Gee, why would I feel that the Northwest Airlines executive's dismissal of the employees' concerns would be more compelling had only they, personally, consented to turn over the contents of *their* personal computers to the employee's lawyers?
I'm moderately disturbed by the image of management and union officials negotiating the terms of a search... all without consulting the individuals who will also be subjected to the search. However, I'm *very* disturbed by someone casually dismissing the impact of his actions... someone who will undoubtably proclaim that *his* data must be protected because of some intrinsic difference between the plans and concerns of a multimillionaire and a poorly paid flight attendant.
Is it possible that the comments which many of us feel might have crossed the line (e.g., posting actual content instead of just links) were planted by Microsoft employees specifically so Microsoft could make a fuss about the "clear violation of law" and (hopefully) eliminate additional posts which would have otherwise been left alone?
I have absolutely no evidence that MS did this, or that it even contemplated it, but the problem with playing dirty is that reasonable people have to assume the worst from you. Because of MS's history (written entirely by Mac sorehead losers, no doubt:-), I think it's reasonable for the lawyers to investigate the posters a bit before responding to MS's demand. I think we can all agree that the response will need to be *very* different if Slashdot/Andover/VALinux can show that the offending posters work for Microsoft!
The Copyright Office is refering to things like microprocessor opcodes, phone numbers, street addresses, etc.
Believe it or not, some companies have tried to copyright all of these items (well, at least the first two) as a backend way to eliminate competition. The copyrights on the symbolic opcodes (in assembers), on the style of phone books, etc., were upheld, but anything which is a "unique expression" wasn't upheld.
In a concrete example, "add" can be copyrighted because someone else will use "adi" (add integers) and someone else will use "adds" (add short values). But the binary bit pattern 0x80ec *can't* be copyrighted since that pattern, *alone*, does the desired act. Semiconductor manufacturers can't get an exclusive lock on assemblers/compilers via copyright law alone.
Ditto different phone book publishers can use different styles of presentation of the directory information, but all phone books must show the same number associated with the same customer. Your baby bell can't prevent other companies from publishing competing phone books - a major source of revenue from yellow pages advertising.
As for HTML, remember that what we casually call "HTML" is actually other text - clearly copyrighted text - which is marked up in some manner. Stylesheets *can* be copyrighted, and these copyrights have held up in court (see the phone book example mentioned above), but in all cases the tags should not be visible to the end user - only the text being marked up. Text which is clearly protected by copyright.
IANAL, but I have studied this particular issue as a layman. HTML *can* be copyrighted since it is a "creative expression" "reduced to tangible form."
About the only thing that *can't* be copyrighted is something with a "unique expression." Bit patterns for computer opcodes can't be copyrighted (only an 0x84ce adds the contents of the bx and cx register on some hypothetical processor); phone numbers can't be copyrighted (only 303-555-1212 gets Debbie Smith), but the symbolic name "add" and the font face/point size/etc in a phone book can and have been copyrighted.... and I pick these particular examples because they are both well-known legal cases covered in my software engineering class.
HTML is pretty limited, but it still gives the author a significant amount of flexibility. He could use bold vs. italics, strong vs. emphasis, different fonts, different point sizes, plain lists vs enumated lists vs tables vs definitions, etc. HTML is clearly much more expressive than the conventions used in phone books, and the copyright on the latter has survived court challenges. Therefore, there's no doubt that any non-trivial HTML code can be protected by copyright law.
I recall hearing a rather humorous ad (unintentionally humorous, I'm sure), where Microsoft claimed a quarter of all MS discs are counterfeited. These shady duplicate discs supposedly have a far greater incidence of viruses than 100% Pure MS discs, and are the (sole) reason why Windows systems are always crashing.
Since CD-Rs can be used to burn duplicate software discs -- and in fact *are* routinely used to duplicate "working copies" of discs so the originals can be kept in a scratch-free environment -- and many of these discs illegally find there way onto unauthorized systems despite all reasonable efforts by the IT staff, doesn't it follow that MS should get a similar surcharge on all CD-R drives because of similar abuses?
I'm not seriously suggesting this, only pointing out that the same logic can be easily used by other groups to demand their own surcharge. I'm sure still others can find reasons why millions of law-abiding consumers should also chip in some cash. Should we accept all of these claims -- claims which paradoxically make it far easier for people to justify such illicit copies "since they already paid for it" -- or should these groups grow up and go after the handful of bad apples breaking the law instead of the vast majority of law-abiding consumers?
The issue is about limiting free speech - you're not allowed to pretend to be someone else by using their name.
Let me make sure I understand your position: you are claiming, with a straight face, that reasonable people will think "verizonreallysucks" is an official site sponsored by Verizon?
ROTFL!
NOBODY is arguing that critics have an absolute right to, oh, "verison.com". Since "Verizon" is a made-up word, a lot of people could reasonably confuse verison and verizon. (However, also remember that the other limited resource - toll-free numbers - accepts the use of misspellings to grab customers. E.g., 1-800-OPERATOR vs. 1-800-OPERATER.)
However, once there's no risk of confusion all of these rights vanish like your last date. No company, with the possible exception of infant pacifiers, will use (company-name)-SUCKS or anything remotely like it to sell their product. The *only* reason for grabbing these domains is to stiffle criticism, and as others have pointed out there is no practical limit to the number of such domain names.
It's easy to say that critics should simply sell the name (at cost) and register a new one, but it will destroy any ability to effectively communicate your message if you're forced to change domain names on a weekly basis. This is barely different from the widely condemned SLAPP suits - and IMHO both acts should bring about the severest sanctions against the attorneys.
Just in case someone missed the significance of the Python reference (which does use indentation to indicate blocking), Ada uses a variant of begin/end delimiting that should be familiar to most C/C++ programmers.
Really, what's the difference between
void foo (void) { if (a < b) { c(); } else { d(); }/* end if */ }/* end 'foo' */
and
Function foo is begin if (a < b) then c; else d; end if; end foo;
I've worked in C for 15 years, vs. 3 years in Ada, so I find the uncommented C cleaner for simple procedures. For complex procedures, or if the shop requires/* end loop */ type comments on all closing braces I find Ada cleaner. In any case, Ada definitely requires explicit delimiters.
A couple posts have suggested that the only reason anyone would care about the contents of the document is so they can create their own competing implementation.
That's *not* the case - the MIT and Heimdal Kerberos implementations work quite nicely under Linux, come bundled with RH 6.2 (and my unofficial Debian packages) and Debian 2.2/non-US, respectively, and include all you need for a fully-functional Kerberos network. I know; my BAN uses MIT Kerberos for most of the network services.
MIT Kerberos (at least) even compiles under Windows platforms. This allows you to use Kerberos with W9x boxes.
So why do we need this information? Simple: without this information it's impossible to modify Samba to allow Kerberos authentication (and encryption?) of remote shares. I'm sure I'm not the only person who is breathlessly awaiting the MS spin that "Samba may be faster, but it's not as secure as 'real' W2K servers!".
Meanwhile, I'm breathlessly awaiting Kerberos-enhanced NFS. (slobber). It would eliminate a *lot* of problems (while introducing a slew of new ones). In the meanwhile we still have AFS and CODA (which solves a different problem).
I believe that the reason rapid weight loss is strongly discouraged is not because of concerns with fat-soluable toxins - it's because that much weight loss implies you're losing much more than fat. The problem is that the only way to burn fat is via the "Kreb's Cycle" in your muscles (aka aerobic exercise), and someone who has enough fat to lose more than a kilogram or so per week is probably not in good enough shape to maintain the high aerobic levels required! This implies that the weight loss is actually due, in part, to loss of muscle mass... not a Good Thing.
Your liver and kidneys will need to handle anything dissolved in the fat, and that can include some pretty nasty toxins. But unless you live on the Love Canal it's unlikely you're talking about more than milligrams (or even micrograms) of toxins per gram of fat. Of course, when you consider how nasty dioxin and other toxins are...
(Before I get a nitpicking response, I believe the liver does use modest amounts of fat in the production of other compounds, but it's not enough to have any impact on your weight.)
Also, IIRC fat cells don't hold onto fat until you finally go on a diet. Instead, they constantly release a little bit at all times, and constantly absorb a little bit from the blood stream at all times. (I think they show up on blood chemistry profiles as triglycerides, but I could be mistaken.) That said, the fat (and dissolved toxins) could simply take a scenic trip around your body before being absorbed by another fat cell, but this does tend to "stir" the toxins up so you shouldn't get any nasty spikes in toxin levels.
There are several different types of errors; the most commonly abused ones are all library functions that use a user-specified buffer of unspecified size. This is why strncpy() and vnprintf() safe (they can truncate the copy once the buffer is full), but strcpy() and vprintf() are not.
A more subtle version of the same error can occur if you pass the wrong structure to a function that fills out a passed structure. This can happen if the user redefines the structure locally, or forces the issue with an explicit cast.
In all of these cases, the library call will overwrite unrelated data. If it's in the heap, some of your data will be bogus and if you're lucky you'll soon SEGV on a bad pointer. If it's on the stack (as an "auto" variable) it can overwrite the return address, possibly resulting in execution of arbitrary code.
I feel like Q talking to Picard in that episode where he offered Picard a second chance. All of the posts here are protected by copyright (they are *not* in the public domain, despite some air-headed comments about "public forums" and the like), but the world wouldn't change one iota if any author (or even hundreds of authors) remained silent.
This even applies to the posts selected for inclusion (with editing) in the book. The post, no matter how moving, is still a single testimonial read by a few tens of thousands of people.
But select a large number of those posts, organize them and present them in an overarching conceptual framework, and you have a new work which is far more than the sum of its parts. The IP in that book lies not in the individual stories, but in their selection and organization. Because of that, and the sad fact that there were so many personal stories to pick from, it seems clear to me that this use clearly falls under the "fair use" provisions of copyright law.
As others have alluded to, I have a *very* hard time imaging that anyone who contributed a story wanted it to be read by handful of people on Slashdot, then forgotten.
Even if they do care (and did't take the trivial precaution of writing Jon Katz directly and explicitly state their reservations), I can only compare the book to a magnificent building made of bricks. Obviously you need bricks to make that building, but each individual brick - by itself - is pretty much worthless. It's easy to substitute one brick for another during construction, and even afterwards the loss of a brick or two won't cause the building to fall down. But when we look at the building, do we see the bricks or the intelligence (and compassion) that organized them?
In closing, I would remind everyone of a famous axiom: the law should be treated as a shield, not a sword. IP rights are a shield when you seek to deny others taking credit or changing your words. While a few posters would have a legitimate beef about lack of credit, there's no doubt that the decision to anonymous all posts was justifiable considering the persecution reported by many writers. Sadly, many of these posts seem to be using the law as a sword. I wonder if they greet coworkers with "hello (c)", "want to grab lunch (c)?", etc.
Despite your naive beliefs, this is *not* a "public forum" and everything *written* on these pages is fully protected by copyright law. The key difference between slashdot and standing on a soapbox on the street corner is that *everything* you see has been reduced to tangible form. Copyright law can't apply to nontangible speech (since human memory is fallible and nobody can be absolutely sure what was said), but anything put down in tangible form (handwriting, books,... or little magnetic fields on a small disk) is born copyrighted.
A bit more broadly, it sounds like you're under the mistaken belief that the "public domain" is a vague catchall that everything we write falls into unless we explicitly declare our IP rights. That was arguably true many years ago, but part of the Bonn Convention(?) is that all works are born copyrighted and must be explicitly placed into the public domain (if desired, prior to the automatic conversion well after death). The only difference an explicit registration of the material makes is in the damages that can be rewarded if the IP rights are abused - without formal registration the owner can only sue to stop further publication. With registration, he can sue for puntative damages.
Finally, from what I understand about the book, it seems likely that all of the quotes are protected by the "fair use" clause of copyright law. They would have only required permission to quote articles in full.
The key to this is the "official secrets act." In most(?) countries, something that is classified can be suppressed even if leaked. All the government drone needs to do to kill a story is say the magic words "official secrets" and reporter's notebooks are confiscated, publishers take down stories and books, etc. Needless to say, this power can (and has been) abused to protect the crown from stories which are embarassing, but not a threat to national security. (Also, as another poster observed, in the UK at least there is no legal concept of "citizen" -- only "subjects" of the monarch. It is hard for a subject to refuse their monarch, but much easier for sovereign citizens to tell the G-man to jump in the lake.)
The US used to have an unofficial "gentleman's" equivalent, but it was blown wide open with the publication of the "Pentagon Papers" during the Vietnam war. The government tried to suppress publication "in the national interest," but the courts held that the true national interest lay in free, public discussion of the contents of those papers.
Things stood there for a couple decades, then the War On Drugs introduced the first "official secrets act" (by a different name) in the US -- much to the horror of the civil libertarians. Nobody disputes the national and personal interests in protecting the identify of informants, but we're all deeply concerned that this will be the proverbial camel's nose under the tent.
Before you use the Thompson paper to "prove" anything, remember that he implicitly assumed closed source development!
Specifically, his implicitly corrupted compiler C" is compiled with an explicitly corrupted compiler C'. The C' compiler must explicitly check for "odd" patterns and replace that code with odd values, and it's this corrupted code-generation code that is propogated in subsequent builds of the compiler.
But one of the greatest strengths of the open source ideal is that there's no assumption that any specific tool will be used. I've built the FSF tools from source tar balls many times, and more often than not I compile as many of them with the braindead local compiler. Even if I do a two-phase build, GCC is built with the braindead local compiler, so when everything is rebuilt with GCC it is *far* less likely to contain any hidden surprises.
Thompson's paper *is* something to consider in a pure-GCC environment. But the risk can be kept to a minimum level as long as GCC and the library can be compiled with a slow & stupid compiler bootstrapped from a provably correct assembler... or at least legacy Sun, HP/UX and AIX systems.:-)
(A sidenote for people unfamiliar with this type of bootstrapping -- you start with a "mini-C" assembly language compiler which can only handle a subset of C (e.g., no floating point math, no typedefs, no unions, etc.) Since it's in assembler, you can verify that the object code matches the source code... and the reduced functionality keeps the size reasonable. Your real compiler is written in this mini-C language, it accepts ANSI C but isn't fast, nor does it produce fast code. As a final step the newly compiled compiler (re)compiles itself.)
we had tight configuration management, in a package a wee-bit more secure than CVS...
CVS can be made reasonably secure with one simple change: require Kerberos authentication. This has several beneficial effects:
CVS *knows* who the user is - there's no worries about old.cvspassword files lying around or being cracked.
The user *knows* who the CVS server is - there's no risk of man-in-the-middle attacks.
You can encrypt client/server traffic - nobody can modify the data stream en route.
The CVS server should also be secured, of course, but the combination of the standard Unix permissions and Kerberos telnet and ftp should be adequate to provide a fairly high level of confidence that nobody has modified the underlying RCS files directly.
It sounds like someone severely screwed up your diagnosis. Psychological evaluations should *always* include a medical examination to exclude physical causes. I wouldn't expect this from a chiropractor, but a psychologist should have insisted on an exam. (Was he a licensed clinical psychologist, or a "social worker" out of his depth?) A psychiatrist, being a MD and the person who actually writes the prescription, has no excuses at all.
Was the tumor overlooked because it was small, or did they never bother to check for it?
If it's the latter, you should contact a local lawyer to explore whether medical malpractice occured. I hate lawyers second-guessing doctors, but if someone prescribed prozac for a sleep disorder and muscular (neck) pain without first eliminating physical causes then they are seriously jeopardizing their patients' health. You didn't say if your tumor was malignant, but even if it's not consider the possibility (which does occur) that the tumor could have been treatable when you first saw the psychologist and psychiatrist, but terminal by the time they finally identified it.
It's been a while since I looked at the B1 definitions, but let me see if I describe MACs as I understand them.
The key aspect appears to be a distinction with Discretionary Access Controls (DAC) - owner and group permissions, ACL lists, etc. DACs are controlled by the owner of the file, but MACs are controlled by the "security administrator." The terms "mandatory" and "discretionary" reflect the fact that the owner must always accept MAC access control on his files, but he can discard the DAC checks (e.g., using mode 0777).
One of the subtle points about MACs is that they are required to be persistent *in all media*. This means that MACs should be preserved (and enforced) when a file is copied to removable media, and somehow indicated on all printed pages. (E.g., printing the "sensitivity level" (confidential, secret, etc) in large type on all printed pages.) Obviously you can't preserve MAC information if the format doesn't support it, so a MAC system may be able to write (enhanced) tar images to tape, but not be able to copy files to a floppy/zip/etc disk using MSDOS or even ext2fs filesystems.
There may be more to MACs; the specs are deliberately vague. A *very* large part of the certification process is going through the appropriate standard and documenting *what* you did and *why* you did it, with some commentary about the implications of that decision. This provides the implementer the flexibility of using whatever technique fits their needs. E.g., nothing says that DACs must be implemented with ACLs, although most people now use them because they're familiar and proven acceptable to the certification agencies.
I'm aware of several possible solutions, each with its own problems.
1) Explicitly tie the home directory to specific machine(s) in the/etc/exports file. This works best if each system can be assigned to a single person, but even if you have a few shared systems in a lab it may be an acceptable solution.
2) Encrypt everything. If you are using the loopback filesystem encryption, you can NFS mount the home directory someplace else, then mount it via loopback over the user's home directory. Depending upon your level of paranoia, it could be mounted and unmounted as the user logs in, or it could be automatically mounted during the system boot. (This requires that the script know the password.) One potential downside is that you must specify how much space to allocate to the user up front... but then again this is an effective form of quotas, ensuring backups fit media, etc.
3) In a completely different direction, you should also evaluate Secure NFS. The recent glibc libraries include support for secure RPC, and I believe secure NFS ports are in progress. Once available, everyone should switch to secure NFS anyway to eliminate many of the problems associated with individuals having root access on their own system. (E.g., as a consultant I usually bring my own Linux laptop to the site... and I am not willing to surrender my root access to the typical IT drone.) Unfortunately, I don't know if secure NFS addresses your specific problem - the keys may be tied to the system, not the exported file system.
IMHO, this guy needs to get his head out of the clouds and consider the consequences of this tool with crimes other than libel and kiddie porn.
I agree 100% that bad *political* speech should not be censored. Let the damn KKK march in a Jewish neighborhood, let Phelps continue to protest outside of funerals. The cost of permitting them to deliberately offend people is far less than the ultimate cost of allowing the government to "protect" us from offensive political speech and acts.
But not all speech is protected. Most of us would have serious moral qualms about helping in a kidnapping/murder, or in passing notes between a hitman and his client. Yet that's part of the payload that Freenet will carry, by allowing anonymous communications between hitman and client, or kidnapper and victim's family.
It's possible that the moral good in providing a safe haven for whistleblowers and oppressed peoples will outweight the blood from murder victims. This is the type of moral dilemma that keeps people up at night. Pretending that this type of crime won't occur doesn't help answer this question, and in fact it casts doubt on all anonymous schemes because it makes the proponents come across as shallow eggheads who don't fully comprehend the consequences of their actions.
(Why do I feel the urge to quote Oppenheimer quoting Shiva after the first nuclear detonation?)
If you dangle it as bait trying to catch a cracker...
That's totally irrelevant. By this logic, it's not your fault for stealing from the grocery store's cash register if the clerk is so silly as to turn away while the tray was open. It's not your fault for stealing from the shelves if the grocery store was so silly as to leave the merchandise out in plain sight and reach.
Either you're an adult able to control yourself when confronted with such temptations, or you're a legal infant unable to do so and not entitled to any of the rights of an adult - you can't vote, you can't drive (can't risk you deciding to run a red light because the city hasn't installed physical barriers to stop you!), you sure as hell can't own a gun, etc.
The *ONLY* issue with entrapment (vs. stings) is whether the cops somehow enticed the person to do something they wouldn't normally do. In countless cases the courts have held that merely presenting an *opportunity* to commit an illegal act is not, in itself, entrapment. There must be some overt act encouraging the criminal acts. E.g., an underage agent offering a citizen $20 to buy a six-pack of beer... and telling them they'll get to keep the change.
Now complete the thought and ask yourself *what* Windows is better at. Is it a better web server for 90% of the potential market? A better NFS server? Hell, a better SMB server?
Nope. It is a better RDP server. Imagine that, the MS OS is a better client to Microsoft's own proprietary protocol than anyone else - commercial or open source. Slap me with a fish, I think I'm gonna faint!
Wyse has to deal with reality, *today*, and others have pointed out that the Linux support might have been nothing more than a high-stakes gambit to force MS's to change its licensing terms.
For the rest of us, if we need RDP then we have to deal with the devil behind the curtain and use WinCE. Performance and cost are totally irrelevant - if we need RDP we simply don't have a choice. We can only fairly compare WinCE and Linux (or any other OS) when the protocols are open to all.
Your position is known, contemptously, as "security by assertion."
You *assert* that the intl kernel patches (which I know and use) are adequate, complete, and correctly implemented.
You *assert* that iptools2 are adequate, complete, and correctly implemented.
On and on and on. You sound just like the Microsoft commercials that are equally eloquent at *asserting* my life will be much more pleasant once I toss out my moldy old Debian 2.2 system for Windows 2000.
In fact, I've downloaded and printed out the requirements for C2 and B1 certification, and I've tried to figure out what they really mean. Linux doesn't have everything it could have (e.g., I've played with the idea of an "auditfs" that would record - in a secure manner - *all* calls to the kernel with process/user info and parameters). Linux doesn't have that, yet, but that's the only way to really know who made some sensitive calls.
But beyond the issue of auditing, DACs, MACs, secure login prompt keys, adding security classification levels to the FS (how do you make a directory top secret/categorized? Remember that the specific category is itself classified, so everyone really use large bit fields in practice.), ensuring all external media (paper, tapes, disks, discs, modems, networks, plips, IrDA, and god knows what else somebody has written a kernel module for) properly preserves these classification tags.... beyond all of that, HOW DO YOU KNOW THAT THE SOFTWARE FUNCTIONS AS ADVERTISED?
I agree with you that the assertions - plus my own review of the code when I feel the need - is adequate for my own uses. It's enough for my employers. But classified systems, by definition (hopefully), will be attacked by professional with signficant bankrolls, not bored teenagers or petty-ante criminals. They will contain information that, if misused, could result in the deaths of thousands or millions of people, not just a few annoying bogus credit card charges. The standards of proof must be *far* more strict, and there's no room for wishful thinking or unchallenged assumptions. That's why a formal review and rating is so important for the DoD (and DoE, among others) market.
As I understand this, GPL code is *very* similar to land which has had an environmental easement put on it. The owner voluntarily places an irrevokable covenant on his land that prohibits it ever being used for development, agricultural use, whatever. This type of restriction is widely used by small farmers/ranchers to protect their land as cities encroach (preventing forced sales due to high property taxes), and environmentalists who can protect more land for a given amount of money given cooperative sellers (who often set aside a small area for a "wilderness" cabin).
HE STILL OWNS THE LAND. HE CAN STILL SELL THE LAND.
If someone buys the land hoping to put up condos, then is upset to discover the environmental easement on it, it's his own damn fault for not checking the public records to verify no easement exists on the land.
Likewise, anyone "buying" open source code, *or code they merely suspect might be open source*, has the onus on them to check the *public* code to determine if it's been GPL'd. It's not like this is a hidden attribute of the code. They may still wish to buy the code, e.g., to release a subsequent commercial version based on this code, but they can't claim that they didn't know they couldn't retract all distributed copies.
The *only* question in this case is if *one* 1-line comment is sufficient legal notice. It probably isn't. But the same standard would be used on *any* code, commercial or open source. That is why most of us are careful to *always* include full boilerplate on *all* source files, both open and closed source.
The clause you selectively quoted refers to the person who *receives* a copy of GPL software, not the author.
Do you really need me to explain why the GPL prohibits people from downloading code, slapping it into their own proprietary code base and selling it to others as their own work?
Slashdot Mirror
Gee, why would I feel that the Northwest Airlines executive's dismissal of the employees' concerns would be more compelling had only they, personally, consented to turn over the contents of *their* personal computers to the employee's lawyers?
I'm moderately disturbed by the image of management and union officials negotiating the terms of a search... all without consulting the individuals who will also be subjected to the search. However, I'm *very* disturbed by someone casually dismissing the impact of his actions... someone who will undoubtably proclaim that *his* data must be protected because of some intrinsic difference between the plans and concerns of a multimillionaire and a poorly paid flight attendant.
Reading this comment, something occured to me.
:-), I think it's reasonable for the lawyers to investigate the posters a bit before responding to MS's demand. I think we can all agree that the response will need to be *very* different if Slashdot/Andover/VALinux can show that the offending posters work for Microsoft!
Is it possible that the comments which many of us feel might have crossed the line (e.g., posting actual content instead of just links) were planted by Microsoft employees specifically so Microsoft could make a fuss about the "clear violation of law" and (hopefully) eliminate additional posts which would have otherwise been left alone?
I have absolutely no evidence that MS did this, or that it even contemplated it, but the problem with playing dirty is that reasonable people have to assume the worst from you. Because of MS's history (written entirely by Mac sorehead losers, no doubt
*Augh*
The Copyright Office is refering to things like microprocessor opcodes, phone numbers, street addresses, etc.
Believe it or not, some companies have tried to copyright all of these items (well, at least the first two) as a backend way to eliminate competition. The copyrights on the symbolic opcodes (in assembers), on the style of phone books, etc., were upheld, but anything which is a "unique expression" wasn't upheld.
In a concrete example, "add" can be copyrighted because someone else will use "adi" (add integers) and someone else will use "adds" (add short values). But the binary bit pattern 0x80ec *can't* be copyrighted since that pattern, *alone*, does the desired act. Semiconductor manufacturers can't get an exclusive lock on assemblers/compilers via copyright law alone.
Ditto different phone book publishers can use different styles of presentation of the directory information, but all phone books must show the same number associated with the same customer. Your baby bell can't prevent other companies from publishing competing phone books - a major source of revenue from yellow pages advertising.
As for HTML, remember that what we casually call "HTML" is actually other text - clearly copyrighted text - which is marked up in some manner. Stylesheets *can* be copyrighted, and these copyrights have held up in court (see the phone book example mentioned above), but in all cases the tags should not be visible to the end user - only the text being marked up. Text which is clearly protected by copyright.
IANAL, but I have studied this particular issue as a layman. HTML *can* be copyrighted since it is a "creative expression" "reduced to tangible form."
About the only thing that *can't* be copyrighted is something with a "unique expression." Bit patterns for computer opcodes can't be copyrighted (only an 0x84ce adds the contents of the bx and cx register on some hypothetical processor); phone numbers can't be copyrighted (only 303-555-1212 gets Debbie Smith), but the symbolic name "add" and the font face/point size/etc in a phone book can and have been copyrighted.... and I pick these particular examples because they are both well-known legal cases covered in my software engineering class.
HTML is pretty limited, but it still gives the author a significant amount of flexibility. He could use bold vs. italics, strong vs. emphasis, different fonts, different point sizes, plain lists vs enumated lists vs tables vs definitions, etc. HTML is clearly much more expressive than the conventions used in phone books, and the copyright on the latter has survived court challenges. Therefore, there's no doubt that any non-trivial HTML code can be protected by copyright law.
I recall hearing a rather humorous ad (unintentionally humorous, I'm sure), where Microsoft claimed a quarter of all MS discs are counterfeited. These shady duplicate discs supposedly have a far greater incidence of viruses than 100% Pure MS discs, and are the (sole) reason why Windows systems are always crashing.
Since CD-Rs can be used to burn duplicate software discs -- and in fact *are* routinely used to duplicate "working copies" of discs so the originals can be kept in a scratch-free environment -- and many of these discs illegally find there way onto unauthorized systems despite all reasonable efforts by the IT staff, doesn't it follow that MS should get a similar surcharge on all CD-R drives because of similar abuses?
I'm not seriously suggesting this, only pointing out that the same logic can be easily used by other groups to demand their own surcharge. I'm sure still others can find reasons why millions of law-abiding consumers should also chip in some cash. Should we accept all of these claims -- claims which paradoxically make it far easier for people to justify such illicit copies "since they already paid for it" -- or should these groups grow up and go after the handful of bad apples breaking the law instead of the vast majority of law-abiding consumers?
The issue is about limiting free speech - you're not allowed to pretend to be someone else by using their name.
Let me make sure I understand your position: you are claiming, with a straight face, that reasonable people will think "verizonreallysucks" is an official site sponsored by Verizon?
ROTFL!
NOBODY is arguing that critics have an absolute right to, oh, "verison.com". Since "Verizon" is a made-up word, a lot of people could reasonably confuse verison and verizon. (However, also remember that the other limited resource - toll-free numbers - accepts the use of misspellings to grab customers. E.g., 1-800-OPERATOR vs. 1-800-OPERATER.)
However, once there's no risk of confusion all of these rights vanish like your last date. No company, with the possible exception of infant pacifiers, will use (company-name)-SUCKS or anything remotely like it to sell their product. The *only* reason for grabbing these domains is to stiffle criticism, and as others have pointed out there is no practical limit to the number of such domain names.
It's easy to say that critics should simply sell the name (at cost) and register a new one, but it will destroy any ability to effectively communicate your message if you're forced to change domain names on a weekly basis. This is barely different from the widely condemned SLAPP suits - and IMHO both acts should bring about the severest sanctions against the attorneys.
Ada blocks are delmited(sic) by indentation
/* end if */ /* end 'foo' */
/* end loop */ type comments on all closing braces I find Ada cleaner. In any case, Ada definitely requires explicit delimiters.
Just in case someone missed the significance of the Python reference (which does use indentation to indicate blocking), Ada uses a variant of begin/end delimiting that should be familiar to most C/C++ programmers.
Really, what's the difference between
void foo (void)
{
if (a < b) {
c();
}
else {
d();
}
}
and
Function foo is
begin
if (a < b) then
c;
else
d;
end if;
end foo;
I've worked in C for 15 years, vs. 3 years in Ada, so I find the uncommented C cleaner for simple procedures. For complex procedures, or if the shop requires
A couple posts have suggested that the only reason anyone would care about the contents of the document is so they can create their own competing implementation.
That's *not* the case - the MIT and Heimdal Kerberos implementations work quite nicely under Linux, come bundled with RH 6.2 (and my unofficial Debian packages) and Debian 2.2/non-US, respectively, and include all you need for a fully-functional Kerberos network. I know; my BAN uses MIT Kerberos for most of the network services.
MIT Kerberos (at least) even compiles under Windows platforms. This allows you to use Kerberos with W9x boxes.
So why do we need this information? Simple: without this information it's impossible to modify Samba to allow Kerberos authentication (and encryption?) of remote shares. I'm sure I'm not the only person who is breathlessly awaiting the MS spin that "Samba may be faster, but it's not as secure as 'real' W2K servers!".
Meanwhile, I'm breathlessly awaiting Kerberos-enhanced NFS. (slobber). It would eliminate a *lot* of problems (while introducing a slew of new ones). In the meanwhile we still have AFS and CODA (which solves a different problem).
I believe that the reason rapid weight loss is strongly discouraged is not because of concerns with fat-soluable toxins - it's because that much weight loss implies you're losing much more than fat. The problem is that the only way to burn fat is via the "Kreb's Cycle" in your muscles (aka aerobic exercise), and someone who has enough fat to lose more than a kilogram or so per week is probably not in good enough shape to maintain the high aerobic levels required! This implies that the weight loss is actually due, in part, to loss of muscle mass... not a Good Thing.
Your liver and kidneys will need to handle anything dissolved in the fat, and that can include some pretty nasty toxins. But unless you live on the Love Canal it's unlikely you're talking about more than milligrams (or even micrograms) of toxins per gram of fat. Of course, when you consider how nasty dioxin and other toxins are...
(Before I get a nitpicking response, I believe the liver does use modest amounts of fat in the production of other compounds, but it's not enough to have any impact on your weight.)
Also, IIRC fat cells don't hold onto fat until you finally go on a diet. Instead, they constantly release a little bit at all times, and constantly absorb a little bit from the blood stream at all times. (I think they show up on blood chemistry profiles as triglycerides, but I could be mistaken.) That said, the fat (and dissolved toxins) could simply take a scenic trip around your body before being absorbed by another fat cell, but this does tend to "stir" the toxins up so you shouldn't get any nasty spikes in toxin levels.
There are several different types of errors; the most commonly abused ones are all library functions that use a user-specified buffer of unspecified size. This is why strncpy() and vnprintf() safe (they can truncate the copy once the buffer is full), but strcpy() and vprintf() are not.
A more subtle version of the same error can occur if you pass the wrong structure to a function that fills out a passed structure. This can happen if the user redefines the structure locally, or forces the issue with an explicit cast.
In all of these cases, the library call will overwrite unrelated data. If it's in the heap, some of your data will be bogus and if you're lucky you'll soon SEGV on a bad pointer. If it's on the stack (as an "auto" variable) it can overwrite the return address, possibly resulting in execution of arbitrary code.
I feel like Q talking to Picard in that episode where he offered Picard a second chance. All of the posts here are protected by copyright (they are *not* in the public domain, despite some air-headed comments about "public forums" and the like), but the world wouldn't change one iota if any author (or even hundreds of authors) remained silent.
This even applies to the posts selected for inclusion (with editing) in the book. The post, no matter how moving, is still a single testimonial read by a few tens of thousands of people.
But select a large number of those posts, organize them and present them in an overarching conceptual framework, and you have a new work which is far more than the sum of its parts. The IP in that book lies not in the individual stories, but in their selection and organization. Because of that, and the sad fact that there were so many personal stories to pick from, it seems clear to me that this use clearly falls under the "fair use" provisions of copyright law.
As others have alluded to, I have a *very* hard time imaging that anyone who contributed a story wanted it to be read by handful of people on Slashdot, then forgotten.
Even if they do care (and did't take the trivial precaution of writing Jon Katz directly and explicitly state their reservations), I can only compare the book to a magnificent building made of bricks. Obviously you need bricks to make that building, but each individual brick - by itself - is pretty much worthless. It's easy to substitute one brick for another during construction, and even afterwards the loss of a brick or two won't cause the building to fall down. But when we look at the building, do we see the bricks or the intelligence (and compassion) that organized them?
In closing, I would remind everyone of a famous axiom: the law should be treated as a shield, not a sword. IP rights are a shield when you seek to deny others taking credit or changing your words. While a few posters would have a legitimate beef about lack of credit, there's no doubt that the decision to anonymous all posts was justifiable considering the persecution reported by many writers. Sadly, many of these posts seem to be using the law as a sword. I wonder if they greet coworkers with "hello (c)", "want to grab lunch (c)?", etc.
Despite your naive beliefs, this is *not* a "public forum" and everything *written* on these pages is fully protected by copyright law. The key difference between slashdot and standing on a soapbox on the street corner is that *everything* you see has been reduced to tangible form. Copyright law can't apply to nontangible speech (since human memory is fallible and nobody can be absolutely sure what was said), but anything put down in tangible form (handwriting, books,... or little magnetic fields on a small disk) is born copyrighted.
A bit more broadly, it sounds like you're under the mistaken belief that the "public domain" is a vague catchall that everything we write falls into unless we explicitly declare our IP rights. That was arguably true many years ago, but part of the Bonn Convention(?) is that all works are born copyrighted and must be explicitly placed into the public domain (if desired, prior to the automatic conversion well after death). The only difference an explicit registration of the material makes is in the damages that can be rewarded if the IP rights are abused - without formal registration the owner can only sue to stop further publication. With registration, he can sue for puntative damages.
Finally, from what I understand about the book, it seems likely that all of the quotes are protected by the "fair use" clause of copyright law. They would have only required permission to quote articles in full.
The key to this is the "official secrets act." In most(?) countries, something that is classified can be suppressed even if leaked. All the government drone needs to do to kill a story is say the magic words "official secrets" and reporter's notebooks are confiscated, publishers take down stories and books, etc. Needless to say, this power can (and has been) abused to protect the crown from stories which are embarassing, but not a threat to national security. (Also, as another poster observed, in the UK at least there is no legal concept of "citizen" -- only "subjects" of the monarch. It is hard for a subject to refuse their monarch, but much easier for sovereign citizens to tell the G-man to jump in the lake.)
The US used to have an unofficial "gentleman's" equivalent, but it was blown wide open with the publication of the "Pentagon Papers" during the Vietnam war. The government tried to suppress publication "in the national interest," but the courts held that the true national interest lay in free, public discussion of the contents of those papers.
Things stood there for a couple decades, then the War On Drugs introduced the first "official secrets act" (by a different name) in the US -- much to the horror of the civil libertarians. Nobody disputes the national and personal interests in protecting the identify of informants, but we're all deeply concerned that this will be the proverbial camel's nose under the tent.
(glibc is GPL'd)
My Debian 2.2 documentation clearly states that glibc is LGPL'd.
Before you use the Thompson paper to "prove" anything, remember that he implicitly assumed closed source development!
:-)
Specifically, his implicitly corrupted compiler C" is compiled with an explicitly corrupted compiler C'. The C' compiler must explicitly check for "odd" patterns and replace that code with odd values, and it's this corrupted code-generation code that is propogated in subsequent builds of the compiler.
But one of the greatest strengths of the open source ideal is that there's no assumption that any specific tool will be used. I've built the FSF tools from source tar balls many times, and more often than not I compile as many of them with the braindead local compiler. Even if I do a two-phase build, GCC is built with the braindead local compiler, so when everything is rebuilt with GCC it is *far* less likely to contain any hidden surprises.
Thompson's paper *is* something to consider in a pure-GCC environment. But the risk can be kept to a minimum level as long as GCC and the library can be compiled with a slow & stupid compiler bootstrapped from a provably correct assembler... or at least legacy Sun, HP/UX and AIX systems.
(A sidenote for people unfamiliar with this type of bootstrapping -- you start with a "mini-C" assembly language compiler which can only handle a subset of C (e.g., no floating point math, no typedefs, no unions, etc.) Since it's in assembler, you can verify that the object code matches the source code... and the reduced functionality keeps the size reasonable. Your real compiler is written in this mini-C language, it accepts ANSI C but isn't fast, nor does it produce fast code. As a final step the newly compiled compiler (re)compiles itself.)
CVS can be made reasonably secure with one simple change: require Kerberos authentication. This has several beneficial effects:
- CVS *knows* who the user is - there's no worries about old
.cvspassword files lying around or being cracked. - The user *knows* who the CVS server is - there's no risk of man-in-the-middle attacks.
- You can encrypt client/server traffic - nobody can modify the data stream en route.
The CVS server should also be secured, of course, but the combination of the standard Unix permissions and Kerberos telnet and ftp should be adequate to provide a fairly high level of confidence that nobody has modified the underlying RCS files directly.It sounds like someone severely screwed up your diagnosis. Psychological evaluations should *always* include a medical examination to exclude physical causes. I wouldn't expect this from a chiropractor, but a psychologist should have insisted on an exam. (Was he a licensed clinical psychologist, or a "social worker" out of his depth?) A psychiatrist, being a MD and the person who actually writes the prescription, has no excuses at all.
Was the tumor overlooked because it was small, or did they never bother to check for it?
If it's the latter, you should contact a local lawyer to explore whether medical malpractice occured. I hate lawyers second-guessing doctors, but if someone prescribed prozac for a sleep disorder and muscular (neck) pain without first eliminating physical causes then they are seriously jeopardizing their patients' health. You didn't say if your tumor was malignant, but even if it's not consider the possibility (which does occur) that the tumor could have been treatable when you first saw the psychologist and psychiatrist, but terminal by the time they finally identified it.
It's been a while since I looked at the B1 definitions, but let me see if I describe MACs as I understand them.
The key aspect appears to be a distinction with Discretionary Access Controls (DAC) - owner and group permissions, ACL lists, etc. DACs are controlled by the owner of the file, but MACs are controlled by the "security administrator." The terms "mandatory" and "discretionary" reflect the fact that the owner must always accept MAC access control on his files, but he can discard the DAC checks (e.g., using mode 0777).
One of the subtle points about MACs is that they are required to be persistent *in all media*. This means that MACs should be preserved (and enforced) when a file is copied to removable media, and somehow indicated on all printed pages. (E.g., printing the "sensitivity level" (confidential, secret, etc) in large type on all printed pages.) Obviously you can't preserve MAC information if the format doesn't support it, so a MAC system may be able to write (enhanced) tar images to tape, but not be able to copy files to a floppy/zip/etc disk using MSDOS or even ext2fs filesystems.
There may be more to MACs; the specs are deliberately vague. A *very* large part of the certification process is going through the appropriate standard and documenting *what* you did and *why* you did it, with some commentary about the implications of that decision. This provides the implementer the flexibility of using whatever technique fits their needs. E.g., nothing says that DACs must be implemented with ACLs, although most people now use them because they're familiar and proven acceptable to the certification agencies.
I'm aware of several possible solutions, each with its own problems.
/etc/exports file. This works best if each system can be assigned to a single person, but even if you have a few shared systems in a lab it may be an acceptable solution.
1) Explicitly tie the home directory to specific machine(s) in the
2) Encrypt everything. If you are using the loopback filesystem encryption, you can NFS mount the home directory someplace else, then mount it via loopback over the user's home directory. Depending upon your level of paranoia, it could be mounted and unmounted as the user logs in, or it could be automatically mounted during the system boot. (This requires that the script know the password.) One potential downside is that you must specify how much space to allocate to the user up front... but then again this is an effective form of quotas, ensuring backups fit media, etc.
3) In a completely different direction, you should also evaluate Secure NFS. The recent glibc libraries include support for secure RPC, and I believe secure NFS ports are in progress. Once available, everyone should switch to secure NFS anyway to eliminate many of the problems associated with individuals having root access on their own system. (E.g., as a consultant I usually bring my own Linux laptop to the site... and I am not willing to surrender my root access to the typical IT drone.) Unfortunately, I don't know if secure NFS addresses your specific problem - the keys may be tied to the system, not the exported file system.
IMHO, this guy needs to get his head out of the clouds and consider the consequences of this tool with crimes other than libel and kiddie porn.
I agree 100% that bad *political* speech should not be censored. Let the damn KKK march in a Jewish neighborhood, let Phelps continue to protest outside of funerals. The cost of permitting them to deliberately offend people is far less than the ultimate cost of allowing the government to "protect" us from offensive political speech and acts.
But not all speech is protected. Most of us would have serious moral qualms about helping in a kidnapping/murder, or in passing notes between a hitman and his client. Yet that's part of the payload that Freenet will carry, by allowing anonymous communications between hitman and client, or kidnapper and victim's family.
It's possible that the moral good in providing a safe haven for whistleblowers and oppressed peoples will outweight the blood from murder victims. This is the type of moral dilemma that keeps people up at night. Pretending that this type of crime won't occur doesn't help answer this question, and in fact it casts doubt on all anonymous schemes because it makes the proponents come across as shallow eggheads who don't fully comprehend the consequences of their actions.
(Why do I feel the urge to quote Oppenheimer quoting Shiva after the first nuclear detonation?)
If you dangle it as bait trying to catch a cracker...
That's totally irrelevant. By this logic, it's not your fault for stealing from the grocery store's cash register if the clerk is so silly as to turn away while the tray was open. It's not your fault for stealing from the shelves if the grocery store was so silly as to leave the merchandise out in plain sight and reach.
Either you're an adult able to control yourself when confronted with such temptations, or you're a legal infant unable to do so and not entitled to any of the rights of an adult - you can't vote, you can't drive (can't risk you deciding to run a red light because the city hasn't installed physical barriers to stop you!), you sure as hell can't own a gun, etc.
The *ONLY* issue with entrapment (vs. stings) is whether the cops somehow enticed the person to do something they wouldn't normally do. In countless cases the courts have held that merely presenting an *opportunity* to commit an illegal act is not, in itself, entrapment. There must be some overt act encouraging the criminal acts. E.g., an underage agent offering a citizen $20 to buy a six-pack of beer... and telling them they'll get to keep the change.
Windows is better at some things...
Now complete the thought and ask yourself *what* Windows is better at. Is it a better web server for 90% of the potential market? A better NFS server? Hell, a better SMB server?
Nope. It is a better RDP server. Imagine that, the MS OS is a better client to Microsoft's own proprietary protocol than anyone else - commercial or open source. Slap me with a fish, I think I'm gonna faint!
Wyse has to deal with reality, *today*, and others have pointed out that the Linux support might have been nothing more than a high-stakes gambit to force MS's to change its licensing terms.
For the rest of us, if we need RDP then we have to deal with the devil behind the curtain and use WinCE. Performance and cost are totally irrelevant - if we need RDP we simply don't have a choice. We can only fairly compare WinCE and Linux (or any other OS) when the protocols are open to all.
Your position is known, contemptously, as "security by assertion."
You *assert* that the intl kernel patches (which I know and use) are adequate, complete, and correctly implemented.
You *assert* that iptools2 are adequate, complete, and correctly implemented.
On and on and on. You sound just like the Microsoft commercials that are equally eloquent at *asserting* my life will be much more pleasant once I toss out my moldy old Debian 2.2 system for Windows 2000.
In fact, I've downloaded and printed out the requirements for C2 and B1 certification, and I've tried to figure out what they really mean. Linux doesn't have everything it could have (e.g., I've played with the idea of an "auditfs" that would record - in a secure manner - *all* calls to the kernel with process/user info and parameters). Linux doesn't have that, yet, but that's the only way to really know who made some sensitive calls.
But beyond the issue of auditing, DACs, MACs, secure login prompt keys, adding security classification levels to the FS (how do you make a directory top secret/categorized? Remember that the specific category is itself classified, so everyone really use large bit fields in practice.), ensuring all external media (paper, tapes, disks, discs, modems, networks, plips, IrDA, and god knows what else somebody has written a kernel module for) properly preserves these classification tags.... beyond all of that, HOW DO YOU KNOW THAT THE SOFTWARE FUNCTIONS AS ADVERTISED?
I agree with you that the assertions - plus my own review of the code when I feel the need - is adequate for my own uses. It's enough for my employers. But classified systems, by definition (hopefully), will be attacked by professional with signficant bankrolls, not bored teenagers or petty-ante criminals. They will contain information that, if misused, could result in the deaths of thousands or millions of people, not just a few annoying bogus credit card charges. The standards of proof must be *far* more strict, and there's no room for wishful thinking or unchallenged assumptions. That's why a formal review and rating is so important for the DoD (and DoE, among others) market.
As I understand this, GPL code is *very* similar to land which has had an environmental easement put on it. The owner voluntarily places an irrevokable covenant on his land that prohibits it ever being used for development, agricultural use, whatever. This type of restriction is widely used by small farmers/ranchers to protect their land as cities encroach (preventing forced sales due to high property taxes), and environmentalists who can protect more land for a given amount of money given cooperative sellers (who often set aside a small area for a "wilderness" cabin).
HE STILL OWNS THE LAND. HE CAN STILL SELL THE LAND.
If someone buys the land hoping to put up condos, then is upset to discover the environmental easement on it, it's his own damn fault for not checking the public records to verify no easement exists on the land.
Likewise, anyone "buying" open source code, *or code they merely suspect might be open source*, has the onus on them to check the *public* code to determine if it's been GPL'd. It's not like this is a hidden attribute of the code. They may still wish to buy the code, e.g., to release a subsequent commercial version based on this code, but they can't claim that they didn't know they couldn't retract all distributed copies.
The *only* question in this case is if *one* 1-line comment is sufficient legal notice. It probably isn't. But the same standard would be used on *any* code, commercial or open source. That is why most of us are careful to *always* include full boilerplate on *all* source files, both open and closed source.
The clause you selectively quoted refers to the person who *receives* a copy of GPL software, not the author.
Do you really need me to explain why the GPL prohibits people from downloading code, slapping it into their own proprietary code base and selling it to others as their own work?