As right as you are on the issue of freedom to test for security issues, I really dislike your analogy. Like all analogies, it fails to capture the complexity of the situation. In your attempt to make an easily acceptable argument you have simplified the situation such that it is obsurd to consider any alternative to the conclusion you desire. Looking for security flaws is something we should all be free to do; if we are concerned with the security of a system, we should be free to test that system to determine its security. On the other hand, if we intend to defeat the security of that system and, in doing so, commit a crime, we should not be free to do so. Intent is a tricky thing to prove, and the act of security testing a system is often a private one. As such, often people with ill intent will not be detected and this gives rise to the absolutism that it is always acceptable to security test a system. To refer to your analogy of testing a bridge for stability, a concerned engineer who suspects the bridge might not be safe should clearly be free to test the bridge at his leisure, but someone who intends to blow the bridge up should not be free to test its stability. The concerned engineer can ensure all of his intent by declaring that he believes the bridge might not be safe, and should be tested, before actually performing the tests. Should the engineer be observed testing the stability of the bridge without first declaring his intentions, he cannot be surprised when his intentions are put under scrutiny.
Yep, because companies often pay people they've never met to come to their offices and explain things they don't wanna know and, by knowing, give them an obligation to spend money to fix. Happens all the time.
Here's an idea: how about entering into an agreement to look for vulnerabilities before you go looking for them? Obviously not a lot of use to you now, so how about you just pretend you don't know about this flaw you claim to know about and go get that agreement. If you can't get the agreement without revealing that you already know about a flaw, then you have no chance of getting paid anyway, so either anonymously inform them of your results or shut up about it already.
Sigh. No I'm not. Read what I fuckin' wrote. I'm not talking about distributing codecs - that's a copyright issue and you can never win on copyright issues. I'm talking about writing free implementations of those codecs. If you wrote the code, you're free to distribute it. The person who uses that code has the responsibility to go license the necessary patents, though.
Yes, that's what I said, you have to just not care about patents. They can try to sue you as much as they like, but if the code is out there they can't go after everyone. Sure, the people with deep pockets like Microsoft have to care about patents, but the authors of The Gimp sure don't. You just put a warning in the license agreement on startup "Note: users are required by law to obtain licenses for patents covering all technology contained in this program before use." The users then promptly ignore that warning and use the program anyway. The developers are no longer responsible, the users are too numerous and too low on funds to make adequate targets. This is how it has worked with the GIF patents and the MPEG patents for years. Get on with it.
Yes, true. It really does take effort to reverse engineer stuff, but that's the lot of those who care about interoperability. Ya gotta start somewhere. Samba wouldn't be here if people didn't at least try. Seems, these days, the only people doing reverse engineering for interoperability are the OpenBSD guys.
The Gimp has no problem opening and saving JPEGs but every day I hear another excuse why Totem can't play WMV / Quicktime files. I guess the difference is that someone, who didn't give a shit about patents, actually bothered to make a JPEG library.. but no-one has sat down and done the same for WMV or Quicktime or the dozen other "proprietary codecs". Now ESR is talking about working with Linspire to make it easy for Linux users to download codecs, for a fee. They're talking about putting an icon on the desktop, the user double clicks on it, a windows pops up asking for their credit card details (or whatever payment system will fly in your locale) and the codecs are downloaded and installed with no user intervention necessary. This is a great step forward compared to the hoops you have to jump through to get (unlicensed) codecs installed on Linux at the moment, but isn't it a step backwards? Wouldn't it be better to take the JPEG/GIF approach: write our own library and just ignore these people who claim we must license their patent?
Yep, it was the day you bought those yellow sunglasses. She knew a friend of yours and happened to mention you were hot but it is "just a shame he's gay." Your friend replied "huh? He's not gay, what made you think that?" It was then your girlfriend revealed that she just assumed you liked it from other guys: you have a Mac.
Hehe, believe it or not, Vista security is way better than XP. Of course, that's only true if you don't turn it off, and 99% of users will probably do that within the first 10 minutes as they discover that their favourite apps don't work on Vista and when they ask the vendor why the vendor says "just run this.reg file as Administrator and it'll work". Microsoft have broken the cardinal rule with Vista: backwards compatibility, and that's just on the 32 bit version, the 64 bit version is even worse. I guess we just have to wait and see if they pay for it or not.
Nah. You don't get it. The people buying shares in companies are looking for growth. If there's no growth, they make no profit. So how do you maintain consistent growth? It's not enough to keep your current customers happy, you have to get more customers, and to do that you have to play silly games like aquiring other companies and running advertising compaigns and blah blah blah. If you don't do all that crap people will sell their shares.. they can't afford to hold onto shares that are not increasing in value as fast as other shares, and without their money, you don't have a company.
Most companies have some MBA types sitting at the top working out how "the street" is going to respond to their every action and pushing that advice down the tree to tell developers what to do. As such, analysts (like this guy) are always trying to figure out what these MBA types are thinking, and why they are doing certain actions. This isn't how Google works. The developers are basically set free to do whatever the hell they want and they get rewarded when the company does well from it. Is it any surprise to find that the analysts are confused by Google?
Meh, I have 25 windows open just for GAIM
on
How Many Windows?
·
· Score: 1
I configure it to create a seperate window for every person I talk to then just leave em open so I can see what we talked about last time I spoke to that person without having to go look through the log. Take them away and I have about 5 or 6 other windows open, on each of my four monitors.
We do have a fundamental right, just as chinese dissidents have a fundamental right to free speech. Just because our governments don't recognise our rights doesn't mean we shouldn't.
As right as you are on the issue of freedom to test for security issues, I really dislike your analogy. Like all analogies, it fails to capture the complexity of the situation. In your attempt to make an easily acceptable argument you have simplified the situation such that it is obsurd to consider any alternative to the conclusion you desire. Looking for security flaws is something we should all be free to do; if we are concerned with the security of a system, we should be free to test that system to determine its security. On the other hand, if we intend to defeat the security of that system and, in doing so, commit a crime, we should not be free to do so. Intent is a tricky thing to prove, and the act of security testing a system is often a private one. As such, often people with ill intent will not be detected and this gives rise to the absolutism that it is always acceptable to security test a system. To refer to your analogy of testing a bridge for stability, a concerned engineer who suspects the bridge might not be safe should clearly be free to test the bridge at his leisure, but someone who intends to blow the bridge up should not be free to test its stability. The concerned engineer can ensure all of his intent by declaring that he believes the bridge might not be safe, and should be tested, before actually performing the tests. Should the engineer be observed testing the stability of the bridge without first declaring his intentions, he cannot be surprised when his intentions are put under scrutiny.
Yep, because companies often pay people they've never met to come to their offices and explain things they don't wanna know and, by knowing, give them an obligation to spend money to fix. Happens all the time.
Shya, as if a lawyer isn't going to figure out a nice way to get money out of people without it looking (legally) like extortion.
My bold assertion is as good as yours. But seriously, other than talking to a slimey patent attorney, how can we settle our disagreement?
Here's an idea: how about entering into an agreement to look for vulnerabilities before you go looking for them? Obviously not a lot of use to you now, so how about you just pretend you don't know about this flaw you claim to know about and go get that agreement. If you can't get the agreement without revealing that you already know about a flaw, then you have no chance of getting paid anyway, so either anonymously inform them of your results or shut up about it already.
Huh? It spreads when you copy the executable to give to your mate, same way every virus spreads.
duh, it's slashdot.
Sigh. No I'm not. Read what I fuckin' wrote. I'm not talking about distributing codecs - that's a copyright issue and you can never win on copyright issues. I'm talking about writing free implementations of those codecs. If you wrote the code, you're free to distribute it. The person who uses that code has the responsibility to go license the necessary patents, though.
Exactly as I said, by not caring.
Yes, that's what I said, you have to just not care about patents. They can try to sue you as much as they like, but if the code is out there they can't go after everyone. Sure, the people with deep pockets like Microsoft have to care about patents, but the authors of The Gimp sure don't. You just put a warning in the license agreement on startup "Note: users are required by law to obtain licenses for patents covering all technology contained in this program before use." The users then promptly ignore that warning and use the program anyway. The developers are no longer responsible, the users are too numerous and too low on funds to make adequate targets. This is how it has worked with the GIF patents and the MPEG patents for years. Get on with it.
Yes, true. It really does take effort to reverse engineer stuff, but that's the lot of those who care about interoperability. Ya gotta start somewhere. Samba wouldn't be here if people didn't at least try. Seems, these days, the only people doing reverse engineering for interoperability are the OpenBSD guys.
The Gimp has no problem opening and saving JPEGs but every day I hear another excuse why Totem can't play WMV / Quicktime files. I guess the difference is that someone, who didn't give a shit about patents, actually bothered to make a JPEG library.. but no-one has sat down and done the same for WMV or Quicktime or the dozen other "proprietary codecs". Now ESR is talking about working with Linspire to make it easy for Linux users to download codecs, for a fee. They're talking about putting an icon on the desktop, the user double clicks on it, a windows pops up asking for their credit card details (or whatever payment system will fly in your locale) and the codecs are downloaded and installed with no user intervention necessary. This is a great step forward compared to the hoops you have to jump through to get (unlicensed) codecs installed on Linux at the moment, but isn't it a step backwards? Wouldn't it be better to take the JPEG/GIF approach: write our own library and just ignore these people who claim we must license their patent?
Guess where I am.
Why would you want more of it? When are you fuckin' normals going to learn that the Sun is a killer?
Yep, it was the day you bought those yellow sunglasses. She knew a friend of yours and happened to mention you were hot but it is "just a shame he's gay." Your friend replied "huh? He's not gay, what made you think that?" It was then your girlfriend revealed that she just assumed you liked it from other guys: you have a Mac.
Hehe, believe it or not, Vista security is way better than XP. Of course, that's only true if you don't turn it off, and 99% of users will probably do that within the first 10 minutes as they discover that their favourite apps don't work on Vista and when they ask the vendor why the vendor says "just run this .reg file as Administrator and it'll work". Microsoft have broken the cardinal rule with Vista: backwards compatibility, and that's just on the 32 bit version, the 64 bit version is even worse. I guess we just have to wait and see if they pay for it or not.
Thank god there are women in the world who love geeks eh? But try to remember, friend, you and I are the lucky ones. Many young geeks go to bed alone.
That implies Linux users get any sex, you're thinking of Mac OS X.
So how much does a slashvertisement run you these days?
We're the Casandras of the modern age.
they want their lame idea back.
Nah. You don't get it. The people buying shares in companies are looking for growth. If there's no growth, they make no profit. So how do you maintain consistent growth? It's not enough to keep your current customers happy, you have to get more customers, and to do that you have to play silly games like aquiring other companies and running advertising compaigns and blah blah blah. If you don't do all that crap people will sell their shares.. they can't afford to hold onto shares that are not increasing in value as fast as other shares, and without their money, you don't have a company.
Most companies have some MBA types sitting at the top working out how "the street" is going to respond to their every action and pushing that advice down the tree to tell developers what to do. As such, analysts (like this guy) are always trying to figure out what these MBA types are thinking, and why they are doing certain actions. This isn't how Google works. The developers are basically set free to do whatever the hell they want and they get rewarded when the company does well from it. Is it any surprise to find that the analysts are confused by Google?
I configure it to create a seperate window for every person I talk to then just leave em open so I can see what we talked about last time I spoke to that person without having to go look through the log. Take them away and I have about 5 or 6 other windows open, on each of my four monitors.
We do have a fundamental right, just as chinese dissidents have a fundamental right to free speech. Just because our governments don't recognise our rights doesn't mean we shouldn't.