There are circumstances where light rail will work. It may not be directly cost effective (unless access constraints are *quite* severe), but it works by decreasing the burden on the highway system, so the need for additional freeways, etc. is postponed.
This assumes that
The light rail tracks go everywhere that existing freeways go;
Existing freeways adequately circulate traffic between the areas where people need to travel
At least in Pittsburgh, 1 is clearly false and 2 is quite debatable.
There has been so much talk here about pie-in-the-sky stuff like High Speed Mag-lev for years, while all actual public funding has gone into taxpayer-funded construction of multiple new stadiums and commissioning multipe, potentially fraudulent or mismanaged property tax reassesments -- while absolutely nothing concrete has been done to fix the transportation problems in what's probably the home of the WORST transportation infrastructure in the country. Many smart people have pointed out the huge negative impact the transportation infrastructure has on the potential growth of Western PA's economy.
Instead of installing some corrider-constrained, incredibly expensive Mag-Lev system of dubious value which does nothing to address the nightmare of getting from neighborhood to neighborhood in this tangle of hills, gullies and twisty streets they call a City, they could use existing arterials (supplimented perhaps with a couple of new ones) to *greatly* expand the reach of public transportion and make it practical to ditch the now-mandatory two-car-per-family lifestyle.
Is it source-code-level certification? If so, then the value of the certification would seem extremely lame if they can't catch a buffer overflow.
If it's "let's attack the binary and see if we can break it", that's potentially harder to catch something like this, but then again, how hard can it be to see if the binary links against the system C library at the known offsets of gets, fgets, sprintf, etc.
What would be lamest of all is if the certification process goes something like, "What's your security engineering process? Oh, sounds secure to us."
I assume from your comment that you're thinking about Microsoft?
Though the article mentions Microsoft because of their security record, I think that the drafters of the proposal are "thinking of" consumers, not the fortunes of any one company/group of developers. And, I believe it is the ethical duty of software developers, whether Open Source or proprietary, to think of the users of our software as well. Which is why, as I've said, if drafted correctly I'm not neccessarily opposed to such a law.
With regard to the specific example of IE, well, if IE has a security flaw that exemplifies gross negligence, then the fact that it's free won't mitigate against liability. If the flaw is in an OS component (as much of the functionality previously offered in IE is now embodied), then it wasn't free, was it?
WRT to the "seldom used" product, well if the company charged money for it, and if it had a security hole which caused actual damages to one of their customers, why shouldn't they be liable?
I saw lots of local concerts in 1993 in Portland Oregon for $5 and small national acts (King Missle, Mazzy Star) for $10-$15 (same venue, La Luna).
In the same year, I saw a triple bill of the Beastie Boys, Sonic Youth, and L7 at the Salem Armory. I believe the ticket cost was around $18.
I submit to you that the cost to see the "blockbuster" national acts has always been unreasonable, but lately even the small national acts are unaffordable. I'd wager this is because of the consolidation and anti-competitive practices occuring in the promotion industry more than anything else.
Your post is interesting, especially in light of the difficulty a court may have in accurately assigning liability to the correct party.
For instance, am I liable if I use the standard C function gets() in a program? I, as the program vendor, can argue that that's what was taught in my undergrad CS course, or I could point the finger at the language designer or C library vendor.
What about a program I write that communicates w/ other software via a standard protocol, and works perfectly if the other software adheres strictly to that protocol but fails in combination with another program which implemented that protocol incorrectly; am I to blame, or is the other vendor? What if the spec is vague?
As I've said in other posts, the potential for good legislation along these lines is there, but only with *heavy* involvement of people who understand issues such as these, along side of the industry lobbyists, consumer advocates and politicians.
The state of Texas has been licensing software engineers since 1998, and there is a push in software development professional organizations to have other states adopt this view of the software profession as well. With licensure come liability.
Consumer advocates have been pushing for an end to warranty disclaimers in software for some time.
This just adds another iron to an already burning fire.
I think that all of this is good and possibly of no harm to Free Software if implemented correctly. I.e. reasonable -- but not complete -- exemption for non-commercial software, not just OSS (see my other post re: Limited Liability); penalty according to degree of negligence, speed of response to notification, etc.
As an expansion of my post, I'd consider the following grossly negligent code sufficient to allow you to sue me even if you didn't buy it from me:
main_function(){
if(stdlib.getuserid() != "root") then exit "You need to have root priveleges to run this program."; else stdlib.execute_arbitrary_external_prog(stdlib.getu serinput());
}
The software producer's liability should be limited to the amount of their financial return on the software, except in cases where gross negligence is apparent. If I never made a dime of the sale of the software, I should be liable only for that $0.
Is that while the "software engineering" profession (academics, members of the ACM and IEEE, and large, primarily software-oriented companies) would be ecstatic to find such a method, the non-IT companies and managers which employ *most* software developers would not.
In other words, they will hear this as "close to all of our software projects will be within estimates if we follow method X."
However, because of their own perceived business needs (which may even be correct to an extent; remember, just as we're the presumed software experts and should be given the benefit of the doubt as far as understanding software engineering principles, they are the presumed business experts and should be presumed to understand *their* business and markets), the likelihood of actuall *rigorously* following method X gets considerably lower. This goes primarily to time-to-market considerations and changing requirements. Changing requirements are *inevitable*, particularly in initiatives where a non-IT company is trying to use technology to enhance their traditional business. Additionally, if we accept that a good understanding of the problem domain is one of the complexity factors that affect the likelihood of success of software projects, staff turnover and the loss of people within the IT infrastructure of the company who have a good undestanding of the problem domain will also tend to have a negative effect on the predictive success of a methodology in such an environment.
So when the inevitable failure occurs, the method (and by extension the profession) will still be percieved to be unreliable. This will especially be the case if this is an early effort in the organization. The reaction of the business people is likely to be (intuitively, even if they realize the illogic of their interpretation of statistics) "hey, your method predicted 80% success rate, but this is our second project, and it FAILED. That means we only got a 50% success rate. Your method sucks."
Finally, even the criteria for evaluating the "successfulness" of a software project will differ between sponsors of a project and the architects of said project in this environment. In the evaluation of the sotware engineering industry, a project that was delivered on time, within budget and with a high quality but too late for a market which changed underneath it, is a "success" according to the terms of the methodology, but to the business people who sponsored the project, it will likely be viewed as an unmitigated failure.
You do not own the copyright on the work contained on the DVD. Without a some limited license (explicit or implied) you can't really do much at all with it.
Exactly! Without the implied consent of the copyright owner the disc is completely useless. Therefore, most reasonable people would conclude that in the absence of an explicit licensing agreement, I am free to put the content to it's naive use (viewing) on whatever type of device I choose. Under copyright law, as long as I'm not re-publishing the content, I have not violated the rights of the copyright holder.
The only sticky situation here is that the DMCA makes distribution of the tool I need to view it in certain ways illegal (since that tool could also be used to make unecrypted copies and then republish them -- which would, of course, be a violation of copyright). The only way that issue is likely to get resolved is if the law is repealed or if the Supreme Court rules on it, and if they are to be consistent with the precedent they set in the Betamax case, I can't see how they could rule that the non-infringing uses (me viewing content I'm authorized to in any way I want since I signed no contract to the contrary) don't outweigh the threat posed by the possible uses for infringing purposes.
While it shouldn't be inherently illegal to decode and copy discs for legitimate purposes, that's not how DeCSS is being used, the majority of the time. It sucks, but it's true.
<sarcasm>Looks like it's time to go after those gun manufacturers. After all, their products are clearly being used to break the law with disastrous results for society.</sarcasm>
In our society, people are supposed to be held responsible for their *own* misdeeds, NOT the potential misdeeds of others. That was the heart of the Betamax decision, and it seems like the same standard should be applied here. DeCSS is not required for copying, and can be used for significant non-infringing purposes. PERIOD!
OO languages exist at the "high" end of the language-level spectrum. They're geared toward managing code complexity in the face of a problem domain which is conceptually complicated, primarily by encapsulating bits of the problem domain into digestible and self-contained sub-problems. The overhead of all of the OO constructs is worth it if the reduction of your problem domain into smaller chunks is neccessary to solve the problem (or advantageous in terms of directing the efforts of multiple team members in areas where some decoupling is possible).
However, if you problem is "low-level" or conceptually simple (though not neccessarily computationally simple) -- a recipe like "apply transformation x to dataset y, then transform again w/ algorithm z", the OO features simply serve as a distraction from thinking about your actual problem domain and it's solution.
So yes, IMHO, there are problems for which OO techniques are not ideally suited, and most importantly, if the techniques get in *your* way they are not the right tool for *you*. Rememer, languages and tools don't solve problems. People do. If a tool makes you task easier, use it. Otherwise, save yourself the time.
You are correct that there appears to be no *Federal* tax credit for political contributions. I was mistaken. There is a *state* tax credit for political contributions in some states (Oregon, where I used to live -- probably why I was confused -- and Massachusetts, AFAIK). I don't know what restrictions are placed on those contributions, and whether contributions to PACs fall under those credits. It's up to each individual to determine what tax benefits may be available to them.
However, the tax credit angle is a bonus, I don't suspect that will be of primary importance to anyone interested in this particular case.
That's why I said I don't know whether the best strategy would be to support particular candiates, or just campaign against the offending ones. I know "Geeks" often don't have a lot of common ground, which is what leads me to believe that *not* supporting particular candidates is the best idea. Hell, even Hollings may be great on certain issues. But he's trying to take away my freedoms, so screw him. He needs to be punished, and I can think of no better way to do that then to make sure he doesn't reclaim his office.
I'm going to investigate it a little on my own first, and see how hard it looks like it'll be, and get an idea of what's required. At this point I don't know what kind of resources will be required. I suspect that it's not so much a question of expertise as it is resources & compliance w/ regulations, but I could be wrong.
Of course, anyone who wants to volunteer expertise is welcome.
That is the point. It's a PAC. The bux will come from me, you, and anyone else reading this or subsequent info about it and deciding that they agree and want to give money/get a tax credit for standing up for their ideals.
There's a challenge to slashdotters here, and I wonder if anyone reading this is up to it. Lessig is absolutely right that an important role for us digerati is to convince more Americans that there is a real threat right now to our core values as a society.
I am thinking of Forming a PAC (Political Action Committee) to handle the PR/political machine side of this issue, as the EFF seems to be focussed more on the courts and influencing legislation *before* it's passed, and I think they do a good job at those activities. I almost registered a domain for such an entity today, but I think I want to research some of the relevant regulations WRT PACS and non-profits before I invest my personal cash in this.
The two first objectives I think I'd personally have for this organization is to build a war chest to campaign VERY AGRESSIVELY against any member of Congress who votes for anything remotely resembling the SSSCA. I'm not sure if that would mean campaigning for a particular opponent in each race, or just lots of negative advertising about the candidate.
Additionally, I'd like to see a TV commercial in heavy prime-time rotation which tells Americans how the MPAA & RIAA don't want them to have empowering technology and how Jack Valenti thinks the right of African Americans to creatively interpret their experience of our country's history is "insignificant."
As I said, I'm going to look into this. If anyone else thinks this is a good idea and is actually willing to do something about it too, let me know.
No, I meant direct tax credits to people who give money to artists, just as exists for donations to political campaigns. I.e., reward consumers for rewarding artists. That way the govt. doesn't have to get involved with the process of "qualifying" artists. I suppose if they needed some proof for tax evasion prevention, a system of registering artistic works (similar to the patent offic -- copyright #'s or some such) could exist so you could itemize the particular works you gave $$ for.
Slashdot Mirror
- The light rail tracks go everywhere that existing freeways go;
- Existing freeways adequately circulate traffic between the areas where people need to travel
At least in Pittsburgh, 1 is clearly false and 2 is quite debatable.Instead of installing some corrider-constrained, incredibly expensive Mag-Lev system of dubious value which does nothing to address the nightmare of getting from neighborhood to neighborhood in this tangle of hills, gullies and twisty streets they call a City, they could use existing arterials (supplimented perhaps with a couple of new ones) to *greatly* expand the reach of public transportion and make it practical to ditch the now-mandatory two-car-per-family lifestyle.
Phew, feels good to get that off my chest...
If it's "let's attack the binary and see if we can break it", that's potentially harder to catch something like this, but then again, how hard can it be to see if the binary links against the system C library at the known offsets of gets, fgets, sprintf, etc.
What would be lamest of all is if the certification process goes something like, "What's your security engineering process? Oh, sounds secure to us."
"Hello, helpdesk? I need to edit the Oracle config files, and I forgot the Oracle user's unix password."
"Hello, helpdesk? Brad Pitt's a friend of mine and will go out with you if you give me the root password for the Oracle box."
Taco's not a patent examiner.
Well, as for the balance sheets, only under subpoena if they're not a public company.
Though the article mentions Microsoft because of their security record, I think that the drafters of the proposal are "thinking of" consumers, not the fortunes of any one company/group of developers. And, I believe it is the ethical duty of software developers, whether Open Source or proprietary, to think of the users of our software as well. Which is why, as I've said, if drafted correctly I'm not neccessarily opposed to such a law.
With regard to the specific example of IE, well, if IE has a security flaw that exemplifies gross negligence, then the fact that it's free won't mitigate against liability. If the flaw is in an OS component (as much of the functionality previously offered in IE is now embodied), then it wasn't free, was it?
WRT to the "seldom used" product, well if the company charged money for it, and if it had a security hole which caused actual damages to one of their customers, why shouldn't they be liable?
In the same year, I saw a triple bill of the Beastie Boys, Sonic Youth, and L7 at the Salem Armory. I believe the ticket cost was around $18.
I submit to you that the cost to see the "blockbuster" national acts has always been unreasonable, but lately even the small national acts are unaffordable. I'd wager this is because of the consolidation and anti-competitive practices occuring in the promotion industry more than anything else.
For instance, am I liable if I use the standard C function gets() in a program? I, as the program vendor, can argue that that's what was taught in my undergrad CS course, or I could point the finger at the language designer or C library vendor.
What about a program I write that communicates w/ other software via a standard protocol, and works perfectly if the other software adheres strictly to that protocol but fails in combination with another program which implemented that protocol incorrectly; am I to blame, or is the other vendor? What if the spec is vague?
As I've said in other posts, the potential for good legislation along these lines is there, but only with *heavy* involvement of people who understand issues such as these, along side of the industry lobbyists, consumer advocates and politicians.
The state of Texas has been licensing software engineers since 1998, and there is a push in software development professional organizations to have other states adopt this view of the software profession as well. With licensure come liability.
Consumer advocates have been pushing for an end to warranty disclaimers in software for some time.
This just adds another iron to an already burning fire.
I think that all of this is good and possibly of no harm to Free Software if implemented correctly. I.e. reasonable -- but not complete -- exemption for non-commercial software, not just OSS (see my other post re: Limited Liability); penalty according to degree of negligence, speed of response to notification, etc.
main_function(){u serinput());
if(stdlib.getuserid() != "root") then exit "You need to have root priveleges to run this program.";
else stdlib.execute_arbitrary_external_prog(stdlib.get
}
But the following I would not:
main_function(){
// running as root
integer buflen = 5000;
stdlib.bounds_checked_read_input (stdlib.getuserinput(), buflen);
drop_root_privs();
}
even though the latter may represent a format string vulnerability.
(Entered in pseudocode lest someone get the cute idea to actually sue me)
The software producer's liability should be limited to the amount of their financial return on the software, except in cases where gross negligence is apparent. If I never made a dime of the sale of the software, I should be liable only for that $0.
In other words, they will hear this as "close to all of our software projects will be within estimates if we follow method X."
However, because of their own perceived business needs (which may even be correct to an extent; remember, just as we're the presumed software experts and should be given the benefit of the doubt as far as understanding software engineering principles, they are the presumed business experts and should be presumed to understand *their* business and markets), the likelihood of actuall *rigorously* following method X gets considerably lower. This goes primarily to time-to-market considerations and changing requirements. Changing requirements are *inevitable*, particularly in initiatives where a non-IT company is trying to use technology to enhance their traditional business. Additionally, if we accept that a good understanding of the problem domain is one of the complexity factors that affect the likelihood of success of software projects, staff turnover and the loss of people within the IT infrastructure of the company who have a good undestanding of the problem domain will also tend to have a negative effect on the predictive success of a methodology in such an environment.
So when the inevitable failure occurs, the method (and by extension the profession) will still be percieved to be unreliable. This will especially be the case if this is an early effort in the organization. The reaction of the business people is likely to be (intuitively, even if they realize the illogic of their interpretation of statistics) "hey, your method predicted 80% success rate, but this is our second project, and it FAILED. That means we only got a 50% success rate. Your method sucks."
Finally, even the criteria for evaluating the "successfulness" of a software project will differ between sponsors of a project and the architects of said project in this environment. In the evaluation of the sotware engineering industry, a project that was delivered on time, within budget and with a high quality but too late for a market which changed underneath it, is a "success" according to the terms of the methodology, but to the business people who sponsored the project, it will likely be viewed as an unmitigated failure.
The only sticky situation here is that the DMCA makes distribution of the tool I need to view it in certain ways illegal (since that tool could also be used to make unecrypted copies and then republish them -- which would, of course, be a violation of copyright). The only way that issue is likely to get resolved is if the law is repealed or if the Supreme Court rules on it, and if they are to be consistent with the precedent they set in the Betamax case, I can't see how they could rule that the non-infringing uses (me viewing content I'm authorized to in any way I want since I signed no contract to the contrary) don't outweigh the threat posed by the possible uses for infringing purposes.
Also, look how guns are being used:o vember/111298.htm o n_news/STORY.ea7fa58a63.b0.af.0.a4.33ca3.html 0 4.html 4 .shtml
http://www.police.nashville.org/news/media/1998/n
http://www.co.ramsey.mn.us/attorney/pr_thao.html
http://www.dallasnews.com/metro/arlington/arlingt
http://woub.org/news/Stories/2001/January/010109-
http://seattlepi.nwsource.com/local/43950_murder2
<sarcasm>Looks like it's time to go after those gun manufacturers. After all, their products are clearly being used to break the law with disastrous results for society.</sarcasm>
In our society, people are supposed to be held responsible for their *own* misdeeds, NOT the potential misdeeds of others. That was the heart of the Betamax decision, and it seems like the same standard should be applied here. DeCSS is not required for copying, and can be used for significant non-infringing purposes. PERIOD!
OO languages exist at the "high" end of the language-level spectrum. They're geared toward managing code complexity in the face of a problem domain which is conceptually complicated, primarily by encapsulating bits of the problem domain into digestible and self-contained sub-problems. The overhead of all of the OO constructs is worth it if the reduction of your problem domain into smaller chunks is neccessary to solve the problem (or advantageous in terms of directing the efforts of multiple team members in areas where some decoupling is possible).
However, if you problem is "low-level" or conceptually simple (though not neccessarily computationally simple) -- a recipe like "apply transformation x to dataset y, then transform again w/ algorithm z", the OO features simply serve as a distraction from thinking about your actual problem domain and it's solution.
So yes, IMHO, there are problems for which OO techniques are not ideally suited, and most importantly, if the techniques get in *your* way they are not the right tool for *you*. Rememer, languages and tools don't solve problems. People do. If a tool makes you task easier, use it. Otherwise, save yourself the time.
However, the tax credit angle is a bonus, I don't suspect that will be of primary importance to anyone interested in this particular case.
But thanks for the correction.
I've never seen an ad sponsored by the EFF and I get the idea that that's not what they are about.
That's why I said I don't know whether the best strategy would be to support particular candiates, or just campaign against the offending ones. I know "Geeks" often don't have a lot of common ground, which is what leads me to believe that *not* supporting particular candidates is the best idea. Hell, even Hollings may be great on certain issues. But he's trying to take away my freedoms, so screw him. He needs to be punished, and I can think of no better way to do that then to make sure he doesn't reclaim his office.
I'm going to investigate it a little on my own first, and see how hard it looks like it'll be, and get an idea of what's required. At this point I don't know what kind of resources will be required. I suspect that it's not so much a question of expertise as it is resources & compliance w/ regulations, but I could be wrong.
Of course, anyone who wants to volunteer expertise is welcome.
That is the point. It's a PAC. The bux will come from me, you, and anyone else reading this or subsequent info about it and deciding that they agree and want to give money/get a tax credit for standing up for their ideals.
I am thinking of Forming a PAC (Political Action Committee) to handle the PR/political machine side of this issue, as the EFF seems to be focussed more on the courts and influencing legislation *before* it's passed, and I think they do a good job at those activities. I almost registered a domain for such an entity today, but I think I want to research some of the relevant regulations WRT PACS and non-profits before I invest my personal cash in this.
The two first objectives I think I'd personally have for this organization is to build a war chest to campaign VERY AGRESSIVELY against any member of Congress who votes for anything remotely resembling the SSSCA. I'm not sure if that would mean campaigning for a particular opponent in each race, or just lots of negative advertising about the candidate.
Additionally, I'd like to see a TV commercial in heavy prime-time rotation which tells Americans how the MPAA & RIAA don't want them to have empowering technology and how Jack Valenti thinks the right of African Americans to creatively interpret their experience of our country's history is "insignificant."
As I said, I'm going to look into this. If anyone else thinks this is a good idea and is actually willing to do something about it too, let me know.
No, I meant direct tax credits to people who give money to artists, just as exists for donations to political campaigns. I.e., reward consumers for rewarding artists. That way the govt. doesn't have to get involved with the process of "qualifying" artists. I suppose if they needed some proof for tax evasion prevention, a system of registering artistic works (similar to the patent offic -- copyright #'s or some such) could exist so you could itemize the particular works you gave $$ for.