You put your very personal information in an envelope marked "Very Personal Information, Don't Open Unless Your Name is XXX," and pinned it to a bulletin board in a public location....
They appear to be doing so by exploiting their existing business relationships with distributors to allow them to intimidate people who are not necessarily their customers.
If I put out an RFQ to hardware distributors, there is no reason whatsoever for Microsoft to get involved. Their difficulties with educating site licensees about their licenses are exactly that - their problem. This is an issue that they need to address by talking to their site licensees (who they already know).
Now, in many instances, the threat of an audit or a review of license terms can be sufficiently costly as to force the installation of Windows on PCs. When faced with a nasty letter, it is often easier to go along than to fight.
That said, it is questionable how many distributors will participate in this. This kind of breach of confidentiality is precisely the sort of thing that can sour a potential business deal (and that's what this is - they are going after RFQ's, not PO's). Any employee of a distributor who participates in this program deserves to be fired for a breach of the customer's trust.
As far as antitrust goes... This and the old naked PC story come awful close to illegal product tying, even if the tie is not completely enforced...
Why should the IMC be required to turn over _all_ of the logs for _all_ accesses to the site, when:
- There are only 2 posts alleged to contain illegally obtained material
- The two law enforcement agencies were unable to provide URLs for these posts
- The two law enforcement agencies were unable to provide a clear description of the allegedly illegal posts
- What was given in terms of a description of the allegedly illegal posts matched none of the actual posts (notable the GWB itinerary)
Indymedia did act correctly in not releasing an overbroad collection of logs which would relate only very tenuously to two allegedly illegal posts which the law enforcement agencies were unable to demonstrate the presence of.
"but a virus (not this one) could search NFS mounts or SMB shares (which, of course, could be on Linux boxes running Samba) for exes to infect."
Yes, if you were a complete moron and shared your system binaries in such a way that they could actually be written... Principle of least privilege. Why the hell would you need to be able to write to files in/usr/bin,/usr/local/bin... across an NFS or SMB link?
Look. If you are vulnerable in any real way to virii like this, then you are also vulnerable to manual attacks from your users.
"In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a
storage or distribution medium does not bring the other work under the scope of this License."
(Last Paragraph, S. 2 of the GPL)
The part where the artists get stiffed is the part where the RIAA conspires with the government to bypass negotiation and acceptance of contract terms by all parties.
The RIAA vs Everyone (Napster...) was about the agreement between the distributors (them) and you (the buyer)
Only if you buy social contract theory. The RIAA vs Napster was (is) exclusively a statutory issue. I have no contract with the RIAA, and neither did Napster.
This new one is a contract issue - namely, the RIAA is attempting to use its weight to unilaterally modify contract terms. Though the title for this story is misleading, what they are doing here is still wrong. They appear not to be seeking to avoid payment of royalties. The RIAA appears to be requesting that it be allowed to dictate royalty rates and terms of the agreement without having to negotiate with the artists. There aren't too many places where unilateral changes to contracts are acceptable...
There are a large number of ISPs which do not use switched networks, and also do not use AntiSniff. As a result, they have no protection against this. Seeing as you seem to believe that most ISPs prevent this, how do you believe they do that?
Furthermore, the belief that every router hop from your machine to the machine you're connected to is secure is fatally mistaken. Just because your ISP has effective security measures does not mean that everyone on the route has the same effective measures.
But usually not in perpetuity. Most perpetual clauses in contracts are not enforceable in many jurisdictions.
That said, there are no restriction on the company's collection and aggregation of information that has been made public. If they try to get him fired by his new employer, they may be treading on thin ice though... There's nothing stopping them from grumbling and threatening, and gathering information, but if they interfere with his new contract, they may be getting in too deep.
No, we're not. The post was talking about a guy starting up an ISP. Moreover, he was willing to consider an option that uses MySQL as the backend. The guy is clearly not in the market for a $50k-$100k vertical market billing system. That said, even at 50k-100k, you're not likely to get much in the way of a performance guarantee, and you're sure as hell not going to get strict liability.
That said, if you implement a billing system, on which your business depends, and you don't have a manual audit process, you're a fucking moron.
I use printed manuals extensively for a couple of reasons:
1) To avoid using up the limited real estate on my monitor. If I'm dealing with something complex, I want to be able to read the documentation at the same time as doing what it tells me.
2) If I'm not around a computer. If I wish to prepare for the use of some software, I will occasionally read documentation on a plane, in the airport, at home in front of a television, etc. where a computer is not necessarily readily accessible.
3) It's legal for me to carry it anywhere. With much of the closed source software I use, it would be neither practical nor legal to have the electronic documentation accessible to me wherever I am. So, if an app compiled in VC++ reports back an error from a particular system call, I'm SOL 'til I can get back to my desk to look it up.
4) I just like the feel, the smell, the texture of books. I grew up loving books. It's a personal preference thing.
5) It's easier too whack a coworker over the head with a hard copy reference manual than with a CD.;-) (You gotta think of the other use for hard copy documentation - weapons)
As for the obvious. If you're going to do electronic documentation - do it in the right format for the platform. If your target is *NIX, do it with man pages, or TeXinfo. If your target is Windows, do it with RTF/Win Help. PDF and HTML are annoying as all hell for documentation. They're alright if the documentation is being downloaded from a website, but they don't typically fit the standard documentation format for the platform in question.
They neither provided the source with the binary, nor did they provide a written offer of the source with the binary. The GPL is quite clear on this issue (see section 3 of the license) Distributors must provide either the source (including modifications) or a written offer of source (including modifications) if they are distributing the binary.
That said, it is relatively clear that this was an oversight on the part of Be. They are fixing the error. It is important, however, that we remain vigilant and know the rules should the next violation, from another company perhaps, not be so benign.
Just a little nitpick. It is not simply enough to make the source available. You must accompany the binary with a written offer to provide source (see S 3.b of the GPL, reproduced below).
"3. You may copy and distribute the Program (or a work based on it, under S. 2) in object code or executabe form... provided that you also do one of the following:
a) Accompany it with the complete... source code...
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than...
c) Accompany it with the information... as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution...)"
So. They haven't done a). They can't choose c). Do they have an explicit "written offer, valid for at least three years..." included with the package? Otherwise they are contravening the license.
As for the ethics of this issue... How is it that the corporate apologists will stand up and cheer the enforcement of illegal license restrictions imposed by corporations on closed source software, but hypocritically refuse to support small open source developers' attempts to impose reasonable restrictions in their licenses.
This corporation is getting software for free (as in beer). The only thing that is asked in return is that they keep the software free (as in speech). If they don't feel they can comply with the terms of the license, they have a few options. They can:
a) Develop a replacement themselves. b) Search for a replacement released under a different license. c) Negotiate with the owner to be licensed under different terms.
Presumably you're referring to Microsoft Security Bulletin (MS00-025), which, though it had been outed by a couple of groups already was not released until 6:00 pm Pacific on Friday. Or are you referring to the three security bulletins that Microsoft held under wraps until after 6 pm Eastern on Friday Mar. 31? Microsoft does not have a history of timely reporting and fixing of security problems. Moreover, they have a tendancy of holding onto advisories until after business hours on a Friday.
The author was right about one thing. Open Source is not a panacea. However, where we are vigilant, it does work to improve security. Where there are enough qualified developers (like in the Linux kernel) looking for security related issues, Open Source provides us with an excellent opportunity to track down and fix bugs. Moreover, it means that we do not have to rely on a single source for fixes.
Nobody appears to be mentioning one very important advantage of Open Source when it comes to security. Even if Open Source software were more insecure than Closed Source software, it provides an advantage that Closed Source will never be able to provide. Developers can learn from other developers' mistakes. Developers can learn how to recognize and avoid common security problems in code by looking at advisories and the code before/after the fix. A new developer certainly cannot look at the IIS code and see how the latest buffer overflow bug caused problems, or how Microsoft fixed it. Do I learn _anything_ by applying Post SP6 Hotfix xxx? No. Do I learn anything scanning through a patch in source form for Apache? YOu bet.
The author does present an important point. Many Linux users now do not build from source even when it's available. Many don't even have the source to most of their tools/applications, even though it's available. Remember, if you don't exercise your freedom, you don't get the full advantage of it. Build from source. Read the source. Learn from other people's mistakes wrt security, so you don't make the same mistakes yourself.
Better no driver than one that requires a closed source kernel module to run. The _only_ thing that this will do is to distract hardware manufacturers from doing the right thing (tm).
As for the technical specifics, none of us are in any position to comment on the technicalities, as we haven't been made privy to this information.
Regardless of what Coca-Cola says on this issue, the mark _has_ lost its distinctiveness. Even when used in the context of beverages, the word "coke" now typically means a cola beverage of some sort. This includes "Pepsi," "RC Cola," generic colas, etc. This situation is thus very similar to "kleenex" or "band-aid."
As to distinctiveness in this particular context... Were I to head down to the States, purchase some Coca-Cola, and head back, I would be very hesitant to respond to the Customs Agents queries with the work "Coke."...
Customs Agent: Have you anything to declare, Sir?
Me: No, just picked up some Coke while I was down - it's pretty cheap down here.
Customs Agent : Step out of the car, keep your hands in plain view!
The confusion exists already. If anything, the fact that there is _not_ a website operating should work to this person's advantage, as there is clearly no potential for confusion here.
What kind of school is it? Are we talking high school/college/technical school/university? Each of these institutions has different needs, and correspondingly different reasons to use open source software.
Where does the school get its money? If it's government funded, it's likely to be relatively cash-strapped right now - open-source software isan excellent solution due to cost issues. The same goes for privately funded schools - the board would be remiss if it did not examine alternatives which can save money and protect returns/tuition.
What does the school teach? If it is a technical institution, like Devry etc. it is likely targetting its students at the (current) market-leader which is (unfortunately) Microsoft. One of the best ways to make this organizations see the advantages of teaching with open source is to show hard numbers. They make money only if students attend. They get students by showing that their program is relevant to current/future job markets. Market studies projecting Linux to remain the fastest growing operating system through 2003 can go a long way towards convincing these organizations to change. If we're talking about a University or college, these organizations tend to take a more academic view of their subject matter. Using Linux allows these groups to more effectively teach just about anything from OS design, through databases and UI. They can teach about complex systems using the code, rather than building toy systems from scratch.
As for your teacher, it is shocking to see a (technical) educator who 1) does not know about open source and 2) does not take open source seriously. Her credibility as an educator is shaken by a lack of knowledge of one of the most important currently used development models. "The Cathedral and the Bazaar" has recently been prnited (along with "A Brief History of Hackerdom", "Homesteading the Noosphere", and "Revenge of the Hackers". These should be required reading for anyone who should (by virtue of their position) know something about open source but doesn't.
The disrespect for private ownership is what caused the american trade enbargo on cuba (and almost launched WW3).
Umm. No. The overthrow of a _military_dictator_ *supported by the US government* is what caused the American trade embargo and the missile crisis. The suggestion that the Americans were somehow supporting freedom and democracy in condemning Cuba is ludicrous.
Slashdot Mirror
You put your very personal information in an envelope marked "Very Personal Information, Don't Open Unless Your Name is XXX," and pinned it to a bulletin board in a public location....
And early American colonists weren't forced to live in the American colonies either. What's your point?
They appear to be doing so by exploiting their existing business relationships with distributors to allow them to intimidate people who are not necessarily their customers.
If I put out an RFQ to hardware distributors, there is no reason whatsoever for Microsoft to get involved. Their difficulties with educating site licensees about their licenses are exactly that - their problem. This is an issue that they need to address by talking to their site licensees (who they already know).
Now, in many instances, the threat of an audit or a review of license terms can be sufficiently costly as to force the installation of Windows on PCs. When faced with a nasty letter, it is often easier to go along than to fight.
That said, it is questionable how many distributors will participate in this. This kind of breach of confidentiality is precisely the sort of thing that can sour a potential business deal (and that's what this is - they are going after RFQ's, not PO's). Any employee of a distributor who participates in this program deserves to be fired for a breach of the customer's trust.
As far as antitrust goes... This and the old naked PC story come awful close to illegal product tying, even if the tie is not completely enforced...
Why should the IMC be required to turn over _all_ of the logs for _all_ accesses to the site, when:
- There are only 2 posts alleged to contain illegally obtained material
- The two law enforcement agencies were unable to provide URLs for these posts
- The two law enforcement agencies were unable to provide a clear description of the allegedly illegal posts
- What was given in terms of a description of the allegedly illegal posts matched none of the actual posts (notable the GWB itinerary)
Indymedia did act correctly in not releasing an overbroad collection of logs which would relate only very tenuously to two allegedly illegal posts which the law enforcement agencies were unable to demonstrate the presence of.
"but a virus (not this one) could search NFS mounts or SMB shares (which, of course, could be on Linux boxes running Samba) for exes to infect."
Yes, if you were a complete moron and shared your system binaries in such a way that they could actually be written... Principle of least privilege. Why the hell would you need to be able to write to files in
Look. If you are vulnerable in any real way to virii like this, then you are also vulnerable to manual attacks from your users.
"In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a
storage or distribution medium does not bring the other work under the scope of this License."
(Last Paragraph, S. 2 of the GPL)
The part where the artists get stiffed is the part where the RIAA conspires with the government to bypass negotiation and acceptance of contract terms by all parties.
The RIAA vs Everyone (Napster...) was about the agreement between the distributors (them) and you (the buyer)
Only if you buy social contract theory. The RIAA vs Napster was (is) exclusively a statutory issue. I have no contract with the RIAA, and neither did Napster.
This new one is a contract issue - namely, the RIAA is attempting to use its weight to unilaterally modify contract terms. Though the title for this story is misleading, what they are doing here is still wrong. They appear not to be seeking to avoid payment of royalties. The RIAA appears to be requesting that it be allowed to dictate royalty rates and terms of the agreement without having to negotiate with the artists. There aren't too many places where unilateral changes to contracts are acceptable...
There are a large number of ISPs which do not use switched networks, and also do not use AntiSniff. As a result, they have no protection against this. Seeing as you seem to believe that most ISPs prevent this, how do you believe they do that?
Furthermore, the belief that every router hop from your machine to the machine you're connected to is secure is fatally mistaken. Just because your ISP has effective security measures does not mean that everyone on the route has the same effective measures.
Truth is not always a defense in libel and defamation cases.
But perpetual contract clauses may not be binding, depending on the jurisdiction.
But usually not in perpetuity. Most perpetual clauses in contracts are not enforceable in many jurisdictions.
That said, there are no restriction on the company's collection and aggregation of information that has been made public. If they try to get him fired by his new employer, they may be treading on thin ice though... There's nothing stopping them from grumbling and threatening, and gathering information, but if they interfere with his new contract, they may be getting in too deep.
No, we're not. The post was talking about a guy starting up an ISP. Moreover, he was willing to consider an option that uses MySQL as the backend. The guy is clearly not in the market for a $50k-$100k vertical market billing system. That said, even at 50k-100k, you're not likely to get much in the way of a performance guarantee, and you're sure as hell not going to get strict liability.
That said, if you implement a billing system, on which your business depends, and you don't have a manual audit process, you're a fucking moron.
I use printed manuals extensively for a couple of reasons:
;-) (You gotta think of the other use for hard copy documentation - weapons)
1) To avoid using up the limited real estate on my monitor. If I'm dealing with something complex, I want to be able to read the documentation at the same time as doing what it tells me.
2) If I'm not around a computer. If I wish to prepare for the use of some software, I will occasionally read documentation on a plane, in the airport, at home in front of a television, etc. where a computer is not necessarily readily accessible.
3) It's legal for me to carry it anywhere. With much of the closed source software I use, it would be neither practical nor legal to have the electronic documentation accessible to me wherever I am. So, if an app compiled in VC++ reports back an error from a particular system call, I'm SOL 'til I can get back to my desk to look it up.
4) I just like the feel, the smell, the texture of books. I grew up loving books. It's a personal preference thing.
5) It's easier too whack a coworker over the head with a hard copy reference manual than with a CD.
As for the obvious. If you're going to do electronic documentation - do it in the right format for the platform. If your target is *NIX, do it with man pages, or TeXinfo. If your target is Windows, do it with RTF/Win Help. PDF and HTML are annoying as all hell for documentation. They're alright if the documentation is being downloaded from a website, but they don't typically fit the standard documentation format for the platform in question.
They neither provided the source with the binary, nor did they provide a written offer of the source with the binary. The GPL is quite clear on this issue (see section 3 of the license) Distributors must provide either the source (including modifications) or a written offer of source (including modifications) if they are distributing the binary.
That said, it is relatively clear that this was an oversight on the part of Be. They are fixing the error. It is important, however, that we remain vigilant and know the rules should the next violation, from another company perhaps, not be so benign.
Just a little nitpick. It is not simply enough to make the source available. You must accompany the binary with a written offer to provide source (see S 3.b of the GPL, reproduced below).
"3. You may copy and distribute the Program (or a work based on it, under S. 2) in object code or executabe form... provided that you also do one of the following:
a) Accompany it with the complete... source code...
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than...
c) Accompany it with the information... as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution...)"
So. They haven't done a). They can't choose c). Do they have an explicit "written offer, valid for at least three years..." included with the package? Otherwise they are contravening the license.
As for the ethics of this issue... How is it that the corporate apologists will stand up and cheer the enforcement of illegal license restrictions imposed by corporations on closed source software, but hypocritically refuse to support small open source developers' attempts to impose reasonable restrictions in their licenses.
This corporation is getting software for free (as in beer). The only thing that is asked in return is that they keep the software free (as in speech). If they don't feel they can comply with the terms of the license, they have a few options. They can:
a) Develop a replacement themselves.
b) Search for a replacement released under a different license.
c) Negotiate with the owner to be licensed under different terms.
They can not simply ignore the license.
Presumably you're referring to Microsoft Security Bulletin (MS00-025), which, though it had been outed by a couple of groups already was not released until 6:00 pm Pacific on Friday. Or are you referring to the three security bulletins that Microsoft held under wraps until after 6 pm Eastern on Friday Mar. 31? Microsoft does not have a history of timely reporting and fixing of security problems. Moreover, they have a tendancy of holding onto advisories until after business hours on a Friday.
The author was right about one thing. Open Source is not a panacea. However, where we are vigilant, it does work to improve security. Where there are enough qualified developers (like in the Linux kernel) looking for security related issues, Open Source provides us with an excellent opportunity to track down and fix bugs. Moreover, it means that we do not have to rely on a single source for fixes.
Nobody appears to be mentioning one very important advantage of Open Source when it comes to security. Even if Open Source software were more insecure than Closed Source software, it provides an advantage that Closed Source will never be able to provide. Developers can learn from other developers' mistakes. Developers can learn how to recognize and avoid common security problems in code by looking at advisories and the code before/after the fix. A new developer certainly cannot look at the IIS code and see how the latest buffer overflow bug caused problems, or how Microsoft fixed it. Do I learn _anything_ by applying Post SP6 Hotfix xxx? No. Do I learn anything scanning through a patch in source form for Apache? YOu bet.
The author does present an important point. Many Linux users now do not build from source even when it's available. Many don't even have the source to most of their tools/applications, even though it's available. Remember, if you don't exercise your freedom, you don't get the full advantage of it. Build from source. Read the source. Learn from other people's mistakes wrt security, so you don't make the same mistakes yourself.
Better no driver than one that requires a closed source kernel module to run. The _only_ thing that this will do is to distract hardware manufacturers from doing the right thing (tm).
As for the technical specifics, none of us are in any position to comment on the technicalities, as we haven't been made privy to this information.
NO MORE BINARY-ONLY KERNEL MODULES!
I was in school in Beaumont 'bout 10 min. south around that time... Knew some people that went to some of the Edmonton schools...
And yet, www.pilot.com belongs to neither of them...
Regardless of what Coca-Cola says on this issue, the mark _has_ lost its distinctiveness. Even when used in the context of beverages, the word "coke" now typically means a cola beverage of some sort. This includes "Pepsi," "RC Cola," generic colas, etc. This situation is thus very similar to "kleenex" or "band-aid."
As to distinctiveness in this particular context... Were I to head down to the States, purchase some Coca-Cola, and head back, I would be very hesitant to respond to the Customs Agents queries with the work "Coke."...
Customs Agent: Have you anything to declare, Sir?
Me: No, just picked up some Coke while I was down - it's pretty cheap down here.
Customs Agent : Step out of the car, keep your hands in plain view!
The confusion exists already. If anything, the fact that there is _not_ a website operating should work to this person's advantage, as there is clearly no potential for confusion here.
What kind of school is it? Are we talking high school/college/technical school/university? Each of these institutions has different needs, and correspondingly different reasons to use open source software.
Where does the school get its money? If it's government funded, it's likely to be relatively cash-strapped right now - open-source software isan excellent solution due to cost issues. The same goes for privately funded schools - the board would be remiss if it did not examine alternatives which can save money and protect returns/tuition.
What does the school teach? If it is a technical institution, like Devry etc. it is likely targetting its students at the (current) market-leader which is (unfortunately) Microsoft. One of the best ways to make this organizations see the advantages of teaching with open source is to show hard numbers. They make money only if students attend. They get students by showing that their program is relevant to current/future job markets. Market studies projecting Linux to remain the fastest growing operating system through 2003 can go a long way towards convincing these organizations to change. If we're talking about a University or college, these organizations tend to take a more academic view of their subject matter. Using Linux allows these groups to more effectively teach just about anything from OS design, through databases and UI. They can teach about complex systems using the code, rather than building toy systems from scratch.
As for your teacher, it is shocking to see a (technical) educator who 1) does not know about open source and 2) does not take open source seriously. Her credibility as an educator is shaken by a lack of knowledge of one of the most important currently used development models. "The Cathedral and the Bazaar" has recently been prnited (along with "A Brief History of Hackerdom", "Homesteading the Noosphere", and "Revenge of the Hackers". These should be required reading for anyone who should (by virtue of their position) know something about open source but doesn't.
The disrespect for private ownership is what caused the american trade enbargo on cuba (and almost launched WW3).
Umm. No. The overthrow of a _military_dictator_ *supported by the US government* is what caused the American trade embargo and the missile crisis. The suggestion that the Americans were somehow supporting freedom and democracy in condemning Cuba is ludicrous.
http://www.2600.com/news/2000/0121-tra ns.txt The defense is unfortunately quite weak, and comes off as quite disorganized.
It is a _civil_ offense to *offer or distribute* technology which circumvents such a system. It is not an offense to *use* such technology.