Basically, we as a community need to come up with a bit of a modification to section 6 of the GPL, the part that prevents additional restrictions as terms of the license. These "problems" will only cause a real schism if we sphexishly stand by that clause.
So, you are suggesting that you be able to place restrictions on code that the original author did not place on the code?
That is what I'm hearing... that you want to be able to place restrictions on the code that someone else wrote.
Which makes me wonder... why don't you just use a BSD type license?
The GPL seems to me to be specifically for people that don't want others placing additional restrictions on their work.
Congrats... you are the first post I've seen that gets one of the very important points.
I've seen everyone say that IE 6 isn't vulnerable... and all I keep thinking is: Not to this particular instance of the exploit. That doesn't mean it is free of problems from this class of exploits.
But, you can bet that the person that wrote this one little bit of code wrote a lot of other code. So, what you have in front of you is a class of problem that can be tried over the entire binary code base. You now know that one image handling routine is succeptible to this flaw... and now you can start targeting them all. Without needing access to the source code for that part of the software.
Know how many times Windows (a graphical user interface) handles bitmapped files? Every one of those is a possible point of failure that you don't need the source code to find... simply start feeding something like this bmp to each of them.
Actually, the reason we have the subsidies is to maintain capacity for that time (in the not so near future?) when we finally piss off the entire world and we have to feed ourselves.
We need to be able to feed ourselves if things go bad... isolationist that we would rather be.
If the code was leaked from a Linux/Unix computer, why was the code found being distributed in a zip archived file instead of a compressed tar archived file?
Perhaps it got into the computer (from MS) as a zip file? And... they kept the original.
When a backup server kicked-in, it also failed, unable to handle the accumulation of unprocessed events that had queued up since the main system's failure.
I'd have to say that this stands out to me to be a big part of the problem.
You can't expect these people to be able to make the appropriate choices if they don't have relevant data.
My point was that Disney created a situation where I have two copies... one of which I don't want.
They have created a product where the desired version is not the legitimate version. The desired version is "fixed" of the "flaws" they intentionally put in the product. (Excessive advertisement and/or ads that can't be skipped.)
The same thing will happen with DRM. It will get "fixed" and people will prefer the "fixed" version over the legitimate version.
Re:Broken business model
on
Linux and DRM?
·
· Score: 4, Interesting
Linux is never going to play these DRM'd Disney movies
Oh... it'll play them. They just won't be DRM'd when it does.
Ever buy a Disney movie? I've got a two year old... and Disney wants to shove 13 previews down your throat before you can watch the main attraction.
So... the first thing I do with a Disney DVD is rip the movie and burn it to another DVD. Insert and play... without the previews.
If anything, they are contributing to the problem of privacy... because I now have a Disney DVD that is of no use to me (the original) and I'm tempted to sell the damn thing.
Believe me, MS DRM will be cracked... and you'll be able to watch it on your Linux box... and paying for it will be your choice.
All because of the bad choices they have made.
P.S. None of this is meant to condone illegal behavior. Nor is it meant to condone bad behavior on the Corp's part.
While it may not have a place on the desktop (which I don't agree with...) it does just fine in the living room.
Like my TIVO.
And that, IMHO, is much more relevant to the subject of DRM.
And, I predict that the most effective DRM system will be an "Open" one. Only intense scrutiny will be able to create a system strong enough to work. (For various definitions of "work";-))
Have you ever ran several W2K instances in VMWare at the same time? While trying to get real work done?
I develop web apps... and I have to check against several versions of IE along the way. This is the most cost effective way.
I've got my develpment environment running apache, mod_perl and MySQL... quanta, GIMP and Mozilla... and a couple of instances of VMWare w/ 256M RAM each... running most of the day.
You'd be real surprised how fast you can load down a good box.
Are you quite certain you don't want any "Anonymous Cowards" in your house?
Dude... I answer the door with one hand behind the door... on a 9mm w/ a loaded clip, one in the barrel and the safety off.
Sometimes it is even pointed at the person, tho they can't see it.
I'm quite certain I would never let someone in my home without at least a name. It may not be their real name, but the will have to offer one up.
If someone knocked on your door and asked to be let inside, and refused to identify themself... would you let them in?
You presume that the only reason someone might want to remain anonymous is that they are advocating some position which you might be uninteresting to you. That's certainly the more common situation.
But the other circumstance is when someone is doing you a favor, but is only willing to do so if they can remain anonymous. Those situations are incredibly rare. But by their very nature they cannot be anticipated so that you can turn off your requirement for identity in advance.
Actually, I presume that I'm doing exactly what I want to be doing at that point in time... and, a knock at the door is interrupting that.
I'm also very capable at finding information and I'm more than willing to forgo the unsolicited "help" of others.
And... if Planned Parenthood ever sent anyone to my house unsolicited... then I'd stop supporting them. Something I've done since 1982.
It isn't about remaining anonymous, a right I heartily defend myself... when appropriate. I simply don't approve of the intrusion.
First of all, there is no credible difference between holding a discussion over slashdot or holding a discussion over email. Do it through a hotmail account and you're even using the same program to do it. You can come to slashdot and read something you find offensive without warning in advance that it is, just like can happen with email. So trying to draw an arbitrary distinction between anonymous cowards on slashdot and anonymous cowards in email is just that, arbitrary.
There are one very important differences in my mind.
Percieved and intended audience. I'm not talking about the technical aspects of security and privacy and sniffing the wire... I'm talking about the percieved audience of the participants.
Many people consider their email to be private. Unwanted email is a violation of that privacy.
Not many people consider a posting on Slashdot to be private.
One might also argue that shielding yourself from that which you find offensive is bad for the mind. If you shy away from extremes, inevitably your comfort zone shrinks, and you become close-minded. It's only by trying to see the viewpoints of those who disgust you that you can come to truly new realizations about how the world works. Treading the trodden moral paths doesn't take you into uncharted lands, though it does guarantee you a pretty average and "normal" life.
I agree. But that doesn't mean that someone should be able to force it upon you.
Again, a person should be able to have a bit of privacy when they want. Not everywhere, but at least in their own home using the tools that they use for the sole purpose of communicating with their family.
I know many people that only have email so they can keep in touch with their family... they like seeing pictures of their grandkids.
Surely we (as a society) don't need to intrude upon that, do we? Can't people have one way of communicating with family and friends that isn't accessible to commercial interests?
Too bad the founding fathers didn't recognize privacy as a right that could be threatened. Until a few decades ago, it wasn't feasible to tie together the knowledge the world has amassed on someone into one large fount of dirty details. Today it is. Most people can have their lives ruined just by the not-so-secrets that are spread around the globe about them (don't believe me? think about everything you've ever purchased with a credit card, now think about everyone in your life knowing about those purchases... unnerving, isn't it?).
Some, such as myself, would say that the fourth ammendment covers that. Of course, my thoughts on the matter don't count in a court of law, but... I do think they saw the issue and addressed it the best they could.
Slashdot Mirror
Basically, we as a community need to come up with a bit of a modification to section 6 of the GPL, the part that prevents additional restrictions as terms of the license. These "problems" will only cause a real schism if we sphexishly stand by that clause.
So, you are suggesting that you be able to place restrictions on code that the original author did not place on the code?
That is what I'm hearing... that you want to be able to place restrictions on the code that someone else wrote.
Which makes me wonder... why don't you just use a BSD type license?
The GPL seems to me to be specifically for people that don't want others placing additional restrictions on their work.
But technically you're depriving the artist(s) and all the people who get money from the recording, their royalties.
I'm also depriving them of the royalties when I simply decide not to buy the music... and not copy the music.
If I'm an honest man (which I try to be... mostly) they still get no money from me. If I "stole" the music... nothing would change, for them.
So, the copying of the music... and the missed royalties are loosely linked, at best.
If I didn't copy their music (I didn't) I'm still not going to buy the music (I'm not).
So... what did one have to do with the other? I missed that part...
Congrats... you are the first post I've seen that gets one of the very important points.
I've seen everyone say that IE 6 isn't vulnerable... and all I keep thinking is: Not to this particular instance of the exploit. That doesn't mean it is free of problems from this class of exploits.
But, you can bet that the person that wrote this one little bit of code wrote a lot of other code. So, what you have in front of you is a class of problem that can be tried over the entire binary code base. You now know that one image handling routine is succeptible to this flaw... and now you can start targeting them all. Without needing access to the source code for that part of the software.
Know how many times Windows (a graphical user interface) handles bitmapped files? Every one of those is a possible point of failure that you don't need the source code to find... simply start feeding something like this bmp to each of them.
Automated testing at it's finest.
Not everyone that looks at this code is going to be nice enough to tell the "good guys" about the exploits.
Instead, they will write and release exploits... leaving MS to find the particular code that is messed up.
But like most Linux users he dicks around in Gentoo for a couple hours before switching over...
So... right now we are in the Gentoo phase of his presidency?
Thanks for the rundown... their slow server made it impossible to read the article before reading all the comments.
Actually, the reason we have the subsidies is to maintain capacity for that time (in the not so near future?) when we finally piss off the entire world and we have to feed ourselves.
We need to be able to feed ourselves if things go bad... isolationist that we would rather be.
Good point.
Perhaps the target was a Windows machine. Your chances of compiling any of this in a non-MS environment are probably smaller than on Windows.
I guess, in the end, only the person that did it knows why it was zipped instead of tar-gzipped.
If the code was leaked from a Linux/Unix computer, why was the code found being distributed in a zip archived file instead of a compressed tar archived file?
Perhaps it got into the computer (from MS) as a zip file? And... they kept the original.
How do you know?
Most out of court settlements require confidentiality... so, you would not hear about them.
All we can really say is that, once threatened with a patent suit, nobody has actually stood up to them in court.
That is all we really know... that it has never gone to court.
That doesn't mean that they haven't used them offensively.
All I could find was versions for Windows.
Thanks, but I'll pass.
When a backup server kicked-in, it also failed, unable to handle the accumulation of unprocessed events that had queued up since the main system's failure.
I'd have to say that this stands out to me to be a big part of the problem.
You can't expect these people to be able to make the appropriate choices if they don't have relevant data.
Due to the nature of any DRM system, it has to act as a black box which is contrary to the beliefs of the community.
DRM does not have to be a black box any more than PGP needs to be a black box.
The reason it is being developed in "secret" is so that customers will not be aware that they are being screwed.
It isn't a technological issue, it is social.
DRM won't be effective until it is developed using open methodology, IMHO.
Yes, I know.
My point was that Disney created a situation where I have two copies... one of which I don't want.
They have created a product where the desired version is not the legitimate version. The desired version is "fixed" of the "flaws" they intentionally put in the product. (Excessive advertisement and/or ads that can't be skipped.)
The same thing will happen with DRM. It will get "fixed" and people will prefer the "fixed" version over the legitimate version.
Linux is never going to play these DRM'd Disney movies
Oh... it'll play them. They just won't be DRM'd when it does.
Ever buy a Disney movie? I've got a two year old... and Disney wants to shove 13 previews down your throat before you can watch the main attraction.
So... the first thing I do with a Disney DVD is rip the movie and burn it to another DVD. Insert and play... without the previews.
If anything, they are contributing to the problem of privacy... because I now have a Disney DVD that is of no use to me (the original) and I'm tempted to sell the damn thing.
Believe me, MS DRM will be cracked... and you'll be able to watch it on your Linux box... and paying for it will be your choice.
All because of the bad choices they have made.
P.S. None of this is meant to condone illegal behavior. Nor is it meant to condone bad behavior on the Corp's part.
While it may not have a place on the desktop (which I don't agree with...) it does just fine in the living room.
Like my TIVO.
And that, IMHO, is much more relevant to the subject of DRM.
And, I predict that the most effective DRM system will be an "Open" one. Only intense scrutiny will be able to create a system strong enough to work. (For various definitions of "work";-))
Probably shouldn't feed the trolls, but...
Have you ever ran several W2K instances in VMWare at the same time? While trying to get real work done?
I develop web apps... and I have to check against several versions of IE along the way. This is the most cost effective way.
I've got my develpment environment running apache, mod_perl and MySQL... quanta, GIMP and Mozilla... and a couple of instances of VMWare w/ 256M RAM each... running most of the day.
You'd be real surprised how fast you can load down a good box.
I figured the second part was a joke... but wasn't sure if the first part fell within the same scope.
Thanks for the clarification.
No, I was more interested in booting off a live CD so I could work on the machine and do hard drive imaging.
I spent a couple of days trying 5 or 6 different live CD distro's... and Knoppix was the only one I could get into a shell. Most of them just froze.
Took me almost half a day to find the magic codes to get that far... Never could get X to work.
I'm not sure if you are being serious or not. Can you elaborate?
I use it daily running Debian, so I'm pretty sure it is OK with Linux...
Because MandrakeMove freezes durning hardware detection and Knoppix doesn't?
Mandrake certainly doesn't like something about this setup:
Dual Xeon
Intel IHC5R w/ 875P chipset (ASUS PC-DL Deluxe)
NVidia FX5900
SATA RAID
1G RAM
Are you quite certain you don't want any "Anonymous Cowards" in your house?
Dude... I answer the door with one hand behind the door... on a 9mm w/ a loaded clip, one in the barrel and the safety off.
Sometimes it is even pointed at the person, tho they can't see it.
I'm quite certain I would never let someone in my home without at least a name. It may not be their real name, but the will have to offer one up.
If someone knocked on your door and asked to be let inside, and refused to identify themself... would you let them in?
You presume that the only reason someone might want to remain anonymous is that they are advocating some position which you might be uninteresting to you. That's certainly the more common situation.
But the other circumstance is when someone is doing you a favor, but is only willing to do so if they can remain anonymous. Those situations are incredibly rare. But by their very nature they cannot be anticipated so that you can turn off your requirement for identity in advance.
Actually, I presume that I'm doing exactly what I want to be doing at that point in time... and, a knock at the door is interrupting that.
I'm also very capable at finding information and I'm more than willing to forgo the unsolicited "help" of others.
And... if Planned Parenthood ever sent anyone to my house unsolicited... then I'd stop supporting them. Something I've done since 1982.
It isn't about remaining anonymous, a right I heartily defend myself... when appropriate. I simply don't approve of the intrusion.
I think it would be better to buy the companies that license SysV code... and have them stop.
Cut off their air supply...
Feburary 2nd
No... wait... that was a ground hog, not a gopher.
Sorry.
First of all, there is no credible difference between holding a discussion over slashdot or holding a discussion over email. Do it through a hotmail account and you're even using the same program to do it. You can come to slashdot and read something you find offensive without warning in advance that it is, just like can happen with email. So trying to draw an arbitrary distinction between anonymous cowards on slashdot and anonymous cowards in email is just that, arbitrary.
There are one very important differences in my mind.
Percieved and intended audience. I'm not talking about the technical aspects of security and privacy and sniffing the wire... I'm talking about the percieved audience of the participants.
Many people consider their email to be private. Unwanted email is a violation of that privacy.
Not many people consider a posting on Slashdot to be private.
One might also argue that shielding yourself from that which you find offensive is bad for the mind. If you shy away from extremes, inevitably your comfort zone shrinks, and you become close-minded. It's only by trying to see the viewpoints of those who disgust you that you can come to truly new realizations about how the world works. Treading the trodden moral paths doesn't take you into uncharted lands, though it does guarantee you a pretty average and "normal" life.
I agree. But that doesn't mean that someone should be able to force it upon you.
Again, a person should be able to have a bit of privacy when they want. Not everywhere, but at least in their own home using the tools that they use for the sole purpose of communicating with their family.
I know many people that only have email so they can keep in touch with their family... they like seeing pictures of their grandkids.
Surely we (as a society) don't need to intrude upon that, do we? Can't people have one way of communicating with family and friends that isn't accessible to commercial interests?
Too bad the founding fathers didn't recognize privacy as a right that could be threatened. Until a few decades ago, it wasn't feasible to tie together the knowledge the world has amassed on someone into one large fount of dirty details. Today it is. Most people can have their lives ruined just by the not-so-secrets that are spread around the globe about them (don't believe me? think about everything you've ever purchased with a credit card, now think about everyone in your life knowing about those purchases... unnerving, isn't it?).
Some, such as myself, would say that the fourth ammendment covers that. Of course, my thoughts on the matter don't count in a court of law, but... I do think they saw the issue and addressed it the best they could.