According to the article, Brown was fired when the product was still an idea. Since then, he's done development without any support from Alcatel, not on their time, etc. How can they presume that they should own his work? Is all the work I do from now on the property of my former employers?
Good question. Even if Alcatel does own the rights to the idea, shouldn't their ownership be limited to the basic idea only and shouldn't Brown own everything he did after leaving the company? If his work is considered derivative to his Alcatel owned idea he might have to pay for the use of the core idea, but he should be able to hold copyrights and patents on his actual implementation. Since you aren't *supposed* to be able to patent an idea but only an embodiment, this could limit Alcatel's ability to practically exploit the concept without his permission.
Now they might insist that he was using their confidential information (his idea) to develop his technology. However, they still shouldn't be able to claim all of his work. The laws and contracts relating to non-disclosure and competitive practices usually allow one to at least make use of skills and expertise in a given field, including when that knowledge is gained as a result of employment.
And even if the contract and the governing law was such that they could claim most of the directly derivative work, presumably much of the IP he developed by actually building and testing wouldn't have even been truly derivative. Usually a final product bears little resemblance to an original idea, and some of the most important features may have little to do with the core concept. So in any case, even if they can stop him from pursuing his idea, they shouldn't get automatic rights to his all of his subsequent IP.
...why on earth would i want the same ubiquitous, essentially unvaluable thing every other woman has?
I'm sure that my girlfriend (and a lot of other women) would agree with you... that's probably why she wants a ubiquitous, essentially unvaluable thing TWICE the size of what every other woman has!
Actually, I feel bad making fun because I agree with your main point (...and I got nailed for flamebait on the last stupid joke I tried to make). Yes the diamond is really for her, but if you really feel strongly about it you shouldn't have to breach your ethics to buy it. She will either respect you for that or maybe she's not the right woman for you. Now if you're only vaguely concerned about the ethics and you think that maybe you're doing her a favour make sure you get her opinion first or just buy the damn ring. And if you know her well enough to marry her you probably know whether she wants one and how she'll react if she doesn't get it.
Sorry to nitpick, but based on that riveting description of your life I'm guessing that you just forget to put the quotation marks around "girlfriend" (or maybe that should just be implied for Slashdot gaming articles).
Re:push for open DATA FORMATS, not open SOURCE
on
Mega-Geek March?
·
· Score: 2
I agree. Educating the government to push for open data formats will result in governments being economically incented to use completely open source solutions and will also have the added benefit of encouraging more competitive open source software.
It worries me when anyone tries to rely on regulation to succeed and I worry that asking for open source requirements will make people question its viability and merits. The government should use the software that best meets their requirements - PERIOD. But requiring open data formats is basically an essential part of having an open bidding process - it increases the number and competitiveness of compatible options. If an excellent closed solution provides critical features that a crappy open source alternative does not, then the government should use the proprietary solution. The same goes for a significantly superior open source solution. However, if the different solutions are able to score the same on features and functionality, then a good open source solution should win almost every time for economic reasons.
Of course to really even out the playing field, professional tenders will need to be prepared and championed for the open source solutions. These will need to include total economic costs, timelines and plans to develop additional features, plans for internal or outsourced support, etc. Sometimes these will be done by open source integrators/providers (Red Hat, IBM, etc.) but provisions should be made to encourage truly free and open source bids, either by creating incentives for outside organizations or by creating internal bodies to develop and champion these solutions. Such a group would also need the ability to lobby for bidding criteria that is fair and practical about open source software.
Just a little update. After starting (but aborting) the registration-process-to-request-the NDA-to-request-the-protocols, I got the following delivered to my inbox. Not a big deal, probably just a confirmation message, but the "newsletters" subdomain on the e-mail address kinda scares me... I hope the Hotmail filters work against MS spam.
The next time you visit Microsoft.com, please remember your important login information. Your Passport e-mail address is:...@hotmail.com Your Microsoft.com e-mail address is:...@hotmail.com
Actually, I don't think there's anything at the other end worth jumping through so many hoops to sign any NDA (let alone theirs). Other posters have suggested that they are only "releasing" a bunch of already available and open third party protocols anyway. Perhaps the real intention is a combination of the following:
1. Appease the DOJ by suggesting that "We're opening up cough*our*cough source code. Yeah, that's the ticket."
2. Encourage curious developers to sign up for Passport and sign over all their personal info for tracking^H^H^H^H^H^H^H^Hconvenience purposes.
3. Goad some weblog user into posting their NDA and/or other documents verbatim on Slashdot for copyright entrapment...
If you decide to continue anyways the next page begins:
Microsoft Communications Protocol Program NDA Request Form Instructions
The first step in the Microsoft Communications Protocol Program is to obtain and sign a Non-Disclosure Agreement (NDA). To request an NDA, click on the link below and complete the request form... to facilitate confirmation of your request and avoid possible delays, it is important to use a Passport account with a verified e-mail address from a domain used by your company. Requests submitted using e-mail addresses from unrestricted or anonymous email domains (e.g., Hotmail) will not be handled without direct contact and verification from the company involved.
...and I thought my Hotmail account was my Passport. Well lets try anyway...
If you keep on going, logging in with your Passport you'll probably hit this page:
Microsoft Communications Protocol Program NDA Request -- Passport Configuration
Which basically asks you to set up your Passport account to share your personal (although probably inaccurate) information with all Passport Services before you can even get to the protocol NDA request page...
Not my intention, but not an entirely bad analogy either. An even better analogy, but still limited, would be Napster, and the best analogy might be those who write viruses and DDOS scripts.
From a practical perspective, and in a wide variety of scenarios, it is usually easier and more efficient to deal with a common provider, leader, or enabler rather than with individual users. The MPAA and RIAA have certainly used this approach to their advantage by targeting "the kids who wrote DeCSS" and companies like Napster, rather than going after individual users. The same rule applies when lawsuits name corporations rather than people (although sometimes it is easier to pick on the little guy).
However, just because this approach is often abused for questionable purposes, doesn't mean that it is wrong in general. In the case of spam I do think it makes the most sense to go after the people (companies) who are making the most profit and enabling the most amount of traffic.
The main difference is that in the case of DeCSS and Napster the tools had legitimate purpose and the technology should be considered legally neutral. With these "spam pimps" their products and services are strictly and overtly provided for the purpose of spamming. In their case, I wouldn't advocate cracking down on software that simply enables bulk mailing (which is what happened to DeCSS and Napster) but force accountability on the companies and individuals that actually perform bulk mailing services and provide very application specific software (such as filter busting programs that include illegitimate mailing lists). This is much more like cracking down on virus and DDOS script writers.
Forget "Techies On Ice" the more general rule is that only stereotypes are frozen.
In the case of that first season episode: a confused housewife, a singer looking for a party, and a rich Texan financier with a cowboy hat. I guess they just missed the other ships housing a bunch of frozen computer geeks and eccentric scientists (probably because they were all dressed up like trekkies and that would be too self-referential).
And then you can add eugenic super villians, famous baseball players, and hunch backed nuclear power plant owners to the list of the stereotypically frozen.
Re:This is *why* we need laws!
on
Meet the Spammers
·
· Score: 3, Interesting
We certainly need laws, but I don't know how they're going to discourage the kind of people who think they can make money by sending spam filled with blatent spelling mistakes, that often makes no logical sense, and sometimes doesn't even have a means of actually responding to it.
To really attack the issue, I think we need to first stop labelling everyone involved as a "spammer" when there appears to be a hierarchy of culprits, including:
1. The ISP that provides refuge for spammers. 2. The spam enablers that provide the software, lists, and sometimes mailing services. 3. The spammer who may be an independent jerk, or who may be misled and effectively taken advantage of and pimped out by a #2 organization. 4. The people who actually buy their products.
Most spammers (#3) are just idiots that will probably keep on trying regardless of whether they ever make money, and there's a new one born every minute. It's #2, the spam enablers (or spam pimps, perhaps?), who should be the most vilified and attacked. They're the ones making money off of spam regardless of whether anyone actually buys it or make money and they present much larger targets. With empty promises of wealth, they take advantage of the idiots who make up #3 by taking their money in return for mailing lists and sometimes actually sending out the spam. Many of these "clients" are probably people with legitimate and sometimes severe mental health problems (hence non-commercial spam about aliens and time travel) who might never be diswayed by legal means without eliminating the means.
Like prostituition, strong laws should be made against this kind of pimping activity (spimping?), both directly, and at the ISP (#1) level. Also, maybe an ISO 9000 type practices and auditing standard for ISPs can be developed and widely publicized. This might require that an AUP include certain anti-spam requirements, and/or that the ISP takes responsibility for bulk mailing. ISP's might be encouraged or even forced to restrict bulk mailing to lists that can be independently confirmed to be opt-in and/or have a verified individual who will sign-off to that effect (under penalty of law), and to label all bulk mail with a certain identifier etc.
Oddly enough, I also have a Yahoo! account which I've used heavily and given out freely for the past few years (until around May when I registered my own domain name), and receive at most maybe four or five spams per month.
That's funny, I've had almost the opposite experience. Although I absolutely hate Hotmail's ever changing (er, eroding) policies and features, with the filters in place I get almost no spam to my Hotmail account (which is my not wholly uncommon name, including middle initial). I've had it for several years, and use it for almost all required registrations, etc.
On the other hand, I have a Yahoo! account that I use exclusively for forwarding my university account to so that I can easily access my e-mail from my phone. This account has a relatively obscure and meaningless address, and I have never given it out or otherwise used it. This account gets bombarded with spam (additional to my university account, although almost all of it does get filtered to the junk mail folder).
I know other people who have had opposite experiences as well. Most spam can probably be traced to some action by the user or the provider, but without a doubt a large portion is also due to random chance.
...one of the big things about the G4 was that the 1 gigaflop barrier meant it qualified as a supercomputer (and a military weapon:).
Interestingly, the GAO has just completed an investigation into what constitutes a "supercomputer" these days and what the US is doing (or not doing) to control exports.
According to reuters, the GAO report is critical of the Bush administration's decision to increase the limit last January "from 85,000 Millions of Theoretical Operations Per Second, or MTOPS, to 190,000 MTOPS." Not sure how MTOPS convert to FLOPS, but the article states that the average PC is about 2,100 MTOPS and that Unisys currently produces the only systems that exceed the 190,000 MTOPS limit.
The article also mentions that the State and Commerce departments believe that the limits on processor power needs rethinking to address networked systems of less powerful computers(imagine a beowulf cluster of these, etc.).
When this all started really bubbling up I recalled reading several articles about the bug in Infoworld in the mid-late eighties, and thinking "they aren't going to wait until 1999 to start fixing this are they?" D'oh!
I'm pretty sure I read something in an OMNI magazine "Antimatter" or "Continuum" column from back in the early eighties that described Y2K (probably between an expose on psychic UFO's and some art by Giger).
I'm surprised no one has published a detailed history of early references to Y2K along with a definitive account of the responses and eventual results. It would have been an exploitive no-brainer a few years ago, and a thoughtful and objective account would be even more interesting in retrospect now that the doom-saying is well behind us and the "I told you so's" have died down as well.
Of course, if I'm not mistaken, a good bit of these were use to drop Napalm in Vietnam...needless to say the A-10 is still a great asset to the military...
Thanks for the interesting theory about the A-10 as a flying tank rather than just a tank-killer, but just to let you know, the A-10 was not used in Vietnam. It was developed to fill a void in close air support that became obvious during Vietnam. The first prototype flew in 1971 and the first production aircraft was completed in 1975. The A-10 was well on its way to being retired before it finally had a chance to prove itself in the Gulf War. They are to be replaced by the new JSF. And just to get back (closer) to topic, with their heavy armour, redundant systems, and "titanium bathtubs", it would take a hell of a lot more than a bunch of Ewoks and their logs to knock one of these planes out of the sky... Although several were lost in the Gulf War, A-10's have made it back to base missing just about everything you ever thought a plane needed to fly and to keep the pilot safe. Wow.
The "old breaking into a house" analogy only really applies (and usually poorly) to hacking (cracking) into private systems not owned by the hacker (cracker). Hacking a computer program (or stand alone device or system) that is owned or otherwise legimately accessible by the hacker is an entirely different scenario.
This case is more like a builder or an engineer (or Bob Villa) testing different building materials, home construction methods, and security products for safety and applicability. Even materials that have been generally approved for use often need to be tested before (and sometimes after) being used in a particular way. You're not breaking into someone else's house, and you're not stealing or destroying someone else's technology. You're simply thoroughly testing something to see if it meets your needs. In general, you should be free to tell others the results of your testing. If it doesn't even stand up to specification, then you're pretty well obliged to warn others (legally so if you're an engineer), including the supplier. In no case should you be prosecuted for telling people that the product doesn't work or shouldn't be used for certain applications, and for telling people why or why not (unless you're being maliciously libel).
This perspective on hacking is much closer to the original sense of the word and is what's done every day by virtually any manufacturing or construction company, as well as individuals, academics, journalists, and consumer groups. I think that the U.S. computer security advisor is simply suggesting that computer products should be treated no differently from building materials so even though companies might want to restrict testing, reverse engineering, and negative publicity, it is not in the interest of public rights and safety. The only grey area is where computer systems include both public and private elements and there is less of a natural distinction between testing and trespassing. In the real world such evaluations might be done by third party audit, but again, the boundaries are much clearer, and as the parent comment mentioned, computer technology is less mature and harder to test exhaustively.
Is there a way for the winners of the disputes to recoup their legal expenses? Otherwise, I think most private people would rather hand over their domains at the first sign of trouble.
Important point. Thankfully, there's a good answer!
According to the Globe & Mail, the legal costs of going up against a large corporation were a major concern for the eventual victor. But, happily:
"Molson was also ordered to pay Mr. Black's legal fees."
I hope this included all legal costs related to the arbitration phase as well as his appeal. I'm not sure, but Mr. Black might have been eligible for damages as well, but since his website plans were probably still too conceptual he probably couldn't argue any loss of revenue. However, awarding legal fees probably does open the door for damages and penalties, depending on the circumstances of future domain hijicking cases.
Actually, the follow-up to the canadian.biz case (which was part of the same original post discussing the unix.org dispute) was posted a couple of weeks ago, just not on the front page.
In summary, the original registrant (a Canadian citizen) was able to convince a Canadian judge that "Canadian" does not mean beer alone and was able to block Molson from hijicking the canadian.biz domain.
In his decision, the judge stated that "simply because a domain name is identical or similar to a trademark name should not result in the transfer of the domain name to the trademark owner. In my view, unless there is some evidence that the use of the domain name infringes on the use of the trademark name, a person other than the owner of the trademark should be able to continue to use the domain name." He was also critical of ICANN's definition and use of the "bad faith" criteria.
It appears that ICANN and the registrar have respected the court decision, as the whois information has been updated with the original registrant's correct name and information.
Between this and the contrast between the unix.com and unix.org cases, it certainly proves that ICANN is inconsistent in their rulings, and aren't considered (by at least one court) to have a very good handle on trademark law. Hopefully these decisions can be used as inspiration/precedent for the unix.org people to appeal so (just maybe) we can see two good news follow-ups from one bad news slashdot post.
Microsoft originally applauded Biden's bill when it covered only physical counterfeiting, saying in a press release in April that it closes "a significant gap in federal protection of copyrighted works including software." Current federal law covers only "counterfeit labels," not physical holograms or other packaging material.
But Microsoft indicated on Friday that it had problems with Biden's revisions. "Those issues, from our perspective, highlight the reason why we support the legislation as it was originally written," said spokesman Jon Murchinson.
I can't see this going anywhere if one of the biggest potential beneficiaries is against the amended legislation (certainly pirated Microsoft software is being used as a key example by proponents).
I wonder if this is because 1) Microsoft is actually concerned about individual rights; 2) they see the 'pirating' of content as an important application/revenue stream for their software and hardware platforms; or 3) they're holding out for something even more heavy-handed?
These things could get into earthquake rubble no problem at all.
Something like this would have been perfect in the recent mining diasaster (or even the WTC) for searching for and establishing communications with any survivors, and for helping to identify the best methods and locations for the air, water, and rescue holes. Although the miners got out alive, they were very lucky to last for three days without any contact. These rescue attempts are very much a balance between acting quickly, so that you can save someone before they succumb, but also taking your time so that the rescue attempt doesn't kill them or the rescuers. Small guided or autonomous cameras could assess the situation quickly but without dangerously disturbing the situation. In large diasasters, like earthquakes and the WTC, they could help direct limited resources to spots with the best chance of finding survivors.
On the one hand, sure, our diplomats have a national goal of promoting U.S. enterprise, but do we have to promote companies which we are simultaneously pursuing in court for numerous violations of our laws?
Actually, these days I think this is a catch-22, if you want to promote U.S. enterprise, by definition you've pretty much gotta support the ones in court.
Seriously, though, it would be hard to define such a standard (at least for big business) since large enough companies are almost always the target of some sort of litigation or investigation, many of which are small or without merit, and are simply a function of their size, history, numerous divisions, and the law of numbers when they employ thousands of individuals. I'm not going shed tears for big business, but even corporations should be considered innocent until proven guilty, and even for the guilty ones government officials should not seek to impose extra-legal restrictions and punishments beyond whatever punishments are decided in court (although as citizens and consumers we are always free to voice our opinion and deny them our business and government agencies should evaluate potential suppliers based on past conduct).
That being said, the adoption of open source software abroad should have positive economic benefits to North America: with the bulk of open source developers based in the U.S. there is probably a quantifiable net benefit to skills and innovation as well as benefits to the many small businesses that rely on open source products and service for productivity gains and revenue. Politicians should be encouraged to promote this industry as well, especially with small business being the real lifeblood of the economy.
Based on the account in the article your response is simply ridiculous. Although the story is brief and somewhat biased ("Ethical Hacker" etc.) NOWHERE does it indicate that he *poked* around or otherwise exploited the security gap.
Even if he had, there are many who would argue that a little poking around is natural and innocent when someone discovers such a thing (and one might not even know that they have stumbled into a restricted space without a little exploring).
You may disagree that intentional hacking can fall into such a grey area, sometimes described as analogous to checking the locks and then walking into an unlocked house. Fair enough. However, unless you have some additional facts to the contrary, the events in the article are more akin to walking by and noticing someone's door is wide open with the keys left in the lock. Any snooping might have been equivalent to peering inside as you walk by. You might even have ethical obligation to report it to a neighbour or the police and perhaps even take them the keys for safe keeping.
Finally, does anyone have any idea how we can educate the public and the law that pointing out a flaw or security issue is NOT the same as causing damage? He is being charged with forcing their system down and costing $5000 to install a secure system. Why is this the standard in the computing, but not in the real world?
Did all 235,000 members send in their support or did a majority vote on this or did the publicity arm send this out on behalf of those people who are members?
I've been a member of the IEEE since university (and even hold an IEEE branded credit card!) but it bothers me how the IEEE-USA can be so political and nationalistic while the IEEE positions itself as an international technical society and publisher ("Networking the World").
I wonder how many of the 235,000 memberships exist only (or at least mainly) for the various IEEE magazines, including the many published by IEEE affiliate societies, such as "Computer" magazine. I'd wager most members don't follow the political efforts of IEEE-USA and that some don't consider their membership much differently from a "membership" in the National Geographic Society. Other memberships exist primarily to attend or partipate in sponsored conferences or standards committees and even those who are actively involved with the IEEE are probably more interested in local chapter events, activities, and public outreach than national policy.
Finally, I'd be very interested to know how many of the 235,000 IEEE-USA members they claim to represent are actually H1-B holders and other visiting engineers and computer scientists. And how many visa holders found their jobs through postings in IEEE magazines or were attracted by the IEEE's heavy promotion of US industry and opportunities?
Boycotts, legal challenges, and voting people out are all fine after the fact, but the best way to stop this is to stick a real damaging spin on it before it becomes law. The usual anti-MPAA/RIAA and copyright rants probably won't win enough media interest in time to stop this, but politicians could be convinced if the "corporate vigilante immunity law" is lumped in with the recent accounting scandals.
Write a letter or call your congressional representatives, senators, activists, and/or media outlets pointing out the audacity of big corporations to ask for special privileges and less accountability even in the face of the ongoing accounting and financial investigations. Ask them how we are supposed to trust big corporations with legal immunity from federal laws when we can't even trust them to tell the truth. Tell them that CEO's still just don't get it and that this proposed legislation is further proof that corporate lobbyists are out of control and out of touch with reality. Tell them that allowing corporations to legally unleash hackers on private citizens will be the first step on a slippery slope of immunity and abuse. Tell them that corporations can't be trusted to a lower standard than citizens - if anything they should be held to a higher standard.
Ask candidates if they are planning to support legal immunity for greedy companies that take the law into their own hands or if they are going to take a stand against corporate excess and fight this latest example of abuse of trust. Ask them if they'll stand up for the little guy, or if they plan to let corporations get away with anti-consumer vigilante tactics. With a little suggestion and the upcoming elections in mind, somebody should recognize the opportunity to run with this issue and make it totally unpaletable before it ever passes.
Re:Why isnt the world testing deflection technolog
on
A Rock Moves In Space
·
· Score: 2
Right. Let's install gigantic pinball flippers on the poles:)
Great idea! Better get going on your US patent app though - you've got one year to file. Of course, there'll be no incentive to use your gigantic pinball flippers anywhere outside the US since you've just given up your foreign patent rights through public disclosure... and you'd better hope for a good NEO scare in the next 20 years or so, otherwise you should sell them for missile defense before everyone and their brother are making gigantic pinball flipper knock-offs. Maybe if you register giganticpinballflippers.com...
Slashdot Mirror
According to the article, Brown was fired when the product was still an idea. Since then, he's done development without any support from Alcatel, not on their time, etc. How can they presume that they should own his work? Is all the work I do from now on the property of my former employers?
Good question. Even if Alcatel does own the rights to the idea, shouldn't their ownership be limited to the basic idea only and shouldn't Brown own everything he did after leaving the company? If his work is considered derivative to his Alcatel owned idea he might have to pay for the use of the core idea, but he should be able to hold copyrights and patents on his actual implementation. Since you aren't *supposed* to be able to patent an idea but only an embodiment, this could limit Alcatel's ability to practically exploit the concept without his permission.
Now they might insist that he was using their confidential information (his idea) to develop his technology. However, they still shouldn't be able to claim all of his work. The laws and contracts relating to non-disclosure and competitive practices usually allow one to at least make use of skills and expertise in a given field, including when that knowledge is gained as a result of employment.
And even if the contract and the governing law was such that they could claim most of the directly derivative work, presumably much of the IP he developed by actually building and testing wouldn't have even been truly derivative. Usually a final product bears little resemblance to an original idea, and some of the most important features may have little to do with the core concept. So in any case, even if they can stop him from pursuing his idea, they shouldn't get automatic rights to his all of his subsequent IP.
...why on earth would i want the same ubiquitous, essentially unvaluable thing every other woman has?
... that's probably why she wants a ubiquitous, essentially unvaluable thing TWICE the size of what every other woman has!
I'm sure that my girlfriend (and a lot of other women) would agree with you
Actually, I feel bad making fun because I agree with your main point (...and I got nailed for flamebait on the last stupid joke I tried to make). Yes the diamond is really for her, but if you really feel strongly about it you shouldn't have to breach your ethics to buy it. She will either respect you for that or maybe she's not the right woman for you. Now if you're only vaguely concerned about the ethics and you think that maybe you're doing her a favour make sure you get her opinion first or just buy the damn ring. And if you know her well enough to marry her you probably know whether she wants one and how she'll react if she doesn't get it.
Sorry to nitpick, but based on that riveting description of your life I'm guessing that you just forget to put the quotation marks around "girlfriend" (or maybe that should just be implied for Slashdot gaming articles).
I agree. Educating the government to push for open data formats will result in governments being economically incented to use completely open source solutions and will also have the added benefit of encouraging more competitive open source software.
It worries me when anyone tries to rely on regulation to succeed and I worry that asking for open source requirements will make people question its viability and merits. The government should use the software that best meets their requirements - PERIOD. But requiring open data formats is basically an essential part of having an open bidding process - it increases the number and competitiveness of compatible options. If an excellent closed solution provides critical features that a crappy open source alternative does not, then the government should use the proprietary solution. The same goes for a significantly superior open source solution. However, if the different solutions are able to score the same on features and functionality, then a good open source solution should win almost every time for economic reasons.
Of course to really even out the playing field, professional tenders will need to be prepared and championed for the open source solutions. These will need to include total economic costs, timelines and plans to develop additional features, plans for internal or outsourced support, etc. Sometimes these will be done by open source integrators/providers (Red Hat, IBM, etc.) but provisions should be made to encourage truly free and open source bids, either by creating incentives for outside organizations or by creating internal bodies to develop and champion these solutions. Such a group would also need the ability to lobby for bidding criteria that is fair and practical about open source software.
Just a little update. After starting (but aborting) the registration-process-to-request-the NDA-to-request-the-protocols, I got the following delivered to my inbox. Not a big deal, probably just a confirmation message, but the "newsletters" subdomain on the e-mail address kinda scares me... I hope the Hotmail filters work against MS spam.
...@hotmail.com ...@hotmail.com
From: "Microsoft Registration System" no-reply@newsletters.microsoft.com
Reply-To: regsys-ndr@newsletters.microsoft.com
Subject: Microsoft.com Registration System Message
The next time you visit Microsoft.com, please remember your important login information.
Your Passport e-mail address is:
Your Microsoft.com e-mail address is:
Actually, I don't think there's anything at the other end worth jumping through so many hoops to sign any NDA (let alone theirs). Other posters have suggested that they are only "releasing" a bunch of already available and open third party protocols anyway. Perhaps the real intention is a combination of the following:
1. Appease the DOJ by suggesting that "We're opening up cough*our*cough source code. Yeah, that's the ticket."
2. Encourage curious developers to sign up for Passport and sign over all their personal info for tracking^H^H^H^H^H^H^H^Hconvenience purposes.
3. Goad some weblog user into posting their NDA and/or other documents verbatim on Slashdot for copyright entrapment...
If you decide to continue anyways the next page begins:
Microsoft Communications Protocol Program
NDA Request Form Instructions
The first step in the Microsoft Communications Protocol Program is to obtain and sign a Non-Disclosure Agreement (NDA). To request an NDA, click on the link below and complete the request form... to facilitate confirmation of your request and avoid possible delays, it is important to use a Passport account with a verified e-mail address from a domain used by your company. Requests submitted using e-mail addresses from unrestricted or anonymous email domains (e.g., Hotmail) will not be handled without direct contact and verification from the company involved.
...and I thought my Hotmail account was my Passport. Well lets try anyway...
If you keep on going, logging in with your Passport you'll probably hit this page:
Microsoft Communications Protocol Program
NDA Request -- Passport Configuration
Which basically asks you to set up your Passport account to share your personal (although probably inaccurate) information with all Passport Services before you can even get to the protocol NDA request page...
Ummm, No thanks.
Kinda like the kids who wrote DeCSS?
Not my intention, but not an entirely bad analogy either. An even better analogy, but still limited, would be Napster, and the best analogy might be those who write viruses and DDOS scripts.
From a practical perspective, and in a wide variety of scenarios, it is usually easier and more efficient to deal with a common provider, leader, or enabler rather than with individual users. The MPAA and RIAA have certainly used this approach to their advantage by targeting "the kids who wrote DeCSS" and companies like Napster, rather than going after individual users. The same rule applies when lawsuits name corporations rather than people (although sometimes it is easier to pick on the little guy).
However, just because this approach is often abused for questionable purposes, doesn't mean that it is wrong in general. In the case of spam I do think it makes the most sense to go after the people (companies) who are making the most profit and enabling the most amount of traffic.
The main difference is that in the case of DeCSS and Napster the tools had legitimate purpose and the technology should be considered legally neutral. With these "spam pimps" their products and services are strictly and overtly provided for the purpose of spamming. In their case, I wouldn't advocate cracking down on software that simply enables bulk mailing (which is what happened to DeCSS and Napster) but force accountability on the companies and individuals that actually perform bulk mailing services and provide very application specific software (such as filter busting programs that include illegitimate mailing lists). This is much more like cracking down on virus and DDOS script writers.
Forget "Techies On Ice" the more general rule is that only stereotypes are frozen.
In the case of that first season episode: a confused housewife, a singer looking for a party, and a rich Texan financier with a cowboy hat. I guess they just missed the other ships housing a bunch of frozen computer geeks and eccentric scientists (probably because they were all dressed up like trekkies and that would be too self-referential).
And then you can add eugenic super villians, famous baseball players, and hunch backed nuclear power plant owners to the list of the stereotypically frozen.
We certainly need laws, but I don't know how they're going to discourage the kind of people who think they can make money by sending spam filled with blatent spelling mistakes, that often makes no logical sense, and sometimes doesn't even have a means of actually responding to it.
To really attack the issue, I think we need to first stop labelling everyone involved as a "spammer" when there appears to be a hierarchy of culprits, including:
1. The ISP that provides refuge for spammers.
2. The spam enablers that provide the software, lists, and sometimes mailing services.
3. The spammer who may be an independent jerk, or who may be misled and effectively taken advantage of and pimped out by a #2 organization.
4. The people who actually buy their products.
Most spammers (#3) are just idiots that will probably keep on trying regardless of whether they ever make money, and there's a new one born every minute. It's #2, the spam enablers (or spam pimps, perhaps?), who should be the most vilified and attacked. They're the ones making money off of spam regardless of whether anyone actually buys it or make money and they present much larger targets. With empty promises of wealth, they take advantage of the idiots who make up #3 by taking their money in return for mailing lists and sometimes actually sending out the spam. Many of these "clients" are probably people with legitimate and sometimes severe mental health problems (hence non-commercial spam about aliens and time travel) who might never be diswayed by legal means without eliminating the means.
Like prostituition, strong laws should be made against this kind of pimping activity (spimping?), both directly, and at the ISP (#1) level. Also, maybe an ISO 9000 type practices and auditing standard for ISPs can be developed and widely publicized. This might require that an AUP include certain anti-spam requirements, and/or that the ISP takes responsibility for bulk mailing. ISP's might be encouraged or even forced to restrict bulk mailing to lists that can be independently confirmed to be opt-in and/or have a verified individual who will sign-off to that effect (under penalty of law), and to label all bulk mail with a certain identifier etc.
Oddly enough, I also have a Yahoo! account which I've used heavily and given out freely for the past few years (until around May when I registered my own domain name), and receive at most maybe four or five spams per month.
That's funny, I've had almost the opposite experience. Although I absolutely hate Hotmail's ever changing (er, eroding) policies and features, with the filters in place I get almost no spam to my Hotmail account (which is my not wholly uncommon name, including middle initial). I've had it for several years, and use it for almost all required registrations, etc.
On the other hand, I have a Yahoo! account that I use exclusively for forwarding my university account to so that I can easily access my e-mail from my phone. This account has a relatively obscure and meaningless address, and I have never given it out or otherwise used it. This account gets bombarded with spam (additional to my university account, although almost all of it does get filtered to the junk mail folder).
I know other people who have had opposite experiences as well. Most spam can probably be traced to some action by the user or the provider, but without a doubt a large portion is also due to random chance.
...one of the big things about the G4 was that the 1 gigaflop barrier meant it qualified as a supercomputer (and a military weapon:).
Interestingly, the GAO has just completed an investigation into what constitutes a "supercomputer" these days and what the US is doing (or not doing) to control exports.
According to reuters, the GAO report is critical of the Bush administration's decision to increase the limit last January "from 85,000 Millions of Theoretical Operations Per Second, or MTOPS, to 190,000 MTOPS." Not sure how MTOPS convert to FLOPS, but the article states that the average PC is about 2,100 MTOPS and that Unisys currently produces the only systems that exceed the 190,000 MTOPS limit.
The article also mentions that the State and Commerce departments believe that the limits on processor power needs rethinking to address networked systems of less powerful computers(imagine a beowulf cluster of these, etc.).
I'm assuming that most slashdotter's are too busy snatching up these wonderful steals...
With all the potential troll site names, I'm seriously afraid to know how many of these will be registered in the next day or so.
When this all started really bubbling up I recalled reading several articles about the bug in Infoworld in the mid-late eighties, and thinking "they aren't going to wait until 1999 to start fixing this are they?" D'oh!
I'm pretty sure I read something in an OMNI magazine "Antimatter" or "Continuum" column from back in the early eighties that described Y2K (probably between an expose on psychic UFO's and some art by Giger).
I'm surprised no one has published a detailed history of early references to Y2K along with a definitive account of the responses and eventual results. It would have been an exploitive no-brainer a few years ago, and a thoughtful and objective account would be even more interesting in retrospect now that the doom-saying is well behind us and the "I told you so's" have died down as well.
eight scenes of Jar Jar that never made it into the movie
Or worse, seven of Jar Jar plus one boy band scene.
Of course, if I'm not mistaken, a good bit of these were use to drop Napalm in Vietnam...needless to say the A-10 is still a great asset to the military...
Thanks for the interesting theory about the A-10 as a flying tank rather than just a tank-killer, but just to let you know, the A-10 was not used in Vietnam. It was developed to fill a void in close air support that became obvious during Vietnam. The first prototype flew in 1971 and the first production aircraft was completed in 1975. The A-10 was well on its way to being retired before it finally had a chance to prove itself in the Gulf War. They are to be replaced by the new JSF. And just to get back (closer) to topic, with their heavy armour, redundant systems, and "titanium bathtubs", it would take a hell of a lot more than a bunch of Ewoks and their logs to knock one of these planes out of the sky... Although several were lost in the Gulf War, A-10's have made it back to base missing just about everything you ever thought a plane needed to fly and to keep the pilot safe. Wow.
The "old breaking into a house" analogy only really applies (and usually poorly) to hacking (cracking) into private systems not owned by the hacker (cracker). Hacking a computer program (or stand alone device or system) that is owned or otherwise legimately accessible by the hacker is an entirely different scenario.
This case is more like a builder or an engineer (or Bob Villa) testing different building materials, home construction methods, and security products for safety and applicability. Even materials that have been generally approved for use often need to be tested before (and sometimes after) being used in a particular way. You're not breaking into someone else's house, and you're not stealing or destroying someone else's technology. You're simply thoroughly testing something to see if it meets your needs. In general, you should be free to tell others the results of your testing. If it doesn't even stand up to specification, then you're pretty well obliged to warn others (legally so if you're an engineer), including the supplier. In no case should you be prosecuted for telling people that the product doesn't work or shouldn't be used for certain applications, and for telling people why or why not (unless you're being maliciously libel).
This perspective on hacking is much closer to the original sense of the word and is what's done every day by virtually any manufacturing or construction company, as well as individuals, academics, journalists, and consumer groups. I think that the U.S. computer security advisor is simply suggesting that computer products should be treated no differently from building materials so even though companies might want to restrict testing, reverse engineering, and negative publicity, it is not in the interest of public rights and safety. The only grey area is where computer systems include both public and private elements and there is less of a natural distinction between testing and trespassing. In the real world such evaluations might be done by third party audit, but again, the boundaries are much clearer, and as the parent comment mentioned, computer technology is less mature and harder to test exhaustively.
Is there a way for the winners of the disputes to recoup their legal expenses?
Otherwise, I think most private people would rather hand over their domains at the first sign of trouble.
Important point. Thankfully, there's a good answer!
According to the Globe & Mail, the legal costs of going up against a large corporation were a major concern for the eventual victor. But, happily:
"Molson was also ordered to pay Mr. Black's legal fees."
I hope this included all legal costs related to the arbitration phase as well as his appeal. I'm not sure, but Mr. Black might have been eligible for damages as well, but since his website plans were probably still too conceptual he probably couldn't argue any loss of revenue. However, awarding legal fees probably does open the door for damages and penalties, depending on the circumstances of future domain hijicking cases.
Actually, the follow-up to the canadian.biz case (which was part of the same original post discussing the unix.org dispute) was posted a couple of weeks ago, just not on the front page.
In summary, the original registrant (a Canadian citizen) was able to convince a Canadian judge that "Canadian" does not mean beer alone and was able to block Molson from hijicking the canadian.biz domain.
In his decision, the judge stated that "simply because a domain name is identical or similar to a trademark name should not result in the transfer of the domain name to the trademark owner. In my view, unless there is some evidence that the use of the domain name infringes on the use of the trademark name, a person other than the owner of the trademark should be able to continue to use the domain name." He was also critical of ICANN's definition and use of the "bad faith" criteria.
It appears that ICANN and the registrar have respected the court decision, as the whois information has been updated with the original registrant's correct name and information.
Between this and the contrast between the unix.com and unix.org cases, it certainly proves that ICANN is inconsistent in their rulings, and aren't considered (by at least one court) to have a very good handle on trademark law. Hopefully these decisions can be used as inspiration/precedent for the unix.org people to appeal so (just maybe) we can see two good news follow-ups from one bad news slashdot post.
Microsoft originally applauded Biden's bill when it covered only physical counterfeiting, saying in a press release in April that it closes "a significant gap in federal protection of copyrighted works including software." Current federal law covers only "counterfeit labels," not physical holograms or other packaging material.
But Microsoft indicated on Friday that it had problems with Biden's revisions. "Those issues, from our perspective, highlight the reason why we support the legislation as it was originally written," said spokesman Jon Murchinson.
I can't see this going anywhere if one of the biggest potential beneficiaries is against the amended legislation (certainly pirated Microsoft software is being used as a key example by proponents).
I wonder if this is because 1) Microsoft is actually concerned about individual rights; 2) they see the 'pirating' of content as an important application/revenue stream for their software and hardware platforms; or 3) they're holding out for something even more heavy-handed?
Search and Rescue?
These things could get into earthquake rubble no problem at all.
Something like this would have been perfect in the recent mining diasaster (or even the WTC) for searching for and establishing communications with any survivors, and for helping to identify the best methods and locations for the air, water, and rescue holes. Although the miners got out alive, they were very lucky to last for three days without any contact. These rescue attempts are very much a balance between acting quickly, so that you can save someone before they succumb, but also taking your time so that the rescue attempt doesn't kill them or the rescuers. Small guided or autonomous cameras could assess the situation quickly but without dangerously disturbing the situation. In large diasasters, like earthquakes and the WTC, they could help direct limited resources to spots with the best chance of finding survivors.
On the one hand, sure, our diplomats have a national goal of promoting U.S. enterprise, but do we have to promote companies which we are simultaneously pursuing in court for numerous violations of our laws?
Actually, these days I think this is a catch-22, if you want to promote U.S. enterprise, by definition you've pretty much gotta support the ones in court.
Seriously, though, it would be hard to define such a standard (at least for big business) since large enough companies are almost always the target of some sort of litigation or investigation, many of which are small or without merit, and are simply a function of their size, history, numerous divisions, and the law of numbers when they employ thousands of individuals. I'm not going shed tears for big business, but even corporations should be considered innocent until proven guilty, and even for the guilty ones government officials should not seek to impose extra-legal restrictions and punishments beyond whatever punishments are decided in court (although as citizens and consumers we are always free to voice our opinion and deny them our business and government agencies should evaluate potential suppliers based on past conduct).
That being said, the adoption of open source software abroad should have positive economic benefits to North America: with the bulk of open source developers based in the U.S. there is probably a quantifiable net benefit to skills and innovation as well as benefits to the many small businesses that rely on open source products and service for productivity gains and revenue. Politicians should be encouraged to promote this industry as well, especially with small business being the real lifeblood of the economy.
Based on the account in the article your response is simply ridiculous. Although the story is brief and somewhat biased ("Ethical Hacker" etc.) NOWHERE does it indicate that he *poked* around or otherwise exploited the security gap.
Even if he had, there are many who would argue that a little poking around is natural and innocent when someone discovers such a thing (and one might not even know that they have stumbled into a restricted space without a little exploring).
You may disagree that intentional hacking can fall into such a grey area, sometimes described as analogous to checking the locks and then walking into an unlocked house. Fair enough. However, unless you have some additional facts to the contrary, the events in the article are more akin to walking by and noticing someone's door is wide open with the keys left in the lock. Any snooping might have been equivalent to peering inside as you walk by. You might even have ethical obligation to report it to a neighbour or the police and perhaps even take them the keys for safe keeping.
Finally, does anyone have any idea how we can educate the public and the law that pointing out a flaw or security issue is NOT the same as causing damage? He is being charged with forcing their system down and costing $5000 to install a secure system. Why is this the standard in the computing, but not in the real world?
Did all 235,000 members send in their support or did a majority vote on this or did the publicity arm send this out on behalf of those people who are members?
I've been a member of the IEEE since university (and even hold an IEEE branded credit card!) but it bothers me how the IEEE-USA can be so political and nationalistic while the IEEE positions itself as an international technical society and publisher ("Networking the World").
I wonder how many of the 235,000 memberships exist only (or at least mainly) for the various IEEE magazines, including the many published by IEEE affiliate societies, such as "Computer" magazine. I'd wager most members don't follow the political efforts of IEEE-USA and that some don't consider their membership much differently from a "membership" in the National Geographic Society. Other memberships exist primarily to attend or partipate in sponsored conferences or standards committees and even those who are actively involved with the IEEE are probably more interested in local chapter events, activities, and public outreach than national policy.
Finally, I'd be very interested to know how many of the 235,000 IEEE-USA members they claim to represent are actually H1-B holders and other visiting engineers and computer scientists. And how many visa holders found their jobs through postings in IEEE magazines or were attracted by the IEEE's heavy promotion of US industry and opportunities?
Boycotts, legal challenges, and voting people out are all fine after the fact, but the best way to stop this is to stick a real damaging spin on it before it becomes law. The usual anti-MPAA/RIAA and copyright rants probably won't win enough media interest in time to stop this, but politicians could be convinced if the "corporate vigilante immunity law" is lumped in with the recent accounting scandals.
Write a letter or call your congressional representatives, senators, activists, and/or media outlets pointing out the audacity of big corporations to ask for special privileges and less accountability even in the face of the ongoing accounting and financial investigations. Ask them how we are supposed to trust big corporations with legal immunity from federal laws when we can't even trust them to tell the truth. Tell them that CEO's still just don't get it and that this proposed legislation is further proof that corporate lobbyists are out of control and out of touch with reality. Tell them that allowing corporations to legally unleash hackers on private citizens will be the first step on a slippery slope of immunity and abuse. Tell them that corporations can't be trusted to a lower standard than citizens - if anything they should be held to a higher standard.
Ask candidates if they are planning to support legal immunity for greedy companies that take the law into their own hands or if they are going to take a stand against corporate excess and fight this latest example of abuse of trust. Ask them if they'll stand up for the little guy, or if they plan to let corporations get away with anti-consumer vigilante tactics. With a little suggestion and the upcoming elections in mind, somebody should recognize the opportunity to run with this issue and make it totally unpaletable before it ever passes.
Right. Let's install gigantic pinball flippers :)
on the poles
Great idea! Better get going on your US patent app though - you've got one year to file. Of course, there'll be no incentive to use your gigantic pinball flippers anywhere outside the US since you've just given up your foreign patent rights through public disclosure... and you'd better hope for a good NEO scare in the next 20 years or so, otherwise you should sell them for missile defense before everyone and their brother are making gigantic pinball flipper knock-offs. Maybe if you register giganticpinballflippers.com...