a bad VC company. I don't think that VALVE is doing this, but there remains a very slight possibility.
Yes, that is a bitch of mine. Windows people say it take N hours to get Linux up and running but it seems to take at leats 2N to get Windows up because of the layered products and the incredible mess of patches.
I'm really suprised when patches arent integerated into the main release and the release remastered. I accept this with free or almost free software, but why do I get it when I'm paying too much money to Microsoft?
On your point about switch DNS, Red Hat signs their updates (nice touch). Do you get the same with OS X?
Queueing messages in shared memory isn't new. Neither are spinlocks. Indeed, if you have done much threading on multiprocessing systems (with more than one thread active), you have probably already done this. However, a spinlock spinning is expensive.
Yes, it was a forthright discussion wasn't it? However you are right, X isn't a GUI. I fire it up and I get a stippled grey over my monitor. Thats it.
However, I love X - I still use its network transparency all the time. However XF86 ain't the bees knees but X is good. A faster driver would help a lot, especially if it could use some more hardware features when they are available.
and get rid of all those troublesome and time delaying context switches. I'm sure that X would then go much faster, and the kernel would panic faster too!!!!
It was one of Microsoft's more brain dead ideas putting the GUI mostly in kernel space and then having interactions with drivers. The increased reliability is one area which I'm glad to pay for with slightly worse performance.
The things is that it turned out that none of these solutions was actually general purpose but they work exceptionally well under the circumstance for which they were designed.
For example, the CODASYL DBMS solutions were ideal for places where you didn't change how a database looked very often but you wanted to maximise performance and the queries were predictable. They are still a valid alternative to RDBMS systems. Often we see a step backwards when someone finds out that the RDBMS isn't fast enough and must resort to flat files and people simply aren't aware there are other alternatives.
The same for any of the things you mention (also a good reason why people should still be made aware of these things while at University). These are all techniques that sometimes are appropriate.
There are a lot of 2.5G services that are nowimplemented via WAP. They just aren't so obvious. It can be thiungs like downloading a ring-tone, getting a list of bars in the area or whatever.
With new phones the use of WAP is pretty seamless and many additional services use it. It just doesn't get used for regular browsing because of the restrictions (screen size and communication speed).
Back in the old days when an 80MB drive was as big as the box that a laptop comes in, we had a shipping problem too.
I was working at a large plant with a central goods receiving dept. The drive arrived at the computer centred in a mid height rack, boxed but heavily dented. (i.e., through the carton). We refused to take it and the installation engineer waiting for it was very upset. The receiving dept had accepted the box and didn't understand why we didn't want to take it.
We later found out that amongst the things coming between receiving and the computer room were several cases of beer and a fork lift truck. It is hard making drives proof against drunken drivers!!!!
You on the other hand have been socially engineered by Linux zealots to think that people who don't want to spend 38 consecutive hours to get their system up and working are idiots.
Time to install RH 9.0 Linux with Apache, SQL and development tools and patch to date: 3 hrs. Time to install Windows 2K Server + IIS, MS-SQL Server and IIS and patch up to date. One day minimum and the process of patching isn't so automated (lots of separate downloads).
'nuff said?
Oh and up2date at least uses signatures. The aptget repositories often do not. Btw, I *have* installed quite a lot on Win with very restricted rights What is this administrator or power-user, you only need this if you need to update system binaries or registery keys.
You make a good point but it also good to compare patching techniques.
Microsoft has Windows Update which informs you of and downloads many OS patches in a timely manner. Red Hat's up2date gives you warnings about everything that is supported by Red Hat but you must opt to download. After the vulnerabilities with non-OS Microsoft software (MS SQL, Outlook, Word). In the unlikely event there was a security problem with Abiword, Evolution or whatver, it would be picked up by Red Hat.
If you don't mind 'pulling' new versions and don't have a Red Hat subscription, there is always apt-get. AGain it updates applications as well as OS, with an even wider coverage than up2date.
Yes, there is a danger. The trouble is that Google is currently the best search engine across a number of criteria. If I choose another engine, not only is there a small learning curve for the advanced searches so my personal performance is lower, however the main problem is that the other search engines aren't really in the same league. Yes, I'm sure there are better specialist engines, but for a general purpose one, I stick to Google unless something really is a lot better.
You are confused. Please see detailed information on URI's, URL's and secure digests.
Please refer to the IETF. An ISBN is a URI but it certainly isn't a content dependendant signature.
You have clearly missed my point that placing a file in a public place does not imply distribution (legally tested). We are not talking about the FUD being distributed by the RIAA, we are talking about what happened in front of a US Federal Grand Jury.
Thanks however for accepting my pontt about language. The use of which seems to be essential to prejudice public opinion and court cases.
Howevevr you miss the point about single vs. multisourvce dosnloading. The process of switching sources is automatic.If you can't show me a session log, I'm sorry, you don't have the remotest bit of proof. All you can say is that at some point there was a connection with another system, the investigation company cannot show whether *any* of the data was transferred. They show whether they confused your file management in the same way that you confused your acronyms. Essentially the companies who are doing this tend to be a little dubious and it wouldn't be too hard to prove that they are not showing due dilligence in the handling of evidence.
"Secure MD5 digest" is an oxymoron. Please read the literature. It has been demoted to the status of a checksum.
Then regarding little old ladies:
This is a different issue. This is the inability of the ISP to keep track of customer to IP/date not in the method used to track that an illegally distributed file came from a specific IP.
This isn't proved to be a failure either way, again it is possible that it was just sloppy and incompetent handling of evidence. It is just unlikely that the the lady concerned wasn't running Kazaa under an emulator.
Are you working for one of these companies? Is this why you are so defensive about the techniques?
No, when I talk about file signatures I am *not* talking about cryptographic signatures. A URI is any old rubbish being an arbitrary tag applied to the file *not* content dependent. I guess you are soewhat confused here, but so are many people.
A long time ago, a file that was export controlled was placed in an area that was world accessible for ftp purposes. The file was downloaded interntationally. A grand jury decided that placing a file on an ftp server is not distribution. The downloader committed the offence of illegal export *not* the distributor.
So you may understand now that proving that someone has downloadable files is totally insufficient. What the RIAA has already said is that they say that because user A has the same file a user B, someone performed the act of copying.
Lastly, what is with this word contraband. According to my dictionary this is material that has been smuggled. We are not smuggling here. Lets get the language right, we aren't talking about killing people on the hiigh seas, we are not talking about murder - we are talking about copying without permission of the copyright holder.
The problem comes down whether a user has copied something iwithout the permission of the original owner. That is all. Anything else from the RIAA is really just a bluff. The use of a file signature is to provide a comparison to prove that digital duplication ocurred as opposed to two people ripping their own MP3s of a track, i.e., through media shifting.
The problem is that many networks allow multiple download sources. My copy of Knoppix came off ED2K and at least four different download sites helped. A sound track is much smaller, but it still can come from many places. The investigation company working for the RIAA must not only prove that the download could have come from a source, they must prove that the file actually came from that source. Better get the packet analyzer ready.
We know that the chain is already broken, otherwise how could a 66 year old lady be accused of sharing via Kazaa. On her Mac. Somebody is legally incompetent.
An interesting question comes if I wrote a file share ap that limited everyone to 30s running time (fair use) of a song and the downloader assembled these excerpts together. Then only the downloader is making an illegal copy.
Anyway, the RIAA is operating in a legal minefield, but it is civil law not criminal law so they largely must depend upon the fact that they have more money so that fighting them is expensive. In criminal law there is no chain of evidence and the case would be inadmissable.
Lastly, why I can waffle on about this. I was working on one major freeware security application. I normally work in the financial markets in banks and exchanges where we know the difference between signatures and identifiers on transactions. I certainly do know about computer security and the difficult of constructing an evidence chain linking an attack to an individual (hint, the feds and the police are really not much help here, you must do the leg work). I also think that P2P is great for file distribution and try to use borrowed techniques to get around bandwidth problems.
but this is Mozilla 1.4 uder Linux 2.4.20. User agent replacement happens all the time because many people must lie when accessing web sites to prevent the badnesses that used to happen on IE 'compatible' websites.
Merill Lynch were one of the first banks to be open about their adoption of Linux. Many banks had Linux boxes in the background, but Merill's a) admited it and b) started to move more of their server applications there. For them internall, it was a move away from Sun, who they regarded as having 'lost it'.
First, we are really talking about checksums and this one is now considered to be too weak for cryptographic purposes. Whilst the chaces of an accidental collision are small, the chances of an intentional one are much higher.
We are talking about file signatures here not crytographic signatures. A file signature is simply a way of identifying a file by its contents. Some networks actually calculate an MD5 checsum of a file and allow searching by the MD5 checksum (128 bits). You are confusing signatures with crytographically secure signatures and the two are very different. A cryptographic signature provides non-repudiation which means that nobody but the source of transactionis likely to have originated it. An identifier is just a tag and may have no link with the content. Please do not confuse the semantics.
What is interesting here is that sharing is very difficult to prosecute. Can I prosecute a man who leaves a CD of my music in the street? What the RIAA is attempting to prove is that the person distributing the music has the same copy as someone else, so it implies that one of the sources copied the other's music.
One particular issue which the RIAA would have to be very careful about is where did the download occur from? Many networks allow downloads from multiple sources. Who gets prosecuted then?
We already have seen the process of linking a person with the act of downloading a file has already failed spectaculalry (a MAC running Kazaa is good for entertainment). The chain of evidence is certainly not of the highest level and whilst it is reasonable to guess that at a given location they may be offeding downloaders, say at a University dorm, how can you be sure when connections are NATed and IP addresses are leased?
Scenario 1: Modifying Search Requests and Search Results in Transit
This is a non starter, as the RIAA have mentioned before regarding their tactics that they rely on MD5 check sums of files that are downloaded from the peer. Simply modifying search results or requests will not incriminate anyone given the method the RIAA is using.
First, the MD5 checksum isn't considered to be kosher as an electronic signature. It may be faked. This why other algorithms are used now for eSigs.
Second, on networks that allow search by signature - the searcher provides a signature so it is easy to fake a hit.
Lastly, are they really downloading? Unless they have downloaded from a peer that hosts the file (i.e., relaying networks can't be so targeted) they can't be certain that they have the copyrighted material.
I have seen the same code implemented in PDP-11 assembler (near enough C, but without the structure blocks) by a certain Dave Cutler in the source of the RSX-11M executive for block moves, about eight years before Duff.
The thing is that AT&T's compiler supported the extensions provided by the VAX instruction set, the block move would have been done with just a
_MOVC3 cnt,src,dst
which existed on Digital's compiler, but not AT&Ts. This emitted a single character move instruction on all VAX systems.
I agree, I run a Yahoo! group with about 800 subscribers for our ski club. This works well and people only see newsletters and meeting reminders so not a very high volume. We need the bulk email and like you our subscribers are genuinely 'opt-in'.
Slashdot Mirror
Once a submarine patent 'surfaces', doesn't the patentee have to persue infringers? It is clear that an infringement may often not be immediately obvious, but in the case where companies A, B and C clearly use a patented technology, you cant just persue company A and then later go to B and C without at least warning B and C.
Of course, the correct course for other browser developers would be to now attempt to acquire a license thus straightening things out.
I install cygwin on systems that I have to support. It isn't intended to be user visible, but some of my icons may run a bash script rather than a .bat or .exe.
This came up earlier, if a patent isn't enforced it loses its status under law. EOLAS needs to be sending warning notices to infringers at a minimum.
I'm unhappy about IP law (and this patent) too but unless EOLAS gives a revocable license to Mozilla they can't suddenly decide to go after Mozilla next year. Even if EOLAS doesn't want to go to court yet, they need to send a formal infringement warning now otherwise they can be seen to be granting an implicit license. The same goes for the fully commercial products like Opera.
One time I was at a convention in Vegas about ten years ago. I was suprised to see a friend who I didn't believe was a gambling type blow about $150 gambling on arrival. He then took his "Frequent Gambler" card back to reception and secured a 50% rebate on the room for the rest of his stay. He didn't gamble again. Net win, around $350 or so. As he was attending on his own dollar, that was a nice plus.
To be honest, given the current environment, I have my doubts that Richard Feynmann would get tenure at the moment especially inhis younger years.
You have your product 95% done. Yes, we all know about the other 5%.
Your VC is breathing down your neck for a release, threatening to sell the company from underneath you.
Now your source code is out, it would be hard to sell the company, as the trade secrets are compromised the resale value is low. It could also give a springboard for the people leaving the company because any purchaser would know the state of the code and be able to do a rapid "Due Dilligence" and decide they need the original coders to be quick to market.
This is a dreadful hypothesis but an interesting strategy for dealing with excessive pressure from a bad VC company. I don't think that VALVE is doing this, but there remains a very slight possibility.
I'm really suprised when patches arent integerated into the main release and the release remastered. I accept this with free or almost free software, but why do I get it when I'm paying too much money to Microsoft?
On your point about switch DNS, Red Hat signs their updates (nice touch). Do you get the same with OS X?
Queueing messages in shared memory isn't new. Neither are spinlocks. Indeed, if you have done much threading on multiprocessing systems (with more than one thread active), you have probably already done this. However, a spinlock spinning is expensive.
However, I love X - I still use its network transparency all the time. However XF86 ain't the bees knees but X is good. A faster driver would help a lot, especially if it could use some more hardware features when they are available.
It was one of Microsoft's more brain dead ideas putting the GUI mostly in kernel space and then having interactions with drivers. The increased reliability is one area which I'm glad to pay for with slightly worse performance.
For example, the CODASYL DBMS solutions were ideal for places where you didn't change how a database looked very often but you wanted to maximise performance and the queries were predictable. They are still a valid alternative to RDBMS systems. Often we see a step backwards when someone finds out that the RDBMS isn't fast enough and must resort to flat files and people simply aren't aware there are other alternatives.
The same for any of the things you mention (also a good reason why people should still be made aware of these things while at University). These are all techniques that sometimes are appropriate.
With new phones the use of WAP is pretty seamless and many additional services use it. It just doesn't get used for regular browsing because of the restrictions (screen size and communication speed).
I was working at a large plant with a central goods receiving dept. The drive arrived at the computer centred in a mid height rack, boxed but heavily dented. (i.e., through the carton). We refused to take it and the installation engineer waiting for it was very upset. The receiving dept had accepted the box and didn't understand why we didn't want to take it.
We later found out that amongst the things coming between receiving and the computer room were several cases of beer and a fork lift truck. It is hard making drives proof against drunken drivers!!!!
Time to install RH 9.0 Linux with Apache, SQL and development tools and patch to date: 3 hrs. Time to install Windows 2K Server + IIS, MS-SQL Server and IIS and patch up to date. One day minimum and the process of patching isn't so automated (lots of separate downloads).
'nuff said?
Oh and up2date at least uses signatures. The aptget repositories often do not. Btw, I *have* installed quite a lot on Win with very restricted rights What is this administrator or power-user, you only need this if you need to update system binaries or registery keys.
Microsoft has Windows Update which informs you of and downloads many OS patches in a timely manner. Red Hat's up2date gives you warnings about everything that is supported by Red Hat but you must opt to download. After the vulnerabilities with non-OS Microsoft software (MS SQL, Outlook, Word). In the unlikely event there was a security problem with Abiword, Evolution or whatver, it would be picked up by Red Hat.
If you don't mind 'pulling' new versions and don't have a Red Hat subscription, there is always apt-get. AGain it updates applications as well as OS, with an even wider coverage than up2date.
Yes, there is a danger. The trouble is that Google is currently the best search engine across a number of criteria. If I choose another engine, not only is there a small learning curve for the advanced searches so my personal performance is lower, however the main problem is that the other search engines aren't really in the same league. Yes, I'm sure there are better specialist engines, but for a general purpose one, I stick to Google unless something really is a lot better.
You have clearly missed my point that placing a file in a public place does not imply distribution (legally tested). We are not talking about the FUD being distributed by the RIAA, we are talking about what happened in front of a US Federal Grand Jury.
Thanks however for accepting my pontt about language. The use of which seems to be essential to prejudice public opinion and court cases.
Howevevr you miss the point about single vs. multisourvce dosnloading. The process of switching sources is automatic.If you can't show me a session log, I'm sorry, you don't have the remotest bit of proof. All you can say is that at some point there was a connection with another system, the investigation company cannot show whether *any* of the data was transferred. They show whether they confused your file management in the same way that you confused your acronyms. Essentially the companies who are doing this tend to be a little dubious and it wouldn't be too hard to prove that they are not showing due dilligence in the handling of evidence.
"Secure MD5 digest" is an oxymoron. Please read the literature. It has been demoted to the status of a checksum.
Then regarding little old ladies:
This isn't proved to be a failure either way, again it is possible that it was just sloppy and incompetent handling of evidence. It is just unlikely that the the lady concerned wasn't running Kazaa under an emulator.Are you working for one of these companies? Is this why you are so defensive about the techniques?
A long time ago, a file that was export controlled was placed in an area that was world accessible for ftp purposes. The file was downloaded interntationally. A grand jury decided that placing a file on an ftp server is not distribution. The downloader committed the offence of illegal export *not* the distributor.
So you may understand now that proving that someone has downloadable files is totally insufficient. What the RIAA has already said is that they say that because user A has the same file a user B, someone performed the act of copying.
Lastly, what is with this word contraband. According to my dictionary this is material that has been smuggled. We are not smuggling here. Lets get the language right, we aren't talking about killing people on the hiigh seas, we are not talking about murder - we are talking about copying without permission of the copyright holder.
The problem comes down whether a user has copied something iwithout the permission of the original owner. That is all. Anything else from the RIAA is really just a bluff. The use of a file signature is to provide a comparison to prove that digital duplication ocurred as opposed to two people ripping their own MP3s of a track, i.e., through media shifting.
The problem is that many networks allow multiple download sources. My copy of Knoppix came off ED2K and at least four different download sites helped. A sound track is much smaller, but it still can come from many places. The investigation company working for the RIAA must not only prove that the download could have come from a source, they must prove that the file actually came from that source. Better get the packet analyzer ready.
We know that the chain is already broken, otherwise how could a 66 year old lady be accused of sharing via Kazaa. On her Mac. Somebody is legally incompetent.
An interesting question comes if I wrote a file share ap that limited everyone to 30s running time (fair use) of a song and the downloader assembled these excerpts together. Then only the downloader is making an illegal copy.
Anyway, the RIAA is operating in a legal minefield, but it is civil law not criminal law so they largely must depend upon the fact that they have more money so that fighting them is expensive. In criminal law there is no chain of evidence and the case would be inadmissable.
Lastly, why I can waffle on about this. I was working on one major freeware security application. I normally work in the financial markets in banks and exchanges where we know the difference between signatures and identifiers on transactions. I certainly do know about computer security and the difficult of constructing an evidence chain linking an attack to an individual (hint, the feds and the police are really not much help here, you must do the leg work). I also think that P2P is great for file distribution and try to use borrowed techniques to get around bandwidth problems.
but this is Mozilla 1.4 uder Linux 2.4.20. User agent replacement happens all the time because many people must lie when accessing web sites to prevent the badnesses that used to happen on IE 'compatible' websites.
Merill Lynch were one of the first banks to be open about their adoption of Linux. Many banks had Linux boxes in the background, but Merill's a) admited it and b) started to move more of their server applications there. For them internall, it was a move away from Sun, who they regarded as having 'lost it'.
We are talking about file signatures here not crytographic signatures. A file signature is simply a way of identifying a file by its contents. Some networks actually calculate an MD5 checsum of a file and allow searching by the MD5 checksum (128 bits). You are confusing signatures with crytographically secure signatures and the two are very different. A cryptographic signature provides non-repudiation which means that nobody but the source of transactionis likely to have originated it. An identifier is just a tag and may have no link with the content. Please do not confuse the semantics.
What is interesting here is that sharing is very difficult to prosecute. Can I prosecute a man who leaves a CD of my music in the street? What the RIAA is attempting to prove is that the person distributing the music has the same copy as someone else, so it implies that one of the sources copied the other's music.
One particular issue which the RIAA would have to be very careful about is where did the download occur from? Many networks allow downloads from multiple sources. Who gets prosecuted then?
We already have seen the process of linking a person with the act of downloading a file has already failed spectaculalry (a MAC running Kazaa is good for entertainment). The chain of evidence is certainly not of the highest level and whilst it is reasonable to guess that at a given location they may be offeding downloaders, say at a University dorm, how can you be sure when connections are NATed and IP addresses are leased?
Second, on networks that allow search by signature - the searcher provides a signature so it is easy to fake a hit.
Lastly, are they really downloading? Unless they have downloaded from a peer that hosts the file (i.e., relaying networks can't be so targeted) they can't be certain that they have the copyrighted material.
The thing is that AT&T's compiler supported the extensions provided by the VAX instruction set, the block move would have been done with just a
which existed on Digital's compiler, but not AT&Ts. This emitted a single character move instruction on all VAX systems.I agree, I run a Yahoo! group with about 800 subscribers for our ski club. This works well and people only see newsletters and meeting reminders so not a very high volume. We need the bulk email and like you our subscribers are genuinely 'opt-in'.