How do I know all this you ask? That's far above your security clearance, citizen, as is this ULTRAVIOLET (white) page you're viewing. Report for Reactor Shielding Duty immediately!
I kinda wish that people would start mandating things like "hacking insurance" (for anyone who stores CC#'s, SSNs, etc. on their computers) and mandatory disclosure (e.g. you HAVE to report it when these are compromised both to the CC companies and the public), as well as how you pay restitution for any unlawful use of the stolen data (e.g. if some kiddie scams $4000 with your CC, they pay, not you)...
Hell, there's a police report in the local paper; why not do that for security breaches?
And I mention insurance because people will want to lower their premiums (costs $$$) and insurance companies can dictate best practices/standards which really do help lower risk (since it's in their best interests not to pay things out)...
Well, there are still flaws in that (no incentive to report breaches if you can get away with it) it might be a start in the right direction... IMHO, anyhow:]
One-time pads can only transfer as much data as the pad length, that is the nature of them. Rehashing them and whatever leave you open to attacks. So you need to transfer N bytes of pad to get N bytes of data securely. Well, if you already have a secure quantum line, why not send N bytes of data?
Because you don't want it to be intercepted. This lets you know that the bits weren't intercepted. If part of it is intercepted, better they get bits of pad you will no longer use than the real data you're working to keep secret...
Now, if you could transfer a small symmetric key (well, at least on the order of bytes or kilobytes, not gigabytes), on the other hand...
This is most likely what it would be used for. However, for smaller messages, one-time pads could be a good thing; even if various cryptosystems are later broken by advances in mathematics/factoring or by sheer brute-force, one-time pads will remain secure.
Oh and one more thing - don't forget to have some kind of checksum on the OTP - if someone replaced the OTP with another OTP (standard man-in-the-middle attack) you wouldn't know... after all, it's only random data. The pads may no longer match, but who'd notice?
If it's corrupted, you just won't use it, and you'll probably investigate who is tapping your line in person. Best read up on the QM of this; Heisenburg is proving quite useful for this purpose:]
In one of the more unusual corners of the annals of copyright law, I seem to remember there being something about the "Teddy Ruxpin" which might well deter you from hacking it.
For those of you who don't remember that device (and I have only vague recollections of seeing it on TV myself), the Teddy Ruxpin was a stuffed bear which moved its mouth in sync (more or less), to the words of any cassete placed in the device. When packaged with a book & tape, it would, in effect, read the book to the child.
Now I imagine that by now you're wondering what on earth this could possibly have to do with copyright law, right? Allow me to quote from this:
As an example of copyright law, Zittrain cited a case that involving the manufacturer of the Teddy Ruxpin talking teddy bear. The company sued when someone created a "new" Teddy Ruxpin doll by removing the tape inside the doll that simulates its speech, re-recording the tape and inserting it back into the doll. The judge found that the individual had in fact created a derivative work that infringed on Teddy Ruxpin's copyright.
And we had best get used to unusual decisions like this. Unless you live to be over 70 (and barring a change in the law), absolutely nothing copyrighted during your lifetime will ever pass into the public domain.
Of course, if you're a US voter, and you would like to help end some of the copyright inanity (the DMCA, the NET Act, etc.), feel free to petition your representatives. You can call them for free via this 1-800 number (they will help transfer you to the proper representative): 1 (800) 839-5276
Actually, that little provision of the NET Act is being used against SCO. Linus himself first noticed it in some interview, I think:] Ironic, how something good might come out of something inane... Maybe SCO vs. IBM will at least finally establish the GPL in the minds of some; I couldn't ask for a much better case to have it tested in--an unreasonable opponent should help IBM establish better precident, I hope.
In the mean time, yeah, I don't like how rediculously criminal this is becoming. I'm not sure I'd care to have them enforce it, however, as I fear that it could very easily be enforced in an unfair manner, but not widely enough to get it overturned... That is, it would be possible to only prosecute those sharing certain works and not others, were there some pressure to do so...
Uhh, unless my knowledge of history is off, RTM's worm hit only Vaxen...
Yes, Vax/VMS, an OS so ancient, I've used it but a little. Enough to believe that it's not very UNIX-like at all, at least...
Y'know, there was once a time when people believed that worms (not viruses) could be helpful/useful... of course, that has long since been disproven...
Okay, true. There are some Windows lockdown tools. Some are even pretty good. Of course, there are also things like that nasty "shatter" attack... You know, the badly designed bit of protocol that makes windows (the objects) vulnerable if they have an edit control, are on the desktop, and have admin privs.
Now, of course, you may say that good coding practices (and how I wish that we all used good practices!) dictate not to have a vulnerable window with an edit control to be vulnerable to that.
I've heard it compared to a SUID root program with an overflow. My question is: How do you audit your system for crap like that? Mind you, finding ALL SUID root executables is a single command on *nix.
This is just a small example of how *nix is more secureable than windows.
Another would be this: we all know about format string bugs. Nasty chars can be injected and will cause overflow problems in anything that uses them improperly. In *nix, a few appropriate greps will allow me to find (and fix!) ever single such bug in Linux (SFAIK, there aren't any, but the point here is that I can *check*). How many are in Windows? How do you know? I don't relish the thought of reverse engineering Windows to check, moreover the EULA says that I cannot (whether or not this EULA is actually enforceable, I leave to others to debate).
Suppose another such category of exploits is discovered; what can you do? I can grep, you cannot. And think before you speak--even a code monkey can grep for things like format strings & bug someone else to fix it.
Linux is secureable, Windows cannot be... unless it were set Free (libre), perhaps...
As for who is the most secure, that's OpenBSD, hands down. Theo may not be the most likeable person ever, but he keeps OpenBSD secure. I half-wish he'd audit Linux, but I'm sure he'd probably just drive the core developers nuts...
An abomination. Don't even get me started, lol. I rant on its absurdity and unconstitutionality in other recent posts if you want to dig through them. The DMCA creates frik'n thought crime - ask if you want me to elaborate/explain. ----
You're preaching to the choir, here, man. Of course, you realize that they're now trying to give us 3 year prison sentences for P2P usage (so long as you share over 1,000 infringing works)... Not that everyone wouldn't just start sharing 999 right after that, but sheesh! Sadly, the mods rejected it when I tried to submit a story with links to the current draft of the law, a story on another news site, the Open Secrets page on both of the lawmakers who proposed it and the number to call your rep at for free... In retrospect, I probably should not have chosen an alliterative title (Pirate Prison Proposed)... c'est la vie:]
Have it spit out, say, Mozilla, Knoppix, etc. CDs all 100% up to date. Hell, you can add a printer to it and spit out a couple of printouts about your CD if you like, too.
Assuming someone doesn't patent the whole idea...:/
All software - $5
(Mostly because I wouldn't care to risk much more than that much money in a vending machine.)
Who says there can be no profit in Open Source?:]
Oh, hrm, you do have to comply with the GPL and put the source on those CDs, though, I would think, but that shouldn't be onerous... (or you can give them the written offer for the source... considering how few folks would need it, in all likelyhood, when it's available online...)
Yes, perhaps I should have clarifed the current EULA situation. There are certainly people who think I'm worng. Maybe I *am* wrong. But nobody has actually pointed out any flaw in my argument yet. -----
As you say, the judges go out of their way NOT to decide on the basis of the EULA... This is part of my fear--for example, common advice on slashdot is to have a minor install your software (since any contract they enter into that's not for 'essentials' is voidable [but not void, yes, I got to watch a televised law class on this once]), so by delegating it to your kids, you've probably still agreed to be bound by it.
Another problem is that the DMCA gives you no rights to crack any copy protection. They may integrate the installer/EULA bit with that, so you DO need their license to get access to something you already paid for:[ And, of course, it would make it criminal to make or use any option that would let you disagree with the EULA offered.
I see that you've addressed the last main point, however. There would be a fight over how "accepted" the practice is, and all too many of them have some pretty standard language. Now then, of course I don't think that they should be upheld, or that such one-sided "contracts" should be allowed even in principle (I mean, really, in a EULA, what DO they offer? No wonder they want them to be licenses... licenses you don't and SHOULD not need...).
My problem is that there are some judges who probably don't agree with this, and I guess I'm just a bit pessimistic about it:/
Thanks for the information, though. I'll have to read more of that case law sometime:]
While that law may be based on real things on some level, I do not believe it to be true, and I can assure you that the ESA (formerly the IDSA) regularly sends out DMCA notices to remove ROM sites, just as MediaDefender does for other media.
I certainly cannot corroborate the bit about NOA ever giving some kind of 24 hour exemption. If anything, they have invented new restrictions I am unable to verify from copyright law (of course, I must confess that I have not read all of it, it is incredibly long, complex, and I'm probably missing most of the important case law, anyhow, since I don't have WestLaw or any of the other tools needed for proper legal research).
You can see the legal section of ConsoleClassix for some information concerning ROMs (they actually got their info from a real lawyer), but I'm a bit more leery of Nintendo's legal section, as they don't bother to give me references so that I can actually trace down some of the rules they've listed, such as that, to paraphrase, 'game copying devices are illegal AS WELL AS any backup copies made via them, even if they're used as backup copies under USC 117.'
Mind you, I did try to ask legal@nintendo.com exactly how one might exercise their right to make backup copies in light of that. They declined to respond.
Thanks for your commentary; your references appear all in order and generally conform to what I understand to be correct.
I do, however, remember reading an article on SecurityFocus about how EULAs are far more binding than we'd like, based on the case law as of the time when that article was written. It wasn't that long ago, so I do fear that one could not depend on EULAs being held unenforceable, either in whole or in part.
I also remember hearing how if you make any effort to bypass the contract, you could still be considered bound by it, as you were using the work without the contract you were supposed to have. What I'm saying is that the judges might find it inequitable that you "cheated" to get out of the contract, and would still bind you to it. The worse part of this is that due to the excessively narrow bits about ephemeral use (which appears to have been originally crafted to mean that mere use of software doesn't require license [permission] from the copyright holder), a judge may still decide that you DO need the contract, and cannot "weasel out" of it on those grounds.
Personally, I find that arguement absurd and very much against what I believe is the plain reading of Sec. 112, but I cannot say that I would be all that willing to depend on it in court, especially were they to argue that their EULAs are 'ordinary' and thus cannot be excessive. Mind you, IANAL, I just read copyright law, Groklaw, etc. sometimes because I need to know about some of these stupid laws, these days.
Well, let me see here. I'm no lawyer, but I play one on slashdot (and I read Groklaw):P
If you're a real lawyer, or can provide credible evidence that what I say is wrong, by all means, be my guest; I'm just explaining things as best I understand them from all the reading I've done on the subject.
For one, you don't need a damned license (a license is permission, a contract is a mutual agreement/exchange of value) to play this music. Or at least you weren't supposed to. There's a clause in USC 117 (copyright law) that says that ephemeral copies aren't supposed to be infringing. Of course, case law hasn't exactly made any good use of it, even though it should have... Especially when it comes to EULAs, when one might be led to believe that they're signing a contract to give up rights for permission they're not supposed to need... Sadly, the courts have upheld a number of EULAs:/
The problem is that they have DRM, and the DMCA has those anti-circumvention restrictions. In other words, they're leaving us with "rights" that we no longer have the power to exercise. The librarian of congress apparently has some power to craft exemptions here (perhaps we should be lobbying there, more?). The only such relevant exemptions I can remember were posted to Slashdot a while ago... I understand it to mean that we can crack DRM for obsolete platforms, but I advise you to read their statements in the original--there are, no doubt, nuances concerning this that may be important if you intend to rely on these exemptions.
Now then, what's worse is that depending on how you crack the DRM, you could, at least theoretically, run across problems with patents and with trade secrets. At least with trade secrets, you have to be a party to them to begin with in orter to run afoul of them. That is, unless you get the information on the DRM under an NDA, you shouldn't worry too much about this. At least, not that I know of. I do remember it coming into play with DeCSS, but I don't remember specifics. As for patents, they're even worse, in that you don't have to know of the patent's existence to run afoul of it...
For another, I'm assuming you get some kind of click through EULA. This makes it a contract, not a license, since they've obtained your consent to all those crazy restrictions. SOME EULA restrictions (notably "you can't benchmark our product") have been shot down. SOMETIMES. There are judges split between "freedom to contract" and others who think it better to overturn "unfair" terms. You cannot depend on such things.
There are other issues, in particular the "first sale doctrine" that tries to limit folks imposing contracts after a sale has been completed. While I wish this were extended a bit more, mostly judges seem to be remiss to invoke this unless they don't let you SEE the terms you're agreeing to until it's too late to RETURN the product (making your disagreement futile). MS has some rather clever lawyering that, in effect, has long force us to pay the "windows tax"... There are plenty of others who have described rather well how this works, so I will not dwell on it.
Lastly, "fair use" is an "affirmative defense" to copyright infringement. What that means is that by asserting it, you say that "Yes, I DID infringe on their copyrights, BUT..." Specifically, there are something like four factors the judge takes into consideration, such as whether it was for NON-profit educational use (profit is VERY broad here, even ads on your webpage might count), whether you use a large portion of the work in relation to the whole, and how it affects them financially. I think I left out a factor, so Google it by all means.
Mind you, some of the more common mythical provisions do NOT exist. The "delete this in 24 hours" bit is BS, as are pretty much every single one of the disclaimers you may see in "warez" sites. The "10%" myth might be a semi-sensible restriction under th
So he's going to monopolize the on-system firewall and anti-virus industry next. Big deal. (The firewall should be on a separate system, anyhow...)
He does this instead of, say, removing some of the crappiness of IE which makes it the browser with the worst security record ever, and the only one in which I can ever remember seeing a remote code execution hole in, offhand...
At least user education might be useful, if it were done right. Then again, AOL is hit by how many scams wherein people steal passwords? They've only told every customer multiple times that they will never ask for it...
Even so, it's not like this is new. I've been teaching computer basics (including security) at my local library for some time now...
Oh well. Let's just hope that he copies more of the good ideas than the bad ones. There's nothing new here that I can see...
Daniel Lyons Article
on
Red Hat Recap
·
· Score: 5, Insightful
This is another Daniel Lyons article.
Daniel Lyons is an idiot. He does no research whatsoever, as far as I can tell. He wrote a piece on Groklaw that consisted of reading PJ's (inaccurate, to protect her privacy) whois information on her domain and accusing her of working for IBM simply because IBM has an office in that city (the irony being that she doesn't actually live there...).
To support his arguements, he quoted random trolls. I don't remember offhand if they were from Yahoo or Slashdot, but it doesn't matter and I mention this simply to give you some idea of how little thought this man puts into his pieces.
In short, the proper response to an idiotic article like this is simply to consider the source, and then ignore it. Save, of course, that I reccomend to everyone who might care that they never subscribe to Forbes because their research is shoddy, and I can prove it with respect to these stories.
At least Didio seemed to finally wake up when last she commented on SCO, only to stop commenting on it (at least, so far as I have seen as of this writing). Lyons, however, seems to have gotten upset when it became clear to anyone following the SCO story that he had done no research, and is thus personally invested in the story at this point. That is the only explanation I can give for his incredibly infantile and poorly reserached article on PJ, which was, ironically motivated by her comments that he needed to do better research...
So then, it is clear that Forbes' editors are prone to letting poorly researched crap past them (assuming they actually do any sort of editorial review over Lyons to begin with), and that the entire publication should be considered suspect until such time as they can demonstrate better research skills, not to mention a higher level of maturity.
Frankly, to me, Lyons is nothing more than a troll who uses a spell checker and has wider readership. My primary uses for his article consist entierly of a meager amount of comedic value and source material to have printed on novelty toilet paper. I should hope that no one ever decides to challenge that as fair use, because I would have too much amusement in creating bad puns with the acronym IP...;]
Any defense against the GPL they could have would require an admission that they were violating the copyrights of many other people (who, I have no doubt, would sue them even out of spite).
Moreover, the rest of those statements have been refuted, both in and out of court...
Oh well. The courts are rational, and I'm sure that they will be able to figure this out...:] In the mean time, it's ironic that he's very clearly doing something quite foolish and detrimental to his case. But I see no need to mention what that is, because I understand that he does read comments on Slashdot and elsewhere, and I'm not exactly on his side...:]
I fear that Microsoft is just trying to keep some token competitors around for the sole purpose of avoiding antitrust claims, while at the same time making sure that their "competitors" cannot actually threaten their entrenched monopoly position.
E.G. they get to rake in all the cash benefits of being a monopoly, while still being able to point to "competitors" which cannot actually threaten their monopoly position any longer and which simply protect them from antitrust complaints...
All the while, while faced with anemic "competitors," they could then claim that they do have competition but that they remain in their position because their products are "better."
In spite of deals like the one with AOL/Time Warner to use IE instead of Netscape/Mozilla, when IE is a total piece of crap (it has the worst security record of any web browser, period). Hell, I still remember being scandalized the first few times I heard about holes in IE that could lead to total compromise of a system. The worst I remember for any other browser offhand is the possibility of leaking cookies or weaknesses in their cryptography and such, none of which are even remotely comparable...
Oh well. There's not a damned thing I can do about any of this monopoly business, but ever since I started teaching basic internet courses to the community here, I've been able to at least tell them where and how to get Mozilla, and why they should never, ever use the piece of crap that is IE:]
Your reading comprehension must not be very keen tonight.
Of course we all saw that bit. We know that Darl "thinks" he's going to win (I'm not actually convinced of that). The part the granparent noticed is that Darl isn't able to *give any credible theory or evidence or reasoning about how he might win*...
Right now, SCO's case is very thinly strung together. They're making totally new arguements (and few if any tried & true ones, and I assure you that they *would* use precident wherever they could), which advocate an inequitable solution (give us all the code IBM made, due to our strained theory of an ancient contract we discovered after sitting on for years).
The thing about the two contending theories is this: SCO's arguement is thin. If any one piece, each of which is built on top of the other, fails, the whole line of arguement fails, and SCO with it. Whereas, if you read IBM's legal filings (and yes, I have... IANAL, but I've learned a hell of a lot by reading all the tons of legal documents from Groklaw), you will notice that IBM has a layered defense. What I mean by that is that, even if one layer fails, they have not just one, but several other claims, where if *any* of them were to prevail, they would be entirely defended on those grounds.
I mean, look at some of the defenses: SCO doesn't have the copyrights (SCO will have to prove that they do vs. Novell, and they've shot themselves in the foot by contradicting themselves in their own legal filing! They claimed that Novell was slandering their title to the copyrights SCO purports to own, yet asked for the court to transfer them from Novell to SCO as a remedy, implying that they do NOT own them!), even if SCO does have the copyrights, IBM asserts that the work-product doctrine (hey! WE made this, not SCO!) and the old $echo publication refute SCO's reading of their contract. And even if both of those go SCO's way, SCO gave Linux out under the GPL (and the onus would be on SCO to prove the nonsense about it being "unconstitutional" here).
So there are three strong layers right there. Pick any two, even if those fail, IBM still has a defense and SCO is up a creek.
In the mean time, I'm wondering about the SCO publicity. Lately, they have been pretty quiet, probably because of the judge's private conference with IBM & SCO a while back after which SCO mysteriously went quiet and even withdrew from some debate or another. There's also that website that put up a fake press release about them buying a SCO license which SCO asked them to take down. Pity the site was not in English, but SCO's fax to them (which they put up) was, for some reason.
Maybe I should investigate the contact listed in that fax? I believe it was press.winkler@sco.com / 1 (801) 932-5800 -- it would be nice if I could find out what exactly they're up to these days...
Slashdot Mirror
All that & you didn't even give them a link!
:]
The Slashdot story about the new version, and Paranoia-Live, where you can find folks online to game with
How do I know all this you ask? That's far above your security clearance, citizen, as is this ULTRAVIOLET (white) page you're viewing. Report for Reactor Shielding Duty immediately!
I kinda wish that people would start mandating things like "hacking insurance" (for anyone who stores CC#'s, SSNs, etc. on their computers) and mandatory disclosure (e.g. you HAVE to report it when these are compromised both to the CC companies and the public), as well as how you pay restitution for any unlawful use of the stolen data (e.g. if some kiddie scams $4000 with your CC, they pay, not you) ...
:]
Hell, there's a police report in the local paper; why not do that for security breaches?
And I mention insurance because people will want to lower their premiums (costs $$$) and insurance companies can dictate best practices/standards which really do help lower risk (since it's in their best interests not to pay things out)...
Well, there are still flaws in that (no incentive to report breaches if you can get away with it) it might be a start in the right direction... IMHO, anyhow
One-time pads can only transfer as much data as the pad length, that is the nature of them. Rehashing them and whatever leave you open to attacks. So you need to transfer N bytes of pad to get N bytes of data securely. Well, if you already have a secure quantum line, why not send N bytes of data?
:]
Because you don't want it to be intercepted. This lets you know that the bits weren't intercepted. If part of it is intercepted, better they get bits of pad you will no longer use than the real data you're working to keep secret...
Now, if you could transfer a small symmetric key (well, at least on the order of bytes or kilobytes, not gigabytes), on the other hand...
This is most likely what it would be used for. However, for smaller messages, one-time pads could be a good thing; even if various cryptosystems are later broken by advances in mathematics/factoring or by sheer brute-force, one-time pads will remain secure.
Oh and one more thing - don't forget to have some kind of checksum on the OTP - if someone replaced the OTP with another OTP (standard man-in-the-middle attack) you wouldn't know... after all, it's only random data. The pads may no longer match, but who'd notice?
If it's corrupted, you just won't use it, and you'll probably investigate who is tapping your line in person. Best read up on the QM of this; Heisenburg is proving quite useful for this purpose
That would be opensecrets.org :]
Hell, I want to see some of these demonstrations here in America, too.
:/
I don't like that we have such patents, much less that we're now practically exporting them
For those of you who don't remember that device (and I have only vague recollections of seeing it on TV myself), the Teddy Ruxpin was a stuffed bear which moved its mouth in sync (more or less), to the words of any cassete placed in the device. When packaged with a book & tape, it would, in effect, read the book to the child.
Now I imagine that by now you're wondering what on earth this could possibly have to do with copyright law, right? Allow me to quote from this: And we had best get used to unusual decisions like this. Unless you live to be over 70 (and barring a change in the law), absolutely nothing copyrighted during your lifetime will ever pass into the public domain.
Of course, if you're a US voter, and you would like to help end some of the copyright inanity (the DMCA, the NET Act, etc.), feel free to petition your representatives. You can call them for free via this 1-800 number (they will help transfer you to the proper representative): 1 (800) 839-5276
So if you're on call 24/7, you're not allowed to have a life?
Yeah, it made me think of Telsa, too.
:]
What was it? Resonant earth ground or something?
I understand it to have caused some *very* freaky things...
Actually, that little provision of the NET Act is being used against SCO. Linus himself first noticed it in some interview, I think :] Ironic, how something good might come out of something inane... Maybe SCO vs. IBM will at least finally establish the GPL in the minds of some; I couldn't ask for a much better case to have it tested in--an unreasonable opponent should help IBM establish better precident, I hope.
In the mean time, yeah, I don't like how rediculously criminal this is becoming. I'm not sure I'd care to have them enforce it, however, as I fear that it could very easily be enforced in an unfair manner, but not widely enough to get it overturned... That is, it would be possible to only prosecute those sharing certain works and not others, were there some pressure to do so...
No, no. SCO is a step *below* the apes ;]
How low can you go, how low can you go.
--->
Very low. See my sig...
Uhh, unless my knowledge of history is off, RTM's worm hit only Vaxen...
Yes, Vax/VMS, an OS so ancient, I've used it but a little. Enough to believe that it's not very UNIX-like at all, at least...
Y'know, there was once a time when people believed that worms (not viruses) could be helpful/useful... of course, that has long since been disproven...
Okay, true. There are some Windows lockdown tools. Some are even pretty good. Of course, there are also things like that nasty "shatter" attack... You know, the badly designed bit of protocol that makes windows (the objects) vulnerable if they have an edit control, are on the desktop, and have admin privs.
... unless it were set Free (libre), perhaps...
Now, of course, you may say that good coding practices (and how I wish that we all used good practices!) dictate not to have a vulnerable window with an edit control to be vulnerable to that.
I've heard it compared to a SUID root program with an overflow. My question is: How do you audit your system for crap like that? Mind you, finding ALL SUID root executables is a single command on *nix.
This is just a small example of how *nix is more secureable than windows.
Another would be this: we all know about format string bugs. Nasty chars can be injected and will cause overflow problems in anything that uses them improperly. In *nix, a few appropriate greps will allow me to find (and fix!) ever single such bug in Linux (SFAIK, there aren't any, but the point here is that I can *check*). How many are in Windows? How do you know? I don't relish the thought of reverse engineering Windows to check, moreover the EULA says that I cannot (whether or not this EULA is actually enforceable, I leave to others to debate).
Suppose another such category of exploits is discovered; what can you do? I can grep, you cannot. And think before you speak--even a code monkey can grep for things like format strings & bug someone else to fix it.
Linux is secureable, Windows cannot be
As for who is the most secure, that's OpenBSD, hands down. Theo may not be the most likeable person ever, but he keeps OpenBSD secure. I half-wish he'd audit Linux, but I'm sure he'd probably just drive the core developers nuts...
DMCA
... c'est la vie :]
An abomination. Don't even get me started, lol. I rant on its absurdity and unconstitutionality in other recent posts if you want to dig through them. The DMCA creates frik'n thought crime - ask if you want me to elaborate/explain.
----
You're preaching to the choir, here, man. Of course, you realize that they're now trying to give us 3 year prison sentences for P2P usage (so long as you share over 1,000 infringing works)... Not that everyone wouldn't just start sharing 999 right after that, but sheesh! Sadly, the mods rejected it when I tried to submit a story with links to the current draft of the law, a story on another news site, the Open Secrets page on both of the lawmakers who proposed it and the number to call your rep at for free... In retrospect, I probably should not have chosen an alliterative title (Pirate Prison Proposed)
I'd love to see an OSS vending machine, though.
:/
:]
Have it spit out, say, Mozilla, Knoppix, etc. CDs all 100% up to date. Hell, you can add a printer to it and spit out a couple of printouts about your CD if you like, too.
Assuming someone doesn't patent the whole idea...
All software - $5
(Mostly because I wouldn't care to risk much more than that much money in a vending machine.)
Who says there can be no profit in Open Source?
Oh, hrm, you do have to comply with the GPL and put the source on those CDs, though, I would think, but that shouldn't be onerous... (or you can give them the written offer for the source... considering how few folks would need it, in all likelyhood, when it's available online...)
Hmm...
Yes, perhaps I should have clarifed the current EULA situation. There are certainly people who think I'm worng. Maybe I *am* wrong. But nobody has actually pointed out any flaw in my argument yet.
:[ And, of course, it would make it criminal to make or use any option that would let you disagree with the EULA offered.
:/
:]
-----
As you say, the judges go out of their way NOT to decide on the basis of the EULA... This is part of my fear--for example, common advice on slashdot is to have a minor install your software (since any contract they enter into that's not for 'essentials' is voidable [but not void, yes, I got to watch a televised law class on this once]), so by delegating it to your kids, you've probably still agreed to be bound by it.
Another problem is that the DMCA gives you no rights to crack any copy protection. They may integrate the installer/EULA bit with that, so you DO need their license to get access to something you already paid for
I see that you've addressed the last main point, however. There would be a fight over how "accepted" the practice is, and all too many of them have some pretty standard language. Now then, of course I don't think that they should be upheld, or that such one-sided "contracts" should be allowed even in principle (I mean, really, in a EULA, what DO they offer? No wonder they want them to be licenses... licenses you don't and SHOULD not need...).
My problem is that there are some judges who probably don't agree with this, and I guess I'm just a bit pessimistic about it
Thanks for the information, though. I'll have to read more of that case law sometime
Heh, you mean like ConsoleClassix, which has been posted on here before?
:]
That's where I get my Final Fantasy/Metriod/Zelda/etc. fix...
While that law may be based on real things on some level, I do not believe it to be true, and I can assure you that the ESA (formerly the IDSA) regularly sends out DMCA notices to remove ROM sites, just as MediaDefender does for other media.
I certainly cannot corroborate the bit about NOA ever giving some kind of 24 hour exemption. If anything, they have invented new restrictions I am unable to verify from copyright law (of course, I must confess that I have not read all of it, it is incredibly long, complex, and I'm probably missing most of the important case law, anyhow, since I don't have WestLaw or any of the other tools needed for proper legal research).
You can see the legal section of ConsoleClassix for some information concerning ROMs (they actually got their info from a real lawyer), but I'm a bit more leery of Nintendo's legal section, as they don't bother to give me references so that I can actually trace down some of the rules they've listed, such as that, to paraphrase, 'game copying devices are illegal AS WELL AS any backup copies made via them, even if they're used as backup copies under USC 117.'
Mind you, I did try to ask legal@nintendo.com exactly how one might exercise their right to make backup copies in light of that. They declined to respond.
Thanks for your commentary; your references appear all in order and generally conform to what I understand to be correct.
I do, however, remember reading an article on SecurityFocus about how EULAs are far more binding than we'd like, based on the case law as of the time when that article was written. It wasn't that long ago, so I do fear that one could not depend on EULAs being held unenforceable, either in whole or in part.
I also remember hearing how if you make any effort to bypass the contract, you could still be considered bound by it, as you were using the work without the contract you were supposed to have. What I'm saying is that the judges might find it inequitable that you "cheated" to get out of the contract, and would still bind you to it. The worse part of this is that due to the excessively narrow bits about ephemeral use (which appears to have been originally crafted to mean that mere use of software doesn't require license [permission] from the copyright holder), a judge may still decide that you DO need the contract, and cannot "weasel out" of it on those grounds.
Personally, I find that arguement absurd and very much against what I believe is the plain reading of Sec. 112, but I cannot say that I would be all that willing to depend on it in court, especially were they to argue that their EULAs are 'ordinary' and thus cannot be excessive. Mind you, IANAL, I just read copyright law, Groklaw, etc. sometimes because I need to know about some of these stupid laws, these days.
Well, let me see here. I'm no lawyer, but I play one on slashdot (and I read Groklaw) :P
:/
... There are plenty of others who have described rather well how this works, so I will not dwell on it.
..." Specifically, there are something like four factors the judge takes into consideration, such as whether it was for NON-profit educational use (profit is VERY broad here, even ads on your webpage might count), whether you use a large portion of the work in relation to the whole, and how it affects them financially. I think I left out a factor, so Google it by all means.
If you're a real lawyer, or can provide credible evidence that what I say is wrong, by all means, be my guest; I'm just explaining things as best I understand them from all the reading I've done on the subject.
For one, you don't need a damned license (a license is permission, a contract is a mutual agreement/exchange of value) to play this music. Or at least you weren't supposed to. There's a clause in USC 117 (copyright law) that says that ephemeral copies aren't supposed to be infringing. Of course, case law hasn't exactly made any good use of it, even though it should have... Especially when it comes to EULAs, when one might be led to believe that they're signing a contract to give up rights for permission they're not supposed to need... Sadly, the courts have upheld a number of EULAs
The problem is that they have DRM, and the DMCA has those anti-circumvention restrictions. In other words, they're leaving us with "rights" that we no longer have the power to exercise. The librarian of congress apparently has some power to craft exemptions here (perhaps we should be lobbying there, more?). The only such relevant exemptions I can remember were posted to Slashdot a while ago... I understand it to mean that we can crack DRM for obsolete platforms, but I advise you to read their statements in the original--there are, no doubt, nuances concerning this that may be important if you intend to rely on these exemptions.
Now then, what's worse is that depending on how you crack the DRM, you could, at least theoretically, run across problems with patents and with trade secrets. At least with trade secrets, you have to be a party to them to begin with in orter to run afoul of them. That is, unless you get the information on the DRM under an NDA, you shouldn't worry too much about this. At least, not that I know of. I do remember it coming into play with DeCSS, but I don't remember specifics. As for patents, they're even worse, in that you don't have to know of the patent's existence to run afoul of it...
For another, I'm assuming you get some kind of click through EULA. This makes it a contract, not a license, since they've obtained your consent to all those crazy restrictions. SOME EULA restrictions (notably "you can't benchmark our product") have been shot down. SOMETIMES. There are judges split between "freedom to contract" and others who think it better to overturn "unfair" terms. You cannot depend on such things.
There are other issues, in particular the "first sale doctrine" that tries to limit folks imposing contracts after a sale has been completed. While I wish this were extended a bit more, mostly judges seem to be remiss to invoke this unless they don't let you SEE the terms you're agreeing to until it's too late to RETURN the product (making your disagreement futile). MS has some rather clever lawyering that, in effect, has long force us to pay the "windows tax"
Lastly, "fair use" is an "affirmative defense" to copyright infringement. What that means is that by asserting it, you say that "Yes, I DID infringe on their copyrights, BUT
Mind you, some of the more common mythical provisions do NOT exist. The "delete this in 24 hours" bit is BS, as are pretty much every single one of the disclaimers you may see in "warez" sites. The "10%" myth might be a semi-sensible restriction under th
So he's going to monopolize the on-system firewall and anti-virus industry next. Big deal. (The firewall should be on a separate system, anyhow...)
He does this instead of, say, removing some of the crappiness of IE which makes it the browser with the worst security record ever, and the only one in which I can ever remember seeing a remote code execution hole in, offhand...
At least user education might be useful, if it were done right. Then again, AOL is hit by how many scams wherein people steal passwords? They've only told every customer multiple times that they will never ask for it...
Even so, it's not like this is new. I've been teaching computer basics (including security) at my local library for some time now...
Oh well. Let's just hope that he copies more of the good ideas than the bad ones. There's nothing new here that I can see...
This is another Daniel Lyons article.
;]
Daniel Lyons is an idiot. He does no research whatsoever, as far as I can tell. He wrote a piece on Groklaw that consisted of reading PJ's (inaccurate, to protect her privacy) whois information on her domain and accusing her of working for IBM simply because IBM has an office in that city (the irony being that she doesn't actually live there...).
To support his arguements, he quoted random trolls. I don't remember offhand if they were from Yahoo or Slashdot, but it doesn't matter and I mention this simply to give you some idea of how little thought this man puts into his pieces.
In short, the proper response to an idiotic article like this is simply to consider the source, and then ignore it. Save, of course, that I reccomend to everyone who might care that they never subscribe to Forbes because their research is shoddy, and I can prove it with respect to these stories.
At least Didio seemed to finally wake up when last she commented on SCO, only to stop commenting on it (at least, so far as I have seen as of this writing). Lyons, however, seems to have gotten upset when it became clear to anyone following the SCO story that he had done no research, and is thus personally invested in the story at this point. That is the only explanation I can give for his incredibly infantile and poorly reserached article on PJ, which was, ironically motivated by her comments that he needed to do better research...
So then, it is clear that Forbes' editors are prone to letting poorly researched crap past them (assuming they actually do any sort of editorial review over Lyons to begin with), and that the entire publication should be considered suspect until such time as they can demonstrate better research skills, not to mention a higher level of maturity.
Frankly, to me, Lyons is nothing more than a troll who uses a spell checker and has wider readership. My primary uses for his article consist entierly of a meager amount of comedic value and source material to have printed on novelty toilet paper. I should hope that no one ever decides to challenge that as fair use, because I would have too much amusement in creating bad puns with the acronym IP...
Any defense against the GPL they could have would require an admission that they were violating the copyrights of many other people (who, I have no doubt, would sue them even out of spite).
:] In the mean time, it's ironic that he's very clearly doing something quite foolish and detrimental to his case. But I see no need to mention what that is, because I understand that he does read comments on Slashdot and elsewhere, and I'm not exactly on his side... :]
Moreover, the rest of those statements have been refuted, both in and out of court...
Oh well. The courts are rational, and I'm sure that they will be able to figure this out...
True.
:]
I fear that Microsoft is just trying to keep some token competitors around for the sole purpose of avoiding antitrust claims, while at the same time making sure that their "competitors" cannot actually threaten their entrenched monopoly position.
E.G. they get to rake in all the cash benefits of being a monopoly, while still being able to point to "competitors" which cannot actually threaten their monopoly position any longer and which simply protect them from antitrust complaints...
All the while, while faced with anemic "competitors," they could then claim that they do have competition but that they remain in their position because their products are "better."
In spite of deals like the one with AOL/Time Warner to use IE instead of Netscape/Mozilla, when IE is a total piece of crap (it has the worst security record of any web browser, period). Hell, I still remember being scandalized the first few times I heard about holes in IE that could lead to total compromise of a system. The worst I remember for any other browser offhand is the possibility of leaking cookies or weaknesses in their cryptography and such, none of which are even remotely comparable...
Oh well. There's not a damned thing I can do about any of this monopoly business, but ever since I started teaching basic internet courses to the community here, I've been able to at least tell them where and how to get Mozilla, and why they should never, ever use the piece of crap that is IE
Your reading comprehension must not be very keen tonight.
...
Of course we all saw that bit. We know that Darl "thinks" he's going to win (I'm not actually convinced of that). The part the granparent noticed is that Darl isn't able to *give any credible theory or evidence or reasoning about how he might win*
Right now, SCO's case is very thinly strung together. They're making totally new arguements (and few if any tried & true ones, and I assure you that they *would* use precident wherever they could), which advocate an inequitable solution (give us all the code IBM made, due to our strained theory of an ancient contract we discovered after sitting on for years).
The thing about the two contending theories is this: SCO's arguement is thin. If any one piece, each of which is built on top of the other, fails, the whole line of arguement fails, and SCO with it. Whereas, if you read IBM's legal filings (and yes, I have... IANAL, but I've learned a hell of a lot by reading all the tons of legal documents from Groklaw), you will notice that IBM has a layered defense. What I mean by that is that, even if one layer fails, they have not just one, but several other claims, where if *any* of them were to prevail, they would be entirely defended on those grounds.
I mean, look at some of the defenses: SCO doesn't have the copyrights (SCO will have to prove that they do vs. Novell, and they've shot themselves in the foot by contradicting themselves in their own legal filing! They claimed that Novell was slandering their title to the copyrights SCO purports to own, yet asked for the court to transfer them from Novell to SCO as a remedy, implying that they do NOT own them!), even if SCO does have the copyrights, IBM asserts that the work-product doctrine (hey! WE made this, not SCO!) and the old $echo publication refute SCO's reading of their contract. And even if both of those go SCO's way, SCO gave Linux out under the GPL (and the onus would be on SCO to prove the nonsense about it being "unconstitutional" here).
So there are three strong layers right there. Pick any two, even if those fail, IBM still has a defense and SCO is up a creek.
In the mean time, I'm wondering about the SCO publicity. Lately, they have been pretty quiet, probably because of the judge's private conference with IBM & SCO a while back after which SCO mysteriously went quiet and even withdrew from some debate or another. There's also that website that put up a fake press release about them buying a SCO license which SCO asked them to take down. Pity the site was not in English, but SCO's fax to them (which they put up) was, for some reason.
Maybe I should investigate the contact listed in that fax? I believe it was press.winkler@sco.com / 1 (801) 932-5800 -- it would be nice if I could find out what exactly they're up to these days...