To be really specific about the problem, it is technological circumventions of the license. One of the goals of the license is that the software be modifiable by the end user. DRM is a technological circumvention of that license provision. As the copyright holder, I should indeed oppose such circumventions.
Yes. But if you used the photo not just as a prototype for sale but to promote your own services or products, that would be different. So, if the photographs became, for example, header or background material for your web site promoting your photos for sale, there might be a valid claim.
I have good legal advice that the license change is entirely possible in the way I have outlined. So, with all due respect I have to reject your assertion. By the way, it is not a "criminal copyright violation", copyright is civil law, not criminal law.
Regarding the preludes, you can't really make a distinction between the text that includes "or any later version" and the rest of the license, the license is included into that that text by reference.
A mathematically provable software language will only prove that the software meets a certain specification.
I haven't tried this, and indeed there isn't much real work going on in provable software languages these days. But I think that it would be possible to set theoretical constraints on a program such that it serves data and does not allow it to be modified. There might be a good Ph.D. paper in it for someone.
I don't want to wake up a year later and discover that for some reason I missed a notification and that the default was to relicense my code to something else.
If you are a Linux kernel developer, this has already happened to you. Linus has changed critical license details not once but twice.
The vast majority of software engineers have no idea what they're doing when it comes to detecting, fixing and avoiding security issues.
As an aggregate they know enough that they produce the vast majority of security bug reports. Only a tiny minority of those reports come from "experts" performing security reviews. If we have to rely on experts, we're not going to have much security anywhere.
Theo, unfortunately, has contempt for the programming abilities of most people. It is a valid point, however, that most C programmers can learn more than they know now about how to write secure software.
Yes, it is optional to use the "and any later" language. But once it is used, I consider that it is a critical portion of the license. Yet, Linus removed it without the consent of 100% of the copyright holders. Either he did not have the right to do that, and we can consider that it's still there, or he did have the right to do it, in which case he can make other changes.
Even those who historically have critized "security through obscurity" never suggested that publishing their design or secrets would lead to better security
You're wrong about that. For example, NIST, a US government standards agency, is calling for proposals for a new cryptographic algorithm for government use. Their specification requires that it be publicly disclosed (and royalty free, too). This is so that they don't pick a weak algorithm. They want any known or theoretical problems to be pointed out to them. Most certainly NSA participates in building that sort of specification.
Here's a good story about examining how locks work, that shows the value of "disclosed source".
Anyone can buy a re-key kit for Schlage locks at the Home Depot. Upon opening the cylinder of the lock with that kit, you will discover that (this is approximate, I don't have the lock in front of me) there are 5 pins, and 5 possible levels per pin, and that the minimum number of possible key patterns might thus be 5 ^ 5 or 3125. Which is enough that nobody's carrying all of the possible keys around and will have time to go through them at my front door.
The re-key kit comes with a set of two identical new keys that do not use the same pin length twice, and thus its number of possible patterns might be 5 * 4 * 3 * 2 * 1 or only 120. Uh-oh! Better not base the keys for my house on the master from the re-key kit! And shame on them for not saying this on the box.
See the benefit of being able to examine how they work?
FYI, yes I know about lock-picking, there's an alarm too.Bruce
My door is locked, but the mechanism of the lock is easily available in the hardware store for others to scrutinize. And so it should be. This is a different sort of information than the pattern of the key.
Actually, I read that as "We won't tell you how many bugs there are, our customers would not like it". They could well be inflating the reliability of proprietary software for their customers sake.
Gee, maybe we should patent it. Oops, too late:-)
Well, it wasn't in the news from CES. Maybe TVGOS is beholden to manufacturers who want to sell more new hardware.
According to McAfee recently (http://yro.slashdot.org/article.pl?sid=08/01/05/0215201) and Microsoft et al, having your code exposed lets the bad guys exploit it's vulnerabilities
Yes they said that, but you don't really believe it, do you? If so, just look up "security by obscurity" and read about it. To give you a clue, the unavailability of source has not prevented 100,000 Windows viruses.
Does this mean that more people will check the Open Source software for security flaws? Not necessarily. It completely depends on whether or not someone has an interest in the security of that particular bit of software.
I submit that people who are only looking for security flaws don't have a motivation to develop a deep understanding of the software. People who are out to modify the software do. And thus there are not just more eyes, but better eyes with Free Software.
There is a class of mathematically provable software languages, and you might be able to say with surety that programs in them are secure. For the languages we usually use, you can only say that you have tested them in the ways you know of. And only a person with access to the source can say that. If you want an independent asessment, Open Source software won't stop one from happening, and won't hinder what can be said with NDAs. That's why I think it's more secure.
The important point here is that proprietary software manufacturers aren't
telling you how many security flaws they had. I bet it's more than
1 per 1000 lines, that is an incredibly excellent figure for the first time
a scanner like coverity is run. I doubt proprietary work comes close.
You can't ever say that proprietary software
is secure, because there's no way to prove it. With Open Source, you can come a lot closer to proving that it is secure, because you can employ every security test that exists.
The fact that a coverity scanner bug is reported doesn't mean it's an
exploitable security flaw.
The DRM terms of GPL3 are not a field-of-endeavor restriction as a "no military use" term would be, because the GPL3 terms don't restrict you from having DRM. They only restrict you from making the GPL3 software itself unmodifiable in situ or impairing its functionality if it's modified. There are lots of effective ways to have DRM while making it possible to modify the kernel.
Either Linus did not have the right to remove the "and any later version" clause, in which case we can still act as if it's there, or he did have the right to remove it, in which case he can make other changes. You can't have it both ways.
This is just the "I am not maximally Free as long as I do not have the right to keep slaves" argument. Which is probably stated better as "I am not Free as long as I can not be a soverign". But maximizing freedom means maximizing it for all people. Corporations, by the way, aren't people.
No, I'm not saying it will take either research or a significant amount of money. We know who the big players are. The minimum required for legal process service is that we find their corporation agent (easily available online), send a letter, and swear we did it.
In other words, I could do this out of my pocket if I had to.
Don't get misled by the word "publisher", we're not in the print era any longer. These days, a publisher is anyone who puts up a web page. A commercial publisher has an ad on the web page.
To be really specific about the problem, it is technological circumventions of the license. One of the goals of the license is that the software be modifiable by the end user. DRM is a technological circumvention of that license provision. As the copyright holder, I should indeed oppose such circumventions.
Yes. But if you used the photo not just as a prototype for sale but to promote your own services or products, that would be different. So, if the photographs became, for example, header or background material for your web site promoting your photos for sale, there might be a valid claim.
Regarding the preludes, you can't really make a distinction between the text that includes "or any later version" and the rest of the license, the license is included into that that text by reference.
Bruce
I haven't tried this, and indeed there isn't much real work going on in provable software languages these days. But I think that it would be possible to set theoretical constraints on a program such that it serves data and does not allow it to be modified. There might be a good Ph.D. paper in it for someone.
If you are a Linux kernel developer, this has already happened to you. Linus has changed critical license details not once but twice.
As an aggregate they know enough that they produce the vast majority of security bug reports. Only a tiny minority of those reports come from "experts" performing security reviews. If we have to rely on experts, we're not going to have much security anywhere.
Theo, unfortunately, has contempt for the programming abilities of most people. It is a valid point, however, that most C programmers can learn more than they know now about how to write secure software.
Yes, it is optional to use the "and any later" language. But once it is used, I consider that it is a critical portion of the license. Yet, Linus removed it without the consent of 100% of the copyright holders. Either he did not have the right to do that, and we can consider that it's still there, or he did have the right to do it, in which case he can make other changes.
Bruce
You're wrong about that. For example, NIST, a US government standards agency, is calling for proposals for a new cryptographic algorithm for government use. Their specification requires that it be publicly disclosed (and royalty free, too). This is so that they don't pick a weak algorithm. They want any known or theoretical problems to be pointed out to them. Most certainly NSA participates in building that sort of specification.
Bruce
It doesn't have to make DRM easy, just possible.
Anyone can buy a re-key kit for Schlage locks at the Home Depot. Upon opening the cylinder of the lock with that kit, you will discover that (this is approximate, I don't have the lock in front of me) there are 5 pins, and 5 possible levels per pin, and that the minimum number of possible key patterns might thus be 5 ^ 5 or 3125. Which is enough that nobody's carrying all of the possible keys around and will have time to go through them at my front door.
The re-key kit comes with a set of two identical new keys that do not use the same pin length twice, and thus its number of possible patterns might be 5 * 4 * 3 * 2 * 1 or only 120. Uh-oh! Better not base the keys for my house on the master from the re-key kit! And shame on them for not saying this on the box.
See the benefit of being able to examine how they work?
FYI, yes I know about lock-picking, there's an alarm too.Bruce
Bruce
Actually, I read that as "We won't tell you how many bugs there are, our customers would not like it". They could well be inflating the reliability of proprietary software for their customers sake.
Bruce
Yes they said that, but you don't really believe it, do you? If so, just look up "security by obscurity" and read about it. To give you a clue, the unavailability of source has not prevented 100,000 Windows viruses.
I submit that people who are only looking for security flaws don't have a motivation to develop a deep understanding of the software. People who are out to modify the software do. And thus there are not just more eyes, but better eyes with Free Software.
There is a class of mathematically provable software languages, and you might be able to say with surety that programs in them are secure. For the languages we usually use, you can only say that you have tested them in the ways you know of. And only a person with access to the source can say that. If you want an independent asessment, Open Source software won't stop one from happening, and won't hinder what can be said with NDAs. That's why I think it's more secure.
Bruce
You can't ever say that proprietary software is secure, because there's no way to prove it. With Open Source, you can come a lot closer to proving that it is secure, because you can employ every security test that exists.
The fact that a coverity scanner bug is reported doesn't mean it's an exploitable security flaw.
Bruce
Bruce
Bruce
That vertical interval signal is proprietary, and encrypted. You can see the bits if you have a USRP, but you can't make sense of them.
This is just the "I am not maximally Free as long as I do not have the right to keep slaves" argument. Which is probably stated better as "I am not Free as long as I can not be a soverign". But maximizing freedom means maximizing it for all people. Corporations, by the way, aren't people.
Can you show cases where what you say actually happened?
In other words, I could do this out of my pocket if I had to.
Bruce
Don't get misled by the word "publisher", we're not in the print era any longer. These days, a publisher is anyone who puts up a web page. A commercial publisher has an ad on the web page.
Bruce