All of the output from DMoz is available in regularly updated RDF logs.
If AOL were to start to misuse DMoz, then it would be possible (not easy, the code for the ODP is closed source) to start a new volunteer project based on these logs.
It may worth signing up just to be privvy to the arguments going on in the editors fora around the whole openness/AOL controversy... Take care on your application, though: about 90% of applications are rejected.
You are quite right about the falseness of Hard AI not entailing existence of a counterexample, but McCarthy's challenge is really the only concrete suggestion there is on how we might give a scientific demonstration that Hard AI does not follow.
You are wrong about knowledge of human capabilities: neuropsychologists know quite a bit about what the brain does in such areas as language cognition, memory, visual processing and motor skills. However the connections to the research goals are not well understood, and Jordan Pollock knows pretty much as much as anyone about the connections.
John McCarthy has set out a famous challenge to critics of Hard AI: come up with a well-specified and testable human capability that cannot be modelled by an artificial mind.
If there *were* to be such a counter-example to Hard AI, what kind of areas of human competency might it involve? Which intellectual disciplines are best placed to generate and criticise such purported counter-examples?
UK style libel has long been far far worse than US style libel: it has long been an excellent strategy for politicians and the wealthy to sue newspapers for true accusations, a strategy that rarely backfires. Free speech is very badly protected in the UK.
IMO, continental Europe tends to take matters of privacy far more seriously than either UK or US, and matters of free speech as seriously as the US. Don't let the UK's bad law misguide you as to the state of the law in the rest of Europe.
What is wrong with Demon? They fought an expensive court battle they knew they were unlikely to win on a matter of principle, trying to protect their users freedom of speech. How many other ISPs do you think would do the same?
And they have been very open about what they are doing and why. If I was in the UK, I would switch to Demon: I trust people who are open. All the other UK based ISPs will be following just the same conservative policy, except they won't be telling you what they are doing and why.
This would work, except in placing this condition on users, he is violating the terms under which he received the GPL'd code. Carmack as the person who placed the GPL license on the orginal code, and everyone in the chain of redistribution from Carmack to Slade, have a legal complain against Slade, even if the people who dowload the code off Slade's site don't.
Re:PKI and other issues
on
SSH v. SRP
·
· Score: 2
Kerberos v5 allows multiple domains, where the compromise of the certificate authority only breaks authentication in that domain.
Quite so. The readers with NS and IE will tend to give dismal results on just those pages that sighted readers obtain dismal results with lynx.
I am sorry if I suggested that NS and IE *can't* be used with such software, though in my limited experience, it is more common to use leaner browsers such as lynx with these tools.
Another point is that the blind often use lynx, since it can be joined with software to read out text aloud.
No one should write their pages specifically for lynx: but then they shouldn't for IE or NS either. If you write your web pages in a flexible manner, more people will find the content easy to access (and not just people: also hits bringing web crawlers).
It's not that complex, but I think I don't think it is a good idea to make it impossible for large organisations to file patents just becuase they filed lots of patents in the past: folks like GE file a lot of *good* patents. The advantage of the bounty idea is that you can increase the bounty for companies that have a history of filing spurious patentes, without actually preventing them from mending their ways and filing good patents.
Do recall that I am *not* supporting mixter's action. I am, however, arguing that sometimes publishing tools that make it painfully obvious that certain security vulnerabilities can be exploited *can* be a good thing. I note that Bruce Schneier's latest Cryptogram comes to pretty much the same position as I. He's come from the opposite direction to me, though: I used to think it was always irresponsible to publish such code, until the CDoC's BackOrifice was published.
Re:An easy way to deter unoriginal patents
on
Perens on Patents
·
· Score: 2
Maybe there is something to this, but the idea of legal individual is a tricky one: big companies can create new companies whose purpose is to carry patents. Disentangling this in the law courts can be a tricky affair, and is perhaps impractical for the patent office to apply proactively.
The usual legal idea (in tax law at least, which is the bit I know a little about) is that one section of a big company shouldn't be deterred from profitable activity because of what the other parts are doing.
Insurance should be possible: insurers are in the business of covering thse kinds of small risks. What an insurer would demand is evidence that the patent provides a novel solution to a known problem.
Still, it is the case that the risk will be some deterrent, and it may be the case that insurance premiums are high because of the technical knowledge required to reduce risks to the insurer. Some ideas on protecting the little guy:
1. There could be discounts on the bounty for unlimited liability filers (ie. individuals and partnerships);
2. There could be discounts for `first time filers';
3. Bounty could be reduced if the filer can provide independent, expert testimonial saying that this is a novel solution to a known problem. (not sure about this)
What I like about my proposal is it attacks the problem without simply outlawing classes of patent, or creating potentially unlimited liability to patent filers. Maybe the idea is drastic, but are there any definitely better ideas out there?
If you cannot demonstrate prior art, then there is no possibility of your legal challenge succeeding. Only an idiotic lawyer would support such a challenge, since the costs would be borne by the law firm on a `no win no fee' basis.
Re:That just screws the little guy
on
Perens on Patents
·
· Score: 2
Yes, it would create a new class of `ambulance chasers'. But no, deep pockets would not be a protection if the bounty was set at the right level: the fact that prior art exists by itself motivates the challenge to the patent, and not necessarily by the firms competitors.
The fear is that this system would deter the filing of genuinely original patents. But if the filer knows their field, then they should be reasonably sure that prior art exists. Also, if the filer can obtain testimonials ofexperts in his field that the idea is genuinely original, then that should be enough to convince insurers to insure the patent.
It is a drastic measure: but the figure of only 1 in 20 patents actually being original is apalling!
The analogy with guns is spurious and only serves to characterise the issue in the most hysterical terms. A closer legal analogy would be the law on trespass.
It is a dangerous case, but to look at the sledgehammer analogy: suppose a company is selling doors claiming that they are suitable for bank vaults, and me and a friend discover that we can break through the doors in about five minutes with sledgehammers. Suppose we contact the company, and their response is `you are lying, the doors are perfectly adequate for the purpose', then is it not the case that revealing this weakness in the doors serves the public function of expoing false claims?
Re:An easy way to deter unoriginal patents
on
Perens on Patents
·
· Score: 1
.. naturally I meant the person who establishes existence of prior art in court *receives* the bounty...
An easy way to deter unoriginal patents
on
Perens on Patents
·
· Score: 2
Introduce a clause to filing a patent that if prior art is deminstrated to exist, then anyone who establishes this in court must pay a bounty. If this figure is set to the right level, it should ensure that patent filers are pretty confident that prior art does not exist, whilst unduly eroding the advantages of filing legitimate patents.
Normally the responsible thing to do is to contact the vulnerable party and explain the weakness without releasing details publically. But what about cases such as Microsoft's one-time pretence that certain security vulnerabilities did not endanger their users? A case can be made that, on balance, CDoC releasing BackOrifice was a good thing, because it forced recognition of the issue.
I'm not saying this is the normal case; instead I am simply arguing that it isn't always vandalism to release code that makes use of security weaknesses.
BTW, the DDoS vulnerability can be fixed within IPv5.
esr and his premise, that the bazzar produces better product than the cathedral falls down when you approach very large scale projects, and mission-critical applications. Look at the cathedral for a moment. How many medieval markets are still in existence, as they were when first built, and that still perform their intended purpose? Cathedrals 1100 years old still serve their original purposes. This is true in the IT world as well. COBOL engines crunching financial, manufacturing, and distribution data are still at the core of our industry. These systems ere built with project management, not collaboration.
Have you read ESR's latest essay The Magic Cauldron? He looks closely at a lot of different kinds of projects, especially ones like the one's I suppose that you are talking about: infrastructure projects used mostly internally. I think for a lot of such programs, open source will work. ESR doesn't say open source is always right, but rather open source is right much more often than people think.
Well, I disagree, though I disagree with Mixter's actions. A piece of code may have as its only use to break into a system, but distributing the source of the code makes the weaknesses public, and so able to be dealt with. Closing these publicly known holes then improves the security of the whole system even against unknown attacks.
The situation is different with DDoS: everyone knows what the security vulnerabilities are, and they are nothing that the target can protect against by themselves. Instead the solution depends upon changing the way routers work (eg. stopping them allowing broadcast PINGs which have no constructive use, and are the key to this kind of DDoS attack).
To sum up, nothing constructive is achieved by publishing code that makes use of a known vulnerability, as in this case, but something constructive is achieved by publishing hitherto unknown vulnerabilities.
The UCITA introduces two things. Firstly it introduces default liability for software faults against the author, and then it allows shrinkwrap licenses to invalidate these software protections.
It isn't too hard to see this as a way to sue the writers of free software, without being able to sue commercial distributors of software, as Stallman argued in linux today.
Lastly UCITA doesn't explicitly introduce measures against reverse engineering, but the kind of clauses UCITA allows manufacturers to introduce into their software explicitly include restrictions on use, and so it is feared manufacturers could forbid reverse engineering of their products. I don't think this would hold: there are federal laws explicitly permitting reverse engineering of software, which autmoatically overrides UCITA, but this only increases the ease with which bullying lawsuits may be made.
More digging: nothing significant was debated in the Commons, but there was a select committee which discussed feedback to the draft bill.
Available at Hansard: Trade and Industry Select Committee Report #14
Very nice site, BTW: a lot of information, well organised, and with the most helpful site specific search engine I have used (automatically looks for words with similar roots to those specified, and explains what it is doing).
It looks as if the plaintext requirement was tagged on in response to concerns that (i) users might have legitimate reasons not to possess the key, (ii) concerns that the police might use keys to obtain more information than authorised, or to hoard keys. They seem not to have thought of the problem of verification at all.
Slashdot Mirror
If AOL were to start to misuse DMoz, then it would be possible (not
easy, the code for the ODP is closed source) to start a new volunteer
project based on these logs.
It may worth signing up just to be privvy to the arguments going on in
the editors fora around the whole openness/AOL controversy... Take
care on your application, though: about 90% of applications are
rejected.
Charles (http://achilles.bu.edu/cas)
existence of a counterexample, but McCarthy's challenge is really the
only concrete suggestion there is on how we might give a scientific
demonstration that Hard AI does not follow.
You are wrong about knowledge of human capabilities:
neuropsychologists know quite a bit about what the brain does in such
areas as language cognition, memory, visual processing and motor
skills. However the connections to the research goals are not well
understood, and Jordan Pollock knows pretty much as much as anyone
about the connections.
come up with a well-specified and testable human capability that
cannot be modelled by an artificial mind.
If there *were* to be such a counter-example to Hard AI, what kind
of areas of human competency might it involve? Which intellectual
disciplines are best placed to generate and criticise such purported
counter-examples?
not just governments. From Mirriam-Webster:
Main Entry: 2censor
Function: transitive verb
Inflected Form(s): censored; censoring /'sen(t)-s&-ri[ng], 'sen(t)s-ri[ng]/
Date: 1882
: to examine in order to suppress or delete anything considered objectionable
UK style libel has long been far far worse than US style libel: it has
long been an excellent strategy for politicians and the wealthy to sue
newspapers for true accusations, a strategy that rarely backfires.
Free speech is very badly protected in the UK.
IMO, continental Europe tends to take matters of privacy far more seriously
than either UK or US, and matters of free speech as seriously as the
US. Don't let the UK's bad law misguide you as to the state of the
law in the rest of Europe.
knew they were unlikely to win on a matter of principle, trying to
protect their users freedom of speech. How many other ISPs do you
think would do the same?
And they have been very open about what they are doing and why. If
I was in the UK, I would switch to Demon: I trust people who are
open. All the other UK based ISPs will be following just the same
conservative policy, except they won't be telling you what they are
doing and why.
This would work, except in placing this condition on users, he is
violating the terms under which he received the GPL'd code. Carmack
as the person who placed the GPL license on the orginal code, and
everyone in the chain of redistribution from Carmack to Slade, have a
legal complain against Slade, even if the people who dowload the code
off Slade's site don't.
Kerberos v5 allows multiple domains, where the compromise of the
certificate authority only breaks authentication in that domain.
This is a good source of information on Kerberos.
on just those pages that sighted readers obtain dismal results with
lynx.
I am sorry if I suggested that NS and IE *can't* be used with such
software, though in my limited experience, it is more common to use
leaner browsers such as lynx with these tools.
No one should write their pages specifically for lynx: but then they shouldn't for IE or NS either. If you write your web pages in a flexible manner, more people will find the content easy to access (and not just people: also hits bringing web crawlers).
It's not that complex, but I think I don't think it is a good idea to
make it impossible for large organisations to file patents just
becuase they filed lots of patents in the past: folks like GE file a
lot of *good* patents. The advantage of the bounty idea is that you
can increase the bounty for companies that have a history of filing
spurious patentes, without actually preventing them from mending their
ways and filing good patents.
Do recall that I am *not* supporting mixter's action. I am, however,
arguing that sometimes publishing tools that make it painfully obvious
that certain security vulnerabilities can be exploited *can* be a good
thing. I note that Bruce Schneier's latest Cryptogram
comes to pretty much the same position as I. He's come from the
opposite direction to me, though: I used to think it was always
irresponsible to publish such code, until the CDoC's BackOrifice was
published.
a tricky one: big companies can create new companies whose purpose is
to carry patents. Disentangling this in the law courts can be a
tricky affair, and is perhaps impractical for the patent office to
apply proactively.
The usual legal idea (in tax law at least, which is the bit I know
a little about) is that one section of a big company shouldn't be
deterred from profitable activity because of what the other parts are
doing.
thse kinds of small risks. What an insurer would demand is evidence
that the patent provides a novel solution to a known problem.
Still, it is the case that the risk will be some deterrent, and it
may be the case that insurance premiums are high because of the
technical knowledge required to reduce risks to the insurer. Some
ideas on protecting the little guy:
1. There could be discounts on the bounty for unlimited liability
filers (ie. individuals and partnerships);
2. There could be discounts for `first time filers';
3. Bounty could be reduced if the filer can provide independent,
expert testimonial saying that this is a novel solution to a known
problem. (not sure about this)
What I like about my proposal is it attacks the problem without
simply outlawing classes of patent, or creating potentially unlimited
liability to patent filers. Maybe the idea is drastic, but are there
any definitely better ideas out there?
If you cannot demonstrate prior art, then there is no possibility of
your legal challenge succeeding. Only an idiotic lawyer would support
such a challenge, since the costs would be borne by the law firm on a
`no win no fee' basis.
pockets would not be a protection if the bounty was set at the right
level: the fact that prior art exists by itself motivates the
challenge to the patent, and not necessarily by the firms competitors.
The fear is that this system would deter the filing of genuinely
original patents. But if the filer knows their field, then they
should be reasonably sure that prior art exists. Also, if the filer
can obtain testimonials ofexperts in his field that the idea is
genuinely original, then that should be enough to convince insurers to
insure the patent.
It is a drastic measure: but the figure of only 1 in 20 patents
actually being original is apalling!
issue in the most hysterical terms. A closer legal analogy would be
the law on trespass.
It is a dangerous case, but to look at the sledgehammer analogy:
suppose a company is selling doors claiming that they are suitable for
bank vaults, and me and a friend discover that we can break through
the doors in about five minutes with sledgehammers. Suppose we
contact the company, and their response is `you are lying, the doors
are perfectly adequate for the purpose', then is it not the case that
revealing this weakness in the doors serves the public function of
expoing false claims?
.. naturally I meant the person who establishes existence of prior art in court *receives* the bounty...
Introduce a clause to filing a patent that if prior art is
deminstrated to exist, then anyone who establishes this in court must
pay a bounty. If this figure is set to the right level, it should
ensure that patent filers are pretty confident that prior art does not
exist, whilst unduly eroding the advantages of filing legitimate
patents.
party and explain the weakness without releasing details publically.
But what about cases such as Microsoft's one-time pretence that
certain security vulnerabilities did not endanger their users? A case
can be made that, on balance, CDoC releasing BackOrifice was a good
thing, because it forced recognition of the issue.
I'm not saying this is the normal case; instead I am simply arguing
that it isn't always vandalism to release code that makes use of
security weaknesses.
BTW, the DDoS vulnerability can be fixed within IPv5.
the cathedral falls down when you approach very large scale projects,
and mission-critical applications. Look at the cathedral for a
moment. How many medieval markets are still in existence, as they were
when first built, and that still perform their intended purpose?
Cathedrals 1100 years old still serve their original purposes. This is
true in the IT world as well. COBOL engines crunching financial,
manufacturing, and distribution data are still at the core of our
industry. These systems ere built with project management, not
collaboration.
Have you read ESR's latest essay The Magic
Cauldron? He looks closely at a lot of different kinds of
projects, especially ones like the one's I suppose that you are
talking about: infrastructure projects used mostly internally. I
think for a lot of such programs, open source will work. ESR doesn't
say open source is always right, but rather open source is right much
more often than people think.
code may have as its only use to break into a system, but distributing
the source of the code makes the weaknesses public, and so able to be
dealt with. Closing these publicly known holes then improves the
security of the whole system even against unknown attacks.
The situation is different with DDoS: everyone knows what the
security vulnerabilities are, and they are nothing that the target can
protect against by themselves. Instead the solution depends upon
changing the way routers work (eg. stopping them allowing broadcast
PINGs which have no constructive use, and are the key to this kind of
DDoS attack).
To sum up, nothing constructive is achieved by publishing code
that makes use of a known vulnerability, as in this case, but
something constructive is achieved by publishing hitherto unknown
vulnerabilities.
liability for software faults against the author, and then it allows
shrinkwrap licenses to invalidate these software protections.
It isn't too hard to see this as a way to sue the writers of free
software, without being able to sue commercial distributors of
software, as Stallman argued in linux today.
Lastly UCITA doesn't explicitly introduce measures against reverse
engineering, but the kind of clauses UCITA allows manufacturers to
introduce into their software explicitly include restrictions on use,
and so it is feared manufacturers could forbid reverse engineering of
their products. I don't think this would hold: there are federal laws
explicitly permitting reverse engineering of software, which
autmoatically overrides UCITA, but this only increases the ease with
which bullying lawsuits may be made.
Well... the pig's were actually pretty smart in Animal Farm.
More digging: nothing significant was debated in the Commons, but
there was a select committee which discussed feedback to the draft
bill.
Available at
Hansard: Trade and Industry Select Committee Report #14
Very nice site, BTW: a lot of information, well organised, and with
the most helpful site specific search engine I have used
(automatically looks for words with similar roots to those specified,
and explains what it is doing).
It looks as if the plaintext requirement was tagged on in response to
concerns that (i) users might have legitimate reasons not to possess
the key, (ii) concerns that the police might use keys to obtain more
information than authorised, or to hoard keys. They seem not to have
thought of the problem of verification at all.