The bandwidth suck that would result from 95% of the people on the Internet regularly running apt-get as you describe would be staggering.
It might be kind of hard on the debian mirrors. I'm sure that the problem could be dealt with.
It wouldn't be nearly as bad as you seem to think: Debian ``stable'' means Debian ``never changes''. Except for security patches, and the once-every-year-or-two transition from Potato-->Woody or so, there would be essentially no load.
I won't go into the 'centralized lock-step authority' stuff inherent in your suggestion that everybody regularly and automatically update their OS software in a process they aren't even aware of.
You mean like when they use any recent version of Windows,and use the updates? Of course, they wouldn't get a less-favorable version of the licence with each new upgrade, they wouldn't get spyware added with each new upgrade and they wouldn't get their applications broken with each new upgrade. But other than those omissions, it would be just like the current situation.
Folks seem to live with the current situation, either by never upgrading, or by upgrading and taking their lumps. I'm sure that the clueless could learn to find something else to complain about if their computers stopped breaking. The cluefull few could simply change the cron job from:
apt-get update;apt-get -y dist-upgrade
to
apt-get update;apt-get -u dist-upgrade
so that they can review the proposed updates. With stable, there's not much point in reviewing changes for a workstation. Changes are sure to be security patches, and pretty sure not to break anything.
When I was talking about making the user learn, I was thinking about bastille, which guides you through the process step by step, gives you the information you need to make decisions about each step, and tells you what it's doing to implement your decisions. I learned a lot from that.
That's a pretty good start on ``... easy utilities to guide the less-than-a-guru user...''.
Distributions are a bit better now than they used to be about sensible defaults. I got started with RH6.0, and it had everything turned on. I didn't realize that for quite a while, and didn't figure out that it was a bad idea for a while longer, and didn't figure out how to fix it until quite a while later, when I installed Mandrake 6.1 or so, and ran bastille for the first time.
Of course, I KNOW I didn't get rooted while I was running wide open: I wasn't on the net. No modem, no ISP, no problem.
By the time I got a modem, I'd learned how to run bastille, how to look for signs of intrusion, and so on. I got rooted once, and had to reinstall. I figured that the problem was that upgrading Redhat (I was back to them by that time) was too much hassle, so I switched to Debian. No problems since.
... the Linux community needs to concentrate on not becoming the next big security joke.
True, but the situation isn't so bad for us as it is for MS. First of all, the developers have actual incentive to really fix problems, and fix them fast. At MS, the developers don't have any incentive to fix anything until sales tells them: ``This bug is costing us sales.'' The developers job then is to make sales go back up. Fixing the bug may not be the easiest option.
Second, if security DOES become a big problem, we can start doing things like using libraries which are buffer-overflow safe (like libsafe, maybe?). This is available right now. People can start auditing critical stuff like glibc and the linux kernel for buffer overflows. There's a lot that our community can do (and should be doing!) right now, that MS just is never going to have the incentive to do. I'll bet there isn't anything like the kernel janitors working on the NT kernel.
Finally, the easiest and the most important thing we can do is make sure that the newbie distributions have secure, sensible defaults. Things like using something other than sendmail, having services turned off by default, not accepting connections from anything but localhost, and so on. For the typical newbie, who hooks up one machine to the 'net via ppp or pppoe, this kind of security wouldn't be a problem. Someone who needs to make their machine part of a lan would have to learn enough to turn on some of these services, and open up the default firewall a bit, but that's not a bad thing.
... as Linux becomes more and more popular blackhats will put more and more attention into breaking our OS.
The day is coming when we will have to be more secure out-of-the-box. Security is a process, and begins with a knowledgeable user. Starting with the services turned off, and making the user learn to turn them on as he needs them, will help with the user education, and make the OS more usable in the long run. After all, the better you know it, the better you can use it.
If 95% of people used *NIX, would it have a reputation for being mostly secure?
Yes, because 95% of people can't administer a *nix box. They'd have to rely on pre-setup operating systems (just like they do now with Windows!). If those systems were Debian stable, they could be kept secure by a cron job (part of the default install, in this hypothetical situation) which looked like this:
apt-get update;apt-get dist-upgrade
If 95% of people used Debian stable, they'd be happy, just like they are with Windows, because they'd be using the same software everyone else is using, and having the same problems as everyone else.
They wouldn't be having problems with buggy old software on unsecured boxes, and they wouldn't be having the same sort of problems with viruses, either.
I live in Colorado and I'm sure you heard about the wildfires last summer due to severe drought... it really is a big issue here and everywhere else. PLEASE CONSERVE WATER everyone!
So, I live in Alaska. If I conserve water, how does that help Colorado? Are you going to pay to have it shipped down there?
You've chosen to live in a desert. Learn to deal with it.
Acutally, I'm kind of hoping that the end result of this is exactly what you're saying: you can either copyright something, or you can release it into the public domain. That you can't release something into the public domain with restrictions, even well meaning ones like community licenses.
So, then, there are two possibilities:
the author has the right to copy his work. NO ONE ELSE DOES. Period.
The author releases it into the public domain, and EVERYONE can copy it.
And (you seem to be suggesting), if the author lets ANYONE make multiple copies, the document automatically goes into the public domain.
So, if you publish a book, you've let the printer make multiple copies and the book's in the public domain. If MS lets some business make multiple copies of Windows, it's in the public domain and we ALL can copy Windows. No author has the right to enter into an agreement to let his friends, associates or family make copies: doing that would eliminate his copyrights.
Wrong.
The problem with your idea is the ``... release something into the public domain with restrictions...'' part. If it's in the public domain, it's not restricted. That's what public domain means. Everyone has the right to use it; no one has the right to restrict another from using it.
If you choose to make a copyrighted work available to others, and extend to them some of the rights which copyright law reserves to you, that's your right, and it doesn't, EVER, put that work into the public domain. That's what the GPL and the BSD licences do: they relax some of the restraints of copyright for those who abide by the licence.
To say that an author can't do that is to restrict his right of contract, and it's pure foolishness to suggest. From reading the babelfished version of the Heise article, I can't really tell what SCO is proposing for a theory, but I can't imagine anything that could ever fly.
We actually had a standing order here NOT to use OSS because of licensing questions, until I got the rule whittled down to exclude BSD, Apache and a few other licenses. The managers here thought that the money spent on exploring the legality of products based on top of GPL'd code was not worth the time they saved developers.
That's exactly why some folks use the GPL. If you want to play with our toys, play our game. If you don't want to play nicely with us, get your own stinking toys. I commend your manager's honesty.
Why do they place so much power in one agency is beyond comprehension. Can you imagine the type of abuse someone can put another company through. IE, say XFOO Corp. has some Cancer drug that works and the developers spent some couple million on it.
Now say employee John Foofxr decides he wants someone to pay him some serious moolah to have this drug approved.
That's awfully blatent, and would get old John a long vacation at club fed. That kind of thing just isn't going to happen.
THIS is how the ``bribes'' happen. If you are a high-level bureaucrat, you can have a little talk with the executives at a company whose new drug you are tasked with approving. You mention that you'll be retiring soon, perhaps in a year or so after you've concluded their case. They reply that they really need someone who's experienced with dealing with FDA bureaucrats, to act as liasion with the agency (or experienced at dealing with Congress, to lobby for them, or...), and would be interested in hiring you. You reply that you will certainly contact them when you retire. No money ever changes hands, but if you really want that cushy job, you make sure their drug gets approved.
There are some very real problems, with the FDA and government agencies in general, and you've missed them all. Two examples:
A real problem is that the FDA bureaucrats have nothing to gain by approving a drug, but a great deal to lose. If an FDA bureaucrat approves a drug and it turns out to be another thalidomide, he's in BIG trouble. If he approves a drug, and it turns out to be a side-effect-free cure for cancer and the common cold, he gets absolutely nothing. Thus, the bureaucrats always want one more round of tests, and people die waiting for safe, effective medicines.
Another big problem is regulatory capture, a natural process in which the regulated and the regulator talk only to each other, and the regulator eventually winds up siding with the regulated. We see this in action in US government when industry insiders are appointed to head the watchdog agencies for their industries, and when upper-level bureaucrats retire from Civil Service to take very high paying, low stress jobs in the industry they regulated. The result is that the FDA protects the pharmacutical industry at least as effectively as it protects us.
One example of how the FDA protects the industry is their enforcement of monopolies. No drug can go to market unless it is patented, because no drug can go to market unless someone has spent tens of millions getting the FDA's blessing. If someone were to find that an unpatentable combination of eye of newt, hair of bat and toe of frog cured cancer, the FDA would never approve it, since no company would fund the tests. Doctors would never hear about it from the drug company salesmen, so most of them would continue prescribing the current slash-and-burn therapies, which are sometimes worse than the disease. This hypothetical free, safe and effective therapy would never become available to most Americans, even if the research were published in JAMA and Lancet.
NEWSFLASH
Dateline: State of Improbability.
This just in from Redhat CEO Matt Szulik:
All earnings from the Open Source Defence fund will go to a special foundation which we are setting up to purchase new keyboards for Nigerian spammers. We have all been getting awfully tired of seeing those Nigerian scam spams, and having every one of them in all caps was just making it worse.
We used to think that the stupid spammers thought that they couldn't be traced if they typed in all caps, but extensive research by graduate anthropology students at the Nigerian University shows that the real problem is that all the spammers think that their keyboards look prettier with all the LEDs lit. So, we're going to give them new keyboards with more LEDs, and no capslock key.
With one stroke, this will solve the Nigerian spam problem. Oh, did I mention that none of the keys will be functional?
Seriously, I'll bet you that ALL of the money, interest included, will go to the stated purpose of the fund. It's ridiculous to think that Redhat would commit such a trivial fraud so publically. Unlike SOME companies (notice my self restraint: I didn't mention SCO!), Redhat has recurring revenue, profits, and a business plan without Step 2) ????. They've got too much to lose to do something crooked.
This is great! If you Google on ``SCO execs dumping stock'' this is what Google news turns up:
SCO Execs Dumping Stock
Slashdot - 2 hours ago
By Jeff Heard. Lindon, UT - The SCO Group announced the launch of a
campaign to shoot 1% of all babies born in the US. "Statistically...
I've helped with food banks several places in the US, and driven nighttime cab. I've gotten to know a lot of alcoholics and junkies and crazies.
Yes, people do starve here. They are usually drug addicts or far gone in senile dementia. The remainder are simply insane. I've watched some of these folks slide downhill. The law says that no one can force them to accept food or shelter. As you say, usually these people don't live long enough for starvation to actually kill them.
People who are compos mentis are usually willing to be helped. They do just fine here. The ones who hide from potential helpers we can't do much for.
Remember, in the US, the surest sign of poverty, low income, and low education is morbid obesity.
As for the Canadian vs. American health care system, most Canadians I have talked to much prefer their system, and far more Americans try to go to Canada for health care than vice versa.
As for the Canadian vs. American health care system, everyone prefers the familiar. I know that Canadians go South for elective surgery. That's big business along the border. They also go South for unimportant things like diagnostic MRI's. I think that healthy Canadians like their system, as long as they don't think about the reason for their high taxes. When they get sick, and find that the legislature didn't budget enough to take care of them, so they have to wait six months or more for diagnosis, and perhaps longer for treatment, they don't like it so well. Providing medical care (not just plastic surgery) to Canadians is big business in the border states.
I know that medical care in Canada is cheaper than in the US. I've gone there myself, for exactly that reason, to get fillings and such. If I get sick, though, I go to a doctor here.
We've got to remember that OpenSource Operating Systems (and other software) such as GNU/Linux, the *BSDs, and whathaveyou....
Are in the public domain.
No. They're copyright their various authors. It
is that copyright which enables those authors to place the programs under the BSD|GPL|some other licence. CMUCL is an example of a program in the public domain: it ISN'T licenced.
I think your point could have been that ideas are free to all, or not free at all. Good point.
Seriously, I haven't heard of anyone starving on the streets of North America. Here in the US, you can get free meals, and free groceries, in every city or small town I've ever been in. That's not counting the government welfare benefits, which are still widely available.
Or were you talking about the North Americans who are dieting?
Tons of people not covered by a proper medicare system (U.S).
An interesting survey I saw around 1999 said that 3/4 of USians surveyed said that ``inadequate health care was a major problem in the US''. The survey also said that 3/4 of the USians surveyed said that their healthcare was quite adequate. US healthcare is a great story, and sells a lot of papers, unless you look at the facts.
We don't have a ``proper medicare'' system here; that's why a lot of Canadians (who have a single payer system, which I guess is a ``proper medicare system'') go down there to the US to pay for the medical care which they could get free in Canada. Someday. Maybe.
>>It's barely possible that his opinion is also carefully considered, in which case you'll look like an egotistical fool.
>Agreed. And when this occurs, the person is not classified as a moron. I may still have trouble getting my point across, but at least there's some good information emanating from the other end.
Remember what I said about the purposes of conversation? You and I want that information, but most folks don't. If there's no information flowing, you may be dealing with a ritual jaw-flapper who still may not be a moron. Never try to win a conversation!
>> It's very likely that his opinion really is goofy. Don't tell him that. Instead, ask him some questions, and draw him out.
>And this is sound advice too. Works most of the time except when the ego inflation is so great and the opinions expressed ultra moronic.
Again, pity and self control are important social skills. Practice changing the subject, to something you don't know about, or don't care about. Others will see you yelling or walking away in mid-sentence and think that you are short-tempered, insensitive, hateful, careless of the feelings of others, and so on (how could you prove them wrong?).
You don't have to spend a lot of time interacting with others, but when you do, it's a REALLY bright idea not to make them think ill of you. The morons may be real losers, and everyone may well know it. Treating them with disrespect will make you look bad, and treating them with courtesy will make you look good. There's not much need to make others like you, but you're really shooting yourself in the foot when you give them excuse to dislike you.
The conversation usually ends at this point with me yelling at the moron or walking away in the middle of a sentence.
Anand, you need to work on your social skills. Pity (e.g., for ignorant goofballs) and self control are very important social skills, and you just said that you haven't got them.
Next time you bump into someone who turns out the be one of these ``morons'', don't try to interrupt him and tell him he's wrong (that's where the self control comes in). It's barely possible that his opinion is also carefully considered, in which case you'll look like an egotistical fool.
It's very likely that his opinion really is goofy. Don't tell him that. Instead, ask him some questions, and draw him out. Try to find the basis for the goofy opinion, or to establish that there is no basis. It might be that there is some fact he doesn't know. Tell him that fact, and let him figure out that he's being goofy. Don't try to convince him, or rub his nose in it (this is where the pity for ignorant goofballs comes in).
Remember, conversation isn't a game that you try to win. It's a way to set others at ease (yes, some people are made VERY uneasy by being around others who don't participate in ritual jaw-flapping!), to while away time which can't be put to good use, to give and recieve affirmation (the you're-ok-I'm-ok sort of thing) and, very rarely, for giving and receiving information. Most people don't engage in conversation with the expectation that they will learn something, so they are surprised and discomforted when you try to tell them something new.
If SCO is distributing the kernel, binary or source, they are either distributing under the GPL and MUST offer source, or they are violating the many authors' copyrights. Either way, they are in a world of hurt.
They must offer source for the whole program, including any portions which are their trade secrets, and any portions which they claim that IBM put in there. If they don't like that, well, they should have thought of that before they decided to distribute under that license.
If they had stopped distribution on the day they noticed the offending code, a reasonable person might (or might not!) have cut them some slack, and let them off the hook on this. They have instead continued to distribute for months now. It's no longer accident; it's copyright violation, by SCO.
The GPL is very much all-or-nothing. You can't be a little bit in compliance, and you can't gain by breaking it. If SCO were to come up with some way to ``break'' the GPL, they'd be left without the right to distribute any GPL'd software. Our rights to use it (and distribute it) would remain, unchanged.
It annoys me that I can easily solve my Linux problems in the Google groups section, instead of getting to speak with a real live tech support person, who might be a really cute blonde chick.
There are few blondes in India, where most of the proprietary software tech support calls go. On the other hand, she might be VERY interested in meeting you if you are a US resident. Time to revise your fantasy?
It annoys me that I don't have a mascot like Clippy the paperclip in the vi text editor.
... unlike the GPL, code released under a BSD license can be used freely by anybody for any purpose.
True.
The biggest difference is that someone can add their code to BSD code and do whatever the hell they want, while under the GPL they must GPL their new code.
True again. Someone can add his code to BDS code, and restrict my freedom to use the resulting derivative work. The hypothetical someone's extra freedom can only come at the expense of the freedom of others.
Complaining about the GPL's terms is a bit like complaining that you can't go around hitting others: giving you the freedom to punch others takes away those others' freedoms. Laws against assault aren't restrictions on your freedom, they are guarantees of everyone's freedom. It's the same way with the GPL.
The FSF has very carefully thought out its license, and crafted it to ensure that code protected by the GPL, and its derivatives, will always be free for anyone to copy, distribute and use. You are free to do anything you like with GPL'ed code, EXCEPT to restrict others from having the same freedoms the author gave you.
If you LIKE the idea that someone can use your code to establish a monopoly and lock out everyone else, you included, then you should definitely use something like a BSD license for your code. If that idea bothers you, look for another license.
If you're feeling lucky, you could simply publish the source code. Assuming that there are no trade secret issues, putting it on your website for public comment might not involve any serious liability.
Two things (at least) could happen:
1) The real copyright holder might notice, and answer your questions.
2) Nobody might really care, in which case you could eventually do something more daring.
3) SCO might sue you for infringing their copyrights on Unix^H^H^H^Heverything.
Option (1) could involve a bit of embarrasment for you, but if you weren't distributing the code, or claiming the right to do so, I imagine that you' probably get away with it. Or not. Talk to your lawyer. Get someone in Nigeria to post it.
Option (2) isn't so good, either. Although you never get in trouble, you really can't distribute or license the code. MAybe you could start a project to reimplement the functionality?
Under option (3), at least you would get some serious publicity on Slashdot.
>> Secondly, the code was released by SCO under the GPL, negating the claim.
>This argument gets thrown around a lot but it can only be correct of SCO knowingly injected the code in question into Linux.
I think you may be wrong here. If someone tricked SCO into releasing their own work under the GPL, this would be a strong argument. For example, if the kernel sources weren't available to the whole world so that SCO couldn't check them, then SCO agreeing to distribute the kernel under the GPL clearly wouldn't bind them to GPL their own work which was (hypothetically) in there. Obviously, that's not the case here.
SCO is a software company, in the business of selling Unix and Linux. They have a duty to do due dilligence to ensure that their product is suitable for its intended purpose, and to ensure that no one openly copies their source code. Note that SCO is uniquely capable of that last.
SCO had full access to ALL linux source. They're going to have a hard time convincing anyone that they didn't know what they were doing. If they chose not to read what they distributed (remember, they're in exactly that business!), I think that they gave up the right to complain about GPL'ing what they chose to release. If SCO was a group of widows and orphans who couldn't possibly have made head nor tail of the programs, the situation would be very different.
Furthermore, it is my understanding that SCO continued distributing the Linux kernel (which they allege infringes something)AFTER they filed their suit. If that's the case, they have knowingly chosen to release their [copyright|trademark|trade secret|patent] whatever-it-is under the GPL, and the game's over for them.
Finally, (getting off topic a bit) the fact that they have chosen to prevent anyone (Redhat, Linus, IBM, usw.) from taking steps to minimize the damage done by any infringement looks very much like dealing in bad faith. If they should win in court, that's not going to help them collect damages. Judges get really nasty about dealings in bad faith.
I actually read the paper. You did copy the section headers, containing the three main points, correctly. After that, you're mostly wrong.
1. Where's the beef?
His first point argues that he doesn't have all the facts. He sets up a strawman outlining what he thinks SCO's position is,...
Dead wrong. He shows that they cannot make patent, trademark or trade secret claims against users. That leaves (if it is to be an ``IP'' suit, as SCO has insisted) only copyright violation as grounds for a suit against Linux users. Moglen might be wrong, but there's no staw in that man.
Moglen then goes on to point out that SCO is NOT behaving like a company which thinks it can successfully prosecute a copyright violation suit.
2. Why do User's need licenses?
Except for Free software, it's accepted that users need valid licenses for their software.
Dead wrong, according to Moglen, who probably knows what he's talking about. Read his opening sentence for this point 2. Also read the last two sentences of the first paragraph. Read the rest of this section, too: he expands upon the point at length.
His argument hinges on the position that SCO is going after copyright issues, which SCO hasn't claimed (point 1).
I already covered this (point 1).
PHBs accept software needs licenses.
I bet there was a point to this, but it doesn't seem to follow; what's the connection to your argument?
3. Do Users already have a license?
I thought his argument was that they don't need a license?
Actually, what he said was the users don't need a license to USE the programs. They do need a license to DISTRIBUTE them. Linux users (including SCO) already have such a license in the GPL.
A point he did not make, and probably should have, is that you cannot add restrictions to GPL'ed code. SCO is trying to peddle ``licenses'' which add such restrictions. Thus, Linux + some piddly bit of SCO proprietary code is simply undistributable, even by SCO. The GPL is all or nothing, and we're seeing now, I think, that that is a very good thing.
We've heard it said before: SCO may only distribute Linux under the GPL. They have no right to distribute it under any other terms. If they actually succede in suckering someone into purchasing a license, they might conceivably open themselves to a copyright infringment suit by any of the copyright holders of the kernel.
If you take my work, break the license and then distribute it as GPL, if I distribute your product under the GPL without knowledge that it infringes on my work, should I suffer?
If you are in business to sell that work, then yes, you should suffer, unless:
1) you show that you performed due dilligence in inspecting the code you released, and
2) you show that I somehow hid the fact that I had violated the terms of your license (e.g., by not showing you the source code... clearly out of the question here).
There are two principles behind that reply: First, that businesses are presumed to know what they are doing, in their own line of work. Thus, you could have, and should have, looked. The second principle is that as the accuser, the burden of proof should be on you. The third principle is that if I acted openly and notoriously, and you did nothing, then you have made it considerably harder to claim that I damaged you (and might have done even more harm than that to your case[1]). Right. There are THREE principles behind that answer. The fourth principle might be that it wasn't ME, but some other guy, who did the dirty deed, and so suffer or not, don't come crying to me about it. Four! There are FOUR principles....
How much should you (well, SCO; let's get back on topic) suffer? Since SCO has taken no steps to mitigate the damage, and prevented the Linux community from mitigating the damage, I can't imagine that the courts will be very sympatheic to grandiose c
Lay out the bucks for VMWare. Run the Windows that your company is probably already paying for under that, and use Windows under Linux for email (and maybe shares?). Problem solved, for a couple day's pay. That's a cheap price to minimize the irritation of Windows. I'm thinking about doing that myself.
Cygwin helps minimize that MS irritation, too, as does tweakui.
>>f such fragmentation were allowed, you will see exactly the problems you had previously with commercial vendors appearing in Linux products, only multiplied.
>are you talking about the bsd license? do you see this happening with bsd?
If you don't see it, it is probably because the commercial forks aren't called BSD anymore.
Windows notoriously used BSD networking code. Do you suppose the Microsofties contributed their changes back to the code base? So far as we know, no one has forked and closed an entire *BSD distribution, but I would imagine that most of the basics of them have been forked and closed multiple times.
I suppose that you could say that shows that the protections of the GPL are overkill; after all, the *BSD's are surviving quite nicely. You could also say that the GPL gives us tools to prevent anti-social behaviour, and that those tools are being applied to Linksys.
Slashdot Mirror
It might be kind of hard on the debian mirrors. I'm sure that the problem could be dealt with.
It wouldn't be nearly as bad as you seem to think: Debian ``stable'' means Debian ``never changes''. Except for security patches, and the once-every-year-or-two transition from Potato-->Woody or so, there would be essentially no load.
I won't go into the 'centralized lock-step authority' stuff inherent in your suggestion that everybody regularly and automatically update their OS software in a process they aren't even aware of.
You mean like when they use any recent version of Windows,and use the updates? Of course, they wouldn't get a less-favorable version of the licence with each new upgrade, they wouldn't get spyware added with each new upgrade and they wouldn't get their applications broken with each new upgrade. But other than those omissions, it would be just like the current situation.
Folks seem to live with the current situation, either by never upgrading, or by upgrading and taking their lumps. I'm sure that the clueless could learn to find something else to complain about if their computers stopped breaking. The cluefull few could simply change the cron job from:
apt-get update;apt-get -y dist-upgrade
to
apt-get update;apt-get -u dist-upgrade
so that they can review the proposed updates. With stable, there's not much point in reviewing changes for a workstation. Changes are sure to be security patches, and pretty sure not to break anything.
That's a pretty good start on ``... easy utilities to guide the less-than-a-guru user ...''.
Distributions are a bit better now than they used to be about sensible defaults. I got started with RH6.0, and it had everything turned on. I didn't realize that for quite a while, and didn't figure out that it was a bad idea for a while longer, and didn't figure out how to fix it until quite a while later, when I installed Mandrake 6.1 or so, and ran bastille for the first time.
Of course, I KNOW I didn't get rooted while I was running wide open: I wasn't on the net. No modem, no ISP, no problem.
By the time I got a modem, I'd learned how to run bastille, how to look for signs of intrusion, and so on. I got rooted once, and had to reinstall. I figured that the problem was that upgrading Redhat (I was back to them by that time) was too much hassle, so I switched to Debian. No problems since.
True, but the situation isn't so bad for us as it is for MS. First of all, the developers have actual incentive to really fix problems, and fix them fast. At MS, the developers don't have any incentive to fix anything until sales tells them: ``This bug is costing us sales.'' The developers job then is to make sales go back up. Fixing the bug may not be the easiest option.
Second, if security DOES become a big problem, we can start doing things like using libraries which are buffer-overflow safe (like libsafe, maybe?). This is available right now. People can start auditing critical stuff like glibc and the linux kernel for buffer overflows. There's a lot that our community can do (and should be doing!) right now, that MS just is never going to have the incentive to do. I'll bet there isn't anything like the kernel janitors working on the NT kernel.
Finally, the easiest and the most important thing we can do is make sure that the newbie distributions have secure, sensible defaults. Things like using something other than sendmail, having services turned off by default, not accepting connections from anything but localhost, and so on. For the typical newbie, who hooks up one machine to the 'net via ppp or pppoe, this kind of security wouldn't be a problem. Someone who needs to make their machine part of a lan would have to learn enough to turn on some of these services, and open up the default firewall a bit, but that's not a bad thing.
The day is coming when we will have to be more secure out-of-the-box. Security is a process, and begins with a knowledgeable user. Starting with the services turned off, and making the user learn to turn them on as he needs them, will help with the user education, and make the OS more usable in the long run. After all, the better you know it, the better you can use it.
Yes, because 95% of people can't administer a *nix box. They'd have to rely on pre-setup operating systems (just like they do now with Windows!). If those systems were Debian stable, they could be kept secure by a cron job (part of the default install, in this hypothetical situation) which looked like this:
apt-get update;apt-get dist-upgrade
If 95% of people used Debian stable, they'd be happy, just like they are with Windows, because they'd be using the same software everyone else is using, and having the same problems as everyone else.
They wouldn't be having problems with buggy old software on unsecured boxes, and they wouldn't be having the same sort of problems with viruses, either.
So, I live in Alaska. If I conserve water, how does that help Colorado? Are you going to pay to have it shipped down there?
You've chosen to live in a desert. Learn to deal with it.
>Yes you did. Right there at the end. Do you see it now? You mentioned SCO.
But look how long I held out! And it was in parentheses!
So, then, there are two possibilities:
And (you seem to be suggesting), if the author lets ANYONE make multiple copies, the document automatically goes into the public domain.
So, if you publish a book, you've let the printer make multiple copies and the book's in the public domain. If MS lets some business make multiple copies of Windows, it's in the public domain and we ALL can copy Windows. No author has the right to enter into an agreement to let his friends, associates or family make copies: doing that would eliminate his copyrights.
Wrong.
The problem with your idea is the ``... release something into the public domain with restrictions ...'' part. If it's in the public domain, it's not restricted. That's what public domain means. Everyone has the right to use it; no one has the right to restrict another from using it.
If you choose to make a copyrighted work available to others, and extend to them some of the rights which copyright law reserves to you, that's your right, and it doesn't, EVER, put that work into the public domain. That's what the GPL and the BSD licences do: they relax some of the restraints of copyright for those who abide by the licence.
To say that an author can't do that is to restrict his right of contract, and it's pure foolishness to suggest. From reading the babelfished version of the Heise article, I can't really tell what SCO is proposing for a theory, but I can't imagine anything that could ever fly.
We actually had a standing order here NOT to use OSS because of licensing questions, until I got the rule whittled down to exclude BSD, Apache and a few other licenses. The managers here thought that the money spent on exploring the legality of products based on top of GPL'd code was not worth the time they saved developers.
That's exactly why some folks use the GPL. If you want to play with our toys, play our game. If you don't want to play nicely with us, get your own stinking toys. I commend your manager's honesty.
Now say employee John Foofxr decides he wants someone to pay him some serious moolah to have this drug approved.
That's awfully blatent, and would get old John a long vacation at club fed. That kind of thing just isn't going to happen.
THIS is how the ``bribes'' happen. If you are a high-level bureaucrat, you can have a little talk with the executives at a company whose new drug you are tasked with approving. You mention that you'll be retiring soon, perhaps in a year or so after you've concluded their case. They reply that they really need someone who's experienced with dealing with FDA bureaucrats, to act as liasion with the agency (or experienced at dealing with Congress, to lobby for them, or ...), and would be interested in hiring you. You reply that you will certainly contact them when you retire. No money ever changes hands, but if you really want that cushy job, you make sure their drug gets approved.
There are some very real problems, with the FDA and government agencies in general, and you've missed them all. Two examples:
A real problem is that the FDA bureaucrats have nothing to gain by approving a drug, but a great deal to lose. If an FDA bureaucrat approves a drug and it turns out to be another thalidomide, he's in BIG trouble. If he approves a drug, and it turns out to be a side-effect-free cure for cancer and the common cold, he gets absolutely nothing. Thus, the bureaucrats always want one more round of tests, and people die waiting for safe, effective medicines.
Another big problem is regulatory capture, a natural process in which the regulated and the regulator talk only to each other, and the regulator eventually winds up siding with the regulated. We see this in action in US government when industry insiders are appointed to head the watchdog agencies for their industries, and when upper-level bureaucrats retire from Civil Service to take very high paying, low stress jobs in the industry they regulated. The result is that the FDA protects the pharmacutical industry at least as effectively as it protects us.
One example of how the FDA protects the industry is their enforcement of monopolies. No drug can go to market unless it is patented, because no drug can go to market unless someone has spent tens of millions getting the FDA's blessing. If someone were to find that an unpatentable combination of eye of newt, hair of bat and toe of frog cured cancer, the FDA would never approve it, since no company would fund the tests. Doctors would never hear about it from the drug company salesmen, so most of them would continue prescribing the current slash-and-burn therapies, which are sometimes worse than the disease. This hypothetical free, safe and effective therapy would never become available to most Americans, even if the research were published in JAMA and Lancet.
NEWSFLASH
Seriously, I'll bet you that ALL of the money, interest included, will go to the stated purpose of the fund. It's ridiculous to think that Redhat would commit such a trivial fraud so publically. Unlike SOME companies (notice my self restraint: I didn't mention SCO!), Redhat has recurring revenue, profits, and a business plan without Step 2) ????. They've got too much to lose to do something crooked.Dateline: State of Improbability.
This just in from Redhat CEO Matt Szulik:
This guy caught it when it was on Google's Top News page.
This is funny, but it shows that we need to take things like Google with a grain of salt. There's no human in the loop, and sometimes it shows.
With an older version of gcc, which still supports those architectures, and works just as well as ever?
Yes, people do starve here. They are usually drug addicts or far gone in senile dementia. The remainder are simply insane. I've watched some of these folks slide downhill. The law says that no one can force them to accept food or shelter. As you say, usually these people don't live long enough for starvation to actually kill them.
People who are compos mentis are usually willing to be helped. They do just fine here. The ones who hide from potential helpers we can't do much for.
Remember, in the US, the surest sign of poverty, low income, and low education is morbid obesity.
As for the Canadian vs. American health care system, most Canadians I have talked to much prefer their system, and far more Americans try to go to Canada for health care than vice versa.
As for the Canadian vs. American health care system, everyone prefers the familiar. I know that Canadians go South for elective surgery. That's big business along the border. They also go South for unimportant things like diagnostic MRI's. I think that healthy Canadians like their system, as long as they don't think about the reason for their high taxes. When they get sick, and find that the legislature didn't budget enough to take care of them, so they have to wait six months or more for diagnosis, and perhaps longer for treatment, they don't like it so well. Providing medical care (not just plastic surgery) to Canadians is big business in the border states.
I know that medical care in Canada is cheaper than in the US. I've gone there myself, for exactly that reason, to get fillings and such. If I get sick, though, I go to a doctor here.
No. They're copyright their various authors. It is that copyright which enables those authors to place the programs under the BSD|GPL|some other licence. CMUCL is an example of a program in the public domain: it ISN'T licenced.
I think your point could have been that ideas are free to all, or not free at all. Good point.
Antarctica?
Seriously, I haven't heard of anyone starving on the streets of North America. Here in the US, you can get free meals, and free groceries, in every city or small town I've ever been in. That's not counting the government welfare benefits, which are still widely available.
Or were you talking about the North Americans who are dieting?
Tons of people not covered by a proper medicare system (U.S).
An interesting survey I saw around 1999 said that 3/4 of USians surveyed said that ``inadequate health care was a major problem in the US''. The survey also said that 3/4 of the USians surveyed said that their healthcare was quite adequate. US healthcare is a great story, and sells a lot of papers, unless you look at the facts.
We don't have a ``proper medicare'' system here; that's why a lot of Canadians (who have a single payer system, which I guess is a ``proper medicare system'') go down there to the US to pay for the medical care which they could get free in Canada. Someday. Maybe.
>Agreed. And when this occurs, the person is not classified as a moron. I may still have trouble getting my point across, but at least there's some good information emanating from the other end.
Remember what I said about the purposes of conversation? You and I want that information, but most folks don't. If there's no information flowing, you may be dealing with a ritual jaw-flapper who still may not be a moron. Never try to win a conversation!
>> It's very likely that his opinion really is goofy. Don't tell him that. Instead, ask him some questions, and draw him out.
>And this is sound advice too. Works most of the time except when the ego inflation is so great and the opinions expressed ultra moronic.
Again, pity and self control are important social skills. Practice changing the subject, to something you don't know about, or don't care about. Others will see you yelling or walking away in mid-sentence and think that you are short-tempered, insensitive, hateful, careless of the feelings of others, and so on (how could you prove them wrong?).
You don't have to spend a lot of time interacting with others, but when you do, it's a REALLY bright idea not to make them think ill of you. The morons may be real losers, and everyone may well know it. Treating them with disrespect will make you look bad, and treating them with courtesy will make you look good. There's not much need to make others like you, but you're really shooting yourself in the foot when you give them excuse to dislike you.
Anand, you need to work on your social skills. Pity (e.g., for ignorant goofballs) and self control are very important social skills, and you just said that you haven't got them.
Next time you bump into someone who turns out the be one of these ``morons'', don't try to interrupt him and tell him he's wrong (that's where the self control comes in). It's barely possible that his opinion is also carefully considered, in which case you'll look like an egotistical fool.
It's very likely that his opinion really is goofy. Don't tell him that. Instead, ask him some questions, and draw him out. Try to find the basis for the goofy opinion, or to establish that there is no basis. It might be that there is some fact he doesn't know. Tell him that fact, and let him figure out that he's being goofy. Don't try to convince him, or rub his nose in it (this is where the pity for ignorant goofballs comes in).
Remember, conversation isn't a game that you try to win. It's a way to set others at ease (yes, some people are made VERY uneasy by being around others who don't participate in ritual jaw-flapping!), to while away time which can't be put to good use, to give and recieve affirmation (the you're-ok-I'm-ok sort of thing) and, very rarely, for giving and receiving information. Most people don't engage in conversation with the expectation that they will learn something, so they are surprised and discomforted when you try to tell them something new.
They must offer source for the whole program, including any portions which are their trade secrets, and any portions which they claim that IBM put in there. If they don't like that, well, they should have thought of that before they decided to distribute under that license.
If they had stopped distribution on the day they noticed the offending code, a reasonable person might (or might not!) have cut them some slack, and let them off the hook on this. They have instead continued to distribute for months now. It's no longer accident; it's copyright violation, by SCO.
The GPL is very much all-or-nothing. You can't be a little bit in compliance, and you can't gain by breaking it. If SCO were to come up with some way to ``break'' the GPL, they'd be left without the right to distribute any GPL'd software. Our rights to use it (and distribute it) would remain, unchanged.
There are few blondes in India, where most of the proprietary software tech support calls go. On the other hand, she might be VERY interested in meeting you if you are a US resident. Time to revise your fantasy?
It annoys me that I don't have a mascot like Clippy the paperclip in the vi text editor.
Vigor?
True.
The biggest difference is that someone can add their code to BSD code and do whatever the hell they want, while under the GPL they must GPL their new code.
True again. Someone can add his code to BDS code, and restrict my freedom to use the resulting derivative work. The hypothetical someone's extra freedom can only come at the expense of the freedom of others.
Complaining about the GPL's terms is a bit like complaining that you can't go around hitting others: giving you the freedom to punch others takes away those others' freedoms. Laws against assault aren't restrictions on your freedom, they are guarantees of everyone's freedom. It's the same way with the GPL.
The FSF has very carefully thought out its license, and crafted it to ensure that code protected by the GPL, and its derivatives, will always be free for anyone to copy, distribute and use. You are free to do anything you like with GPL'ed code, EXCEPT to restrict others from having the same freedoms the author gave you.
If you LIKE the idea that someone can use your code to establish a monopoly and lock out everyone else, you included, then you should definitely use something like a BSD license for your code. If that idea bothers you, look for another license.
The answer? NOT YOU.
If you're feeling lucky, you could simply publish the source code. Assuming that there are no trade secret issues, putting it on your website for public comment might not involve any serious liability.
Two things (at least) could happen:
1) The real copyright holder might notice, and answer your questions.
2) Nobody might really care, in which case you could eventually do something more daring.
3) SCO might sue you for infringing their copyrights on Unix^H^H^H^Heverything.
Option (1) could involve a bit of embarrasment for you, but if you weren't distributing the code, or claiming the right to do so, I imagine that you' probably get away with it. Or not. Talk to your lawyer. Get someone in Nigeria to post it.
Option (2) isn't so good, either. Although you never get in trouble, you really can't distribute or license the code. MAybe you could start a project to reimplement the functionality?
Under option (3), at least you would get some serious publicity on Slashdot.
>This argument gets thrown around a lot but it can only be correct of SCO knowingly injected the code in question into Linux.
I think you may be wrong here. If someone tricked SCO into releasing their own work under the GPL, this would be a strong argument. For example, if the kernel sources weren't available to the whole world so that SCO couldn't check them, then SCO agreeing to distribute the kernel under the GPL clearly wouldn't bind them to GPL their own work which was (hypothetically) in there. Obviously, that's not the case here.
SCO is a software company, in the business of selling Unix and Linux. They have a duty to do due dilligence to ensure that their product is suitable for its intended purpose, and to ensure that no one openly copies their source code. Note that SCO is uniquely capable of that last.
SCO had full access to ALL linux source. They're going to have a hard time convincing anyone that they didn't know what they were doing. If they chose not to read what they distributed (remember, they're in exactly that business!), I think that they gave up the right to complain about GPL'ing what they chose to release. If SCO was a group of widows and orphans who couldn't possibly have made head nor tail of the programs, the situation would be very different.
Furthermore, it is my understanding that SCO continued distributing the Linux kernel (which they allege infringes something)AFTER they filed their suit. If that's the case, they have knowingly chosen to release their [copyright|trademark|trade secret|patent] whatever-it-is under the GPL, and the game's over for them.
Finally, (getting off topic a bit) the fact that they have chosen to prevent anyone (Redhat, Linus, IBM, usw.) from taking steps to minimize the damage done by any infringement looks very much like dealing in bad faith. If they should win in court, that's not going to help them collect damages. Judges get really nasty about dealings in bad faith.
1. Where's the beef? ...
His first point argues that he doesn't have all the facts. He sets up a strawman outlining what he thinks SCO's position is,
Dead wrong. He shows that they cannot make patent, trademark or trade secret claims against users. That leaves (if it is to be an ``IP'' suit, as SCO has insisted) only copyright violation as grounds for a suit against Linux users. Moglen might be wrong, but there's no staw in that man.
Moglen then goes on to point out that SCO is NOT behaving like a company which thinks it can successfully prosecute a copyright violation suit.
2. Why do User's need licenses?
Except for Free software, it's accepted that users need valid licenses for their software.
Dead wrong, according to Moglen, who probably knows what he's talking about. Read his opening sentence for this point 2. Also read the last two sentences of the first paragraph. Read the rest of this section, too: he expands upon the point at length.
His argument hinges on the position that SCO is going after copyright issues, which SCO hasn't claimed (point 1).
I already covered this (point 1).
PHBs accept software needs licenses.
I bet there was a point to this, but it doesn't seem to follow; what's the connection to your argument?
3. Do Users already have a license? I thought his argument was that they don't need a license?
Actually, what he said was the users don't need a license to USE the programs. They do need a license to DISTRIBUTE them. Linux users (including SCO) already have such a license in the GPL.
A point he did not make, and probably should have, is that you cannot add restrictions to GPL'ed code. SCO is trying to peddle ``licenses'' which add such restrictions. Thus, Linux + some piddly bit of SCO proprietary code is simply undistributable, even by SCO. The GPL is all or nothing, and we're seeing now, I think, that that is a very good thing.
We've heard it said before: SCO may only distribute Linux under the GPL. They have no right to distribute it under any other terms. If they actually succede in suckering someone into purchasing a license, they might conceivably open themselves to a copyright infringment suit by any of the copyright holders of the kernel.
If you take my work, break the license and then distribute it as GPL, if I distribute your product under the GPL without knowledge that it infringes on my work, should I suffer?
If you are in business to sell that work, then yes, you should suffer, unless: ... clearly out of the question here).
1) you show that you performed due dilligence in inspecting the code you released, and
2) you show that I somehow hid the fact that I had violated the terms of your license (e.g., by not showing you the source code
There are two principles behind that reply: First, that businesses are presumed to know what they are doing, in their own line of work. Thus, you could have, and should have, looked. The second principle is that as the accuser, the burden of proof should be on you. The third principle is that if I acted openly and notoriously, and you did nothing, then you have made it considerably harder to claim that I damaged you (and might have done even more harm than that to your case[1]). Right. There are THREE principles behind that answer. The fourth principle might be that it wasn't ME, but some other guy, who did the dirty deed, and so suffer or not, don't come crying to me about it. Four! There are FOUR principles ....
How much should you (well, SCO; let's get back on topic) suffer? Since SCO has taken no steps to mitigate the damage, and prevented the Linux community from mitigating the damage, I can't imagine that the courts will be very sympatheic to grandiose c
Cygwin helps minimize that MS irritation, too, as does tweakui.
>are you talking about the bsd license? do you see this happening with bsd?
If you don't see it, it is probably because the commercial forks aren't called BSD anymore.
Windows notoriously used BSD networking code. Do you suppose the Microsofties contributed their changes back to the code base? So far as we know, no one has forked and closed an entire *BSD distribution, but I would imagine that most of the basics of them have been forked and closed multiple times.
I suppose that you could say that shows that the protections of the GPL are overkill; after all, the *BSD's are surviving quite nicely. You could also say that the GPL gives us tools to prevent anti-social behaviour, and that those tools are being applied to Linksys.