The PGPDisk utility was also awesome though it doesn't work on XP - hopefully 8.0 will fix that.
XP Pro comes with integrated disk encryption. Come to that Outlook Express, Lotus and Netscape email have had encryption for 5 years now.
The real problem with secure email is that none of the spec ever had a solution for locating encryption keys.
One of the things we have been pushing lately is the idea that every ISP should set up an XKMS locate service to act as a key repository. The XKMS service would be linked to the DNS via a DNS SRV record.
So that if you want to send a message to Alice@slashdot.org you first look up _XKMS_SOAP_HTTP._TCP.slashdot.org, that gives you an XKMS service locate.slashdot.org. You then send a message to locate.slashdot.org to locate a key for alice@slashdot.org via either S/MIME or PGP. The service returns the untrusted key which can be validated by a variety of means (e.g. a local XKMS validate service).
Back in the mists of PKI time people thought that X.500 or LDAP would do this function. Problem being that X.500 has never been viable as a global infrastructure. Trying to propose a similar feature using LDAP ended up in the weeds because the LDAP mafia thought that we were trying to help them with the great conversion to replace DNS with LDAP...
You misunderstand me, I do tech support and this is what I get calls on all day long. I personally will not use WinXP. My only experience with buggy drivers were
Ahh you do Windows tech support and hear lots of problems and by comparing that sample against your own experience with Linux draw conclusions.
So if you were a 911 call operator in Buffallo Ohio you would conclude from hearing of accidents burglaries, shootings etc that it was the traffic blackspot and crime capital of the country, rather than Washington DC, the Bronx or Aspen Collorado?
install some new driver- Blues screen with the message The following file is missing or corrupt: windows/system/xxxxx
I have never seen that behavior. Would the driver be unsigned perchance? Only XP crashes I have ever had were caused by the Archos driver which will bring XP down if the device powers down while attached to the PC.
Linux will also crash every five minutes if you install a buggy driver.
The fact that your experience is so different from everyone else suggests to me that there is something different about your config.
Sounds to me as if you have installed something that overwrites a system DLL.
I've gained access to Corporation XYZ's WLAN, why don't I start rooting boxen on other networks? They're going to trace it back to XYZ's netblock, and potentially pursue legal action.
Again I think we can fix this. The next generation of WiFi chips will have certs built into them so they will not be completely anonymous. They will however be anonymous in that it will not be possible to conduct traces without a huge and highly visible infrastructure to allow the trace.
Again the reason why I propose caps is because of the likes of SPAMing scum. However there are other ways arround that.
Are you really that simple? Sure, while you're at it, let people use your fridge, oven, bed, clothes, and your bathroom when you're not 'actively' using them. How selfish can you be!
Man, don't be such a bread head. You use technology that I invented and gave away for free every day of your life and you don't even know you are doing it.
Seriously, I have a WiFi connection in my house. If someone passing by wants to download their email that is fine with me.
If someone comes to our corporate offices and wants to download their email or send a presentation or whatever that is also fine.
Of course you get people who abuse the hospitality on offer which is why I propose use caps.
Funny thing is that I have done a lot better not worrying too much about money than the folks who think of nothing else. Thing that most disappoints me about having my stock price in the crapper at the moment is not the fact that I can't afford to buy Blandings Castle at the moment, I am much more concerned that I can't just write a check to build a hospital or school in Afghanistan. Still in five years from now I'll be doing fine and you will still be a breadhead loser who thinks only about what you shoulf receive and not about what you might give.
I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?
The problem is that they called the security scheme Wired Equivalent Privacy, thus botching the job from the start. They failled to understand that the big difference between a wired and a wireless network is access control, you can bypass the guard at the gate.
This proposal appears to be macho bullshit rather than serious security. First off most people who are warchalking just want to download their email. So while it is great press to demonize them don't make a big issue.
Secondly it is very easy to apply a layered security solution. You can use IPSEC or 802.1x with a bunch of other stuff.
The bugs in WEP have been known for some time and the people doing the next generation crypto security know what they are doing. Incidentally the 802.11 working group knew about and was fixing the bugs before Stanford put out the report. A small company up in Redmond Washington had decided to make 802 available throughout their campus (sounds like a directive from his Bill-ship). Before deploying their crypto people had a look at the security of WEP and went AGGGHH!
I found out about this because I tried to contact Big-Softie after hearing about the WEP problems at a cipherpunks meeting. Working out how to fix a problem like that without having to replace every card is really hard.
Point is that nobody should be using honeypots until they have actually deployed decent crypto security. And you should protect the honeypot as closely or almost as closely as the real network.
Rather than messing with this stuff why not just put up a courtesy 802.11b network with a net ID of 'OPEN123' or something, plug it into your network so that it is outside the firewall and set throttles so that nobody can use too much bandwidth. Then people who just want to downlod their mail can get it.
I keep trying to persuade folk that we should do this sort of this in the base infrastructure, Access points should offer a guest mode as standard with appropriate limits, say no more than 20Mb of guest use per hour.
This has to be the funniest thing I have ever read on Slashdot. Have you ever actually heard from women who are involved with porn? How about the wives of many who are "addicted" to porn? It's unbelievable to me you actually think that porn is liberating to women. Most feminists have come to even realize this.
Yes I have talked to women involved in porn. They would probably consider your attempt to speak for them patronising.
Censorship laws have always been used to enforce conservative moral values which have generally been concerned mainly with keeping women in their place. In the US Comstock's 'anti-obscenity' campaign was targetted mainly on supressing information on birth control.
As far as changing moral standards go, I doubt that the invasion of Afghanistan will be half as effective as the exposure to Western culture following the displacement of the Taliban. CNN and the BBC are far more of a threat to the clerics than a few bombs.
As far as the shift in 'feminist thought' you refer to goes, the only prominent feminist campaigners for censorship were Dworkin and McKinnon. Dworkin writes hard core porn while she is not campaigning to have it banned. MacKinnon is a Marxist. They both owe their fame to their willingness to carry water for the Reagan Administration by joining the Meses commission. Neither has a particularly convincing argument which is why MacKinnon refuses to debate with any feminist who disagrees with her.
Most feminists understand that Meese and his modern day incarnation Ashcroft do not intend to use the powers they seek to liberate women, rather the reverse. Ashcroft even put a Burqua on the goddess of justice in the DOJ for heck's sake!
"Spam, pornographic and hate web sites, the collision of domain names with trademarks, the desire of some authorities to engage in censorship are all examples of aspects of the Internet that I find disappointing."
The pron is one of the reasons to be optimistic about the Internet.
Vint is pretty conservative for an Internet revolutionary. He sees the Internet mainly in US-centric terms.
Those of us who came from outside the US tend to have a rather more international perspective. The impact of the Web on the US was never going to be half as dramatic as its effect on third world dictatorships.
There is nothing that can destroy the so-called morals of a country like Saudi Arabia or Taliban controlled Afghanistan faster than an unlimited supply of high quality porn. conservatives know that to control women they have to control sexuality.
Whatever ill effects that Internet porn has had on the developed world, it is outweighed by breaking down censorship in the undeveloped world. Think of the Web as a global samizdatt movement that uses porn as the bait.
The Internet has also had positive effects in the developed world. The prudish censorship laws imposed under the Tory governments have been largely overturned over the past few years.
What amazed me is I wasn't even aware anyone really used Unix anymore. Man, look at all the security holes in *that* software's history.
The computer security industry has tended to regard the Linux community obsession with Microsoft security holes as a case of people living in glass houses throwing stones.
Sendmail has been notorious for security bugs from the very first release. There was a time when over half of all CERT advisories related to sendmail.
It is like that idiot Forrester who went as far as the Supreme Court trying to get Lautenberg kicked off the ballot because he was substituted 35 days before the ballot - missing the 51 day deadline. According to the New York Times Forrester was himself substituted 40 days before the primary election, missing the same exact deadline he now claims to be sacrosanct. Why don't the 'liberal media' tell us these facts, oh yes because the whole liberal media thing is a crock intended to intimidate reporters into not reporting facts that are unfavorable to Republicans.
Point is, don't believe what you read on the news or on slashdot. People have an agenda. There are plenty of bugs found in UNIX systems but when slashdot is ten times more likely to report a Microsoft bug than a Linux one you can soon be conned into thinking Linux is secure rather than making the conclusion I draw, that both platforms have problems.
The whole point of the Web was to give people access to alternative news sources so they can form their own judgement. Problem is that most people would rather be spoonfed their prejudices by the likes of Fox News than know what really goes on.
BIND has also been a mess and stayed that way until DEC paid Paul Vixie to basically rewrite the code from scratch. There are still a bunch of security issues with Bind but they are generally caused by the lack of authentication in the DNS protocol these days.
The fact that UNIX managed to clean up its act suggests that Microsoft can too. It would be nice if in the meantime the Linux community would take note of the fact that they are not imune from security problems and that many of the issues facing Microsoft are actually issues of scale - if everyone switched to Linux it would be much easier to get linux viruses to propagate.
At the end of the day the concentration on 'end-to-end' security at the exclusion of all other means is a crock. You cannot have end to end security unless you have trusted hardware. Nobody on Slashdot seems to be particularly keen on Palladium except people such as myself who spend their whole time trying to design secure architectures.
An interesting feature of the satelite smartcard scene is that the protection schemes are designed with the knowledge they can be craked.
Ultimately no security scheme based on commodity hardware is secure against a determined attack. Even the clipper chip was broken. If the adversary has a scanning electron microscope available they are going to be able to reverse engineer the chip. Ross Andersson did a paper on this a while back.
The strategy the satellite companies use today is economic rather than purely technical. What they do is to design smart cards which are subject to progressive security flaws. They then send out different variations on the smart card to different customers.
The trick is that the pirate does not know which of the flaws matter and which do not. So if the pirate clones a particular card perfectly the satellite company can respond cheaply and effectively by just replacing the small number of cards that have been compromised.
If the pirate makes a more general attack the satelite co looks for any small difference between the cloned card and the genuine cards and programs a deactivation code to take advantage.
Most cloned cards are not perfect since the pirates are in competition with each other. It is better to get a cloned card out in 3 weeks than to wait a n extra couple of months and allow a competitor to steal the market.
The satelite cos generally wait until the pirates have sold a significant number of cards before sending out the deactivation codes. This discredits the pirates with more customers. If the customers learn that using a pirate card ends up costing them more than being honest in addition to being inconvenient they are more likely to turn honest. Another trick is to disable the cards right before big events.
I don't care what signal you send to the switch, your number is in a read-only computer database that automates the dialer, not some dynamic read-write database.
What the telezapper does is to send out a fake 'busy' or 'fax waiting' signal to the switch. This fools the automated switch into thinking that it should try another line.
A human calling the same line is probably not even going to hear the tone (it can be sent out before the pickup signal) and if they do will probably ignore it.
Okay, granted the UK isn't quite the same size as the US, but I've only ever had about 4 calls from marketeers in my whole life (and they were generally to do with double glazing).
There are two economic reasons, first call charges have been higher in the UK and second minimum wage labor is really cheap.
The other reason is staff turnover. UK staff tend to drop cold calling jobs much more quickly because they are less likely to tollerate hostile responses which brits are much more likely to give. US types are trained to be polite to everyone, calling everyone sir and mam. That type of forelock tugging has been absent from the UK since we discovered trades unions.
If a telemarketer does get a polite response it is often from an OAP who just wants to talk to someone.
A final reason is that the successful response rate is much much lower, particularly since most people have double glazing these days.
The problem with telemarketing in the US is that too many people respond.
While it still annoys me to check and see calls from "Unavailable", you can't beat caller ID, since none of the telescammers ever call with their real ID/phone number.
Actually you can beat caller ID blocking but only if you have the right type of line.
When caller ID was introduced for residential customers there was an immediate outcry over its abuse by telemarketers. So the telcos and the FCC conspired to set up a scheme to allow the abuse to continue while claiming there was an opt out.
Commercial services can access a caller-ID service called AIN. 800 numbers use AIN to decide whether to take a call. AIN is not affected by caller ID blocking.
What we need is to hold the politicians feet to the fire, stop them taking the bribes from the telemarketer industry and demand that they serve us.
The current bogus 'opt-out' for caller ID is actually a benefit for telescum. If only telemarketers and crank callers used caller id blocking we could use it to block telemarketers. The problem is that the telemarketers have conned people into providing them with camoflage, I don't know if a blocked number is from a telemarketer or someone who thinks blocking might hinder telemarketers.
Another problem with caller id blocking is that it only seems to work for the telemarketers. I get calls from people who think they have blocking all the time and their caller id shows up on the phone. The FCC shills have probably agreed with the telemarketer scum that you have to repeat the request to opt out every year. Also the system does not differentiate blocked numbers from numbers comming from non caller id exchanges, like foreign calls.
It's laughable to say that Deep Fritz is the strongest computer programme - Deep Blue (that defeated Kasparov) evaluated 200 million positions per second compared to Deep Fritz's 3-4 million. Deep Blue was running on an IBM-made supercomputer. Fritz isn't.
Deep Blue has been broken up and sold off in bits. It was not so much a computer as a temporary assembly of parts. So Deep Fritz would be the strongest living chess computer. After all we don't expect Kasparov to beat dead grandmasters.
I think that it is time to introduce weight categories like they have in boxing. So neither competitor would be allowed to weigh more than 1000 pounds. Otherwise the game is a bit like watching an industrial robot beat the crap out of Mike Tyson, OK so it might be fun to watch but it is not real sport.
Consider what it's like to be living in a western country, which Israel by all definitions is, having to tolerate the constant possibility the bus you're riding will go up in flames, or the coffee-shop you frequently visit, or just the line at the movies.
Yes, I have been there too, only the IRA which tried to murder my family was mostly funded by irish-americans.
By all geographic definitions Israel is in the Middle-East and always will be. Israel is of course tied to the European cultural tradition but it is futile to ignore geography when that is the entire basis of the dispute.
The problem that underlies this dispute is that as soon as a state declares itself to be the state of people of type X then all people not of type X are at a disadvantage. I am white, Iopposed the South African Appartheid regime for people who are white. If I reject discrimination that puts me at an advantage it is very unlikely I will accept discrimination that puts me at a disadvantage (even if it would advantage my wife and son).
Israel is using a ploy that the US is very familliar with, they used it to appropriate their own natives. First the government steals land, then the former inhabitants object, eventually becomming violent and then the violence is used as a justification for the original theft.
Since agreeing to withdraw from the occupied terriories at Oslo Israel has instead doubled the numbe of settlers living there. Your army daily humiliates the arab population and then you come to us for sympathy.
No, I have made the same points at W3C AC meetings.
I understand the points you raise about how XML Query might be useful in the SQL space. I have severe doubts about that since many people think that SQL already answers that need and that there is no advantage to merely changing the syntax to XML for the sake of it.
The point I am making is that the data model of SQL has absolutely no relevance to my application. I am not doing a database lookup, I am not even doing a database transaction, the data I am accessing is not even stored in an SQL database.
OK we could try to implement everything in terms of SQL, but I don't want that, nor do my customers.
Working with an object-oriented system instead of a data-relation system is a debate for theorists, whom you and I are obviously not.
You may not be but I have a Doctorate in applied Formal Methods of computer science and I have worked with five Turing Award winners. I am qualified to speak on that topic which frankly the people pushing XML Query are not.
To take another example, this time from IETF. The IESG has recently taken to pushing Marshal Rose's BEEP protocol in all manner of applications but in particular as a Web Service transport. Now BEEP has some interesting features but the design is fundamentlly flawed from the XML perspective, the spec is based on obsolete DTD technology which as was pointed out at the time is completely inappropriate for a spec intended to be used at that level.
Unfortunately instead of fixing the broken spec the IESG has taken it on itself to go arround bullying working groups to adopt their pet scheme as a 'requirement'. As a result most Web Services projects bypass IETF and go to OASIS.
The point is that the paternalistic assumption that the grownups running the standards organizations know best no longer operates. Ten years ago the people working in industry were by and large the students of the academics running the IETF. Today that is no longer the case, the people who hold Research positions at the major Internet companies have their own reputations.
Unfortunately many academics just don't get it. If you read IETF mailing lists you will often see somone from the inner circle using the put down 'if you understood the problem you would know why you were wrong'. I don't accept that sort of crap from anyone no matter who it is directed against. I don't see why anyone else should be expected to accept it.
Take a look at the X86 CPU architecture. The SVGA standard. Take a look at C. (Please, no flames.) Even the use of silicon for electronics is a "legacy" standard.
That is an irrelevant comparison.
There is absolutely zero advantage from a legacy perspective in using XMLQuery in applications where there is no legacy SQL database to work arround.
Introducing XML Query in those cases simply ties an infrastructure that was independent of SQL lossage direct to SQL. So instead of working with an object oriented data model based on typed set theory we are back to 1960s style hacking arround with entity relation data models.
The practical upshot of that approach is that aplications would suddenly need an SQL engine that otherwise would not just to manage the back end of XML Query!
The whole point of Web Services is that they are designed to support legacy applications. We understand that point perfectly. The way to get interoperation is to put the conversion from SQL to application code is in the Web Service and not the client. If you don't believe me try running Outlook over a modem line with MAPI and POP3 and compare the performance. MAPI is a dog because it is performing low level RPC calls in an XML Query type fashion. POP3 is faster because the messages it exchanges are defined at the application level.
To take the example it is as if someone had said that the VGA standard is so good that the O/S should require all screens to be 640x480 pixels so that we could be sure that an application would never produce a picture that was too big for a smaller display.
Or to take the example of C it would be like saying that the only data model to be used would be structures referenced by unguarded pointers, we would never move on to Java or C#.
Actually that is completely incorrect. What actually happened was that the patent policy for a group (the second SVG WG) was expicitly set to Royalty Free in the call for participation, many weeks before the meeting.
The issue was not that the policy changed "in mid air" but that it did *not* change; the assumption had been, apparently, that we would change to RAND (while they were in midair); we did not change to RAND and I stand by that decision, as chair of the relevant WG.
Sounds to me that you admit that the statement is not 'completely incorrect' since you admit the basic issue that people were travelling to the meeting under the belief that there would be different IPR terms to the ones imposed. Whether or not you are correct in asserting that the terms did not change more than one member believes that their 'assumption' as you put it was well founded.
There is a lot more to the patent issue than royalty free versus non royalty free. I am not aware of any major standards effort in the Internet space that has voluntarily adopted encumbered technology unless there was absolutely no other choice. The only group I am aware of that was formed recently under RAND with royalties was XrML which is in the DRM space which is a known patent minefield.
The issue which W3C had difficulty understanding for the longest time was reciprocal licensing. There are many patent holders who are quite willing to allow royalty free use of a patent for a standard provided that a competitor cant then come and demand royalties for their patent while getting to use the other patent for free.
The same "open competition" which made the US completely incompatible with the rest of the world in 2G mobiles? (VoiceStream and GSM1900mhz excluded, of course).
That is the real point for me, I can take my Motorola Timeport to pretty much any country I want to go and use it. I can't do that with my old and bulky Qualcomm phone.
The article has a lot of good technical info but about mid way through I started to think 'I have heard this before', it really does have the flavor of the emacs/vi discussion. The basic thrust of the Qualcomm position is that it has a better upgrade path, so even if it is not as good today it will be better in the future.
The guy makes a self contradicting argument, first he says that CDMA is better, then he admits that to make it really work you have to know stuff that is not in the patents. Now I work at the level of the 'front room' guys that he was dissing and I can tell you that they could not give a rats arse as to which system is better in an engineering sense
The Qualcom engineer fully validates the point that Erickson and Nokia were making, as handset manufacturers they were disadvantaged by Qualcom's control of the CDMA technology. There is not a CTO arround who is going to allow a competitor to get that type of a stranglehold without a fight, well not a good one anyway. What the article does not mention is that Erickson only bought the CDMA license after Qualcomm had quit manufacturing - i.e. after they ceased to be a competitor.
From a consumer's point of view there is no question that the European market looks much better than the US. Cellular rates are a half or a quarter of the US prices. I could actually afford to use my pocket PC to surf the Web in Europe, in the US it would be cheaper to have my secretary print out all my email every day and fed-ex it to me.
As for the 'protectionism' jibe, don't fool yourself, the US market is just as protectionist as the EU. In some ways it is worse - wanna buy a large screen TV, well the FCC is going to require you to buy a $200 HDTV tuner with it even though you get your signal off satelite or cable. At least in the EU its the airwaves they auction, not the legislation.
As for 3G, the reason it is failing is very simple and obvious to anyone who visits Europe, they already have a cellular system that works fine and is very cheap to use. Mobile data is a far less compelling proposition than the people selling it claimed. OK it is kewl to be able to read email on the go, but only if doing so is almost no cost. That simply cannot be the case if support for data requires a whole new infrastructure to be rolled out.
The W3C is producing some of the most thorough and powerful technical standards around. They are very readable and well organized (if you don't believe me try reading some specs from ECMA, or the IETF which still does not use rich text in its specs). They have a long term vision - the semantic web.
W3C is certainly not under any challenge from the IETF. Apart from CISCO there are very few vendors who take their proposals to IETF by choice these days. It simply takes too long to get anything done and the IETF rules allow far too much scope for individuals with an agenda to delay the process until the rest of the group gives in.
W3C is under challenge from OASIS however. It can take over a year just to get a W3C group formed, you can get the spec completed in the same time at OASIS. The other issue is cost, W3C charges $50,000 a year for membership, OASIS is only $10,000 for the top membership tier. That makes a big differene when it comes to getting customers involved. Few customers want to pay $50K for 4 years to influence the direction of a technical spec.
Semantic Web is not that popular with the W3C membership. Every time members suggest new work items there are attempts to align them with RDF. Now I don't have a problem with Tim's goal, but I don't think a rehash of Lenat's cyc project is the answer.
The attempt to get consistency across standards is good in theory, but the problem is that the membership don't get much input in the direction of that consistency. For example XMLQuery was proposed as an XML based interface to SQL. I can see a case to support that as a legacy issue, but since then we have been having W3C people asking us repeatedly why we are not using it. I have zero interest in using XMLQuery and will take my specs elsewhere rather than have it polute my spec. SQL is a legacy data model that we are trying to leave behind, insisting that everything bebased on it is as clueless as demanding that every spec be easily implemented in COBOL.
The W3C handling of its patent policy has not been competent. On occasions people have been flying to WG meetings and the patent terms of the meeting have changed while they were in mid air. The Royalty Free issue is nowehere near as simple as likes of Bruce Perens would have people believe, life is always simple for idealogues because they measure their achievement in terms of their commitment to their ideology rather than by actual results.
The IETF policy that Bruce had a go at is actually the most pro-open source arround. Basically it says that specs should not be encumbered by patents unless there is a really good reason. The last really good reason that was allowed was to use public key cryptography without which we could not have written the PGP and S/MIME specs at IETF.
What the hell are you talking about? You don't even have to agree to the GPL to use GPL software! The GPL only comes into play if you want to distribute a work based from the source code of a GPL program.
Go talk to Stallman and he will make it absolutely clear that his real aim is to eliminate non-free software. It will be just about the only thing that is absolutely clear...
For RMS the GPL is simply a means to an end that is beyond the GPL.
The Open Sorce Movement long ago outgrew RMS. The only person who really takes him seriously these days is Bill Gates.
Many people who start radically new movements are cranks. Freud was a drug adict, Kellog started his breakfast cereal company to stop mastubation, the Onedia company started out as a hippie free love community. Robert Owen invented modern manufacturing, socialism and went to America to set up a utopian society (interesting footnote, his son was responsible for the founding of the Smithsonian, not by donating the money but by preventing it being stolen by the then Congress).
If all you know of RMS is the GPL then you don't know him. Hero worship is never a particularly good idea, if you are going to choose a hero to worship, please at least choose one that is not afraid of water.
Actually, very few laws exist in international waters. That's why whaling and such is legal when boats get far enough out. Some countries have laws covering what you can and can't do as a citizen even outside of the country, but to my knowledge it's perfectly legal to sink a ship if it's attempting to commit piracy or other theft of goods.
Wrong, the law of the sea is probably the most extensively litigated aspect of international law. International law was originally invented to cover the sea. The London Times reports on maritime law cases all the time.
The basic principle is that every ship is registered in a national shipping registry and is subject to the laws of that country. So if a ship is registered in Panama the laws of Panama apply.
A ship that does not have a registration is subject to the laws of any nation that cares to enforce them. An unregistered ship is likely to be seized each time it calls at a port.
It would not be legal for a merchant ship to attack another for any reason other than self defense. However a coastguard or navy vessel can do so.
One wonders if the story is a spoof since being at sea does nothing to improve the legal situation and the mechanics of producing CDs on board a ship do not sound promissing, I doubt that CD pressing plants are designed to be used on ship.
Don't insult my reading comprehension. That's rude and unnecessary. I read and quoted your entire post and asked you to clarify. However, you did clarify your point.
Your reading comprehension appeared off to me as well.
RMS is a crank. There is no contradiction between doing something good and being a crank. Schockley invented the transistor and won the nobel prize but he was an utter crank who spent most of his later years writing racist tracts on Eugenics with the same basic premise as Murray/Herstein but without taking the trouble to hide the racism motivating the work.
The BitKeeper license is simply the logical extension of the GPL viral clause. Instead of coercing people to only use free software bitkeeper forces you to only use their software. This is not so different if you remember that when GPL was written FSF was the only game in town.
IANAL, but a related ruling in California does make it illegal to stick non-compete clauses in an employment agreementI don't think there's a ruling in any state as to whether or not it holds for EULAs.
IANAL but the rulling you cite is not the most relevant because it is based on a provision which is specifically about employment, "[E]very contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void." (Business & Professions Code section 16600.)
While there is an employment aspect here, in particular the attempt to taint people using competing code I don't think it is the most direct grounds for invalidating the licence clause. There is no shortage of state and federal anti-trust laws. The fact that software is open source does not remove those protections, the software is also offered on commercial terms and so is a for-profit concern.
The clause is intentionally anti-competative and might well cross the line into unfair competition.
However there is another dimension here. The minute the guy attempted to enforce the license term he would be ostracised as being what the Open Source community call 'a complete and utter prick'.
Slashdot Mirror
XP Pro comes with integrated disk encryption. Come to that Outlook Express, Lotus and Netscape email have had encryption for 5 years now.
The real problem with secure email is that none of the spec ever had a solution for locating encryption keys.
One of the things we have been pushing lately is the idea that every ISP should set up an XKMS locate service to act as a key repository. The XKMS service would be linked to the DNS via a DNS SRV record.
So that if you want to send a message to Alice@slashdot.org you first look up _XKMS_SOAP_HTTP._TCP.slashdot.org, that gives you an XKMS service locate.slashdot.org. You then send a message to locate.slashdot.org to locate a key for alice@slashdot.org via either S/MIME or PGP. The service returns the untrusted key which can be validated by a variety of means (e.g. a local XKMS validate service).
Back in the mists of PKI time people thought that X.500 or LDAP would do this function. Problem being that X.500 has never been viable as a global infrastructure. Trying to propose a similar feature using LDAP ended up in the weeds because the LDAP mafia thought that we were trying to help them with the great conversion to replace DNS with LDAP...
No I demonstrated that you had presented a biased sample and you had no counter argument. Your findings were not 'trivial' they were misleading.
You can try the politico-hack tactic of downplaying the counter-argument but from where I stand you have zero credibility at this point.
Ahh you do Windows tech support and hear lots of problems and by comparing that sample against your own experience with Linux draw conclusions.
So if you were a 911 call operator in Buffallo Ohio you would conclude from hearing of accidents burglaries, shootings etc that it was the traffic blackspot and crime capital of the country, rather than Washington DC, the Bronx or Aspen Collorado?
I have never seen that behavior. Would the driver be unsigned perchance? Only XP crashes I have ever had were caused by the Archos driver which will bring XP down if the device powers down while attached to the PC.
Linux will also crash every five minutes if you install a buggy driver.
The fact that your experience is so different from everyone else suggests to me that there is something different about your config.
Sounds to me as if you have installed something that overwrites a system DLL.
Again I think we can fix this. The next generation of WiFi chips will have certs built into them so they will not be completely anonymous. They will however be anonymous in that it will not be possible to conduct traces without a huge and highly visible infrastructure to allow the trace.
Again the reason why I propose caps is because of the likes of SPAMing scum. However there are other ways arround that.
Man, don't be such a bread head. You use technology that I invented and gave away for free every day of your life and you don't even know you are doing it.
Seriously, I have a WiFi connection in my house. If someone passing by wants to download their email that is fine with me.
If someone comes to our corporate offices and wants to download their email or send a presentation or whatever that is also fine.
Of course you get people who abuse the hospitality on offer which is why I propose use caps.
Funny thing is that I have done a lot better not worrying too much about money than the folks who think of nothing else. Thing that most disappoints me about having my stock price in the crapper at the moment is not the fact that I can't afford to buy Blandings Castle at the moment, I am much more concerned that I can't just write a check to build a hospital or school in Afghanistan. Still in five years from now I'll be doing fine and you will still be a breadhead loser who thinks only about what you shoulf receive and not about what you might give.
The problem is that they called the security scheme Wired Equivalent Privacy, thus botching the job from the start. They failled to understand that the big difference between a wired and a wireless network is access control, you can bypass the guard at the gate.
This proposal appears to be macho bullshit rather than serious security. First off most people who are warchalking just want to download their email. So while it is great press to demonize them don't make a big issue.
Secondly it is very easy to apply a layered security solution. You can use IPSEC or 802.1x with a bunch of other stuff.
The bugs in WEP have been known for some time and the people doing the next generation crypto security know what they are doing. Incidentally the 802.11 working group knew about and was fixing the bugs before Stanford put out the report. A small company up in Redmond Washington had decided to make 802 available throughout their campus (sounds like a directive from his Bill-ship). Before deploying their crypto people had a look at the security of WEP and went AGGGHH!
I found out about this because I tried to contact Big-Softie after hearing about the WEP problems at a cipherpunks meeting. Working out how to fix a problem like that without having to replace every card is really hard.
Point is that nobody should be using honeypots until they have actually deployed decent crypto security. And you should protect the honeypot as closely or almost as closely as the real network.
Rather than messing with this stuff why not just put up a courtesy 802.11b network with a net ID of 'OPEN123' or something, plug it into your network so that it is outside the firewall and set throttles so that nobody can use too much bandwidth. Then people who just want to downlod their mail can get it.
I keep trying to persuade folk that we should do this sort of this in the base infrastructure, Access points should offer a guest mode as standard with appropriate limits, say no more than 20Mb of guest use per hour.
Yes I have talked to women involved in porn. They would probably consider your attempt to speak for them patronising.
Censorship laws have always been used to enforce conservative moral values which have generally been concerned mainly with keeping women in their place. In the US Comstock's 'anti-obscenity' campaign was targetted mainly on supressing information on birth control.
As far as changing moral standards go, I doubt that the invasion of Afghanistan will be half as effective as the exposure to Western culture following the displacement of the Taliban. CNN and the BBC are far more of a threat to the clerics than a few bombs.
As far as the shift in 'feminist thought' you refer to goes, the only prominent feminist campaigners for censorship were Dworkin and McKinnon. Dworkin writes hard core porn while she is not campaigning to have it banned. MacKinnon is a Marxist. They both owe their fame to their willingness to carry water for the Reagan Administration by joining the Meses commission. Neither has a particularly convincing argument which is why MacKinnon refuses to debate with any feminist who disagrees with her.
Most feminists understand that Meese and his modern day incarnation Ashcroft do not intend to use the powers they seek to liberate women, rather the reverse. Ashcroft even put a Burqua on the goddess of justice in the DOJ for heck's sake!
The pron is one of the reasons to be optimistic about the Internet.
Vint is pretty conservative for an Internet revolutionary. He sees the Internet mainly in US-centric terms.
Those of us who came from outside the US tend to have a rather more international perspective. The impact of the Web on the US was never going to be half as dramatic as its effect on third world dictatorships.
There is nothing that can destroy the so-called morals of a country like Saudi Arabia or Taliban controlled Afghanistan faster than an unlimited supply of high quality porn. conservatives know that to control women they have to control sexuality.
Whatever ill effects that Internet porn has had on the developed world, it is outweighed by breaking down censorship in the undeveloped world. Think of the Web as a global samizdatt movement that uses porn as the bait.
The Internet has also had positive effects in the developed world. The prudish censorship laws imposed under the Tory governments have been largely overturned over the past few years.
The computer security industry has tended to regard the Linux community obsession with Microsoft security holes as a case of people living in glass houses throwing stones.
Sendmail has been notorious for security bugs from the very first release. There was a time when over half of all CERT advisories related to sendmail.
It is like that idiot Forrester who went as far as the Supreme Court trying to get Lautenberg kicked off the ballot because he was substituted 35 days before the ballot - missing the 51 day deadline. According to the New York Times Forrester was himself substituted 40 days before the primary election, missing the same exact deadline he now claims to be sacrosanct. Why don't the 'liberal media' tell us these facts, oh yes because the whole liberal media thing is a crock intended to intimidate reporters into not reporting facts that are unfavorable to Republicans.
Point is, don't believe what you read on the news or on slashdot. People have an agenda. There are plenty of bugs found in UNIX systems but when slashdot is ten times more likely to report a Microsoft bug than a Linux one you can soon be conned into thinking Linux is secure rather than making the conclusion I draw, that both platforms have problems.
The whole point of the Web was to give people access to alternative news sources so they can form their own judgement. Problem is that most people would rather be spoonfed their prejudices by the likes of Fox News than know what really goes on.
BIND has also been a mess and stayed that way until DEC paid Paul Vixie to basically rewrite the code from scratch. There are still a bunch of security issues with Bind but they are generally caused by the lack of authentication in the DNS protocol these days.
The fact that UNIX managed to clean up its act suggests that Microsoft can too. It would be nice if in the meantime the Linux community would take note of the fact that they are not imune from security problems and that many of the issues facing Microsoft are actually issues of scale - if everyone switched to Linux it would be much easier to get linux viruses to propagate.
At the end of the day the concentration on 'end-to-end' security at the exclusion of all other means is a crock. You cannot have end to end security unless you have trusted hardware. Nobody on Slashdot seems to be particularly keen on Palladium except people such as myself who spend their whole time trying to design secure architectures.
Ultimately no security scheme based on commodity hardware is secure against a determined attack. Even the clipper chip was broken. If the adversary has a scanning electron microscope available they are going to be able to reverse engineer the chip. Ross Andersson did a paper on this a while back.
The strategy the satellite companies use today is economic rather than purely technical. What they do is to design smart cards which are subject to progressive security flaws. They then send out different variations on the smart card to different customers.
The trick is that the pirate does not know which of the flaws matter and which do not. So if the pirate clones a particular card perfectly the satellite company can respond cheaply and effectively by just replacing the small number of cards that have been compromised.
If the pirate makes a more general attack the satelite co looks for any small difference between the cloned card and the genuine cards and programs a deactivation code to take advantage.
Most cloned cards are not perfect since the pirates are in competition with each other. It is better to get a cloned card out in 3 weeks than to wait a n extra couple of months and allow a competitor to steal the market.
The satelite cos generally wait until the pirates have sold a significant number of cards before sending out the deactivation codes. This discredits the pirates with more customers. If the customers learn that using a pirate card ends up costing them more than being honest in addition to being inconvenient they are more likely to turn honest. Another trick is to disable the cards right before big events.
A human calling the same line is probably not even going to hear the tone (it can be sent out before the pickup signal) and if they do will probably ignore it.
There are two economic reasons, first call charges have been higher in the UK and second minimum wage labor is really cheap.
The other reason is staff turnover. UK staff tend to drop cold calling jobs much more quickly because they are less likely to tollerate hostile responses which brits are much more likely to give. US types are trained to be polite to everyone, calling everyone sir and mam. That type of forelock tugging has been absent from the UK since we discovered trades unions.
If a telemarketer does get a polite response it is often from an OAP who just wants to talk to someone.
A final reason is that the successful response rate is much much lower, particularly since most people have double glazing these days.
The problem with telemarketing in the US is that too many people respond.
Actually you can beat caller ID blocking but only if you have the right type of line.
When caller ID was introduced for residential customers there was an immediate outcry over its abuse by telemarketers. So the telcos and the FCC conspired to set up a scheme to allow the abuse to continue while claiming there was an opt out.
Commercial services can access a caller-ID service called AIN. 800 numbers use AIN to decide whether to take a call. AIN is not affected by caller ID blocking.
What we need is to hold the politicians feet to the fire, stop them taking the bribes from the telemarketer industry and demand that they serve us.
The current bogus 'opt-out' for caller ID is actually a benefit for telescum. If only telemarketers and crank callers used caller id blocking we could use it to block telemarketers. The problem is that the telemarketers have conned people into providing them with camoflage, I don't know if a blocked number is from a telemarketer or someone who thinks blocking might hinder telemarketers.
Another problem with caller id blocking is that it only seems to work for the telemarketers. I get calls from people who think they have blocking all the time and their caller id shows up on the phone. The FCC shills have probably agreed with the telemarketer scum that you have to repeat the request to opt out every year. Also the system does not differentiate blocked numbers from numbers comming from non caller id exchanges, like foreign calls.
Deep Blue has been broken up and sold off in bits. It was not so much a computer as a temporary assembly of parts. So Deep Fritz would be the strongest living chess computer. After all we don't expect Kasparov to beat dead grandmasters.
I think that it is time to introduce weight categories like they have in boxing. So neither competitor would be allowed to weigh more than 1000 pounds. Otherwise the game is a bit like watching an industrial robot beat the crap out of Mike Tyson, OK so it might be fun to watch but it is not real sport.
Yes, I have been there too, only the IRA which tried to murder my family was mostly funded by irish-americans.
By all geographic definitions Israel is in the Middle-East and always will be. Israel is of course tied to the European cultural tradition but it is futile to ignore geography when that is the entire basis of the dispute.
The problem that underlies this dispute is that as soon as a state declares itself to be the state of people of type X then all people not of type X are at a disadvantage. I am white, Iopposed the South African Appartheid regime for people who are white. If I reject discrimination that puts me at an advantage it is very unlikely I will accept discrimination that puts me at a disadvantage (even if it would advantage my wife and son).
Israel is using a ploy that the US is very familliar with, they used it to appropriate their own natives. First the government steals land, then the former inhabitants object, eventually becomming violent and then the violence is used as a justification for the original theft.
Since agreeing to withdraw from the occupied terriories at Oslo Israel has instead doubled the numbe of settlers living there. Your army daily humiliates the arab population and then you come to us for sympathy.
No, I have made the same points at W3C AC meetings.
I understand the points you raise about how XML Query might be useful in the SQL space. I have severe doubts about that since many people think that SQL already answers that need and that there is no advantage to merely changing the syntax to XML for the sake of it.
The point I am making is that the data model of SQL has absolutely no relevance to my application. I am not doing a database lookup, I am not even doing a database transaction, the data I am accessing is not even stored in an SQL database.
OK we could try to implement everything in terms of SQL, but I don't want that, nor do my customers.
Working with an object-oriented system instead of a data-relation system is a debate for theorists, whom you and I are obviously not.
You may not be but I have a Doctorate in applied Formal Methods of computer science and I have worked with five Turing Award winners. I am qualified to speak on that topic which frankly the people pushing XML Query are not.
To take another example, this time from IETF. The IESG has recently taken to pushing Marshal Rose's BEEP protocol in all manner of applications but in particular as a Web Service transport. Now BEEP has some interesting features but the design is fundamentlly flawed from the XML perspective, the spec is based on obsolete DTD technology which as was pointed out at the time is completely inappropriate for a spec intended to be used at that level.
Unfortunately instead of fixing the broken spec the IESG has taken it on itself to go arround bullying working groups to adopt their pet scheme as a 'requirement'. As a result most Web Services projects bypass IETF and go to OASIS.
The point is that the paternalistic assumption that the grownups running the standards organizations know best no longer operates. Ten years ago the people working in industry were by and large the students of the academics running the IETF. Today that is no longer the case, the people who hold Research positions at the major Internet companies have their own reputations.
Unfortunately many academics just don't get it. If you read IETF mailing lists you will often see somone from the inner circle using the put down 'if you understood the problem you would know why you were wrong'. I don't accept that sort of crap from anyone no matter who it is directed against. I don't see why anyone else should be expected to accept it.
That is an irrelevant comparison.
There is absolutely zero advantage from a legacy perspective in using XMLQuery in applications where there is no legacy SQL database to work arround.
Introducing XML Query in those cases simply ties an infrastructure that was independent of SQL lossage direct to SQL. So instead of working with an object oriented data model based on typed set theory we are back to 1960s style hacking arround with entity relation data models.
The practical upshot of that approach is that aplications would suddenly need an SQL engine that otherwise would not just to manage the back end of XML Query!
The whole point of Web Services is that they are designed to support legacy applications. We understand that point perfectly. The way to get interoperation is to put the conversion from SQL to application code is in the Web Service and not the client. If you don't believe me try running Outlook over a modem line with MAPI and POP3 and compare the performance. MAPI is a dog because it is performing low level RPC calls in an XML Query type fashion. POP3 is faster because the messages it exchanges are defined at the application level.
To take the example it is as if someone had said that the VGA standard is so good that the O/S should require all screens to be 640x480 pixels so that we could be sure that an application would never produce a picture that was too big for a smaller display.
Or to take the example of C it would be like saying that the only data model to be used would be structures referenced by unguarded pointers, we would never move on to Java or C#.
The issue was not that the policy changed "in mid air" but that it did *not* change; the assumption had been, apparently, that we would change to RAND (while they were in midair); we did not change to RAND and I stand by that decision, as chair of the relevant WG.
Sounds to me that you admit that the statement is not 'completely incorrect' since you admit the basic issue that people were travelling to the meeting under the belief that there would be different IPR terms to the ones imposed. Whether or not you are correct in asserting that the terms did not change more than one member believes that their 'assumption' as you put it was well founded.
There is a lot more to the patent issue than royalty free versus non royalty free. I am not aware of any major standards effort in the Internet space that has voluntarily adopted encumbered technology unless there was absolutely no other choice. The only group I am aware of that was formed recently under RAND with royalties was XrML which is in the DRM space which is a known patent minefield.
The issue which W3C had difficulty understanding for the longest time was reciprocal licensing. There are many patent holders who are quite willing to allow royalty free use of a patent for a standard provided that a competitor cant then come and demand royalties for their patent while getting to use the other patent for free.
That is the real point for me, I can take my Motorola Timeport to pretty much any country I want to go and use it. I can't do that with my old and bulky Qualcomm phone.
The article has a lot of good technical info but about mid way through I started to think 'I have heard this before', it really does have the flavor of the emacs/vi discussion. The basic thrust of the Qualcomm position is that it has a better upgrade path, so even if it is not as good today it will be better in the future.
The guy makes a self contradicting argument, first he says that CDMA is better, then he admits that to make it really work you have to know stuff that is not in the patents. Now I work at the level of the 'front room' guys that he was dissing and I can tell you that they could not give a rats arse as to which system is better in an engineering sense
The Qualcom engineer fully validates the point that Erickson and Nokia were making, as handset manufacturers they were disadvantaged by Qualcom's control of the CDMA technology. There is not a CTO arround who is going to allow a competitor to get that type of a stranglehold without a fight, well not a good one anyway. What the article does not mention is that Erickson only bought the CDMA license after Qualcomm had quit manufacturing - i.e. after they ceased to be a competitor.
From a consumer's point of view there is no question that the European market looks much better than the US. Cellular rates are a half or a quarter of the US prices. I could actually afford to use my pocket PC to surf the Web in Europe, in the US it would be cheaper to have my secretary print out all my email every day and fed-ex it to me.
As for the 'protectionism' jibe, don't fool yourself, the US market is just as protectionist as the EU. In some ways it is worse - wanna buy a large screen TV, well the FCC is going to require you to buy a $200 HDTV tuner with it even though you get your signal off satelite or cable. At least in the EU its the airwaves they auction, not the legislation.
As for 3G, the reason it is failing is very simple and obvious to anyone who visits Europe, they already have a cellular system that works fine and is very cheap to use. Mobile data is a far less compelling proposition than the people selling it claimed. OK it is kewl to be able to read email on the go, but only if doing so is almost no cost. That simply cannot be the case if support for data requires a whole new infrastructure to be rolled out.
W3C is certainly not under any challenge from the IETF. Apart from CISCO there are very few vendors who take their proposals to IETF by choice these days. It simply takes too long to get anything done and the IETF rules allow far too much scope for individuals with an agenda to delay the process until the rest of the group gives in.
W3C is under challenge from OASIS however. It can take over a year just to get a W3C group formed, you can get the spec completed in the same time at OASIS. The other issue is cost, W3C charges $50,000 a year for membership, OASIS is only $10,000 for the top membership tier. That makes a big differene when it comes to getting customers involved. Few customers want to pay $50K for 4 years to influence the direction of a technical spec.
Semantic Web is not that popular with the W3C membership. Every time members suggest new work items there are attempts to align them with RDF. Now I don't have a problem with Tim's goal, but I don't think a rehash of Lenat's cyc project is the answer.
The attempt to get consistency across standards is good in theory, but the problem is that the membership don't get much input in the direction of that consistency. For example XMLQuery was proposed as an XML based interface to SQL. I can see a case to support that as a legacy issue, but since then we have been having W3C people asking us repeatedly why we are not using it. I have zero interest in using XMLQuery and will take my specs elsewhere rather than have it polute my spec. SQL is a legacy data model that we are trying to leave behind, insisting that everything bebased on it is as clueless as demanding that every spec be easily implemented in COBOL.
The W3C handling of its patent policy has not been competent. On occasions people have been flying to WG meetings and the patent terms of the meeting have changed while they were in mid air. The Royalty Free issue is nowehere near as simple as likes of Bruce Perens would have people believe, life is always simple for idealogues because they measure their achievement in terms of their commitment to their ideology rather than by actual results.
The IETF policy that Bruce had a go at is actually the most pro-open source arround. Basically it says that specs should not be encumbered by patents unless there is a really good reason. The last really good reason that was allowed was to use public key cryptography without which we could not have written the PGP and S/MIME specs at IETF.
Go talk to Stallman and he will make it absolutely clear that his real aim is to eliminate non-free software. It will be just about the only thing that is absolutely clear...
For RMS the GPL is simply a means to an end that is beyond the GPL.
The Open Sorce Movement long ago outgrew RMS. The only person who really takes him seriously these days is Bill Gates.
Many people who start radically new movements are cranks. Freud was a drug adict, Kellog started his breakfast cereal company to stop mastubation, the Onedia company started out as a hippie free love community. Robert Owen invented modern manufacturing, socialism and went to America to set up a utopian society (interesting footnote, his son was responsible for the founding of the Smithsonian, not by donating the money but by preventing it being stolen by the then Congress).
If all you know of RMS is the GPL then you don't know him. Hero worship is never a particularly good idea, if you are going to choose a hero to worship, please at least choose one that is not afraid of water.
Wrong, the law of the sea is probably the most extensively litigated aspect of international law. International law was originally invented to cover the sea. The London Times reports on maritime law cases all the time.
The basic principle is that every ship is registered in a national shipping registry and is subject to the laws of that country. So if a ship is registered in Panama the laws of Panama apply.
A ship that does not have a registration is subject to the laws of any nation that cares to enforce them. An unregistered ship is likely to be seized each time it calls at a port.
It would not be legal for a merchant ship to attack another for any reason other than self defense. However a coastguard or navy vessel can do so.
One wonders if the story is a spoof since being at sea does nothing to improve the legal situation and the mechanics of producing CDs on board a ship do not sound promissing, I doubt that CD pressing plants are designed to be used on ship.
Your reading comprehension appeared off to me as well.
RMS is a crank. There is no contradiction between doing something good and being a crank. Schockley invented the transistor and won the nobel prize but he was an utter crank who spent most of his later years writing racist tracts on Eugenics with the same basic premise as Murray/Herstein but without taking the trouble to hide the racism motivating the work.
The BitKeeper license is simply the logical extension of the GPL viral clause. Instead of coercing people to only use free software bitkeeper forces you to only use their software. This is not so different if you remember that when GPL was written FSF was the only game in town.
IANAL but the rulling you cite is not the most relevant because it is based on a provision which is specifically about employment, "[E]very contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void." (Business & Professions Code section 16600.)
While there is an employment aspect here, in particular the attempt to taint people using competing code I don't think it is the most direct grounds for invalidating the licence clause. There is no shortage of state and federal anti-trust laws. The fact that software is open source does not remove those protections, the software is also offered on commercial terms and so is a for-profit concern.
The clause is intentionally anti-competative and might well cross the line into unfair competition.
However there is another dimension here. The minute the guy attempted to enforce the license term he would be ostracised as being what the Open Source community call 'a complete and utter prick'.