About 10 years ago, a friend of mine named Joseph Wu tried to do his MSc in computing science on computer origami. After a couple of years of trying, his thesis adviser pointed out that some of the mathematical/algorithmic problems he had uncovered were beyond what would be appropriate to a PhD. He's now a professional origami artist.
To give you an idea as to his ability, He used to fold $2 bills into mules and leave them as tips for waitresses. Now that the smallest Canadian bill is $5, I'm not sure if he's still doing it. According to an online article, one of his dreams is to produce origami smoke.
I'm wondering if some of these super-dmca provisions that limit what people can do with their connection are in fact unconstitutional... To the extent to which they limit people's rights so provide services on their internet connection, they're like licensing printing presses (or rather, making them illegal and allowing private interests to license them)..
This goes far beyond what the copyright provision of the First Ammendment was meant to provide -- and that presumes that state legislatures were allowed to use that provisions (which I think they aren't).
It's the Source Code you are only allowed to charge the reasonable 'media charge' for.
It's not really a question whether you have to release the source code. That's a given for GPL code. The functional question is whether or not the source code includes the signing key (if you distribute a signed version). I believe that the answer to that (underlying) question is yes.
First of all we have to distinguish what we think source code is from what the GPL defines it as. In this case:
If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
. . . .
For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
From this definition, I'd be inclined to rule (if I were a lawyer or judge) that the signing key would fit within the GPL's definition of source code. The final key is both derived from the code and is part of the installation process. In other words, you would be required to include the signing key in any source code package.
Two things I'd add here:
1) This isn't charity. This is the "cost" of using other people's GPL code. The people who wrote the original code have to be able to use the results for free too.
2) You can talk to the copyright owners and possibly get an exception to the GPL for this. If they're sympathetic to your plight, they may be willing to grant such an exception.
The nature of the GPL is that it (legally speaking) kicks in whenever you do something that would otherwise be a violation of copyright law. In this case, it would be when you make copies and distribute them... Thus, when I make DVDs for distribution and distribute those copies (whether by renting or sale), then I'm responsible to making sure that you have copies of the source code that have no further limits on distribution. If I send you a copy of the source with each copy of the object then the requirement is over. Otherwise, I'd be responsible for making free copies publicly available.
Once these copies get to you, things get a bit fuzzy: Given that you're not making copies, you may be able to rent out only the object code without bothering to also distribute the source, but you'd be on very slippery ground. If you were 'renting' it out with a reasonable expctation that it would be copied, then I think you'd be responsible to make the source code available.
Now, if I knew, when I was sending you copies, that you were reasonably likely to distribute copies without the source code, then I'd be responsible to make sure that anybody who got a copy would know where to get the source code (doing otherwise would be a copyright violation). This would especially be the case if we were two related organizations.
Working in collusion to make sure that people got copies of the object code without access to the source code would be a violation of copyright law (and a violation of the GPL).
3) Put on closed source, linked against uClibc application that contains in itself no GPL Code.
Question: Does source for that closed source application have to, in any way, be provided under the terms of the GPL ?
As long as uClibc is Lgpl, then you're fine. If uClibc is full GPL, then I believe that the resulting program would be considered a derivative work and subject to source code release. (IANAL)
If I have 100 PCs and I want to put my own custom hacked linux kernel on all of them, I'm perfectly allowed to do so, without releasing the source.
As long as those 100 boxes are "one of [your] own machines" and you're not selling/renting them to anybody else.(I.e. you're using them internally to your company). then that's accurate -- and consistent with the previous poster. You only have to give the source code to organizations that get copies of the object code.
-- but once you're into distributing the software (with or without hardware), then you have to distribute the source code with it.
The need to have the source code publicly distributed by you only applies when you're not already distributing the source code with the object code. Once you know that everybody who's recieved a copy of the object has been given/offered the source code, you're fine by the GPL.
eg if I only give the object code to my two best friends, they're the only people who have to recieve copies of the source code. If they decide to distribute the object code further, then they're the ones responsible for distribuing the source code.
Academic use wasn't just an add-on. It was the vehicle by which Arpanet (later to become the internet) was created. It was something of a symbiotic process. The Military had lots of money to buy the equipment and pay for the leased lines, but they didn't really know how to go about doing it. (the idea of a communications network without any sort of real central authority just did not fit within the normal military thought process).
Academics, on the other hand, had lots of interesting ideas and the time to work on it and perfect it -- but a (chronic) lack of funds to implement it on a usable scale. Put the two together, and you have the genesis of The Internet.
1995 my ass... I first saw that story in the 1980s... It's an ancient one.
Then, of course, there's the Toronto lawyer who liked to make new articling students more comfortable about the safety of high-rise floor-to-ceiling windows by bouncing himself off the window.... until the day a window finally came loose.
He was awarded a second honorary Darwin award.... One for his stupidity and one for taking a lawyer out of the gene pool.
(Unix types were far more ornery about lawyers back then, but that's a different story).
I guess the next step is to have a badge on our left breast that we hit and say "beam me up!":)
What I like about that Idea is being able to walk up to a complete stranger and ask her if I can use her cell phone.....
Re:See, the Internet is good for something
on
SARS and the Internet
·
· Score: 4, Interesting
I always claim to them that the Internet still finds a tremendous use in the research community, stories like this confirm my findings.
This is where the 'net was originally useful. Things like (cyber) virus transmissions, playing games and selling stuff were add-ons. Ain't nothing wrong with commercial uses of the internet -- It's just a misunderstanding for new users that (mostly unimaginative) commercial use was anything close to it's original intent.
If it's confirmed opt-in, it's not spam. If a company claims to be running confirmed opt-in, then give them the benefit of the doubt unless
If a company does confirmed opt-ins, tells each customer where they
opted in from, and can prove that each customer wilfully opted in, then I'll give them the benefit of the doubt.
If they just send out an email that says at the end: "You've been included in this email because you opted in on one of our associated sites", then I'm going to give them the benefit of a salem witch trial:
Tie a Cat-5 cord around their neck and throw them out a 10th story window. If the cord holds, (and breaks their neck), then they're a spammer, If it doesn't then I get to yell "SORRYYYYYYY" out the window after them.
Reminds me of a joke I came up with back in '91 (When I was dealing with IBMs) Q: How many IBM mainframes does it take to execute a job?
A: 3... 2 to hold it down and one to rip it's header off.
It's not the NDAs that taint you, it's having had access to the (proprietary) closed source code. If, subsequent to that, you post something into the Linux kernel that looks suspiciously like something in the Source code you (might have) had access to, then the owner of that source code might be able to sue everybody and their dog for breaching copyright. Even if it turns out to have been a false alarm, we're still talking $50K and 2.5 years of stagnation later.
Far easier to say "oh, you've had access to SYSV(AIX, MS, etc.) kernel source code?? Sorry -- go contribute to GAIM, or something.
It's not even that we don't trust you to produce only untainted code -- it's that people don't want to risk having to run a court case every 1-2 years just to prove that they didn't steal the proprietary code.
I just noticed that for the NY Organized Crime Task Force's 7 intercepts, the average cost was $886,999. Yet for Special Narcotics it's only $8747. I suppose it's due to the duration of the intercepts.
At $900K/wiretap, that's 6.2Million dollars in the NY area. If you subtract $300K for some donught-eating dective to exclusively listen on each line 24/7 ($100K*3 shifts), that still leaves 4.1Million for hardware and social engineering to circumvent those combined wiretaps' encryption.
For my part I'd say it's because the NY organized crime bosses put more thought and energy into their encryption methods. The mafia have a long history and a long memory. They've learned what circumvention methods have been successuful in the past and they're using (reasonably) effective counter-measures.
The average non-mafia druggie, on the other hand, is probably going to shell out $1400 for an off-the shelf, spamvertized, phone encryption unit and presume that it'll keep the feds off of his line (rong!) even though (s)he didn't take the time to learn how to use it properly (double rong!).
Good encryption -- like any other security regime -- isn't going to keep
out an absolutely determined opponent.. It's really intended to make
their life hard enough that most attackers will go find a 'softer' target.
The Mafia appears to be a real 'juicy' target with an extremely
hard shell.
Yeah, how dare we liberate Iraq and give millions of Muslins the right to assemble religiously at holy sites in Iraq--a right they haven't had decades. Bad, bad, BAD U.S.A.
Problem is, it was the Regan and Bush administrations that sold him his WMD technology to begin with -- and continued selling it to him even after he used it
to subdue (kill) entire towns.
I get a bit antsy with people who insist on painting themselves as heroes for cleaning up their own messes.
Maybe not in high regard but at the very least feared. Sometimes feared is good enough.
That's how we got in this mess in the first place: Fear and hatred are much the same thing.. in the regimen of the 'fight or flight' syndrome, hatred is the 'fight' response over a long period of time. If the whole world fears America and only 1 in 1000 turns that into hatred, that means that there are about 6million people who want to blow the country up. Only one of them needs to succeed.
I think that the phrase here is: Class action countersuit. These guys have banded themselves together to create -- in effect -- an association to do a class action lawsuit by a different name.. I think it would be appropriate to band together for a class action countersuit -- lock these bastards down in court and (hopefully) suck some (if not all) of that ill-gained profit out of them.
If it can be proven that they're also hijacking other peoples' servers as
spam relays, perhaps we can throw in some jail time as well.
what would be involved in fixing it. This put them in an awkward position of conflict; after all, spam-filtering vendors and other security companies make their living because these problems exist.
Right -- and guess who's going to make money off of charging 'email taxes' for everybody who wants to send a message? This is like the big kerflufle over the (false) claims that Canada was going to charge a $.05/email tax to help cover the losses to Canada Post.
So now we're going to pay more money to NSI/Verisign for an email cert when they're refusing to deny DNS to prolific spammers? We'd still need a grey-market method of keeping track of which of those certs were sold to spammers.
Before we get too deep into the idea of using PKI to 'secure' email, I'd suggest that people look at the rather interesting article pointed to by the GnuPrivacyGuard site about
The Ten Risks of PKI.
A more interesting question is whether this could be done in an open-source manner, with peer-to-peer authentication servers, webs of trust etc.
The protocol wouldn't be so much a drop-in replacement for sendmail as it would be a parallel delivery mechanism. As (and if) it became proven and trusted, I expect that such a system would slowly overtake SMTP as the preferred method of accepting email (with the 'old' method being less and less trusted).
Once 'enough' people started using such a system, the critical mass would result in a flip-over in emphasis by the bigger players.
A simple counter-example for people who figure that they can secure electronic voting machines without having *complete* access to the sourse and the ability to compile it from scratch:
Lets say that a rogue programmer (or even the CIO) at an electronic voting machine company decides to include the following 'spock pinch' easter egg:
If you place your fingers on two or three pre-determined locations (e.g. opposite corners) while making a vote selection, then all current (or subsequent) vote are changed such that 1/3 of all votes go to your preferred choice.
This 'feature' would be essentially impossible to find in logic testing, and would not depend on the egg programmer knowing anything beforehand about what the vote questions would be, when the vote would take place or even how many 'test' votes were done.. All you would need would be someone who could make it to the polling station at the appropriate time in the voting process (beginning or end) to activate the egg.
Without a voter verified paper trail, it would be almost impossible to verify that such a cheat had been used. -- remember it could also be encoded in the prom firmware of the machine -- not just the truly soft software, and it could sit
there for years, until an appropriately critical vote occurred (or an appropriately large bribe was paid).
I've gpt absolutely nothing against the idea of testing -- but when people speak like missing this bug implied that the 'proper' testing had not occured...
Until this bug bit people in the ass, I don't think that it was very predictable problem. Now that it's been seen, I agree that people should be testing for this sort of stupidigy from MS. I just don't feel that it should be considered the customer's fault that people didn't pre-emptively catch this example of malicious programming.
It's one thing to call and write. It's something else entirely to
volunteer and/or donate money. Of course, you would first have to have
a conversation with their volunteer coordinator about just what
kind of legislation that the political critter supports/opposes.
If what they support isn't what you like, then find someone else to
support -- and let them know that that's what you'll be doing.
If you find that your congress-critter is borderline/bad, but the
best of what's available, you may want to donate your time, but
let them know that you're looking for someone with a better 'attitude'.
If the Republican and Democratic party members are equally bad, you
may want to consider supporting a 'third' party. Remember that
supporting an alternative party is not the wast of time/energy
that the main parties would like you to believe it is. The Republicans
were such an 'alternative' party until Abraham Lincoln got in....
Think what might have happened if everybody had listened to the Democrats and Whigs (remember the Whigs? They were the serious opponents to the Democratic party back then!) that the Republicans were a trivial and meaningless party not worth supporting.
Perfect for gov't, which is not supposed to be in the software business anyway."
Then we would have never had NSALinux. Good thing rules aren't blindly followed.
It's still not the software business -- i.e. they're not making money off of it. Of course, if it wasn't for the GPL, the NSA might not have felt bound to release the source to their changes -- even if it would only have been absolutely mandated if they were distributing it outside of their organization.
The point of the GPL is not to give companies like Microsoft free access to my work... It's to make sure that companies like Microsoft can't take my work for free, make incompatible changes (e.g. kerberos) and prevent me from accessing the results.
Microsoft is still free to use my software (and they *do* distribute some GPL programs)... They just can't hide the resulting source code from me.
Slashdot Mirror
About 10 years ago, a friend of mine named Joseph Wu tried to do his MSc in computing science on computer origami. After a couple of years of trying, his thesis adviser pointed out that some of the mathematical/algorithmic problems he had uncovered were beyond what would be appropriate to a PhD. He's now a professional origami artist.
To give you an idea as to his ability, He used to fold $2 bills into mules and leave them as tips for waitresses. Now that the smallest Canadian bill is $5, I'm not sure if he's still doing it. According to an online article, one of his dreams is to produce origami smoke.
This goes far beyond what the copyright provision of the First Ammendment was meant to provide -- and that presumes that state legislatures were allowed to use that provisions (which I think they aren't).
It's not really a question whether you have to release the source code. That's a given for GPL code. The functional question is whether or not the source code includes the signing key (if you distribute a signed version). I believe that the answer to that (underlying) question is yes.
First of all we have to distinguish what we think source code is from what the GPL defines it as. In this case:
From this definition, I'd be inclined to rule (if I were a lawyer or judge) that the signing key would fit within the GPL's definition of source code. The final key is both derived from the code and is part of the installation process. In other words, you would be required to include the signing key in any source code package.Two things I'd add here:
1) This isn't charity. This is the "cost" of using other people's GPL code. The people who wrote the original code have to be able to use the results for free too.
2) You can talk to the copyright owners and possibly get an exception to the GPL for this. If they're sympathetic to your plight, they may be willing to grant such an exception.
The nature of the GPL is that it (legally speaking) kicks in whenever you do something that would otherwise be a violation of copyright law. In this case, it would be when you make copies and distribute them... Thus, when I make DVDs for distribution and distribute those copies (whether by renting or sale), then I'm responsible to making sure that you have copies of the source code that have no further limits on distribution. If I send you a copy of the source with each copy of the object then the requirement is over. Otherwise, I'd be responsible for making free copies publicly available.
Once these copies get to you, things get a bit fuzzy: Given that you're not making copies, you may be able to rent out only the object code without bothering to also distribute the source, but you'd be on very slippery ground. If you were 'renting' it out with a reasonable expctation that it would be copied, then I think you'd be responsible to make the source code available.
Now, if I knew, when I was sending you copies, that you were reasonably likely to distribute copies without the source code, then I'd be responsible to make sure that anybody who got a copy would know where to get the source code (doing otherwise would be a copyright violation). This would especially be the case if we were two related organizations.
Working in collusion to make sure that people got copies of the object code without access to the source code would be a violation of copyright law (and a violation of the GPL).
Question: Does source for that closed source application have to, in any way, be provided under the terms of the GPL ?
As long as uClibc is Lgpl, then you're fine. If uClibc is full GPL, then I believe that the resulting program would be considered a derivative work and subject to source code release. (IANAL)
As long as those 100 boxes are "one of [your] own machines" and you're not selling/renting them to anybody else.(I.e. you're using them internally to your company). then that's accurate -- and consistent with the previous poster. You only have to give the source code to organizations that get copies of the object code.
-- but once you're into distributing the software (with or without hardware), then you have to distribute the source code with it.
The need to have the source code publicly distributed by you only applies when you're not already distributing the source code with the object code. Once you know that everybody who's recieved a copy of the object has been given/offered the source code, you're fine by the GPL.
eg if I only give the object code to my two best friends, they're the only people who have to recieve copies of the source code. If they decide to distribute the object code further, then they're the ones responsible for distribuing the source code.
Academics, on the other hand, had lots of interesting ideas and the time to work on it and perfect it -- but a (chronic) lack of funds to implement it on a usable scale. Put the two together, and you have the genesis of The Internet.
Who "Rode the Rocket", and how long will they be in hospital for?
Then, of course, there's the Toronto lawyer who liked to make new articling students more comfortable about the safety of high-rise floor-to-ceiling windows by bouncing himself off the window .... until the day a window finally came loose.
He was awarded a second honorary Darwin award.... One for his stupidity and one for taking a lawyer out of the gene pool.
(Unix types were far more ornery about lawyers back then, but that's a different story).
What I like about that Idea is being able to walk up to a complete stranger and ask her if I can use her cell phone.....
This is where the 'net was originally useful. Things like (cyber) virus transmissions, playing games and selling stuff were add-ons. Ain't nothing wrong with commercial uses of the internet -- It's just a misunderstanding for new users that (mostly unimaginative) commercial use was anything close to it's original intent.
Doesn't matter here:
If a company does confirmed opt-ins, tells each customer where they opted in from, and can prove that each customer wilfully opted in, then I'll give them the benefit of the doubt.
If they just send out an email that says at the end: "You've been included in this email because you opted in on one of our associated sites", then I'm going to give them the benefit of a salem witch trial:
Tie a Cat-5 cord around their neck and throw them out a 10th story window. If the cord holds, (and breaks their neck), then they're a spammer, If it doesn't then I get to yell "SORRYYYYYYY" out the window after them.
Reminds me of a joke I came up with back in '91 (When I was dealing with IBMs) ... 2 to hold it down and one to rip it's header off.
Q: How many IBM mainframes does it take to execute a job?
A: 3
It's not the NDAs that taint you, it's having had access to the (proprietary) closed source code. If, subsequent to that, you post something into the Linux kernel that looks suspiciously like something in the Source code you (might have) had access to, then the owner of that source code might be able to sue everybody and their dog for breaching copyright. Even if it turns out to have been a false alarm, we're still talking $50K and 2.5 years of stagnation later.
Far easier to say "oh, you've had access to SYSV(AIX, MS, etc.) kernel source code?? Sorry -- go contribute to GAIM, or something.
It's not even that we don't trust you to produce only untainted code -- it's that people don't want to risk having to run a court case every 1-2 years just to prove that they didn't steal the proprietary code.
At $900K/wiretap, that's 6.2Million dollars in the NY area. If you subtract $300K for some donught-eating dective to exclusively listen on each line 24/7 ($100K*3 shifts), that still leaves 4.1Million for hardware and social engineering to circumvent those combined wiretaps' encryption.
For my part I'd say it's because the NY organized crime bosses put more thought and energy into their encryption methods. The mafia have a long history and a long memory. They've learned what circumvention methods have been successuful in the past and they're using (reasonably) effective counter-measures.
The average non-mafia druggie, on the other hand, is probably going to shell out $1400 for an off-the shelf, spamvertized, phone encryption unit and presume that it'll keep the feds off of his line (rong!) even though (s)he didn't take the time to learn how to use it properly (double rong!).
Good encryption -- like any other security regime -- isn't going to keep out an absolutely determined opponent.. It's really intended to make their life hard enough that most attackers will go find a 'softer' target.
The Mafia appears to be a real 'juicy' target with an extremely hard shell.
Problem is, it was the Regan and Bush administrations that sold him his WMD technology to begin with -- and continued selling it to him even after he used it to subdue (kill) entire towns.
I get a bit antsy with people who insist on painting themselves as heroes for cleaning up their own messes.
That's how we got in this mess in the first place: Fear and hatred are much the same thing.. in the regimen of the 'fight or flight' syndrome, hatred is the 'fight' response over a long period of time. If the whole world fears America and only 1 in 1000 turns that into hatred, that means that there are about 6million people who want to blow the country up. Only one of them needs to succeed.
Sleep tight.
If it can be proven that they're also hijacking other peoples' servers as spam relays, perhaps we can throw in some jail time as well.
Oh my god, Slashdot is Spamming us!
(FYI: the original definition of spamming included (was) multiple (usenet) posting of the same article).
Right -- and guess who's going to make money off of charging 'email taxes' for everybody who wants to send a message? This is like the big kerflufle over the (false) claims that Canada was going to charge a $.05/email tax to help cover the losses to Canada Post.
So now we're going to pay more money to NSI/Verisign for an email cert when they're refusing to deny DNS to prolific spammers? We'd still need a grey-market method of keeping track of which of those certs were sold to spammers.
Before we get too deep into the idea of using PKI to 'secure' email, I'd suggest that people look at the rather interesting article pointed to by the GnuPrivacyGuard site about The Ten Risks of PKI.
A more interesting question is whether this could be done in an open-source manner, with peer-to-peer authentication servers, webs of trust etc.
The protocol wouldn't be so much a drop-in replacement for sendmail as it would be a parallel delivery mechanism. As (and if) it became proven and trusted, I expect that such a system would slowly overtake SMTP as the preferred method of accepting email (with the 'old' method being less and less trusted). Once 'enough' people started using such a system, the critical mass would result in a flip-over in emphasis by the bigger players.
If you place your fingers on two or three pre-determined locations (e.g. opposite corners) while making a vote selection, then all current (or subsequent) vote are changed such that 1/3 of all votes go to your preferred choice.
This 'feature' would be essentially impossible to find in logic testing, and would not depend on the egg programmer knowing anything beforehand about what the vote questions would be, when the vote would take place or even how many 'test' votes were done.. All you would need would be someone who could make it to the polling station at the appropriate time in the voting process (beginning or end) to activate the egg.
Without a voter verified paper trail, it would be almost impossible to verify that such a cheat had been used. -- remember it could also be encoded in the prom firmware of the machine -- not just the truly soft software, and it could sit there for years, until an appropriately critical vote occurred (or an appropriately large bribe was paid).
I've gpt absolutely nothing against the idea of testing -- but when people speak like missing this bug implied that the 'proper' testing had not occured...
Until this bug bit people in the ass, I don't think that it was very predictable problem. Now that it's been seen, I agree that people should be testing for this sort of stupidigy from MS. I just don't feel that it should be considered the customer's fault that people didn't pre-emptively catch this example of malicious programming.
If you find that your congress-critter is borderline/bad, but the best of what's available, you may want to donate your time, but let them know that you're looking for someone with a better 'attitude'.
If the Republican and Democratic party members are equally bad, you may want to consider supporting a 'third' party. Remember that supporting an alternative party is not the wast of time/energy that the main parties would like you to believe it is. The Republicans were such an 'alternative' party until Abraham Lincoln got in....
Think what might have happened if everybody had listened to the Democrats and Whigs (remember the Whigs? They were the serious opponents to the Democratic party back then!) that the Republicans were a trivial and meaningless party not worth supporting.
Then we would have never had NSALinux. Good thing rules aren't blindly followed.
It's still not the software business -- i.e. they're not making money off of it. Of course, if it wasn't for the GPL, the NSA might not have felt bound to release the source to their changes -- even if it would only have been absolutely mandated if they were distributing it outside of their organization.
The point of the GPL is not to give companies like Microsoft free access to my work... It's to make sure that companies like Microsoft can't take my work for free, make incompatible changes (e.g. kerberos) and prevent me from accessing the results.
Microsoft is still free to use my software (and they *do* distribute some GPL programs)... They just can't hide the resulting source code from me.