This is one of the weak points of public-key encryption; for it to be effective, you need some way to verify that the person whose public key you're using to encrypt data is really the person who you want to send the data to. With SSH this is typically done by keeping a list of fingerprints of the public keys of known hosts; the first time you connect to a host you're prompted with a warning that it's an unknown host, and asked if you want to add it to your known hosts list. This is a point of failure -- if the first time it turns out to actually be an imposter, you'll have added the imposter's fingerprint.
The SSL key-signing mechanism is intended to avoid this problem by having a company like Verisign that is supposed to be trustworthy. Thus you only need to get Verisign's key in a trusted manner (usually by being distributed with a browser), and then you can verify that all the other keys you get aren't fakes by checking to see if they've been properly signed by Verisign. The only points of failure here are: 1) the possibility of getting a fake Verisign key; and 2) the possibility of Verisign messing up and certifying a fake key. Generally 1) is not a significant problem; 2) may be. Since browsers generally treat all CAs the same, the strength against weakness 2) is only as good as the reliability of the least-reliable of the CAs. This is another reason why adding an unknown CA is a bad idea -- it basically makes the signing system completely useless. If you're going to do that, you might as well just tweak your browser's options to stop warning about unsigned keys altogether, since keys being signed by untrusted random parties isn't any better than them not being signed at all.
It's a fairly difficult problem to solve successfully. With PGP email one method being explored is a "web of trust," where you sign the keys of people you can vouch for (i.e. you known them personally so you can verify that they are who they say they are). This is difficult to scale though, since it only takes a handful of otherwise-trustworthy people to irresponsibly sign keys without properly verifying their authenticity to make the whole system useless (similar to the way it only takes one bad CA to make the system useless, only here the number of points of failure is much higher).
I would be very hesitant to add you, someone I do not know or have a particular reason to trust, as a CA. I wouldn't mind accepting your self-signed certificate to do an SSL transaction with your site, but adding you as a CA is a much bigger security risk. If I do that, you can then sign certificates for any site, including sensitive sites like my bank's. Then you, as a potentially malicious CA, can trick me into accepting false certificates identifying my bank's site.
Thus if you don't want to use a certificate signed by the major CAs, then please just self-sign. I have no problem accepting self-signed certificates, but adding random sites you don't know as CAs is a huge security risk that no one should do (so it'd be nice if you didn't require people to do it in order to visit your site).
I don't think that this would invalidate EULAs, because an EULA says something along the lines of "you have to accept this to use the software." The GPL explicitly says the opposite -- "You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works." Thus the GPL is explicitly not an EULA (partly because the FSF thinks EULAs shouldn't hold up in court, so wants the GPL to work without being an EULA).
As for damages, I'm not sure the courts would go along with that. It's possible, but the courts tend to deal much better with "I'm suing you for [x] in damages," which they understand, than these sorts of non-monetary issues, which they don't.
This is what remains untested in court. If you choose to follow the GPL, then you're following it like a contract. But if you distribute a derivative work without following the GPL, it's arguable that you're not violating the GPL, since you never accepted it in the first place. What you are doing is simple copyright violation, since you're distributing derivative works without permission from the copyright holder. Thus the only thing they can do is the usual "sue you for damages" that happens in copyright infringement, or possibly criminal copyright infringement charges depending on the circumstances. It basically becomes a standard piracy lawsuit.
How could you possibly have inferred from my statement that I was saying communism and democracy are mutually exclusive? The Democratic Republic of the Congo is neither communist (in name or in practice) nor is it a democracy (though it does have that in the name).
The substance of my comment was that claiming that China must be communist because its ruling party calls itself the "Communist Party" makes about as much sense as claiming that the Democratic Republic of the Congo must be democratic because it has the word "Democratic" in its name.
The distinction is fading quite a bit. Modern x86 chips have RISC cores, but have additional hardware outside the core to translate the CISC instruction set to the core RISC instruction set. On a true RISC chip, the translation from higher-level constructs to lower-level opcodes happens in software at the compilation stage. The functional and performance difference between the two approaches isn't really that huge anymore, since this CISC->RISC translation doesn't slow things down a whole lot.
Now what does slow things down is the hardware having to deal with parallelizing code in the pipeline and avoiding all the variou ssorts of problems that can cause. Both RISC and CISC chips generally do this in hardware. The Itanium is the first to abandon that approach, and say "it's up to the compiler to make sure stuff doesn't mess up when we pipeline." Speeds things up a lot, but makes writing compilers damn near impossible, and writing hand-coded assembler completely impossible.
China hasn't been communist for quite a long time; there's plenty of private industry (both local and foreign), and significant disparity in wealth between the rich and the poor. It's essentially a capitalist one-party state. It's still socialist in some ways, though mostly unofficially (a lot of the large private companies are indirectly controlled by people in high places in the government).
1) Linux isn't an operating system... true... RMS is preaching as much... GNU/Linux is however an operating system...
I don't think this is what they meant. FreeBSD is designed as a complete operating system so all its parts work together. The analogous system in the Linux work would be something like Debian.
I personally happen to think Debian does a fine integration job, so don't give much weight to the "FreeBSD is engineered as a whole while Linux" isn't argument, but I will admit that there is a bit more developer cooperation in the BSD world (Debian often has to hack together misbehaving 3rd-party packages so they'll work the way Debian packages are supposed to).
I listen to quite a bit of ebm and gothic/industrial, and I'd say the primary reason these are only niche music markets is that most people don't like them. They're simply not styles of music that most people like to listen to. I've played samples for all sorts of people, and very few are receptive at all to that style (most find it "too dark" or "too depressing" or something of that sort). I doubt that even a multi-million dollar advertising campaign would suddenly make Front 242 sell 15 million copies of its albums.
Your point seems to be answering the FSF's argument that calling it GNU/Linux is proper since the GNU project deserves a large part of the credit for the overall system (by pointing out that XFree86 and others do as well). However, I think Bruce's point was slightly different -- calling it "GNU/Linux" gives a connotation of free software by reminding people that it fulfills the goals of the GNU project (to have a completely free software operating system). At the very least people will ask "what is this 'GNU' thing?" and perhaps investigate further, rather than just treating "Linux" as another operating system.
A lot of cable modem companies are starting to offer tiered service, since they're realizing that charging the person who just reads email and the person who downloads 30 GB a week the same rate isn't really a good idea. So you may in some areas be able to pay $20/month for "low-speed" cable (probably capped at 128k or 192k or something like that).
The people who never ever come up with a useful invention still get paid by the company. And the people who come up with lots also get paid. If they worked on commission, the first group of people would get nothing and the second group would become rich. But instead they all get paid for working, not for the results of their work (to a certain extent; if you're a really crappy employee you'll never get promoted and might get fired).
With songwriters, you can say "you get 10% of the profits from the sale of this album," which is relatively straightforward to measure (and even then you have a lot of disputes). With industrial patents, it's a lot more nebulous. How do you determine how much money the company has made from your patent? For example, say they make something with a blue LED. What percentage of the value of that product does the blue LED account for?
On the one hand, it is true that patent law is becoming increasingly skewed against individual inventors. But on the other hand, if your job at a company is to come up with new ideas and methods of doing [whatever your particular field is], it wouldn't make much sense if you could come up with them, patent them, and then hold the company hostage, demanding they license your ideas. I mean that was what they were paying you for in the first place.
Unless you have some sort of cron-job auto-running apt-get update for you periodically, apt won't automatically update its list of packages until you tell it to.
Anyone remember the X-Com first-person shooter? It basically had nothing in common gameplay-wise with the highly successful X-Com games; it was just an FPS in vaguely the same setting taking advantage of the X-Com name. It was not very successful.
My tentative prediction is that Starcraft: Ghost will fare similarly.
This is one of the weak points of public-key encryption; for it to be effective, you need some way to verify that the person whose public key you're using to encrypt data is really the person who you want to send the data to. With SSH this is typically done by keeping a list of fingerprints of the public keys of known hosts; the first time you connect to a host you're prompted with a warning that it's an unknown host, and asked if you want to add it to your known hosts list. This is a point of failure -- if the first time it turns out to actually be an imposter, you'll have added the imposter's fingerprint.
The SSL key-signing mechanism is intended to avoid this problem by having a company like Verisign that is supposed to be trustworthy. Thus you only need to get Verisign's key in a trusted manner (usually by being distributed with a browser), and then you can verify that all the other keys you get aren't fakes by checking to see if they've been properly signed by Verisign. The only points of failure here are: 1) the possibility of getting a fake Verisign key; and 2) the possibility of Verisign messing up and certifying a fake key. Generally 1) is not a significant problem; 2) may be. Since browsers generally treat all CAs the same, the strength against weakness 2) is only as good as the reliability of the least-reliable of the CAs. This is another reason why adding an unknown CA is a bad idea -- it basically makes the signing system completely useless. If you're going to do that, you might as well just tweak your browser's options to stop warning about unsigned keys altogether, since keys being signed by untrusted random parties isn't any better than them not being signed at all.
It's a fairly difficult problem to solve successfully. With PGP email one method being explored is a "web of trust," where you sign the keys of people you can vouch for (i.e. you known them personally so you can verify that they are who they say they are). This is difficult to scale though, since it only takes a handful of otherwise-trustworthy people to irresponsibly sign keys without properly verifying their authenticity to make the whole system useless (similar to the way it only takes one bad CA to make the system useless, only here the number of points of failure is much higher).
I would be very hesitant to add you, someone I do not know or have a particular reason to trust, as a CA. I wouldn't mind accepting your self-signed certificate to do an SSL transaction with your site, but adding you as a CA is a much bigger security risk. If I do that, you can then sign certificates for any site, including sensitive sites like my bank's. Then you, as a potentially malicious CA, can trick me into accepting false certificates identifying my bank's site.
Thus if you don't want to use a certificate signed by the major CAs, then please just self-sign. I have no problem accepting self-signed certificates, but adding random sites you don't know as CAs is a huge security risk that no one should do (so it'd be nice if you didn't require people to do it in order to visit your site).
You post on Slashdot, after all.
I don't think that this would invalidate EULAs, because an EULA says something along the lines of "you have to accept this to use the software." The GPL explicitly says the opposite -- "You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works." Thus the GPL is explicitly not an EULA (partly because the FSF thinks EULAs shouldn't hold up in court, so wants the GPL to work without being an EULA).
As for damages, I'm not sure the courts would go along with that. It's possible, but the courts tend to deal much better with "I'm suing you for [x] in damages," which they understand, than these sorts of non-monetary issues, which they don't.
This is what remains untested in court. If you choose to follow the GPL, then you're following it like a contract. But if you distribute a derivative work without following the GPL, it's arguable that you're not violating the GPL, since you never accepted it in the first place. What you are doing is simple copyright violation, since you're distributing derivative works without permission from the copyright holder. Thus the only thing they can do is the usual "sue you for damages" that happens in copyright infringement, or possibly criminal copyright infringement charges depending on the circumstances. It basically becomes a standard piracy lawsuit.
What about all the capitalism going on outside of Hong Kong? Visited the industrial parks around Shanghai?
How could you possibly have inferred from my statement that I was saying communism and democracy are mutually exclusive? The Democratic Republic of the Congo is neither communist (in name or in practice) nor is it a democracy (though it does have that in the name).
The substance of my comment was that claiming that China must be communist because its ruling party calls itself the "Communist Party" makes about as much sense as claiming that the Democratic Republic of the Congo must be democratic because it has the word "Democratic" in its name.
So by your logic, the Democratic Republic of the Congo is quite a democracy!
The distinction is fading quite a bit. Modern x86 chips have RISC cores, but have additional hardware outside the core to translate the CISC instruction set to the core RISC instruction set. On a true RISC chip, the translation from higher-level constructs to lower-level opcodes happens in software at the compilation stage. The functional and performance difference between the two approaches isn't really that huge anymore, since this CISC->RISC translation doesn't slow things down a whole lot.
Now what does slow things down is the hardware having to deal with parallelizing code in the pipeline and avoiding all the variou ssorts of problems that can cause. Both RISC and CISC chips generally do this in hardware. The Itanium is the first to abandon that approach, and say "it's up to the compiler to make sure stuff doesn't mess up when we pipeline." Speeds things up a lot, but makes writing compilers damn near impossible, and writing hand-coded assembler completely impossible.
China hasn't been communist for quite a long time; there's plenty of private industry (both local and foreign), and significant disparity in wealth between the rich and the poor. It's essentially a capitalist one-party state. It's still socialist in some ways, though mostly unofficially (a lot of the large private companies are indirectly controlled by people in high places in the government).
1) Linux isn't an operating system... true... RMS is preaching as much... GNU/Linux is however an operating system...
I don't think this is what they meant. FreeBSD is designed as a complete operating system so all its parts work together. The analogous system in the Linux work would be something like Debian.
I personally happen to think Debian does a fine integration job, so don't give much weight to the "FreeBSD is engineered as a whole while Linux" isn't argument, but I will admit that there is a bit more developer cooperation in the BSD world (Debian often has to hack together misbehaving 3rd-party packages so they'll work the way Debian packages are supposed to).
I listen to quite a bit of ebm and gothic/industrial, and I'd say the primary reason these are only niche music markets is that most people don't like them. They're simply not styles of music that most people like to listen to. I've played samples for all sorts of people, and very few are receptive at all to that style (most find it "too dark" or "too depressing" or something of that sort). I doubt that even a multi-million dollar advertising campaign would suddenly make Front 242 sell 15 million copies of its albums.
Your point seems to be answering the FSF's argument that calling it GNU/Linux is proper since the GNU project deserves a large part of the credit for the overall system (by pointing out that XFree86 and others do as well). However, I think Bruce's point was slightly different -- calling it "GNU/Linux" gives a connotation of free software by reminding people that it fulfills the goals of the GNU project (to have a completely free software operating system). At the very least people will ask "what is this 'GNU' thing?" and perhaps investigate further, rather than just treating "Linux" as another operating system.
I don't see anyone replacing gcc anytime in the near future, to take just one example...
In which case the Europarliament will almost certainly have finished passing analogous laws by the time Palladium comes to market.
A lot of cable modem companies are starting to offer tiered service, since they're realizing that charging the person who just reads email and the person who downloads 30 GB a week the same rate isn't really a good idea. So you may in some areas be able to pay $20/month for "low-speed" cable (probably capped at 128k or 192k or something like that).
They certainly should've given him a nice bonus.
The people who never ever come up with a useful invention still get paid by the company. And the people who come up with lots also get paid. If they worked on commission, the first group of people would get nothing and the second group would become rich. But instead they all get paid for working, not for the results of their work (to a certain extent; if you're a really crappy employee you'll never get promoted and might get fired).
With songwriters, you can say "you get 10% of the profits from the sale of this album," which is relatively straightforward to measure (and even then you have a lot of disputes). With industrial patents, it's a lot more nebulous. How do you determine how much money the company has made from your patent? For example, say they make something with a blue LED. What percentage of the value of that product does the blue LED account for?
On the one hand, it is true that patent law is becoming increasingly skewed against individual inventors. But on the other hand, if your job at a company is to come up with new ideas and methods of doing [whatever your particular field is], it wouldn't make much sense if you could come up with them, patent them, and then hold the company hostage, demanding they license your ideas. I mean that was what they were paying you for in the first place.
...the MOLECULAR MAN!
I wish my company offered me dragons as part of the severance package...
When you accept the money you fraudulently signed for.
Unless you have some sort of cron-job auto-running apt-get update for you periodically, apt won't automatically update its list of packages until you tell it to.
Anyone remember the X-Com first-person shooter? It basically had nothing in common gameplay-wise with the highly successful X-Com games; it was just an FPS in vaguely the same setting taking advantage of the X-Com name. It was not very successful.
My tentative prediction is that Starcraft: Ghost will fare similarly.