They mention wireless devices as one of their target markets- that may be where the utility comes in. Both 802.11b and traditional fiber-optic frame relay are electronic channels, but the latter is potentially much more secure, since the attack has to actually tap the cable (or more likely, mis-use an existing connection).
They could transmit the one-time pad over wired connections, before sending the messages themselves over the less secure radio broadcast.
(On a geometrical tangent: The spatial extents that the intruder must visit to intercept a wired-message are in a thin cylinder around the wire (of length N), rather than in a hemisphere of radius N centered on the sender. Thus, the total volume of vulnerable space is much smaller, and it is easier to physically protect the space from intruders).
Many supposed crypto-breakthroughs actually boil down to simply moving your vulnerable channel from one time/place to another. In this case, the message itself might be "secure", but the the initial communication to establish the keys for that message won't be (and, if intercepted, can decode the entire message).
Shifting the point of vulnerability is a useful approach in many cases (maybe not this one). Its actually the basis of One-Time-Pad's effectiveness. In a normal OTP, you transfer the key first via physical travel, and then send the message electronically sometime later. This allows you to impose physical security on the key (your courier is well-armed!!), which then extends up to the later message itself.
However, that only works if the participants are willing to go through the extra hassle and delay of recieving pads by armored car. (And they pay the deliverymen too much to be bribed, etc...). It's unlikely that a commerically successful business could be built from this, since customers won't be likely to wait that long. If you try to transmit your pads over the internet, as opposed to some "inherently trustworthy" medium, then the only benefit over regular cleartext emails is the extra latency it'll take for hackers to decide that E2Sec is an interesting target.
Funny, I work for a top 5 defense contractor, and we use open source all the time. (Obeying the licenses carefully of course- mostly not even compiling the code, just installing Redhat's binaries or whatnot).
Maybe it's because I'm in the research/development, and training/planning fields, and don't build systems to go on the actual vehicles that do the shooting and the killing...
Yes, security classifications are legally enforced. But if you cannot simultaneously simultaneously obey the the Gnu Public license and the law, then the license doesn't take effect, copyright law kicks in, and you have no permission to redistribute modified code at all.
Any person who inserts willingly mingles GPL code with classified code is either immediately violating copyright, or conspiring to commit espionage (when they release the code, as the license requires).
Of course, in real life no real criminal espionage charges would be pressed. If this were to actually happen- by accident, say, a subcontractor programmer gets confused), and is found out, then the government would have to weigh the value of the combined code, and either arrange payment to the original authors, or promise to destroy (in a security-level approved fashion) the offending software. Unless they declare it a matter of National Security and just pull the whole thing under Eminent Domain.
Although technically, GPLed software is not permissible for classified applications (where the code is secret, not just the data), if the Pentagon feels its important enough, then the US military can always choose to disregard any intellecual property laws.
They have a long history of this- most famously, they took the Wright brother's patent on heavier-than-air flying machines. An invention of that magnitude should be worth TRILLIONS of dollars (in today's currency, after accumulating 90 years of interest), and they didn't pay a cent. There was a war on!
No, the GPL is meant to protect the developers of software. RMS initially created the GPL after he, as a developer, was screwed by a company who marketed emacs without paying him, and without releasing their source code.
GPL is supposed to allow developers to give out their source code, without having to worry that someone else will change the code and not share their modifications.
I code for the army, and we're very clear that unless they truely don't mind Iraq getting a copy of their software, then it can't be based on GPL sources. If its GPL, then any developer, contractor, sysadmin, or random private who comes across the code can walk it right off the base, and no one can legally stop him.
(I suppose for some categories of software, the benefit to Iraq might be low enough that the Army truly wouldn't mind giving them a copy- especially if the hardware is permantently beyond their reach)
No, THIS is a misunderstanding. You using software (GPL or otherwise) means you do have to distribute it.
Ok, ok, if genuinely only one person modifies the code and executes the binary, then he can get some use out of a GPL product without releasing his changes. The military has lots of personnel, though, and they won't find it economical to do serious developement on software that can only ever have one operator.
As soon as the developer starts giving it to his coworkers, system administrators, pilots, navigators, or whomever, then it's trivial for a lawyer to argue that "distribution" has occured.
Doesn't matter that it was distributed only within a certain group, the users still must be given unrestricted access to the source code as required by GPL. You can't tell them on one hand "You can take this binary, and its source code, and modify that source code as you like, as long as the GPL license on it is respected" while simulataneously telling them "But if you exercise your rights under GPL, you'll be court-martialed or fired".
Corporations, for instance, are legally a single entity. But Ford Motor Company can't purchase a single user license to Microsoft Word and claim that's enough for all their employees. Likewise, if a corporation or military unit wants to seriously use a modified GPL product, they must distribute it amoung their members. They can't claim to be a single person to get around that fact.
If corporations or other entities were allowed to violate GPL in this way, it would create a loophole where customers would sign up for "Corporate Employeeship" before puchasing binary distributions of modified GPL code.
Maybe this is an intentional joke/troll, but it's completely wrong. If you distribute the binary, it must be under the terms of the GPL. Not only do the users need to be able to get the source, but the GPLed source- that means they are allowed to modify and redistribute it as they see fit.
If you use some other means (written orders from the commanding officer) to force the users not to republish the source code, then you have NOT given them a GPLed release, because you haven't given them permission to redistribute it under the same terms you acquired the software with.
(I do software contracting for the US military, and we'll include LGPL or PD code, but not GPL).
Imagine if this happened in the civilian world- CompanyX modifies GPLed GNU Emacs and puts it up for sale- but before a customer can purchase it, they have to sign a separate contract promising to never redistribute the source code. It's a blatant violation.
(Actually, that has been attempted before. A group published a modified version of the GPLed Quake game, but required users to sign away their rights to the source code before they could download the binary. The original author sent his lawyers after them, and they gave up on the scheme)
Right. And I have to wonder why Sun never promoted any software like this for their (so-called) Java Platform. Concepts like sandboxing fit so naturally into the java environment... its a shame they didn't try to leverage that as a way to attract users who're afraid to install native-code packages because of the possibile unknown side-effects.
For each OS that a Java runtime was provided for, Sun should've shipped a installer so that you can download and invoke a JPM file (or some extension like that) which creates prepares a java application for execution in the manner that users of the OS will expect of all their applications. If any such application desires to access a disk (aside from temporary cache-files that only it can read) it must request permission from the same installer. Then the user could choose to allocate a specific set of directories and file-types that can be modified, or choose to give approval on a case-by-case basis.
Instead, there is NO standard mechanism for installing a Java application. Running a Java program (I'm remembering the Batik SVG viewer specifically, but most seem like this) is a little mess of JVM pathnames, environment variables, and command-line options. Its just as bad on a Microsoft Windows system as a Unix one (which is actually worse, since Microsoft users are less equipped to cope with those matters)
, by Lessig, famous law professor of the internet. One interpretation of that quote is that if you want to enforce behavior on a computer system (give it a "law"), this should be done in software.
That is, don't TELL application developers what their gui should look like, where they should install to, and which system services they should hook into- MAKE them do what you want, by providing code for them to call which has the proper behavior. Not only is the correctness more enforcable if they're calling your supplied code libraries, but also the development effort required to comply with the regulations is reduced.
The microsoft software-installation routines (introduced with Windows95 I think) are a great example of how violation of this principle really hurt users. Microsoft TOLD developers how software should install, but they didn't provide code to do this. Any individual product could use entirely its own routine. Programmers quickly tired of rewriting installers again and again, and soon about 50% of products were using the "InstallShield" libraries- meaning that each time you downloaded a 20k shareware system extension, the package came with 600k of installshield runtimes, which you'd already downloaded before with 10 other products.
The Installer-Wars described in this feature are another problem that could've been avoided if Microsoft Windows-95 had provided a centralized installer system. Instead of allowing and encouraging each product to come with its own installer that selects what filetypes to associate with, and what system DLLs to override, the products should just come with a machine-readable file (much like a redhat package manager.spec) that informs the operating system of the package's abilities.
Then the operator can go to a neutral application (Control Panel) and decide which programs get to perform which common tasks (read.MP3, read.JPG, browse the web, send email). All of the constant whining of "Warning- some of Realplayer's associated filetypes have been removed! Do you want me to automatically rewrite the system settings everytime I start up?" could've been elminated.
Opportunities to secretly install spyware would be seriously reduced also.
Some windows users think that because installing software gives them lots of pictures and buttons, they're somehow better off than typing "apt-get install gizmo-tron".
To summarize- yes, there should be a framework for how SOFTWARE installs on a COMPUTER- but it should be enforced by SOFTWARE on a COMPUTER, not a bunch of government gunmen in blue suits.
Is a CVS repository a "preferred form"?
on
Abusing the GPL?
·
· Score: 2, Interesting
A question related to the issue of "what constitutes the preferred form for modifications?" has been bothering me for a while. Look at this continuom of ways the code for a C++ project could be delivered:
C++ source, preprocessed into one long file, with some inlines and loops expanded.
C++ source with identifiers changed to machine-generated symbols ("a0000", "a0001"...)
C++ source with comments stripped out.
"normal" C++ source code
C++ code with an accompanying HTML (or texinfo, or whatever) document describing its functionality in purely human readable terms (Operator's Manual / Developer's Manual)
C++ code in a CVS repository, with complete logs of all past version of the file and the reasons for each change.
Clearly, type 4 is what normally gets distributed when someone modifies a GPL project. But arguably, type 3 or even 2 could be preferred by some people. (Especially if you neglected to modify the comments in the original code as you made your changes- it could be better to remove comments than to include untrue statements).
However, when I work on C++ code, if type 5 or 6 is availible, then I strongly prefer to use them as I study how to make my changes. Yet many (most?) people wouldn't be comfortable exposing all the dirty, broken, wrongheaded mistakes they made over years of developement, which is what would happen if CVS revisions were included.
All of items 2,3,5, and 6 refer to commments of one sort or another- things that make no difference when the program executes, and don't even effect the compiler, but serve just to inform interested humans. A CVS repository, a separate document file,/*comments inside code*/, even useful_and_descriptive_variable_names are all Auxiliary Documentation that is not technically part of the code.
Where should we draw the line? Where does the law draw the line?
I've got an Agenda (although I waited until the price had dropped more than 50%). Strangly, the resolution and monochromeness were both selling points for me! The resolution is better than a Palm (160x240 vs 160x160, due to no Graffiti area), and monochrome means much better battery life.
However, their hardware spec was still hugely flawed. Some of the more obvious deficiencies:
/dev/dsp: They built in sound hardware (input and output!), with a port for a nokia-style earmike. But to this day no useful software has used it. An mp3 player isn't too much fun when you've got maybe 3 megabytes storage free.
too small: It's SMALLER than most Palms! That sounds like an advantage, but the fact is, the customers for a Linux device are going to be geeky hackers, and willing to look like a nerd for hauling around a huge brick of hardware. If the Agenda had been slightly bigger, not slightly smaller, then there may have been room for AA batteries (much longer life), more RAM, more flash, or who knows.
not enough memory: Here's the memory on my unit:
\w\$ cat/proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 7798784 7487488 311296 0 0 729088
Swap: 0 0 0
MemTotal: 7616 kB
MemFree: 304 kB...
8 meg is adequate. I guess. Barely. If they could've bumped it up to 16, the device would've been much more useful. Today hardware hackers enjoy pulling apart SIMMs to solder in this upgrade themselves- if its that easy, the factory should've done it.
not enough storage: Same deal as the RAM. Had 8, should've had 16. Most of the 8 was already exhausted by kernel,/bin,/usr/bin/X11R6,/usr/bin/games, etc. With 16 flash, the out-of-box device would've come mostly empty, instead of mostly full, which is a world of difference. Many Palm users felt decieved when they found that the advertised "8 megs of storage" wasn't all usable for their contacts and appointments.
Here's the stats:
\w\$ df -h
Filesystem Size Used Available Use% Mounted on/dev/mtdblock0 3.3M 212.0k 3.0M 6%/flash
Replaceable batteries: You had to unscrew the case to change the AAA batteries, rather than being able to slap it in the dock every night and never think about losing power, like you can with many Palms and PocketPC units. That would've been an especially important advantage for a device whose usefulness come from software hacking. You want to plug it in, export DISPLAY=workstation:0, and beging to code, without worrying that operating the serial port drains batteries faster than normal unplugged operation. This problem reduced the convenience of developing new software for the Agenda, which thus reduced the benefit that a Free Software operating system should've given them.
No USB: USB is cool, what can I say? A USB port could've not only handled the recharge problem from the same plug as the data, but it would've had better bandwidth too, and not require a nonstandard serial-port adapter. And imaging if the PDA could emulate a USB mass-storage device to export its filesystem to random PCs you meet throughout the day (kinda like the Terapin Mine, but that's a $700 system).
I could go on and on, but you get the idea. If they'd done just 1 or 2 of those rather simple improvements, they could've justified the higher price to average users.
It ALWAYS could sync with Linux, because any two linux machines can sync with each other if they have serial ports, pppd, and rsync!
If that's not enough for you, then its Free Software, so go and write your own improvements. The only financial reason that a company should try to sell their hardware with Linux (aside from the kewlness factor) is to reduce their software developement costs, because the user community will step in and do it for free.
(That said, their fatal mistake was that starting to program was too hard- it needed too much hackivation energy. They released the source code, but as a mismash of patches to other projects. If they'd let users download a single tarball which built into a kernel and full set of executables, their software deficiencies would've been fixed faster, and maybe they'd have survived to this day)
Actually, when the first novel was written, the Buddhist leadership in Japan declared it to be a sinful pack of lies- and furthermore, they proclaimed that its protagonist, Prince Genji, would be punished with a drastically inferior reincarnation!
Apparently they were open to the idea of artificial worlds taking on some meaning of their own, afterall...
It's a fundamentally different game from Mario Cart. Instead of participating in races from a predefined point A -> B, you can travel anyplace on a map and grab passengers to shuttle around.
Once again someone indignantly suggests the word 'cracker' where it cannot apply. cracker can mean:
a flat, dry biscuit
a device for penetrating the shell of a foodstuff
a person who gains access to a secured device without being given the code. "Safe-cracker" "Crack the code"
You can crack into a file. You can crack a password. You can crack into a computer, if you gain the ability to use it for your own purposes.
But if you impair a system's functioning by overloading it with legitimate requests, its security has NOT been violated.
(Ok, so as an intermediate step to the DDOS attacks, he had to BackOrifice a bunch of systems. Cracking into them is not what got him arrested- Ebay and Yahoo were not "cracked")
The definition of hacker in the jargon file is wrong too, btw. Or at least its too long, obscuring the real meaning, which goes back to MIT 70+ years ago (pre-univac!).
A person who operates a complex system in a manner inconsistent with it's designer's intent
That neatly summarizes most of the positive definitions. (Although the meaning of "highly skilled programmer", which is your favorite interpretation even though its recent addition, is not strongly attached to the simplified meaning. It comes out of the fact that some programmers are good enough to bang out a working product without stopping to design it first. While this might produce a quick solution to a problem, its a bad idea in the long run, since anyone wanting to modify or validate that program later will have to be of a similarly rare level of ability)
No, he meant for it to spread as far as possible. The denial-of-service was what he didn't expect.
He hadn't thought the worms would run enough times on the same host to make a noticeable dent in the CPU usage- much less overload the system entirely. Unfortunately, his simple 14% worm-suicide probability was completely inadequate for keeping the population down, as any competent 2nd year Computer Sci student could tell you.
Absolutely! Microsoft & other companies have gotten away with publishing horribly insecure products for years, partly because the "security" is provided by gunmen (FBI) who apply physical force to take care of the worst exploits
But guess what? The internet is global, and the FBI can't be everywhere. China (or $ENEMY_OF_THE_WEEK) could easily sponsor 50 PhD hackers to do a genuinely damaging version of any of Mafiaboy's little tricks, and even if it was traced, there's no way for federal marshals to haul them down to a Californian courthouse.
As the country gets more dependent on networked computers for daily economic control, the potential loss from such an attack would only get worse. The best defense is the "vaccine" approach: permit anyone to attack the systems at will, so that unsafe designs are quickly found out and rejected before we become dependent on them.
There is no need for any new laws against "computer crime" or "cyberterrorism". Existing statutes against wire fraud and vandalism should be fully sufficient. Leave everything else up to the free market.
("Cyberterrorism"!! That stupid word is a bad joke. As we're now reminded, terror is about flaming corpses falling from the sky, not some web page being remotely erased.)
Yeesh, and you know this HOW? By reading "The Manchurian Candidate", probably. Even it it were possible for a child to maintain a suicidal hypnotic suggestion for decades, there's no need to go to all that trouble. You can send clearheaded, adult agents into a position to commandeer a plane in just weeks. Why wait years for the same result??
1. US Citizens have not had war in their own continent/country for a few, what, hundred years.
Uh? Pearl Habour? The "War Between the States" was 140 years ago, the "War of 1812" was 178...
There is no escape from this planet just yet, not even for chosen few US citizens. We must get along. Focus on anything else, and the nature will take care of us for good.
Absolutely right. With high technology/high energy available all around us, improvising a powerful offensive weapon will always be easier and less expensive than maintainging the vigilance to defend against the abuses of a few lunatics.
While security measures have to be increased too, the fair+equitable distribution of wealth will cut down the recruitment pool for suicidal terrorists (aside from numerous other benefits)
Yes, but that "incognito" part is the kicker. If the guard is detectable, then a terrorist can easily kill him first. To maintain guards who are physically powerful and mentally alert, and rotated frequently enough to be unpredictable, will be extremely expensive.
Ensuring the guard is trustworthy will be even moreso. Putting that kind of dedicated solider in a boring job will cost MUCH more than 10 flight attendants.
And if this guy is to be carrying weapons, then he can't go through the regular checkpoints with the other passengers. Meaning that the terrorist just has to plan to be on an unpopular flight, so that an accomplice can spot the guard.
If the guard is a known quantity, he's an ASSET for the attacker- I slit his throat with my glass shank, and then use his firearm to control everybody else.
Sure, something could've stopped it. An F-15 on standby at every major airport, ready to scramble towards any jumbo-jet that goes off transponder (or just inexplicably alters its flight-path by 90 degrees).
Now that this attack has happened, the fighter pilots would be quite willing to splash anything that refuses to instantly follow him away from any populated area or high-value target. And the airliner pilot would KNOW he's serious, and not dare to deviate even a little.
This still leaves a small window of vulnerability if the hijacking happens immediately after takeoff from the target city- but the aircrew and innocent passengers should assume that if some passenger attacks them that early, he wants to make a kamikaze (rather than simply an unscheduled landing) and will fight to the death, for their own lives.
Sounds plausible, and scary- but there are weaknesses with that evil plan.
When the patch applies its changes to the GPL code, does it modify the license at the top of each source file?
If yes, then it is modifying the license of something (the original code) they have no ownership of. Plainly fraudulent.
If no, then when the patch program inserts its new code into the GPLed source, it is also placing them under GPL. So any single customer of the proprietary patch can republish the modified GPL code! (The patch author can argue that it was not his intent for this to happen- but he'd have to show that he did NOT expect the patcher to behave like that, which is unlikely)
This brings up an emerging legal problem that the politicians haven't quite got their teeth into yet- if the DMCA et al provide the intellectual property industry with protection against unauthorized redistribution, should it be legal to evade that restriction by moving the point of redistribution to the client side?
These three things are illegal to distribute today:
A Wall Street Journal article with the ads removed, or replaced with your own ads.
A PNG combining the top 20 new webcomics for that day, suitable for printing.
A copy of StarWars ep 1 with JarJar edited out.
Yet the author of each piece of modified content could get around that law by only giving out a program that, when run from the end-viewer's computer, uses a legally obtained copy of the unmodified content and then creates a locally modified version with the desired changes. (There are technical obstacles to applying this technique to each of those examples, but they're surmountable).
At no point was copyright law broken- but as a software engineer will tell you, deciding which part of a system should go on the client and on the server is an implementation detail that should be decided by technical performance concerns, not legalisms about which piece of data you can copy where.
To the end-user, the result looks exactly the same either way ("Hey! They just waved to JarJar, and kept right on walking!"), so why should one implementation be less legal than the other?
(This situation is rather like an inverted version of the "GPL ASP loophole")
Ugh, that is NOT true. Just look at the names of the main characters! How can anyone use natural english to talk seriously about people named "Jet" and "Vicious"?
This is a general problem whenever you have to translate something from language A -> B. If the source already included occasional terms from language B, then if you leave those terms in B, you lose the author's intended foreignness of those phrases. They were supposed to stick out from the surrounding speech, but they just get blurred in. The alternative of translating them into a 3rd language will lose the cultural context it was supposed to have.
I also double that any American VA can correctly reproduce Ed's gleefully subhuman squealing, because there's no way I could withstand the dub long enough to reach that part.
OTOH, some of the cultural aspects would support CB being dubbed, since it's about Americanish people in an Americanish (or occasionally chinese) world. "Cowboy" and "Bebop" are both strongly USAian concepts.
Slashdot Mirror
They mention wireless devices as one of their target markets- that may be where the utility comes in. Both 802.11b and traditional fiber-optic frame relay are electronic channels, but the latter is potentially much more secure, since the attack has to actually tap the cable (or more likely, mis-use an existing connection).
They could transmit the one-time pad over wired connections, before sending the messages themselves over the less secure radio broadcast.
(On a geometrical tangent: The spatial extents that the intruder must visit to intercept a wired-message are in a thin cylinder around the wire (of length N), rather than in a hemisphere of radius N centered on the sender. Thus, the total volume of vulnerable space is much smaller, and it is easier to physically protect the space from intruders).
Many supposed crypto-breakthroughs actually boil down to simply moving your vulnerable channel from one time/place to another. In this case, the message itself might be "secure", but the the initial communication to establish the keys for that message won't be (and, if intercepted, can decode the entire message).
Shifting the point of vulnerability is a useful approach in many cases (maybe not this one). Its actually the basis of One-Time-Pad's effectiveness. In a normal OTP, you transfer the key first via physical travel, and then send the message electronically sometime later. This allows you to impose physical security on the key (your courier is well-armed!!), which then extends up to the later message itself.
However, that only works if the participants are willing to go through the extra hassle and delay of recieving pads by armored car. (And they pay the deliverymen too much to be bribed, etc...). It's unlikely that a commerically successful business could be built from this, since customers won't be likely to wait that long. If you try to transmit your pads over the internet, as opposed to some "inherently trustworthy" medium, then the only benefit over regular cleartext emails is the extra latency it'll take for hackers to decide that E2Sec is an interesting target.
Funny, I work for a top 5 defense contractor, and we use open source all the time. (Obeying the licenses carefully of course- mostly not even compiling the code, just installing Redhat's binaries or whatnot).
Maybe it's because I'm in the research/development, and training/planning fields, and don't build systems to go on the actual vehicles that do the shooting and the killing...
Yes, security classifications are legally enforced.
But if you cannot simultaneously simultaneously obey the the Gnu Public license and the law, then the license doesn't take effect, copyright law kicks in, and you have no permission to redistribute modified code at all.
Any person who inserts willingly mingles GPL code with classified code is either immediately violating copyright, or conspiring to commit espionage (when they release the code, as the license requires).
Of course, in real life no real criminal espionage charges would be pressed. If this were to actually happen- by accident, say, a subcontractor programmer gets confused), and is found out, then the government would have to weigh the value of the combined code, and either arrange payment to the original authors, or promise to destroy (in a security-level approved fashion) the offending software.
Unless they declare it a matter of National Security and just pull the whole thing under Eminent Domain.
Although technically, GPLed software is not permissible for classified applications (where the code is secret, not just the data), if the Pentagon feels its important enough, then the US military can always choose to disregard any intellecual property laws.
They have a long history of this- most famously, they took the Wright brother's patent on heavier-than-air flying machines. An invention of that magnitude should be worth TRILLIONS of dollars (in today's currency, after accumulating 90 years of interest), and they didn't pay a cent. There was a war on!
GPL is supposed to allow developers to give out their source code, without having to worry that someone else will change the code and not share their modifications.
I code for the army, and we're very clear that unless they truely don't mind Iraq getting a copy of their software, then it can't be based on GPL sources. If its GPL, then any developer, contractor, sysadmin, or random private who comes across the code can walk it right off the base, and no one can legally stop him.
(I suppose for some categories of software, the benefit to Iraq might be low enough that the Army truly wouldn't mind giving them a copy- especially if the hardware is permantently beyond their reach)
Ok, ok, if genuinely only one person modifies the code and executes the binary, then he can get some use out of a GPL product without releasing his changes. The military has lots of personnel, though, and they won't find it economical to do serious developement on software that can only ever have one operator.
As soon as the developer starts giving it to his coworkers, system administrators, pilots, navigators, or whomever, then it's trivial for a lawyer to argue that "distribution" has occured.
Doesn't matter that it was distributed only within a certain group, the users still must be given unrestricted access to the source code as required by GPL. You can't tell them on one hand "You can take this binary, and its source code, and modify that source code as you like, as long as the GPL license on it is respected" while simulataneously telling them "But if you exercise your rights under GPL, you'll be court-martialed or fired".
Corporations, for instance, are legally a single entity. But Ford Motor Company can't purchase a single user license to Microsoft Word and claim that's enough for all their employees. Likewise, if a corporation or military unit wants to seriously use a modified GPL product, they must distribute it amoung their members. They can't claim to be a single person to get around that fact.
If corporations or other entities were allowed to violate GPL in this way, it would create a loophole where customers would sign up for "Corporate Employeeship" before puchasing binary distributions of modified GPL code.
Maybe this is an intentional joke/troll, but it's completely wrong. If you distribute the binary, it must be under the terms of the GPL. Not only do the users need to be able to get the source, but the GPLed source- that means they are allowed to modify and redistribute it as they see fit.
If you use some other means (written orders from the commanding officer) to force the users not to republish the source code, then you have NOT given them a GPLed release, because you haven't given them permission to redistribute it under the same terms you acquired the software with.
(I do software contracting for the US military, and we'll include LGPL or PD code, but not GPL).
Imagine if this happened in the civilian world- CompanyX modifies GPLed GNU Emacs and puts it up for sale- but before a customer can purchase it, they have to sign a separate contract promising to never redistribute the source code. It's a blatant violation.
(Actually, that has been attempted before. A group published a modified version of the GPLed Quake game, but required users to sign away their rights to the source code before they could download the binary. The original author sent his lawyers after them, and they gave up on the scheme)
Right. And I have to wonder why Sun never promoted any software like this for their (so-called) Java Platform. Concepts like sandboxing fit so naturally into the java environment... its a shame they didn't try to leverage that as a way to attract users who're afraid to install native-code packages because of the possibile unknown side-effects.
For each OS that a Java runtime was provided for, Sun should've shipped a installer so that you can download and invoke a JPM file (or some extension like that) which creates prepares a java application for execution in the manner that users of the OS will expect of all their applications. If any such application desires to access a disk (aside from temporary cache-files that only it can read) it must request permission from the same installer. Then the user could choose to allocate a specific set of directories and file-types that can be modified, or choose to give approval on a case-by-case basis.
Instead, there is NO standard mechanism for installing a Java application. Running a Java program (I'm remembering the Batik SVG viewer specifically, but most seem like this) is a little mess of JVM pathnames, environment variables, and command-line options. Its just as bad on a Microsoft Windows system as a Unix one (which is actually worse, since Microsoft users are less equipped to cope with those matters)
, by Lessig, famous law professor of the internet. One interpretation of that quote is that if you want to enforce behavior on a computer system (give it a "law"), this should be done in software.
.spec) that informs the operating system of the package's abilities.
.MP3, read .JPG, browse the web, send email). All of the constant whining of "Warning- some of Realplayer's associated filetypes have been removed! Do you want me to automatically rewrite the system settings everytime I start up?" could've been elminated.
That is, don't TELL application developers what their gui should look like, where they should install to, and which system services they should hook into- MAKE them do what you want, by providing code for them to call which has the proper behavior. Not only is the correctness more enforcable if they're calling your supplied code libraries, but also the development effort required to comply with the regulations is reduced.
The microsoft software-installation routines (introduced with Windows95 I think) are a great example of how violation of this principle really hurt users. Microsoft TOLD developers how software should install, but they didn't provide code to do this. Any individual product could use entirely its own routine. Programmers quickly tired of rewriting installers again and again, and soon about 50% of products were using the "InstallShield" libraries- meaning that each time you downloaded a 20k shareware system extension, the package came with 600k of installshield runtimes, which you'd already downloaded before with 10 other products.
The Installer-Wars described in this feature are another problem that could've been avoided if Microsoft Windows-95 had provided a centralized installer system. Instead of allowing and encouraging each product to come with its own installer that selects what filetypes to associate with, and what system DLLs to override, the products should just come with a machine-readable file (much like a redhat package manager
Then the operator can go to a neutral application (Control Panel) and decide which programs get to perform which common tasks (read
Opportunities to secretly install spyware would be seriously reduced also.
Some windows users think that because installing software gives them lots of pictures and buttons, they're somehow better off than typing "apt-get install gizmo-tron".
To summarize- yes, there should be a framework for how SOFTWARE installs on a COMPUTER- but it should be enforced by SOFTWARE on a COMPUTER, not a bunch of government gunmen in blue suits.
Clearly, type 4 is what normally gets distributed when someone modifies a GPL project. But arguably, type 3 or even 2 could be preferred by some people. (Especially if you neglected to modify the comments in the original code as you made your changes- it could be better to remove comments than to include untrue statements).
However, when I work on C++ code, if type 5 or 6 is availible, then I strongly prefer to use them as I study how to make my changes. Yet many (most?) people wouldn't be comfortable exposing all the dirty, broken, wrongheaded mistakes they made over years of developement, which is what would happen if CVS revisions were included.
All of items 2,3,5, and 6 refer to commments of one sort or another- things that make no difference when the program executes, and don't even effect the compiler, but serve just to inform interested humans. A CVS repository, a separate document file, /*comments inside code*/, even useful_and_descriptive_variable_names are all Auxiliary Documentation that is not technically part of the code.
Where should we draw the line? Where does the law draw the line?
However, their hardware spec was still hugely flawed. Some of the more obvious deficiencies:
/dev/dsp: They built in sound hardware (input and output!), with a port for a nokia-style earmike. But to this day no useful software has used it. An mp3 player isn't too much fun when you've got maybe 3 megabytes storage free.- too small: It's SMALLER than most Palms! That sounds like an advantage, but the fact is, the customers for a Linux device are going to be geeky hackers, and willing to look like a nerd for hauling around a huge brick of hardware. If the Agenda had been slightly bigger, not slightly smaller, then there may have been room for AA batteries (much longer life), more RAM, more flash, or who knows.
- not enough memory: Here's the memory on my unit:
\w\$ cat
/proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 7798784 7487488 311296 0 0 729088
Swap: 0 0 0
MemTotal: 7616 kB
MemFree: 304 kB ...
8 meg is adequate. I guess. Barely. If they could've bumped it up to 16, the device would've been much more useful. Today hardware hackers enjoy pulling apart SIMMs to solder in this upgrade themselves- if its that easy, the factory should've done it.
- not enough storage: Same deal as the RAM. Had 8, should've had 16. Most of the 8 was already exhausted by kernel,
/bin, /usr/bin/X11R6, /usr/bin/games, etc. With 16 flash, the out-of-box device would've come mostly empty, instead of mostly full, which is a world of difference. Many Palm users felt decieved when they found that the advertised "8 megs of storage" wasn't all usable for their contacts and appointments.
Here's the stats: /dev/mtdblock0 3.3M 212.0k 3.0M 6% /flash
- Replaceable batteries: You had to unscrew the case to change the AAA batteries, rather than being able to slap it in the dock every night and never think about losing power, like you can with many Palms and PocketPC units. That would've been an especially important advantage for a device whose usefulness come from software hacking. You want to plug it in, export DISPLAY=workstation:0, and beging to code, without worrying that operating the serial port drains batteries faster than normal unplugged operation. This problem reduced the convenience of developing new software for the Agenda, which thus reduced the benefit that a Free Software operating system should've given them.
- No USB: USB is cool, what can I say? A USB port could've not only handled the recharge problem from the same plug as the data, but it would've had better bandwidth too, and not require a nonstandard serial-port adapter. And imaging if the PDA could emulate a USB mass-storage device to export its filesystem to random PCs you meet throughout the day (kinda like the Terapin Mine, but that's a $700 system).
I could go on and on, but you get the idea. If they'd done just 1 or 2 of those rather simple improvements, they could've justified the higher price to average users.\w\$ df -h Filesystem Size Used Available Use% Mounted on
It ALWAYS could sync with Linux, because any two linux machines can sync with each other if they have serial ports, pppd, and rsync!
If that's not enough for you, then its Free Software, so go and write your own improvements. The only financial reason that a company should try to sell their hardware with Linux (aside from the kewlness factor) is to reduce their software developement costs, because the user community will step in and do it for free.
(That said, their fatal mistake was that starting to program was too hard- it needed too much hackivation energy. They released the source code, but as a mismash of patches to other projects. If they'd let users download a single tarball which built into a kernel and full set of executables, their software deficiencies would've been fixed faster, and maybe they'd have survived to this day)
Actually, when the first novel was written, the Buddhist leadership in Japan declared it to be a sinful pack of lies- and furthermore, they proclaimed that its protagonist, Prince Genji, would be punished with a drastically inferior reincarnation!
Apparently they were open to the idea of artificial worlds taking on some meaning of their own, afterall...
It's a fundamentally different game from Mario Cart. Instead of participating in races from a predefined point A -> B, you can travel anyplace on a map and grab passengers to shuttle around.
You can crack into a file. You can crack a password. You can crack into a computer, if you gain the ability to use it for your own purposes.
But if you impair a system's functioning by overloading it with legitimate requests, its security has NOT been violated.
(Ok, so as an intermediate step to the DDOS attacks, he had to BackOrifice a bunch of systems. Cracking into them is not what got him arrested- Ebay and Yahoo were not "cracked")
The definition of hacker in the jargon file is wrong too, btw. Or at least its too long, obscuring the real meaning, which goes back to MIT 70+ years ago (pre-univac!).
A person who operates a complex system in a manner inconsistent with it's designer's intent
That neatly summarizes most of the positive definitions. (Although the meaning of "highly skilled programmer", which is your favorite interpretation even though its recent addition, is not strongly attached to the simplified meaning. It comes out of the fact that some programmers are good enough to bang out a working product without stopping to design it first. While this might produce a quick solution to a problem, its a bad idea in the long run, since anyone wanting to modify or validate that program later will have to be of a similarly rare level of ability)
He hadn't thought the worms would run enough times on the same host to make a noticeable dent in the CPU usage- much less overload the system entirely. Unfortunately, his simple 14% worm-suicide probability was completely inadequate for keeping the population down, as any competent 2nd year Computer Sci student could tell you.
But guess what? The internet is global, and the FBI can't be everywhere. China (or $ENEMY_OF_THE_WEEK) could easily sponsor 50 PhD hackers to do a genuinely damaging version of any of Mafiaboy's little tricks, and even if it was traced, there's no way for federal marshals to haul them down to a Californian courthouse.
As the country gets more dependent on networked computers for daily economic control, the potential loss from such an attack would only get worse. The best defense is the "vaccine" approach: permit anyone to attack the systems at will, so that unsafe designs are quickly found out and rejected before we become dependent on them.
There is no need for any new laws against "computer crime" or "cyberterrorism". Existing statutes against wire fraud and vandalism should be fully sufficient. Leave everything else up to the free market.
("Cyberterrorism"!! That stupid word is a bad joke. As we're now reminded, terror is about flaming corpses falling from the sky, not some web page being remotely erased.)
Yeesh, and you know this HOW? By reading "The Manchurian Candidate", probably. Even it it were possible for a child to maintain a suicidal hypnotic suggestion for decades, there's no need to go to all that trouble. You can send clearheaded, adult agents into a position to commandeer a plane in just weeks. Why wait years for the same result??
Uh? Pearl Habour? The "War Between the States" was 140 years ago, the "War of 1812" was 178...
There is no escape from this planet just yet, not even for chosen few US citizens. We must get along. Focus on anything else, and the nature will take care of us for good.
Absolutely right. With high technology/high energy available all around us, improvising a powerful offensive weapon will always be easier and less expensive than maintainging the vigilance to defend against the abuses of a few lunatics.
While security measures have to be increased too, the fair+equitable distribution of wealth will cut down the recruitment pool for suicidal terrorists (aside from numerous other benefits)
Ensuring the guard is trustworthy will be even moreso. Putting that kind of dedicated solider in a boring job will cost MUCH more than 10 flight attendants.
And if this guy is to be carrying weapons, then he can't go through the regular checkpoints with the other passengers. Meaning that the terrorist just has to plan to be on an unpopular flight, so that an accomplice can spot the guard.
If the guard is a known quantity, he's an ASSET for the attacker- I slit his throat with my glass shank, and then use his firearm to control everybody else.
Now that this attack has happened, the fighter pilots would be quite willing to splash anything that refuses to instantly follow him away from any populated area or high-value target. And the airliner pilot would KNOW he's serious, and not dare to deviate even a little.
This still leaves a small window of vulnerability if the hijacking happens immediately after takeoff from the target city- but the aircrew and innocent passengers should assume that if some passenger attacks them that early, he wants to make a kamikaze (rather than simply an unscheduled landing) and will fight to the death, for their own lives.
When the patch applies its changes to the GPL code, does it modify the license at the top of each source file?
If yes, then it is modifying the license of something (the original code) they have no ownership of. Plainly fraudulent.
If no, then when the patch program inserts its new code into the GPLed source, it is also placing them under GPL. So any single customer of the proprietary patch can republish the modified GPL code! (The patch author can argue that it was not his intent for this to happen- but he'd have to show that he did NOT expect the patcher to behave like that, which is unlikely)
These three things are illegal to distribute today:
Yet the author of each piece of modified content could get around that law by only giving out a program that, when run from the end-viewer's computer, uses a legally obtained copy of the unmodified content and then creates a locally modified version with the desired changes. (There are technical obstacles to applying this technique to each of those examples, but they're surmountable).
At no point was copyright law broken- but as a software engineer will tell you, deciding which part of a system should go on the client and on the server is an implementation detail that should be decided by technical performance concerns, not legalisms about which piece of data you can copy where.
To the end-user, the result looks exactly the same either way ("Hey! They just waved to JarJar, and kept right on walking!"), so why should one implementation be less legal than the other?
(This situation is rather like an inverted version of the "GPL ASP loophole")
Ugh, that is NOT true. Just look at the names of the main characters! How can anyone use natural english to talk seriously about people named "Jet" and "Vicious"?
This is a general problem whenever you have to translate something from language A -> B. If the source already included occasional terms from language B, then if you leave those terms in B, you lose the author's intended foreignness of those phrases. They were supposed to stick out from the surrounding speech, but they just get blurred in. The alternative of translating them into a 3rd language will lose the cultural context it was supposed to have.
I also double that any American VA can correctly reproduce Ed's gleefully subhuman squealing, because there's no way I could withstand the dub long enough to reach that part.
OTOH, some of the cultural aspects would support CB being dubbed, since it's about Americanish people in an Americanish (or occasionally chinese) world. "Cowboy" and "Bebop" are both strongly USAian concepts.