In the United States of America Free Speech IS a RIGHT... check out the constitution.
For a meaningful comparison of speech which in the US has been ruled as not protected consider the case of anti-abortion activists:
the Nuremberg Files... as a tool through which anti-abortion activists could spread their thinly veiled threats. The Web site listed hundreds of abortion doctors and invited readers to send in doctors' addresses, license plate numbers and the names of their children. When doctors were killed, their names were crossed off.
These people were found guilty of accessory to murder, creating the web pages in question for the explicit purpose of directing 'activists' to murder targets. This use of speech is not protected (apprpriately imho) under the constitution.
It is also imho fallacious to say that "Anyone else can link / post / whatever this material, why are these organizations [radikal / indimedia] being prosecuted?"
In fact intent matters in many (probably most) legal proceedings. If these self-appointed protectors of my safety choose to act as accessories to violent acts then they risk having problems with the authorities.
Additionally, most network providers Acceptable Use Policies ban the placement / transmission of illegal material. The systems for isolating ISP's who do not subscribe to a minimal set of AUP standards are not as good as I would like to see them, but at least there is some internet policing / agreement on spam and crackers / script kiddies.
Unfortunately there are no simple tech solitions for this set of societal issues. That means that these things will sometimes be settled by the courts.
While this does a nice job of crunching numbers, how do they know that their algorithms are any good at doing what they do? Or are they trying to simulate things that aren't continuously kicked around by chaos theory?
Just because it's been through a fancy (or expensive) machine it doesn't make the outcome any more valid.
Modelling real processes is a science which has been around for as long as computation. Simulations I used to run with Dynamo (discrete simulation of general PDE's) on a minicomputer was in some ways the coolest. It was also the slowest, a 10-state thermal transfer model could take an hour on a $200k processor.
It is quite possible to look at fine-grained results using finite element or finite-difference methods in mechanical and fluid dynamics problems. For instance looking at vortex-shedding is within the realm of possible for a current model PC or workstation.
verification is done against known data-sets and most simulation work involves checks on accuracy.
Yes, problems which are really in the 'butterfly effect' region are very difficult, interesting (useful) work has been done taking such phenomena to the molecular level. For something like crack-propagation finite element methods have to be very detailed indeed to be predictive and while you can use these for useful results, the 'interesting' part needs to be calculated at the atomic level. That, however I have only seen done in simulation of highly regular materials.
Many of the chaotic results happen where there is a delicate ballance in total energy, e.g. the dynamics of cigarette smoke. 'Useful' problems however usually involve substantial energy transfers and at some computational scale these are not chaotic.
Solar and geo-thermal energy input into global weather patterns involves a LOT of energy and modelling is generally easier where you are looking at such problems.
Computational weather prediction has made impressive strides. 10 years ago the ability to predict weather in New England was dismal, today between better sensors and better models the 5-day forcast is now more often correct than not.
Allowing relicensing of snippets of AIX... And IBM would in no way lose control of AIX, so what's the downside?
Even if it's just 'party line / pro-forma'. I can well imagine that some of IBM's customers would be unhappy to think that AIX code were being placed into GPL.
One of IBM's major motivations for leveraging Linux is not to capture the x/86 servers into IBM's hardware sales (tho I'm sure that happens). Rather, OSS has moved substantially to a place where Linux-isms are the bread and butter and if you want to run OSS software on UNIX, it's more efficient to create AIX-L(inux) to simplify OSS support for the platform.
*That* (I think) is the driver for investing in linux generally, and IBM recognizes that you don't really get to play in OSS without giving something back. And they are getting to play in the design and understanding in detail which will allow thier AIX5L to interoperate better with linux itself.
Additionally, just pulling the code from one unix and inserting it to another probably wouldn't play well in terms of reliability. Kernel data structures are going to be different, and I think to generate bug-free code you're better off simply taking the *idea* and writing it from scratch in the different environment.
Also, note: it's hardly a new phenomenon. I know AIX coders who've consistently provided substantial pieces of code directly to the Linux platform since the mid '90's. And I know of instances where some (not very smart) IBM customers were substantially unhappy about this.
All of the ps/2 models I was familiar with had round-barrel keys, providing medium security) They had a medeco core in a plastic barrel, with a plastic lock arm inside.Pick-proof yes (even the three-tumbler version) but hardly secure.
That's definitely a different unit. The rs/6k deskside units rear-panel used a medeco turning a roughly 2" square steel plate which engaged the case and covered:
A 2 foot long screw lead to the front of the case, and locked the front-panel cover. The front panel control keyswitch prevented booting when in 'secure' position.
Basically yes you can always get inside but on these machines you're not gonna do it without breaking the case first.
The desktop rs/6k machines of more recent vintage use lower cost locks, dunno about the larger machines.
Hmm nice idea, tho I generally prefer lock-down cases where gaining physical access requires either the key, or breaking something.
IBM used to (and I imagine still does) build thier rs/6000 cases this way. The thing that always pleased me most was the use of a Medeco biaxial lock & key. Medeco's are effectively not pickable, in contrast to virtually all other pin-tumbler locks.
I don't know what other vendors use this or similar methods for the cases. the usual 3-4 pin lock incorporated in all the other cases I've seen (including some pretty expensive ones from Compaq / HP) were trivial to open. Even the use of mushroom pins is not going to be proof against a reasonably skilled intruder.
This is indeed one of the frustrating UK-US differences. When a (typically but not universally) uninformed American comments on the level of UK surveillance, they never take the 20 years of terrorism on UK soil into account.
[Sigh] too true. My first thought on seeing the damage to the WTC was "goddess it's finally happened *here*:-(". The second was knowning that many of the folks in the US fail to realize that much (most?) of the rest of the world has faced this crap for decades. I think anyone who observed the lax state of US security over the recent decades has realized that this would happen someday.
It didn't help that the IRA was getting 50% of its money from US citizens supporting Noraid either.... Or perhaps they didn't care.
The son of my neighbor (who's a retired boston police officer), just 2 doors down was arrested maybe 10 years ago by FBI for trying to run guns to the IRA. He'd actually been dealing with FBI posing as PIRA. I'm glad they bagged at least that one.
I lost friends in the UK armed forces... Perhaps US isolationism will be reduced as a result of 11/11. Personally I don't hold much hope.
Dear goddess. I'm sorry and grieve for you and your people who were lost. As to how the US is changing internally, while my observation has *often* been of heightened isolationism, there is also heightened awareness that terror is not new. And that everyone else has been living with it for a long time.
I've only been to the UK 3 times, in '69, '83 and '96.
While London in 1983 was in the midst of a time of relatively high terrorism, The experience of being in London for a US citizen was an interesting contrast. People were very mindful of left packages anywhere public. Paris was markedly more striking in the presence of guards armed with automatic weapons outside many embassies / banks. Only saw that once in London that trip.
In 1996 there was a very different feel. The presence of private security cameras was highly visible and I was warned a few times about elevated danger of street crime. London still felt far safer on ballance than any US city I've ever spent time in, but still much changed from '83, let alone '69.
In the US presently I think most of the population would welcome far stricter intrusions of privacy than what the government has actually opposed (which is still somewhat more than I'm happy about).
The UK has lived with visible levels of terrorism for decades, while for we in the US it's a pretty new adjustment. Don't know how that affects policy or people's actions on a daily basis, 'cause I don't live there.
At the rules that government puts on official sniffing. I'm glad the UK Home Office has realized this was a mistake. Honestly I think part of the problem is that beaureaucrats and managers still don't follow the details of this technology well enough to gauge the societal effects of some policy ideas.
Equally, it was interesting to hear of the FBI agent who accidentally dumped sniffed al quaida emails when he(she?) realized that unauthorized private emails had been recorded.
While I'm very much concerned about some of the responses post sept 11, when I read the statutes, they were(e.g.) quite explicit about granting authority to read *headers*.
Mostly I think these folks are acting in good faith and often the biggest headlines originate in things that are still 1/2 baked on release.
Unfortunately, this sort of thing is the norm rather than the exception.
It's not an new debate. Personally I can think of few excuses for not working with the apache team to have a working and hopefully tested patch available and ready prior to any public dissemination of the fault.
The reality is that neither the kiddies nor the actual writers of exploits have stumbled upon this until ISS notified them.
It is illegal to own lockpicks in all states I know of. That's an old law, while generally the US doesn't outlaw items that have legitimate uses, clearly DMCA shows that we could someday see a class of coding and analysis tools which can also be used for attack outlawed.
I can't see how ISS is helping to avoid that outcome.
Reportedly advisory This is a denial of service in 32bit unix (linux, bsd), and an exploit in 64 bit unix.
Regrettable that there's no patch (yet), sites running 64 bit ought to be taking immediate steps to prevent release of data readable by the apache account. I imagine there will be som DOS-ing of the more abundant 32 bit platforms.
Re:How science / development often work(sic)
on
Wolframania
·
· Score: 1
almost every single deconstructionist/revisionist in the field of science sociology makes the equally unwarranted leap to the statement that science therefore is just subjective with no special claim on truth. This, of course, is bull-crap
As it's not what *I* concluded, I'm not sure why you mention it. What I *did* provide was objective evidence that peer review is not the only way of progress in science. As
But every example you offer indicates the strength of the peer review process
One example (Margulis) relates to peer review. I am not so sure that 10 years for the field to move from open derision to acceptance is a 'strength' however both sides of that coin are value judgements. My statement is not that peer review doesn't work, rather that 'there's more than one way to do it'.
What use is it if a lone wolf "gets it right", if we can't tell that he/she got it right?
In the instances I quoted you can tell when they make something that works. The market is not a perfect peer-review but it's a darned efficient one.
Poincare could not have... Quantum Mechanics did not even begin to exist until the discovery of the electron in 1897
How 'bout you take it up with the author of: Poincare,'s proof of the quantum discontinuity of nature. - Jeffrey J. Prentis; 63 (4), 339-50.
As it happens Poincare's 3-body problem is also seen as the first consideration of the chaotic systems which are part of Wolfram's departure from the mainstream.
I will grant that Poincare saw a lot of the implications of non-Euclidean spaces, a fundament of Einstein's General Relativity
To close on some of the problems which I do see in the practice of modern academic science in general and peer review in particular:
Peer review engenders:
thousands of academic journals each of which can be subscribed to at a cost of $250-1000/ year
a body of knowlege which is substantially disjoint from the knowlege of 'technology'
a view at Nature, one of the pre-eminent publications that their few hundred words of review of ANKOS is worth $15 to me
Academic research *is* valuable, as a technologist who has functioned as a 'gatekeeper' I'm keenly aware of what things don't (often) happen within the context of corporate R&D.
How science / development often work(sic)
on
Wolframania
·
· Score: 2, Interesting
we've managed to evolve a system [of peer review] that... separate[s] the truly original and productive thinker from the truly original and marginal nutcase
Which is a system functioning in a separate technology realm from industry and invention. I can't directly site the MIT study, but the result is effectively (my analogy) what's seen in child-development. Before the development of a set of social / communication skills small children will play adjacent to each other and rarely interact.
Neither of these systems (academia / industry) in practice holds the other in particularly high regard. In fact a small fraction (ca 1-5%) of engineers / scientists stay current with what's happening in 'that other area', these individuals, termed 'gatekeepers' are repsonsible for nearly all technology transfer.
the scientific system excludes certain types of claims... it logically runs the risk of excluding the bona fide true revolutionary.... Yet in truth it does not seem to do that all that often.
I guess it depends on what you consider 'often' and 'revolutionary'. Lynn Margulis's discovery that Eukaryotic (all higher order life) cells resulted from the symbiotic relationship between prokariotic cells and viruses was actively derided in biology for a decade.
Scientists who choose not to live in the arena of
academia, or corporate R&D are often the innovators who bring the most real innovations to light.
Examples:
James Lovelock (inventor of gas-chromatograph tools, responsible for Gaia hypothesis and warning of te HCFC / Ozone problem)
Itzak Bentov (one of 2 principal inventors of angioplasty and related less-invasive medicine one of the founders of Boston Scientific (now $2B+ sales)
Stephen Wolfram
The common theme among these individuals is that they pursued new work in part outside of established doctrine, and to some extent this was precisely possible becuase they worked outside of 'peer review'
Lovelock observed in his original book about Gaia that some kinds of research will never be taken on in academia (or the results of completed work will be rejected) because of purely social considerations. He cites the mis-evaluated concerns for safety in nuclear energy, comparing it to the actual (larger) magnitude of toxic chemical contamination risks.
For a similar example read (or google for) "Brain Sex", a summary of research documenting differences in male and female brain structure. Researchers in this field have uniformly found that because it is not 'PC' to observe that male and female cognigtion / brain structure exhibit meaningful differences, their (almost certainly valid) works are very slow to be funded or accepted.
These individuals and fields demonstrate how sometimes truly groundbreaking work can only happen outside of the established context. In these instances and many similar ones this happens when an individual can fund his(her) own work and therefor work outside of the peer review system of science.
Einstein's theories were nothing short of the demolition of... Newtonian worldview
Actually, Poincare noted the implications of both Relativity and Quantum Mechanics a couple of decades before Einstein applied the mathmatics necessary to fully illuminate the problem.
'Science' often believes the myth that it is an objective undertaking, not subject to whim or 'current fashion'. Most people who work very long in scientific fields discover that there are (wrong) articles of faith which become codified in 'the literature'. In fact 'Science' is a very human endeavour.
If peer review and scientific method alone were sufficient to accomplish all new work the examples above would not be true. They may be the exception, however they are clearly (IMHO) important exceptions.
Whether through introducing new understandings which would have otherwise been missed or effectively bringing new ideas and tools into the marketplace / policy, these are examples of where 'Science' as an institution comes up short.
None of which, by the way is intended to deny the validity of the various methods. 'Science' progresses through combinations of insight and hard work. Whether the hard work part is practiced to adhere to the rigors of peer review, or to bring an genuinely new idea to market in a form that works, the process is similar.
Whew! That certainly takes care of all those freedom-of-the-press concerns.
freedom of speech and of the press are 2 different clauses of the first ammendment.
(In the USA) the following applies: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press;...
The freedom of the press interpretations under our constitution are so strong as to effectively negate application of libel law to journalists.
I know of no freedom of speech issues wrt code having been brought before the courts which relate to freedom of the press. Also, I believe that press freedoms principally apply to journalism, not to publishing in general.
Cases which bear directly on source code as speech include the ITAR - based prior-restraint placed on Bernstein's Snuffle algorithm (academic / free speech) or PGP.
These cases both turned on ITAR violations, and substantially involved speech issues. PGP source was been legally printed in OCR fonts by the MIT press, which due to constitutional protection was not subject to prosecution under ITAR (yes the law is more bizarre in its detail than most perl code:-)).
The courts have been clear that source code may qualify as speech and enjoy first ammendment protections, but that compiled code at best has weak protection. Further, I am doubtful that proprietary (source or binary) code owned by a commercial entity would be qualify as protected speech.
"The first ant to come along would destroy civilization in a day"
I don't know who wrote this but it's a standard article of faith(sic) in the IT industry.
The only case I can think of in which a vendor provides a meaningful statement that a system operates with a particular fitness for purpose would be systems evaluated under Common Criteria orTSEC
And these systems differ from the vast majority of operating software systems in that:
Certification is made only wrt a specific hardware configuration
In the case of A - level MLS systems there has been a formal proof of security
B - level MLS systems require extensive design and audit validation
None of the above necessarily guarantee the absence of coding errors / holes
So the current state of the art is "software is too complex to guarantee performance", this is codified in commercial code and practice. What this means for now is that entitities which use software cover themselves with insurance. (I have no idea what it costs to insure a commercial web-presence.)
I think changing things to hold producers of commercial software and systems would be a good step. I can't see however how this would happen without forcing considerable change in the practice of software design and development.
Either tehcnology and QA need to change, or software systems would need to become simple. Given the current set of assumptions it is effectively impossible to perform an analysis of any non-trivial code and determine that it is safe in the expected execution environment(s).
Simplicity sounds great on paper. At present there isn't a market for simple software that works with high assurance. (Look at the tiny marketshare for the BSD's). Even the systems that run over unix-like / oss show a degree of bloat that continues to push reliability out the window.
Prudence and solid engineering practice in operations dictate that we use the simpler / more robust tools in key locations. So BSD or secured versions of linux get deployed as firewalls etc, and critical application and database servers are run with various redundancies (clustering / failover etc), which effectively throws hardware at solving the software 'problem'
Generally businesses, people working in their professional contexts do not enjoy the proceess rights.
What is sold as a product is not speech. If the courts have not been uniformly easy on code which expresses scientific ideas, written in an academic context, then certainly commercial software will not (and I think should not) enjoy protection as speech.
What would have to happen to change the current setting where commercial practice (and law) considers all software to be 'without warranty' is another matter.
The obvious reason that SW is presently very much a 'caveat emptor' instance is that most nontrivial software products are both comple and can be run in such a wide array of hardware and software environments that solid analysis of potential failures is clearly infeasible.
Source-based and minimalist distributions
on
Is RPM Doomed?
·
· Score: 2, Insightful
I've long preferred slackware for it's approach which basically looks like BSD both for package management and operatoins interface.
For linuxes the various source-based approaches are becoming more popular / solid. In addition to Gentoo, there are Sorcerer Linux and two working forks (Lunar and Source Mage) see summary.
As pointed out in a comment above this one, when RPM snafus (often) you can usually build from source with minimal effort. Unfortunatley that's not true for RPM itself, which I have found to be a major pita to build from sources, or things like Gnome / E17.
Vendor unixes (Solaris, AIX, HPUX) put a lot of effort into correctly managing dependency checking. Part of their solution, however is in building their own versions of sources and staying as much as 2-3 years behind the current-releases of any given package.
RPM is a far cry from the vendor unix approaches, part of which I'm sure is that it's trying to do a much harder task on a less well defined base platform (random hardware).
Try building RPM from redhat's sources sometime, use the force you're gonna need it! That alone suggests to me that this is not in 'reality' an opensource project. A GPL license for software that doesn't build with './configure; make' doesn't seem like an effective oss project to me.
If I had one line of code of my opensource in thier distro,
One line would not very likely qualify as copyright (copyright applies to 'substantive works'). As GPL is enforceable only via copyright, one line could not be used to claim GPL violation.
I'd be on them like mad.
Folks who've contributed substantial code already have more or less been "on 'them' like mad". Which is neither surprising, nor hard to understand.
Meanwhile, a fair number of folks involved in SELinux development are cooling their heels, waiting to see what the directly responsible parties come up with.
This discussion was opened on Jun 3rd, and SCC notified the LSM list on the 7th that they are trying to hammer out the issues. SCC had a (vaguely worded) statement as reported by LWN about how linux/opensource would be free to apply the practice this patent and noting the GPL status of the code they have produced.
It looked pretty clear (my reading) that this statment was put out in good faith, but not at all solid enough to determine the details (see my other post
below on this subject)
This statement was made in '00, notably the middle of the dotcom 'boom'. No surprise that folks in the midst of that craziness put things out that may have not been fully baked.
The issues aren't simple and for my part I prefer that SCC take their time and get out a statment which is clear and detailed. Then developers and the many people who're using this will hopefully be clear on the details of SCC's promise to allow opensource use of thier patent.
I've been watching this on the Linux Security Module mailing list
SCC, NSA and other interested parties have noted that TE and DTE (domain/type enforcement) are patented respectively by SCC and NAI labs (both of which have contributed substantial code to SELinux.
SCC's statement on their website was vague, simply saying: will be no restrictions on the use of TE by the Linux open source community... will release source code for all the modifications to the existing kernel and for a general-purpose security policy engine under the GPL
LSM itself does not implement TE or DTE and is not affected by these patents. LSM is a standard framework allowing(many) system security implementations to be used in the linux kernel without needing extensive re-writes for every kernel release.
Things that are not clear (to me and I think to most of the participants in this 'issue' with SELinux) include:
on what would this patent be restricted / enforced? - closed source?
exactly who is allowed unrestricted use? Linux? GPL-code? BSD?
when these and other questions are answered, will the letter (spirit?) of GPL be preserved?
When THAT has been determined, how will the various contributors to SELinux respond?
These aren't simple answers, I think SCC's original statment was clear about *intent* and I sincerely hope they'll clarify adequately and in a manner that allows development / deployment of SELinux based tools to proceed.
Questions:
At what level of patent-restrictions would GPL be broken?
restricting use of the patent in proprietary sytems of all types?
proprietary code incorprating GPL code but not distributed? (this is allowed under GPL)
Other 'free' software licenses (BSD, public domain, Artistic...)
Not knowing the details, I don't think there's much to discuss until SCC (and hopefully NAI) clarify their plans wrt these patents and issue clear statements.
My impression is that they're acting in good faith; I'm ok with their taking down the vague statments from the web page while developing something that we can all count on.
The statment quoted on LWN about "needing to negotiate a license to use TE commercially" looks ill-informed. SCC has released GPL'd code which implements TE I believe that limiting that code from commercial use would violate GPL.
I strongly suspect that various folks at SCC weren't communicating adequately (Imagine that!
geeks/marketing/etc not having the best communication skills?!:-)).
Got my finger crossed in hopes this works out smoothly.
First we lost manufacturing/labor type jobs to the cheap labor in other countries
More accurately (imo) in the '70s due in part to what I believe were the highest incremental tax rates ever seen in the US, much investment moved offshore.
Corporations were already beginning to develop international mobility, but facilities, infrastructure, etc are nowhere near as mobile as money. As investors responded to an unfavorable business climate, funds for development dried up.
Today both investment and corporate structures are far more mobile than they were 30 years ago, yet I could not even begin to compare today's economy to what the US (and other nations) experienced in the mid-70's.
Economic landscapes change and people and organizations which fail to adapt invariably hit hard times.
Many people in my generation (boomers) grew up with the expectation that a HS education and a union job, or a factory job as a machinist would guarantee a good income. Many people who entered the workforce during the dotcom boom came to expect that an MCSE or minimal skills in web design would be good for a $40-50k salary. Both of those expectations have been invalidated.
Today you have employers who got bit the the need to hire overpriced/minimally skilled techies at top dollar now asking for impossibly high qualifications (e.g. 8 years experience in Java - which was relesed in alpha-version 7 years ago??!). It's a tougher, but more realistic market than that of a couple of years ago.
"when you think you understand a problem, check your assumptions"
>> If they are found guilty
What do you mean, if? They already have been found guilty
Hehehe, I was wondering if anyone was gonna catch that:-). Yeah they've been found guilty and based on my analysis(sic) I don't think MS currently has a lot of rope left for appeal / supreme-court review etc.
Perhaps I should have said "if the guilty finding holds and an actual penalty (vs wristslapping) is applied...". However, all of this is looking forward at least a few more years and any predictions of what'll be in the offing in that time frame can only be hazy imho.
All of the arguing is over what they can and cannot be forced to do
Umm well MS still has the pending motions: to dismiss, and to remove the penalty of mandated modularization. I expect that there will be other motions etc coming, though I also doubt MS has much more wiggle room with the judiciary.
This goes to show... The fact is Microsoft doesn't give a damn,
Much as I'm no fan of Microsoft's products or their approach to security(sic), Taking 60 days to get a fix released is not necessarily a bad thing and is pretty standard for vendor-software.
Security fixes which are rushed out often simply open up new holes (or cause other problems). Hence, common practice among Unix vendors is to release an emergency fix or patch, which is available sooner, and to later release an update which is fully tested.
Mitre and @Stake recently proposed a standard vulnerability disclosure RFC setting out apprpriate response times for software vendors (open source and proprietary). Basically, the RFC says "contact the vendor, give them at least 30 days to respond / fix; the vendor is responsible for keeping in touch with the reporter every 30 days; don't announce the vulnerability until there is a fix;
The intent here is to get problems fixed and announced in a manner that ensures that system users have a way to update vulnerable systems.
(And personally I'm just fine if vendors also use some of that time to update critical customers, say financial institutions ahead of the rest of us)
In my own practice I usually wait a bit on patches. My immediate approach to a new vulnerability which affects my systems is to disable the vulnerable aspects or apply suggested work-arounds.
As I think many shops using MS are taking patches by the auto-update feature, perhaps propagating internally with SMS; Microsoft has an onus to try to be sure that fixes they put out are in fact correct and without unfound side affects.
I suggest you read "Folded, Spindled, and Mutilated: Economic Analysis and U.S. Vs. IBM" by Franklin M. Fisher et. al.
IBM has it's points good and bad, however the DOJ case (brought by the Johnson administration) was severely flawed (in ways that the MS case is not at least imho).
Among other things the prosecutors made their case on the basis of the market for mainframes. In presenting their case they eliminated the sales of Digital (then the #2 manufacturerer of computing equipment). Then they *included* the sales of IBM's competition in plug-compatible into IBM's 'market share'.
This is how they came up with the '80%' supposed market share figure that was widely published and believed. There were numerous other stupidities in this case.
MS has not, and while they managed to effectively sidestep a weakly worded consent decree after the '95 case, that very disrespect for the law is a big part of why the opposition is playing hardball this time around.
First time the rumor was that Gates threatened the Clinton administration that he'd take MS offshore. As has been said in posts above this one, you can only thumb your nose at the judge for so long before she decides to flex her muscles.
MS has begun to clean up it's act and behave in ways that are required of a monopoly. If they are found guilty and then go back and try to do the same cr*p yet again I daresay they will be facing a truly PO'd judicial system.
That was actually yesterday. the 'old_*' version of the paper was a 'draft'. the 'release' version was placed this morning (11 May '02), MD5 sums and timestamps as recoreded by 'wget' and see
Pdf Info matches sensibly
78b1832fed2f6c28776097570352c225 Jun 10 02:52 old_opensource_whitepaper.pdf
3be312fb8ea04f8d31561c64848a2e27 Jun 10 23:14 opensource_whitepaper.pdf
A conversation with Mr Brown yesterday evening suggested that there will be a much revised version forthcoming. No telling what / when/if such a version will be forthcoming. I have to say my expectations aren't all that high, but then hope springs eternal:-).
"in the U.S. the software sectore accounted for approimately 319 million jobs in 2001"
Interesting given that the US census population clock currently pegs US population at 289 Million.:-).
Seriously, having spoken extensively with the author of this study on the 'phone, he just doesn't follow a lot of the details at a level to coherently argue them with an informed audience.
Sure I can find bright folks on both sides of debates on oss/proprietary, full-disclosure/security-secrecy, win/unix/mac etc.
However ADTI's treatment may pass muster with folks who don't know the details and might have a similar set of economic / philosophic biases (e.g. capitalistic=successful=proprietary).
Anyhow 'Debates' are stoopid imo, debates with 'opponents' who lack enough clue to really participate are simply boring / frustrating.
Slashdot Mirror
For a meaningful comparison of speech which in the US has been ruled as not protected consider the case of anti-abortion activists:
These people were found guilty of accessory to murder, creating the web pages in question for the explicit purpose of directing 'activists' to murder targets. This use of speech is not protected (apprpriately imho) under the constitution.It is also imho fallacious to say that "Anyone else can link / post / whatever this material, why are these organizations [radikal / indimedia] being prosecuted?"
In fact intent matters in many (probably most) legal proceedings. If these self-appointed protectors of my safety choose to act as accessories to violent acts then they risk having problems with the authorities.
Additionally, most network providers Acceptable Use Policies ban the placement / transmission of illegal material. The systems for isolating ISP's who do not subscribe to a minimal set of AUP standards are not as good as I would like to see them, but at least there is some internet policing / agreement on spam and crackers / script kiddies.
Unfortunately there are no simple tech solitions for this set of societal issues. That means that these things will sometimes be settled by the courts.
Just because it's been through a fancy (or expensive) machine it doesn't make the outcome any more valid.
Modelling real processes is a science which has been around for as long as computation. Simulations I used to run with Dynamo (discrete simulation of general PDE's) on a minicomputer was in some ways the coolest. It was also the slowest, a 10-state thermal transfer model could take an hour on a $200k processor.
It is quite possible to look at fine-grained results using finite element or finite-difference methods in mechanical and fluid dynamics problems. For instance looking at vortex-shedding is within the realm of possible for a current model PC or workstation.
verification is done against known data-sets and most simulation work involves checks on accuracy.
Yes, problems which are really in the 'butterfly effect' region are very difficult, interesting (useful) work has been done taking such phenomena to the molecular level. For something like crack-propagation finite element methods have to be very detailed indeed to be predictive and while you can use these for useful results, the 'interesting' part needs to be calculated at the atomic level. That, however I have only seen done in simulation of highly regular materials.
Many of the chaotic results happen where there is a delicate ballance in total energy, e.g. the dynamics of cigarette smoke. 'Useful' problems however usually involve substantial energy transfers and at some computational scale these are not chaotic.
Solar and geo-thermal energy input into global weather patterns involves a LOT of energy and modelling is generally easier where you are looking at such problems.
Computational weather prediction has made impressive strides. 10 years ago the ability to predict weather in New England was dismal, today between better sensors and better models the 5-day forcast is now more often correct than not.
Even if it's just 'party line / pro-forma'. I can well imagine that some of IBM's customers would be unhappy to think that AIX code were being placed into GPL.
One of IBM's major motivations for leveraging Linux is not to capture the x/86 servers into IBM's hardware sales (tho I'm sure that happens). Rather, OSS has moved substantially to a place where Linux-isms are the bread and butter and if you want to run OSS software on UNIX, it's more efficient to create AIX-L(inux) to simplify OSS support for the platform.
*That* (I think) is the driver for investing in linux generally, and IBM recognizes that you don't really get to play in OSS without giving something back. And they are getting to play in the design and understanding in detail which will allow thier AIX5L to interoperate better with linux itself.
Additionally, just pulling the code from one unix and inserting it to another probably wouldn't play well in terms of reliability. Kernel data structures are going to be different, and I think to generate bug-free code you're better off simply taking the *idea* and writing it from scratch in the different environment.
Also, note: it's hardly a new phenomenon. I know AIX coders who've consistently provided substantial pieces of code directly to the Linux platform since the mid '90's. And I know of instances where some (not very smart) IBM customers were substantially unhappy about this.
They had a medeco core in a plastic barrel, with a plastic lock arm inside.Pick-proof yes (even the three-tumbler version) but hardly secure.
That's definitely a different unit. The rs/6k deskside units rear-panel used a medeco turning a roughly 2" square steel plate which engaged the case and covered:
A 2 foot long screw lead to the front of the case, and locked the front-panel cover. The front panel control keyswitch prevented booting when in 'secure' position.
Basically yes you can always get inside but on these machines you're not gonna do it without breaking the case first.
The desktop rs/6k machines of more recent vintage use lower cost locks, dunno about the larger machines.
IBM used to (and I imagine still does) build thier rs/6000 cases this way. The thing that always pleased me most was the use of a Medeco biaxial lock & key. Medeco's are effectively not pickable, in contrast to virtually all other pin-tumbler locks.
I don't know what other vendors use this or similar methods for the cases. the usual 3-4 pin lock incorporated in all the other cases I've seen (including some pretty expensive ones from Compaq / HP) were trivial to open. Even the use of mushroom pins is not going to be proof against a reasonably skilled intruder.
[Sigh] too true. My first thought on seeing the damage to the WTC was "goddess it's finally happened *here* :-(". The second was knowning that many of the folks in the US fail to realize that much (most?) of the rest of the world has faced this crap for decades. I think anyone who observed the lax state of US security over the recent decades has realized that this would happen someday.
It didn't help that the IRA was getting 50% of its money from US citizens supporting Noraid either. ... Or perhaps they didn't care.
The son of my neighbor (who's a retired boston police officer), just 2 doors down was arrested maybe 10 years ago by FBI for trying to run guns to the IRA. He'd actually been dealing with FBI posing as PIRA. I'm glad they bagged at least that one.
I lost friends in the UK armed forces ... Perhaps US isolationism will be reduced as a result of 11/11. Personally I don't hold much hope.
Dear goddess. I'm sorry and grieve for you and your people who were lost. As to how the US is changing internally, while my observation has *often* been of heightened isolationism, there is also heightened awareness that terror is not new. And that everyone else has been living with it for a long time.
While London in 1983 was in the midst of a time of relatively high terrorism, The experience of being in London for a US citizen was an interesting contrast. People were very mindful of left packages anywhere public. Paris was markedly more striking in the presence of guards armed with automatic weapons outside many embassies / banks. Only saw that once in London that trip.
In 1996 there was a very different feel. The presence of private security cameras was highly visible and I was warned a few times about elevated danger of street crime. London still felt far safer on ballance than any US city I've ever spent time in, but still much changed from '83, let alone '69.
In the US presently I think most of the population would welcome far stricter intrusions of privacy than what the government has actually opposed (which is still somewhat more than I'm happy about).
The UK has lived with visible levels of terrorism for decades, while for we in the US it's a pretty new adjustment. Don't know how that affects policy or people's actions on a daily basis, 'cause I don't live there.
Equally, it was interesting to hear of the FBI agent who accidentally dumped sniffed al quaida emails when he(she?) realized that unauthorized private emails had been recorded.
While I'm very much concerned about some of the responses post sept 11, when I read the statutes, they were(e.g.) quite explicit about granting authority to read *headers*.
Mostly I think these folks are acting in good faith and often the biggest headlines originate in things that are still 1/2 baked on release.
'course software can be like that also
It's not an new debate. Personally I can think of few excuses for not working with the apache team to have a working and hopefully tested patch available and ready prior to any public dissemination of the fault.
The reality is that neither the kiddies nor the actual writers of exploits have stumbled upon this until ISS notified them.
It is illegal to own lockpicks in all states I know of. That's an old law, while generally the US doesn't outlaw items that have legitimate uses, clearly DMCA shows that we could someday see a class of coding and analysis tools which can also be used for attack outlawed.
I can't see how ISS is helping to avoid that outcome.
Regrettable that there's no patch (yet), sites running 64 bit ought to be taking immediate steps to prevent release of data readable by the apache account. I imagine there will be som DOS-ing of the more abundant 32 bit platforms.
As it's not what *I* concluded, I'm not sure why you mention it. What I *did* provide was objective evidence that peer review is not the only way of progress in science. As But every example you offer indicates the strength of the peer review process
One example (Margulis) relates to peer review. I am not so sure that 10 years for the field to move from open derision to acceptance is a 'strength' however both sides of that coin are value judgements. My statement is not that peer review doesn't work, rather that 'there's more than one way to do it'.
What use is it if a lone wolf "gets it right", if we can't tell that he/she got it right?
In the instances I quoted you can tell when they make something that works. The market is not a perfect peer-review but it's a darned efficient one.
Poincare could not have ... Quantum Mechanics did not even begin to exist until the discovery of the electron in 1897
How 'bout you take it up with the author of: Poincare,'s proof of the quantum discontinuity of nature. - Jeffrey J. Prentis; 63 (4), 339-50.
As it happens Poincare's 3-body problem is also seen as the first consideration of the chaotic systems which are part of Wolfram's departure from the mainstream.
I will grant that Poincare saw a lot of the implications of non-Euclidean spaces, a fundament of Einstein's General Relativity
How kind of you. Poincare is 'acknowledged as a co-discoverer, with Albert Einstein and Hendrik Lorentz , of the special theory of relativity'
To close on some of the problems which I do see in the practice of modern academic science in general and peer review in particular:
- Peer review engenders:
- thousands of academic journals each of which can be subscribed to at a cost of $250-1000/ year
- a body of knowlege which is substantially disjoint from the knowlege of 'technology'
- a view at Nature, one of the pre-eminent publications that their few hundred words of review of ANKOS is worth $15 to me
Academic research *is* valuable, as a technologist who has functioned as a 'gatekeeper' I'm keenly aware of what things don't (often) happen within the context of corporate R&D.Which is a system functioning in a separate technology realm from industry and invention. I can't directly site the MIT study, but the result is effectively (my analogy) what's seen in child-development. Before the development of a set of social / communication skills small children will play adjacent to each other and rarely interact.
Neither of these systems (academia / industry) in practice holds the other in particularly high regard. In fact a small fraction (ca 1-5%) of engineers / scientists stay current with what's happening in 'that other area', these individuals, termed 'gatekeepers' are repsonsible for nearly all technology transfer.
the scientific system excludes certain types of claims ... it logically runs the risk of excluding the bona fide true revolutionary.... Yet in truth it does not seem to do that all that often.
I guess it depends on what you consider 'often' and 'revolutionary'. Lynn Margulis's discovery that Eukaryotic (all higher order life) cells resulted from the symbiotic relationship between prokariotic cells and viruses was actively derided in biology for a decade.
Scientists who choose not to live in the arena of academia, or corporate R&D are often the innovators who bring the most real innovations to light.
Examples:
- James Lovelock (inventor of gas-chromatograph tools, responsible for Gaia hypothesis and warning of te HCFC / Ozone problem)
- Itzak Bentov (one of 2 principal inventors of angioplasty and related less-invasive medicine one of the founders of Boston Scientific (now $2B+ sales)
- Stephen Wolfram
The common theme among these individuals is that they pursued new work in part outside of established doctrine, and to some extent this was precisely possible becuase they worked outside of 'peer review'Lovelock observed in his original book about Gaia that some kinds of research will never be taken on in academia (or the results of completed work will be rejected) because of purely social considerations. He cites the mis-evaluated concerns for safety in nuclear energy, comparing it to the actual (larger) magnitude of toxic chemical contamination risks.
For a similar example read (or google for) "Brain Sex", a summary of research documenting differences in male and female brain structure. Researchers in this field have uniformly found that because it is not 'PC' to observe that male and female cognigtion / brain structure exhibit meaningful differences, their (almost certainly valid) works are very slow to be funded or accepted.
These individuals and fields demonstrate how sometimes truly groundbreaking work can only happen outside of the established context. In these instances and many similar ones this happens when an individual can fund his(her) own work and therefor work outside of the peer review system of science.
Einstein's theories were nothing short of the demolition of... Newtonian worldview
Actually, Poincare noted the implications of both Relativity and Quantum Mechanics a couple of decades before Einstein applied the mathmatics necessary to fully illuminate the problem.
'Science' often believes the myth that it is an objective undertaking, not subject to whim or 'current fashion'. Most people who work very long in scientific fields discover that there are (wrong) articles of faith which become codified in 'the literature'. In fact 'Science' is a very human endeavour.
If peer review and scientific method alone were sufficient to accomplish all new work the examples above would not be true. They may be the exception, however they are clearly (IMHO) important exceptions.
Whether through introducing new understandings which would have otherwise been missed or effectively bringing new ideas and tools into the marketplace / policy, these are examples of where 'Science' as an institution comes up short.
None of which, by the way is intended to deny the validity of the various methods. 'Science' progresses through combinations of insight and hard work. Whether the hard work part is practiced to adhere to the rigors of peer review, or to bring an genuinely new idea to market in a form that works, the process is similar.
freedom of speech and of the press are 2 different clauses of the first ammendment.
(In the USA) the following applies:
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press;...
The freedom of the press interpretations under our constitution are so strong as to effectively negate application of libel law to journalists.
I know of no freedom of speech issues wrt code having been brought before the courts which relate to freedom of the press. Also, I believe that press freedoms principally apply to journalism, not to publishing in general.
Cases which bear directly on source code as speech include the ITAR - based prior-restraint placed on Bernstein's Snuffle algorithm (academic / free speech) or PGP.
These cases both turned on ITAR violations, and substantially involved speech issues. PGP source was been legally printed in OCR fonts by the MIT press, which due to constitutional protection was not subject to prosecution under ITAR (yes the law is more bizarre in its detail than most perl code:-)).
The courts have been clear that source code may qualify as speech and enjoy first ammendment protections, but that compiled code at best has weak protection. Further, I am doubtful that proprietary (source or binary) code owned by a commercial entity would be qualify as protected speech.
I don't know who wrote this but it's a standard article of faith(sic) in the IT industry.
The only case I can think of in which a vendor provides a meaningful statement that a system operates with a particular fitness for purpose would be systems evaluated under Common Criteria orTSEC
And these systems differ from the vast majority of operating software systems in that:
So the current state of the art is "software is too complex to guarantee performance", this is codified in commercial code and practice. What this means for now is that entitities which use software cover themselves with insurance. (I have no idea what it costs to insure a commercial web-presence.)
I think changing things to hold producers of commercial software and systems would be a good step. I can't see however how this would happen without forcing considerable change in the practice of software design and development.
Either tehcnology and QA need to change, or software systems would need to become simple. Given the current set of assumptions it is effectively impossible to perform an analysis of any non-trivial code and determine that it is safe in the expected execution environment(s).
Simplicity sounds great on paper. At present there isn't a market for simple software that works with high assurance. (Look at the tiny marketshare for the BSD's). Even the systems that run over unix-like / oss show a degree of bloat that continues to push reliability out the window.
Prudence and solid engineering practice in operations dictate that we use the simpler / more robust tools in key locations. So BSD or secured versions of linux get deployed as firewalls etc, and critical application and database servers are run with various redundancies (clustering / failover etc), which effectively throws hardware at solving the software 'problem'
Which is just another name for insurance.
What is sold as a product is not speech. If the courts have not been uniformly easy on code which expresses scientific ideas, written in an academic context, then certainly commercial software will not (and I think should not) enjoy protection as speech.
What would have to happen to change the current setting where commercial practice (and law) considers all software to be 'without warranty' is another matter.
The obvious reason that SW is presently very much a 'caveat emptor' instance is that most nontrivial software products are both comple and can be run in such a wide array of hardware and software environments that solid analysis of potential failures is clearly infeasible.
For linuxes the various source-based approaches are becoming more popular / solid. In addition to Gentoo, there are Sorcerer Linux and two working forks (Lunar and Source Mage) see summary.
As pointed out in a comment above this one, when RPM snafus (often) you can usually build from source with minimal effort. Unfortunatley that's not true for RPM itself, which I have found to be a major pita to build from sources, or things like Gnome / E17.
Vendor unixes (Solaris, AIX, HPUX) put a lot of effort into correctly managing dependency checking. Part of their solution, however is in building their own versions of sources and staying as much as 2-3 years behind the current-releases of any given package.
RPM is a far cry from the vendor unix approaches, part of which I'm sure is that it's trying to do a much harder task on a less well defined base platform (random hardware).
Try building RPM from redhat's sources sometime, use the force you're gonna need it! That alone suggests to me that this is not in 'reality' an opensource project. A GPL license for software that doesn't build with './configure; make' doesn't seem like an effective oss project to me.
One line would not very likely qualify as copyright (copyright applies to 'substantive works'). As GPL is enforceable only via copyright, one line could not be used to claim GPL violation.
I'd be on them like mad.
Folks who've contributed substantial code already have more or less been "on 'them' like mad". Which is neither surprising, nor hard to understand.
Meanwhile, a fair number of folks involved in SELinux development are cooling their heels, waiting to see what the directly responsible parties come up with.
This discussion was opened on Jun 3rd, and SCC notified the LSM list on the 7th that they are trying to hammer out the issues. SCC had a (vaguely worded) statement as reported by LWN about how linux/opensource would be free to apply the practice this patent and noting the GPL status of the code they have produced.
It looked pretty clear (my reading) that this statment was put out in good faith, but not at all solid enough to determine the details (see my other post below on this subject)
This statement was made in '00, notably the middle of the dotcom 'boom'. No surprise that folks in the midst of that craziness put things out that may have not been fully baked.
The issues aren't simple and for my part I prefer that SCC take their time and get out a statment which is clear and detailed. Then developers and the many people who're using this will hopefully be clear on the details of SCC's promise to allow opensource use of thier patent.
SCC, NSA and other interested parties have noted that TE and DTE (domain/type enforcement) are patented respectively by SCC and NAI labs (both of which have contributed substantial code to SELinux.
SCC's statement on their website was vague, simply saying: will be no restrictions on the use of TE by the Linux open source community ... will release source code for all the modifications to the existing kernel and for a general-purpose security policy engine under the GPL
LSM itself does not implement TE or DTE and is not affected by these patents. LSM is a standard framework allowing(many) system security implementations to be used in the linux kernel without needing extensive re-writes for every kernel release.
Things that are not clear (to me and I think to most of the participants in this 'issue' with SELinux) include:
- on what would this patent be restricted / enforced? - closed source?
- exactly who is allowed unrestricted use? Linux? GPL-code? BSD?
- when these and other questions are answered, will the letter (spirit?) of GPL be preserved?
- When THAT has been determined, how will the various contributors to SELinux respond?
These aren't simple answers, I think SCC's original statment was clear about *intent* and I sincerely hope they'll clarify adequately and in a manner that allows development / deployment of SELinux based tools to proceed.Questions:
At what level of patent-restrictions would GPL be broken?
Not knowing the details, I don't think there's much to discuss until SCC (and hopefully NAI) clarify their plans wrt these patents and issue clear statements.
My impression is that they're acting in good faith; I'm ok with their taking down the vague statments from the web page while developing something that we can all count on.
The statment quoted on LWN about "needing to negotiate a license to use TE commercially" looks ill-informed. SCC has released GPL'd code which implements TE I believe that limiting that code from commercial use would violate GPL.
I strongly suspect that various folks at SCC weren't communicating adequately (Imagine that! geeks/marketing/etc not having the best communication skills?! :-)).
Got my finger crossed in hopes this works out smoothly.
More accurately (imo) in the '70s due in part to what I believe were the highest incremental tax rates ever seen in the US, much investment moved offshore.
Corporations were already beginning to develop international mobility, but facilities, infrastructure, etc are nowhere near as mobile as money. As investors responded to an unfavorable business climate, funds for development dried up.
Today both investment and corporate structures are far more mobile than they were 30 years ago, yet I could not even begin to compare today's economy to what the US (and other nations) experienced in the mid-70's.
Economic landscapes change and people and organizations which fail to adapt invariably hit hard times.
Many people in my generation (boomers) grew up with the expectation that a HS education and a union job, or a factory job as a machinist would guarantee a good income. Many people who entered the workforce during the dotcom boom came to expect that an MCSE or minimal skills in web design would be good for a $40-50k salary. Both of those expectations have been invalidated.
Today you have employers who got bit the the need to hire overpriced/minimally skilled techies at top dollar now asking for impossibly high qualifications (e.g. 8 years experience in Java - which was relesed in alpha-version 7 years ago??!). It's a tougher, but more realistic market than that of a couple of years ago.
"when you think you understand a problem, check your assumptions"
What do you mean, if? They already have been found guilty
Hehehe, I was wondering if anyone was gonna catch that :-). Yeah they've been found guilty and based on my analysis(sic) I don't think MS currently has a lot of rope left for appeal / supreme-court review etc.
Perhaps I should have said "if the guilty finding holds and an actual penalty (vs wristslapping) is applied ...". However, all of this is looking forward at least a few more years and any predictions of what'll be in the offing in that time frame can only be hazy imho.
All of the arguing is over what they can and cannot be forced to do
Umm well MS still has the pending motions: to dismiss, and to remove the penalty of mandated modularization. I expect that there will be other motions etc coming, though I also doubt MS has much more wiggle room with the judiciary.
Much as I'm no fan of Microsoft's products or their approach to security(sic), Taking 60 days to get a fix released is not necessarily a bad thing and is pretty standard for vendor-software.
Security fixes which are rushed out often simply open up new holes (or cause other problems). Hence, common practice among Unix vendors is to release an emergency fix or patch, which is available sooner, and to later release an update which is fully tested.
Mitre and @Stake recently proposed a standard vulnerability disclosure RFC setting out apprpriate response times for software vendors (open source and proprietary). Basically, the RFC says "contact the vendor, give them at least 30 days to respond / fix; the vendor is responsible for keeping in touch with the reporter every 30 days; don't announce the vulnerability until there is a fix;
The intent here is to get problems fixed and announced in a manner that ensures that system users have a way to update vulnerable systems. (And personally I'm just fine if vendors also use some of that time to update critical customers, say financial institutions ahead of the rest of us)
In my own practice I usually wait a bit on patches. My immediate approach to a new vulnerability which affects my systems is to disable the vulnerable aspects or apply suggested work-arounds.
As I think many shops using MS are taking patches by the auto-update feature, perhaps propagating internally with SMS; Microsoft has an onus to try to be sure that fixes they put out are in fact correct and without unfound side affects.
but maybe I'll hum a few bars :-)
My first MS bug: '83 MS Fortran v3.1 produced incorrect machine code in do loops nested >= 3 deep
IBM has it's points good and bad, however the DOJ case (brought by the Johnson administration) was severely flawed (in ways that the MS case is not at least imho).
Among other things the prosecutors made their case on the basis of the market for mainframes. In presenting their case they eliminated the sales of Digital (then the #2 manufacturerer of computing equipment). Then they *included* the sales of IBM's competition in plug-compatible into IBM's 'market share'.
This is how they came up with the '80%' supposed market share figure that was widely published and believed. There were numerous other stupidities in this case.
MS has not, and while they managed to effectively sidestep a weakly worded consent decree after the '95 case, that very disrespect for the law is a big part of why the opposition is playing hardball this time around.
First time the rumor was that Gates threatened the Clinton administration that he'd take MS offshore. As has been said in posts above this one, you can only thumb your nose at the judge for so long before she decides to flex her muscles.
MS has begun to clean up it's act and behave in ways that are required of a monopoly. If they are found guilty and then go back and try to do the same cr*p yet again I daresay they will be facing a truly PO'd judicial system.
78b1832fed2f6c28776097570352c225 Jun 10 02:52 old_opensource_whitepaper.pdf
3be312fb8ea04f8d31561c64848a2e27 Jun 10 23:14 opensource_whitepaper.pdf
A conversation with Mr Brown yesterday evening suggested that there will be a much revised version forthcoming. No telling what / when /if such a version will be forthcoming. I have to say my expectations aren't all that high, but then hope springs eternal :-).
Interesting given that the US census population clock currently pegs US population at 289 Million.:-).
Seriously, having spoken extensively with the author of this study on the 'phone, he just doesn't follow a lot of the details at a level to coherently argue them with an informed audience.
Sure I can find bright folks on both sides of debates on oss/proprietary, full-disclosure/security-secrecy, win/unix/mac etc.
However ADTI's treatment may pass muster with folks who don't know the details and might have a similar set of economic / philosophic biases (e.g. capitalistic=successful=proprietary).
Anyhow 'Debates' are stoopid imo, debates with 'opponents' who lack enough clue to really participate are simply boring / frustrating.