Slashdot Mirror


User: Bruce+Perens

Bruce+Perens's activity in the archive.

Stories
0
Comments
7,506
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,506

  1. Re:The real question... on Torvalds Puts Support Behind GPL2 Linux · · Score: 1

    To be really specific about the problem, it is technological circumventions of the license. One of the goals of the license is that the software be modifiable by the end user. DRM is a technological circumvention of that license provision. As the copyright holder, I should indeed oppose such circumventions.

  2. Re:No Termination on Creative Commons License Flaws Claimed · · Score: 1

    Yes. But if you used the photo not just as a prototype for sale but to promote your own services or products, that would be different. So, if the photographs became, for example, header or background material for your web site promoting your photos for sale, there might be a valid claim.

  3. Re:Linux license could be changed easily on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    I have good legal advice that the license change is entirely possible in the way I have outlined. So, with all due respect I have to reject your assertion. By the way, it is not a "criminal copyright violation", copyright is civil law, not criminal law.

    Regarding the preludes, you can't really make a distinction between the text that includes "or any later version" and the rest of the license, the license is included into that that text by reference.

    Bruce

  4. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 1
    A mathematically provable software language will only prove that the software meets a certain specification.

    I haven't tried this, and indeed there isn't much real work going on in provable software languages these days. But I think that it would be possible to set theoretical constraints on a program such that it serves data and does not allow it to be modified. There might be a good Ph.D. paper in it for someone.

  5. Waking up a year later on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    I don't want to wake up a year later and discover that for some reason I missed a notification and that the default was to relicense my code to something else.

    If you are a Linux kernel developer, this has already happened to you. Linus has changed critical license details not once but twice.

  6. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 1
    The vast majority of software engineers have no idea what they're doing when it comes to detecting, fixing and avoiding security issues.

    As an aggregate they know enough that they produce the vast majority of security bug reports. Only a tiny minority of those reports come from "experts" performing security reviews. If we have to rely on experts, we're not going to have much security anywhere.

    Theo, unfortunately, has contempt for the programming abilities of most people. It is a valid point, however, that most C programmers can learn more than they know now about how to write secure software.

  7. Re:Linux license could be changed easily on Torvalds Puts Support Behind GPL2 Linux · · Score: 1

    Yes, it is optional to use the "and any later" language. But once it is used, I consider that it is a critical portion of the license. Yet, Linus removed it without the consent of 100% of the copyright holders. Either he did not have the right to do that, and we can consider that it's still there, or he did have the right to do it, in which case he can make other changes.

  8. Re:Linux license could be changed easily on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    When you participate in a collective project and they decide to change their license, yes you may have to explicitly object to their doing so.

    Bruce

  9. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 1
    Even those who historically have critized "security through obscurity" never suggested that publishing their design or secrets would lead to better security

    You're wrong about that. For example, NIST, a US government standards agency, is calling for proposals for a new cryptographic algorithm for government use. Their specification requires that it be publicly disclosed (and royalty free, too). This is so that they don't pick a weak algorithm. They want any known or theoretical problems to be pointed out to them. Most certainly NSA participates in building that sort of specification.

    Bruce

  10. Re:The real question... on Torvalds Puts Support Behind GPL2 Linux · · Score: 1

    It doesn't have to make DRM easy, just possible.

  11. Physical locks and security by obscurity on US DHS Testing FOSS Security · · Score: 1
    Here's a good story about examining how locks work, that shows the value of "disclosed source".

    Anyone can buy a re-key kit for Schlage locks at the Home Depot. Upon opening the cylinder of the lock with that kit, you will discover that (this is approximate, I don't have the lock in front of me) there are 5 pins, and 5 possible levels per pin, and that the minimum number of possible key patterns might thus be 5 ^ 5 or 3125. Which is enough that nobody's carrying all of the possible keys around and will have time to go through them at my front door.

    The re-key kit comes with a set of two identical new keys that do not use the same pin length twice, and thus its number of possible patterns might be 5 * 4 * 3 * 2 * 1 or only 120. Uh-oh! Better not base the keys for my house on the master from the re-key kit! And shame on them for not saying this on the box.

    See the benefit of being able to examine how they work?

    FYI, yes I know about lock-picking, there's an alarm too.Bruce

  12. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 1
    My door is locked, but the mechanism of the lock is easily available in the hardware store for others to scrutinize. And so it should be. This is a different sort of information than the pattern of the key.

    Bruce

  13. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 1

    Actually, I read that as "We won't tell you how many bugs there are, our customers would not like it". They could well be inflating the reliability of proprietary software for their customers sake.

  14. Re:The real question... on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    Gee, maybe we should patent it. Oops, too late :-) Well, it wasn't in the news from CES. Maybe TVGOS is beholden to manufacturers who want to sell more new hardware.

    Bruce

  15. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 1
    According to McAfee recently (http://yro.slashdot.org/article.pl?sid=08/01/05/0215201) and Microsoft et al, having your code exposed lets the bad guys exploit it's vulnerabilities

    Yes they said that, but you don't really believe it, do you? If so, just look up "security by obscurity" and read about it. To give you a clue, the unavailability of source has not prevented 100,000 Windows viruses.

  16. Re:Looking good, too bad the press didn't understa on US DHS Testing FOSS Security · · Score: 4, Insightful
    Does this mean that more people will check the Open Source software for security flaws? Not necessarily. It completely depends on whether or not someone has an interest in the security of that particular bit of software.

    I submit that people who are only looking for security flaws don't have a motivation to develop a deep understanding of the software. People who are out to modify the software do. And thus there are not just more eyes, but better eyes with Free Software.

    There is a class of mathematically provable software languages, and you might be able to say with surety that programs in them are secure. For the languages we usually use, you can only say that you have tested them in the ways you know of. And only a person with access to the source can say that. If you want an independent asessment, Open Source software won't stop one from happening, and won't hinder what can be said with NDAs. That's why I think it's more secure.

    Bruce

  17. Looking good, too bad the press didn't understand on US DHS Testing FOSS Security · · Score: 5, Insightful
    The important point here is that proprietary software manufacturers aren't telling you how many security flaws they had. I bet it's more than 1 per 1000 lines, that is an incredibly excellent figure for the first time a scanner like coverity is run. I doubt proprietary work comes close.

    You can't ever say that proprietary software is secure, because there's no way to prove it. With Open Source, you can come a lot closer to proving that it is secure, because you can employ every security test that exists.

    The fact that a coverity scanner bug is reported doesn't mean it's an exploitable security flaw.

    Bruce

  18. Re:The real question... on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    The DRM terms of GPL3 are not a field-of-endeavor restriction as a "no military use" term would be, because the GPL3 terms don't restrict you from having DRM. They only restrict you from making the GPL3 software itself unmodifiable in situ or impairing its functionality if it's modified. There are lots of effective ways to have DRM while making it possible to modify the kernel.

    Bruce

  19. Re:Linux license could be changed easily on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    Either Linus did not have the right to remove the "and any later version" clause, in which case we can still act as if it's there, or he did have the right to remove it, in which case he can make other changes. You can't have it both ways.

    Bruce

  20. Re:The real question... on Torvalds Puts Support Behind GPL2 Linux · · Score: 1

    That vertical interval signal is proprietary, and encrypted. You can see the bits if you have a USRP, but you can't make sense of them.

  21. Re:The real question... on Torvalds Puts Support Behind GPL2 Linux · · Score: 1

    This is just the "I am not maximally Free as long as I do not have the right to keep slaves" argument. Which is probably stated better as "I am not Free as long as I can not be a soverign". But maximizing freedom means maximizing it for all people. Corporations, by the way, aren't people.

  22. Re:No Termination on Creative Commons License Flaws Claimed · · Score: 1

    Can you show cases where what you say actually happened?

  23. Re:Linux license could be changed easily on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    No, I'm not saying it will take either research or a significant amount of money. We know who the big players are. The minimum required for legal process service is that we find their corporation agent (easily available online), send a letter, and swear we did it.

    In other words, I could do this out of my pocket if I had to.

    Bruce

  24. Re:No Termination on Creative Commons License Flaws Claimed · · Score: 1

    Don't get misled by the word "publisher", we're not in the print era any longer. These days, a publisher is anyone who puts up a web page. A commercial publisher has an ad on the web page.

  25. Re:Linux license could be changed easily on Torvalds Puts Support Behind GPL2 Linux · · Score: 1
    I don't think so. There's a difference between code actively contributed to a large collaborative project and an independent work.

    Bruce