My company, Smart Bear Software, has developed a commercial tool for peer code review called Code Collaborator. We support a wide variety of SCM's, including CVS, Subversion, Perforce, Clear Case, and soon Team Foundation Server.
Using our tool, we also performed the largest case study of peer code review ever published and have made it available as a free book. It includes data from 2500 reviews of 3.2 million lines of source code at Cisco Systems. To get your free copy, just sign up on our website.
Yeah... whatever... The president you speak of is the same one whose number one priority when he took office was to implement national health care. It took the Republicans in Congress to put a stop to that. That would not have been cheap.
And let us not forget how much the current president has benefited from his predecessors winning the Cold War. Military spending cuts have been a major part of this regime's spending cuts. Sorry... those kind of cuts were simply unthinkable in the Cold War era.
From what I can make out from across the pond the Republicans are always trying to bribe you with your own money.
Not terribly unlike the Democrats who are always trying to bribe voters with their own money. The only difference is the Democrats promise to buy you things with your money, rather than give it back to you to spend or save as you choose. So, I guess it's pick your poison...
How's that? If you mean eBay has to pay for the banner impressions while the spider fetches pages then, as someone who's written a few crawlers, I seriously doubt the crawler would request *any* images off the eBay site.
Hmmm... last time I checked the advertising revenue model worked exactly the opposite. Ebay gets paid when a banner impression happens on their site. Since BE crawls the site without retrieving banners, no banner revenue is generated. Cost number one.
Cost number two is the fact that BE deep links to item pages which don't contain banners. So, anyone who finds an eBay item one BE finds it without finding the (minimum of 3 by my count) banners that it would take them to find it.
Cost number three is the fact that eBay sees BE as a competitor. Well, maybe not a direct competitor, but at least a competitor enabler. BE legitimizes smaller, boutique auctions on the internet. eBay does not stand to gain nearly as much from BE as their competition does. So, they're going to do anything they can to make life difficult for BE.
Voters remain anonymous with respect to their votes. While it is possible to determine who voted, it is not possible to determine what their vote was.
Voters can verify thier vote was counted.
Elections can be co-administered by parties with opposing interests (i.e. political parties), to prevent collusion.
The question in my mind is, does Election.com use a protocol which provides this level of security? And even if they do, why do they seem so opposed to independant security audits?
On the other hand, you can simply dismiss the Academy Awards as a meaningful indicator of the quality of a movie and instead rely on the opinions of objective reviewers. That's a process that seems to work pretty well.
Or better yet, dismiss the notion that you need someone else to tell you what a "quality" movie is. To me, a "quality" movie is not something that the Academy, the New York Times, or even anyone else raves about. It's a movie that I rave about.
Bzzzzt! Wrong. Imagine the consequences if this were true.
Large software company (LSC) in Redmond, Washington decides to release the source to their operating system under a license such as BSD. This is an obvious attempt to appease the Justice Department, but the Justice Department is appeased. Some time later, after several other software companies have integrated the code into their own software, LSC changes the license to require a 80% of all revenues on works derived from their software to be assigned to LSC. As a result all of the smaller competitors of LSC go bankrupt and LSC becomes a greater monopoly than they once were. And to think... this is all because of the Justice Department wanted to prevent a monopoly.
Once rights are granted under a license, they cannot be reclaimed, unless of course the license is invalidated. If you re-release your software under a new license anyone who obtains it under that license must abide by the new license. However, anyone who has obtained the work under the old license has all the rights and privileges assigned under the old license.
Comments along the lines of "who cares, it's old code, no-one's making any money on it anymore" are both illegal and unfair to the owner of the code.
Actually, such comments are not inherently illegal. In fact, assuming for a minute that you live in the United States, such comments are expressly LEGAL under the First Amendment to the Constitution.
One example does not constitute a proof. Don't believe me? Two is a prime number. Two is also an even number. Does this mean we can assume that all even numbers are prime? Or that all prime numbers are even? Sorry.
Second, while I agree that OpenBSD is a very secure OS, to state that it is "the most secure" is a stretch. There are other OS's out there which are also considered very secure. IBM's (closed source) OS/390 which runs on the mainframes for many (most?) banks is also very secure. To argue which is "more secure" is futile.
So, the previous point stands. Open Source != Secure.
Meanwhile, the good admins will patch their systems and at least they will now be protected.
Wrong. The good admins patched their systems before this list came out. The good admins subscribe to the CERT mailing list, or at least keep up on the CERT webpage, and they respond appropriately to ALL advisories. And good sysadmins use good passwords.
You are correct in stating that there is no conflict between owning something and sharing it freely. If it is yours, you can do what you want with it. However, that is not the point of the original post (as I understand it).
The conflict that the original poster pointed out was that proponents of the GPL are often the first to violate other non-GPL licenses. The same people who hold the GPL so dear, attack others for choosing a different license for their property. You need an example? GPL'ed Napster clients. IP protected under one license whose sole purpose violates other IP copyrights.
It seems to me even RMS has a disdain for the copyright laws which allow him to force me to release modifications to his GPL'ed code. Some comments from his Slashdot interview:
Metallica justifies their lawsuit saying they think it is an outrage that their music has become a "commodity". Apparently they think music is a commodity when shared between fans, but not when large companies sell copies through record stores. What hypocritical absurdity!
Such drivel is normally laughable. But Metallica is presenting it as an excuse to attack our freedom, and that is no laughing matter. I encourage people to write letters to periodicals that cover this story, stating disgust for Metallica's lawsuit and rejecting their views.
Metallica recorded some music and wants to have a say in how it is distributed. Would someone please explain to me how this is fundamentally different from RMS writing some software and wanting to control how it is distributed? Talk about "hypocritical absurdity!"
If you wish to give a moral argument, as opposed to a legal one, please be very specific about what legal changes you would make to make the laws fit your moralism. Any legal system that I can imagine that would support the GPL without supporting artists like Metallica seems much more tyrannical than what we currently have. But maybe I just lack imagination... convince me.
That said, let me close by saying that I am not opposed to the GPL. I support the rights of IP owners regardless of what license they use when distributing it. I am just disturbed by how blind some of its proponents are to their own hypocrisy.
Just one small detail, (admitably I don't agree with your position, but I've covered that in other posts) how do you figure PGP is obscure? Peter Zimmerman made a point of posting the source code, so that in the grand tradition of cryptography anyone and everyone could look and see if anything was left weak.
...And in the grand tradition of open source, Netscape opened the source to their browser, so that anyone and everyone could look and see if anything was left weak.
I agree with the mantra of all security professionals, "security through obscurity does not work." However, that mantra addresses an entirely different situation. Netscape is not saying, "It's secure, because we say it's secure. Trust us."
What they're saying is, "We believe it's secure, but feel free to look for yourself." In the cases where they find a security problem, guess what... OPEN OR NOT, IT'S NOT SECURE!!!! Announcing that fact to the world does NOT make it more secure. It's already insecure.
In that case, the benefits of publicizing the defect must be weighed against the dangers. If they publicize the defect, they may get some help fixing the defect from the public. However, given that the Mozilla project has had a fairly long history, they probably have a good idea of which members of the public will contribute. The likelihood of someone new stepping up to fix a security problem is very slim.
Announcing the defect to the world will initiate a race between the Mozilla developers and malicious developers with their army of script kiddies. You can bet that as soon as a viable exploit is published, it will spread like wildfire, and people will get burned.
When the fix is complete, they will post the patch AND the source code for review. Then the cycle of open review (and all the benefits that it brings) can continue.
That's like bundling a web browser with an operating system.
I was thinking more along the lines of... like giving away cell phones for next to nothing, but stipulating in the contract that you must purchase service for a year. What's so wrong with that? Nothing. It is a perfectly legal and common business model.
However, pulling the bait and switch is a different story. If the charges for service were not stipulated in the original contract, then there is a problem. Of course, thousands of other Slashdotters have already driven this point home.
Cool. Thanks for the pointers... and thanks for helping return this conversation to a more civil tone. I guess I'm partly to blame for adding fuel to the fire.
As for being a Linux zealot/cultist... I try to think objectively... which swings both ways. I don't buy into MS FUD, nor do I buy into Linux FUD. I try to keep a low profile and use what works for the application at hand. Most of the time, I avoid the MS vs. Linux vs. BSD vs. etc. debates on/., but my recent troubles with IE on NT have just really set me off.
Well, this thread is probably dead and gone, but somehow I think you're wrong... so I'm gonna post anyway.
Did you bother to read the thread before your free-software cult instincts kicked in and you decided to throw yourself into the conversation? This post was directly in response to another post where he talked about how *his* nt machine at work is much faster than *his* linux machine at work.
Well, let's see... I looked up the parent of my message and it is... a circular response to a comment about a Navy destroyer being stranded by NT. And the response which I picked on to plague3106's statement that he has to reboot his NT box now and then, and how "funny things happen".
Ok... good enough. What's the parent of that message? Your rant (I assume it's you. Since you're an AC, there's no way to be certain), about how nobody ever gives MS credit for their innovations and inventions.
Ok... good enough. What's the parent of that message? Oh, funny thing. It's somebody else's posting that BillPay works nicely. Am I missing something? Where in that discussion thread was this talk about *him* doing most of *his* work on NT? Please, if you're still following this thread give me some insight as to where in that particular thread did plague3106 say anything about what he does with his machines?... other than reboot them from time to time.
The question is, did you respond to the wrong post? Or did plague3106? If you two have been carrying on in two separate threads, then I'm not culpable for not reading the other thread.
Ok, your other assertion is also asinine.
And what does this have to do with the conversation? Boiling down what you're saying here leaves us with "netscape crashes all the time" or "I have no clue how to use windows."
Read my post again. It's not Netscape that crashes. It's IE. That's why I don't use IE. The other thing that crashes is the IE install program. Hmm... that's two MS programs that crash. Netscape... nope, can't say it crashes very often at all.
Second, your assertion that I don't have a clue how to run Windows is totally off the wall. It's not like I'm trying to do rocket science on my NT box. I'm trying to install a damned web browser. Is there some class I need to take? Do I need to get my MCSE to do that? Should I hire you? Give me a break.
Finally, I'm going to grant you your final point. I've never used NT as a server. I was making a comment about the general unreliability of MS software, with specific examples of problems I have had with it. My personal experience, combined with anecdotes from personal friends, slashdotters, and others, leads me to believe that there is a general lack of reliability in MS products. And that, my friend, is exactly how I interpreted the point of plague's message about Navy ships and "funny things".
Ok, one more thing I will grant you. I took a little liberty in my last post and stretched a specific "you" into a collective "you". If I offended you by that, I'm sorry. However, the reason that I did that was similar to the ones above. I *had* read the thread. And I did not see anywhere in that specific thread where he had posted that he:
Uses IE as opposed to Netscape.
Only tinkered with Linux. (Never does anything useful.)
Ok, that's enough of my time. I'll let you have the final word, if you're still reading this thread.
You know... I hate to get involved in Flame Wars, but I just can't let this one slide.
Of course your Linux machine never needs fixing, you can never use it for anything worthwhile anyway. You know you do all your web browsing through IE because it blows netscape and mozilla away, whether it's reliability, security or just plain ease of use.
First, my Linux box does not run IE, so I don't use IE at home. Does anyone have IE running under Linux? Last time I checked MS only released IE for their own platforms. I guess you could use Wine or something of the sort, but who wants to do that for a browser?
Second, the NT box that I use at work runs Netscape. Sure, I have a version of IE on it, that crashes on just about every other website, including MS's. And it's not as simple as downloading a the latest version either. I tried that. I downloaded the latest install package (using Netscape no less), and tried to install it. It gets about 90% done and then crashes my machine. Reboot. Run install again. Same result. Reboot. Download again. Run install. Crash.
I tried to get IE up and running, but I'm not going to go so far as to burn down my NT box and reinstall just to have it. I'm sure that's the solution that tech support at MS would suggest. So, I'm stuck using Netscape. Yeah, it's slower than IE, but it works!
You're running complicated, big applications on NT all day long to get your work done, and you're using Linux to play. Of course Linux isn't going to crash, you're not stressing the machine at all.
It's funny how you presume to know how people use their own machines. Personally, I use my NT box at work to check my email and browse the web. I have considered forwarding my mail to my Unix (AIX) box that I use to get real work done, but we use Lotus Notes which actually has some useful features. Sure, there's a Notes client for AIX, but it's dog slow compared to the Windows version.
As for my personal Linux box; sure I use it mostly for tinkering, but I'll tell you what. The number of times I've seen 98 or NT crash when I was just browsing the web makes my head hurt.
And for the really paranoid, you can allwyas sigh your cheques with a DNA pen, the ink's got your genetic code in it, so it's painfully easy to prove that you did or didn't sign it.
Well, that's not strictly true. A DNA pen, if it existed, could only be used to prove that you *did* sign a document. Eve, the legendary attacker of cryptography lore, could always forge your signature with an ordinary pen and claim that you signed it using an ordinary pen.
Contrast this with public key digital signatures. With digital signatures, the following assertions are true:
You cannot create a digital signature without the use of your private key.
Anyone can verify that a document is signed by you, provided they have access to your public key, and trust its source. The first requirement protects you from having someone else forge your signature. The second requirement allows the other party to reject your signed document if the signature is invalid. Thus, you cannot sign a "check", receive services for the "check", and then refuse payment on the check by claiming that the signature is not yours.
To meet these same restrictions in the physical world:
Laws would have to be passed that require signatures to be made with DNA pens.
DNA testing equipment would have to be readily available to the masses, allowing someone to verify your signature before accepting it. The first requirement might be workable (but who wants more laws on the books), but the second is a bit far fetched at this point in time.
Now, a question. Do such pens exist? And for what purpose?
Or maybe it's because we already knew that Linux is not ready for prime time desktop use. There's a lot of work going on to get Linux ready, but it's not quite there yet. It's still more appropriate in the server/workstation environment.
Funny that you mention VA Linux. I look at their product list and it seems to hit right where Linux works best... high end servers and workstations. I don't think the fact that linux is not ready for the desktop is hurting VA at all.
Microsoft has done nothing illegal. The Kerberos license is very open ended about what you can do with the source. As I read it, you can do anything you want as long as you include the MIT copyright notice. There are some other issues, like the fact that "Kerberos" is a trademark of MIT, so you need permission to use it in certain promotional materials, etc.
Re-read Ted T'so's comment with the above information in mind. Also, it may be more clear if you replace "arguing" with "claiming" "No one is arguing Microsoft has done something illegal," said Ts'o, now a principal engineer at VA Linux Systems. "But no one else uses the data authorization field this way. It's no longer an open standard."
The real problem is that this type of behavior defeats the purpose of open standards. It would not be a problem if someone small made a proprietary change to the protocol, because they would get ignored. However, Microsoft has enough clout in the industry that other products MUST interoperate with Windows. They have used that clout to impose an extension to the standard on the rest of us, who would prefer to go through the regular standards review process.
As a computer security buff myself, I completely agree that "security by obscurity doesn't work". However, I'm not sure this is a case of that at all. The article seems to state that the information necessary to make the counterfeit devices was not obscured. "They appear to have used the published RDS standards to make devices that constantly transmit the signal to switch, thereby grabbing listeners."
It seems to me the designers just thought it would be too tough or impractical to make it secure, or they just didn't think about security at all. The question is how do you authenticate the stations? Ok, so they have a public/private key pair which are used to digitally sign the messages as authentic. If all radio stations have the same key, then it would be simple to embed the corresponding public keys in the radios. But then we have no way of revoking the keys if someone reverse engineers a legitimate RDS transmitter and gets the private key out of it (much like the way DVD was cracked).
A better way might be to use digital certificates to authenticate. This would allow certificates (keys) to be revoked but would require your car radio to be able to transmit to a certificate authority. Do we really want that? Is it worth wasting the wireless bandwidth to prevent a few pirates from forcing your RDS radio to turn to those stations? And who would manage the CA? It just seems like a lot of trouble to go through when you can just turn the RDS off whenever you're receiving a pirate signal. Granted you might miss out on your traffic report, but who cares really? The radio stations I listen to do traffic reports about every 10 minutes during rush hour.
Slashdot Mirror
My company, Smart Bear Software, has developed a commercial tool for peer code review called Code Collaborator. We support a wide variety of SCM's, including CVS, Subversion, Perforce, Clear Case, and soon Team Foundation Server.
Using our tool, we also performed the largest case study of peer code review ever published and have made it available as a free book. It includes data from 2500 reviews of 3.2 million lines of source code at Cisco Systems. To get your free copy, just sign up on our website.
And let us not forget how much the current president has benefited from his predecessors winning the Cold War. Military spending cuts have been a major part of this regime's spending cuts. Sorry... those kind of cuts were simply unthinkable in the Cold War era.
-----
Not terribly unlike the Democrats who are always trying to bribe voters with their own money. The only difference is the Democrats promise to buy you things with your money, rather than give it back to you to spend or save as you choose. So, I guess it's pick your poison...
-----
Hmmm... last time I checked the advertising revenue model worked exactly the opposite. Ebay gets paid when a banner impression happens on their site. Since BE crawls the site without retrieving banners, no banner revenue is generated. Cost number one.
Cost number two is the fact that BE deep links to item pages which don't contain banners. So, anyone who finds an eBay item one BE finds it without finding the (minimum of 3 by my count) banners that it would take them to find it.
Cost number three is the fact that eBay sees BE as a competitor. Well, maybe not a direct competitor, but at least a competitor enabler. BE legitimizes smaller, boutique auctions on the internet. eBay does not stand to gain nearly as much from BE as their competition does. So, they're going to do anything they can to make life difficult for BE.
-----
Yes, if you look around eBay there are numerous banner ads. Bidder's Edge is very likely costing them money by running crawlers.
That said, I still have the gut feeling that eBay is wrong on this one. Though that might be because I worked at Bidder's Edge for a time.
-----
Who needs farmers? Don't you know? Food comes from the grocery store, not from farms.
-----
The protocol provides the following:
Only authorized voters vote. No forgeries.
Authorized voters vote at most once.
Voters remain anonymous with respect to their votes. While it is possible to determine who voted, it is not possible to determine what their vote was.
Voters can verify thier vote was counted.
Elections can be co-administered by parties with opposing interests (i.e. political parties), to prevent collusion.
The question in my mind is, does Election.com use a protocol which provides this level of security? And even if they do, why do they seem so opposed to independant security audits?
Security by obscurity... you know the rest.
-----
Or better yet, dismiss the notion that you need someone else to tell you what a "quality" movie is. To me, a "quality" movie is not something that the Academy, the New York Times, or even anyone else raves about. It's a movie that I rave about.
-----
Large software company (LSC) in Redmond, Washington decides to release the source to their operating system under a license such as BSD. This is an obvious attempt to appease the Justice Department, but the Justice Department is appeased. Some time later, after several other software companies have integrated the code into their own software, LSC changes the license to require a 80% of all revenues on works derived from their software to be assigned to LSC. As a result all of the smaller competitors of LSC go bankrupt and LSC becomes a greater monopoly than they once were. And to think... this is all because of the Justice Department wanted to prevent a monopoly.
Once rights are granted under a license, they cannot be reclaimed, unless of course the license is invalidated. If you re-release your software under a new license anyone who obtains it under that license must abide by the new license. However, anyone who has obtained the work under the old license has all the rights and privileges assigned under the old license.
-----
Comments along the lines of "who cares, it's old code, no-one's making any money on it anymore" are both illegal and unfair to the owner of the code.
Actually, such comments are not inherently illegal. In fact, assuming for a minute that you live in the United States, such comments are expressly LEGAL under the First Amendment to the Constitution.
-----
Second, while I agree that OpenBSD is a very secure OS, to state that it is "the most secure" is a stretch. There are other OS's out there which are also considered very secure. IBM's (closed source) OS/390 which runs on the mainframes for many (most?) banks is also very secure. To argue which is "more secure" is futile.
So, the previous point stands. Open Source != Secure.
-----
Wrong. The good admins patched their systems before this list came out. The good admins subscribe to the CERT mailing list, or at least keep up on the CERT webpage, and they respond appropriately to ALL advisories. And good sysadmins use good passwords.
-----
The conflict that the original poster pointed out was that proponents of the GPL are often the first to violate other non-GPL licenses. The same people who hold the GPL so dear, attack others for choosing a different license for their property. You need an example? GPL'ed Napster clients. IP protected under one license whose sole purpose violates other IP copyrights.
It seems to me even RMS has a disdain for the copyright laws which allow him to force me to release modifications to his GPL'ed code. Some comments from his Slashdot interview:
Metallica recorded some music and wants to have a say in how it is distributed. Would someone please explain to me how this is fundamentally different from RMS writing some software and wanting to control how it is distributed? Talk about "hypocritical absurdity!"
If you wish to give a moral argument, as opposed to a legal one, please be very specific about what legal changes you would make to make the laws fit your moralism. Any legal system that I can imagine that would support the GPL without supporting artists like Metallica seems much more tyrannical than what we currently have. But maybe I just lack imagination... convince me.
That said, let me close by saying that I am not opposed to the GPL. I support the rights of IP owners regardless of what license they use when distributing it. I am just disturbed by how blind some of its proponents are to their own hypocrisy.
-----
This time around it's "the DOJ lawyers are a bunch of weenies".
-----
...And in the grand tradition of open source, Netscape opened the source to their browser, so that anyone and everyone could look and see if anything was left weak.
I agree with the mantra of all security professionals, "security through obscurity does not work." However, that mantra addresses an entirely different situation. Netscape is not saying, "It's secure, because we say it's secure. Trust us."
What they're saying is, "We believe it's secure, but feel free to look for yourself." In the cases where they find a security problem, guess what... OPEN OR NOT, IT'S NOT SECURE!!!! Announcing that fact to the world does NOT make it more secure. It's already insecure.
In that case, the benefits of publicizing the defect must be weighed against the dangers. If they publicize the defect, they may get some help fixing the defect from the public. However, given that the Mozilla project has had a fairly long history, they probably have a good idea of which members of the public will contribute. The likelihood of someone new stepping up to fix a security problem is very slim.
Announcing the defect to the world will initiate a race between the Mozilla developers and malicious developers with their army of script kiddies. You can bet that as soon as a viable exploit is published, it will spread like wildfire, and people will get burned.
When the fix is complete, they will post the patch AND the source code for review. Then the cycle of open review (and all the benefits that it brings) can continue.
-----
I was thinking more along the lines of... like giving away cell phones for next to nothing, but stipulating in the contract that you must purchase service for a year. What's so wrong with that? Nothing. It is a perfectly legal and common business model.
However, pulling the bait and switch is a different story. If the charges for service were not stipulated in the original contract, then there is a problem. Of course, thousands of other Slashdotters have already driven this point home.
-----
As for being a Linux zealot/cultist... I try to think objectively... which swings both ways. I don't buy into MS FUD, nor do I buy into Linux FUD. I try to keep a low profile and use what works for the application at hand. Most of the time, I avoid the MS vs. Linux vs. BSD vs. etc. debates on
-----
Did you bother to read the thread before your free-software cult instincts kicked in and you decided to throw yourself into the conversation? This post was directly in response to another post where he talked about how *his* nt machine at work is much faster than *his* linux machine at work.
Well, let's see... I looked up the parent of my message and it is... a circular response to a comment about a Navy destroyer being stranded by NT. And the response which I picked on to plague3106's statement that he has to reboot his NT box now and then, and how "funny things happen".
Ok... good enough. What's the parent of that message? Your rant (I assume it's you. Since you're an AC, there's no way to be certain), about how nobody ever gives MS credit for their innovations and inventions.
Ok... good enough. What's the parent of that message? Oh, funny thing. It's somebody else's posting that BillPay works nicely. Am I missing something? Where in that discussion thread was this talk about *him* doing most of *his* work on NT? Please, if you're still following this thread give me some insight as to where in that particular thread did plague3106 say anything about what he does with his machines?... other than reboot them from time to time.
The question is, did you respond to the wrong post? Or did plague3106? If you two have been carrying on in two separate threads, then I'm not culpable for not reading the other thread.
Ok, your other assertion is also asinine.
And what does this have to do with the conversation? Boiling down what you're saying here leaves us with "netscape crashes all the time" or "I have no clue how to use windows."
Read my post again. It's not Netscape that crashes. It's IE. That's why I don't use IE. The other thing that crashes is the IE install program. Hmm... that's two MS programs that crash. Netscape... nope, can't say it crashes very often at all.
Second, your assertion that I don't have a clue how to run Windows is totally off the wall. It's not like I'm trying to do rocket science on my NT box. I'm trying to install a damned web browser. Is there some class I need to take? Do I need to get my MCSE to do that? Should I hire you? Give me a break.
Finally, I'm going to grant you your final point. I've never used NT as a server. I was making a comment about the general unreliability of MS software, with specific examples of problems I have had with it. My personal experience, combined with anecdotes from personal friends, slashdotters, and others, leads me to believe that there is a general lack of reliability in MS products. And that, my friend, is exactly how I interpreted the point of plague's message about Navy ships and "funny things".
Ok, one more thing I will grant you. I took a little liberty in my last post and stretched a specific "you" into a collective "you". If I offended you by that, I'm sorry. However, the reason that I did that was similar to the ones above. I *had* read the thread. And I did not see anywhere in that specific thread where he had posted that he:
Uses IE as opposed to Netscape.
Only tinkered with Linux. (Never does anything useful.)
Ok, that's enough of my time. I'll let you have the final word, if you're still reading this thread.
-----
Of course your Linux machine never needs fixing, you can never use it for anything worthwhile anyway. You know you do all your web browsing through IE because it blows netscape and mozilla away, whether it's reliability, security or just plain ease of use.
First, my Linux box does not run IE, so I don't use IE at home. Does anyone have IE running under Linux? Last time I checked MS only released IE for their own platforms. I guess you could use Wine or something of the sort, but who wants to do that for a browser?
Second, the NT box that I use at work runs Netscape. Sure, I have a version of IE on it, that crashes on just about every other website, including MS's. And it's not as simple as downloading a the latest version either. I tried that. I downloaded the latest install package (using Netscape no less), and tried to install it. It gets about 90% done and then crashes my machine. Reboot. Run install again. Same result. Reboot. Download again. Run install. Crash.
I tried to get IE up and running, but I'm not going to go so far as to burn down my NT box and reinstall just to have it. I'm sure that's the solution that tech support at MS would suggest. So, I'm stuck using Netscape. Yeah, it's slower than IE, but it works!
You're running complicated, big applications on NT all day long to get your work done, and you're using Linux to play. Of course Linux isn't going to crash, you're not stressing the machine at all.
It's funny how you presume to know how people use their own machines. Personally, I use my NT box at work to check my email and browse the web. I have considered forwarding my mail to my Unix (AIX) box that I use to get real work done, but we use Lotus Notes which actually has some useful features. Sure, there's a Notes client for AIX, but it's dog slow compared to the Windows version.
As for my personal Linux box; sure I use it mostly for tinkering, but I'll tell you what. The number of times I've seen 98 or NT crash when I was just browsing the web makes my head hurt.
-----
Well, that's not strictly true. A DNA pen, if it existed, could only be used to prove that you *did* sign a document. Eve, the legendary attacker of cryptography lore, could always forge your signature with an ordinary pen and claim that you signed it using an ordinary pen.
Contrast this with public key digital signatures. With digital signatures, the following assertions are true:
You cannot create a digital signature without the use of your private key.
Anyone can verify that a document is signed by you, provided they have access to your public key, and trust its source.
The first requirement protects you from having someone else forge your signature. The second requirement allows the other party to reject your signed document if the signature is invalid. Thus, you cannot sign a "check", receive services for the "check", and then refuse payment on the check by claiming that the signature is not yours.
To meet these same restrictions in the physical world:
Laws would have to be passed that require signatures to be made with DNA pens.
DNA testing equipment would have to be readily available to the masses, allowing someone to verify your signature before accepting it.
The first requirement might be workable (but who wants more laws on the books), but the second is a bit far fetched at this point in time.
Now, a question. Do such pens exist? And for what purpose?
-----
Funny that you mention VA Linux. I look at their product list and it seems to hit right where Linux works best... high end servers and workstations. I don't think the fact that linux is not ready for the desktop is hurting VA at all.
-----
Re-read Ted T'so's comment with the above information in mind. Also, it may be more clear if you replace "arguing" with "claiming" "No one is arguing Microsoft has done something illegal," said Ts'o, now a principal engineer at VA Linux Systems. "But no one else uses the data authorization field this way. It's no longer an open standard."
The real problem is that this type of behavior defeats the purpose of open standards. It would not be a problem if someone small made a proprietary change to the protocol, because they would get ignored. However, Microsoft has enough clout in the industry that other products MUST interoperate with Windows. They have used that clout to impose an extension to the standard on the rest of us, who would prefer to go through the regular standards review process.
-----
It seems to me the designers just thought it would be too tough or impractical to make it secure, or they just didn't think about security at all. The question is how do you authenticate the stations? Ok, so they have a public/private key pair which are used to digitally sign the messages as authentic. If all radio stations have the same key, then it would be simple to embed the corresponding public keys in the radios. But then we have no way of revoking the keys if someone reverse engineers a legitimate RDS transmitter and gets the private key out of it (much like the way DVD was cracked).
A better way might be to use digital certificates to authenticate. This would allow certificates (keys) to be revoked but would require your car radio to be able to transmit to a certificate authority. Do we really want that? Is it worth wasting the wireless bandwidth to prevent a few pirates from forcing your RDS radio to turn to those stations? And who would manage the CA? It just seems like a lot of trouble to go through when you can just turn the RDS off whenever you're receiving a pirate signal. Granted you might miss out on your traffic report, but who cares really? The radio stations I listen to do traffic reports about every 10 minutes during rush hour.
-----