What I meant was that Huffman-encoded jpegs are readable by libjpg without the patch. Thus the patch and patent only cover encoding.
If decoding was not possible we would see *lots* of "broken gifs". Even if no commercial software used the patent to write files, the fact that you can recompile libjpg to use it would mean at least *some* software would write this way. I have never seen a jpg that cannot be decoded by normal unpatched libjpg.
No, in fact the Mac bug really was getting a new protocol handler installed. The "disk image" would contain a program that had as a resource an indicator that "I handle the foo: protocol". Just seeing this disk image would cause Mac to remember that "if I see foo:, run the program on the disk". Then the malicious page would send a foo: request and get the code on their disk image executed.
Being able to run an arbitrary thing by filename is such an obvious hole that they plugged that long ago. But this uses the protocol to get around it.
It's possible if the differences do not violate the GPL requirements. It sounds like it is trying to be more specific about some parts the GPL is vague about.
More likely, you are right, and GPL cannot be converted to this without permission from the patch author. Probably best to clearly state on the GPL version that the same software is also under the CeCILL license. Then contributed patches can be assummed to be provided for both licenses unless the contributor clearly says otherwise.
Probalby want "T * const data" so that the pointer is known to not change. Then maybe a compiler would be able to optimize this out to direct modification of the location. But I kind of doubt any compiler will manage to do that...
I doubt anybody would care if 8-year-old GPL code entered the public domain. So although it is more like #2, probably there is no reason for anything longer than the shortest period.
The big problem I forsee is not loopholes in the "3 laws" but bugs: The "cause no harm to humans" control, when accidentally multiplied by a negative weighting factor due to a software bug, suddenly causes the robot to try to kill as many people as it can!
Apparently there is an open-source compiler available. Not sure if it goes to an actual card or not. But if you have that, you can just as easily hack off the back end, change it to generate the code for your card, and release that. And if in fact that back end does not produce exactly what you need, it is not impossible to fix the front end (it would be impossible with the closed DirectX front-end).
So I think in the end this solution is superior, provided the card manufacturers use the open-source front end and contribute back any fixes to it. If they don't do that there may be problems, like you say.
In C++ I always use this rather than the set/get style, which is very similar and makes the "get" calls much more readable, and in some cases makes "set" nicer (in other cases it makes it not as nice). This has the same name conflicts as what you said for C#:
private:
int number_; public:
int number() const {return number_;}
int number(int v) {return number_ = v;}
I do have problems with your reasoning. Renaming by changing the case will break searches, unless you assumme the language is not case-sensitive, but if the language was not case-sensitive such renaming would not work! Underscore is pretty well established as indicating internal stuff.
Even if such renaming is considered a good idea, I would much prefer if it was reversed. I like to use capitalized names for classes, and this forces a member function to have a different name than the class, ie I have to make the method be "Rectangle ThisRectangle" rather than "Rectangle rectangle".
There is significant value added in turning those "raw materials" into a car. If the entire blueprints and engineering drawings for the car were dumped on your front yard, you might also arrest the perpetrator for littering. Excellent job of completely missing the point.
There certainly has been advancement, but saying "Bill Gates did it" makes you look like an idiot. There has been some common argument by Microsoft apologists that basically assummes that there would have been zero changes in computers without Microsoft, that without it we would be using 1980's computers unchanged. That is such a fallacious argument that it makes you look like a real idiot.
Now I suspect that without Bill Gates there would have been another monopolist that would have risen, and this new one would have popularized and pushed a similar, but not identical, set of computer developments, plus a similar set of both good and evil things. Both the claim that things would be worse without Bill Gates, or better without him, are equally fallacious.
You may have actually stumbled on an example where the "ui expert" makes things worse. Now it is no big deal, but some kind of "automatic less of the output of all programs" would probably make things FAR worse and harder to use than the default behavior. Here are reasons why the user would want the current behavior:
1. They are only interested in a side-effect of running the program.
2. The program prints a lot of crap the user is uninterested in, and the only interesting stuff is at the end.
3. The user has a graphics terminal with a scrollbar, or other more advanced method of scrolling back. Often a thing like "less" so mangles the output such that these more advanced interfaces are useless. Even if such bugs are avoided, it will require them to hit the spacebar many useless times before they get their desired result.
4. The program has bugs and fails to detect that it is piping to something other than a screen and disabling this, making the pipe unusable.
5. The program has bugs where even if it does turn off the "less" behaivor, it was never tested, and the no-less output is useless or wrong. With the "|less" design such bugs are far less likely.
6. It is a lot easier and clearer to add this behavior with "| less" than to remove it with some switch to the program.
This is about the fourth time I have heard the "BMP thing" being spouted by a Microsoft / closed-source apologist. Is there any documented evidence that this has been used in *any* virus/worm/hacks? And has there actually been more than one bug found (I suspect not, since trolls keep saying "bmp bug! bmp bug! bmp bug!") I don't think so.
Availability of the source code does not lead to exploits. Anybody with even a moderate amount of experience with software development would know this. If the exploit was evident by looking at the code, the code writer would probably fix it. Every single exploit is discovered by accident, put in a "bug report", and the code writer has to spend a huge amount of time figuring out exactly how his code, which looks just fine, is producing the unwanted behavior. The discovery of unwanted behavior is exactly equal in both open and closed source.
In fact the advantage of open source is not that it has fewer bugs, but that when such unwanted behavior is discovered by accident, a huge number of people will try to fix it. Even people who get it wrong will produce modified versions that are less likely to be attacked by a virus.
That's my understanding too. If you are American, you can re-release your changes under the GPL, and everything is fine. If you are French, you could re-release under the GPL, but then you are opening yourself up to some warranty problems that this fixes, so there is no reason to do so, instead you would reuse this license.
The license is a license to violate the copyright on the work and redistribute it. It does not affect use of the program. Since it is granting you additional abilities that you cannot assumme you already have, it is not a restriction. This is like complaining that the book you bought only allows you to xerox the odd-numbered pages, but you were not told that until you read the book, this is hardly a restriction as the assumption beforehand is that you cannot xerox *any* pages.
Or it's like complaining that you got a dollar inside a candy bar wrapper along with the candy and saying that they did not tell you that dollar existed before you bought it and that is somehow unfair. If getting the free dollar is against your religion or something, throw it away, and you are in exactly the same situation as before, they did not remove any rights from you.
That's just stupid. You seem to have realized that if the GPL is invalid, the code is just covered under normal copyright. But you seem to think that this then requires the author to sue anybody who used the code. That's just nonsense, the author can continue to act as though it is GPL and limit lawsuits to only those who violate the GPL, whether or not it is valid.
Now the fact that they *can* sue the code user is perhaps a problem and may mean that somebody relying on such code may want to negotiate a license. But donating code to a GPL project certainly implies that you consented to such use. Putting the GPL on your own code certainly implies that you consented to such use and may make a lawsuit incredibly difficult.
Hardly. Windows is providing a service. The fact that a program can delete any file by name does not mean a program that accepts an arbitrary name from a web site and deletes the file is not to blame for the error.
About the worst they can be accused of is that they provided an obvious text version of the service and thus tempted programmers to pass raw text unchanged that it got from untrusted sources. However this sort of security error exists in lots of software, on Linux as well as Windows (typical examples are in cross-site scripting).
If I understood it right, what you are describing is the Mac bug in Safari.
But on Windows I don't believe there is some way for the malicious site to "install" a program unless it actually runs some software. If they can get to that point they might as well do the malicious stuff right then rather than rely on this shell: step.
So I agree with the initial poster that this does not sound as dangerous. In fact the Mac bug was pretty much ignored even though it could run arbitrary programs, but could not pass arguments to them. It required some searching to find programs that would do nasty things without arguments.
The Mozilla page describes some of the nasty things that could be done with shell:, but they mostly amounted to crashing or rebooting your machine, I think.
This is not really accurate. The Mac had a unique exploit, in that something a url did would "register" a new protocol handler. The page could then send a request for that protocol and it could execute arbitrary code supplied by the page. The second step is equivalent to the shell exploit, but without the first part it is limited to executing code already installed on the system (not that this is good, but it does not seem as bad...)
On Windows I don't believe you can register a new protocol unless you actually execute a program. If there was a bug that allowed new protocols to be registered it would pretty much mean it is a bug that allowed arbitrary code to be executed, which would be a huge hole whether or not protocols could be registered.
People contributing bug fixes would be aware of the license terms of Qt. If they want their bug fix to be GPL-only then they should clearly state this (TrollTech may ignore the bug fix then).
I'm pretty certain if you sent a block of code to TrollTech in a letter that said "Can you please add this nice fix I made to your code" that in court that would be an acknoledgement that you are allowing TrollTech to copy your code and put it under it's license.
I agree. This is a big screw up by Mozilla. The fact that Windows provides you with calls (like write()) that can damage your system does not mean the bug is in Windows, which seems to be the excuse being presented by everyone here. It is Mozilla's job to call such potentially destructive things only if it thinks it is safe.
Damn right. This is a major screwup, and proof that in fact IE does it better than Mozilla should make them act a little more humble next time.
The fact is there are os calls that can write over any user-owned file. And Mozilla can call them (if it couldn't it would have some trouble downloading things or saving the bookmarks!) This does not mean that a hypothetical bug by which Mozilla can be told by a web page to overwrite a file is a bug in the OS because somehow those files should have been protected by the OS. The bug is in Mozilla, which knows exactly where the request came from and is the only program in a position to figure out if it is safe.
What I meant was that Huffman-encoded jpegs are readable by libjpg without the patch. Thus the patch and patent only cover encoding.
If decoding was not possible we would see *lots* of "broken gifs". Even if no commercial software used the patent to write files, the fact that you can recompile libjpg to use it would mean at least *some* software would write this way. I have never seen a jpg that cannot be decoded by normal unpatched libjpg.
No, in fact the Mac bug really was getting a new protocol handler installed. The "disk image" would contain a program that had as a resource an indicator that "I handle the foo: protocol". Just seeing this disk image would cause Mac to remember that "if I see foo:, run the program on the disk". Then the malicious page would send a foo: request and get the code on their disk image executed.
Being able to run an arbitrary thing by filename is such an obvious hole that they plugged that long ago. But this uses the protocol to get around it.
It's possible if the differences do not violate the GPL requirements. It sounds like it is trying to be more specific about some parts the GPL is vague about.
More likely, you are right, and GPL cannot be converted to this without permission from the patch author. Probably best to clearly state on the GPL version that the same software is also under the CeCILL license. Then contributed patches can be assummed to be provided for both licenses unless the contributor clearly says otherwise.
90% of the time I am running "ls" inside a terminal emulator with a (gasp!) scrollbar. I do not want it to stop each "page".
Probalby want "T * const data" so that the pointer is known to not change. Then maybe a compiler would be able to optimize this out to direct modification of the location. But I kind of doubt any compiler will manage to do that...
I doubt anybody would care if 8-year-old GPL code entered the public domain. So although it is more like #2, probably there is no reason for anything longer than the shortest period.
The big problem I forsee is not loopholes in the "3 laws" but bugs: The "cause no harm to humans" control, when accidentally multiplied by a negative weighting factor due to a software bug, suddenly causes the robot to try to kill as many people as it can!
That's a ridiculous scenario. Microsoft could negotiate a license for that particular patent, and refuse to support the hardware without it.
Apparently there is an open-source compiler available. Not sure if it goes to an actual card or not. But if you have that, you can just as easily hack off the back end, change it to generate the code for your card, and release that. And if in fact that back end does not produce exactly what you need, it is not impossible to fix the front end (it would be impossible with the closed DirectX front-end).
So I think in the end this solution is superior, provided the card manufacturers use the open-source front end and contribute back any fixes to it. If they don't do that there may be problems, like you say.
In C++ I always use this rather than the set/get style, which is very similar and makes the "get" calls much more readable, and in some cases makes "set" nicer (in other cases it makes it not as nice). This has the same name conflicts as what you said for C#:
private:
int number_;
public:
int number() const {return number_;}
int number(int v) {return number_ = v;}
I do have problems with your reasoning. Renaming by changing the case will break searches, unless you assumme the language is not case-sensitive, but if the language was not case-sensitive such renaming would not work! Underscore is pretty well established as indicating internal stuff.
Even if such renaming is considered a good idea, I would much prefer if it was reversed. I like to use capitalized names for classes, and this forces a member function to have a different name than the class, ie I have to make the method be "Rectangle ThisRectangle" rather than "Rectangle rectangle".
There is significant value added in turning those "raw materials" into a car. If the entire blueprints and engineering drawings for the car were dumped on your front yard, you might also arrest the perpetrator for littering. Excellent job of completely missing the point.
There certainly has been advancement, but saying "Bill Gates did it" makes you look like an idiot. There has been some common argument by Microsoft apologists that basically assummes that there would have been zero changes in computers without Microsoft, that without it we would be using 1980's computers unchanged. That is such a fallacious argument that it makes you look like a real idiot.
Now I suspect that without Bill Gates there would have been another monopolist that would have risen, and this new one would have popularized and pushed a similar, but not identical, set of computer developments, plus a similar set of both good and evil things. Both the claim that things would be worse without Bill Gates, or better without him, are equally fallacious.
You may have actually stumbled on an example where the "ui expert" makes things worse. Now it is no big deal, but some kind of "automatic less of the output of all programs" would probably make things FAR worse and harder to use than the default behavior. Here are reasons why the user would want the current behavior:
1. They are only interested in a side-effect of running the program.
2. The program prints a lot of crap the user is uninterested in, and the only interesting stuff is at the end.
3. The user has a graphics terminal with a scrollbar, or other more advanced method of scrolling back. Often a thing like "less" so mangles the output such that these more advanced interfaces are useless. Even if such bugs are avoided, it will require them to hit the spacebar many useless times before they get their desired result.
4. The program has bugs and fails to detect that it is piping to something other than a screen and disabling this, making the pipe unusable.
5. The program has bugs where even if it does turn off the "less" behaivor, it was never tested, and the no-less output is useless or wrong. With the "|less" design such bugs are far less likely.
6. It is a lot easier and clearer to add this behavior with "| less" than to remove it with some switch to the program.
The upper limit is inifinity if the start and end points are at the same elevation.
This is about the fourth time I have heard the "BMP thing" being spouted by a Microsoft / closed-source apologist. Is there any documented evidence that this has been used in *any* virus/worm/hacks? And has there actually been more than one bug found (I suspect not, since trolls keep saying "bmp bug! bmp bug! bmp bug!") I don't think so.
Availability of the source code does not lead to exploits. Anybody with even a moderate amount of experience with software development would know this. If the exploit was evident by looking at the code, the code writer would probably fix it. Every single exploit is discovered by accident, put in a "bug report", and the code writer has to spend a huge amount of time figuring out exactly how his code, which looks just fine, is producing the unwanted behavior. The discovery of unwanted behavior is exactly equal in both open and closed source.
In fact the advantage of open source is not that it has fewer bugs, but that when such unwanted behavior is discovered by accident, a huge number of people will try to fix it. Even people who get it wrong will produce modified versions that are less likely to be attacked by a virus.
That's my understanding too. If you are American, you can re-release your changes under the GPL, and everything is fine. If you are French, you could re-release under the GPL, but then you are opening yourself up to some warranty problems that this fixes, so there is no reason to do so, instead you would reuse this license.
The license is a license to violate the copyright on the work and redistribute it. It does not affect use of the program. Since it is granting you additional abilities that you cannot assumme you already have, it is not a restriction. This is like complaining that the book you bought only allows you to xerox the odd-numbered pages, but you were not told that until you read the book, this is hardly a restriction as the assumption beforehand is that you cannot xerox *any* pages.
Or it's like complaining that you got a dollar inside a candy bar wrapper along with the candy and saying that they did not tell you that dollar existed before you bought it and that is somehow unfair. If getting the free dollar is against your religion or something, throw it away, and you are in exactly the same situation as before, they did not remove any rights from you.
That's just stupid. You seem to have realized that if the GPL is invalid, the code is just covered under normal copyright. But you seem to think that this then requires the author to sue anybody who used the code. That's just nonsense, the author can continue to act as though it is GPL and limit lawsuits to only those who violate the GPL, whether or not it is valid.
Now the fact that they *can* sue the code user is perhaps a problem and may mean that somebody relying on such code may want to negotiate a license. But donating code to a GPL project certainly implies that you consented to such use. Putting the GPL on your own code certainly implies that you consented to such use and may make a lawsuit incredibly difficult.
Hardly. Windows is providing a service. The fact that a program can delete any file by name does not mean a program that accepts an arbitrary name from a web site and deletes the file is not to blame for the error.
About the worst they can be accused of is that they provided an obvious text version of the service and thus tempted programmers to pass raw text unchanged that it got from untrusted sources. However this sort of security error exists in lots of software, on Linux as well as Windows (typical examples are in cross-site scripting).
If I understood it right, what you are describing is the Mac bug in Safari.
But on Windows I don't believe there is some way for the malicious site to "install" a program unless it actually runs some software. If they can get to that point they might as well do the malicious stuff right then rather than rely on this shell: step.
So I agree with the initial poster that this does not sound as dangerous. In fact the Mac bug was pretty much ignored even though it could run arbitrary programs, but could not pass arguments to them. It required some searching to find programs that would do nasty things without arguments.
The Mozilla page describes some of the nasty things that could be done with shell:, but they mostly amounted to crashing or rebooting your machine, I think.
This is not really accurate. The Mac had a unique exploit, in that something a url did would "register" a new protocol handler. The page could then send a request for that protocol and it could execute arbitrary code supplied by the page. The second step is equivalent to the shell exploit, but without the first part it is limited to executing code already installed on the system (not that this is good, but it does not seem as bad...)
On Windows I don't believe you can register a new protocol unless you actually execute a program. If there was a bug that allowed new protocols to be registered it would pretty much mean it is a bug that allowed arbitrary code to be executed, which would be a huge hole whether or not protocols could be registered.
People contributing bug fixes would be aware of the license terms of Qt. If they want their bug fix to be GPL-only then they should clearly state this (TrollTech may ignore the bug fix then).
I'm pretty certain if you sent a block of code to TrollTech in a letter that said "Can you please add this nice fix I made to your code" that in court that would be an acknoledgement that you are allowing TrollTech to copy your code and put it under it's license.
I agree. This is a big screw up by Mozilla. The fact that Windows provides you with calls (like write()) that can damage your system does not mean the bug is in Windows, which seems to be the excuse being presented by everyone here. It is Mozilla's job to call such potentially destructive things only if it thinks it is safe.
Damn right. This is a major screwup, and proof that in fact IE does it better than Mozilla should make them act a little more humble next time.
The fact is there are os calls that can write over any user-owned file. And Mozilla can call them (if it couldn't it would have some trouble downloading things or saving the bookmarks!) This does not mean that a hypothetical bug by which Mozilla can be told by a web page to overwrite a file is a bug in the OS because somehow those files should have been protected by the OS. The bug is in Mozilla, which knows exactly where the request came from and is the only program in a position to figure out if it is safe.
Are you sure? I thought this was entirely an encoding option, that the same code was used to decode both types of files.