I recently installed a game downloaded from some web site, as a non-administrator on a NT4 machine. All went fine. Since the game was sort of boring and pointless, I tried to get rid of it. NT told me this would require administrator privileges. Uh, I have never seen this level of security in 8 years of Linux usage. =:->
One common point stressed by those spreading FUD about Linux and open source is non-existence of a Linux, Inc. company owning, developing, and selling the system. We all know this doesn't matter from a technical (i.e. quality) point of view, and it doesn't matter from a legal point of view either. Buying a software license from some company doesn't mean the software is of high quality, and it doesn't mean there is liability for bugs.
But exactly this non-existence, which doesn't matter in rational analysis, may turn out to be a weakness if we take into consideration the irrational world of markets and competition. Here in Europe there are rather strict regulations to ensure fairness of competition. In Germany, for example, it is now permitted to compare your own product to competing ones from other vendors in advertising, but comparision must be based on hard facts. If it isn't, competitors can easily stop your campaign.
I guess this applies to Linux as well as to all other markets -- but who, from a legal point of view, is the competitor of Microsoft in the case of Linux? Who is going to formally complain and sue Microsoft for unfair competition by making false claims? Sure, the Linux community is organized to a certain degree, and there are the Linux distributors, consulting companies, etc. But could they sue a company attacking just Linux and not a single competitor? After all Linux herself is just there, emerging from coordinated but formally unorganized work of many many people all over the world.
Is there a defense other than advocacy and guerilla education against unfair attacks? And how efficient is advocacy alone if the opponent can buy not only a number of advertisements, but also the newspapers/journals/tv stations publishing them?
My feeling is that Microsoft is currently trying how far they can go unstopped. How far can they?
What if web masters manipulate the spider and return false search results (for luring people into pr0n, spam, propaganda...)?
This is something web masters could do to existing search engines like Google as well. From a technical point of view, a search engine's crawler, or any other client, does not request pages from a server, but invoke methods of objects which are named by URLs. So to fool search engines one simply has to make sure the GET method of such an object returns different results to crawlers and browsers. In addition the web master would have to hide the fact that invocation of the GET method returns dynamically created content, but that's simple.
For those of you unfamiliar with the laws there, they basically s
tate that to do ANYTHING with someone's personal information you have to have a
valid reason and the person's permission.
This should read: "or the person's permission" for most cases. And the ne
ed for permission does by no means imply you have a real choice. Firstly, at lea
st here in Germany, the privacy protection laws act as a default for cases where
more specific laws do not exist. But those laws do exist for numerous realms, a
nd they usually define what may be collected without explicit permission. This m
ainly happens in fields where administrative agencies are involved.
Secondly, in the private sector, privacy laws don't make powerful organizations
any less powerful. And a powerful organization can practically force less powerf
ul entities to sign everything. For example a consumer won't get a credit card o
r a mobile phone service contract without signing a clause permitting submission
of data to kind of a central solvency register ("Schufa"). Even worse, sometime
s you are required to retrieve information on yourself from this register and sh
ow it to someone who does not have direct access to it. You are not directly for
ced, of course, but you may be not the only one looking for an apartment for ren
t or things like that.
Thirdly, data gathered from publicly available sources may be used almost freely
-- opt-out if you can follow your information as fast as it's moving. So once *
THEY* have your address there is virtually nothing you could do to stop them fro
m spamming you either. You may request them to stop using it, but you do not hav
e real control.
... and none of that can prevent me from making an easy copy in any way.
The intention is not to prevent you from anything, but to increase the severity of your "crime" artificially. After all, one who "cracked" three protection schemes to "steal intellectual property" must be a habitual criminal.
Current copy protection schemes are based on law and court decisions, not on technology. The role of technology in this game is solely supportive. It doesn't matter whether a protection scheme is breakable or not, or how much time and resources it would need to break it. What matters is that an accusation can be constructed easily from pure existence of such a scheme, however flawed it may be. Its existence makes you "break", "crack", and "pirate" the things protected by it -- how could you have copied if you didn't?
But I think that it is evident that the original purpose of the DeCSS code was NOT to be art, but was to decrypt the CSS encryption on DVDs.
But why should it matter whether the code is art or not? There are many ways of expressing yourself, protected by freedom of speech, which do certainly not result in a piece of art.
Looks like an instance of a quite common fallacy. If something can be identified as art, it certainly is an expression and no further discussion is needed. But if something is not a piece of art, this doesn't necessarily mean it is not an expression.
1. Why and how is a computer program expressive speech? What does it express?
A computer program, represented by source code, is free speech because I lerned about as much about all that computer stuff from reading source code as I learned from lectures and books. A piece of source code expresses the authors understanding (or misunderstanding) of a problem domain and ideas how to solve the problem. The PHP Base Library (PHPLib) for instance is a comprehensive guide to session management and user authentication for web applications. Sure, there's also a manual, but a lot of detail is buried in the actual source code and nowhere else. And reading the source code gives me confidence the authors know what they do.
Source code examples posted to Usenet, on the other hand, often show common errors or misunderstandings, and thus trigger discussions on style, security, robustness, etc.
A compiled, binary program can be expressive speech as well. For instance I am interested in typesetting -- since I used LaTeX for the first time, and though I never looked at the source code. I understand formal languages much better after playing with Lex and Yacc and AWK, which represent generic concepts for interpretation of certain classes of formal languages. Even without myself looking at the source code, those programs told me something, something their authors had written down carefully in a programming language. If that's not expression, there's no expression at all in any language.
The question should read: Why may computer-illiterate people consider computer programs being different from expressive speech, and how could they be educated?
Oh, and a final reminder: Freedom of speech has been invented to protect you from powerful entities who don't like whot you say.
They serve a definite purpose, and that isn't one of expression.
What is the problem with serving a purpose? Are you no longer protected by freedom of speech as soon as you say something potentially useful? A travellers guide to Utah may not be a work of art, but it still does express something, for instance experience of the author, or just the diligence the author collected information with. So why should purpose make a difference?
To go a step further, in politics, or in the courtroom, every single word serves a purpose. Aren't those words expressions? Can they be verboten because of that?
You don't host that sort of thing on tiny intel boxes running Linux or NT/2K.
You don't host it at all. Those scientists, you know, recently invented a cool thing called "The Internet". This is kind of a database, but it's distributed! This means everyone can have a server, you know, and publishing is merely a matter of copying documents to the right place and making kind of a directory entry. But the coolest thing about this Internet is, it can be searched, you know.
Seriously, if I can't Google something, it does not exist. And if I can Google it, it doesn't matter where it is located. Don't even think about big servers. Think Internet instead. What is still needed in the future is peer review. Somehow this has to be organized, and funded. Anything else can be handled by the authors themselves. After all, they have an interest in making their work visible, and they have homepages.
Re:mail is great in the workplace
on
Buried in email?
·
· Score: 1
You didn't have time to read/. at your last job, did you?
Would you use a search engine that charged a little, but provided much better results (ie no dead links, no off-topic stuff)?
Certainly not, since to me it happened several times that information I looked for was available only in a small number of copies on sites unlikely to pay for search engine listing, e.g. some student's homepage or sites of un-organizations like local Linux user groups. I don't want perfect search, I want to find specific information in reasonable time.
A totally new approach could be that you don't search but interesting web resources gets recommended to you by your personal agent. We are currently working on a peer-to-peer system that doesn't exchange files but exchanges recommendations for web sites.
Nice, but no replacement for traditional web search. When I search the web, I usually search for very specific information, e.g. an XF86Config file for my laptop computer, scientific papers on 3D user interfaces, or a manual for my office telephone. Search engines like Google do a good job pointing me directly at such resources and I believe they do because of their KISS approach of indexing every page they can get hold of and ranking the search results.
When searching for specific stuff, I'm interested in exactly the stuff I search for, sometimes only a few bits of information, not sites which may contain that stuff. I think it is quite unlikely for my friends other competent persons to recommend exactly what I'm searching for. They are more likely to recommend sites, i.e. collections of interesting information, and a few outstandingly interesting single items.
What I'd expect to get recommended with respect to my examples above would be Linux on Laptops, Citeseer, and some Siemens or telecommunications site. But compared to a traditional search engine, these recommendations would not make my life easier. Instead, they would add an unnecessary level of indirection to my search.
This does not mean your approach is useless, but it covers a different field of gathering information. I think a recommendation system is more suitable for keeping track of what's going on in the world, i.e. find out what's new and cool in one's fields of interest. Your concept is just closer to/. than to a traditional search engine, so it will be used more like/..
This is also another strike against the possible inclusion of Linux preloads on machines, because last I knew there is no censoring software for Linux.
Not really. A whole bunch of filtering software is included in every recent Linux distribution. Of course it has to be, ehr, configured, but the software is there in various incarnations from packet filtering deep down in the kernel over application layer proxies like Junkbuster up to browser source code that can be hacked to refuse connecting to all but one single URL. One just has to tell the system what it should filter.;-)
It's funny, because all of us can talk all day about security and huge bit keys and networking, yet we give our login and password to the waitress every time we eat out.
So how many people have lost all their money due to this lack of "huge bit keys"? Of course the figures usually are impressive if a credit card company announces losses by credit card fraud had been so-and-so many billions last year. But think a minute, or better an hour, about who is losing how much, i.e., how risks are distributed among the customer, the merchant, and the credit card company.
This is mostly a non-technical problem, and "huge bit keys" can actually make your situation, as a customer, worse. There have been reported cases of European banks accusing their customers of fraud when they complained about phantom withdrawals via ATMs. After all, the bank had strong encryption, so the customer must have done it herself or at least have helped by giving away her secret PIN. So "huge bit keys" did not save the customer's money, but the public prosecutor's job.
Besides, I haven't seen in years a "more secure" payment system which is as convenient and easy to use (by the honest owner of the money who would like to spend it online or offline) as an old-style credit card. It's universal, it's small, it's something I never leave in the office when I go home, and it does not force me to pay in advance before even knowing what I might want to buy some day. I'm not going to bury my money on smartcards or on my harddisk, and I'm not going to do anything less convenient than fetching my card and typing in what is printed on it, just to buy something on the net. Put a chip onto my credit card and give me two card readers (for home and office use) for free, if that helps to increase security, but don't try to add complexity to my everyday life. If I need something really complex, I'll install IBM DB2.:-)
Seifried has a quite valid point. Cryptography is not a magic thing that makes everything secure by simply activating it. Cryptographic algorithms and protocols are only a building block that, if applied carefully, can make a system more secure against certain risks and attacks. Having encryption, signatures, and certificates, does not provide security by itself. It can help, but a system secured by cryptographic techniques can be as insecure as any other system. It can even be better to be honest and leave out cryptography if it does not really enhance overall security, instead of giving false promises by advertising -bit keys being used in a product which is snake oil by concept. No, I did not say SSL/TLS/SSH are snake oil.:)
Crypt-kiddies and Script-kiddies are basically the same.
Then the question is how to enable the users to take the right choice when configuring their software as well as when being confronted with indication of possible malicious activities. As known from ILOVEYOU and its successors, that is not as simple as showing a warning message and asking for confirmation. Training users won't help much, too; it does not take into account the fact that users decisions are led by their current goals (i.e., read this attachment now, or get connected to this host), and not by taught knowledge.
So how can it be made really hard to take the wrong choice in critical cases without reducing overall ease of use?
What most of us fear when we get confronted with requests for easy-to-use software is restriction of our abilities to those of our software. And from a programmer's view, software in any case is inferior to the human.
But to make things user friendly does not necessarily mean to restrict their use. It only means to shape freedom and to put it in the right place. Consider the telephone for example. It provides a simple concept (forget about all the toys built into todays digital networks for the moment) which acts as a framework -- a framework around a quite universal service. Once you have established a phone connection by following the simple procedure of dialling a certain number, you can do with it whatever can be done on a low-bandwith analog channel, be it ordering things, talking to friends, getting online, or phone sex.
So if you sell sort of universal service, like Linux distributors try to, wrap it in a simple conceptual framework. Sell Internet appliances, sell office appliances, sell gaming appliances.
A 3D navigable interface is likely to not only not increase efficiency but to actually decrease it. One reason for this is that the 3D approach leads to artificial introduction of all the limitations we experience in physical space. That's just stupid as most of these limitations like, for instance, the need to walk up to the coffee maker instead of making it pop up in front of you by double-clicking the empty pot, do not make sense at all even in real life.
Watching computer games like Quake we can see how 3D spatial layout contributes to making things difficult. As we know, computer games have to be easy to use on a very basic level of interaction, i.e. the push-joystick-to-move-forward level, but they have to be sufficiently difficult to be fun to play again and again. We could simplify the game of Quake by replacing the maze with a shooting gallery in front of the player. Click everything that moves and instantly win, instead of walking around in search of things and victims. Would anyone want to play a version of Quake that makes accomplishing tasks easier this way? Probably not. But I would certainly require my word processor to be simplified if it would be based on a concept of walking around in a Maze, and shooting letters instead of keyboard input.
Pizza delivery service is not a feature, it's a bugfix.
A really user-friendly 3D interface no longer makes this distinction between input devices and output devices. Instead, it provides an environment the user interacts with from inside. Any interface without this property is not a 3D interface but an interface based on projections of 3D things onto something even if this something would be a cheap 3D screen.
Slashdot Mirror
I recently installed a game downloaded from some web site, as a non-administrator on a NT4 machine. All went fine. Since the game was sort of boring and pointless, I tried to get rid of it. NT told me this would require administrator privileges. Uh, I have never seen this level of security in 8 years of Linux usage. =:->
One common point stressed by those spreading FUD about Linux and open source is non-existence of a Linux, Inc. company owning, developing, and selling the system. We all know this doesn't matter from a technical (i.e. quality) point of view, and it doesn't matter from a legal point of view either. Buying a software license from some company doesn't mean the software is of high quality, and it doesn't mean there is liability for bugs.
But exactly this non-existence, which doesn't matter in rational analysis, may turn out to be a weakness if we take into consideration the irrational world of markets and competition. Here in Europe there are rather strict regulations to ensure fairness of competition. In Germany, for example, it is now permitted to compare your own product to competing ones from other vendors in advertising, but comparision must be based on hard facts. If it isn't, competitors can easily stop your campaign.
I guess this applies to Linux as well as to all other markets -- but who, from a legal point of view, is the competitor of Microsoft in the case of Linux? Who is going to formally complain and sue Microsoft for unfair competition by making false claims? Sure, the Linux community is organized to a certain degree, and there are the Linux distributors, consulting companies, etc. But could they sue a company attacking just Linux and not a single competitor? After all Linux herself is just there, emerging from coordinated but formally unorganized work of many many people all over the world.
Is there a defense other than advocacy and guerilla education against unfair attacks? And how efficient is advocacy alone if the opponent can buy not only a number of advertisements, but also the newspapers/journals/tv stations publishing them?
My feeling is that Microsoft is currently trying how far they can go unstopped. How far can they?
This is something web masters could do to existing search engines like Google as well. From a technical point of view, a search engine's crawler, or any other client, does not request pages from a server, but invoke methods of objects which are named by URLs. So to fool search engines one simply has to make sure the GET method of such an object returns different results to crawlers and browsers. In addition the web master would have to hide the fact that invocation of the GET method returns dynamically created content, but that's simple.
Does embargo mean all that spam from overseas is finally going to stop? Great! Fantastic! Make it so!
This should read: "or the person's permission" for most cases. And the ne ed for permission does by no means imply you have a real choice. Firstly, at lea st here in Germany, the privacy protection laws act as a default for cases where more specific laws do not exist. But those laws do exist for numerous realms, a nd they usually define what may be collected without explicit permission. This m ainly happens in fields where administrative agencies are involved.
Secondly, in the private sector, privacy laws don't make powerful organizations any less powerful. And a powerful organization can practically force less powerf ul entities to sign everything. For example a consumer won't get a credit card o r a mobile phone service contract without signing a clause permitting submission of data to kind of a central solvency register ("Schufa"). Even worse, sometime s you are required to retrieve information on yourself from this register and sh ow it to someone who does not have direct access to it. You are not directly for ced, of course, but you may be not the only one looking for an apartment for ren t or things like that.
Thirdly, data gathered from publicly available sources may be used almost freely -- opt-out if you can follow your information as fast as it's moving. So once * THEY* have your address there is virtually nothing you could do to stop them fro m spamming you either. You may request them to stop using it, but you do not hav e real control.
I'd prefer an uninterruptible coffee supply. Tubes would be the perfect solution.
The intention is not to prevent you from anything, but to increase the severity of your "crime" artificially. After all, one who "cracked" three protection schemes to "steal intellectual property" must be a habitual criminal.
Current copy protection schemes are based on law and court decisions, not on technology. The role of technology in this game is solely supportive. It doesn't matter whether a protection scheme is breakable or not, or how much time and resources it would need to break it. What matters is that an accusation can be constructed easily from pure existence of such a scheme, however flawed it may be. Its existence makes you "break", "crack", and "pirate" the things protected by it -- how could you have copied if you didn't?
But I think that it is evident that the original purpose of the DeCSS code was NOT to be art, but was to decrypt the CSS encryption on DVDs.
But why should it matter whether the code is art or not? There are many ways of expressing yourself, protected by freedom of speech, which do certainly not result in a piece of art.
Looks like an instance of a quite common fallacy. If something can be identified as art, it certainly is an expression and no further discussion is needed. But if something is not a piece of art, this doesn't necessarily mean it is not an expression.
1. Why and how is a computer program expressive speech? What does it express?
A computer program, represented by source code, is free speech because I lerned about as much about all that computer stuff from reading source code as I learned from lectures and books. A piece of source code expresses the authors understanding (or misunderstanding) of a problem domain and ideas how to solve the problem. The PHP Base Library (PHPLib) for instance is a comprehensive guide to session management and user authentication for web applications. Sure, there's also a manual, but a lot of detail is buried in the actual source code and nowhere else. And reading the source code gives me confidence the authors know what they do. Source code examples posted to Usenet, on the other hand, often show common errors or misunderstandings, and thus trigger discussions on style, security, robustness, etc.
A compiled, binary program can be expressive speech as well. For instance I am interested in typesetting -- since I used LaTeX for the first time, and though I never looked at the source code. I understand formal languages much better after playing with Lex and Yacc and AWK, which represent generic concepts for interpretation of certain classes of formal languages. Even without myself looking at the source code, those programs told me something, something their authors had written down carefully in a programming language. If that's not expression, there's no expression at all in any language.
The question should read: Why may computer-illiterate people consider computer programs being different from expressive speech, and how could they be educated?
Oh, and a final reminder: Freedom of speech has been invented to protect you from powerful entities who don't like whot you say.
They serve a definite purpose, and that isn't one of expression.
What is the problem with serving a purpose? Are you no longer protected by freedom of speech as soon as you say something potentially useful? A travellers guide to Utah may not be a work of art, but it still does express something, for instance experience of the author, or just the diligence the author collected information with. So why should purpose make a difference?
To go a step further, in politics, or in the courtroom, every single word serves a purpose. Aren't those words expressions? Can they be verboten because of that?
You don't host that sort of thing on tiny intel boxes running Linux or NT/2K.
You don't host it at all. Those scientists, you know, recently invented a cool thing called "The Internet". This is kind of a database, but it's distributed! This means everyone can have a server, you know, and publishing is merely a matter of copying documents to the right place and making kind of a directory entry. But the coolest thing about this Internet is, it can be searched, you know.
Seriously, if I can't Google something, it does not exist. And if I can Google it, it doesn't matter where it is located. Don't even think about big servers. Think Internet instead. What is still needed in the future is peer review. Somehow this has to be organized, and funded. Anything else can be handled by the authors themselves. After all, they have an interest in making their work visible, and they have homepages.
You didn't have time to read /. at your last job, did you?
The US need to stop thinking they live in a bubble.
From outside the US it looks like they actually do. :-P
Tea, Earl Grey, hot!
Would you use a search engine that charged a little, but provided much better results (ie no dead links, no off-topic stuff)?
Certainly not, since to me it happened several times that information I looked for was available only in a small number of copies on sites unlikely to pay for search engine listing, e.g. some student's homepage or sites of un-organizations like local Linux user groups. I don't want perfect search, I want to find specific information in reasonable time.
A totally new approach could be that you don't search but interesting web resources gets recommended to you by your personal agent. We are currently working on a peer-to-peer system that doesn't exchange files but exchanges recommendations for web sites.
Nice, but no replacement for traditional web search. When I search the web, I usually search for very specific information, e.g. an XF86Config file for my laptop computer, scientific papers on 3D user interfaces, or a manual for my office telephone. Search engines like Google do a good job pointing me directly at such resources and I believe they do because of their KISS approach of indexing every page they can get hold of and ranking the search results.
When searching for specific stuff, I'm interested in exactly the stuff I search for, sometimes only a few bits of information, not sites which may contain that stuff. I think it is quite unlikely for my friends other competent persons to recommend exactly what I'm searching for. They are more likely to recommend sites, i.e. collections of interesting information, and a few outstandingly interesting single items.
What I'd expect to get recommended with respect to my examples above would be Linux on Laptops, Citeseer, and some Siemens or telecommunications site. But compared to a traditional search engine, these recommendations would not make my life easier. Instead, they would add an unnecessary level of indirection to my search.
This does not mean your approach is useless, but it covers a different field of gathering information. I think a recommendation system is more suitable for keeping track of what's going on in the world, i.e. find out what's new and cool in one's fields of interest. Your concept is just closer to /. than to a traditional search engine, so it will be used more like /..
This is also another strike against the possible inclusion of Linux preloads on machines, because last I knew there is no censoring software for Linux.
Not really. A whole bunch of filtering software is included in every recent Linux distribution. Of course it has to be, ehr, configured, but the software is there in various incarnations from packet filtering deep down in the kernel over application layer proxies like Junkbuster up to browser source code that can be hacked to refuse connecting to all but one single URL. One just has to tell the system what it should filter. ;-)
So how many people have lost all their money due to this lack of "huge bit keys"? Of course the figures usually are impressive if a credit card company announces losses by credit card fraud had been so-and-so many billions last year. But think a minute, or better an hour, about who is losing how much, i.e., how risks are distributed among the customer, the merchant, and the credit card company.
This is mostly a non-technical problem, and "huge bit keys" can actually make your situation, as a customer, worse. There have been reported cases of European banks accusing their customers of fraud when they complained about phantom withdrawals via ATMs. After all, the bank had strong encryption, so the customer must have done it herself or at least have helped by giving away her secret PIN. So "huge bit keys" did not save the customer's money, but the public prosecutor's job.
Besides, I haven't seen in years a "more secure" payment system which is as convenient and easy to use (by the honest owner of the money who would like to spend it online or offline) as an old-style credit card. It's universal, it's small, it's something I never leave in the office when I go home, and it does not force me to pay in advance before even knowing what I might want to buy some day. I'm not going to bury my money on smartcards or on my harddisk, and I'm not going to do anything less convenient than fetching my card and typing in what is printed on it, just to buy something on the net. Put a chip onto my credit card and give me two card readers (for home and office use) for free, if that helps to increase security, but don't try to add complexity to my everyday life. If I need something really complex, I'll install IBM DB2. :-)
Recommended reading:
Ross J Anderson: Liability and Computer Security: Nine Principles. (PDF)
BTW, does your car have airbags? Do they enhance security? Do they require any knowledge in their user's head in order to work correctly?
Of course airbags aren't idiot-proof either, but it takes an advanced idiot to render them useless. Does the same apply to SSH?
Crypt-kiddies and Script-kiddies are basically the same.
So how can it be made really hard to take the wrong choice in critical cases without reducing overall ease of use?
But to make things user friendly does not necessarily mean to restrict their use. It only means to shape freedom and to put it in the right place. Consider the telephone for example. It provides a simple concept (forget about all the toys built into todays digital networks for the moment) which acts as a framework -- a framework around a quite universal service. Once you have established a phone connection by following the simple procedure of dialling a certain number, you can do with it whatever can be done on a low-bandwith analog channel, be it ordering things, talking to friends, getting online, or phone sex.
So if you sell sort of universal service, like Linux distributors try to, wrap it in a simple conceptual framework. Sell Internet appliances, sell office appliances, sell gaming appliances.
Watching computer games like Quake we can see how 3D spatial layout contributes to making things difficult. As we know, computer games have to be easy to use on a very basic level of interaction, i.e. the push-joystick-to-move-forward level, but they have to be sufficiently difficult to be fun to play again and again. We could simplify the game of Quake by replacing the maze with a shooting gallery in front of the player. Click everything that moves and instantly win, instead of walking around in search of things and victims. Would anyone want to play a version of Quake that makes accomplishing tasks easier this way? Probably not. But I would certainly require my word processor to be simplified if it would be based on a concept of walking around in a Maze, and shooting letters instead of keyboard input.
Pizza delivery service is not a feature, it's a bugfix.
Sven
Don't buy a 3D Screen. Buy a holodeck.