Sure, you can get CDs (and videos) for free at the library, but they have only a tiny fraction of what is available.
I agree, there is lots of good stuff at libraries, and most people don't know it. In fact, libraries do a great job of providing the stuff you can't get at the local book/music/video store. However, that's the point. Although libraries do a great job with books, but they don't compete all that much with the conventional audio/video stores.
Can I visit the library and pick up a very enjoyable CD or DVD? Sure, but if I want something specific (ficticious example: the latest Eminem CD), I would not show up at the library and EXPECT to find it. In that case, it's really the local store (travel to Walmart + $14) vs. P2P (15 minute download). The recording industry's chances of extracting a small fee for the download are a whole lot better than trying to bully me into choosing the "travel to Walmart + $14" option, or perhaps the "travel to library + $0" option.
UL resistance is high in the current Linux community, so their customers will have to come from somewhere other than the existing Linux base.
The final frontier of Linux computing is the Windoze desktop. RH, Mandrake, and a few of the geekier distros have pretty much conquered the hardcore Linux community, but there has been minimal penetration of the desktop market.
What remains is the competition over whose Linux will be pre-installed on the next batch of lowball Walmart machines. Simplified installs, upgrades and desktop support will appeal to the "Linux for dummies" crowd, especially those who don't know or care about the GPL issues.
No matter who UL says their target market is, the only customers that would be interested in a "pay per seat" implementation of Linux are those who are trying to abandon a "pay per seat" implementation of something else. The UL product should have some appeal for PC manufacturers who want a cheaper Microsoft than Microsoft. I think UL will evolve into the "Linux Ultra Lite/Total Fluff" distro.
Compare a DVD movie to an audio CD. At Walmart, a DVD costs maybe $22, whereas a new-release CD costs $14. Then again, you can rent the DVD at Blockbuster for a few bucks, whereas there is no such thing as audio CD rental.
The movie is 2 hours of audio + video, with production costs running into the millions. The CD is maybe 1 hour of audio (15 minutes of good stuff diluted with 45 minutes of filler), with a production budget that is a tiny fraction of what the movie costs to produce. The blank media & burning cost of the DVD is probably 5x the cost of the CD. I'm ignoring the promotional costs of both because the hype machine runs at full blast for both anyway.
There is at least 10x the amount of data on a DVD compared the CD. At $22, it's just not worth finding a way to download & store all those gigabytes. If you can rent the movie for $5 at Blockbuster, it's not even worth considering the piracy alternatives. On the other hand, saving $14 by waiting 10 minutes to download & store 30 megabytes (for 15 minutes of audio)is a much more attractive proposition.
In my unscientific little survey, the CD price is roughly 65% of the DVD price. For 15 usable minutes of audio??? Which can be easily ripped, burned, and shared??? This would be like the bicycle industry pricing the average bike at $5000 and then wondering why (a) nobody is buying bikes, (b) motorcycles are selling just fine at $8000, and (c) there are these patent-infringing criminals who copy our designs and make bikes for themselves with parts from Home Depot. We must stop the criminals because they are killing our business!
Emulate the orignal (uncrippled) Napster. Collect $5/month from every customer for unlimited MP3 transfers. Watch the piracy problem disappear. It's that simple. My current budget for CDs is $0, which would increase to $60/year under this arrangement. RIAA, it's your choice: do you want me to pay you $60 or $0 per year? Hint: If you choose $0 you will have a revenue problem.
The audio piracy problem exists only beause the recording industry's business model encourages it. The DVD industry survives because the prices are not so high as to encourage the pirates, and there are low-cost rentals to make sure they get some money from all potential customers. On the other hand, the audio industry sells only complete albums at inflated prices, without meaningful low-cost options for those who pass up the chance to buy the whole enchilada at full list price. These idiots will soon be getting 100% of nothing, which is precisely what they deserve. If there was an economic category for the Darwin awards, the RIAA would get my nomination.
With any luck, the demise of UL will take RL with it. Unfortunately, the M$ hype machine will be screaming at full blast to announce the death of Linux, when it's really just UL being flushed down the toilet.
Regarding SUSE, I'm not so sure any of the Linux parters in UL can survive this expensive mistake. These companies simply don't have the financial reserves to go out and take foolish risks like this. Of all the potential UL casualties, SUSE is the only one that I will miss.
As I see a few bits & pieces of the UL puzzle, I can't help but think of OSF. The Unix community was supposed to be united at last, as the software giants combined forces to create the one, truly standard OS. Focused more on fees than creativity... we all know how the story ends.
The more I read about UL, the less I like it. I seriously doubt that the people who developed most of Linux were expecting to be used as free labor in a conventional retail software product.
I'll bet it's just Microsoft "funny money", the same stuff they use to make settlement offers to the states.
Sure, they'll donate $750M worth of their products into a market that mostly pirates the stuff anyway. The actual cost to Microsoft should be maybe 1% of $750M. The bottom line is that widespread piracy of M$ products isn't enough to stop Linux. All those years of whining about piracy and now the problem is that pirates aren't working fast enough!
I used to think that World War III would start in the Middle East, but now I know better. The Chinese will think all the Microsoft bugs and security loopholes are a cyber-attack from the United States, when it's really just the products behaving as designed.
Considering the mediocre technical skill level of the typical cable modem ISP, proving that the customers actually did the uncapping will be quite a trick. Given all the other silly things these companies do, it will be tough to distinguish between intentional uncapping and ISP negligence. If the customers own the cable modems (as opposed to renting), that makes the water even muddier. If these defendants can somehow manage an acquittal, just imagine the civil suit possibilities. I predict a slap-on-the-wrist plea bargain.
As far as monetary damages go, that's another laugher. I remember when my cable modem was uncapped (because that was how the system was set up). The monthly cost was actually less than it is now. It's not like they reduced the monthly charges when they downgraded the network, right?
The whole Palladium concept relies on trust and cooperation between hardware and software vendors. If there is one company that should not be leading a project like this, it's Microsoft. How long will it be before the anti-GPL features of Palladium are redirected against Microsoft's competitors? Are the non-M$ software companies really that stupid? How long before certain hardware manufacturers achieve "most favored" status at the expense of their competitors? Considering how the "M$ trust deficit" helped kill Hailstorm, I wonder how they think something like Palladium will fly.
The only sure winner in this scheme is Microsoft, and for that reason alone, the rest of the industry has to rally against it. If this ever comes to pass, I can think of more than a few software companies that I can short-sell as part of my "Palladium early retirement" plan.
Maybe that's how to kill Palladium. Have some geek-friendly organization develop the "Palladium 500", a list of 500 companies that may be hurt by Palladium, so as to trigger a short-selling festival if this nonsense ever gets off the ground. The mere existance of such a list would serve as a wake up call to those who are in a better position to help with the political and financial issues. Believe me, any CEO whose company is on a list of targeted short-sellers is going to scream loudly. Would you buy stock in a high-tech company if a bunch of geeks was preparing to sell short? The beauty of this plan is that no one has to actually short any of the stocks, the mere existance of a list would do the trick.
There are many ways for this "M$ strategy of the week" to fail. So many, in fact, that it's just a matter of waiting to see what kills it. Considering the overwhelming rejection of Hailstorm, we can expect to see Palladium buried in the cyber-cemetary, between Hailstorm and the CueCats.
Re:Excellent in HK; maybe not so good for US
on
Hong Kong's Octopus
·
· Score: 2
Population density is part of it, but there is more to it than that. Montreal has great mass transit, while having less population density than most US cities. What's the next excuse? Gasoline is too cheap? UK has gas at over $5/gal and they can't do mass transit any better than we can.
Excellent in HK; maybe not so good for US
on
Hong Kong's Octopus
·
· Score: 1
I recently visited HK, where many of my business colleagues have the Octopus card and use it with great success.
Although it is highly effective in HK, this system won't work in the US. It has nothing to do with privacy issues, because we already have grocery "discount" cards that give away our buying habits. Most of what people buy with the Octopus card is trivial -- it's the "who cares?" stuff like subway tickets or Starbucks. A conventional credit card has all the same privacy issues anyway, and we use those all the time, right?
Any attempt at deployment in the US will fail because of
Excessive fees (especially since it would compete with fee-hungry cash ATMs)
Regional financial fiefdoms (each looking to monopolize a local area and surcharge the hell out of anyone from a competitor's network)
Fraudulent vendors (bait & switch or mislabelled prices similar to the price-gouging payphones)
Security
Notice that the HK system is limited to small transactions. If there was real money involved, you can rest assured the "smart" cards would be hacked by "smarter" hackers. Keeping the value of each card "under the radar" is essential to prevent theft and serious, well-financed hacking operations. Everybody knows how secure those DirecTV cards are!
Off-topic, but I don't care: Mass transit is another thing they do really well in HK. You can travel all over the place for peanuts, almost 24 x 7. The US could learn a few lessons from HK on how to make mass transit work. After all, it was the mass transit infrastructure that made the Octopus card viable in the first place.
Go back and read the entire thread. Someone else made the claim about exploiting a buffer overrrun vulnerability without any evidence that the product in question had such a vulnerability. Maybe it is vulnerable to that sort of thing, maybe it isn't. I'm not so much claiming that a buffer attack won't work as much as I challenge the claim that it would.
A buffer attack on an MS-DOS application might not be as successful as other systems (Win 9X/2K/XP for example). From an application development point of view, you can assume that your code is the only code running, and that the game is over when you hit 640K (before that, actually). This is quite different from modern practice, where programmers think "I'll just use allocate whatever memory I need, as I need it. If I use too much, the swap file will handle it."
That doesn't make MS-DOS the ideal platform for firewalls, nor does it prove that buffers will be never overflow. However, it leads me to think that a buffer attack is maybe not the hacker's best choice in this case. Even if the buffer attack works, the end result is more likely to be a denial-of-service situation, not the ability to install a virus or some of the more aggressive options that were discussed.
In the original post, I said I believed the marketing hype about the firewall being intrusion-resistant. I said nothing whatsoever about denial-of-service resistance. A DDoS attack will work against almost anyone's internet service, firewall or not. After all, if you flood the victim with garbage, their bandwidth is gone, no matter whose firewall is dropping the packets.
As for changing the subject, I quoted you -- that's how I became so adept! The point about evaluating source code before buying software was really off-topic, but irresistable from my point of view.
"Would you be willing to bet your business on his competence without seeing his code?"
Of all the people who "bet their businesses" when they buy commercial software, hardly any of them are in a position to review anyone's source code. 99% of them are unqualified to review the code in the first place. The other 1% will never be given the chance because source code is almost never available (outside the open source community, of course). Go ask Microsoft or Oracle to show you their source code. If by some miraculous chance they said "yes", what would you do then?
For better or worse, we all gamble on the reliability of commercial software every minute of every day. The best we can hope for is rapid patching of bugs as they are discovered and the long-term viability of the product and the company that maintains it. It's no fun to buy a glitchy product, but if it gets fixed right away, you get over the initial hassle. On the other hand, if the product works great for a year and then dies miserably with inadequate or non-existant support, that is much more of a show-stopper.
I'm not any more naieve than the person who implied that buffer overflow was a vulnerability of the software in question. I merely suggest that it's possible to write code that lives within a fixed amount of memory. It's been a long time since I worked as a programmer, but sloppiness with buffers was considered a beginner's mistake. Considering the 640K limit of MS-DOS, a program that gets sloppy with buffers isn't going to be running very long. If I were to write a firewall app, I would sieze all the memory I need when the program starts, and drop any packets that can't be accomodated within available memory.
I think it's an age/experience issue. In general, the younger people expect to find buffer overflow problems everywhere because so many modern programs have this vulnerability. Older people don't make this assumption because the older languages and memory limitations required a different approach. I'm old. So sue me.
To put it another way, are you really naive enough to think that all programmers build Microsoft-style vulnerabilities into their code?
Considering that a T-1 is 1.5 mbps, you're unlikely to cause a buffer overflow until the line speed hits T-3 or better. That's assuming the firewall code isn't smart enough to keep track of available memory. Without any other processes competing for memory, it would not be all that tough to detect & avoid buffer overflow (in ancient times, programmers checked for such things.) A denial-of-service attack might be successful, since the firewall would have to drop the packets that can't be processed due to excessive queueing. Of course if the sysadmin does something stupid (like logging all rejected packets), the disk fills & the game is over.
A few years ago, I remember researching firewall products and stumbled across one that ran on MS-DOS. According to the marketing hype, MS-DOS was the OS of choice because it was impossible for a hacker to do anything remotely with an OS that had no remote accessiblity. They had custom ethernet drivers for a small number of cards, and a homegrown GUI (definitely not Windoze). IMHO, it wasn't the best product (for a variety of reasons), but I'll bet it was every bit as intrusion-resistant as advertised.
Heavier-than-air flight is example of something that is difficult but not impossible. Alchemy (as it pertains to converting various metals into gold) is closer to impossible.
The birds have had "heavier-than-air flight" technology for thousands of years; it was inevitable that we would find a way to do fly as birds do. On the other hand, the alchemists never manufactured gold (not even a patent!)
Digital copy protection is the science of making something that can be read but not copied. I don't have an Einstein theory to quote here, but it's hard to deny basic common sense: "That which can be read can also be written." If DRM can be done at all, it will take a whole lot more money than the entertainment industry is prepared to spend.
Perhaps the sheer impossibility of this is why the/. article suggests it's less dangerous than originally thought. I can't imagine a scheme like this surviving more than a day before the hackers rip it to pieces. Let the media folks try impossible things as much as they like. Better yet, make a standard from things that don't work.
Do you really think the digital video recorder manufacturers are going to tool up and produce millions of devices that nobody wants because they implement Hollywood's idea of copy control? Not unless the algorithm is flawed and readily defeated by consumers. At that point, sales will skyrocket when the consumers learn how to uncripple the hardware. Example: The easily hackable Apex DVD players. That hidden menu for disabling region codes & Macrovision was a brilliant sales tool.
"My suspicion is that per-seat licensing will not happen with United Linux, and that Caldera will either drop out, go out of business, or change their business model."
I sure hope you're right. Then again, someone out there really likes per-seat licensing. Maybe it was just a trial baloon, to see if the defense is awake.
I can't believe the "UL" people were so naive as to think this concept would fly with the mainstream Linux community. Knowing how poorly Caldera's initial "per seat" licensing concept was received, they had to have something radical in mind.
Suppose Caldera, SuSe, and non-RH people all see the handwriting on the wall: What little money there is to be made on Linux distribution is going to be made by Red Hat. As Red Hat siezes market share, the non-RH people need a good way to exit the distro business. Why not create this "UL" concept and sell it to Microsoft? Let M$ "embrace & extend" it into their own proprietary monster while exploring the limits of minimum-GPL compatibility. If anyone could distribute source code with no possibility of making it compile, it would be you-know-who, right? No matter what M$ says, they must be wondering how to infiltrate the Linux rebellion and redirect the "lost" revenue back to Redmond.
Now that felt-tip pens are a copyright protection circumvention tool, the mere discussion of pens is now a DMCA violation. Heaven help the people who are "trafficing" in this "contraband". How are they going to find enough prison space for all those OfficeMax and Staples employees?
Was Mussolini so foolish as to think Hitler would give him a big chunk of the world to rule with autonomy? As they say, history repeats itself.
Did RealNames ever think "Gee, we have to assume that M$ will either take our idea and cut us out of the loop, or we simply fail and everyone abandons the concept." Either way, RealNames was doomed from day one.
Slashdot Mirror
I agree, there is lots of good stuff at libraries, and most people don't know it. In fact, libraries do a great job of providing the stuff you can't get at the local book/music/video store. However, that's the point. Although libraries do a great job with books, but they don't compete all that much with the conventional audio/video stores.
Can I visit the library and pick up a very enjoyable CD or DVD? Sure, but if I want something specific (ficticious example: the latest Eminem CD), I would not show up at the library and EXPECT to find it. In that case, it's really the local store (travel to Walmart + $14) vs. P2P (15 minute download). The recording industry's chances of extracting a small fee for the download are a whole lot better than trying to bully me into choosing the "travel to Walmart + $14" option, or perhaps the "travel to library + $0" option.
The final frontier of Linux computing is the Windoze desktop. RH, Mandrake, and a few of the geekier distros have pretty much conquered the hardcore Linux community, but there has been minimal penetration of the desktop market.
What remains is the competition over whose Linux will be pre-installed on the next batch of lowball Walmart machines. Simplified installs, upgrades and desktop support will appeal to the "Linux for dummies" crowd, especially those who don't know or care about the GPL issues.
No matter who UL says their target market is, the only customers that would be interested in a "pay per seat" implementation of Linux are those who are trying to abandon a "pay per seat" implementation of something else. The UL product should have some appeal for PC manufacturers who want a cheaper Microsoft than Microsoft. I think UL will evolve into the "Linux Ultra Lite/Total Fluff" distro.
The movie is 2 hours of audio + video, with production costs running into the millions. The CD is maybe 1 hour of audio (15 minutes of good stuff diluted with 45 minutes of filler), with a production budget that is a tiny fraction of what the movie costs to produce. The blank media & burning cost of the DVD is probably 5x the cost of the CD. I'm ignoring the promotional costs of both because the hype machine runs at full blast for both anyway.
There is at least 10x the amount of data on a DVD compared the CD. At $22, it's just not worth finding a way to download & store all those gigabytes. If you can rent the movie for $5 at Blockbuster, it's not even worth considering the piracy alternatives. On the other hand, saving $14 by waiting 10 minutes to download & store 30 megabytes (for 15 minutes of audio)is a much more attractive proposition.
In my unscientific little survey, the CD price is roughly 65% of the DVD price. For 15 usable minutes of audio??? Which can be easily ripped, burned, and shared??? This would be like the bicycle industry pricing the average bike at $5000 and then wondering why (a) nobody is buying bikes, (b) motorcycles are selling just fine at $8000, and (c) there are these patent-infringing criminals who copy our designs and make bikes for themselves with parts from Home Depot. We must stop the criminals because they are killing our business!
Emulate the orignal (uncrippled) Napster. Collect $5/month from every customer for unlimited MP3 transfers. Watch the piracy problem disappear. It's that simple. My current budget for CDs is $0, which would increase to $60/year under this arrangement. RIAA, it's your choice: do you want me to pay you $60 or $0 per year? Hint: If you choose $0 you will have a revenue problem.
The audio piracy problem exists only beause the recording industry's business model encourages it. The DVD industry survives because the prices are not so high as to encourage the pirates, and there are low-cost rentals to make sure they get some money from all potential customers. On the other hand, the audio industry sells only complete albums at inflated prices, without meaningful low-cost options for those who pass up the chance to buy the whole enchilada at full list price. These idiots will soon be getting 100% of nothing, which is precisely what they deserve. If there was an economic category for the Darwin awards, the RIAA would get my nomination.
With any luck, the demise of UL will take RL with it. Unfortunately, the M$ hype machine will be screaming at full blast to announce the death of Linux, when it's really just UL being flushed down the toilet.
Regarding SUSE, I'm not so sure any of the Linux parters in UL can survive this expensive mistake. These companies simply don't have the financial reserves to go out and take foolish risks like this. Of all the potential UL casualties, SUSE is the only one that I will miss.
"Two words: Manual Override"
You mean hitting the hard reset button when the system is nonresponsive and CTRL-ALT-DEL won't bring up the task list?
As I see a few bits & pieces of the UL puzzle, I can't help but think of OSF. The Unix community was supposed to be united at last, as the software giants combined forces to create the one, truly standard OS. Focused more on fees than creativity... we all know how the story ends.
The more I read about UL, the less I like it. I seriously doubt that the people who developed most of Linux were expecting to be used as free labor in a conventional retail software product.
I'll bet it's just Microsoft "funny money", the same stuff they use to make settlement offers to the states.
Sure, they'll donate $750M worth of their products into a market that mostly pirates the stuff anyway. The actual cost to Microsoft should be maybe 1% of $750M. The bottom line is that widespread piracy of M$ products isn't enough to stop Linux. All those years of whining about piracy and now the problem is that pirates aren't working fast enough!
I used to think that World War III would start in the Middle East, but now I know better. The Chinese will think all the Microsoft bugs and security loopholes are a cyber-attack from the United States, when it's really just the products behaving as designed.
Considering the mediocre technical skill level of the typical cable modem ISP, proving that the customers actually did the uncapping will be quite a trick. Given all the other silly things these companies do, it will be tough to distinguish between intentional uncapping and ISP negligence. If the customers own the cable modems (as opposed to renting), that makes the water even muddier. If these defendants can somehow manage an acquittal, just imagine the civil suit possibilities. I predict a slap-on-the-wrist plea bargain.
As far as monetary damages go, that's another laugher. I remember when my cable modem was uncapped (because that was how the system was set up). The monthly cost was actually less than it is now. It's not like they reduced the monthly charges when they downgraded the network, right?
The whole Palladium concept relies on trust and cooperation between hardware and software vendors. If there is one company that should not be leading a project like this, it's Microsoft. How long will it be before the anti-GPL features of Palladium are redirected against Microsoft's competitors? Are the non-M$ software companies really that stupid? How long before certain hardware manufacturers achieve "most favored" status at the expense of their competitors? Considering how the "M$ trust deficit" helped kill Hailstorm, I wonder how they think something like Palladium will fly.
The only sure winner in this scheme is Microsoft, and for that reason alone, the rest of the industry has to rally against it. If this ever comes to pass, I can think of more than a few software companies that I can short-sell as part of my "Palladium early retirement" plan.
Maybe that's how to kill Palladium. Have some geek-friendly organization develop the "Palladium 500", a list of 500 companies that may be hurt by Palladium, so as to trigger a short-selling festival if this nonsense ever gets off the ground. The mere existance of such a list would serve as a wake up call to those who are in a better position to help with the political and financial issues. Believe me, any CEO whose company is on a list of targeted short-sellers is going to scream loudly. Would you buy stock in a high-tech company if a bunch of geeks was preparing to sell short? The beauty of this plan is that no one has to actually short any of the stocks, the mere existance of a list would do the trick.
There are many ways for this "M$ strategy of the week" to fail. So many, in fact, that it's just a matter of waiting to see what kills it. Considering the overwhelming rejection of Hailstorm, we can expect to see Palladium buried in the cyber-cemetary, between Hailstorm and the CueCats.
Population density is part of it, but there is more to it than that. Montreal has great mass transit, while having less population density than most US cities. What's the next excuse? Gasoline is too cheap? UK has gas at over $5/gal and they can't do mass transit any better than we can.
Although it is highly effective in HK, this system won't work in the US. It has nothing to do with privacy issues, because we already have grocery "discount" cards that give away our buying habits. Most of what people buy with the Octopus card is trivial -- it's the "who cares?" stuff like subway tickets or Starbucks. A conventional credit card has all the same privacy issues anyway, and we use those all the time, right?
Any attempt at deployment in the US will fail because of
Notice that the HK system is limited to small transactions. If there was real money involved, you can rest assured the "smart" cards would be hacked by "smarter" hackers. Keeping the value of each card "under the radar" is essential to prevent theft and serious, well-financed hacking operations. Everybody knows how secure those DirecTV cards are!
Off-topic, but I don't care: Mass transit is another thing they do really well in HK. You can travel all over the place for peanuts, almost 24 x 7. The US could learn a few lessons from HK on how to make mass transit work. After all, it was the mass transit infrastructure that made the Octopus card viable in the first place.
Go back and read the entire thread. Someone else made the claim about exploiting a buffer overrrun vulnerability without any evidence that the product in question had such a vulnerability. Maybe it is vulnerable to that sort of thing, maybe it isn't. I'm not so much claiming that a buffer attack won't work as much as I challenge the claim that it would.
A buffer attack on an MS-DOS application might not be as successful as other systems (Win 9X/2K/XP for example). From an application development point of view, you can assume that your code is the only code running, and that the game is over when you hit 640K (before that, actually). This is quite different from modern practice, where programmers think "I'll just use allocate whatever memory I need, as I need it. If I use too much, the swap file will handle it."
That doesn't make MS-DOS the ideal platform for firewalls, nor does it prove that buffers will be never overflow. However, it leads me to think that a buffer attack is maybe not the hacker's best choice in this case. Even if the buffer attack works, the end result is more likely to be a denial-of-service situation, not the ability to install a virus or some of the more aggressive options that were discussed.
In the original post, I said I believed the marketing hype about the firewall being intrusion-resistant. I said nothing whatsoever about denial-of-service resistance. A DDoS attack will work against almost anyone's internet service, firewall or not. After all, if you flood the victim with garbage, their bandwidth is gone, no matter whose firewall is dropping the packets.
As for changing the subject, I quoted you -- that's how I became so adept! The point about evaluating source code before buying software was really off-topic, but irresistable from my point of view.
"Would you be willing to bet your business on his competence without seeing his code?"
Of all the people who "bet their businesses" when they buy commercial software, hardly any of them are in a position to review anyone's source code. 99% of them are unqualified to review the code in the first place. The other 1% will never be given the chance because source code is almost never available (outside the open source community, of course). Go ask Microsoft or Oracle to show you their source code. If by some miraculous chance they said "yes", what would you do then?
For better or worse, we all gamble on the reliability of commercial software every minute of every day. The best we can hope for is rapid patching of bugs as they are discovered and the long-term viability of the product and the company that maintains it. It's no fun to buy a glitchy product, but if it gets fixed right away, you get over the initial hassle. On the other hand, if the product works great for a year and then dies miserably with inadequate or non-existant support, that is much more of a show-stopper.
I'm not any more naieve than the person who implied that buffer overflow was a vulnerability of the software in question. I merely suggest that it's possible to write code that lives within a fixed amount of memory. It's been a long time since I worked as a programmer, but sloppiness with buffers was considered a beginner's mistake. Considering the 640K limit of MS-DOS, a program that gets sloppy with buffers isn't going to be running very long. If I were to write a firewall app, I would sieze all the memory I need when the program starts, and drop any packets that can't be accomodated within available memory.
I think it's an age/experience issue. In general, the younger people expect to find buffer overflow problems everywhere because so many modern programs have this vulnerability. Older people don't make this assumption because the older languages and memory limitations required a different approach. I'm old. So sue me.
To put it another way, are you really naive enough to think that all programmers build Microsoft-style vulnerabilities into their code?
Considering that a T-1 is 1.5 mbps, you're unlikely to cause a buffer overflow until the line speed hits T-3 or better. That's assuming the firewall code isn't smart enough to keep track of available memory. Without any other processes competing for memory, it would not be all that tough to detect & avoid buffer overflow (in ancient times, programmers checked for such things.) A denial-of-service attack might be successful, since the firewall would have to drop the packets that can't be processed due to excessive queueing. Of course if the sysadmin does something stupid (like logging all rejected packets), the disk fills & the game is over.
A few years ago, I remember researching firewall products and stumbled across one that ran on MS-DOS. According to the marketing hype, MS-DOS was the OS of choice because it was impossible for a hacker to do anything remotely with an OS that had no remote accessiblity. They had custom ethernet drivers for a small number of cards, and a homegrown GUI (definitely not Windoze). IMHO, it wasn't the best product (for a variety of reasons), but I'll bet it was every bit as intrusion-resistant as advertised.
Heavier-than-air flight is example of something that is difficult but not impossible. Alchemy (as it pertains to converting various metals into gold) is closer to impossible.
The birds have had "heavier-than-air flight" technology for thousands of years; it was inevitable that we would find a way to do fly as birds do. On the other hand, the alchemists never manufactured gold (not even a patent!)
Digital copy protection is the science of making something that can be read but not copied. I don't have an Einstein theory to quote here, but it's hard to deny basic common sense: "That which can be read can also be written." If DRM can be done at all, it will take a whole lot more money than the entertainment industry is prepared to spend.
Perhaps the sheer impossibility of this is why the /. article suggests it's less dangerous than originally thought. I can't imagine a scheme like this surviving more than a day before the hackers rip it to pieces. Let the media folks try impossible things as much as they like. Better yet, make a standard from things that don't work.
Do you really think the digital video recorder manufacturers are going to tool up and produce millions of devices that nobody wants because they implement Hollywood's idea of copy control? Not unless the algorithm is flawed and readily defeated by consumers. At that point, sales will skyrocket when the consumers learn how to uncripple the hardware. Example: The easily hackable Apex DVD players. That hidden menu for disabling region codes & Macrovision was a brilliant sales tool.
"My suspicion is that per-seat licensing will not happen with United Linux, and that Caldera will either drop out, go out of business, or change their business model."
I sure hope you're right. Then again, someone out there really likes per-seat licensing. Maybe it was just a trial baloon, to see if the defense is awake.
I can't believe the "UL" people were so naive as to think this concept would fly with the mainstream Linux community. Knowing how poorly Caldera's initial "per seat" licensing concept was received, they had to have something radical in mind.
Suppose Caldera, SuSe, and non-RH people all see the handwriting on the wall: What little money there is to be made on Linux distribution is going to be made by Red Hat. As Red Hat siezes market share, the non-RH people need a good way to exit the distro business. Why not create this "UL" concept and sell it to Microsoft? Let M$ "embrace & extend" it into their own proprietary monster while exploring the limits of minimum-GPL compatibility. If anyone could distribute source code with no possibility of making it compile, it would be you-know-who, right? No matter what M$ says, they must be wondering how to infiltrate the Linux rebellion and redirect the "lost" revenue back to Redmond.
A perfect example of wrong + wrong = right
Now that felt-tip pens are a copyright protection circumvention tool, the mere discussion of pens is now a DMCA violation. Heaven help the people who are "trafficing" in this "contraband". How are they going to find enough prison space for all those OfficeMax and Staples employees?
Was Mussolini so foolish as to think Hitler would give him a big chunk of the world to rule with autonomy? As they say, history repeats itself.
Did RealNames ever think "Gee, we have to assume that M$ will either take our idea and cut us out of the loop, or we simply fail and everyone abandons the concept." Either way, RealNames was doomed from day one.