What do you mean by bolted on? Elaborate please, also if you can recall the last time Unix was attacked by a worm on the scale Microsoft is attacked; let me know. Obviously in comparison, every week there is a new worm out for some Microsoft product.
To put this in perspective, Microsoft worms attack desktop space apps by breaking the server. If you happen to replicate this functionality on a Unix server you aren't going to be doing much unless you have root. Why?, again, it's because the design is simple, there is no voodoo magic to it. If you aren't root you don't get any privileges and if this is what you are talking about that has never been bolted onto unix. Encrypted passwords, ACL's, Kerberos etc etc only makes the above concept stronger.
You can come to your own conclusions on why Microsoft is attacked more. I don't know, I do know Unix is more secure and has proven itself so over many years.
Ugh.. this is so inherently based on faulty logic itself that it's beyond the scope of a comment to explain but I will try.
Unix and Unix like systems are based on a simple and easy concept when it comes to security. That is, if you don't have what is known as "root" you don't get to do any damage to system resource files.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files. Not only that but because of the way Windows is designed where everything is mashed together, when one card falls so does the whole deck.
Unix and Unix-like systems operate on one tool for one job and with inventions like the pipe and IPC ta whole host of new functionality becomes capable just by passing output of one program to the next.
That's as simple as I can possibly explain it. I'm not saying Linux is the most secure thing since sliced bread, I'm simply stating the facts, and the fact is that Unix and Unix-Like systems tend to be more secure because they were DESIGNED that way. Windows was not designed with security in mind and the fact is that it is less secure.
All the other linux virus writing is less because windows is so prevelant hippy bullshit I'll save for PHB's. If you really believe that I've got an SCO license to sell you too.
The most stable kernel we've got that isn't under the SCO shadow is now effectively frozen, thereby preventing any potential code pollution.
SCO claims 2.5.x has copied kernel code. 2.5.x is development, 2.6.x is 2.5.x verfied to be tested and at least halfway debugged making it probably the most unstable version of a kernel anyone could use on a production system.
How about this; Alan Cox is just going to get an MBA and it has nothing to do with SCO but probably because he'd like to know a little bit more about running a business so later on in life, it's possible that he wants to run his own company? Or maybe put into a managerial role so he doesn't have to write mundane kernelcode all the time.
Or maybe you could just email and ask instead of speculating if you really want to know.
While it is most assuredly true that parties in a contract have a duty to mitigate their damages, that mitigation duty hasn't been applied as far as I can tell to copyright infringement. And even if it is applied to copyright issues, the duty to mitigate only goes to the question of the amount of damages sustained by the plaintiff, not to if the defendant is infringing.
That is not the case. The duty to mitigate goes to the basis of the lawsuit. IE: SCO has said IBM has violated contract based on "X" reasons. Those "X" reasons need to be disclosed and IBM MUST remove whatever is causing damage to SCO. That is the law regarding anything involved in a lawsuit unless revealing the damages would cause more damage. SCO can't say that; also SCO hasn't disclosed this information to IBM or anyone else. Them showing 3rd parties the infriging code under NDA contracts is nothing more than pure stupidity, as the persons in question aren't apart of the lawsuit and are usually uninformed and not skilled enough to make such an analysis, even if Linus himself viewed the code the conditions and the NDA would not be disclosed so nothing gained. SCO's case looks very weird as they have no real teeth or offensive position in the case even from casual observation. Even if they wanted to milk funds from their stock price it would of been easier to sue IBM disclose offending proof and gain damages from IBM which would of amounted to alot more than the SCO stock scheme currently. Especially because IBM is the biggest computer company in the world (no it's not Microsoft). Granted hindsight is 20/20 but going into something like suing IBM the biggest silverback bar-none is not a casual pump and dump get out scott free type of idea. Observing the case without facts one can only assume that SCO has no case and is doing this to boost stock before they either dump the company or get it bought out by someone. The earlier is happening the latter is not. At this point being a SCO employee or a chairman is an extremely dangerous thing; IBM has filed lawsuits against SCO claiming that their violating patents. Not only that but young keen legal eyes are looking at how they can punish SCO's chairman in order to receive stripes in this current market where hanging someone who plays with the stock market gains you ground and reputation in your own law firm.
First, it is clear that SCO is offer a per seat license at 50% and will increase after a certain date (Oct. 15>) Second, statutory damage amounts are provided by law to those who have a registered copyrighted work infringed. This amount is above any "ceiling" that Mr. Carey may mistakenly assert that exists.
SCO can't collect on damages on their own by creating license prices. Even if they own the code in question it has to be determined in the court of law first. Any judge handling this case will probably punish or reprimand SCO for this; and if they don't win it's highly likely that any fee's they've collected will have to be returned and licenses voided. Not to mention that they'd be open to nothing but sheer liability.
IANAL, but I was national junior barrister compo champ sometime ago and follow law closely. These are casual observations and if you own a company you should seek legal advice. If that legal advice is any good they'll say something similar, I hope. Even a shit lawyer who just somehow managed to get a law-degree can see this.
I can't necessarily say why unless i've got the specific code to look at (for the programs running) but from the sounds of it something is simply leaking somewhere. If you're doing absolutely nothing memory intensive then swap should be relatively empty until required. Out of all the programs you are running.. one or more is leaking. So one or more programs is leaking, albeit slowly and running up mem and swap.. you kill swap it leaks and 15 minutes later you're back to where you started. However do you experience thrashing or eventually running out of swap at some point? If so then the mem leak theory can generally be confirmed. Basically the routines won't allow all of your hardware mem to fill up before it swaps out, so that's why you have left over hardware memory. If it's not a big deal then there is nothing to worry about but if you have lets say a gig of memory and swap is filling up well beyond the use of that gig of memory there would be a seriously problem. Worst comes to worst isolate the programs that are running when this happens, make sure they aren't leaking mem and then send the numbers off to lkml.. amount of memory, memory in use, swap in use etc etc.
Are you aware that most of your annoyances have to do with other programmers? Are you also aware that if someone writes a program for Linux they are going to use Linux features/capabilities/non-standard libs? Are you also aware that Linux is not Unix? Are you aware that you can write Posix compliant code on Linux and easily port to somewhere else (minus the #defines)? If yes, then your problem isn't a Linux annoyance it's a "everyone is simply writing for Linux featurisms and portability takes alot longer because of it annoyance". I'm aware that you make it clear that "you're on a roll" but you should be more pissed off that people simply aren't writing with Unix, posix, portability in mind.
Everything else I tend to agree with minus the VM problem, if it's doing alot of swapping then something is wrong, basically this has been discussed ALOT when the new VM system was tested. What kernel version are you using, or distro and how much memory are we talking about here?
I hate to throw religion into this, but don't judge your neighbor for having a speck in his eye when you have a plank in your own.
Then don't make it a religious statement. What I don't understand is this, how does an announcement of Oracle switching over their developer desktops to Linux have anything to do with making Larry Ellison a hero? Oracle has been saying they plan to move their entire infrastructure to Linux as soon as possible. This is just more of the movement becoming a reality.
Why you want to demonize either party in your diatribe above or make this out to some holy war makes you seem to be more of a zealot than not. The odd thing is that alot of Pro-Microsoft or Microsoft-biased persons are constantly screaming about how their is Linux zeal in every corner you go to. Of course, to deny that their isn't any would be stupid but I've observed the exact opposite, most if all discussions on topics like these seem to be Pro-Microsoft persons being extremely defensive and almost hostile to anything regarding Linux. Unbiased persons are alot more accepting of the concepts Linux itself is based on.
It would really help to keep your arguments about an issue actually on the issue in question and to not tie in other facts which are based on entirely different scopes and might have an undetermined amount of degrees of seperation involved.
Again no, you don't get it. SCO's case is against IBM. It's not against Redhat, or any other Linux distribution; they can't be held liable for damages. It's that simple, everthing else is mere speculation and in general lies. SCO most likely will have to recoup damages via IBM if not then they'd have to recoup via the person who stole their code. Everyone else is NOT liable. That is the law in the United States. The only thing SCO could possibly do is charge license fees for the code in question which as of the court case will be removed and each Linux distribution will start with that kernel. Customers using previous kernels at that point can't be charged license fees.
So no, it's not worth the worry, this is why you don't hear anyone who actually knows whats going on giving much of a damn. Except for wanting to know what's exactly infringing which SCO won't show to anyone who can actually determine if it's stolen or not.
Again your conclusions are based on pie in the sky theories on how the US judicial system works. Yes it might suck but the same DOJ you talk of put it's teeth into even IBM, infact, Microsoft wouldn't even exist if it wasn't for IBM. Go read up on that.. as well as the actual case between SCO and IBM before spreading more fud.
There is no more farther reaching affect than to have the Federal Gov't sue you and no lawsuits against IBM threaten to legally damage the customer. How you came to this conclusion, I don't know. The case between SCO and IBM is between the two parties, if IBM is found guilty they pay damages. SCO can do nothing to you as a customer of IBM or a user of Linux. If they want to find out who put the infringing code in the kernel they can subpoena kernel.org for the information and then sue the developer responsible. Still none of this affects you as the consumer or user. This whole thing about SCO coming after people is a joke and they should be brought up on charges.
Couple of things, the US didn't provide reconstruction of economy for UK, France or Italy, we simply loaned money to them. Germany and Japan are pretty fucked over, especially Germany, which as of today is doing pretty fucking badly; Japan operates solely on an export basis same with China of manufactured goods. Mainly to us here in the US, their economies have both been shit for about the last decade.
South Korea's economy is solely subsistent as well on the same manufactured goods at a very low price. The avg South Korean is only living so much better than the North Korean because of leadership decisions. North Korea could have gone into mass manufactured goods and other economic areas and they'd probably do just as well as the South Koreans. The reason North Korea is so fucked up is because of it's leaadership, you can only make so mch money selling mineral/organic goods/crops. The point is this, the US didn't make any of these countries better or save any of these countries from an economic recession/crisis or their current situations. They've only influenced these countries by keeping them producing goods at low cost so that the avg US citizen can have a different cost of living. Does it make that countries economic situation better? No, they are still poor but it keeps low prices in check as they clamor to fight for business. The same thing continues today but this time it's at the expense of the US citizens themselves, sadly the Gov't doesn't reflect it's people in the US so much so at the end of the day it's just the rich and the poor, nothing in between.
You're free to say it isn't true, but it is and I'm a US citizen and i'm not poor; yet. It's funny how Americans, including myself can travel around the world and be so happy to see that our dollar is the strongest, the world is obviously our resort, right? and yes.. I'm an American who served in the military up until last year in an intelligence battalion and military police battalion who was against the war against a country with 35 air planes. 15 of those operational.
I happened to be in Canada visting.. If i'm not mistaken.. SGI headquarters is located in Canada, I was wondering if I could just stop in and see what the hell was going on, sort of a tour thing when I passed it by on the highway. Then I thought about moving to Canada simply because it looks like a cleaner version of the US and even though SGI isn't doing too well I envisioned having fun working there. Then I forgot about all that until I saw your post.
I read this full argument and generally agree however you operate on dictionary type of notions. ie: Since someone is thinking outside of the box or creatively it's necessarily a good thing. It's not like that in all situations, don't get me wrong it's good to be objective in alot of situations it's just that security isn't one of them. When it comes to dealing with security systems there really is no thinking outside of the box. The goal of a security system is to secure the system; as you said before if someone knocks down Apache the whole system shouldn't be shut down. That is obviously if you are fully aware that the person in question only knocked down Apache. The more services running on the same machine the more you need to audit the machine to make sure that other services weren't compromised. So if just Apache got knocked down maybe it's not that big of a deal, patch up, restart and everything is brandy or maybe it is a big deal because even though Apache runs unprivileged by default whats to say the person that knocked it down didn't springboard elsewhere into your network, or glean vital information etc etc. Security is a process and until people think of it like that fault-tolerant intrusion detection systems do nothing except give whoevers doing the hacking more data to do more hacking. It's a practice in futility.
Instead of thinking of security as a process, people will think that it's ok to have fault tolerant systems where intrusions are the norm. Until someone comes around and makes the fault tolerant system irrelevant by hacking that, then you are back at the familiar square one. It reminds me of an episode of Fastlane where the security system was supposed to be tiptop and the intruders just set it off repeatedly, until the people inside just thought something was wrong with the system.
As for the economy stalling and all that I don't think it has anything to do with creativity, the tools are there for people to build with (most of them free) and they are building, interest rates are low. The situation that exist is that Corporate America simply is so corrupt no one wants to play the stock market or investment game anymore. People don't want to invest in truly genuine and creative ideas which would make money because they've been burned previously by the IT wannabe's with degrees in making pies (no offense to culinary chefs; thats is a career I have nothing but the strongest respect for but you know what I mean) and whats making it worst is that for all the time which has passed, nothing has changed. If it wasn't for opensource alot of people would be homeless right now.
Yes we will, if they lose it's because they are wrong, this isn't an maybe this/she said/he said litigation. It's not encumbered with much of anything accept SCO's complaint and in the court of law when a barrister is about to battle there needs to be clear and concise factual data to back up claims made. Not speculaton, so in a rape case they'll look for subjects sperm/dna matching, witnessess etc etc. In a case such as this it'll revolve around did IBM break a contract that it had with SCO, if yes then penalties will be applied if no SCO will lose but not only will they lose but based on all the noise that came from SCO especially their CEO before the case, they are open to numerous countersuits which with all the interviews, records, comments made in magazines etc etc will not be hard to prove in the court of law. Normally defamation is a hard thing to prove, but it won't be in the case of SCO losing and it's highly likely that these suits will take place as to make sure a similar situation doesn't occur. Watching case after case after case on all types of subject matter you begin to learn that the more tight lipped a defendant or plaintiff is the more of a case they have. So far, IBM remains quiet; the slashbots speculate more than enough and SCO is slashing and burning every chance they get. The outcome of the case most likely based solely on behavior is that SCO will lose and will be sued into bankruptcy if their current business model won't do that naturally.
IBM has said absolutely nothing, not a goddamn thing about this whole issue; which is good. Yet SCO has all this stuff which is "pretty damaging" to Linux and I've yet to see anything from SCO at all. Amendments, contracts, documents; actual proof. None of it has really been seen by any expert, semi-expert or person in the know at all. Laura Didio's opinion is a joke, put's herself in a bad position (ie: who wants to hire a senior analyst who was wrong on an issue like this?) industry wise and opens herself up to legality issues.
Not only that but she dropped a hint when she just mentioned the word annotation. Simply go to www.tuhs.org and go through all the old BSD/Unix code to make sure none of the same comments exist in Linux in any harmful manner up to January 2002 which is when the last snapshot was taken.
I'd suspect that by now.. someone other than Laura Didio who clearly doesn't have the expertise to make such a conclusion will come forward with some relative comments backing statements like the one's shes made. Almost one week into the month and still it's the same ole smoke screen from SCO and still the same garbage. At this point i'd take a RedHat newbie over people like Laura Didio.
How does she know the code wasn't copied from Linux to Unixware or that it wasn't freely given to Linux? She must be very positive to say something like that.
"Confidential Information" means any and all data;snip. They don't clarify that so that is all that I really need to see, if you sign the NDA you might as well never even say the word kernel, or for that matter you might as well never talk about anything relating to programming or computers. Anything you say afterwards could be used against you in a very malicious nature by SCO.
Ahhh stop with this... The community didn't break any rules. The program was just removed because they didn't want the program to have even been made, or maybe it's because in reality Frankel released it under an unacceptable license not verified by said company or whatever. I mean, to speculate on such things are pointless and for a company to base a decision about Open-Source/GPL on such a situation is rather foolish. If Frankel did release the program under an unacceptable license then that is his bag; it is his fault just like if you decided to release some of you companies software on their website under the GPL. Jesus Christ people, What ever happened to a person commiting a crime and being held responsible for it?? Do we not adhere to that system anymore?? Remember?? That's how it works now??
Then you're saying "he deserved it"; I'm not aware that he was fired or terminated, all it says is that he's unhappy with the current situation, it sucks and he wants out. If he was fired or terminated then I'm sure instead of saying I want to leave because xyz.. He'd say something more like.. I got canned, fuck it I'm happy now. Lastly, AOL should of made sure that this situation didn't happen, that is why they have lawyers, that is why Mozilla is under a different license; etc etc ad nauseam. Not only that but Frankel has released stuff before causing the same exact type of hysteria and the only thing that happened was that the protocol was reverse engineered and is being used widely in/as p2p applications.
The only thing we know for sure is that Frankel and AOL have never seen eye to eye on what he programs and releases and when he does release it's subject to be unauthorized for whatever reason.
If your company has decided to put things on hold based on this, here a hint. They weren't planning on going through with it anyway. You don't tip toe into a situation affecting 10,000 or more desktops and then decide that because a programmer released a program under Opensource/GPL (which he has done before) that was removed; the project needs to be put on hold pending review. Especially since closed/open-source it doesn't matter. Someone can do the samething right this second at your place of work.
Again, be clear.. The community didn't break any rules. Justin Frankel doesn't speak for the community and no one knows the details of the situation. It's also highly unlikely they'll ever be made public. So how your company and yourself come to your own conclusions is beyond the scope and comprehension of the actual situation, extremely premature and bordering childish.
Re:Does Linux have legal vulnerabilities?
on
SCO SCO SCO!
·
· Score: 3, Interesting
My question is: Is this a plausible scenario? What safeguards are in place to prevent such a scenario from coming true? Are these safeguards adequate?
What safeguards are in place to prevent such a scenario from coming true in a closed-source system? Infact, would ACME even know if their code had been stolen in a closed-source system? How would they know this if they don't have the code to look at? It seems that in a closed-source system your IP can be stolen without you even knowing. That can't be good, and you're always left wondering if ex-employee is using methods and code at the new company; of course no NDA, peer review or anything else will catch the code thief in that situation because who's to say he didn't just think the stuff up him/herself?
With that, it's pretty obvious that opensource allows a company to prove IP theft extremely easily. The employee or code thief in question should be prosecuted to the fullest extent of the law and thats one less thief to worry about.
If the company in question harmed financially or competitively they need to take proactive steps to reclaim any loss ground via the thief and to also have a "debriefing" process where the programmer(s) they hire that are leaving are aware they can't divulge or use X ip anywhere else. As said by many people before, if someone is going to throw a brick through your window, attempt a robbery of your car, steal your code, attempt at burning your house down or simply attempting the bombing of an airplane. They are going to do so regardless, and people are responsible for their own actions. You can only mitigate the attack and prepare for the worst.
Basically, this example is typical stuff and it again shows that opensource is the crowd I'd rather play in.. Especially in regards to business and Intellectual Property. Not knowing if that last programmer you fired is now working for the competition and is stealing your IP must really make it difficult to sleep at night. That is; if you run on a closed-source system.
This is a troll right?:) I mean I like IBM, However if I was alive at the time I'd probably feel indifferent towards them. It wasn't so long ago that IBM was in Microsoft's shoes... I shouldn't even make the comparison in power IBM had back then compared to Microsoft today. IBM back then was like god-mode. It took around 15 yrs or so for the DOJ to drop it's case against IBM. I was probably around 3 or 4 when the case was dropped heh.. In any event, if it wasn't for the Antitrust case against IBM oddly enough Microsoft would probably not be the software company it is today. IBM could of simply decided not to sell MS-DOS and then turn around and peddle PC-DOS like rabid dogs, but because of the Anti-Trust case they were on their tip toes at the time, scared to get into different markets etc etc. Now, things are coming full circle; IBM conceded the OS market to Microsoft; then. Tried to take it back with OS/2 but couldn't pull it off on any significant user or server level. It saw Linux coming down the pipe and made a smart move, probably before any other major player in the industry knew what Linux was.
Anyway; Going by your analogy... Microsoft will have a reputation of integrity, honesty and quality in another 15 -20 yrs. At least IBM throughout it's history has had quality and maybe has had to learn to exercise it's power and keep it's karma, intergrity and honesty in check. Microsoft has none of the above and will not have any of the above into the forseeable future unlike IBM instead of being on tip-toes Microsoft is entering different markets WHILE anti-trust cases go on.
Ummm most of that code was put there by people who actually used SCO and Linux and worked on Linux drivers and then ported them over to SCO. Infact most of the code goes from Linux -> SCO, or was started on Linux and simply made portable.. Not vice versa, in one case a programmer received a free copy of Unixware and Openserver to do some work on drivers started on Linux.
Say I run a small Linux server on my DSL line. I have a friend give me a DNS entry off of his domain, as I have a static IP on my server. I now have a DNS which can receive emails, only that it won't reverse DNS the same because my ISP owns the IP address block. I can't send emails now from my server because nobody reverse authenticates me.
Incorrect.. you isp does reverse authenticate it's IP address still. Feel free to "host yourip" and you'll get your reverse ptr domain. To see how this works I wrote in detail to another slashdot user who wanted to know. Here is the post you might want to read.. oddly enough it was only 2 weeks or so ago that again I was talking about this.
Say that I am a student on a university campus, which for some reason won't allow SMTP sending from outside the network as inside the network. This is as it should be, right? But it does allow POP. My computer is on the campus network and configured with whatever mail client it uses. Then suddenly, I'm on spring break, and I bring my laptop home to my families DSL/WiFi network. I can still download my mail, but since I'm off campus network, I can't be authenticated as myself to the mail server. No problem. My ISP lets me send mail with their mail server. Oh wait, new restrictions prevent me from sending this email.
This one doesn't even make sense. That situation has nothing to do with this new system we are speaking. You're problem could of been easily fixed with SMTP-AUTH if you're talking about what I think you're talking about or IMAP or something along those lines. That is just too confusing to even decipher.
The rest of it is you just trolling... right? If not you really should search google for smtp-auth, pgp mail and then search for challenge mail systems.
Making the sender be authenticated by DNS is a bad idea. I can spoof any IP I want to with the right TCP/IP packets.
?? So you're going to spoof an IP and then hack the dns server wherever the ip belongs to, to reverse to a valid domain?
Heh, no offense, but you're making absolutely no sense. Haven't provided any scenarios and the protocol you speak of just simply doesn't make sense.. This whole post just doesn't make sense. Is it the chewbacca defense?
Slashdot Mirror
What do you mean by bolted on? Elaborate please, also if you can recall the last time Unix was attacked by a worm on the scale Microsoft is attacked; let me know. Obviously in comparison, every week there is a new worm out for some Microsoft product.
To put this in perspective, Microsoft worms attack desktop space apps by breaking the server. If you happen to replicate this functionality on a Unix server you aren't going to be doing much unless you have root. Why?, again, it's because the design is simple, there is no voodoo magic to it. If you aren't root you don't get any privileges and if this is what you are talking about that has never been bolted onto unix. Encrypted passwords, ACL's, Kerberos etc etc only makes the above concept stronger.
You can come to your own conclusions on why Microsoft is attacked more. I don't know, I do know Unix is more secure and has proven itself so over many years.
Ugh.. this is so inherently based on faulty logic itself that it's beyond the scope of a comment to explain but I will try.
Unix and Unix like systems are based on a simple and easy concept when it comes to security. That is, if you don't have what is known as "root" you don't get to do any damage to system resource files.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files. Not only that but because of the way Windows is designed where everything is mashed together, when one card falls so does the whole deck.
Unix and Unix-like systems operate on one tool for one job and with inventions like the pipe and IPC ta whole host of new functionality becomes capable just by passing output of one program to the next.
That's as simple as I can possibly explain it. I'm not saying Linux is the most secure thing since sliced bread, I'm simply stating the facts, and the fact is that Unix and Unix-Like systems tend to be more secure because they were DESIGNED that way. Windows was not designed with security in mind and the fact is that it is less secure.
All the other linux virus writing is less because windows is so prevelant hippy bullshit I'll save for PHB's. If you really believe that I've got an SCO license to sell you too.
My fault, misread.
The most stable kernel we've got that isn't under the SCO shadow is now effectively frozen, thereby preventing any potential code pollution.
SCO claims 2.5.x has copied kernel code. 2.5.x is development, 2.6.x is 2.5.x verfied to be tested and at least halfway debugged making it probably the most unstable version of a kernel anyone could use on a production system.
How about this; Alan Cox is just going to get an MBA and it has nothing to do with SCO but probably because he'd like to know a little bit more about running a business so later on in life, it's possible that he wants to run his own company? Or maybe put into a managerial role so he doesn't have to write mundane kernelcode all the time.
Or maybe you could just email and ask instead of speculating if you really want to know.
Ummm he's busy at the moment so all protocols are currently at a stand still till he gets back from las vegas.
SHUT.. UP..
-- Thank you from the "We are tired of hearing This is exactly the type of attitude that will keep Linux from the masses department"
You don't know how wrong you are about this.
While it is most assuredly true that parties in a contract have a duty to mitigate their damages, that mitigation duty hasn't been applied as far as I can tell to copyright infringement. And even if it is applied to copyright issues, the duty to mitigate only goes to the question of the amount of damages sustained by the plaintiff, not to if the defendant is infringing.
That is not the case. The duty to mitigate goes to the basis of the lawsuit. IE: SCO has said IBM has violated contract based on "X" reasons. Those "X" reasons need to be disclosed and IBM MUST remove whatever is causing damage to SCO. That is the law regarding anything involved in a lawsuit unless revealing the damages would cause more damage. SCO can't say that; also SCO hasn't disclosed this information to IBM or anyone else. Them showing 3rd parties the infriging code under NDA contracts is nothing more than pure stupidity, as the persons in question aren't apart of the lawsuit and are usually uninformed and not skilled enough to make such an analysis, even if Linus himself viewed the code the conditions and the NDA would not be disclosed so nothing gained. SCO's case looks very weird as they have no real teeth or offensive position in the case even from casual observation. Even if they wanted to milk funds from their stock price it would of been easier to sue IBM disclose offending proof and gain damages from IBM which would of amounted to alot more than the SCO stock scheme currently. Especially because IBM is the biggest computer company in the world (no it's not Microsoft). Granted hindsight is 20/20 but going into something like suing IBM the biggest silverback bar-none is not a casual pump and dump get out scott free type of idea. Observing the case without facts one can only assume that SCO has no case and is doing this to boost stock before they either dump the company or get it bought out by someone. The earlier is happening the latter is not. At this point being a SCO employee or a chairman is an extremely dangerous thing; IBM has filed lawsuits against SCO claiming that their violating patents. Not only that but young keen legal eyes are looking at how they can punish SCO's chairman in order to receive stripes in this current market where hanging someone who plays with the stock market gains you ground and reputation in your own law firm.
First, it is clear that SCO is offer a per seat license at 50% and will increase after a certain date (Oct. 15>) Second, statutory damage amounts are provided by law to those who have a registered copyrighted work infringed. This amount is above any "ceiling" that Mr. Carey may mistakenly assert that exists.
SCO can't collect on damages on their own by creating license prices. Even if they own the code in question it has to be determined in the court of law first. Any judge handling this case will probably punish or reprimand SCO for this; and if they don't win it's highly likely that any fee's they've collected will have to be returned and licenses voided. Not to mention that they'd be open to nothing but sheer liability.
IANAL, but I was national junior barrister compo champ sometime ago and follow law closely. These are casual observations and if you own a company you should seek legal advice. If that legal advice is any good they'll say something similar, I hope. Even a shit lawyer who just somehow managed to get a law-degree can see this.
I can't necessarily say why unless i've got the specific code to look at (for the programs running) but from the sounds of it something is simply leaking somewhere. If you're doing absolutely nothing memory intensive then swap should be relatively empty until required. Out of all the programs you are running.. one or more is leaking. So one or more programs is leaking, albeit slowly and running up mem and swap.. you kill swap it leaks and 15 minutes later you're back to where you started. However do you experience thrashing or eventually running out of swap at some point? If so then the mem leak theory can generally be confirmed. Basically the routines won't allow all of your hardware mem to fill up before it swaps out, so that's why you have left over hardware memory. If it's not a big deal then there is nothing to worry about but if you have lets say a gig of memory and swap is filling up well beyond the use of that gig of memory there would be a seriously problem. Worst comes to worst isolate the programs that are running when this happens, make sure they aren't leaking mem and then send the numbers off to lkml.. amount of memory, memory in use, swap in use etc etc.
Are you aware that most of your annoyances have to do with other programmers? Are you also aware that if someone writes a program for Linux they are going to use Linux features/capabilities/non-standard libs? Are you also aware that Linux is not Unix? Are you aware that you can write Posix compliant code on Linux and easily port to somewhere else (minus the #defines)? If yes, then your problem isn't a Linux annoyance it's a "everyone is simply writing for Linux featurisms and portability takes alot longer because of it annoyance". I'm aware that you make it clear that "you're on a roll" but you should be more pissed off that people simply aren't writing with Unix, posix, portability in mind.
Everything else I tend to agree with minus the VM problem, if it's doing alot of swapping then something is wrong, basically this has been discussed ALOT when the new VM system was tested. What kernel version are you using, or distro and how much memory are we talking about here?
I hate to throw religion into this, but don't judge your neighbor for having a speck in his eye when you have a plank in your own.
Then don't make it a religious statement. What I don't understand is this, how does an announcement of Oracle switching over their developer desktops to Linux have anything to do with making Larry Ellison a hero? Oracle has been saying they plan to move their entire infrastructure to Linux as soon as possible. This is just more of the movement becoming a reality.
Why you want to demonize either party in your diatribe above or make this out to some holy war makes you seem to be more of a zealot than not. The odd thing is that alot of Pro-Microsoft or Microsoft-biased persons are constantly screaming about how their is Linux zeal in every corner you go to. Of course, to deny that their isn't any would be stupid but I've observed the exact opposite, most if all discussions on topics like these seem to be Pro-Microsoft persons being extremely defensive and almost hostile to anything regarding Linux. Unbiased persons are alot more accepting of the concepts Linux itself is based on.
It would really help to keep your arguments about an issue actually on the issue in question and to not tie in other facts which are based on entirely different scopes and might have an undetermined amount of degrees of seperation involved.
Again no, you don't get it. SCO's case is against IBM. It's not against Redhat, or any other Linux distribution; they can't be held liable for damages. It's that simple, everthing else is mere speculation and in general lies. SCO most likely will have to recoup damages via IBM if not then they'd have to recoup via the person who stole their code. Everyone else is NOT liable. That is the law in the United States. The only thing SCO could possibly do is charge license fees for the code in question which as of the court case will be removed and each Linux distribution will start with that kernel. Customers using previous kernels at that point can't be charged license fees.
So no, it's not worth the worry, this is why you don't hear anyone who actually knows whats going on giving much of a damn. Except for wanting to know what's exactly infringing which SCO won't show to anyone who can actually determine if it's stolen or not.
Again your conclusions are based on pie in the sky theories on how the US judicial system works. Yes it might suck but the same DOJ you talk of put it's teeth into even IBM, infact, Microsoft wouldn't even exist if it wasn't for IBM. Go read up on that.. as well as the actual case between SCO and IBM before spreading more fud.
There is no more farther reaching affect than to have the Federal Gov't sue you and no lawsuits against IBM threaten to legally damage the customer. How you came to this conclusion, I don't know. The case between SCO and IBM is between the two parties, if IBM is found guilty they pay damages. SCO can do nothing to you as a customer of IBM or a user of Linux. If they want to find out who put the infringing code in the kernel they can subpoena kernel.org for the information and then sue the developer responsible. Still none of this affects you as the consumer or user. This whole thing about SCO coming after people is a joke and they should be brought up on charges.
Couple of things, the US didn't provide reconstruction of economy for UK, France or Italy, we simply loaned money to them. Germany and Japan are pretty fucked over, especially Germany, which as of today is doing pretty fucking badly; Japan operates solely on an export basis same with China of manufactured goods. Mainly to us here in the US, their economies have both been shit for about the last decade.
South Korea's economy is solely subsistent as well on the same manufactured goods at a very low price. The avg South Korean is only living so much better than the North Korean because of leadership decisions. North Korea could have gone into mass manufactured goods and other economic areas and they'd probably do just as well as the South Koreans. The reason North Korea is so fucked up is because of it's leaadership, you can only make so mch money selling mineral/organic goods/crops. The point is this, the US didn't make any of these countries better or save any of these countries from an economic recession/crisis or their current situations. They've only influenced these countries by keeping them producing goods at low cost so that the avg US citizen can have a different cost of living. Does it make that countries economic situation better? No, they are still poor but it keeps low prices in check as they clamor to fight for business. The same thing continues today but this time it's at the expense of the US citizens themselves, sadly the Gov't doesn't reflect it's people in the US so much so at the end of the day it's just the rich and the poor, nothing in between.
You're free to say it isn't true, but it is and I'm a US citizen and i'm not poor; yet. It's funny how Americans, including myself can travel around the world and be so happy to see that our dollar is the strongest, the world is obviously our resort, right? and yes.. I'm an American who served in the military up until last year in an intelligence battalion and military police battalion who was against the war against a country with 35 air planes. 15 of those operational.
I happened to be in Canada visting.. If i'm not mistaken.. SGI headquarters is located in Canada, I was wondering if I could just stop in and see what the hell was going on, sort of a tour thing when I passed it by on the highway. Then I thought about moving to Canada simply because it looks like a cleaner version of the US and even though SGI isn't doing too well I envisioned having fun working there. Then I forgot about all that until I saw your post.
I read this full argument and generally agree however you operate on dictionary type of notions. ie: Since someone is thinking outside of the box or creatively it's necessarily a good thing. It's not like that in all situations, don't get me wrong it's good to be objective in alot of situations it's just that security isn't one of them. When it comes to dealing with security systems there really is no thinking outside of the box. The goal of a security system is to secure the system; as you said before if someone knocks down Apache the whole system shouldn't be shut down. That is obviously if you are fully aware that the person in question only knocked down Apache. The more services running on the same machine the more you need to audit the machine to make sure that other services weren't compromised. So if just Apache got knocked down maybe it's not that big of a deal, patch up, restart and everything is brandy or maybe it is a big deal because even though Apache runs unprivileged by default whats to say the person that knocked it down didn't springboard elsewhere into your network, or glean vital information etc etc. Security is a process and until people think of it like that fault-tolerant intrusion detection systems do nothing except give whoevers doing the hacking more data to do more hacking. It's a practice in futility.
Instead of thinking of security as a process, people will think that it's ok to have fault tolerant systems where intrusions are the norm. Until someone comes around and makes the fault tolerant system irrelevant by hacking that, then you are back at the familiar square one. It reminds me of an episode of Fastlane where the security system was supposed to be tiptop and the intruders just set it off repeatedly, until the people inside just thought something was wrong with the system.
As for the economy stalling and all that I don't think it has anything to do with creativity, the tools are there for people to build with (most of them free) and they are building, interest rates are low. The situation that exist is that Corporate America simply is so corrupt no one wants to play the stock market or investment game anymore. People don't want to invest in truly genuine and creative ideas which would make money because they've been burned previously by the IT wannabe's with degrees in making pies (no offense to culinary chefs; thats is a career I have nothing but the strongest respect for but you know what I mean) and whats making it worst is that for all the time which has passed, nothing has changed. If it wasn't for opensource alot of people would be homeless right now.
Yes we will, if they lose it's because they are wrong, this isn't an maybe this/she said/he said litigation. It's not encumbered with much of anything accept SCO's complaint and in the court of law when a barrister is about to battle there needs to be clear and concise factual data to back up claims made. Not speculaton, so in a rape case they'll look for subjects sperm/dna matching, witnessess etc etc. In a case such as this it'll revolve around did IBM break a contract that it had with SCO, if yes then penalties will be applied if no SCO will lose but not only will they lose but based on all the noise that came from SCO especially their CEO before the case, they are open to numerous countersuits which with all the interviews, records, comments made in magazines etc etc will not be hard to prove in the court of law. Normally defamation is a hard thing to prove, but it won't be in the case of SCO losing and it's highly likely that these suits will take place as to make sure a similar situation doesn't occur. Watching case after case after case on all types of subject matter you begin to learn that the more tight lipped a defendant or plaintiff is the more of a case they have. So far, IBM remains quiet; the slashbots speculate more than enough and SCO is slashing and burning every chance they get. The outcome of the case most likely based solely on behavior is that SCO will lose and will be sued into bankruptcy if their current business model won't do that naturally.
IBM has said absolutely nothing, not a goddamn thing about this whole issue; which is good. Yet SCO has all this stuff which is "pretty damaging" to Linux and I've yet to see anything from SCO at all. Amendments, contracts, documents; actual proof. None of it has really been seen by any expert, semi-expert or person in the know at all. Laura Didio's opinion is a joke, put's herself in a bad position (ie: who wants to hire a senior analyst who was wrong on an issue like this?) industry wise and opens herself up to legality issues.
Not only that but she dropped a hint when she just mentioned the word annotation. Simply go to www.tuhs.org and go through all the old BSD/Unix code to make sure none of the same comments exist in Linux in any harmful manner up to January 2002 which is when the last snapshot was taken.
I'd suspect that by now.. someone other than Laura Didio who clearly doesn't have the expertise to make such a conclusion will come forward with some relative comments backing statements like the one's shes made. Almost one week into the month and still it's the same ole smoke screen from SCO and still the same garbage. At this point i'd take a RedHat newbie over people like Laura Didio.
Ok; http://news.com.com/2100-1001-222044.html
How does she know the code wasn't copied from Linux to Unixware or that it wasn't freely given to Linux? She must be very positive to say something like that.
"Confidential Information" means any and all data;snip. They don't clarify that so that is all that I really need to see, if you sign the NDA you might as well never even say the word kernel, or for that matter you might as well never talk about anything relating to programming or computers. Anything you say afterwards could be used against you in a very malicious nature by SCO.
Ahhh stop with this... The community didn't break any rules. The program was just removed because they didn't want the program to have even been made, or maybe it's because in reality Frankel released it under an unacceptable license not verified by said company or whatever. I mean, to speculate on such things are pointless and for a company to base a decision about Open-Source/GPL on such a situation is rather foolish. If Frankel did release the program under an unacceptable license then that is his bag; it is his fault just like if you decided to release some of you companies software on their website under the GPL. Jesus Christ people, What ever happened to a person commiting a crime and being held responsible for it?? Do we not adhere to that system anymore?? Remember?? That's how it works now??
Then you're saying "he deserved it"; I'm not aware that he was fired or terminated, all it says is that he's unhappy with the current situation, it sucks and he wants out. If he was fired or terminated then I'm sure instead of saying I want to leave because xyz.. He'd say something more like.. I got canned, fuck it I'm happy now. Lastly, AOL should of made sure that this situation didn't happen, that is why they have lawyers, that is why Mozilla is under a different license; etc etc ad nauseam. Not only that but Frankel has released stuff before causing the same exact type of hysteria and the only thing that happened was that the protocol was reverse engineered and is being used widely in/as p2p applications.
The only thing we know for sure is that Frankel and AOL have never seen eye to eye on what he programs and releases and when he does release it's subject to be unauthorized for whatever reason.
If your company has decided to put things on hold based on this, here a hint. They weren't planning on going through with it anyway. You don't tip toe into a situation affecting 10,000 or more desktops and then decide that because a programmer released a program under Opensource/GPL (which he has done before) that was removed; the project needs to be put on hold pending review. Especially since closed/open-source it doesn't matter. Someone can do the samething right this second at your place of work.
Again, be clear.. The community didn't break any rules. Justin Frankel doesn't speak for the community and no one knows the details of the situation. It's also highly unlikely they'll ever be made public. So how your company and yourself come to your own conclusions is beyond the scope and comprehension of the actual situation, extremely premature and bordering childish.
My question is: Is this a plausible scenario? What safeguards are in place to prevent such a scenario from coming true? Are these safeguards adequate?
What safeguards are in place to prevent such a scenario from coming true in a closed-source system? Infact, would ACME even know if their code had been stolen in a closed-source system? How would they know this if they don't have the code to look at? It seems that in a closed-source system your IP can be stolen without you even knowing. That can't be good, and you're always left wondering if ex-employee is using methods and code at the new company; of course no NDA, peer review or anything else will catch the code thief in that situation because who's to say he didn't just think the stuff up him/herself?
With that, it's pretty obvious that opensource allows a company to prove IP theft extremely easily. The employee or code thief in question should be prosecuted to the fullest extent of the law and thats one less thief to worry about.
If the company in question harmed financially or competitively they need to take proactive steps to reclaim any loss ground via the thief and to also have a "debriefing" process where the programmer(s) they hire that are leaving are aware they can't divulge or use X ip anywhere else. As said by many people before, if someone is going to throw a brick through your window, attempt a robbery of your car, steal your code, attempt at burning your house down or simply attempting the bombing of an airplane. They are going to do so regardless, and people are responsible for their own actions. You can only mitigate the attack and prepare for the worst.
Basically, this example is typical stuff and it again shows that opensource is the crowd I'd rather play in.. Especially in regards to business and Intellectual Property. Not knowing if that last programmer you fired is now working for the competition and is stealing your IP must really make it difficult to sleep at night. That is; if you run on a closed-source system.
This is a troll right? :) I mean I like IBM, However if I was alive at the time I'd probably feel indifferent towards them. It wasn't so long ago that IBM was in Microsoft's shoes... I shouldn't even make the comparison in power IBM had back then compared to Microsoft today. IBM back then was like god-mode. It took around 15 yrs or so for the DOJ to drop it's case against IBM. I was probably around 3 or 4 when the case was dropped heh.. In any event, if it wasn't for the Antitrust case against IBM oddly enough Microsoft would probably not be the software company it is today. IBM could of simply decided not to sell MS-DOS and then turn around and peddle PC-DOS like rabid dogs, but because of the Anti-Trust case they were on their tip toes at the time, scared to get into different markets etc etc. Now, things are coming full circle; IBM conceded the OS market to Microsoft; then. Tried to take it back with OS/2 but couldn't pull it off on any significant user or server level. It saw Linux coming down the pipe and made a smart move, probably before any other major player in the industry knew what Linux was.
Anyway; Going by your analogy... Microsoft will have a reputation of integrity, honesty and quality in another 15 -20 yrs. At least IBM throughout it's history has had quality and maybe has had to learn to exercise it's power and keep it's karma, intergrity and honesty in check. Microsoft has none of the above and will not have any of the above into the forseeable future unlike IBM instead of being on tip-toes Microsoft is entering different markets WHILE anti-trust cases go on.
Ummm most of that code was put there by people who actually used SCO and Linux and worked on Linux drivers and then ported them over to SCO. Infact most of the code goes from Linux -> SCO, or was started on Linux and simply made portable.. Not vice versa, in one case a programmer received a free copy of Unixware and Openserver to do some work on drivers started on Linux.
Say I run a small Linux server on my DSL line. I have a friend give me a DNS entry off of his domain, as I have a static IP on my server. I now have a DNS which can receive emails, only that it won't reverse DNS the same because my ISP owns the IP address block. I can't send emails now from my server because nobody reverse authenticates me.
Incorrect.. you isp does reverse authenticate it's IP address still. Feel free to "host yourip" and you'll get your reverse ptr domain. To see how this works I wrote in detail to another slashdot user who wanted to know. Here is the post you might want to read.. oddly enough it was only 2 weeks or so ago that again I was talking about this.
Say that I am a student on a university campus, which for some reason won't allow SMTP sending from outside the network as inside the network. This is as it should be, right? But it does allow POP. My computer is on the campus network and configured with whatever mail client it uses. Then suddenly, I'm on spring break, and I bring my laptop home to my families DSL/WiFi network. I can still download my mail, but since I'm off campus network, I can't be authenticated as myself to the mail server. No problem. My ISP lets me send mail with their mail server. Oh wait, new restrictions prevent me from sending this email.
This one doesn't even make sense. That situation has nothing to do with this new system we are speaking. You're problem could of been easily fixed with SMTP-AUTH if you're talking about what I think you're talking about or IMAP or something along those lines. That is just too confusing to even decipher.
The rest of it is you just trolling... right? If not you really should search google for smtp-auth, pgp mail and then search for challenge mail systems.
Making the sender be authenticated by DNS is a bad idea. I can spoof any IP I want to with the right TCP/IP packets.
?? So you're going to spoof an IP and then hack the dns server wherever the ip belongs to, to reverse to a valid domain?
Heh, no offense, but you're making absolutely no sense. Haven't provided any scenarios and the protocol you speak of just simply doesn't make sense.. This whole post just doesn't make sense. Is it the chewbacca defense?