Slashdot Mirror


User: tlambert

tlambert's activity in the archive.

Stories
0
Comments
5,097
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,097

  1. Not quite the whole story on India's ISPs Want Payola from Big Portals · · Score: 5, Informative

    After looking around, it seems like the original TheRegister article disclosed only partial information; the provider list is correct, but the services and the reason for blocking are not (though the effect would be to extort some money and/or partnerships with Indian ISPs).

    The actual point in question was the blocking of voice cht services, which by (new) Indian law can only be offered by ISPS, due to the failure of their law makers to distinguish voice chat from IP telephony, when they legislated to permit Indian ISPs to enter the IP telephony market.

    The concern appears to be that India requires a license, and requires that you be a Licensed ISP in India, to offer these services.

    Here is the original Press information from the ISPAI (Internet Service Provider's Association of India) web site:

    http://www.ispai.com/bs05042002.html

    -- Terry

  2. What do you get if you cross IBM and PWC? on IBM Getting PwC Consulting for $3.5 Billion · · Score: 5, Funny

    Q: What do you get if you cross IBM and PWC?

    A: IBM

    (Yes, it's not funny; it wasn't funny when they bought the company I worked for, either...)

    -- Terry

  3. Fruit Of The Poison Tree on HP Uses DMCA To Quash Vulnerability Publication · · Score: 2

    "What difference does it make who finds and reports a bug?"

    We lost a great deal of medical knowledge after WWII when we threw out the data gathered by Dr. Josef Mengele. This medical knowledge was the result of human experimentation on prisoners; some of it will remain lost until someone repeats the unethical human experiments involved.

    So in answer: it has *always* mattered what source information; the ends never justify the means.

    "The cool thing about the Internet is that you don't have to be a professor at MIT to publish security exploits. The publications speaks for itself."

    In this case, it did not. It spoke for a security consulting company, where the publisher of the exploit was a principal. If the exploit had merely spoken for itself, then we wouldn't be having this discussion, because HP would not have had a name to which it could attach their threat of a lawsuit.

    The ends in this case were not even knowledge: they were commercial gain. Knowledge was just a side effect of the process of obtaining the commercial gain. If the commercial gain could have been obtained without the exposure of the security flaw, then there likely would not have been an exposure at all.

    Am I gald the vulnerability was exposed? Yes.

    Do I think HP is playing CYA? Yes.

    Do I think the person who exposed the vulnerability acted ethically, as I would expect a legitimate security researcher to act? No.

    -- Terry

  4. Re:I don't see the problem on HP Uses DMCA To Quash Vulnerability Publication · · Score: 2

    CS professors rarely go by handles, such as "Phased", as in this case. I'm sure if it ever happened, they'd simply spin-doctor it, and be done with it, since it would lack utility as a means of brow-beating people.

    The purpose of the publication in this case was clearly a matter of "street cred" for the person publishing, and for the security consulting company that the person was trying to promote.

    Far be it for me to agree with Thomas C Greene of TheRegister, but it seems to me that there are a lot of people these days who publish exploits in the name of little known security consulting companies, in order to get contracts for those same companies, based on having established a reputation.

    The publication in this case has a purpose which is deeper than simply publishing information for the public good, which could have been achieved by publishing the same information anonymously.

    As a community, we do ourselves an incredible injustice by lining up to defend everyone who posts an exploit as if they were an associate professor at MIT. And that's exactly the perception that the initial commentary and posting to Slashdot of this article tried to imply.

    The only way to win the right for *everyone* to do this kind of research is to align yourself with researchers which are beyond reproach. The recent DeCSS decision against 2600, and its non-appeal of the decision were based on the fact that they were unsympathetic defendants. The only way to win is to ensure that the test cases are not all against unsympathetic defendants.

    -- Terry

  5. The license you have on UCITA Debates Trudge Onward · · Score: 2

    The liense you have is an implied license.

    If you look at the back of the CD case (usually it's the back of the case), you will see a copyright statement with the phrase "All Rights Reserved." in fine print.

    If you could get RIAA to sue you, you could probably argue the legality of them selling you something and then claiming a seperation between the artifact itself and the rights to manipulate the digital contents embodied in the artifact (on the basis of the embodiment itself).

    All I can say, since they are permitting you to do what you would be fighting to be able to do, is "good luck getting them to sue you to provide a test case". Unless you are a store that's large enough to be visible and small enough to be unable to defend yourself properly, and are selling used CDs, then RIAA is probably not going to help you out with challenging it.

    -- Terry

  6. I don't see the problem on HP Uses DMCA To Quash Vulnerability Publication · · Score: 2

    Unless they are doing it for the credits, there no reason at all to not simply release the source code anonymously, without claiming any credit for it whatsoever.

    No credit -> No blame

    I can see HP's problem... the posting referrred to the exploit as "warez", so it was a "r3534r(|-|3r" and not a "researcher" -- some kid working on his PhD -- who came up with the exploit, from all evidence. Being realistic, they *have* to bluster and otherwise overreact: they have a fiduciary responsibility for professional feather ruffling, given the apparent source of the expliut.

    Alternately, they could always *fix* the problem...

    -- Terry

  7. Software licenses have purpose on UCITA Debates Trudge Onward · · Score: 3, Informative

    The primary purpose of a software license is to thwart first use law, where an original purchaser of a product is permitted to dispose of that product in any way they see fit to do so.

    During the original "video revolution", there were a number of cases of "piracy" which had to be dismissed because when you bought a video, you *owned* it, and the copies were made with the permission, tacit or otherwise, of the *owner* of the video.

    Licensing permits a publisher to prohibit first use, and therefore control the after market. The current ASCAP and RIAA noise against "The Wherehouse", "Graywhale", and other stores whose business is the sale of used CDs is based on the idea of license, and the non-transferrability of the license, once granted.

    It's really telling that the referenced article notes that one of the ammendments to UCITA tries to reestablish implied warrantees on "material defects", when in fact the product itself is immaterial, leaving you just as screwed from "software with known defects" as before.

    -- Terry

  8. Oops. on Escher and Elliptic Curves · · Score: 2

    That's what you get for assuming. It's not a Droste effect picture at all.

    It's the world projected flat as seen from the inside of a Klein bottle. The empty space in the middle is the mouth of the bottle.

    That's also why the signature, litho number, and other information is in the center: it's the only unused portion of the surface, which encompasses the entirety of the world.

    The clue is the embedding of the gallery in the outside world, but the outside world in the image in the gallery.

    Escher is well known for projections of images onto/into objects (e.g. his self portrait on the reflective sphere held at arm's length).

    It's amusing that some well-meaning person would come along and try to put a cap on Escher's Klein bottle.

    -- Terry

  9. Commercial vs. non-commercial BS on Control of the .ORG TLD · · Score: 3, Interesting

    To lay my cards on the table, I've had a ".org" domain registered for more than a decade now, years before Dupont registered all their trademarks as domains in a single day, and forced us to go to a pay-for-domain system. I've defended my domain through several shady attempts to take it over (the last one being non-notification of renewal being required).

    The "Commercial vs. non-commercial" argument is nothing but a bunch of BS.

    The reason the ".com" domain is "used up" has to do with the fact that Netscape initially started doing automatic URL completion using ".com" as the default suffix, and Internet Explorer has since followed suit.

    The result is that the ".com" is a defacto keyword index mechanism built into almost all URL input fields. So it's about controlling a particular keyword.

    The fight over ".org" is the same as the fight over ".info" and ".biz"... trademark defense.

    Almost anyone who owns a trademark feels that they must "grab it" in all possible domain suffixes to "defend" it. And this means money to anyone who controls a top level domain.

    This is the business model of all the people trying to push ".biz" and ".info" domains onto currently registered ".com" domain owners.

    They effectively get a "commission override" (currently $6) of every domain registration in the top level domain. Just like, no matter who you register a ".com" domain with these days, VeriSign gets $6 from you.

    This is the business model of every company trying to obtain control of any top level domain.

    I wish ".tm" didn't belong to a country; it would be a perfect place to put jerks who think that there is only one namespace in the world, the trademark namespace.

    What we really need is a ".rtm" ("Registered Trademark") or even ".trademark" top level domain, and an agreement from legislators that that's all that's necessary to defend your trademark in the domain name space.

    Of course, right now... that's ".com", isn't it? And it's not going to change until the default name completion rules for browsers change to embrace some new top level domain.

    PS: Just to throw jet fuel on this fire... I'm *really* surprised that there isn't a ".aol" top level domain, into which all AOL "keywords" are registered, and all AOL controlled browsers complete to, by default...

    -- Terry

  10. A matter of public policy and license on Malaysia Says Piracy (Might Be) OK for Learning · · Score: 2

    It's a matter of public policy for govenments to decide what intellectual property protections they want to provide in their nations.

    In the U.S., public policy on Copyright is embodied in U.S.C. Title 18, and derives from Article I Section 8:

    "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries"

    The idea of piracy is peculiar, in that it assumes that the Right in question is inalienable, rather than legislatively granted by the state. Further, it derives from the concept of individual ownership, and depends from that on a right to license use.

    -

    The apparent public policy in Malaysia seems to achieve the goal of promoting the Progress of Science and the useful Arts, without securing *exclusive Right*, but rather by securing *some* rights.

    In fact, this is *not* beneficial to the Open Source Software movement, as such.

    By ensuring that schools *and social organizations* are permitted to use the software for educational purposes, they will have established an egalatarian secondary market, where price of the software is no longer a factor. In this market, the *most fit* software wins... not the *least cost*.

    One of the consequences of this must be that use of Open Source Software in such situations will decline: for all the vaunted peer review and quality, it's usability that wins in this or any market.

    Familiarity will also breed commercial piracy (an area where the title "piracy" is still applicable, accoding to the article), particularly in the middle margins between educational institutions and large companies (e.g. small business started by recently graduated students).

    All in all, this looks to be bad for Open Source Software advocacy, and bad for commercial software comapnies.

    But good for Malaysia.

    And that is the purpose of public policy in Malaysia, isn't it?

    -- Terry

  11. I am incredibly torn on this... on WarTalking Arrest · · Score: 4, Interesting

    On one hand, they are trying to charge him for what it cost them the insecure system, now that they've had to discontinue it. That's really assinine. It's like buying a Corvair, and then suing Ralph Nader after he publishes "Unsafe At Any Speed".

    On the other hand, it sets a nice precedent for when the cable companies come snooping around, trying to enforce against "connection sharing" when people set up unsecured wireless access points on the end of a cable modem connection.

    AT&T: We're disconnecting you for running an insecure access point.

    Customer: I'm suing you for proving my network is insecure; thanks, Stefan Puffer!

    -- Terry

  12. Your link is to ch. 1, not ch. 4; Gene's is ch. 4 on Spafford On Infrastructure Risks · · Score: 2

    See the subject line.

    The provided link is to an HTML version of chapter 1 of the book of which Gene Spafford's comments being cited in theis Slashdot article are in chapter 4.

    -- Terry

  13. Re:I have comments on COSA on Spafford On Infrastructure Risks · · Score: 2

    I think you have misunderstood me.

    Yes, it's a lot of work to do the design engineering necessary for any project, including an Open Source Software project. And the design engineering is the most important part of a project -- I generally spend no less than 60% of my time on any project doing design work, and it's usually a much greater percentage than that.

    But if you want volunteers to do your coding for you, you have to be able to motivate them, and you're not handling this aspect of your project properly.

    The only thing that will motivate people to donate code to your project is if the project infrastructure already exists, and if at least a minimal set of working code exists.

    In your thesis, you describe purpose-specific objects with which other objects communicate. But you don't put up source code for the communications infrastructure that must underpin these objects, and you don't put up source code for the common function example objects themselves.

    Frankly, without example code, all it will ever be is a thesis, unless you end up finding funding and paying people to work on it, because as it stands, there is no reward equation for Open Source Software volunteers to work on an initial implementation; Open Source is really lousy at creating initial implementations.

    -- Terry

  14. I have comments on COSA on Spafford On Infrastructure Risks · · Score: 2

    I remember your (identical) posting on July 22nd, which you claim on your web site drove 1400 hits worth of traffic to your site.

    Other than writing a thesis, and driving traffic to your web site, what have you done?

    You appear to be attempting to start an Open Source project to address the problem using your approach arrived at from your thesis materials, without a proof-of-concept.

    With respect, if your methods worked, they should be able to work manually, without having to build up a huge supprt infrastructure.

    In other words, you should be able to apply them to a demonstration problem, and have the results speak for themselves.

    You should also be aware that *declaring* an Open Source project is not the same thing as *causing* one to come into being. Merely declaring something will not cause thousands of elves to come out of the woods and solve your problems for you, Seymore Cray's claims to the contrary.

    If you want to convince people, *do something*, don't just *talk about doing something*.

    -- Terry

  15. Re:195.000 out of *1* million ... on 235,000 Software Engineers Can't Be Wrong, Right? · · Score: 2

    There are 1 million programmers in the U.S., according to the last census data. Just like there are one million police officers, and one million people in prisons.

    We are talking 20% of the IT workforce here.

    (Not that I agree with the idea of limiting H1-B visas, but at least be honest about the numbers).

    -- Terry

  16. "Would you like fries with that?" on 235,000 Software Engineers Can't Be Wrong, Right? · · Score: 2

    I don't buy RMS' solution ("Get rid of the morons by turning the industry into a job-shop, making it so unprofitable that *only* people who love the profession will stay voluntarily").

    But I sure as *heck* don't buy the IEEE's solution of "getting rid of all H1-B workers, regardless of competence, so that there will be jobs for citizen, regardless of *in*competence".

    Most of the people who are out of work in the IT industry are out of work because they don't have the necessary skills for a reduced market size, where you actually have to be able to *do the work* in order to have a job.

    These are the people who went into IT because they thought that that was their best opportunity for a big payday. They obtained their credentials by expending the minimum possible effort; no spending until 2-3AM, daily, in the computer lab for these people. And they are the same class of people who flooded the business schools, when an MBA was considered golden, and before that law schools, when a Juris Doctorate was considered golden, and medical schools, before that.

    They are people who are chasing the money, rather than the profession, and they are involved only because of their love of money, not their love of the work.

    And it's the same percentage of the pool of total workers, as it is the percentage of the H1-B workers... or non-H1-B workers.

    Society would be much better off, if these people were to learn how to say "Would you like fries with that?", and stay out of jobs that put other people's livelihood, welfare, property, or lives at risk. Perhaps they could become cabinet ministers.

    -- Terry

  17. And then there's chaff... on NYT Discovers the Panopticon · · Score: 2

    But beware of date and relevency ordered search results... ;^).

    Try searching for "terry lambert" on google. You will find ~17,600 entries.

    My God! What happened to the other 4/5ths?!?

    Actually, fully 5% of that is probably some other "Terry Lambert", and not me... 8-).

    As a general rule to live by, never send a "letter to the editor", never send an email, never keep (or even *create* in the first place) a file, never make a posting to a news group or a message board, never post your resume, never post your job history, never criticise the company you work for or your managers, never put useless or derogatory comments in your source code, never ... etc. etc. ...unless you want it to become a matter of public record.

    If you are a jerk in private email, but nice in public email, expect that people will eventually know your true face, even if no one every intentionally "violates nettiquite".

    -- Terry

  18. Timeline, information, conclusions on ISO Could Withdraw JPEG Standard · · Score: 5, Informative
    There seems to be a lot of misunderstandings around this issue, so someone should put out a timeline and other information. I also can not resist drawing some conclusions.


    TIMELINE
    1986 - Patent filed, Oct 27, Compression Labs, Inc., San Jose, CA
    1987 - Patent granted, Oct 6
    1992 - JPEG standardized ITU-T Rec. T.81 (1992)
    1994 - JPEG standardized ISO/IEC 10918-1:1994
    1994 - GATT ammended ("Ururguay Round"), Dec 9
    1995 - GATT changes to U.S. patent law go into effect, Jun 7
    1997 - Patent acquired by Forgent Networks
    2002 - Patent enforced by Forgent Networks


    INFORMATION
    People have criticised Forgent Networks for not speaking up about the patent during participation in ISO/IEC Joint Technical Committee 1, Sub Committee 29, Working Group 1. In fact, Forgent did not have the patent at the time.

    The patent was granted prior to the GATT-mandated U.S. patent law changes to eliminate submerged patents. Thus the term of the patent is 17 years; therefore the patent expires on Oct 6, 2004, not "in 2006, 20 years from the filing date", as people have been claiming.

    It is not the proper role of the ISO to take up a legal battle against patents.


    CONCLUSIONS
    Forgent was probably unaware of the patent at the time of its participation in the JPEG working group.

    Prosecuting the patent after allowing the continued existance for 5 years of an international standard based on the patent is likely a violation of the RICO statutes.

    Specifically, USC Title 18, Part I, Chapter 96, Section 1961(1)(A) and 1961(1)(B), "Extortion".

    The definition of "Extortion in this case is from USC Title 18, Part I, Chapter 95, Section 1951(b)(2); specifically:
    The term ''extortion'' means the obtaining of property from another, with his consent, induced by wrongful use of actual or threatened force, violence, or fear, or under color of official right.
    (emphasis mine).

    It seems pretty clear to me that this falls into the same category as the civil application of RICO to the RAMBUS patents, and to similar recent cases.

    So, IMO, rather than expecting the ISO to get into the act, it's more likely time to involve your local Federal prosecutor, instead.

    -- Terry
  19. Control inversely proportional to contributions on Open Source Politics - Maintaining Your Vision? · · Score: 2

    You want to maintain control, but you want contributors to contribute code back to your project, on your terms.

    No matter how you slice it, you are trading a degree of control for contributions; participation in your project is going to be inversely proportional to the amount of control you insist on keeping for yourself.

    In the purest sense, a contribution of code *is* an asserion of control over the direction of the project as a whole, and it is one of the major incentives for contributions in the first place.

    This would be a lot easier to explain if you had contributed to other projects, so that you could ask yourself what you got out of contributing to them: because that's exactly what contributors to your project are going to expect to get from their contributions.

    It would probably be a good idea, at this point, for you to put in a month or two of volunteer work on someone else's project, so you could answer that question for yourself.

    -- Terry

  20. An observation on the RPSL draft... on Open Source, Real Media Mega-player? · · Score: 3
    All in all, this is most similar to what SGI and IBM have done with their XFS and JFS software, respectively. Neither of these companies expects substantial contributions of code back that would bind them to the license they have placed on their code, when taking those contributions back into the commercial versions of their products.

    Some people have claimed that, like the MPL, the RPSL give Real Networks the right to use your code created under that license commercially. This is not true.

    Specifically, if we read section 4 of their license, we see that:
    4. Derivative Works. You may create a Derivative Work by combining Covered Code with other code not otherwise governed by the terms of this License and distribute the Derivative Work as an integrated product. In each such instance, You must make sure the requirements of this License are fulfilled for the Covered Code or any portion thereof, including all Modifications.
    Further, we see that Real Networks does not really expect to get anything of value to themselves from the efforts of Open Source programmers; specifically, in section 11, we see:
    11. Ownership. Subject to the licenses granted under this License, each Contributor retains all rights, title and interest in and to any Modifications made by such Contributor. RealNetworks retains all rights, title and interest in and to the Original Code and any Modifications made by or on behalf of RealNetworks ("RealNetworks Modifications"), and such RealNetworks Modifications will not be automatically subject to this License. RealNetworks may, at its sole discretion, choose to license such RealNetworks Modifications under this License, or on different terms from those contained in this License or may choose not to license them at all.
    The specific effect of the combination of these sections is that they seem to believe that they will not get anything commercially useful from the Open Source community that they are attempting to create, since they are not requiring the ability to commercially distribute the code under terms other than the license... which is not applicable to their commercially distributed code.

    -- Terry
  21. How will a database fix things? on JPEG Committee On The Ball, Seeks Prior Art · · Score: 2

    How will a database fix things?

    Even if it's "the bestest database ever", it still has to be searched by humans with a sufficient understanding of the practice of the art to select appropriate search terms, by way of a common lexicography with the filing mechanism which was used to load the "magic database".

    In other words, why is the problem ammenable to a fractional technical answer, in your opinion?

    I really don't understand what a database will do, other than identify what has or has not been patented previously -- and therefore, it will not contain anything which would otherwise fail the obviousness test, since such things are not patentable.

    Also, FWIW: In the U.S., they are called "patent examiners", not "agents", and the filer bears the brunt of the search for prior art, in a seperate process called a "patent search". It's not up to individual examiners to prove that something was not patented previously.

    The only thing your database does is make it easier to file patents by making it easier for the non-patent-office-personnel to do their searches.

    In other words, the suggested database does not address any of the process issues that are the root of the problem in the first place.

    If you want to dicuss fixes... fine. But creation of a database is not a fix, it's just a means of exacerbating the problem.

    -- Terry

  22. Computers are not magical beings on JPEG Committee On The Ball, Seeks Prior Art · · Score: 2

    Computers are not magical beings, capable of exercising judgement.

    The problem is that the default for patent applications, since the PTO reform of several years ago, is "granted".

    It should be *harder*, not easier, to prove lack of prior art. The failure of a database query hardly constitutes "lack of prior art". It also does noting with regard to the uniqueness or obviousness provisions.

    Your suggested database would result in *more*, not *fewer* bogus patents being granted, because it would accelerate the application process without adding any protection above and beyond what's already there.

    -- Terry

  23. Re:It'll Expire Next Year on JPEG Committee On The Ball, Seeks Prior Art · · Score: 5, Informative

    Actually, it'll expire 17 years from date of issue, since it is grandfathered as a submerged patent filing. In other words, it's governed by the old rules because it was filed under the old rules.

    Patents files on or after June 8 1995 are 20 years from date of filing; before that, patents were from date of issue, not of filing, and their term was 7 or 14 years, and grew to 17. One of the reasons for the change to a 20 year term was the move to date of filing as the baseline date.

    Either way, it's too damn long a period for this industry.

    -- Terry

  24. If you ask specific questions, I'll try to answer on Traffic Shaping on DSL? · · Score: 2

    If you ask specific questions, I'll try to answer in laymans terms, if you are genuinely interested.

    If you aren't interested in laymans terms, and it's just that I'm not a very good explainer (8-)), I can give you references to technical papers.

    -- Terry

  25. big receive window != reduced ACKs on Traffic Shaping on DSL? · · Score: 3, Insightful

    "By increasing the recieve window you are essentially reducing the amount of ACK's that must be sent per data recieved."

    The problem with this theory is that you need to keep sending ACKs all the time to keep the window sliding. Yes, if you were to only send ACKs starting at 50% of the window size received, and you had a large enough receive window that the propagation delay for an ACK through a totally saturated link was less than 50% of the time necessary to receive the data being ACK'ed, and the rate limiter queued all packets, instead of just droping them, then you'd be right.

    But that's not what you do.

    The point of a windowed protocol is that you eat a single round trip latency over a very large data stream consisting of a large number of packets, and what you are saying is that it will act as if TCP/IP is a lock-step fixed window protocol. This just isn't true.

    So you compete for transmit space with the same number of ACK packets.

    The problem is still that you need 2/3 of the send bandwith just for ACKs on a saturated receive bandwidth.

    I would be really surprised if the send bandwidth limit wasn't set with *exactly this* in mind: large enough to handle full speed receives with an MTU of 1500 and an ACK packet size of 60 bytes, plus 50% (1.5Mb/96Kbit = 16, 1500/60 = 25, 25/16 = 150%).

    -- Terry