GTK and GNOME bindings for Java, though they're through gcj
There are actually two significant GPL'd Java implementations, so whatever "ownership" Sun has should be less of a concern. GCJ is one, on track to be in GCC 3.0 or maybe even GCC 2.95.next; and Kaffe is very well established.
But AWT support is mostly lacking, there. Having Gnome accessible from Java is a big deal, and is likely going to be the site of future major fights. I mean, nobody implemented a cleanroom Swing (over a cleanroom AWT); and who would want to? Do a good API to Gnome instead. Swing has major virtues, but from the perspective of Free Software it's a major downer -- too much code, too much history, too much corporate control.
It'll be really interesting to see how supportive Sun is of GPL'd Java working in the Gnome environment. I suspect that if the community develops, it'll either be using GPL'd Swing (from Sun) or Gnome-from-Java.
The public has overreacted, but the RIAA started the war.
In what way is this not a wholly reasonable response to the problem? Let's say this alleged overreaction causes half the RIAA companies to go bankrupt next year -- not that there's a snowball's chance of that happening. (Except as a legal shell game to transfer wealth.) Will they have lost more than the "Big Five" have stolen from the public in the last few years?
Remember what fraction of a dollar a CD costs to manufacture, how much you pay, and how little goes either to the artist or to the CD manufacturer. Integrate over time.
Would those RIAA companies' bankruptcy at the hands of Napster really make up for the way that industry has been jacking up prices... forever?
We shouldn't let FTC's price-fixing decision against the recording industry go forgotten, either. They got off with a real wrist slap, but still paid most of a billion bucks... to who? How? Lawyers I guess. Maybe a better judgement would have been that they have to let Napster work its future out unimpeded.
The role of lawyers in corporations today is unfortunately too much focussed on making legal behaviors (free speech not the least) become very expensive... you have to pay for your free speech, big time.
In the case of RSA, the US Govt applied this knowledge in two basic ways to slow down the spread of cryptographic technology... likely a better approach than the media monopolies took, but I hope they don't find a way to do the same:
First by granting a patent on what should have been public domain information: an algorithm developed using US Govt funding. This patent turned into a per-utterance tax (payable to RSA Data Security) for people saying things like "secure web browser" (though Netscape and MSFT got cheap licences to RSA code, not algorithm) within the US (not abroad). CSS is (no longer) a trade secret, so its analogue of this protection has failed.
Second by making other cryptographic speech extremely expensive in general... the whole RICO, oops, I mean EAR export control (oops, I mean "market interference") operation conspired to prevent people from having private speech.Also known as freedom of association, a different "liberty"... or perhaps non-incrimination, you don't have to tell the govt about your crimes. Just don't talk about them on any phone, or over the Internet, since J Edgar Freeh (of the FBI) is getting a real stiffie for the ability wiretap absolutely everything.
What it's really going to come down to is that the US government has to decide whether it wants its accomodation with media organizations to be more like that between governments (which let themselves curtail fundamental human rights because they're the cops, and dammit they don't like "those kind of people" at all)... or instead to be like it's supposed to be, where individual rights are more than hot air.
The thing to really watch out for is when the Executive or Legislative branches start getting in bed with the multinationals. Oh wait... that's like the DMCA helping Disney or Warner, isn't it? Or the office of Drug Policy engaging in media payola to get propaganda out, closly in cahoots with private organizations that gain financially by continuing the current generation's major Prohibition?
The Legislative and Executive branches have too many ways to prevent the courts from seeing their non-constitutional acts. And what we need to see, but won't, is the Judicial system ripping new orifices into those other branches for pulling so much crap.
I think it's rather healthy that they're starting to help the majority of the system which lives outside the kernel. There's way too much attention on the kernel; way way way way way way too much. It's important, but it doesn't exactly do anything by itself.
Actually, the more chaotic it gets the better, because it makes it more likely that an Appeals Court will overturn the case.
I'm not sure it's better, given that it makes it easier to overturn it while leaving the DMCA constitutionality issues unaddressed.
Of course there's enough here to be outraged about, maybe it'd just be greedy to pick on DMCA as the most important principle. After all, I'm recalling the first news here on this topic, where from the very first it was apparent that Kaplan was a "hanging judge".
It seems amazing that this has never ocurred to any government entity.
Why would you ever think that it hasn't?
Of course it has. Licensing commercial entities to bypass the Bill of Rights, and then granting Law Enforcement the ability to access such "public" information, is part of a strategy to bypass constitutional protections which limit police powers.
After all, the US Constitution only applies to restrict the actions of certain governments. If the Feds can't do it, get the states to; if the states can't, get the feds or a private corporation to do it; if all else fails, rely on "anonymous" tips (that is, do the illegal wiretaps, as in the decades-long illegal wiretap system in Los Angeles). Any surveillance target that complains has clearly got something to hide, and likely less money than any govt or corporation to throw into the legal system...
The US has police state tendancies, which are increasingly showing clear and strong. J. Edgar Freeh is watching, be careful.
the interesting judgement would be to conclude (fact of law) that while MP3.com did something wrong, that since no harm was done (no CD sale was lost by action of MP3.com), no damages are due.
that'd be justice: all wrongs made right, and yet not endorsing further extortion by the record industries.
with the full-scale assualt on nearly every aspect of our democracy and our constitutional rights, how do you know the mechanisms will even still be in place for the situation to correct itself at all?
Who cares if they're in place when they work so poorly as they do?
Look at drug prohibition, for example. Started as a racist gig -- instead of fighting the black people directly, just force them all to be criminals -- and who's out there fighting against that injustice? Hmm. Anyone who does, swiftly gets branded a criminal. Or a joke. Many of us remember when the word "hacker" was primarily praise.
Is there a ray of light coming from the Internet? Perhaps. It's a good lever for the best our society has to offer, not just the worst.
The official site is the Java section of sourceware, and there is a recent news update. It compiles source or class files to native code, and the CNI interface is basically C++ calling; so it's set up to be fast, and in fact has been fast, on the software I've managed to get running there.
Briefly, it's bleeding edge; one looks forward to the next GCC release. I don't know how the very latest snapshots go, but it's been ages since I've gotten one that even compiles smoothly (on Redhat 6.0, very standard).
Significant missing features include the ability to parse JDK 1.1 "inner classes" from Java source. It's coming, but not there yet, and the workaround is just to use a JDK compiler and compile from classfiles.
And as for applying this particular signed code architecture (the one in the book, remember what the alleged topic of this thread is?:-)... it's a ways off, I'd say. Clearly there'll be some good potential for open source hacking there, both to get the crypto parts going (let's really bang on that new BigInteger code!) and to make sure all the other parts of the runtime interact appropriately. Hard work.
Let's see, are Solaris, HP/UX, AIX, and so on shipping with GTK, QT, etc? How about the existing X11 app vendors... are they converting?
That's not a point in technical favor of Motif, may it die ASAP and rot away quickly. It's the point that CDE (gag) and Motif (where's that bucket?) got strongarmed into a position of commercial prominance (remember "Oppose Sun Forever") as a political manoeuver. As a pure power play, it worked -- OpenLook never caught on in a big way. Technically, Motif still sucks as much as it ever did.
We just wish CDE and Motif would die quickly.
Poll: Would you rather see libXt or Jar-Jar Binks die a grisly death?;-)
Right, there are legal uses of copying. I wasn't clear enough, then: it's the illegal copying I'm concerned about, though secondarily I also believe that discussing legal copying just muddies the waters.
Another followup brought out the point that in a few years individuals should be able to make DVDs of material for which they own the copyright. Excellent point... the whole "copy control" agenda of the industry is flawed. I shouldn't need to pay a piracy tax for blank digial media. That South Park episode keeps coming to mind: We are above the law! (Said by a media exec applies spooge to hair as he proceeds to steal from the original artist.)
But so long as it's realistic for the mass media to emphasize goals of illegal copying, they will do so. Hence my comment: if that's what you're after, go away. We never wanted you.
I've actually corresponded with a NYT journalist on the issue of their parroting the MPAA position. No satisfaction; not that the NYT has ever addressed points of view which were too uncomfortable to the rich'n'powerful.
There was a comment that several of the legal briefs filed by EFF acknowledged copying as one use of the software. (They talk about "copying and viewing".) Since that's all that the DVD CCA talks about, it comes across as one of the few "agreed-upon facts".
The "viewing" bit comes out, if at all, as an unfounded asserttion by the defense... which by that time (in all articles I've read) has already been painted using the DVD CCA (or MPAA) brush, as "hackers". And we all know hackers are just evil punks, kids with no moral character, like that Norwegian kid they threw into the slammer for hacking the same stuff, right? After all, that's what these same media have been telling the world for several years.
I'm sure that comes across as a travesty to many of you, as it does to me.
I can't see much we can do... except that those who really do talk about copying should just shut up, since you're ruining it for the rest of us. (You do exist, yes.) The community should try to talk about its issue as "viewing".
At some level every minority community, like "hackers" (in the best sense) gets to deal with the opression of the majority. It's not always just. In the US, there still isn't equal opportunity, though it seems to be improving.
The other general issue is that most large media outlets have gotten quite accustomed to accepting the spin that other folk put on stories, without any real journalism. Look at the whole "Drug Prohibition War" deal, and the recent stories about payola for propaganda in mainstream media.
Good journalism would be a fix for this, but it's becoming less and less possible in mass media. And media like 2600.com don't get respect, particularly when they're (sort of) enjoined as actors in the case.
That's partially right, namely about that future being envisioned: cut the bloat associated with needing to handle any old garbage that shows up at the client.
But it's also wrong. Extensibility is the "X" of XML; XHTML added nothing to XML's extensibility. Except to standardize one more 'vocabulary' of elements and attributes. That's useful; everyone knows the HTML vocabulary.
The idea is pretty much like this. XHTML 1.0 has defined the vocabulary of HTML (tags and attributes), and its namespace. An upcoming version (XHTML 1.1 is its current codename:-) will modularize that, so you can have a "text" module or a "table" module or a "list" module.
So that when you need to define a custom XML document type to fit into some custom application, with PDAs and cell phones being the classic examples, you can pick and choose: Text and lists may be plenty, you don't need bibliographic citations or definitions. BUT you do need your own particular biz-to-biz vocabulary addition; maybe you're providing catalog entries, and the descriptions are simple text but there's all sorts of ways to define fields to describe pricing options, ordering, stocking, etc.
Or another way to look at it: you're going to be able to throw away HTML tags you don't need, and use only the ones you care about when you create new kinds of documents.
That's one hundred and eighty degrees away from the "extend HTML" model. It's a new model for how information will show up, as part of the "semantic web".
Unless you've got an ancient browser, like IE2 or NN2, any web site's XHTML will work as well in your "existing" browser as HTML would... if it looks at it as HTML, which it probably will. The HTML spec always allowed lowercase tags, and almost all tags allow the matching end tags (which XHTML now requires).
The "really ancient browsers" incompatibility relates to empty tags like "br", "hr", "link", and so on... if the browser is that old, it probably doesn't understand the notational convention of "<br/>" (space before the regular XML empty element terminator -- hope that shows up!).
The reason for XHTML is so that tools have a more solid target than HTML can ever be. It's easy to get a good XML parser nowadays, and validators are getting more common (especially for Java programmers). That means that generating valid XHTML is something any tool can realistically do, so the bizarre hacks can start to fade away over time. Not quickly enough for me, probably. Browser bloat is with us for a long time.
Best possible result: enough XHTML starts to show up that people start discarding all those really ancient browsers. NN3 is current enough, but designing a website to deal with older code is just plain awful.
From the POLITECH mailing list... looks like the MPAA have themselves a "hangin' judge" and know it.
Date: Thu, 20 Jan 2000 20:14:40 -0500 To: declan@well.com From: John Young Subject: NY Court Grants MPAA Preliminary Injunction
Federal Judge Lewis Kaplan today granted a preliminary injunction against three defendants sued by the Motion Picture Association of American for offering the DeCSS DVD descrambling program on the Internet.
At a three-hour preliminary hearing today in the Southern District of New York, arguments were presented for MPAA by its counsel, Proskauer Rose, and for the defendants, Shawn Reimerdes, Roman Kazan, and Edwin Corley a/k/a Emmanuel Goldstein, by the Electronic Frontier Foundation and Attorney Katz. EFF's attorneys, Robing Gross and Allon Levy, participated from its California offices by way of teleconference.
Judge Kaplan rejected every argument, point by point, made by the defendants and firmly endorsed, point by point, the claims of MPAA made under provisions of the Digital Millennium Copyright Act (DMCA) for protecting intellectual property.
A clear link with made by this federal case with the California case by the plaintiffs and Judge Kaplan. MPAA counsel argued that the suit was reluctantly filed in response to widespread, global posting of DeCSS in response to the California suit. The judge agreed that this backlash warranted a preliminary injunction to prevent "irreparable harm" to the copyright holders, among other justifications which he elaborated in a lengthy statement on the case, its opposing arguments and law governing copyright and the First Amendment.
Judge Kaplan will issue a final written version of his statment and order early next week. Upon completion of his verbal statement he signed and presented to counsel his order for the preliminary injunction.
Defendants Reimerdes and Kazan were present during the hearing, Corely was not.
Judge Kaplan offered a speedy trial for the suit, "as early as next Tuesday if you want it," he said to MPAA counsel. "I would like this tried as soon as possible. I offer you a runaway train if that's what you want. My schedule is clear for this."
Defendants' counsel requested a delay and the judge agreed to accept an application for an alternate date.
During the hearing it became clear which way the judge would rule. He repeatedly urged defense attorneys to get on with their argument, hectored them and lectured them on the law. He had earlier refused an adjournment in the hearing to allow the defense more time to prepare responses to the suit.
Defense papers of Roman Kazan apparently were not properly submitted to the court in time to be considered. Judge Kaplan refused to allow late submission and dismissed the need for more time, saying, "these rapid schedules are customary in preliminary injunction cases, there was plenty of time to respond. I am obliged to rule on what the court has."
Judge Kaplan stated there was a clear intent to break the law as indicated by vulgar remarks on Reimerdes' Web site. For emphasis on this point he repeated them as if with distaste on three occasions during the hearing: "the DVD CAA lawyers are cocksuckers."
There was a single reporter was at the hearing in Judge Kaplan's chambers, Jeff Howe with the Village Voice, two observers from Cryptome, and the MPAA public relations representative, Ken
Frydman, who distributed a pre-prepared victory statement from Jack Valenti, President and CEO of MPAA:
"Judge Kaplan's ruling represents a great victory for creative artists and consumers everywhere. I think this serves as a wake-up call to anyone who contemplates stealing intellectual property."
Cryptome asked Judge Kaplan after the hearing if he would answer questions. He said he does not speak to the press. We couldn't explain that's not us.
We asked chief attorney for MPAA, Jon Baumgarten of Proskauer Rose, for comments. He said no, statements will have to come from MPAA public relations and that he would be briefing that office shortly.
We spoke with Shawn Reimerdes and Roman Kazan about their views of the hearing. What they said is what Jeff Howe will tell in another forum, tomorrow I believe.
The interesting bit seems to be reorganizing some of the task structure so it's cache-friendly in one stress case. OK, that's healthy. Applause; it'll create some breathing room in systems overloaded in that way.
But that doesn't really look at the hard issues. There was handwaving about multi-level thread models; good thing there was a ref to Solaris threads there, which has had that for over six years now. That "many to many" threading stuff is also called "two level scheduling", which can be nice (cheap to switch between user mode threads, like Green threads) but isn't always good (excess kernel interactions on thread wakeups).
If this is the start of ongoing work at IBM, I'll be pleased. Not many Linux folk have access to the sort of measurement tech IBM applied here. But don't overrate this specific contribution; take the cache-line patch (assuming it doesn't slow anything else up) and move to the next problem.
Volano, for all the press it gets, isn't a very good benchmark.
First, Slashdotters should realize that key management is basically a harder, and more important, problem than the cryptography itself. More "secure systems" get broken because of bad key management than because the ciphers get cracked. A PKI module that can do good key management, and can get a decent user interface so that users don't screw it up, is worth more in the long term than access to the RSA algorithm.
That said, it sure sounds like this PKI is focussed on the nasty X.509 style PKI that's basically a support infrastructure for old style centralized security systems. Verisign, DoD, and so on. I'll be glad when PGP/GPG style web of trust gets direct support.
Second, there was some gnashing of teeth here that SSL won't be in Mozilla. Justly so. But hey, there's really no problem... just don't confuse "SSL" with "RSA Encryption and Signatures". They really aren't the same... even though with Verisign buying out Thawte (maybe), it looks like the main signer of non-RSA certs may have been co-opted. (Sigh; I really want freedom of choice for public key algorithms, particularly now that TWINKLE makes RSA look weaker and weaker.)
With the new US regulations, folk could incorporate a version of the OpenSSL toolkit, sans RSA support. (And at about 12:01am on September 20, check the RSA support into CVS.)
The patent-free flavors of SSL use algorithms much like those used by GPG. There is a public key signature algorithm (DSS/DSA), a key exchange algorithm (Diffie-Hellman), and various flavors of DES (and Triple-DES) for bulk data encryption. OpenSSL includes support for Blowfish (way faster) and other patent-free ciphers, as well as TLS (a somewhat more secure SSL that mandates patent-free encryption options; it's the IETF standard). There's a recent IETF draft showing how to incorporate OpenPGP keys and ciphers (such as CAST128) into TLS.
Third, please don't get hung up on RSA. Everyone's security will be better when there's a choice of public key algorithms for use in authentication and encryption. OpenPGP (such as GPG), SSL, and TLS can all be used just fine without anyone having to get a wedgie about RSA (or deal with their nasty lawyers -- give me a normal lawyer any day).
In short: there's a lot of good news here, and if you want it, this is sufficient to move a good SSL into Mozilla right away. Whatever you do, don't let the licensing agreements that Sun, Netscape, and so on have with RSA force you to hold off till you can use that particular public key algorithm.
Duh. Of course the NSA wants to analyse Linux and know about any backdoors there; how else will it take advantage of them?
... no wait, you were talking about adding backdoors? Never mind.;-)
By the way... You may not know that the NSA has a research arm that's distinct from its SIGINT operations (and export control operations, and secure network operations, and...). One of their ongoing problems has been to get "Commercial, off-the-shelf" (COTS) software to be good enough for use in sensitive systems. Commercial vendors have been unable to meet those requirements, since the market they'd hit is too miniscule. "Trusted Solaris" and so on; always multiple revs behind. And almost always pains in the behind to administer.
Another possible scenario is that the face value here is the right one: they want to see some standard Linux distributions get hardened, so that some real administrators will identify the problems so they can get fixed. And so the government can use more current technology in those sensitive systems ! They've been getting too far behind, and needing training that's too specialized. Linux would seem to have the potential of hosting a great fix!
That actual draft isn't wholly comprehensible without reference to current revisions of EAR and of the Wassenaar agreement, but parts of it sure sound good... if I make assumptions about those other documents. The DOC summary of the draft is readable, though one hopes this isn't another case of the big print giveth, and the fine print taketh away (as my dad used to say:-).
There are still words about those familiar nasty restrictions to 56 bit symmetric ciphers and 512 bit keys. Due to those reference to other documents, I might be wrong... but it sure seems to me that an exportable US Linux distribution is still stuck with miniature key sizes. Please show us I'm wrong about that!!
The agenda of export control is actually far more relevant to a distribution of, say, RedHat than to a source distribution (open or otherwise). The reason is that when the norm becomes "strong" crypto, cipher-cracking operations (Echelon and its more secret siblings) don't work any more. And there really aren't that many people who will be compiling those open source products, or installing them correctly and on systems which have been adequately hardened. The way that the norm changes is when OS distributions and their applications "norm"ally are strong, and that does not appear to be changing.
So while we can/should applaud the good words re open source (yay!), let's not forget that the real battle is about regaining our personal freedoms, not just for Open Source. We need to see restrictions on binary products go away too.
vigalantes... Jim Crow era... OJ... nullification... substitute bigotry...
Spoken like a true believer that a 100% white jury, in a majority black community, could ever be just. That's what was going on in those Jim Crow juries. Get just one black person on the jury, and there's no acquittal of a racist murder, no Good Ole' Boys covering for each other. The judges and lawyers were in on that game, big time. Just like the first Rodney King trial, showing why Federal civil rights laws are still needed.
LAPD... gee, aren't they the police department that's turned up at least two departments so corrupt that convictions are getting overturned on a wholesale basis? Seems corruption has been so common there that they forgot how to handle evidence legally; you imply that wasn't a major issue at the OJ trial. Hmm. It's true, if OJ had been a poor black person, conviction would have been assured. I always felt that trial's outcome was a testament to how badly LAPD handled that case; I can't say they convinced me to the level I'd have voted a conviction, either.
Rodney King was poor and black; damn good thing there was a video recorder running. Didn't you love that "jury of peers" in that first trial, too?
Jurors... are infallible because they're final...
I'm not Catholic, I don't understand the notion of infallibility. But it wouldn't apply there anyway, since there's only supposed to be one infallible male (elected in a strange manner by fallible ones) at a time; not enough to create a jury with, and it wouldn't have any peers of most defendants, either.
Justice is a system, and when the ground rules (laws) are unjust, the system is too. And fallibility is part of life, which is why I don't like final solutions. (Texas should slow down with those death penalties, or at least make them apply in a way that's neutral with respect to race and to gender.)
But of course, the point about nullification was nothing beyond an example. My basic point was that bad laws have been causing people, very appropriately, to lose faith in law as an instrument of justice. There are plenty of illustrations in the context of patent law, copyright law, and so on.
In the 1960s in the US, society seemed to have largely grown beyond that "my country, right or wrong" attitude... to an understanding that not only is the country not the same as its government, but that the government is still supposed to serve the country (people), and not the other way around.
Serving law, rather than justice, is the problem. By placing law above justice, you are making the problem worse... or perhaps denying that a problem exists. (I assume there was a relationship to techies... somewhere... in your post.)
It was credit card companies pushing SET, and the reason they failed to succeed was important (I think).
Nobody had real incentives to adopt SET.
You paid more to deploy it, and that was on top of the substantial aggravation to even try to get it going. You had little choice of suppliers (vs a dozen or more suppliers of SSL enabled web servers, on most any hardware you cared to mention), it cost two or three orders of magnitude more, and sacrificed almost all of the flexibility that enabled companies to construct innovative E-Commerce websites (the kind people wanted to use). Oh, and did I mention that it never seemed ready for real deployment? And worst of all, SET wouldn't work on most web browsers so you'd lose most of your potential customers right off the bat. Needed a "wallet", and let's defer talking about the security nightmares they involve... right where they'll scare a user away from a purchase. Deploy software that complex on a global scale? No thanks, I'll pick the simple known-to-work solution.
The problem with SET is that it was too complicated to adopt. It was never a real option. As a "top down and centralized" solution, it was also completely contrary to the "bottom up, grass-roots" genesis of the web that we know today. And the perceived threat wasn't a new one; it's one that everyone dealt with already, quite effectively. There was no clear need for new technology; if you give a phone to a waiter at a sub-minimum wage, and to a telesales agent on the phone, why not to a website?
Yes, something like SET might have made this particular problem go away. But then, so do some incredibly basic security precautions... this is a case, from what facts have come to light thus far, where stupidity explains everything.
Point being: employees shouldn't pay out of their own pockets for working in the ways suggested/encouraged by their employers. (Coulda been written more clearly, true!)
Absurd?
Yep, and typical of most of the concerns I see posted. Exactly why is it that people think neither individuals nor corporations should be accoutable for their own stupidity? I refuse to accept that public policy ought to be based on the premise that nobody be responsible for themselves.
Of course, broken legs are covered by health insurance as a fairly basic thing, but that's nothing to do with a lawsuit unless the insurance doesn't pay.
Actually, no I don't. The law was served; not justice. They're quite distinct.
Socrates basically acknowledged the charges against him, and was quite content with dying. (Athens decided not to support him as a public benefactor, and at an impoverished 70+, what was he going to do?)
Those charges basically amounted to teaching people to use their minds. Always a dangerous thing. Particularly given the political undercurrents. (Current rulers of Athens basically wanted him to skip town.)
As a major character in Greek society, it was a choice between repudiating his life and everything he stood for, or finding some better way to deal with a lynch mob intent on ridding themselves of an impoverished old man who espoused uncomfortable notions. In such a case, I too might decide that death, and as it turned out martyrdom, was personally appropriate.
Slashdot Mirror
There are actually two significant GPL'd Java implementations, so whatever "ownership" Sun has should be less of a concern. GCJ is one, on track to be in GCC 3.0 or maybe even GCC 2.95.next; and Kaffe is very well established.
But AWT support is mostly lacking, there. Having Gnome accessible from Java is a big deal, and is likely going to be the site of future major fights. I mean, nobody implemented a cleanroom Swing (over a cleanroom AWT); and who would want to? Do a good API to Gnome instead. Swing has major virtues, but from the perspective of Free Software it's a major downer -- too much code, too much history, too much corporate control.
It'll be really interesting to see how supportive Sun is of GPL'd Java working in the Gnome environment. I suspect that if the community develops, it'll either be using GPL'd Swing (from Sun) or Gnome-from-Java.
The public has overreacted, but the RIAA started the war.
In what way is this not a wholly reasonable response to the problem? Let's say this alleged overreaction causes half the RIAA companies to go bankrupt next year -- not that there's a snowball's chance of that happening. (Except as a legal shell game to transfer wealth.) Will they have lost more than the "Big Five" have stolen from the public in the last few years?
Remember what fraction of a dollar a CD costs to manufacture, how much you pay, and how little goes either to the artist or to the CD manufacturer. Integrate over time.
Would those RIAA companies' bankruptcy at the hands of Napster really make up for the way that industry has been jacking up prices ... forever?
We shouldn't let FTC's price-fixing decision against the recording industry go forgotten, either. They got off with a real wrist slap, but still paid most of a billion bucks ... to who? How? Lawyers I guess. Maybe a better judgement would have been that they have to let Napster work its future out unimpeded.
Or: Imagine patenting RSA.
The role of lawyers in corporations today is unfortunately too much focussed on making legal behaviors (free speech not the least) become very expensive ... you have to pay for your free speech, big time.
In the case of RSA, the US Govt applied this knowledge in two basic ways to slow down the spread of cryptographic technology ... likely a better approach than the media monopolies took, but I hope they don't find a way to do the same:
What it's really going to come down to is that the US government has to decide whether it wants its accomodation with media organizations to be more like that between governments (which let themselves curtail fundamental human rights because they're the cops, and dammit they don't like "those kind of people" at all) ... or instead to be like it's supposed to be, where individual rights are more than hot air.
The thing to really watch out for is when the Executive or Legislative branches start getting in bed with the multinationals. Oh wait ... that's like the DMCA helping Disney or Warner, isn't it? Or the office of Drug Policy engaging in media payola to get propaganda out, closly in cahoots with private organizations that gain financially by continuing the current generation's major Prohibition?
The Legislative and Executive branches have too many ways to prevent the courts from seeing their non-constitutional acts. And what we need to see, but won't, is the Judicial system ripping new orifices into those other branches for pulling so much crap.
Well, they are helping in the kernel.
I think it's rather healthy that they're starting to help the majority of the system which lives outside the kernel. There's way too much attention on the kernel; way way way way way way too much. It's important, but it doesn't exactly do anything by itself.
I'm not sure it's better, given that it makes it easier to overturn it while leaving the DMCA constitutionality issues unaddressed.
Of course there's enough here to be outraged about, maybe it'd just be greedy to pick on DMCA as the most important principle. After all, I'm recalling the first news here on this topic, where from the very first it was apparent that Kaplan was a "hanging judge".
Why would you ever think that it hasn't?
Of course it has. Licensing commercial entities to bypass the Bill of Rights, and then granting Law Enforcement the ability to access such "public" information, is part of a strategy to bypass constitutional protections which limit police powers.
After all, the US Constitution only applies to restrict the actions of certain governments. If the Feds can't do it, get the states to; if the states can't, get the feds or a private corporation to do it; if all else fails, rely on "anonymous" tips (that is, do the illegal wiretaps, as in the decades-long illegal wiretap system in Los Angeles). Any surveillance target that complains has clearly got something to hide, and likely less money than any govt or corporation to throw into the legal system ...
The US has police state tendancies, which are increasingly showing clear and strong. J. Edgar Freeh is watching, be careful.
didn't it say damages were yet to be awarded?
the interesting judgement would be to conclude (fact of law) that while MP3.com did something wrong, that since no harm was done (no CD sale was lost by action of MP3.com), no damages are due.
that'd be justice: all wrongs made right, and yet not endorsing further extortion by the record industries.
Of course, we'll see how the other circuits treat this ruling.
The new crypto regulations had to happen first, you'll notice ...
Who cares if they're in place when they work so poorly as they do?
Look at drug prohibition, for example. Started as a racist gig -- instead of fighting the black people directly, just force them all to be criminals -- and who's out there fighting against that injustice? Hmm. Anyone who does, swiftly gets branded a criminal. Or a joke. Many of us remember when the word "hacker" was primarily praise.
Is there a ray of light coming from the Internet? Perhaps. It's a good lever for the best our society has to offer, not just the worst.
The official site is the Java section of sourceware, and there is a recent news update. It compiles source or class files to native code, and the CNI interface is basically C++ calling; so it's set up to be fast, and in fact has been fast, on the software I've managed to get running there.
Briefly, it's bleeding edge; one looks forward to the next GCC release. I don't know how the very latest snapshots go, but it's been ages since I've gotten one that even compiles smoothly (on Redhat 6.0, very standard).
Significant missing features include the ability to parse JDK 1.1 "inner classes" from Java source. It's coming, but not there yet, and the workaround is just to use a JDK compiler and compile from classfiles.
And as for applying this particular signed code architecture (the one in the book, remember what the alleged topic of this thread is? :-) ... it's a ways off, I'd say. Clearly there'll be some good potential for open source hacking there, both to get the crypto parts going (let's really bang on that new BigInteger code!) and to make sure all the other parts of the runtime interact appropriately. Hard work.
Let's see, are Solaris, HP/UX, AIX, and so on shipping with GTK, QT, etc? How about the existing X11 app vendors ... are they converting?
That's not a point in technical favor of Motif, may it die ASAP and rot away quickly. It's the point that CDE (gag) and Motif (where's that bucket?) got strongarmed into a position of commercial prominance (remember "Oppose Sun Forever") as a political manoeuver. As a pure power play, it worked -- OpenLook never caught on in a big way. Technically, Motif still sucks as much as it ever did.
We just wish CDE and Motif would die quickly.
Poll: Would you rather see libXt or Jar-Jar Binks die a grisly death? ;-)
Right, there are legal uses of copying. I wasn't clear enough, then: it's the illegal copying I'm concerned about, though secondarily I also believe that discussing legal copying just muddies the waters.
Another followup brought out the point that in a few years individuals should be able to make DVDs of material for which they own the copyright. Excellent point ... the whole "copy control" agenda of the industry is flawed. I shouldn't need to pay a piracy tax for blank digial media. That South Park episode keeps coming to mind: We are above the law! (Said by a media exec applies spooge to hair as he proceeds to steal from the original artist.)
But so long as it's realistic for the mass media to emphasize goals of illegal copying, they will do so. Hence my comment: if that's what you're after, go away. We never wanted you.
I've actually corresponded with a NYT journalist on the issue of their parroting the MPAA position. No satisfaction; not that the NYT has ever addressed points of view which were too uncomfortable to the rich'n'powerful.
There was a comment that several of the legal briefs filed by EFF acknowledged copying as one use of the software. (They talk about "copying and viewing".) Since that's all that the DVD CCA talks about, it comes across as one of the few "agreed-upon facts".
The "viewing" bit comes out, if at all, as an unfounded asserttion by the defense ... which by that time (in all articles I've read) has already been painted using the DVD CCA (or MPAA) brush, as "hackers". And we all know hackers are just evil punks, kids with no moral character, like that Norwegian kid they threw into the slammer for hacking the same stuff, right? After all, that's what these same media have been telling the world for several years.
I'm sure that comes across as a travesty to many of you, as it does to me.
I can't see much we can do ... except that those who really do talk about copying should just shut up, since you're ruining it for the rest of us. (You do exist, yes.) The community should try to talk about its issue as "viewing".
At some level every minority community, like "hackers" (in the best sense) gets to deal with the opression of the majority. It's not always just. In the US, there still isn't equal opportunity, though it seems to be improving.
The other general issue is that most large media outlets have gotten quite accustomed to accepting the spin that other folk put on stories, without any real journalism. Look at the whole "Drug Prohibition War" deal, and the recent stories about payola for propaganda in mainstream media.
Good journalism would be a fix for this, but it's becoming less and less possible in mass media. And media like 2600.com don't get respect, particularly when they're (sort of) enjoined as actors in the case.
That's partially right, namely about that future being envisioned: cut the bloat associated with needing to handle any old garbage that shows up at the client.
But it's also wrong. Extensibility is the "X" of XML; XHTML added nothing to XML's extensibility. Except to standardize one more 'vocabulary' of elements and attributes. That's useful; everyone knows the HTML vocabulary.
The idea is pretty much like this. XHTML 1.0 has defined the vocabulary of HTML (tags and attributes), and its namespace. An upcoming version (XHTML 1.1 is its current codename :-) will modularize that, so you can have a "text" module or a "table" module or a "list" module.
So that when you need to define a custom XML document type to fit into some custom application, with PDAs and cell phones being the classic examples, you can pick and choose: Text and lists may be plenty, you don't need bibliographic citations or definitions. BUT you do need your own particular biz-to-biz vocabulary addition; maybe you're providing catalog entries, and the descriptions are simple text but there's all sorts of ways to define fields to describe pricing options, ordering, stocking, etc.
Or another way to look at it: you're going to be able to throw away HTML tags you don't need, and use only the ones you care about when you create new kinds of documents.
That's one hundred and eighty degrees away from the "extend HTML" model. It's a new model for how information will show up, as part of the "semantic web".
Unless you've got an ancient browser, like IE2 or NN2, any web site's XHTML will work as well in your "existing" browser as HTML would ... if it looks at it as HTML, which it probably will. The HTML spec always allowed lowercase tags, and almost all tags allow the matching end tags (which XHTML now requires).
The "really ancient browsers" incompatibility relates to empty tags like "br", "hr", "link", and so on ... if the browser is that old, it probably doesn't understand the notational convention of "<br />" (space before the regular XML empty element terminator -- hope that shows up!).
The reason for XHTML is so that tools have a more solid target than HTML can ever be. It's easy to get a good XML parser nowadays, and validators are getting more common (especially for Java programmers). That means that generating valid XHTML is something any tool can realistically do, so the bizarre hacks can start to fade away over time. Not quickly enough for me, probably. Browser bloat is with us for a long time.
Best possible result: enough XHTML starts to show up that people start discarding all those really ancient browsers. NN3 is current enough, but designing a website to deal with older code is just plain awful.
EFF got its start defending SJG...
That's a bit of an overstatement, but the early history of the EFF may be of interest to some folk.
Also, EFF can always use donations.
From the POLITECH mailing list ... looks like the MPAA have themselves a "hangin' judge" and know it.
Date: Thu, 20 Jan 2000 20:14:40 -0500
To: declan@well.com
From: John Young
Subject: NY Court Grants MPAA Preliminary Injunction
Federal Judge Lewis Kaplan today granted a preliminary injunction against three defendants sued by the Motion Picture Association of American for offering the DeCSS DVD descrambling program on the Internet.
At a three-hour preliminary hearing today in the Southern District of New York, arguments were presented for MPAA by its counsel, Proskauer Rose, and for the defendants, Shawn Reimerdes, Roman Kazan, and Edwin Corley a/k/a Emmanuel Goldstein, by the Electronic Frontier Foundation and Attorney Katz. EFF's attorneys, Robing Gross and Allon Levy, participated from its California offices by way of teleconference.
Judge Kaplan rejected every argument, point by point, made by the defendants and firmly endorsed, point by point, the claims of MPAA made under provisions of the Digital Millennium Copyright Act (DMCA) for protecting intellectual property.
A clear link with made by this federal case with the California case by the plaintiffs and Judge Kaplan. MPAA counsel argued that the suit was reluctantly filed in response to widespread, global posting of DeCSS in response to the California suit. The judge agreed that this backlash warranted a preliminary injunction to prevent "irreparable harm" to the copyright holders, among other justifications which he elaborated in a lengthy statement on the case, its opposing arguments and law governing copyright and the First Amendment.
Judge Kaplan will issue a final written version of his statment and order early next week. Upon completion of his verbal statement he signed and presented to counsel his order for the preliminary injunction.
Defendants Reimerdes and Kazan were present during the hearing, Corely was not.
Judge Kaplan offered a speedy trial for the suit, "as early as next Tuesday if you want it," he said to MPAA counsel. "I would like this tried as soon as possible. I offer you a runaway train if that's what you want. My schedule is clear for this."
Defendants' counsel requested a delay and the judge agreed to accept an application for an alternate date.
During the hearing it became clear which way the judge would rule. He repeatedly urged defense attorneys to get on with their argument, hectored them and lectured them on the law. He had earlier refused an adjournment in the hearing to allow the defense more time to prepare responses to the suit.
Defense papers of Roman Kazan apparently were not properly submitted to the court in time to be considered. Judge Kaplan refused to allow late submission and dismissed the need for more time, saying, "these rapid schedules are customary in preliminary injunction cases, there was plenty of time to respond. I am obliged to rule on what the court has."
Judge Kaplan stated there was a clear intent to break the law as indicated by vulgar remarks on Reimerdes' Web site. For emphasis on this point he repeated them as if with distaste on three occasions during the hearing: "the DVD CAA lawyers are cocksuckers."
There was a single reporter was at the hearing in Judge Kaplan's chambers, Jeff Howe with the Village Voice, two observers from Cryptome, and the MPAA public relations representative, Ken
Frydman, who distributed a pre-prepared victory statement from Jack Valenti, President and CEO of MPAA:
"Judge Kaplan's ruling represents a great victory for creative artists and consumers everywhere. I think this serves as a wake-up call to anyone who contemplates stealing intellectual property."
Cryptome asked Judge Kaplan after the hearing if he would answer questions. He said he does not speak to the press. We couldn't explain that's not us.
We asked chief attorney for MPAA, Jon Baumgarten of Proskauer Rose, for comments. He said no, statements will have to come from MPAA public relations and that he would be briefing that office shortly.
We spoke with Shawn Reimerdes and Roman Kazan about their views of the hearing. What they said is what Jeff Howe will tell in another forum, tomorrow I believe.
The interesting bit seems to be reorganizing some of the task structure so it's cache-friendly in one stress case. OK, that's healthy. Applause; it'll create some breathing room in systems overloaded in that way.
But that doesn't really look at the hard issues. There was handwaving about multi-level thread models; good thing there was a ref to Solaris threads there, which has had that for over six years now. That "many to many" threading stuff is also called "two level scheduling", which can be nice (cheap to switch between user mode threads, like Green threads) but isn't always good (excess kernel interactions on thread wakeups).
If this is the start of ongoing work at IBM, I'll be pleased. Not many Linux folk have access to the sort of measurement tech IBM applied here. But don't overrate this specific contribution; take the cache-line patch (assuming it doesn't slow anything else up) and move to the next problem.
Volano, for all the press it gets, isn't a very good benchmark.
First, Slashdotters should realize that key management is basically a harder, and more important, problem than the cryptography itself. More "secure systems" get broken because of bad key management than because the ciphers get cracked. A PKI module that can do good key management, and can get a decent user interface so that users don't screw it up, is worth more in the long term than access to the RSA algorithm.
That said, it sure sounds like this PKI is focussed on the nasty X.509 style PKI that's basically a support infrastructure for old style centralized security systems. Verisign, DoD, and so on. I'll be glad when PGP/GPG style web of trust gets direct support.
Second, there was some gnashing of teeth here that SSL won't be in Mozilla. Justly so. But hey, there's really no problem ... just don't confuse "SSL" with "RSA Encryption and Signatures". They really aren't the same ... even though with Verisign buying out Thawte (maybe), it looks like the main signer of non-RSA certs may have been co-opted. (Sigh; I really want freedom of choice for public key algorithms, particularly now that TWINKLE makes RSA look weaker and weaker.)
With the new US regulations, folk could incorporate a version of the OpenSSL toolkit, sans RSA support. (And at about 12:01am on September 20, check the RSA support into CVS.)
The patent-free flavors of SSL use algorithms much like those used by GPG. There is a public key signature algorithm (DSS/DSA), a key exchange algorithm (Diffie-Hellman), and various flavors of DES (and Triple-DES) for bulk data encryption. OpenSSL includes support for Blowfish (way faster) and other patent-free ciphers, as well as TLS (a somewhat more secure SSL that mandates patent-free encryption options; it's the IETF standard). There's a recent IETF draft showing how to incorporate OpenPGP keys and ciphers (such as CAST128) into TLS.
Third, please don't get hung up on RSA. Everyone's security will be better when there's a choice of public key algorithms for use in authentication and encryption. OpenPGP (such as GPG), SSL, and TLS can all be used just fine without anyone having to get a wedgie about RSA (or deal with their nasty lawyers -- give me a normal lawyer any day).
In short: there's a lot of good news here, and if you want it, this is sufficient to move a good SSL into Mozilla right away. Whatever you do, don't let the licensing agreements that Sun, Netscape, and so on have with RSA force you to hold off till you can use that particular public key algorithm.
Duh. Of course the NSA wants to analyse Linux and know about any backdoors there; how else will it take advantage of them?
By the way ... You may not know that the NSA has a research arm that's distinct from its SIGINT operations (and export control operations, and secure network operations, and ...). One of their ongoing problems has been to get "Commercial, off-the-shelf" (COTS) software to be good enough for use in sensitive systems. Commercial vendors have been unable to meet those requirements, since the market they'd hit is too miniscule. "Trusted Solaris" and so on; always multiple revs behind. And almost always pains in the behind to administer.
Another possible scenario is that the face value here is the right one: they want to see some standard Linux distributions get hardened, so that some real administrators will identify the problems so they can get fixed. And so the government can use more current technology in those sensitive systems ! They've been getting too far behind, and needing training that's too specialized. Linux would seem to have the potential of hosting a great fix!
That actual draft isn't wholly comprehensible without reference to current revisions of EAR and of the Wassenaar agreement, but parts of it sure sound good ... if I make assumptions about those other documents. The DOC summary of the draft is readable, though one hopes this isn't another case of the big print giveth, and the fine print taketh away (as my dad used to say :-).
There are still words about those familiar nasty restrictions to 56 bit symmetric ciphers and 512 bit keys. Due to those reference to other documents, I might be wrong ... but it sure seems to me that an exportable US Linux distribution is still stuck with miniature key sizes. Please show us I'm wrong about that!!
The agenda of export control is actually far more relevant to a distribution of, say, RedHat than to a source distribution (open or otherwise). The reason is that when the norm becomes "strong" crypto, cipher-cracking operations (Echelon and its more secret siblings) don't work any more. And there really aren't that many people who will be compiling those open source products, or installing them correctly and on systems which have been adequately hardened. The way that the norm changes is when OS distributions and their applications "norm"ally are strong, and that does not appear to be changing.
So while we can/should applaud the good words re open source (yay!), let's not forget that the real battle is about regaining our personal freedoms, not just for Open Source. We need to see restrictions on binary products go away too.
Spoken like a true believer that a 100% white jury, in a majority black community, could ever be just. That's what was going on in those Jim Crow juries. Get just one black person on the jury, and there's no acquittal of a racist murder, no Good Ole' Boys covering for each other. The judges and lawyers were in on that game, big time. Just like the first Rodney King trial, showing why Federal civil rights laws are still needed.
LAPD ... gee, aren't they the police department that's turned up at least two departments so corrupt that convictions are getting overturned on a wholesale basis? Seems corruption has been so common there that they forgot how to handle evidence legally; you imply that wasn't a major issue at the OJ trial. Hmm. It's true, if OJ had been a poor black person, conviction would have been assured. I always felt that trial's outcome was a testament to how badly LAPD handled that case; I can't say they convinced me to the level I'd have voted a conviction, either.
Rodney King was poor and black; damn good thing there was a video recorder running. Didn't you love that "jury of peers" in that first trial, too?
I'm not Catholic, I don't understand the notion of infallibility. But it wouldn't apply there anyway, since there's only supposed to be one infallible male (elected in a strange manner by fallible ones) at a time; not enough to create a jury with, and it wouldn't have any peers of most defendants, either.
Justice is a system, and when the ground rules (laws) are unjust, the system is too. And fallibility is part of life, which is why I don't like final solutions. (Texas should slow down with those death penalties, or at least make them apply in a way that's neutral with respect to race and to gender.)
But of course, the point about nullification was nothing beyond an example. My basic point was that bad laws have been causing people, very appropriately, to lose faith in law as an instrument of justice. There are plenty of illustrations in the context of patent law, copyright law, and so on.
In the 1960s in the US, society seemed to have largely grown beyond that "my country, right or wrong" attitude ... to an understanding that not only is the country not the same as its government, but that the government is still supposed to serve the country (people), and not the other way around.
Serving law, rather than justice, is the problem. By placing law above justice, you are making the problem worse ... or perhaps denying that a problem exists. (I assume there was a relationship to techies ... somewhere ... in your post.)
It was credit card companies pushing SET, and the reason they failed to succeed was important (I think).
Nobody had real incentives to adopt SET.
You paid more to deploy it, and that was on top of the substantial aggravation to even try to get it going. You had little choice of suppliers (vs a dozen or more suppliers of SSL enabled web servers, on most any hardware you cared to mention), it cost two or three orders of magnitude more, and sacrificed almost all of the flexibility that enabled companies to construct innovative E-Commerce websites (the kind people wanted to use). Oh, and did I mention that it never seemed ready for real deployment? And worst of all, SET wouldn't work on most web browsers so you'd lose most of your potential customers right off the bat. Needed a "wallet", and let's defer talking about the security nightmares they involve ... right where they'll scare a user away from a purchase. Deploy software that complex on a global scale? No thanks, I'll pick the simple known-to-work solution.
The problem with SET is that it was too complicated to adopt. It was never a real option. As a "top down and centralized" solution, it was also completely contrary to the "bottom up, grass-roots" genesis of the web that we know today. And the perceived threat wasn't a new one; it's one that everyone dealt with already, quite effectively. There was no clear need for new technology; if you give a phone to a waiter at a sub-minimum wage, and to a telesales agent on the phone, why not to a website?
Yes, something like SET might have made this particular problem go away. But then, so do some incredibly basic security precautions ... this is a case, from what facts have come to light thus far, where stupidity explains everything.
Point being: employees shouldn't pay out of their own pockets for working in the ways suggested/encouraged by their employers. (Coulda been written more clearly, true!)
Yep, and typical of most of the concerns I see posted. Exactly why is it that people think neither individuals nor corporations should be accoutable for their own stupidity? I refuse to accept that public policy ought to be based on the premise that nobody be responsible for themselves.
Of course, broken legs are covered by health insurance as a fairly basic thing, but that's nothing to do with a lawsuit unless the insurance doesn't pay.
Actually, no I don't. The law was served; not justice. They're quite distinct.
Socrates basically acknowledged the charges against him, and was quite content with dying. (Athens decided not to support him as a public benefactor, and at an impoverished 70+, what was he going to do?)
Those charges basically amounted to teaching people to use their minds. Always a dangerous thing. Particularly given the political undercurrents. (Current rulers of Athens basically wanted him to skip town.)
As a major character in Greek society, it was a choice between repudiating his life and everything he stood for, or finding some better way to deal with a lynch mob intent on ridding themselves of an impoverished old man who espoused uncomfortable notions. In such a case, I too might decide that death, and as it turned out martyrdom, was personally appropriate.