You can bet your ass that the governments will have to prove primarily intended for those crimes.
You have much more faith in the term "primarily" than I do. I didn't miss it. I simply don't think it will do much good.
The problem is that "primarily" is subjective. Whether something was designed with a particular use in mind is hard to quantify (and beside the point since technology is full of examples where a tool is used in very important and different ways than it was intended). You will be leaving this interpretation up to the minds of law enforcement and prosecutors who have an obvious bias for prosecution.
A couple years ago, I worked with an ex-FBI agent who had been involved in the investigation of PGP creator Phil Zimmerman. She expressed disappointment that the US Govt hadn't prosecuted. Her team's investigation showed that they had him. She was rather suprised by the concept that maybe prosecuting him wasn't a good idea. She hadn't thought about the good uses of PGP. It was a very interesting conversation.
Consider DeCCS. It is often classified as a tool for copying DVDs. Yet it is a key piece of every DVD player I have on my Linux desktop and laptop. But let's avoid the whole Copyright maelstrom and get back to security. How about nmap? An excellent tool that I use at my job on a weekly if not daily basis. Furthermore, it is a key component of various other tools such as Nessus. Yet I have heard occasional InfoSec professionals and law enforcement agents refer to it as a "hacking tool." Who's concept of nmap's primary purpose is accurate? Or more imporantly... will be upheld by a court of law?
I read that to be if you're authorized, the tools are legal.
Read the proposed law again:
a. the production, sale, procurement for use, import, distribution or otherwise making available of:
1. a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 - 5;
There is absolutely no mention of authorization. In fact, there is no mention of actually commiting any of the involved crimes. All you have to do create, procure, or otherwise traffic in an application that can be used for any included computer crime.
Many places have no gun rules/laws around schools, it is a criminal offence to bring a gun to a school. However properly authorized officials such as police are permitted to bring guns to schools.
Note that in your example, guns themselves are not illegal. Bringing them to a school without authorization is. If the same rational of this law was applied to your example, guns would be illegal. After all, most guns are portable and clearly designed for carrying around to different locations such as schools.
You make it sound like no one ever uses their own corporate mail servers?... While this may actually induce something to happen, I still feel the cost on the innocents is just too high.
If I were a company who rented IP space from Telefonica De Espana, I'd be upset. They should be able to police their own network. I would have to consider taking my business elsewhere. Or, failing that, seek compensation for the increase in expense of hosting my company email server elsewhere.
The key here is generating a cost to ISPs who harbor spammers. After all, a spammer's fee is certainly incentive to sign them on. Without a counter incentive, we will quickly find ourselves in a classic tragedy of the commons situation.
A final point - email and the Internet in general is a powerfull, valuable resource that exists because various entities work together. When one (or more) entities threaten the workings of that resource, it should be of no suprise that others will decide to no longer work with them.
Those are four nicely defined crimes that should be criminal. That's not quite all of hacking...
Alright. The history of "hacking" aside, we're still looking at criminalizing a range of tools that have multiple purposes.
Each and every computer crime listed is dependent on whether such activities are authorized by the owner of said network. This is not taken in account by the law that effectively outlaws an entire class of important tools. Tools that are used every day with authorization as often as they are used without authorization.
The difference here is the act itself. I can support making certain acts illegal. But I question whether also making these tools illegal is appropriate.
Keep in mind that google-watch is ran by an individual with an axe to grind. Which doesn't mean that serious issues can't be raised by someone so motivated. But it does cast some doubt on his assertions when there seems to be a fair amount of reaching to get them.
He said SCO should focus on IP licensing and enforcement, which is what companies who own valuable IP do. As you pointed out, VA Linux says the EXACT SAME THING!
You might want to note that VA Software (they changed their name when they dropped out of the Linux-on-servers hardware market) sells products. Now, SCO does too. However, also note that Baystar's spokesperson expressed a desire to see SCO's only product, their Unix offerings, dropped. Also note:
McGrath indicated to NewsForge that BayStar's main interest in SCO Group is its $5 billion IP lawsuit case against IBM, which it filed March 6, 2003.
Perhapse you'd like to point to VA Software's pending lawsuits?
This is Slashdot, where's become the norm to have ridiculous mindsets and baseless opinions, rather than the simple tech news site it used to be before VA Linux got a hold of it...
Ahhh. This is why you won't grasp the concept that "VA Linux" is now VA Software. Because with Linux in the name, it is far easier to imply a financially-induced bias. Then it's easier to dismiss any other criticisms expressed in this forum as "rediculous" and "mindless". Nevermind that Slashdot has always expressed certain critisms well before VA Linux entered the scene.
Has Microsoft ever done ANYTHING that/. has approved of?
You don't suppose that the things Microsoft does that might gain approval amoung Slashdot readers are greatly overshadowed by Microsoft's other distasteful actions? And I suppose it would be out of the question to even consider that this track record might be Microsoft's own fault.
Wow. What a scoop. Could you point to the filings of Slashdot's (or VA Software - I know you keep missing the fact that they changed their name) lawsuits? The letters they sent out requesting licensing fees for software of which they have a murky claim of ownership? The public statements claiming that a particular form of software licensing is unconstitutional and destructive to the entire industry?
Or are you simply trying to point out that both Slashdot's parent company and SCO are businesses? If that's your point, you might be kind of right. Yes. They're both businesses. They both make use of the same laws and legal devices.
But SCO and VA Software behave very differently. They are not, even remotely, doing the same thing.
The way I read it... it wasn't that the site didn't work. It's that they spent money for something new and the manager in question wasn't seeing any newness.
Their biggest investor is saying (in the Cnet article) "your products are crap, just stick to suing people". This is good news for SCO?
It is if your income is derived from investors. Assuming that the investors think you can make money doing it. Keep in mind that SCO was already losing ground as a tech company.
Not that I think its a good thing. But then, my business is technology. Not business itself.
What I'm wondering is if the Linux coders feel like real schmoes right about now because lots and lots of companies and people are making fortunes off of their work, and all they get is maybe one line in a hidden readme file that nobody will read?
Just think of all the schmoes who got paid cut-rate wages to produce software for companies who then turn around and make fortunes off of their work. And they don't even have code to show for it. But hey - they knew that was the trade-off when they went in, right?
Really my main beef with linux is how hard it is to set the thing up when you haven't gone through the process in the last six months. I generally forget what the config file is named that I'm interested in, or where it happens to be located. Frankly, any setting that most users will have to change at some point in their life should be easily accessible through the GUI menu system.
A GUI isn't a silver bullet.
I spend most of my time with various *nix systems (Solaris and Linux mainly). But when I have to do something with a Win2K or WinNT box, I find myself having to re-remember where to find things. Sometimes it takes a fair amount of clicking around to get to what I need.
Having found the right configuration screen, I then have to make my selections. Most of the time I already know what I'm after. But there's also a slew of mystery boxes to click on - with little explanation as to why I would or would not want to make that selection.
This is one area where the text configuration file works out nicely. I've noticed an increase in documentation embedded within the default config. file in my Linux systems. The config files often include a basic description of the option and suggestions as to how to use it. Default configurations are enabled. Optional configurations are disabled (commented out).
That's not to say the text file is The Way. But I would caution that the GUI config utility is not necissarily superior. I suspect it's more of a question of how both are designed and what one is familiar with.
One side note - it may be worth stressing that even though Microsoft is GUI-centric, they still rely on text configurations. Enter the registry hack. And those tend to be far more cryptic than the average *nix config file.
Still, Firefox's Googlebar doesn't implement any of the features that require info to be sent to Google. If it did, it would have the same privacy issues as IE's Googlebar.
True. But then, as you point out, you kill the associated features by disabling that communication in Google's toolbar. Otherwise, many (if not all) of the other features are available via googlebar. You don't need the Google toolbar and IE.
...the reality of logging is that every server does it! Slashdot is logging us right now - via apache. We're logged / monitored throughout life, and there is ultimatly little we can do about it.
It is all a matter of scope. Google tracking your searches or Slashdot tracking your article interest is one thing. Amazon (or Doubleclick) tracking all your browsing is entirely different.
The US military has a concept called "Essential Elements of Friendly Information" (EEFIs). EEFIs are pieces of information that themselves are not classified but when correlated, they can expose classified information. For example, orders for a unit to deploy to the (ficticious) Middle East nation of Examplestan could be classified. These orders could be exposed by observing increased activity and extended hours for deployment units, an increase in purchase of hot weather gear (shorts, tshirts, sandles, etc) by military personnel at local stores, and CNN reporting recent unrest in Examplestan.
Sure - we go through life being tracked. Some more than others. But one of the limitations to the effectiveness of this tracking is the ability to correlate all this tracked information. The more access an entity has to data, the more it can leverage it to gain insight in suprising detail.
With Windows, when someone points out a possible Achilles' heel, people exploit it (with viruses, etc). Is it good to point out potential problems? Yes if 1) They can be fixed or 2) They aren't problems. It will make the beast stronger. However, if the issue, in this case code contribution, which is THE blood of OSS, is actually a problem and can't be fixed, then this whole OSS thing might take a deathblow. If that is the case, I'd rather people not focus on it.
Sure. And there is never anyone researching and exploiting system vulnerabilities until the infosec elves leave a report on the IT industry's doorstep. Then all hell breaks loose. Likewise, Linux's competitors and business oportunists won't seek out methods to derail or profiteer from Linux's increasing popularity. Until the news elves write a story.
It is probably for the best if we shoot the messangers and stick our heads back in the sand.
The "draconian and evil" parts of EULAs tend to be the bits that attempt to remove one's rights. Compare this to the GPL which leaves all rights intact and, in fact, provides you with additional rights as long as you adhere to certain obligations.
The difference is that EULAs tend to remove rights no matter what. The GPL leaves your rights intact even if you don't feel like adhering to the obligations required to expand those rights. And again, the EULA must be agreed to before you even touch the software. The GPL can be ignored as long as you do not distribute the software or derivitives thereof.
I may be wrong, but it seems to me that even if the GPL gets struck down somehow, that would likely mean that everything draconian and evil about EULAs would get struck down too. Although I suppose there is a difference, namely that the GPL is really granting you the right to copy stuff, where EULAs are generally removing stuff.
You're being far to quick to dismiss a major point here. The "draconian and evil" parts of EULAs tend to be the bits that attempt to remove one's rights. Compare this to the GPL which leaves all rights intact and, in fact, provides you with additional rights as long as you adhere to certain obligations.
Furthermore, the GPL is not an EULA. Even if some Windows install scripts / apps treat it as one. Take a look at the GPL again - it only comes in to play once you begin to distribute GPL code or derivitives (to include binaries). Compare this to the average EULA which requires agreement before you even get to use the application in question.
Striking down the GPL would have little to do with EULAs specifically. But it could wreck havok with licensing in general. Compared to that, a EULA is minor.
Please remind me, what major benefit does it bring us (the Linux community) if there are big companies involved with Linux?
Today I came home from work and relaxed with a bit of Neverwinter Nights and Enemy Territory. Sometimes I'll play Unreal Tournament 2004 but I cut my goofing-off short. I connected to my work's employee VPN server, downloaded some documents I've been working on, and began hashing out some work that's been sneaking up on me this week. Did some system configuration at work. Uploaded my modifications. Called it a night.
This all from my Linux-only home workstation.
I would not have been able to do all this if there wasn't corporate interest in Linux.
One of the key problems that "desktop Linux" seems to be facing is that it's hard to make money as a distro maker. Unless you build your distro to be tied to your mothership for patches, what other models are there?
Oddly enough, you seem to be describing the exact same methods and challenges facing proprietary software. Let's compare....
- Pay-per-seat? No way, the GPL lets you get undercut by "Free" if you do that.
Some elements of proprietary software certainly uses "per-seat" licensing. Niche software producers will certainly see per-seat licensing as its main income. However, those who sell OS' tend to play fast and loose with the value of a seat. Microsoft sells boxes - but the big deals are Enterprise and OEM licenses. Apple sells upgrades but OSX is really more about pushing their hardware. And, of course, companies like IBM and Sun use their OS as a hook to sell hardware.
The per-seat license is certainly common enough in proprietary software. But when it comes to a desktop OS, it isn't the money-maker it might appear to be.
- Pay-for-support? Double edged sword. Means your user interface has to suck, otherwise they'll keep using it without the needing to pay for the contract.
I'm amazed that you discount this so quickly. Every piece of hardware and software I've ever deployed in an enterprise involves support. In some cases, we accept a greater level of support ourselves. However, even as we pick out the most promising technology, anything with a commercial backer has some kind of support attached to the purchase order. Even when it's easy to use.
Microsoft does a fairly brisk business in support contracts. And, of course, the basis of IBM's Linux interest is that they make their money pushing hardware and, to a major extent, selling service.
Another point that you discounted early was the "tied to your mothership for patches" model. That is another support model. Enter RedHat. They aren't selling software, they're selling support. You can get all their software without a fee. However, you will either have to find your own sources for RPM updates or build your own.
- Selling-add-ons? That's a risky play, not likely to cash-in.
Yes, this is a risky model. But it is also very common with proprietary software. There are plenty of products that offer a base at a very reasonable rate, or even without a fee, and additional functionality that can be purchased through modules, other products, etc.
Sure - your overall message is spot on. But it can be applied to any business in the IT industry. It is not all that unique to Linux vendors.
Linux fanatics? Lindows? You don't pay much attention to the group you like tweaking, do you?
You have much more faith in the term "primarily" than I do. I didn't miss it. I simply don't think it will do much good.
The problem is that "primarily" is subjective. Whether something was designed with a particular use in mind is hard to quantify (and beside the point since technology is full of examples where a tool is used in very important and different ways than it was intended). You will be leaving this interpretation up to the minds of law enforcement and prosecutors who have an obvious bias for prosecution.
A couple years ago, I worked with an ex-FBI agent who had been involved in the investigation of PGP creator Phil Zimmerman. She expressed disappointment that the US Govt hadn't prosecuted. Her team's investigation showed that they had him. She was rather suprised by the concept that maybe prosecuting him wasn't a good idea. She hadn't thought about the good uses of PGP. It was a very interesting conversation.
Consider DeCCS. It is often classified as a tool for copying DVDs. Yet it is a key piece of every DVD player I have on my Linux desktop and laptop. But let's avoid the whole Copyright maelstrom and get back to security. How about nmap? An excellent tool that I use at my job on a weekly if not daily basis. Furthermore, it is a key component of various other tools such as Nessus. Yet I have heard occasional InfoSec professionals and law enforcement agents refer to it as a "hacking tool." Who's concept of nmap's primary purpose is accurate? Or more imporantly... will be upheld by a court of law?
Read the proposed law again:
There is absolutely no mention of authorization. In fact, there is no mention of actually commiting any of the involved crimes. All you have to do create, procure, or otherwise traffic in an application that can be used for any included computer crime.
Note that in your example, guns themselves are not illegal. Bringing them to a school without authorization is. If the same rational of this law was applied to your example, guns would be illegal. After all, most guns are portable and clearly designed for carrying around to different locations such as schools.
If I were a company who rented IP space from Telefonica De Espana, I'd be upset. They should be able to police their own network. I would have to consider taking my business elsewhere. Or, failing that, seek compensation for the increase in expense of hosting my company email server elsewhere.
The key here is generating a cost to ISPs who harbor spammers. After all, a spammer's fee is certainly incentive to sign them on. Without a counter incentive, we will quickly find ourselves in a classic tragedy of the commons situation.
A final point - email and the Internet in general is a powerfull, valuable resource that exists because various entities work together. When one (or more) entities threaten the workings of that resource, it should be of no suprise that others will decide to no longer work with them.
Actually - EV1 has a history of hosting spammers. Well before their SCO involvement.
Alright. The history of "hacking" aside, we're still looking at criminalizing a range of tools that have multiple purposes.
Each and every computer crime listed is dependent on whether such activities are authorized by the owner of said network. This is not taken in account by the law that effectively outlaws an entire class of important tools. Tools that are used every day with authorization as often as they are used without authorization.
The difference here is the act itself. I can support making certain acts illegal. But I question whether also making these tools illegal is appropriate.
1) Google has an effective advertisement system
2) My last two employers bought Google boxes for their intranet
Keep in mind that google-watch is ran by an individual with an axe to grind. Which doesn't mean that serious issues can't be raised by someone so motivated. But it does cast some doubt on his assertions when there seems to be a fair amount of reaching to get them.
You might want to note that VA Software (they changed their name when they dropped out of the Linux-on-servers hardware market) sells products. Now, SCO does too. However, also note that Baystar's spokesperson expressed a desire to see SCO's only product, their Unix offerings, dropped. Also note:
Perhapse you'd like to point to VA Software's pending lawsuits?
Ahhh. This is why you won't grasp the concept that "VA Linux" is now VA Software. Because with Linux in the name, it is far easier to imply a financially-induced bias. Then it's easier to dismiss any other criticisms expressed in this forum as "rediculous" and "mindless". Nevermind that Slashdot has always expressed certain critisms well before VA Linux entered the scene.
You don't suppose that the things Microsoft does that might gain approval amoung Slashdot readers are greatly overshadowed by Microsoft's other distasteful actions? And I suppose it would be out of the question to even consider that this track record might be Microsoft's own fault.
Wow. What a scoop. Could you point to the filings of Slashdot's (or VA Software - I know you keep missing the fact that they changed their name) lawsuits? The letters they sent out requesting licensing fees for software of which they have a murky claim of ownership? The public statements claiming that a particular form of software licensing is unconstitutional and destructive to the entire industry?
Or are you simply trying to point out that both Slashdot's parent company and SCO are businesses? If that's your point, you might be kind of right. Yes. They're both businesses. They both make use of the same laws and legal devices.
But SCO and VA Software behave very differently. They are not, even remotely, doing the same thing.
The way I read it... it wasn't that the site didn't work. It's that they spent money for something new and the manager in question wasn't seeing any newness.
$260?! Hell. You order a soda and get a free robot with it.
It is if your income is derived from investors. Assuming that the investors think you can make money doing it. Keep in mind that SCO was already losing ground as a tech company.
Not that I think its a good thing. But then, my business is technology. Not business itself.
Just think of all the schmoes who got paid cut-rate wages to produce software for companies who then turn around and make fortunes off of their work. And they don't even have code to show for it. But hey - they knew that was the trade-off when they went in, right?
I tend to run Debian unstable and get my ALSA modules from official sources. However, it looks like even stable has official ALSA binaries available.
A GUI isn't a silver bullet.
I spend most of my time with various *nix systems (Solaris and Linux mainly). But when I have to do something with a Win2K or WinNT box, I find myself having to re-remember where to find things. Sometimes it takes a fair amount of clicking around to get to what I need.
Having found the right configuration screen, I then have to make my selections. Most of the time I already know what I'm after. But there's also a slew of mystery boxes to click on - with little explanation as to why I would or would not want to make that selection.
This is one area where the text configuration file works out nicely. I've noticed an increase in documentation embedded within the default config. file in my Linux systems. The config files often include a basic description of the option and suggestions as to how to use it. Default configurations are enabled. Optional configurations are disabled (commented out).
That's not to say the text file is The Way. But I would caution that the GUI config utility is not necissarily superior. I suspect it's more of a question of how both are designed and what one is familiar with.
One side note - it may be worth stressing that even though Microsoft is GUI-centric, they still rely on text configurations. Enter the registry hack. And those tend to be far more cryptic than the average *nix config file.
True. But then, as you point out, you kill the associated features by disabling that communication in Google's toolbar. Otherwise, many (if not all) of the other features are available via googlebar. You don't need the Google toolbar and IE.
He's probably referring to Googlebar.
It is all a matter of scope. Google tracking your searches or Slashdot tracking your article interest is one thing. Amazon (or Doubleclick) tracking all your browsing is entirely different.
The US military has a concept called "Essential Elements of Friendly Information" (EEFIs). EEFIs are pieces of information that themselves are not classified but when correlated, they can expose classified information. For example, orders for a unit to deploy to the (ficticious) Middle East nation of Examplestan could be classified. These orders could be exposed by observing increased activity and extended hours for deployment units, an increase in purchase of hot weather gear (shorts, tshirts, sandles, etc) by military personnel at local stores, and CNN reporting recent unrest in Examplestan.
Sure - we go through life being tracked. Some more than others. But one of the limitations to the effectiveness of this tracking is the ability to correlate all this tracked information. The more access an entity has to data, the more it can leverage it to gain insight in suprising detail.
Sure. And there is never anyone researching and exploiting system vulnerabilities until the infosec elves leave a report on the IT industry's doorstep. Then all hell breaks loose. Likewise, Linux's competitors and business oportunists won't seek out methods to derail or profiteer from Linux's increasing popularity. Until the news elves write a story.
It is probably for the best if we shoot the messangers and stick our heads back in the sand.
Go back over what I said:
The difference is that EULAs tend to remove rights no matter what. The GPL leaves your rights intact even if you don't feel like adhering to the obligations required to expand those rights. And again, the EULA must be agreed to before you even touch the software. The GPL can be ignored as long as you do not distribute the software or derivitives thereof.
You're being far to quick to dismiss a major point here. The "draconian and evil" parts of EULAs tend to be the bits that attempt to remove one's rights. Compare this to the GPL which leaves all rights intact and, in fact, provides you with additional rights as long as you adhere to certain obligations.
Furthermore, the GPL is not an EULA. Even if some Windows install scripts / apps treat it as one. Take a look at the GPL again - it only comes in to play once you begin to distribute GPL code or derivitives (to include binaries). Compare this to the average EULA which requires agreement before you even get to use the application in question.
Striking down the GPL would have little to do with EULAs specifically. But it could wreck havok with licensing in general. Compared to that, a EULA is minor.
Today I came home from work and relaxed with a bit of Neverwinter Nights and Enemy Territory. Sometimes I'll play Unreal Tournament 2004 but I cut my goofing-off short. I connected to my work's employee VPN server, downloaded some documents I've been working on, and began hashing out some work that's been sneaking up on me this week. Did some system configuration at work. Uploaded my modifications. Called it a night.
This all from my Linux-only home workstation.
I would not have been able to do all this if there wasn't corporate interest in Linux.
Oddly enough, you seem to be describing the exact same methods and challenges facing proprietary software. Let's compare....
Some elements of proprietary software certainly uses "per-seat" licensing. Niche software producers will certainly see per-seat licensing as its main income. However, those who sell OS' tend to play fast and loose with the value of a seat. Microsoft sells boxes - but the big deals are Enterprise and OEM licenses. Apple sells upgrades but OSX is really more about pushing their hardware. And, of course, companies like IBM and Sun use their OS as a hook to sell hardware.
The per-seat license is certainly common enough in proprietary software. But when it comes to a desktop OS, it isn't the money-maker it might appear to be.
I'm amazed that you discount this so quickly. Every piece of hardware and software I've ever deployed in an enterprise involves support. In some cases, we accept a greater level of support ourselves. However, even as we pick out the most promising technology, anything with a commercial backer has some kind of support attached to the purchase order. Even when it's easy to use.
Microsoft does a fairly brisk business in support contracts. And, of course, the basis of IBM's Linux interest is that they make their money pushing hardware and, to a major extent, selling service.
Another point that you discounted early was the "tied to your mothership for patches" model. That is another support model. Enter RedHat. They aren't selling software, they're selling support. You can get all their software without a fee. However, you will either have to find your own sources for RPM updates or build your own.
Yes, this is a risky model. But it is also very common with proprietary software. There are plenty of products that offer a base at a very reasonable rate, or even without a fee, and additional functionality that can be purchased through modules, other products, etc.
Sure - your overall message is spot on. But it can be applied to any business in the IT industry. It is not all that unique to Linux vendors.