This move by Microsoft does exactly that, just as OLPC does. No it isn't "just as OLPC does". OLPC is providing software and hardware. By rights Microsoft's attempt should fail, but competition is rarely fair and free where Microsoft is involved (I don't want to say "IMHO" at this point because there is more than enough factual legal history for this statement).
What's worrying is that, if it gets traction over OLPC, developing countries will get the familiar MS lock-in, and with support for XP due to expire soon, what's going to happen with Vista? Will that also be $3? What do you think?
If you think companies wouldn't dare risk those sorts of tactics, I offer the (much more heinous) example of Nestlé, promoting and giving "free" baby milk out in developing countries in hospitals, which results in breastfeeding rates dropping. This leads to the WHO's statement that "WHO estimates that some 1.5 million children die each year because they are not adequately breastfed." and blaming unsafe bottle feeding, caused by both unclean water, and unaffordability of baby milk. It's off-topic, but if people are concerned about this issue, see http://www.ibfan.org/.
Anyway, the point is that large companies are perfectly capable of screwing those in developing countries under the pretence of charity. And amazingly they continue to get away with it.
That would be true if it was just a message saying "Someone said no". But it doesn't. It includes a variety of information to uniquely identify the machine.
"That's ok, it's not personally identifiable" you say? Well, indeed it does not contain your name, address, phone number, bank account details and gender preferences directly in the message, no. But all it takes is for the user at some point to provide their personal details to Microsoft or any affiliates of Microsoft, or vendors with suitably worded contracts with Microsoft, using some program that also sends the machine's unique ID, and now you can match someone to the computer. Not just in future, but with all anonymous (or so you thought) dealings with Microsoft in the past.
Sign up for MS Passport? Register for an IE beta? Your personal details could easily have been sent along with your machine's unique ID, and now any other information stored by MS for that unique ID can be matched up with your personal information.
This reeks of Qualcomm just wanting to abandon Eudora, while not wanting to appear to be abandoning it to the Eudora userbase.
I can't imagine it making much sense trying to get Eudora working over the Thunderbird "technology platform". The whole design, architecture and frontend would be wildly different - it would be quicker to write Eudora features for Thunderbird from scratch.
150 years is the equivalent of 5 generations. What is the moral reason for allowing the IP rights to be held so long?
IP rights are a balance between allowing a creator to be rewarded for their efforts (including providing some limited inheritance) and allowing the public to enjoy work when the need for an incentive has passed.
Something like lifetime+20 years should be adequate (although perhaps there's an argument that the 'moral rights' could last longer than the commercial rights).
What happens for companies, where they cannot legally die and IP exists in perpetuity, is a more arguable matter.
Zonk's on a roll again, although unlike MS Freemont vs. Google Base, no-one's noticed straight away... This article is a dupe from just a couple of days ago.
On the other hand, I'd assume that in the contract between Sony and F4I, one side indemnified the other as part of the standard legalese.
Yes that's what I was trying to say. A big monster like Sony would surely have insisted on indemnification from F4I. So although claims would be against Sony, that shouldn't matter much to them as they would just claim in turn from F4I.
For the purposes of this abuse of the LPGL, the owners and copyrights of material on the CD are irrelevant. The rights conferred by the LGPL apply between the recipient of the material and the distributor. Where the distributor got the code from is irrelevant. They should have checked (yes I know that's hard, but copyright law doesn't care about "hard").
However, the way it should work is that any damages claimed against Sony, they would in turn almost certainly be able to claim against F4I. But as a recipient of the software from Sony, your beef would be with Sony, not F4I. And a copyright holder should claim against Sony and F4I. Both are (illegal) distributors of the LGPLd software.
Did Sony knowingly violate the LGPL? No, but irrelevant.
Did Sony intend to commit copyright infringement? No and irrelevant wrt copyright law.
Is Sony still distributing the software? No, but they have sold material containing software belonging to other people illegally, and those people can obtain damages on the basis of sales already made.
Did the software authors register their copyright? Irrelevant - copyright exists whether registered or not.
"Security Innovation also claimed that the Novell SLES infrastructure required 4.79 times the number of patches."
Looking at the PDF linked from the original article, which is actually about RHEL3, not SLES, you can see that they start making the right noises about only installing minimal software for a database server, but when you reach the detail near the end on page 41, you find they have GNOME, KDE, Editors, Graphical Internet, Development Tools, etc. selected. The excuse is no doubt that that's what Oracle list in their "deployment guidelines", but so what. If the approach is to try and install a minimal system, in the face of what the vendors may say you can get away with using, then that's what they should do.
Given the funders of the study, I would expect the SLES study to be equally flawed.
Another potayto-potahto issue is that they go with following the severity risk in Mitre etc., but that doesn't mean that that severity is relevant to their database server installation. Something may be high priority on Linux if it allows a local user to become root, but a database server should not have any old users logging in, nevermind running any old application. In fact the whole class of security issues resulting in improper raising of local user privileges is something that Windows has not really begun to tackle yet, due to not really being a very good multi-user system. They've instead been dealing with the far more serious remote exploits.
So can you compare even "high" priority vulnerabilities on Windows and Linux? I think not.
They won't be adless though. To really attack Google, you have to attack Google's revenues, which means taking away their customers. That's not search engine users, but advertisers. Appliances will probably largely remain a low volume niche market. Undercutting by cross-subsidisation from the Windows and Office businesses will do just fine - the key is that it doesn't have to work straight away. MS have the resources to keep going, lose money with their MSN search division, but still make profits overall. If Google tried the same thing, its financials would like dire as search is its whole business, and Wall Street would probably take fright.
The obvious way MS will attack Google will be with Vista, which will come with the equivalent of the Google Deskbar, right there from installation. For someone to switch to Google, that's exactly what they'd have to do: proactively go and get the Google Deskbar. But hey, that search thingy there already seems to find Paris Hilton photos just fine. That will chip away at Google's market share, and might snowball if the advertisers take fright and start moving to MSN.
Sure, the anti-MS geeks will "switch" to Google, but they aren't the mass market. The mass market goes with what seems to work. And leveraging Windows has always been the way for MS to stifle competition. Realplayer and Quicktime aren't anything like as popular as they used to be due to Windows Media Player, and there's one obvious reason for that.
Sometimes when you make prototype hardware, you get some tolerances wrong designing the PCB, especially for drilled holes. If you do, you sometimes get the power planes shorted together.
Most people just chuck the boards, but there is one solution that I know works:-), relying on the short usually just being a small bit of copper with therefore higher resistance...
First, strip off a standard plug, replace the fuse in it with a chunky bit of wire, turn off all the other appliances in your house on the same circuit, wire the plug wires up to each power plane, stand well back and flip the switch.
One bang later, and voila: the short has vaporised. You'll also almost certainly have blown the fuse for that circuit in your electricity supply box, but who cares! You have a working PCB.
Hint#1: don't do this once you have components soldered on:). Hint#2: Don't blame me if you set your house wiring on fire as well;-).
So here's my situation: I send mail from my home network from either my personal domain (which is hosted elsewhere - I pick mail up by POP3), or from my employer (ditto).
In the glorious days when SPF arrives, I will ideally want to configure things so my MTA (Postfix) sends mail with an SMTP envelope sender of my personal domain to my personal domain hoster, and from my work account to my employer. However AFAICT postfix doesn't do sender-based routing, only recipient based routing. I've got a dynamic IP address, so I can't get marked as a valid SPF sender for either account.
Surely it won't be the only MTA that can't do this, and this type of situation - needing to forward to different relays because of different accounts - won't be uncommon.
Any ideas how to do this? Worst case I can set up the account details in each MUA, but that's a pain, and defeats the purpose of a central mail hub.
This is really good news. The more obviously spurious the claims that SCO churns out, the more likely a judge is to not only take a dim view of SCO's case as a whole, but accuse them of making up frivolous lawsuits.
I think you misspelt John Logie Baird although he was a little older.
"
The man behind the demonstration was a 37-year-old Scotsman called John Logie Baird. And what he showed on screen, 19 months before Farnsworth, was far superior to Farnsworth's "blob of light", as it was famously described by Albert Abramson in The History of Television."
At least you get the choice to not use Google. When Longhorn comes out, if Google fails and there is no other effective competition then there will be no choice, at least not for 95% of users. And much less transparency over what's being recorded and sent back to MS.
Deleting a cookie is easy by comparison.
Re:Root certificates? Unfortunately not quite.
on
Gates on Spam
·
· Score: 1
So it would be ISP machines that would certify mail? That's no different from now - you rely on the ISPs to act against their customers and they often don't (UUnet, you listening?)
You can't imagine e.g. hotmail or AOL or indeed UUnet having their certificates revoked because some of their customers are spammers.
Re:Root certificates? Unfortunately not quite.
on
Gates on Spam
·
· Score: 3, Interesting
"Why not use a system based on something like root certificates?"
Here's why not: Because hackers and worm authors will still have control of a vast network of computers, that will not only generate spam signed by the poor victim, but will also lead to that victim's e-mail access being revoked.
Relying on a review process would be too difficult - each new virus/worm could result in, say, a million affected machines, which means potentially a million reviews suddenly needing to be made.
> A further example would be if you owned a TV Tuner > card for your computer, irreguardless of whether > it was physically in the computer or not you would > be required to own a TV License.
No, this isn't true. See this site for details. It says: "It is ONLY the use FOR RECEIVING BROADCASTS that requires a licence."
If it is not connected to an aerial there is no issue. If it isn't even installed then doubly so.
Either he or the people in the TV licensing Authority he talked to are lying. You do not need a TV license just because you have a tuner. This site describes it in detail, including a letter from the TVLA saying explicitly that you only need to detune your television and make sure it isn't connected to an aerial.
Sorry, but you should read the GPL more closely. You are thinking of clause 3(a):
"
You may copy and distribute the Program [...] in object code or executable form [...] provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code [...]"
With 3(a) you are only obliged to give source to the people you give binaries to. However Allnet did not accompany the binary code with the source code, and so 3(b) applies:
"
b) Accompany it with a written offer [...] to give any third party [...] the corresponding source code"
I am "any third party", so if I ask, they must give me the source code. I agree if they had accompanied their binaries with the source at the time, then 3(a) would have applied, but they didn't.
"Allnet has now agreed to adhere to all clauses of the license and inform its
customers about their respective rights and obligations of the GPL."
But it isn't just their customers who get those rights. Under 3(b) of the GPL any third party can ask for "a complete machine-readable copy of the corresponding source code". And I imagine that it will be more code than netfilter/iptables too due to the viral (ahem) nature of the GPL.
It's definitely clear that any scheme dependent on payment is going to have practical problems to overcome in the presence of numerous countries and currencies. This paper, like other similar proposals, is US-centric as it assumes that payment of e.g. $1 is easy. Is that $1 or GBP0.5416 or EUR0.7875 and how do people transfer money when banks charge for international transfers? Could the banks cope with this number of transfers anyway? Unlikely.
Even within the US it wouldn't be easy as you would either need every individual and company (possibly one per e-mail address) to sign up to a service similar to Paypal, or to have ISPs act as banks to hold e-mail funds for you in escrow.
The logistical and practical difficulties, and expense in adminstering them, make dealing with the current level of spam trivial!
Slashdot Mirror
What's worrying is that, if it gets traction over OLPC, developing countries will get the familiar MS lock-in, and with support for XP due to expire soon, what's going to happen with Vista? Will that also be $3? What do you think?
If you think companies wouldn't dare risk those sorts of tactics, I offer the (much more heinous) example of Nestlé, promoting and giving "free" baby milk out in developing countries in hospitals, which results in breastfeeding rates dropping. This leads to the WHO's statement that "WHO estimates that some 1.5 million children die each year because they are not adequately breastfed." and blaming unsafe bottle feeding, caused by both unclean water, and unaffordability of baby milk. It's off-topic, but if people are concerned about this issue, see http://www.ibfan.org/.
Anyway, the point is that large companies are perfectly capable of screwing those in developing countries under the pretence of charity. And amazingly they continue to get away with it.
That would be true if it was just a message saying "Someone said no". But it doesn't. It includes a variety of information to uniquely identify the machine.
"That's ok, it's not personally identifiable" you say? Well, indeed it does not contain your name, address, phone number, bank account details and gender preferences directly in the message, no. But all it takes is for the user at some point to provide their personal details to Microsoft or any affiliates of Microsoft, or vendors with suitably worded contracts with Microsoft, using some program that also sends the machine's unique ID, and now you can match someone to the computer. Not just in future, but with all anonymous (or so you thought) dealings with Microsoft in the past.
Sign up for MS Passport? Register for an IE beta? Your personal details could easily have been sent along with your machine's unique ID, and now any other information stored by MS for that unique ID can be matched up with your personal information.
This reeks of Qualcomm just wanting to abandon Eudora, while not wanting to appear to be abandoning it to the Eudora userbase.
I can't imagine it making much sense trying to get Eudora working over the Thunderbird "technology platform". The whole design, architecture and frontend would be wildly different - it would be quicker to write Eudora features for Thunderbird from scratch.
Not just that, you also need to provide the source for your application, unless you want to buy a licence from Red Hat. Cygwin is Free software.
150 years is the equivalent of 5 generations. What is the moral reason for allowing the IP rights to be held so long?
IP rights are a balance between allowing a creator to be rewarded for their efforts (including providing some limited inheritance) and allowing the public to enjoy work when the need for an incentive has passed.
Something like lifetime+20 years should be adequate (although perhaps there's an argument that the 'moral rights' could last longer than the commercial rights).
What happens for companies, where they cannot legally die and IP exists in perpetuity, is a more arguable matter.
Zonk's on a roll again, although unlike MS Freemont vs. Google Base, no-one's noticed straight away... This article is a dupe from just a couple of days ago.
Yes that's what I was trying to say. A big monster like Sony would surely have insisted on indemnification from F4I. So although claims would be against Sony, that shouldn't matter much to them as they would just claim in turn from F4I.
No thank *you* for playing.
For the purposes of this abuse of the LPGL, the owners and copyrights of material on the CD are irrelevant. The rights conferred by the LGPL apply between the recipient of the material and the distributor. Where the distributor got the code from is irrelevant. They should have checked (yes I know that's hard, but copyright law doesn't care about "hard").
However, the way it should work is that any damages claimed against Sony, they would in turn almost certainly be able to claim against F4I. But as a recipient of the software from Sony, your beef would be with Sony, not F4I. And a copyright holder should claim against Sony and F4I. Both are (illegal) distributors of the LGPLd software.
Did Sony knowingly violate the LGPL? No, but irrelevant.
Did Sony intend to commit copyright infringement? No and irrelevant wrt copyright law.
Is Sony still distributing the software? No, but they have sold material containing software belonging to other people illegally, and those people can obtain damages on the basis of sales already made.
Did the software authors register their copyright? Irrelevant - copyright exists whether registered or not.
Looking at the PDF linked from the original article, which is actually about RHEL3, not SLES, you can see that they start making the right noises about only installing minimal software for a database server, but when you reach the detail near the end on page 41, you find they have GNOME, KDE, Editors, Graphical Internet, Development Tools, etc. selected. The excuse is no doubt that that's what Oracle list in their "deployment guidelines", but so what. If the approach is to try and install a minimal system, in the face of what the vendors may say you can get away with using, then that's what they should do.
Given the funders of the study, I would expect the SLES study to be equally flawed.
Another potayto-potahto issue is that they go with following the severity risk in Mitre etc., but that doesn't mean that that severity is relevant to their database server installation. Something may be high priority on Linux if it allows a local user to become root, but a database server should not have any old users logging in, nevermind running any old application. In fact the whole class of security issues resulting in improper raising of local user privileges is something that Windows has not really begun to tackle yet, due to not really being a very good multi-user system. They've instead been dealing with the far more serious remote exploits.
So can you compare even "high" priority vulnerabilities on Windows and Linux? I think not.
Parent deservedly marked insightful.
They won't be adless though. To really attack Google, you have to attack Google's revenues, which means taking away their customers. That's not search engine users, but advertisers. Appliances will probably largely remain a low volume niche market. Undercutting by cross-subsidisation from the Windows and Office businesses will do just fine - the key is that it doesn't have to work straight away. MS have the resources to keep going, lose money with their MSN search division, but still make profits overall. If Google tried the same thing, its financials would like dire as search is its whole business, and Wall Street would probably take fright.
The obvious way MS will attack Google will be with Vista, which will come with the equivalent of the Google Deskbar, right there from installation. For someone to switch to Google, that's exactly what they'd have to do: proactively go and get the Google Deskbar. But hey, that search thingy there already seems to find Paris Hilton photos just fine. That will chip away at Google's market share, and might snowball if the advertisers take fright and start moving to MSN.
Sure, the anti-MS geeks will "switch" to Google, but they aren't the mass market. The mass market goes with what seems to work. And leveraging Windows has always been the way for MS to stifle competition. Realplayer and Quicktime aren't anything like as popular as they used to be due to Windows Media Player, and there's one obvious reason for that.
While you have a general point, your specific analogy isn't right:
"I updated the kernel 2.4 kernel package with a 2.5 development release package! I guess the 2.6 kernel needed to go back to testing big time, eh?"
Development release != release candidate.
It wouldn't even be fair to compare against something like Fedora Core 2 beta as SP2 is already meant to be past the beta stage.
Sometimes when you make prototype hardware, you get some tolerances wrong designing the PCB, especially for drilled holes. If you do, you sometimes get the power planes shorted together.
:-), relying on the short usually just being a small bit of copper with therefore higher resistance...
:). ;-).
Most people just chuck the boards, but there is one solution that I know works
First, strip off a standard plug, replace the fuse in it with a chunky bit of wire, turn off all the other appliances in your house on the same circuit, wire the plug wires up to each power plane, stand well back and flip the switch.
One bang later, and voila: the short has vaporised. You'll also almost certainly have blown the fuse for that circuit in your electricity supply box, but who cares! You have a working PCB.
Hint#1: don't do this once you have components soldered on
Hint#2: Don't blame me if you set your house wiring on fire as well
So here's my situation: I send mail from my home network from either my personal domain (which is hosted elsewhere - I pick mail up by POP3), or from my employer (ditto).
In the glorious days when SPF arrives, I will ideally want to configure things so my MTA (Postfix) sends mail with an SMTP envelope sender of my personal domain to my personal domain hoster, and from my work account to my employer. However AFAICT postfix doesn't do sender-based routing, only recipient based routing. I've got a dynamic IP address, so I can't get marked as a valid SPF sender for either account.
Surely it won't be the only MTA that can't do this, and this type of situation - needing to forward to different relays because of different accounts - won't be uncommon.
Any ideas how to do this? Worst case I can set up the account details in each MUA, but that's a pain, and defeats the purpose of a central mail hub.
This is really good news. The more obviously spurious the claims that SCO churns out, the more likely a judge is to not only take a dim view of SCO's case as a whole, but accuse them of making up frivolous lawsuits.
Go SCO! More of the same please!
So what has the XFree86 project's reaction been to this? They'll have noticed the defectors to X.org like everyone else. Are they contrite or defiant?
Next you'll be claiming that Edison invented the light bulb!
At least you get the choice to not use Google. When Longhorn comes out, if Google fails and there is no other effective competition then there will be no choice, at least not for 95% of users. And much less transparency over what's being recorded and sent back to MS.
Deleting a cookie is easy by comparison.
So it would be ISP machines that would certify mail? That's no different from now - you rely on the ISPs to act against their customers and they often don't (UUnet, you listening?)
You can't imagine e.g. hotmail or AOL or indeed UUnet having their certificates revoked because some of their customers are spammers.
"Why not use a system based on something like root certificates?"
Here's why not: Because hackers and worm authors will still have control of a vast network of computers, that will not only generate spam signed by the poor victim, but will also lead to that victim's e-mail access being revoked.
Relying on a review process would be too difficult - each new virus/worm could result in, say, a million affected machines, which means potentially a million reviews suddenly needing to be made.
> A further example would be if you owned a TV Tuner
> card for your computer, irreguardless of whether
> it was physically in the computer or not you would
> be required to own a TV License.
No, this isn't true. See this site for details. It says: "It is ONLY the use FOR RECEIVING BROADCASTS that requires a licence."
If it is not connected to an aerial there is no issue. If it isn't even installed then doubly so.
Either he or the people in the TV licensing Authority he talked to are lying. You do not need a TV license just because you have a tuner. This site describes it in detail, including a letter from the TVLA saying explicitly that you only need to detune your television and make sure it isn't connected to an aerial.
With 3(a) you are only obliged to give source to the people you give binaries to. However Allnet did not accompany the binary code with the source code, and so 3(b) applies: I am "any third party", so if I ask, they must give me the source code. I agree if they had accompanied their binaries with the source at the time, then 3(a) would have applied, but they didn't.
But it isn't just their customers who get those rights. Under 3(b) of the GPL any third party can ask for "a complete machine-readable copy of the corresponding source code". And I imagine that it will be more code than netfilter/iptables too due to the viral (ahem) nature of the GPL.
The problem with your idea is that most people use cash for small amounts these days.
:-).
So as well as your 1/2 oz of gold, you'll have to carry around a small hammer and chisel so you can remove a flake to pay for your candy bar
It's definitely clear that any scheme dependent on payment is going to have practical problems to overcome in the presence of numerous countries and currencies. This paper, like other similar proposals, is US-centric as it assumes that payment of e.g. $1 is easy. Is that $1 or GBP0.5416 or EUR0.7875 and how do people transfer money when banks charge for international transfers? Could the banks cope with this number of transfers anyway? Unlikely.
Even within the US it wouldn't be easy as you would either need every individual and company (possibly one per e-mail address) to sign up to a service similar to Paypal, or to have ISPs act as banks to hold e-mail funds for you in escrow.
The logistical and practical difficulties, and expense in adminstering them, make dealing with the current level of spam trivial!