One of the methods that the GPL has to "encourage" free software is that any software that integrates GPL code, must also fall under the GPL. Hence, if a company wants some functionality provide by a GPL projects, they have two choices. a) merge it with their own, licence the result under the GPL, or b) write the functionality themselves.
This works fine for "normal" distributed apps, but take the example of a "web app" when the app is running on the server on behalf of the client. Is this "distribution" of the program? Could a company take GPL code, combine it with their code, and never make their code changes public? If you browse a web site that uses a GPL web server, are you entitled to ask them for the source of it? From my understanding of the GPL, you are only allowed to ask for the source, if you have recieved the corresponding binary.
This article brings up the point that we have to be careful that with the changing landscape of software "distribution", and of "software" in general, that the freedom we've require in software doesn't get lost. --
In the early days of the web, there were fewer sites and finding information on the web was straightforward. Your favourite bookmarks covered what you wanted, and search engines covered the rest quickly. Now, there are a lot more sites, and a lower signal/noise ratio with a lot of irrelevent content. There are vast lists of sites covering similar topics, and search engines can't keep up. Result? People are switching to portals, or using more particular search engines.
Journalism it seems has to go down a smiliar path. Speed matters for a story, but accuracy and research count highly. Previously, you had journalists who were experts in their own field, and you had a breathing space to do research before the story went to the printing press. In this day and age, with news sites on line, stories break at "internet speed". Hence, reasearch needs to be as quick. Also, with the amount of new developments it's impossible to keep up to date with everything. Result? do an "Ask slashdot" for info, and you'll get a very quick response from several people that know what they are talking about, several revelent links to the subject matter, and a general view of how the topic is viewed on the ground.
It's an excellent method and a lot better than reissuing the same myths that seem to propagate. I think Janes should be commended on a big step in the right direction. --
This is not directly related to the PEZ case, but very relevent to the tradmmark discussion in general. A lot of the comments here refer to the fact that Trademarks are only valid when used in association with the appropiate trade section, eg Bills Fruit and Apple store has nothing to fear from Apple Computers.
However, this is not the case in the UK where the 1994 Trade Marks Act extended that protection to dissimilar products. but it has not been effective because companies have argued successfully that they had a valid reason to adopt the name. According to a Story in the Financial times Visa successfuly blocked the use of their trademark in regard to a unrelated product (Condoms, in this case)
This could have a worse precedent than the PEZ case --
As has been pointed out, the Sun licence is not "open source" according to the accepted meaning of the phrase, so I suggest we give it a new type, making a total of four: (and use this instead to stop the "watering down" of the term "Open Source"
Closed source - speaks for itself
Open source - as per the definition (ala say Debian)
Free source - a la GPL/BSD
Viewable source - a la Sun licence
We could even explain it to NT people by comparing it to NT permissions of None, Change, Full Control, and Read, in that order. (For those unfamiliar, the main difference between change and full control is that the latter can change permissions/owners, the former can't)
For those interested in conspiricy theory, here's another possible reason for Sun to make source viewable. Consider this...
Sun release the source, and almost definitly, many linux people being curious hackers, will look around, to see how things work. Then, one of them at a later date includes a patch for improvement in the kernel, which Sun attempt to claim is using copyrighted code from their source. It could be impossible to claim "clean room" situation, if they have looked at it, and even if it wasn't true, it would be a major hassle.
This is actually more likely than you think, as I'm sure Linux is still missing some features that Solaris has, so the possibility of a patch including that feature would be subject to closer investigation. Consider scalability, say a patch is included that makes Linux more scalable, and a lot of the kernel is rewritten to take accord of the new structure/spinlocks, whatever. Then Sun contest that the scalability is theirs, and the kernel has to backtrack. (even if they lost, the impact could be major)
It might sound scarey, but it would be well worth considering the worst case, before looking at Sun's source, especially if you may add something to linux at a later date. If this happened, it could seriously slow, or scupper Linux development, if you have to keep looking over your shoulder at Sun. --
The whois entries are compiled by lots of people, each with their own respective data gathered contribution. So, if the whois database is covered by this, then it would be legal to give out that whois info for the reason it was gathered (initial "publishing"), but it would be illegal to use that info for any other means ("republishing") without the permission of the individuals who gathered that particular subset of information.
Many linux users would have a copy of named running as a caching nameserver. This would be configured to use the root nameservers (easy to find out) and named would handle the recursion part of the queries. This has the advantage of being totally portable across ISP's and you can also set up your own zones if you require.
So, in short, Linux users don't need to know the ISP's DNS servers, although they could configure them to be forwarders to reduce some traffic. Windows users, however, since they don't normally have a local nameserver, can't use the root nameservers, as AFAIK, the root server will not answer recursive queries.
Sendmail and Exchange can't really be compared directly as they fulfill different needs. Sendmail is a MTA, Exchange is much more. The functions that sendmail provide are covered by one section of exchange. It's the Internet mail server (or connector) and not the Exchange MTA that's the parallel for those that are curious)
IMO, as an MTA, Sendmail wins hands down, for several reasons, being better at anti-spam, and general potential configurabiliy. Exchange however, would win on ease of configurability. (I'm not including sendmail pro, which I have no experience of, just sendmail via M4 and the cf file.)
Interestingly, this is almost typical of my experiences of MS vs opensource projects, the MS one is easier to configure, even if the OSS is more powerful overall.
Back to the topic, I've used and configured Sendmail, (right down to the cf file level when it wasn't doing stuff correctly). I've used exchange from 4.0 to 5.5. Both seem to be fine for thier respective purposes, albeit with a little work on both sides. --
"Exigo spamos et dona ferentes" = "I reject the spammers even when bearing gifts" This is a variant of the line "Timeo danos et dona ferentes" from the Aeneid (seige of Troy etc) The original line meant "I fear the Greeks, even bearing gifts)
"Ceterum censeo, delenda est Microsoft" ="In my opinion, Microsoft must be destroyed." This is also a variant, this time from a line from a Roman orator, Cato, I believe. Rome had defeated Carthage, a long time enemy, but he was concerned that a defeat wasn't enough, that to make Rome safe, it had to be destroyed, not just just defeated.
A new virus is propagating across the internet, it was announced today. Once the IPO virus, as it has been called, has infected a company, all communication from the infected area ceases imediately. The payload for this virus has not been fully classified yet, but has been termed the "buy! buy!" strain. However, a opposite strain, called "it's free - why buy it?" seems to counteract it, and regardless, after 90 days, the company seems to recover, and can communicate freely again
This virus is very common about companys closely related with the Linux product, and seems to be highly contagious, each company getting more infected that the former one. Thankfully, companys only seem to get infected once, and no reinfections are reported as of this date. There are rumors of a strain called an SPO, as yet unconfirmed...
An update to disable for this virus, called the MS Buyout, will be released shortly.
--
Actually, you're not correct about the GPL here
on
Corel Clears the Air
·
· Score: 3
If you distribute a binary version to someone, that someone and
nobody else has the right to ask you for the source code, and you must comply.
Actually, this is not true, on both counts. If I get a GPL binary (no source attached) from Corel, I am entitled to ask them for the source code. I am also entitled to distribute this distribution to anyone I want. So far so good. But, under the GPL, anyone I distribute the binary to can also ask Corel for the source. Of course, they can ask me for it, but unless I distributed it commerically I do not have to comply
This is only the case of distributing binarys only, but this can be relevent to Corel, as they don't want to release the full source for their mods quite quite yet, but if one of the beta testers distribute the GPL modified binaries to slashdot, and everyone in slashdot asked Corel for the source, Corel would have to send to each and every one.
For reference, the relevent sections of the GPL follows: (emphasis mine to see where I'm coming from
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code [...]
b) Accompany it with a written offer, valid for at least three years, to give any third party, [...] a complete machine-readable copy of the corresponding source code, [...]
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
Only if Corel distribute the source along with the beta distribution would the complusion to supply source be passed from them.
I remember playing the game years back, the concept was good, the only thing that annoyed me was all the adding etc. (I get a +4, -2, +2, -5, so I need a 7 or more (but I can use card x, if the roll is even, etc)) It took some of the spontantity out of the game.
Personally, my best memory is one of the stories I heard of what allegedly happened at one of the prize competions:
Person A and person B are in the final, very close game... Person A says to Person B, "it's close, be a shame for one of us to lose now. If you conceed, I'll split the prize, okay?" Person B thinks, agrees, and calls the ref over and conceeds. Person A then shows the card "I Lied", which enabled him to default on an agreed deal. The refs found this amusing, judged it legal (and definitly within the spirit of the game) and awarded him the prize.
Given two opposing stories, the truth often lies somewhere in the middle. MS on one side says it's a backup Key, and this article suggests it a key for NSA to do the signing themselves. Lets throw together some wild thoughts and see where it goes...
a) Several people have commented that it is possible for the key to be replaced and load other "signed" crypto modules. b)MS cut a deal to enforce signing crypto modules, to enable them to export windows. If NSA wanted to load modules without MS, they'd need a key. c) People were initially scared that this key would allow NSA to install modules on their machine. d) The keys are actually used to verify crypo before loading, if it passes the signature, it'a trusted and will be used.
Would the NSA not be equally scared of someone signing a crypto module and getting it loaded and trusted on their machine? Now think, windows is exported worldwide, and if this article is correct, then so is the NSA public key. How likely is that? (Hint: which is easier to detect, a online hacker trying to logon directly, or a remote hacker cracking your/etc/passwd?)
So, what if this key was just inserted as a "placeholder" and within NSA, there is a "hardening" program which replaces the placeholder with their own. This could explain a) That MS would indeed have access to the second key (ie the "backup") b) That NSA do load crypto signed by themselves c) Why it was called an obvious name, as it was meant to be replaced later.
cat myletter.txt | encrypt -key joe-users-key | mail joe.user@random.org Now we clearly see that cat(1) and mail(1) are not exportable. All Linux developers in the US go to jail. Or something
Not quite. The export laws apply to programs with crypto api's, i.e. api's that are designed for used in such ways. It does not cover general usage cases (or else every exe that uses DLL's could be restricted)
For example, case 1. A mailer could quite legally have a function SpellCheckAndSend which calls an external spell checker on the message and sends the message. Could someone replace ispell with pgp? yes. Does this make the mailer crypto with holes? No. Case 2. A mailer adds an interface with pgp/gpg and if the message is marked as such, before sending it calls EncrpytOnlyForReaders which calls an external program pgp/egp program. Is there crypto in the mailer? No. Does this make the mailer crypto with holes? Yep. IANAL, of course, but this is the way I see the cryto laws with plugins working. In some ways its very much like the Demon libel suit, and their follow up actions, that deemed a link to a deflamlatory article was itself deflamatory.
In other words, the attitude is: Action A is against the law. If you do Action B, which deliberately makes Action A easier to do, then you are also breaking the law. --
Encryption as a routine for normal people can not really become an reality, until it becomes integrated easily with existing programs such as email, browsers, etc. However, work on doing this is made very difficult by the US export laws.
As evidenced in the Mozilla Crypto FAQ any program that is designed to call crypto plugins (a.k.a Crypto with "holes") comes under the same export restrictions as crypto, regardless of if the program uses crypto. This would mean that, technically, if you want to add GPG support to YFM (Your favourite Mailer) then just by the addition of GPG compatibility, YFM has fallen under the US export laws, and US citizens have a lot of trouble to try and work on it.
For those of you that noted it, this was the basis of the Microsoft crypto function that caused so much hassle of late. Technically, windows with the crypto API (even with no "crpyto") is "cryto with holes" and falls under export restrictions. To get around this, MS agreed to restrict the loading of crypto modules that they themselves signed (hence the need for the MS key). So this "loading restricted crypto with holes" was allowed to be exported without restrictions.
AFAIK, the only restriction to the export of "crpyto with holes" is if the API can only be used for verification, but for GPG to be useful for its full range, it needs encrption also. Hence, any program that integrates it fully, would be subject to restrictions.
So, to add GPG to "Your favourite mailer", it would split the development into several camps. One, maintaining the original email program as a base and others (maybe us and non-us) adding the cryto API's. This would add work of course, and in many cases would be dropped because the only version that could be worked on globally (which the open source model is) would be the original version. Thus, the export laws naturally make the work gravatate towards the non-gpg version. Funny that. --
To be truely unbiased, you should not know for whom you are moderating. The only way I can see that happening is that when you are in "moderator mode" all comments come up as anonymous, and all you have to go on is the content.
A possible variant for this, for the score side, is that instead of the moderators using a +1/-1 scoring, is that they do not see the original scores, and instead moderate absolutely. If the moderated score is greater than the current score, a +1 is assigned, if less, a -1 is set. If the scores match, then it remains the same, and the moderator doesn't loose a point.
One problem with the above is that some posts could bounce between scores of say 2-3. Maybe in this case the score would be shown for posts that had been moderated at least 4 times, to allow for the average to settle?
As for "placebo" moderating, I think it's a bad idea for several reasons, moderators feel they are wasting time and waste of server resources, being just two. --
If you do not want your program to be copied freely, give it a license that states something like, "This program can only be used on Debian systems, and not any stupid copy-cat distributions either, just the genuine Debian one."
Ironically, this type of restriction would, I believe, also make the program undistributable with the debian system, as it does not allow such restrictions. --
Didn't MS say they next target were the ISP's with the next verison of Exchange?
If they sign on windows people, they could easily only allow exchange clients, and drop POP3/SMTP, as the "exchange client is more featured" Then between MS' ISPs, set up advanced features, to add to the "fax effect"
After web browsing, email is by far the next most popular, and I'd hate to see another potential standard embrace,extend and extinguish set in here. And the potential for "lock-in" for email is higher than for a browser - it's easier to transfer your favourites to bookmarks, than convert your local email database to another one. Instant messaging is also another client with significant lock-in effects, which they are realising. The browser was just the beginning.
Over all, MS going into the ISP market, brings a whole new meaning for the marketing phrase "Where do you want to go today?"
Slashdot Mirror
One of the methods that the GPL has to "encourage" free software is that any software that integrates GPL code, must also fall under the GPL. Hence, if a company wants some functionality provide by a GPL projects, they have two choices. a) merge it with their own, licence the result under the GPL, or b) write the functionality themselves.
This works fine for "normal" distributed apps, but take the example of a "web app" when the app is running on the server on behalf of the client. Is this "distribution" of the program? Could a company take GPL code, combine it with their code, and never make their code changes public? If you browse a web site that uses a GPL web server, are you entitled to ask them for the source of it? From my understanding of the GPL, you are only allowed to ask for the source, if you have recieved the corresponding binary.
This article brings up the point that we have to be careful that with the changing landscape of software "distribution", and of "software" in general, that the freedom we've require in software doesn't get lost.
--
In the early days of the web, there were fewer sites and finding information on the web was straightforward. Your favourite bookmarks covered what you wanted, and search engines covered the rest quickly. Now, there are a lot more sites, and a lower signal/noise ratio with a lot of irrelevent content. There are vast lists of sites covering similar topics, and search engines can't keep up. Result? People are switching to portals, or using more particular search engines.
Journalism it seems has to go down a smiliar path. Speed matters for a story, but accuracy and research count highly. Previously, you had journalists who were experts in their own field, and you had a breathing space to do research before the story went to the printing press. In this day and age, with news sites on line, stories break at "internet speed". Hence, reasearch needs to be as quick. Also, with the amount of new developments it's impossible to keep up to date with everything. Result? do an "Ask slashdot" for info, and you'll get a very quick response from several people that know what they are talking about, several revelent links to the subject matter, and a general view of how the topic is viewed on the ground.
It's an excellent method and a lot better than reissuing the same myths that seem to propagate. I think Janes should be commended on a big step in the right direction.
--
This is not directly related to the PEZ case, but very relevent to the tradmmark discussion in general. A lot of the comments here refer to the fact that Trademarks are only valid when used in association with the appropiate trade section, eg Bills Fruit and Apple store has nothing to fear from Apple Computers.
However, this is not the case in the UK where the 1994 Trade Marks Act extended that protection to dissimilar products. but it has not been effective because companies have argued successfully that they had a valid reason to adopt the name. According to a Story in the Financial times Visa successfuly blocked the use of their trademark in regard to a unrelated product (Condoms, in this case)
This could have a worse precedent than the PEZ case
--
We could even explain it to NT people by comparing it to NT permissions of None, Change, Full Control, and Read, in that order. (For those unfamiliar, the main difference between change and full control is that the latter can change permissions/owners, the former can't)
--
For those interested in conspiricy theory, here's another possible reason for Sun to make source viewable. Consider this...
Sun release the source, and almost definitly, many linux people being curious hackers, will look around, to see how things work. Then, one of them at a later date includes a patch for improvement in the kernel, which Sun attempt to claim is using copyrighted code from their source. It could be impossible to claim "clean room" situation, if they have looked at it, and even if it wasn't true, it would be a major hassle.
This is actually more likely than you think, as I'm sure Linux is still missing some features that Solaris has, so the possibility of a patch including that feature would be subject to closer investigation. Consider scalability, say a patch is included that makes Linux more scalable, and a lot of the kernel is rewritten to take accord of the new structure/spinlocks, whatever. Then Sun contest that the scalability is theirs, and the kernel has to backtrack. (even if they lost, the impact could be major)
It might sound scarey, but it would be well worth considering the worst case, before looking at Sun's source, especially if you may add something to linux at a later date. If this happened, it could seriously slow, or scupper Linux development, if you have to keep looking over your shoulder at Sun.
--
The whois entries are compiled by lots of people, each with their own respective data gathered contribution. So, if the whois database is covered by this, then it would be legal to give out that whois info for the reason it was gathered (initial "publishing"), but it would be illegal to use that info for any other means ("republishing") without the permission of the individuals who gathered that particular subset of information.
Does this sound like a valid precedent?
--
Sample bet: 100/1 (shouldn't that be 2000/1) that a bank will fail on Jan 1, 2000 because of Y2k problems.
Ways to get around it
a) It wasn't a Y2K problem, it was "human error" etc
b) It wasn't a "failure", just a delay
Or a funny way of doing it:
c) "It didn't fail on Jan 1, 2000, it reported the failure on Jan 1, 1900, so it doesn't count!"
--
Many linux users would have a copy of named running as a caching nameserver. This would be configured to use the root nameservers (easy to find out) and named would handle the recursion part of the queries. This has the advantage of being totally portable across ISP's and you can also set up your own zones if you require.
So, in short, Linux users don't need to know the ISP's DNS servers, although they could configure them to be forwarders to reduce some traffic. Windows users, however, since they don't normally have a local nameserver, can't use the root nameservers, as AFAIK, the root server will not answer recursive queries.
--
Sendmail and Exchange can't really be compared directly as they fulfill different needs. Sendmail is a MTA, Exchange is much more. The functions that sendmail provide are covered by one section of exchange. It's the Internet mail server (or connector) and not the Exchange MTA that's the parallel for those that are curious)
IMO, as an MTA, Sendmail wins hands down, for several reasons, being better at anti-spam, and general potential configurabiliy. Exchange however, would win on ease of configurability. (I'm not including sendmail pro, which I have no experience of, just sendmail via M4 and the cf file.)
Interestingly, this is almost typical of my experiences of MS vs opensource projects, the MS one is easier to configure, even if the OSS is more powerful overall.
Back to the topic, I've used and configured Sendmail, (right down to the cf file level when it wasn't doing stuff correctly). I've used exchange from 4.0 to 5.5. Both seem to be fine for thier respective purposes, albeit with a little work on both sides.
--
"Exigo spamos et dona ferentes" = "I reject the spammers even when bearing gifts"
This is a variant of the line "Timeo danos et dona ferentes" from the Aeneid (seige of Troy etc) The original line meant "I fear the Greeks, even bearing gifts)
"Ceterum censeo, delenda est Microsoft" ="In my opinion, Microsoft must be destroyed."
This is also a variant, this time from a line from a Roman orator, Cato, I believe. Rome had defeated Carthage, a long time enemy, but he was concerned that a defeat wasn't enough, that to make Rome safe, it had to be destroyed, not just just defeated.
--
A new virus is propagating across the internet, it was announced today. Once the IPO virus, as it has been called, has infected a company, all communication from the infected area ceases imediately. The payload for this virus has not been fully classified yet, but has been termed the "buy! buy!" strain. However, a opposite strain, called "it's free - why buy it?" seems to counteract it, and regardless, after 90 days, the company seems to recover, and can communicate freely again
This virus is very common about companys closely related with the Linux product, and seems to be highly contagious, each company getting more infected that the former one. Thankfully, companys only seem to get infected once, and no reinfections are reported as of this date. There are rumors of a strain called an SPO, as yet unconfirmed...
An update to disable for this virus, called the MS Buyout, will be released shortly.
--
Actually, this is not true, on both counts. If I get a GPL binary (no source attached) from Corel, I am entitled to ask them for the source code. I am also entitled to distribute this distribution to anyone I want. So far so good.
But, under the GPL, anyone I distribute the binary to can also ask Corel for the source. Of course, they can ask me for it, but unless I distributed it commerically I do not have to comply
This is only the case of distributing binarys only, but this can be relevent to Corel, as they don't want to release the full source for their mods quite quite yet, but if one of the beta testers distribute the GPL modified binaries to slashdot, and everyone in slashdot asked Corel for the source, Corel would have to send to each and every one.
For reference, the relevent sections of the GPL follows: (emphasis mine to see where I'm coming from
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code [...]
b) Accompany it with a written offer, valid for at least three years, to give any third party, [...] a complete machine-readable copy of the corresponding source code, [...]
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
Only if Corel distribute the source along with the beta distribution would the complusion to supply source be passed from them.
--
--
I remember playing the game years back, the concept was good, the only thing that annoyed me was all the adding etc. (I get a +4, -2, +2, -5, so I need a 7 or more (but I can use card x, if the roll is even, etc)) It took some of the spontantity out of the game.
Personally, my best memory is one of the stories I heard of what allegedly happened at one of the prize competions:
Person A and person B are in the final, very close game... Person A says to Person B, "it's close, be a shame for one of us to lose now. If you conceed, I'll split the prize, okay?" Person B thinks, agrees, and calls the ref over and conceeds. Person A then shows the card "I Lied", which enabled him to default on an agreed deal. The refs found this amusing, judged it legal (and definitly within the spirit of the game) and awarded him the prize.
--
Slashdot is slashdot.org, and .org is reserved for not for profit organisitions. Will that mean that slashdot.org will have to change to slashdot.com?
:)
Or will we have an "official" slashdot.com, and a "GPL version" at slashdot.org
--
It's derived from:
a) "Transmute", the ability to change one element into another. Product is a chip that can change its internal instruction set.
b) trans, meaning "beyond", and metus, meaning "fear". product is irrelevent, just a cool name.
c) a 50+ word score in scrabble
(And yes, I've studied Latin, see sig)
--
Given two opposing stories, the truth often lies somewhere in the middle. MS on one side says it's a backup Key, and this article suggests it a key for NSA to do the signing themselves. Lets throw together some wild thoughts and see where it goes...
/etc/passwd?)
a) Several people have commented that it is possible for the key to be replaced and load other "signed" crypto modules.
b)MS cut a deal to enforce signing crypto modules, to enable them to export windows. If NSA wanted to load modules without MS, they'd need a key.
c) People were initially scared that this key would allow NSA to install modules on their machine.
d) The keys are actually used to verify crypo before loading, if it passes the signature, it'a trusted and will be used.
Would the NSA not be equally scared of someone signing a crypto module and getting it loaded and trusted on their machine? Now think, windows is exported worldwide, and if this article is correct, then so is the NSA public key. How likely is that? (Hint: which is easier to detect, a online hacker trying to logon directly, or a remote hacker cracking your
So, what if this key was just inserted as a "placeholder" and within NSA, there is a "hardening" program which replaces the placeholder with their own. This could explain
a) That MS would indeed have access to the second key (ie the "backup")
b) That NSA do load crypto signed by themselves
c) Why it was called an obvious name, as it was meant to be replaced later.
Fun to think about, eh?
--
cat myletter.txt | encrypt -key joe-users-key | mail joe.user@random.org
Now we clearly see that cat(1) and mail(1) are not exportable. All Linux developers in the US go to jail. Or something
Not quite. The export laws apply to programs with crypto api's, i.e. api's that are designed for used in such ways. It does not cover general usage cases (or else every exe that uses DLL's could be restricted)
For example, case 1. A mailer could quite legally have a function SpellCheckAndSend which calls an external spell checker on the message and sends the message. Could someone replace ispell with pgp? yes. Does this make the mailer crypto with holes? No.
Case 2. A mailer adds an interface with pgp/gpg and if the message is marked as such, before sending it calls EncrpytOnlyForReaders which calls an external program pgp/egp program. Is there crypto in the mailer? No. Does this make the mailer crypto with holes? Yep.
IANAL, of course, but this is the way I see the cryto laws with plugins working. In some ways its very much like the Demon libel suit, and their follow up actions, that deemed a link to a deflamlatory article was itself deflamatory.
In other words, the attitude is: Action A is against the law. If you do Action B, which deliberately makes Action A easier to do, then you are also breaking the law.
--
Encryption as a routine for normal people can not really become an reality, until it becomes integrated easily with existing programs such as email, browsers, etc. However, work on doing this is made very difficult by the US export laws.
As evidenced in the Mozilla Crypto FAQ any program that is designed to call crypto plugins (a.k.a Crypto with "holes") comes under the same export restrictions as crypto, regardless of if the program uses crypto. This would mean that, technically, if you want to add GPG support to YFM (Your favourite Mailer) then just by the addition of GPG compatibility, YFM has fallen under the US export laws, and US citizens have a lot of trouble to try and work on it.
For those of you that noted it, this was the basis of the Microsoft crypto function that caused so much hassle of late. Technically, windows with the crypto API (even with no "crpyto") is "cryto with holes" and falls under export restrictions. To get around this, MS agreed to restrict the loading of crypto modules that they themselves signed (hence the need for the MS key). So this "loading restricted crypto with holes" was allowed to be exported without restrictions.
AFAIK, the only restriction to the export of "crpyto with holes" is if the API can only be used for verification, but for GPG to be useful for its full range, it needs encrption also. Hence, any program that integrates it fully, would be subject to restrictions.
So, to add GPG to "Your favourite mailer", it would split the development into several camps. One, maintaining the original email program as a base and others (maybe us and non-us) adding the cryto API's. This would add work of course, and in many cases would be dropped because the only version that could be worked on globally (which the open source model is) would be the original version. Thus, the export laws naturally make the work gravatate towards the non-gpg version. Funny that.
--
To be truely unbiased, you should not know for whom you are moderating. The only way I can see that happening is that when you are in "moderator mode" all comments come up as anonymous, and all you have to go on is the content.
A possible variant for this, for the score side, is that instead of the moderators using a +1/-1 scoring, is that they do not see the original scores, and instead moderate absolutely. If the moderated score is greater than the current score, a +1 is assigned, if less, a -1 is set. If the scores match, then it remains the same, and the moderator doesn't loose a point.
One problem with the above is that some posts could bounce between scores of say 2-3. Maybe in this case the score would be shown for posts that had been moderated at least 4 times, to allow for the average to settle?
As for "placebo" moderating, I think it's a bad idea for several reasons, moderators feel they are wasting time and waste of server resources, being just two.
--
Ironically, this type of restriction would, I believe, also make the program undistributable with the debian system, as it does not allow such restrictions.
--
Didn't Microsoft use reverse engineering (otherwise described as "stanadard programming methods") to make MSN messenger work with AIM?
Funny that.
--
Didn't Microsoft use reverse engineering (otherwise described as "stanadard programming methods") to make MSN messenger with with AIM?
Funny that.
--
Imagine calling the new OS "Windows 2kibi" :)
(Could be more accurate, as may not be fully released till 2048
and..
0,1024,0 is a Star Wars Character (Oh-b- one-ki- no-b)
--
Didn't MS say they next target were the ISP's with the next verison of Exchange?
If they sign on windows people, they could easily only allow exchange clients, and drop POP3/SMTP, as the "exchange client is more featured" Then between MS' ISPs, set up advanced features, to add to the "fax effect"
After web browsing, email is by far the next most popular, and I'd hate to see another potential standard embrace,extend and extinguish set in here. And the potential for "lock-in" for email is higher than for a browser - it's easier to transfer your favourites to bookmarks, than convert your local email database to another one. Instant messaging is also another client with significant lock-in effects, which they are realising. The browser was just the beginning.
Over all, MS going into the ISP market, brings a whole new meaning for the marketing phrase "Where do you want to go today?"
I'm worried.
--