"What if Sony finds out that you listen to Neil Diamond's greatest hits 10 times a day? What are they going to do, haul you into a dungeon and torture you?"
No. They are going to torture me in situ. Saves on the transport costs.
The are going to fricking SPAM the crap out of me every time a new album by an artist for who I own one disc comes out, and then once a week after that for the rest of my fricking life, until they see I've bought the damned thing by way of my player reporting the fact to them.
This will happen, even if the original disc was a present, and I played it *one time*, just to be polite.
If I play something multiple times, then every time before the player is willing to play the disc I already own, it's going to play a K-TEL commercial for the new disc or "if you like Bob Marley, you'll LOVE Jimmy Cliff!" or *whatever*.
Every time I pick up my Sony cordless phone, it's going to complain that I haven't called my mother in a while, would I please press "*" now, so that they can connect me "using their honorable partner MCI's new, cheaper long distance service". Only after three repetitions of this will I get a dialtone and be able to use my phone to call who I wanted to call in the first place.
If I don't buy anything from them in a while, they'll mark me "inactive" in their database, which means that I'm not making them money, so they will feel free to capitalize on the information by selling it; after all, if I'm not "loyal" to their brand, why shouldn't they turn the information they have into money some other way, since there's no risk of them offending me into not buyinf from them -- I'm already not buying from them?
The *ONLY* benefit to consumers in this case is that they *WON'T* SPAM me about things I already own.
Unless they are about to release a new album by an artist whose disc I haven't played in a while, in which case they'll remind me to play the thing to "prime the pump" so I'll be more likely to buy the new one.
Until they figure out how to convert everything to "pay per listen", at which point, they will SPAM me for *everything*, ALL THE FREAKING TIME, FOR THE REST OF MY SHORT, MISERABLE LIFE!
And as I lay DYING in my bathtub, the BLOOD running from my GINSU(tm)-KNIFE-SLITTED WRISTS, finally escaping this horror... the Sony shower radio will come on and try to sell me MR. SPARKLE cleanser for my bathtub that is guaranteed to get out the blood stains I'm likely to leave.
I was commenting on the solvability of the problem using P2P as a hammer for this particular screw.
The GNUtella architecture is broken by design, for the goals it wants to achieve.
Lack of a choke-point, which was the real design goal for the system: "a napster that can't be shut down by a record company", means that you can't rely on voluntary compliance with social norms, particularly when one of the most effective attacks is non-compliance. Adding security adds non-repudiation, which adds back a legal hand-hold to act as a choke-point.
You're screwed if you enforce norms, and you're screwed if you don't.
The GNUNet architecture is somewhat similarly broken (in that it can be censored by ch router blocking), but it's at least a step in cheap right direction for solving that problem.
It's only if the Internet itself gets away from protocols subject to transparent proxy that end-to-end guarantees can be maintained. For that to happen, it has to be impossible to distiguish between traffic on the basis of content.
Any other approach, and the traffic will be able to be filtered through intentional failure to propagate.
The only way you can win is to make it too expensive: if it means shutting down the Internet for RIAA to get it's way, that will never happen, but anything short of that is probably doable. So you have to make it so they have to shut down the Internet to stop you.
I guess I'm saying that they are attacking the problem at the wrong level because it's tractable at the point they are trying to attack it... like looking for your contact lens under the streetlight instead of in the alley where you lost it, because the light's better.
Such loans are a common practice; in general, it only ever becomes an issue if the company is having financial problems, big political bor there is a blow-up.
The most common way this plays out in the "financial problems" scenario is that a startup gets funding, spends down to some threshold, and the board members, who are largely appointed by the VC firms, bail the remainder of the money out of the company into some other position as a hedge against the impending failure of the original company. It's basically a form of VC "buyer's remorse".
The people on the board or in executive positions that permit them to attend board meetings (varies by bylaws, but usually CEO, president, and wherever the founders have landed) who want the money to stay with the company end up fighting it out with the people who want to bail it out of what they see as a losing proposition.
Things tend to get nasty like this when you end up with board members on opposite sides of the bet on whether the company is going to sink or swim.
The article didn't make it clear to me whether these were non-recourse loans on behalf of the board members personally, or whether they were non-recourse loans on behalf of the interestes that were represented by the board members. If the latter, then this was just insurance by the funcding partners against sinking with the rest of the enterprise.
Most often, these type of loans are "forgiven" at a later date, as a means of permitting the taking compensation at a deferred tax rate (if it's a loan, particularly on a big house, then the interest is personally or business deductible, so you get a tax benefit, they get a tax benefit, and the tax is deferred until the "forgiveness" comes through).
It may be (and this would be a serious motivation for the fireworks to happen as they have happened) is that the board was refusing to "forgive" a loan to the CEO, which was secured somehow.
In any case, nothing illegal has happened, so it's probably nothing more than a lot of mud-slinging, using the current climate in the investment community as leverage to get handfuls of "the really *good* mud".
In related news, the federal government has reversed the Greene decision, and is putting the pieces of AT&T back together. Government sources are quoted as saying "What the heck were we thinking!?!?".
I'm guessing WorldCom gets back their tax paid on their overreported income?
If so, it's really to their advantage to dig up as much overreporting as they possibly can, now that it's out of the bag and they can't hurt any worse for it.
Maybe they can find enough overreporting that they will be able to claim a profit again this year... after classifying their tax refund as income, of course...
You want a system without a central authority that can be shut down, so you create a peer-to-peer system.
The peer-to-peer system pretends to be a virtual network over a real network using point-to-point links to establish proximity relationships between sets of peers, mostly ignoring physical proximity and bandwidth constraints.
In order to force the proximity issue and address the bandwidth scaling issues, you invent a concept of "super nodes", which end up being self-selected.
In order to get better performance for themselves, people play "the prisoners dilemma", and rat everyone else out with clients that gang up on requests to ensure disproportionately favorable service.
In order to lock out these clients, you create a central authority, but try to make it decentralized (e.g. "karma", voting, self-regulation, etc.) to maintain the original design goals.
But there are too many strategies to use to attack this. The current "attacks" are taking the form of over-requesting to the point of denial of service... and these are people not intent on destroying the network.
Say you figure out a way to create forced altruism for requests... the node equivalent of the GPL on source code, when you can't enforce the GPL. The natural reaction will be to move on to the next "attack": the "bad guys" pretend they are multiple nodes by avoiding intersecting connectivity with peers, so that dual adjacency won't give them away, and let them be countered.
So you move to a different protocol for "super nodes"; you counter the next obvious attack ("pretend to be a super node") by locking down binaries ("blessed binaries").
But the next attack is to modify the kernel that is running the blessed binaries, and defeat the attack that way (a common "borg" attack on the "blessed binary" NetTrek clients).
Now take active attacks. "Automatic Karma" can deal with dummy files -- "poisoning"... at least until they start intermixing bad with good. But it can't deal with the other issues, without a client lock-down. At which point, you lose repudiability (original design goal out the window: legal attacks work again).
The only real way to deal with this is to define a new protocol that is not virtual point-to-point linked.
And that can be blocked at the routers, unless all other content moves to the same protocol, so it can't be discriminated against.
The only way you are going to be able to create a "blacknet" is to actually create a "blacknet".
Legal departments are NUMA, not "massively parallel". They can quite happily sue other people over things they are currently being sued for and defending against, and not see the contradiction, because they are running seperate instances of the law in question.
For example, RIAA has a "Beowolf Cluster" of lawyers...
"These people will also set up bank trusts, etc. to preserve their interests as they lie dead and frozen. They will influence politics to preserve their property rights as they lie dead, concentrating more and more property and political control in the hands of the dead and their trustees."
There's an easy fix to your dystopian scenario...
Join them.
Or get your butt to work on revival and repair technology *NOW*, so they don't accumulate too much power. The shorter they stay under before they can resume their lives, the better off you will be.
-- Terry
Re:Why are people pretending this is not a problem
on
Shattering Windows
·
· Score: 2
Windows 3.1 dosn' have memory protection, so messages are the least of my worries. I can just rewrite code pages willy-nilly, instead of having to be clever and use messages.
We ware talking about fixing Windows as it exists today, and as it is being claimed to be "unfixable".
Unix checks credentials *all over the place*, any time you make a call into the OS.
In Windows, the only place you'd need to check is in the message sending functions, in KERNEL32.
One of those credentials, the sender's is going to be cached, and the receivers is going to be available with an add and a register dereference, since you have to have the queue available to enqueue it anyway.
Also, don't forget that the vast majority of these messages come from the UI, which is connected to a human being, whih is significantly limited in it's ability to generate messages as fast as Windows can sink them.
The major issue would be Winsock's hidden window for asyn WSOCK32 API implmentation. That's not an issue on any version of Windows that uses the BSD stack, rather than implementing it in user space (quick rule of thumb: if you can register a File I/O completion event, then your socket is a file descriptor, and your TCP/IP is implemented in the kernel, rather than in user space).
Idemnify authors of public domain information against civil legal threat arising from the work itself or derivative works.
That's why the UCB, MIT, and CMU Licenses exist in the first place, rather than the code being placed in the public domain.
If you want to control your code after the fact, fine: accept the liablity associated with doing that, as your cost for the payment of being granted that control. The sole reason most University developed code in these cases is not in the public domain is that a license was required to obtainlegal indemnification.
I don't think this would keep people from releasing under the (L)GPL or Artistic License or MPL, or SCSL, etc., if they felt the control they got by affixing the license was worth the cost.
-- Terry
Why are people pretending this is not a problem?
on
Shattering Windows
·
· Score: 3, Insightful
Why are people pretending that this is not a problem with the design of Windows?
It seems perfectly obvious to me that all you would have to do to fix this would be to associate applications credentials with messages as they are passed around, and not permit messages from a process with a lower priviledge to be sent to a process with a higher priviledge, unless a security association is established.
This would mean changing the messaging API, but it's fixable. It would merely mean recompiling all third party code that needed t communicate across priviledge boundaries, and adding code to programs designed to operate at higher priviledges to accept the new message type, rather than dropping it on the floor (making that the default), and make a decision based on that.
This is the standard "capabilities" security model, and is the same model that used for NT file permissions, in terms of a hierarchical inherited rights arrangement.
There would be a significant impact on "remote control", some install tools, and other packages that are not written with the idea of priviledge domain seperation, but it's *possible* to fix.
-- Terry
Web server written in PostScript (sources)
on
Network Hacking
·
· Score: 3, Interesting
http://www.pugo.org:8080/
As it points out, you can't listen on any port you want, because PostSCript lacks the ability to open sockets, post listens, or accept connections.
On the other hand, a few modifications, and it can listen on the LPR port of an HP network printer (all it has to do is intecept new connections, not listen or accept by itself).
You can add and store 64 bit values without needing to have a 64 bit processor.
The problem is the same as it has always been: not enough reserved space for storing the expansion bits, or the storage order being byte swapped or not zeroed, so not upgradeable, or some short sighted person grabbed the expasion space for some other use, other than what was originall intended.
It's the same storage problem that we faced over Y2K; the only difference is that there isn't an externalization problem like there was with Y2K.
Kind of insane, considering that by the time UNIX came around, we weren't paying $1 per byte of storage (the real reason for Y2K -- nothing to do with short sighted engineers, since they would rather the company had bought them the extra core memory, instead of cheaping out).
"When you eliminate the impossible, whatever you have left, no matter how improbable, must be the truth." -- Sherlock Holmes ("The Beryl Coronet", Arthur Conan Doyle).
Dueling quotes on deductive reasoning at dawn! I shall see you on the morrow, sir!
The Direct Marketing association provides for getting off mailing lists for ADVCO and other snail-mail SPAM, via a registration. They try to get you to pay a $5 fee for doing this online; but they also provide a printable form that has no fee atached (ther than a postage stamp). See:
http://www.dmaconsumers.org/cgi/offmailinglistda ve
There is a similar telephone list:
http://www.dmaconsumers.org/cgi/offtelephonedave
I would recommend *against* registering to opt out of email via this method, since they do not indicate whether the list is published, or if it removes addresses from a list which is uploaded by the marketer (i.e. "remote cleaning"); however, you can do so at:
Some NPOs allow the attachment of provisions or maintain special funds; most do not, since permitting that would have the side effect of leaving "orphan funds" once a funded goal has been achieved, or leaving important new causes without funding (e.g. robbing the of the ability to exercise their discretion in prioritizing).
Would that you could specify where your money goes when it leaves your hands; for one thing, all of my taxes would be earmarked for long term projects, which is to say, "no pork".
Business decisions are not made by engineers; they are made by the people who employ engineers.
Business people with short term profit motives should not be confused with engineers having made or not made a decision to deal with the Y2K problem.
UNIX currently faces a Y2038 problem with 32 bit signed seconds since the epoch, yet I don't anyone paying people proactively deal with that problem; do you?
> > Laws are not permitted to be retroactive, > > That depends on your jurisdicition. As a bare > minimum, the governments of Commonwealth > countries have this power.
In this case, we are talking about the U.S., since the U.S. is one of the few countries which permits software patents (another is Japan).
The point on intellectual property law in the U.S. is that it has a Constitutional basis, rather than a Common Law basis. This makes it a very different thing in the U.S. than elsewhere.
> > This works because the copyright protection > > granted works is made *in trade* for the > > disclosure of the copyrighted information. > > This is simply wrong. Copyright still applies > to non-published works. For example, if I send > you a letter, I own the copyright in that > letter without me generally disclosing it.
This has yet to be legally tested in the U.S. Court system; the basis of Copyright law in the U.S. is Constitutional: "To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries".
The net effect of this is that Congress does not necessarily even have the power to grant intellectual property protections, unless doing so promotes "the progress of science and the useful arts": there is no Constitutional basis for grants for any other reason.
Patent law is a reaction to trade secrets; Copyright law is a reaction to book licensing.
AT&T and USL attempted to expand Trade Secret protection to the point of Patent protection, but were thwarted in the attempt (cv. "USL v. BSDI" and "USL v. Regents of the University of California at Berkeley").
So, at least in the U.S., we are talking about how government is permited to act, in the public interest. It's likely that the law implying Copyright protection of unpublished works is in fact unconstitutional.
> Sorry, wrong again. In legislating, parliament > (presumably also congress) is not bound by > previous acts of parliament.
U.S. Constitution; Article I; Section 9; Paragraph 3:
"No bill of attainder or ex post facto Law shall be passed."
"Of course, you've already joined the EFF [eff.org] and sent them at least $100........ haven't you?"
I would have.
Only they wouldn't promise to use the money ONLY on worthy causes, like fighting the DMCA, instead of defending Kevin Mitnick, should he go phreaking again.
The problem with giving money to radical organizations is that they will sometimes spend it on radical causes which you don't agree with.
Unfortunately, there's not an ACLU SIG on Intellectual Property yet, so once you give the nut-jobs your money, you lose control of it, and if one of their causes is to fight deer tick eradications, Murphy's Law says that's where your donation will be spent instead of on the cause you orignally donated to support.
-- Terry
I think I would have rather it had been tested
on
HP Backs Off DMCA Threat
·
· Score: 5, Insightful
I think I would have rather it had been tested in court.
"We can say emphatically that HP will not use the DMCA to stifle research or impede the flow of information that would benefit our customers and improve their system security."...great. I get to rely on their self-restaint in not abusing the law, rather than striking down an eminently abusable law.
As long as the only test cases are against individuals and groups the public perceives as "black hats" (e.g. 2600), this damnable law will never be changed.
Intent is always a factor in any criminal or legal proceeding. Intent is very important in deciding a case, because intent determines the purpose for the act in question, rather than the result.
Considering only the ends means you ignore the means, and the means may in fact be unconcienable, or even reprehensible.
The indirectness of the gain is immaterial to the fact that the motivation was gain.
Gain is not a *bad* reason, but it's not a reason which renders the act defensible, from a legal or moral standpoint.
Motivation speaks to ethicality of the action. If the motivation was base, then that's very different than if it had been principled.
-- Terry
Your first proposal *can not work*
on
Copyright as Cudgel
·
· Score: 3, Interesting
You first proposal attempts to reduce benefit of current law for an act under the already existing current law.
Laws are not permitted to be retroactive, if they take something away from you. Such a law is called Ex Pos Facto -- "after the fact".
This is the same reason that, if you spit on the sidewalk, and they enact a law against that, they can not come arrest you for breaking the law for an act which occurred before the law passed.
The nominal effect of this is that reducing the terms of copyright protection will only have an effect on works copyroghted after the change to the law. Prior copyright terms can not be reduced.
In fact, this is the basis for the challenge to the copyright extension act of 1998: by extending the term of the copyright 20 years on works copyrighted before the act became law, the public has been robbed Ex Pos Facto.
This works because the copyright protection granted works is made *in trade* for the disclosure of the copyrighted information.
I expect that there is room for challenge for the patent reform act of 1996, which changed patents from 17 years from date of issue to 20 years from date of filing, and grandfathered patents filed but not issued at the time of enactment in law to the later of 20 years from date of filing or 17 years from date of issue. Technically, they are only permitted to take grant date into account on legal reform affecting such patents: the act of filing the patent was the inventor entering into a contract with the public to obtain protection for a limited term in exchange for disclosure to the public.
What it boils down to is that rewriting a contract without the consent of both parties is illegal. In the copyright extension act case, the argument is that it was done without the consent of the public.
Effectively, the only way a term can be shortened for a copyright or patent, once the agreement has been entered into, is through the exercise by government of The Right Of Emminent Domain: basically, by siezing the property in the name of the public.
I'm not adverse to a shortening of terms and siezure of property granted under the pervious terms as a means of making the terms retroactive; however, you should be aware that that's what you are advocating, if your plan is to be workable at all.
"What if Sony finds out that you listen to Neil Diamond's greatest hits 10 times a day? What are they going to do, haul you into a dungeon and torture you?"
No. They are going to torture me in situ. Saves on the transport costs.
The are going to fricking SPAM the crap out of me every time a new album by an artist for who I own one disc comes out, and then once a week after that for the rest of my fricking life, until they see I've bought the damned thing by way of my player reporting the fact to them.
This will happen, even if the original disc was a present, and I played it *one time*, just to be polite.
If I play something multiple times, then every time before the player is willing to play the disc I already own, it's going to play a K-TEL commercial for the new disc or "if you like Bob Marley, you'll LOVE Jimmy Cliff!" or *whatever*.
Every time I pick up my Sony cordless phone, it's going to complain that I haven't called my mother in a while, would I please press "*" now, so that they can connect me "using their honorable partner MCI's new, cheaper long distance service". Only after three repetitions of this will I get a dialtone and be able to use my phone to call who I wanted to call in the first place.
If I don't buy anything from them in a while, they'll mark me "inactive" in their database, which means that I'm not making them money, so they will feel free to capitalize on the information by selling it; after all, if I'm not "loyal" to their brand, why shouldn't they turn the information they have into money some other way, since there's no risk of them offending me into not buyinf from them -- I'm already not buying from them?
The *ONLY* benefit to consumers in this case is that they *WON'T* SPAM me about things I already own.
Unless they are about to release a new album by an artist whose disc I haven't played in a while, in which case they'll remind me to play the thing to "prime the pump" so I'll be more likely to buy the new one.
Until they figure out how to convert everything to "pay per listen", at which point, they will SPAM me for *everything*, ALL THE FREAKING TIME, FOR THE REST OF MY SHORT, MISERABLE LIFE!
And as I lay DYING in my bathtub, the BLOOD running from my GINSU(tm)-KNIFE-SLITTED WRISTS,
finally escaping this horror... the Sony shower radio will come on and try to sell me MR. SPARKLE cleanser for my bathtub that is guaranteed to get out the blood stains I'm likely to leave.
AAAAAAAAAAUUUUUUGGGGGGGHHHHHHHH!
-- Terry
I was commenting on the solvability of the problem using P2P as a hammer for this particular screw.
The GNUtella architecture is broken by design, for the goals it wants to achieve.
Lack of a choke-point, which was the real design goal for the system: "a napster that can't be shut down by a record company", means that you can't rely on voluntary compliance with social norms, particularly when one of the most effective attacks is non-compliance. Adding security adds non-repudiation, which adds back a legal hand-hold to act as a choke-point.
You're screwed if you enforce norms, and you're screwed if you don't.
The GNUNet architecture is somewhat similarly broken (in that it can be censored by ch router blocking), but it's at least a step in cheap right direction for solving that problem.
It's only if the Internet itself gets away from protocols subject to transparent proxy that end-to-end guarantees can be maintained. For that to happen, it has to be impossible to distiguish between traffic on the basis of content.
Any other approach, and the traffic will be able to be filtered through intentional failure to propagate.
The only way you can win is to make it too expensive: if it means shutting down the Internet for RIAA to get it's way, that will never happen, but anything short of that is probably doable. So you have to make it so they have to shut down the Internet to stop you.
I guess I'm saying that they are attacking the problem at the wrong level because it's tractable at the point they are trying to attack it... like looking for your contact lens under the streetlight instead of in the alley where you lost it, because the light's better.
Hence "Inherently N-P Incomplete".
-- Terry
Such loans are a common practice; in general, it only ever becomes an issue if the company is having financial problems, big political bor there is a blow-up.
The most common way this plays out in the "financial problems" scenario is that a startup gets funding, spends down to some threshold, and the board members, who are largely appointed by the VC firms, bail the remainder of the money out of the company into some other position as a hedge against the impending failure of the original company. It's basically a form of VC "buyer's remorse".
The people on the board or in executive positions that permit them to attend board meetings (varies by bylaws, but usually CEO, president, and wherever the founders have landed) who want the money to stay with the company end up fighting it out with the people who want to bail it out of what they see as a losing proposition.
Things tend to get nasty like this when you end up with board members on opposite sides of the bet on whether the company is going to sink or swim.
The article didn't make it clear to me whether these were non-recourse loans on behalf of the board members personally, or whether they were non-recourse loans on behalf of the interestes that were represented by the board members. If the latter, then this was just insurance by the funcding partners against sinking with the rest of the enterprise.
Most often, these type of loans are "forgiven" at a later date, as a means of permitting the taking compensation at a deferred tax rate (if it's a loan, particularly on a big house, then the interest is personally or business deductible, so you get a tax benefit, they get a tax benefit, and the tax is deferred until the "forgiveness" comes through).
It may be (and this would be a serious motivation for the fireworks to happen as they have happened) is that the board was refusing to "forgive" a loan to the CEO, which was secured somehow.
In any case, nothing illegal has happened, so it's probably nothing more than a lot of mud-slinging, using the current climate in the investment community as leverage to get handfuls of "the really *good* mud".
-- Terry
In related news, the federal government has reversed the Greene decision, and is putting the pieces of AT&T back together. Government sources are quoted as saying "What the heck were we thinking!?!?".
-- Terry
Speaking of taxes...
I'm guessing WorldCom gets back their tax paid on their overreported income?
If so, it's really to their advantage to dig up as much overreporting as they possibly can, now that it's out of the bag and they can't hurt any worse for it.
Maybe they can find enough overreporting that they will be able to claim a profit again this year... after classifying their tax refund as income, of course...
-- Terry
The problem is inherently NP-incomplete.
You want a system without a central authority that can be shut down, so you create a peer-to-peer system.
The peer-to-peer system pretends to be a virtual network over a real network using point-to-point links to establish proximity relationships between sets of peers, mostly ignoring physical proximity and bandwidth constraints.
In order to force the proximity issue and address the bandwidth scaling issues, you invent a concept of "super nodes", which end up being self-selected.
In order to get better performance for themselves, people play "the prisoners dilemma", and rat everyone else out with clients that gang up on requests to ensure disproportionately favorable service.
In order to lock out these clients, you create a central authority, but try to make it decentralized (e.g. "karma", voting, self-regulation, etc.) to maintain the original design goals.
But there are too many strategies to use to attack this. The current "attacks" are taking the form of over-requesting to the point of denial of service... and these are people not intent on destroying the network.
Say you figure out a way to create forced altruism for requests... the node equivalent of the GPL on source code, when you can't enforce the GPL. The natural reaction will be to move on to the next "attack": the "bad guys" pretend they are multiple nodes by avoiding intersecting connectivity with peers, so that dual adjacency won't give them away, and let them be countered.
So you move to a different protocol for "super nodes"; you counter the next obvious attack ("pretend to be a super node") by locking down binaries ("blessed binaries").
But the next attack is to modify the kernel that is running the blessed binaries, and defeat the attack that way (a common "borg" attack on the "blessed binary" NetTrek clients).
Now take active attacks. "Automatic Karma" can deal with dummy files -- "poisoning"... at least until they start intermixing bad with good. But it can't deal with the other issues, without a client lock-down. At which point, you lose repudiability (original design goal out the window: legal attacks work again).
The only real way to deal with this is to define a new protocol that is not virtual point-to-point linked.
And that can be blocked at the routers, unless all other content moves to the same protocol, so it can't be discriminated against.
The only way you are going to be able to create a "blacknet" is to actually create a "blacknet".
-- Terry
Legal departments are NUMA, not "massively parallel". They can quite happily sue other people over things they are currently being sued for and defending against, and not see the contradiction, because they are running seperate instances of the law in question.
For example, RIAA has a "Beowolf Cluster" of lawyers...
-- Terry
Maybe the horse paid off 20-to-1, and now you want to "Give Back To The Community"...
-- Terry
"These people will also set up bank trusts, etc. to preserve their interests as they lie dead and frozen. They will influence politics to preserve their property rights as they lie dead, concentrating more and more property and political control in the hands of the dead and their trustees."
There's an easy fix to your dystopian scenario...
Join them.
Or get your butt to work on revival and repair technology *NOW*, so they don't accumulate too much power. The shorter they stay under before they can resume their lives, the better off you will be.
-- Terry
Windows 3.1 dosn' have memory protection, so messages are the least of my worries. I can just rewrite code pages willy-nilly, instead of having to be clever and use messages.
We ware talking about fixing Windows as it exists today, and as it is being claimed to be "unfixable".
Unix checks credentials *all over the place*, any time you make a call into the OS.
In Windows, the only place you'd need to check is in the message sending functions, in KERNEL32.
One of those credentials, the sender's is going to be cached, and the receivers is going to be available with an add and a register dereference, since you have to have the queue available to enqueue it anyway.
Also, don't forget that the vast majority of these messages come from the UI, which is connected to a human being, whih is significantly limited in it's ability to generate messages as fast as Windows can sink them.
The major issue would be Winsock's hidden window for asyn WSOCK32 API implmentation. That's not an issue on any version of Windows that uses the BSD stack, rather than implementing it in user space (quick rule of thumb: if you can register a File I/O completion event, then your socket is a file descriptor, and your TCP/IP is implemented in the kernel, rather than in user space).
In other words, it's not a problem.
-- Terry
Idemnify authors of public domain information against civil legal threat arising from the work itself or derivative works.
That's why the UCB, MIT, and CMU Licenses exist in the first place, rather than the code being placed in the public domain.
If you want to control your code after the fact, fine: accept the liablity associated with doing that, as your cost for the payment of being granted that control. The sole reason most University developed code in these cases is not in the public domain is that a license was required to obtainlegal indemnification.
I don't think this would keep people from releasing under the (L)GPL or Artistic License or MPL, or SCSL, etc., if they felt the control they got by affixing the license was worth the cost.
-- Terry
Why are people pretending that this is not a problem with the design of Windows?
It seems perfectly obvious to me that all you would have to do to fix this would be to associate applications credentials with messages as they are passed around, and not permit messages from a process with a lower priviledge to be sent to a process with a higher priviledge, unless a security association is established.
This would mean changing the messaging API, but it's fixable. It would merely mean recompiling all third party code that needed t communicate across priviledge boundaries, and adding code to programs designed to operate at higher priviledges to accept the new message type, rather than dropping it on the floor (making that the default), and make a decision based on that.
This is the standard "capabilities" security model, and is the same model that used for NT file permissions, in terms of a hierarchical inherited rights arrangement.
There would be a significant impact on "remote control", some install tools, and other packages that are not written with the idea of priviledge domain seperation, but it's *possible* to fix.
-- Terry
http://www.pugo.org:8080/
As it points out, you can't listen on any port you want, because PostSCript lacks the ability to open sockets, post listens, or accept connections.
On the other hand, a few modifications, and it can listen on the LPR port of an HP network printer (all it has to do is intecept new connections, not listen or accept by itself).
-- Terry
Two words: Conference call!
-- Terry
...
Do you have any extraordinary evidence of that?
8-) 8-) 8-) 8-)
You can add and store 64 bit values without needing to have a 64 bit processor.
The problem is the same as it has always been: not enough reserved space for storing the expansion bits, or the storage order being byte swapped or not zeroed, so not upgradeable, or some short sighted person grabbed the expasion space for some other use, other than what was originall intended.
It's the same storage problem that we faced over Y2K; the only difference is that there isn't an externalization problem like there was with Y2K.
Kind of insane, considering that by the time UNIX came around, we weren't paying $1 per byte of storage (the real reason for Y2K -- nothing to do with short sighted engineers, since they would rather the company had bought them the extra core memory, instead of cheaping out).
-- Terry
"When you eliminate the impossible, whatever you have left, no matter how improbable, must be the truth." -- Sherlock Holmes ("The Beryl Coronet", Arthur Conan Doyle).
Dueling quotes on deductive reasoning at dawn! I shall see you on the morrow, sir!
-- Terry
The Direct Marketing association provides for getting off mailing lists for ADVCO and other snail-mail SPAM, via a registration. They try to get you to pay a $5 fee for doing this online; but they also provide a printable form that has no fee atached (ther than a postage stamp). See:
a ve
e
m _e mps.shtml
http://www.dmaconsumers.org/cgi/offmailinglistd
There is a similar telephone list:
http://www.dmaconsumers.org/cgi/offtelephonedav
I would recommend *against* registering to opt out of email via this method, since they do not indicate whether the list is published, or if it removes addresses from a list which is uploaded by the marketer (i.e. "remote cleaning"); however, you can do so at:
http://www.dmaconsumers.org/consumers/optoutfor
There is no fee for email opt-out (probably because it doesn't work; I have yet to see an email advertisement with their magic legal statement).
-- Terry
Money does not have metadata.
Maybe in version 3.
Some NPOs allow the attachment of provisions or maintain special funds; most do not, since permitting that would have the side effect of leaving "orphan funds" once a funded goal has been achieved, or leaving important new causes without funding (e.g. robbing the of the ability to exercise their discretion in prioritizing).
Would that you could specify where your money goes when it leaves your hands; for one thing, all of my taxes would be earmarked for long term projects, which is to say, "no pork".
-- Terry
"These guys" were engineers.
Business decisions are not made by engineers; they are made by the people who employ engineers.
Business people with short term profit motives should not be confused with engineers having made or not made a decision to deal with the Y2K problem.
UNIX currently faces a Y2038 problem with 32 bit signed seconds since the epoch, yet I don't anyone paying people proactively deal with that problem; do you?
-- Terry
> > Laws are not permitted to be retroactive,
>
> That depends on your jurisdicition. As a bare
> minimum, the governments of Commonwealth
> countries have this power.
In this case, we are talking about the U.S., since the U.S. is one of the few countries which permits software patents (another is Japan).
The point on intellectual property law in the U.S. is that it has a Constitutional basis, rather than a Common Law basis. This makes it a very different thing in the U.S. than elsewhere.
> > This works because the copyright protection
> > granted works is made *in trade* for the
> > disclosure of the copyrighted information.
>
> This is simply wrong. Copyright still applies
> to non-published works. For example, if I send
> you a letter, I own the copyright in that
> letter without me generally disclosing it.
This has yet to be legally tested in the U.S. Court system; the basis of Copyright law in the U.S. is Constitutional: "To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries".
The net effect of this is that Congress does not necessarily even have the power to grant intellectual property protections, unless doing so promotes "the progress of science and the useful arts": there is no Constitutional basis for grants for any other reason.
Patent law is a reaction to trade secrets; Copyright law is a reaction to book licensing.
AT&T and USL attempted to expand Trade Secret protection to the point of Patent protection, but were thwarted in the attempt (cv. "USL v. BSDI" and "USL v. Regents of the University of California at Berkeley").
So, at least in the U.S., we are talking about how government is permited to act, in the public interest. It's likely that the law implying Copyright protection of unpublished works is in fact unconstitutional.
> Sorry, wrong again. In legislating, parliament
> (presumably also congress) is not bound by
> previous acts of parliament.
U.S. Constitution; Article I; Section 9; Paragraph 3:
"No bill of attainder or ex post facto Law shall be passed."
-- Terry
"Of course, you've already joined the EFF [eff.org] and sent them at least $100 ........ haven't you?"
I would have.
Only they wouldn't promise to use the money ONLY on worthy causes, like fighting the DMCA, instead of defending Kevin Mitnick, should he go phreaking again.
The problem with giving money to radical organizations is that they will sometimes spend it on radical causes which you don't agree with.
Unfortunately, there's not an ACLU SIG on Intellectual Property yet, so once you give the nut-jobs your money, you lose control of it, and if one of their causes is to fight deer tick eradications, Murphy's Law says that's where your donation will be spent instead of on the cause you orignally donated to support.
-- Terry
I think I would have rather it had been tested in court.
...great. I get to rely on their self-restaint in not abusing the law, rather than striking down an eminently abusable law.
"We can say emphatically that HP will not use the DMCA to stifle research or impede the flow of information that would benefit our customers and improve their system security."
As long as the only test cases are against individuals and groups the public perceives as "black hats" (e.g. 2600), this damnable law will never be changed.
-- Terry
Intent is always a factor in any criminal or legal proceeding. Intent is very important in deciding a case, because intent determines the purpose for the act in question, rather than the result.
Considering only the ends means you ignore the means, and the means may in fact be unconcienable, or even reprehensible.
The indirectness of the gain is immaterial to the fact that the motivation was gain.
Gain is not a *bad* reason, but it's not a reason which renders the act defensible, from a legal or moral standpoint.
Motivation speaks to ethicality of the action. If the motivation was base, then that's very different than if it had been principled.
-- Terry
You first proposal attempts to reduce benefit of current law for an act under the already existing current law.
Laws are not permitted to be retroactive, if they take something away from you. Such a law is called Ex Pos Facto -- "after the fact".
This is the same reason that, if you spit on the sidewalk, and they enact a law against that, they can not come arrest you for breaking the law for an act which occurred before the law passed.
The nominal effect of this is that reducing the terms of copyright protection will only have an effect on works copyroghted after the change to the law. Prior copyright terms can not be reduced.
In fact, this is the basis for the challenge to the copyright extension act of 1998: by extending the term of the copyright 20 years on works copyrighted before the act became law, the public has been robbed Ex Pos Facto.
This works because the copyright protection granted works is made *in trade* for the disclosure of the copyrighted information.
I expect that there is room for challenge for the patent reform act of 1996, which changed patents from 17 years from date of issue to 20 years from date of filing, and grandfathered patents filed but not issued at the time of enactment in law to the later of 20 years from date of filing or 17 years from date of issue. Technically, they are only permitted to take grant date into account on legal reform affecting such patents: the act of filing the patent was the inventor entering into a contract with the public to obtain protection for a limited term in exchange for disclosure to the public.
What it boils down to is that rewriting a contract without the consent of both parties is illegal. In the copyright extension act case, the argument is that it was done without the consent of the public.
Effectively, the only way a term can be shortened for a copyright or patent, once the agreement has been entered into, is through the exercise by government of The Right Of Emminent Domain: basically, by siezing the property in the name of the public.
I'm not adverse to a shortening of terms and siezure of property granted under the pervious terms as a means of making the terms retroactive; however, you should be aware that that's what you are advocating, if your plan is to be workable at all.
-- Terry