Today's topic: Would the world be a better or worse place if we prosecuted software companies just like anyone else when they commit acts of false advertising?
I see much potential for groups of individuals to legally "motivate" companies they don't like! Of course I would never suggest a Distributed Resume Attack be implemented against any particular organization.
Worst case--what--you get a job.
Hey, Melinda, Where are we going to store all these Osama bin Lauden resmues?
Gee, Bill, I guess we could put 'em in the warehouse next to the Sadaam Hussein job applications.
Any other use will be considered a federal crime. You are a terrorist. Those convicted will be required to purchase and install a copy of Microsoft's current OS for each CPU they own. Too bad if you have a SMP system.
Yeah, I like that one. I worked in a plant in Mississippi for a few years. Each year, the plant would have a "theme" week to whip up employee morale. One year, the name of the theme was "Fabulous memories of the good times.", and the subject of the theme was 1950's America. They had bobby socks (whatever the hell those were), poodle skirts, restored vintage cars, 6oz Cokes (with peanuts to put in them), Buddy Holly music, etc. Really a great party, in the 1990s. But...
If you know anything about US demographics, you'll know that for a lot of the people living in rural Mississippi, the 1950's were NOT good times.
Well, strictly speaking, the bulb generates UV radiation which excites the phosphors coating the inside of the tube. These in turn fluoresce in the visible spectrum.
Yes, I RTFA. They propose to get the general public to help monitor certain sensitive areas in which nobody has any business anyhow.
The problem is that this indoctrinates the general public into the idea that "being a fink is a public service". Being a fink is not a public service. It's being a fink.
In a general sense, the proposal really says to the public "Here, we want you to get into the habit of monitoring folks for this particular crime and reporting it to us.
The "target market" of this program is the schoolyard fink who tries to improve his status with the administration by reporting "Johnny said a cuss word.".
I understand that this proposal only suggests that we recruit the general public to watch over certain sensitive areas.
My concern is that the qualifier "certain sensitive areas" will quickly be dropped.
This is the TIPS program in sheeps clothing. "Bend over; I promise I'll only stick the tip in." Slippery slope, and all that.
I do have to say, though, that the name "HomeGuard" describes the program spot-on. If you're a B5 Fan.
First, let me say that I read the article and did a whois of the domain to make sure it wasn't a forgery. Nope; looks like "the" Financial Times of London to me. I thought they were a respectable publication.
This is just some Brit trying to troll the Yanks:
"American voters will either get commercial regulation of spam by the next election or they will insist on moral regulation. The logic of America's war on drugs will take over. Rival political candidates will engage in a sort of auction, solemnly bidding up the criminal penalties they deem appropriate. "
If I format the Whois info legibly, the lameness filter kicks it for lines too short. Look it up yourself or just deal with it.
WHOIS Record for ft.com Registrant: THE FINANCIAL TIMES LIMITED (FT2-DOM)
Number One Southwark Bridge, London, UK; Domain Name: FT.COM Administrative Contact: The Financial Times Limited (CS2810-ORG)company.secretary@FT.COM The Financial Times Limited Number One Southwark Bridge, London, GB (+44)20-7873(3000) fax: - (+44)873(3928) Technical Contact: Support, FT (CNKMTQXQSO)ftepops@FT.COM The Financial Times Ltd Number One Southwark Bridge, London, UK +44 20 7873 3000 Record expires on 29-Nov-2005. Record created on 30-Nov-1994. Database last updated on 5-May-2003 11:41:32 EDT. Domain servers in listed order: NS.DIGISLE.NET 167.216.193.232 NS1.DIGISLE.NET 167.216.250.42
Early in the morning in the middle of the night, Two dead boys started a fight. Back to back, they faced each other, Turned around, drew their swords, and shot each other. A deaf policeman hear the noise, And he arrested the two dead boys.
Re:Private key != source
on
Linus on DRM
·
· Score: 1
Well, Opera ate my comment, but this forces me to rewrite it a little with a little less verbosity.;)
I like your definition. It allows the inclusion of a key into an executable at compile time to fall under the "static-linking" discussion already well under way. IANAL, so I don't know if this has ever been tested in court. But "GPL requires opening of all source to all code statically linked to GPL code" seems pretty defensible to me.
I also like the simplicity of your definition. Without getting into the nuances of what is "data" and what is "code", the key part of your definition "or is part of the executable" is great!
Imagine explaining to a non-technical audience (judge) what "code" is, all you have to say is "here is the file you run". "Look, this stuff is in the file".
Thank you
Re:Private key != source
on
Linus on DRM
·
· Score: 1
Don't miss the point! The answer to your next "A-Ha" is "What makes it source code and not inputs"? Think about this before you post;)
Re:Private key != source
on
Linus on DRM
·
· Score: 1
"Functioning identically implies that it gives the same outputs for identical inputs."
Identical inputs is the question here.
You have not addressed the initial question: Is a private key source (code) or is it "inputs" (data)?
It's not a trivial question: Talk to any programmer, and they can examples of things that area clearly code (algorithms written in C) and things that are clearly data (lists of names and addresses of clients).
But, there is no clear dividing line. I write automated testware that uses a sequencer to step through tests. Part of what I provide is a list of items that should be present before and after each test, and a list of tests that should be executed. Is this data? Is this code? Arguments can be made either way.
Before we can discuss "identical inputs" and "source code", we must define our terms: Implicit definitions "Code is things like...Data is things like..." won't answer the question. It is impossible to test a case against an implicit definition.
Here are a couple of "off the cuff" definitions of code and data for you to pick at:
Code is something that a machine can execute. Code defines a process, a series of events, a set of conditions and outcomes for those conditions. Code may act without any external data, or may make decisions based on external data. Code may output data (an image editor), or it may not output data (a temperature control algorithm).
Data cannot be executed. By itself, it can do nothing; it must be acted upon by code. Data can be unique, so that a specific piece of code acting on one set of data will behave different when acting on another set of data.
These are admittedly sloppy and incomplete definitions. I present them as an agent provocateur. If you think my definitions suck, feel free to take them and modify them--I release them under the GPL;).
Without clear definitions, the discussion doesn't go anywhere. It's like two freshmen discussing the profound question "If a tree falls in the forest, does it make a sound.". There's no profound question. One student defines "sound" as vibrations in air. The other defines "sound" as something people can hear. They're going to go 'round and 'round until they figure out they're not even talking about the same thing.
In my example, the function of the kernel is to report what secret key was used as when it was compiled. In both cases, that's what it did.
I can't help it if you used different inputs when you executed make dep bzImage modules modules_install. Those differences may have been a different.config file or a different secret key. Point is, you used different inputs. You'd better expect different outputs.
Private key != source
on
Linus on DRM
·
· Score: 4, Interesting
Assumptions--Just to keep the discussion non-trivial: Binary programs outside the kernel can be "fooled" into thinking they are "trustworthy", and a binary kernel can't. Fritz and all that...
Let's say I want to operate karlandtanya's streaming radion station. You can play music but you can't copy it. I believe this is possible becasue I don't believe in the existence of analog recorders. Hardware is cheap, but commercial OSs are not. So I choose to use GNU/Linux for the OS.
I want to prevent you from copying the digital stream I send you. How do control functionality and still respect the fact that you have the right to hack GPL software?
I sell a subscription to my service. I give you the OS and software. The box (and its Fritz chip) remain mine, but you are allowed to use it as long as you are a subscriber. I threaten to sue you if I find out you've changed my hardware in any way.
The OS I give you is "karlandtanya's Orwellian GNU/Linux". The distro comes with a binary kernel that I've signed. I also give you sources for everything, including a key-response program (which is compiled into the kernel) and (just to show I'm sincere) the source for the server side of the system. But I don't give you my secret key.
You immediately untar the sources, recompile the kernel and install. You don't make any changes to the source or any configuration.
You boot the box I loaned you. The Fritz chip won't let it boot. My hardware can only be used to do what I want it to you. "That's fair.", you say. "I paid for the subscription, not the box."
Because you are very clever, you have another very similar box, but without the Fritz chip. You build and install all the packages in karlandtanya's Orwellian GNU/Linux on your hardware and boot it up.
Next, you log onto my site. The site initiates a secure handshake with the key-response program built into your kernel. But when you built your kernel, you did not use my secret key. So the binaries cannot verify against my server. The site denies you access.
Now comes the interesting part:
Now, you and 10,000 of your friends take me to court for GPL violation.
Plaintiff: "Since I cannot compile a working binary from the source you sent me, you did not release the source code. You are in violation of GPL. You must release the source, replace the OS with a non-GPL OS, or refund our money."
Defendant: "Yes, I did release the source code. And it works. I just didn't give you my secret key."
Plaintiff: "No, you did not release the source. Since I cannot build exactly the same binary that you sent me, part of the source must be missing."
Defendant: "Yes, I did release the source. The binaries you generated function exactly the same as the ones I gave you. Part of their function is to verify that they were created using the same secret key as the server they are trying to connect to."
When's the last time they came out with a better "strong-crypto" human? I mean a design that can be replicated and used globally--not a some fancy one-off Engineering version only functional in a lab or university.
Since the HGP has just released the complete source code, I think we should use the open-source model of development:
Let the user community build, test, and report bugs. Every couple weeks, developers can release a new test version to thousands of users.
Distribution of the code should not be a problem: everything.com
So, what? Can you copy this stuff? I guess there's SW involved, and rulebooks, but little plastic models? Unless you can play these games (and be taken seriously by the other gamers) without buying the manufactured items, the manufacturer does not have to worry about file swapping. "RIAA vs Listeners" model would not apply.
There's a demand for the product. The gamers have invested money, time, and pride in buying, learning to play, and becoming proficient with their games. It will be hard for them to quit the game--or even to quit trying to engage new players.
Apparently the marketing folks have decided they've accumulated a "critical mass" of players. The product now "sells itself".
The manufacturer no longer needs the exposure of multiple outlets for their product. What they need now is the ability to tightly control the perceived value (and the selling price) of their product.
Nah, the Linux crowd would waste huge bucks on apple hardware, strip off the OS (best part of Apple), and put Slackintosh on it.
Or, the Linux case modders would buy the beige box, then waste huge bucks making the thing look like an apple. And configure KDE to look just like OSX.
As an Engineering consultant for these past 7 years, my job usually requires me to do the following.
Find out what the Client needs.
Convince him that's what he wants.
Convince him that it was his idea in the first place. (This is important. The Client is the smartest guy in the room--just ask him!)
Deliver what the Client needs while meeting the requirements of budget, functionality, and schedule.
Make sure the Client's looks like a f***ing genius in front of his bosses.
None of these are optional. If the consultant fails to do any of the above, the consultant does not get invited back to do the next job!
Having said that, I have the good fortune to work for a Client (for the past year and a half) who actually is the smartest guy in the room. If you ever have a Client who knows what he wants, lives in reality, and is committed to doing what is needed, cherish him! A Client with a full CNS (both a brain and a spine) is a rare jewel.
Most clients will sit the consultant down and say "Please shoot me in the foot.". When they do this, the consultant must explain that "this is going to hurt; do you really want to do this?" If they insist, the most you can do is be ready with bandages.
Some clients will ask you to shoot them in the head. By this, I mean doing things that will cause any safety concerns/violations or catastrophic financial consequences. Best you can do there is refuse to do the work.
I happen to have the good fortune to work for a Consulting company where the President stands by such decisions. I (and the Engineers working for me) have had the rare occasion to tell a Client "No, we won't do that. "It's unsafe" or "the liability is too great". In every instance, the President has stood behind us.
One final word: Pride. Forget about it. The Client is always right. There is nothing that will get you banned from the jobsite faster than embarassing the Client in front of his boss.
Slashdot Mirror
Today's topic: Would the world be a better or worse place if we prosecuted software companies just like anyone else when they commit acts of false advertising?
Divide up into small groups and discuss.
Yeah, I know the article is about printing your very own currency. I'm responding to the smart remark at the end of the headline on /..
Of course I would never suggest a Distributed Resume Attack be implemented against any particular organization.
Worst case--what--you get a job.
Hey, Melinda, Where are we going to store all these Osama bin Lauden resmues?
Gee, Bill, I guess we could put 'em in the warehouse next to the Sadaam Hussein job applications.
Any other use will be considered a federal crime. You are a terrorist. Those convicted will be required to purchase and install a copy of Microsoft's current OS for each CPU they own. Too bad if you have a SMP system.
Yeah, I like that one. I worked in a plant in Mississippi for a few years. Each year, the plant would have a "theme" week to whip up employee morale. One year, the name of the theme was "Fabulous memories of the good times.", and the subject of the theme was 1950's America. They had bobby socks (whatever the hell those were), poodle skirts, restored vintage cars, 6oz Cokes (with peanuts to put in them), Buddy Holly music, etc. Really a great party, in the 1990s. But...
If you know anything about US demographics, you'll know that for a lot of the people living in rural Mississippi, the 1950's were NOT good times.
pedantic
Well, strictly speaking, the bulb generates UV radiation which excites the phosphors coating the inside of the tube. These in turn fluoresce in the visible spectrum.
The problem is that this indoctrinates the general public into the idea that "being a fink is a public service". Being a fink is not a public service. It's being a fink.
In a general sense, the proposal really says to the public "Here, we want you to get into the habit of monitoring folks for this particular crime and reporting it to us.
The "target market" of this program is the schoolyard fink who tries to improve his status with the administration by reporting "Johnny said a cuss word.".
I understand that this proposal only suggests that we recruit the general public to watch over certain sensitive areas.
My concern is that the qualifier "certain sensitive areas" will quickly be dropped.
This is the TIPS program in sheeps clothing. "Bend over; I promise I'll only stick the tip in." Slippery slope, and all that.
I do have to say, though, that the name "HomeGuard" describes the program spot-on. If you're a B5 Fan.
This guy thinks 6 pages of his opinion is worth $95.00 a read!
This presents a society where anybody anywhere is expected to monitor their neighbors and report on them to the authorities.
This encourages mistrust among the people. It promotes unquestioning submission to authority.
Totalitarianism is invariably presented as "security". It's not.
"They that can give up essential liberty, to obtain a little temporary safety deserve neither liberty nor safety"--Benjamin Franklin
This is just some Brit trying to troll the Yanks:
"American voters will either get commercial regulation of spam by the next election or they will insist on moral regulation. The logic of America's war on drugs will take over. Rival political candidates will engage in a sort of auction, solemnly bidding up the criminal penalties they deem appropriate. "
If I format the Whois info legibly, the lameness filter kicks it for lines too short. Look it up yourself or just deal with it.
WHOIS Record for ft.com
Registrant: THE FINANCIAL TIMES LIMITED (FT2-DOM)
Number One Southwark Bridge, London, UK; Domain Name: FT.COM Administrative Contact: The Financial Times Limited (CS2810-ORG)company.secretary@FT.COM The Financial Times Limited Number One Southwark Bridge, London, GB (+44)20-7873(3000) fax: - (+44)873(3928) Technical Contact: Support, FT (CNKMTQXQSO)ftepops@FT.COM The Financial Times Ltd Number One Southwark Bridge, London, UK +44 20 7873 3000 Record expires on 29-Nov-2005. Record created on 30-Nov-1994. Database last updated on 5-May-2003 11:41:32 EDT. Domain servers in listed order: NS.DIGISLE.NET 167.216.193.232 NS1.DIGISLE.NET 167.216.250.42
what's the big deal?
Early in the morning in the middle of the night,
Two dead boys started a fight.
Back to back, they faced each other,
Turned around, drew their swords, and shot each other.
A deaf policeman hear the noise,
And he arrested the two dead boys.
I like your definition. It allows the inclusion of a key into an executable at compile time to fall under the "static-linking" discussion already well under way. IANAL, so I don't know if this has ever been tested in court. But "GPL requires opening of all source to all code statically linked to GPL code" seems pretty defensible to me.
I also like the simplicity of your definition. Without getting into the nuances of what is "data" and what is "code", the key part of your definition "or is part of the executable" is great!
Imagine explaining to a non-technical audience (judge) what "code" is, all you have to say is "here is the file you run". "Look, this stuff is in the file".
Thank you
Don't miss the point! The answer to your next "A-Ha" is "What makes it source code and not inputs"? Think about this before you post ;)
Identical inputs is the question here.
You have not addressed the initial question: Is a private key source (code) or is it "inputs" (data)?
It's not a trivial question: Talk to any programmer, and they can examples of things that area clearly code (algorithms written in C) and things that are clearly data (lists of names and addresses of clients).
But, there is no clear dividing line. I write automated testware that uses a sequencer to step through tests. Part of what I provide is a list of items that should be present before and after each test, and a list of tests that should be executed. Is this data? Is this code? Arguments can be made either way.
Before we can discuss "identical inputs" and "source code", we must define our terms: Implicit definitions "Code is things like...Data is things like..." won't answer the question. It is impossible to test a case against an implicit definition.
Here are a couple of "off the cuff" definitions of code and data for you to pick at:
Code is something that a machine can execute. Code defines a process, a series of events, a set of conditions and outcomes for those conditions. Code may act without any external data, or may make decisions based on external data. Code may output data (an image editor), or it may not output data (a temperature control algorithm).
Data cannot be executed. By itself, it can do nothing; it must be acted upon by code. Data can be unique, so that a specific piece of code acting on one set of data will behave different when acting on another set of data.
These are admittedly sloppy and incomplete definitions. I present them as an agent provocateur. If you think my definitions suck, feel free to take them and modify them--I release them under the GPL ;).
Without clear definitions, the discussion doesn't go anywhere. It's like two freshmen discussing the profound question "If a tree falls in the forest, does it make a sound.". There's no profound question. One student defines "sound" as vibrations in air. The other defines "sound" as something people can hear. They're going to go 'round and 'round until they figure out they're not even talking about the same thing.
In my example, the function of the kernel is to report what secret key was used as when it was compiled. In both cases, that's what it did.
I can't help it if you used different inputs when you executed make dep bzImage modules modules_install. Those differences may have been a different .config file or a different secret key. Point is, you used different inputs. You'd better expect different outputs.
Let's say I want to operate karlandtanya's streaming radion station. You can play music but you can't copy it. I believe this is possible becasue I don't believe in the existence of analog recorders. Hardware is cheap, but commercial OSs are not. So I choose to use GNU/Linux for the OS.
I want to prevent you from copying the digital stream I send you. How do control functionality and still respect the fact that you have the right to hack GPL software?
I sell a subscription to my service. I give you the OS and software. The box (and its Fritz chip) remain mine, but you are allowed to use it as long as you are a subscriber. I threaten to sue you if I find out you've changed my hardware in any way.
The OS I give you is "karlandtanya's Orwellian GNU/Linux". The distro comes with a binary kernel that I've signed. I also give you sources for everything, including a key-response program (which is compiled into the kernel) and (just to show I'm sincere) the source for the server side of the system. But I don't give you my secret key.
You immediately untar the sources, recompile the kernel and install. You don't make any changes to the source or any configuration.
You boot the box I loaned you. The Fritz chip won't let it boot. My hardware can only be used to do what I want it to you. "That's fair.", you say. "I paid for the subscription, not the box."
Because you are very clever, you have another very similar box, but without the Fritz chip. You build and install all the packages in karlandtanya's Orwellian GNU/Linux on your hardware and boot it up.
Next, you log onto my site. The site initiates a secure handshake with the key-response program built into your kernel. But when you built your kernel, you did not use my secret key. So the binaries cannot verify against my server. The site denies you access.
Now comes the interesting part:
Now, you and 10,000 of your friends take me to court for GPL violation.
Plaintiff: "Since I cannot compile a working binary from the source you sent me, you did not release the source code. You are in violation of GPL. You must release the source, replace the OS with a non-GPL OS, or refund our money."
Defendant: "Yes, I did release the source code. And it works. I just didn't give you my secret key."
Plaintiff: "No, you did not release the source. Since I cannot build exactly the same binary that you sent me, part of the source must be missing."
Defendant: "Yes, I did release the source. The binaries you generated function exactly the same as the ones I gave you. Part of their function is to verify that they were created using the same secret key as the server they are trying to connect to."
Judge:...
Massively slashdotted by the scientific community; try a mirror in a month or so.
Since the HGP has just released the complete source code, I think we should use the open-source model of development:
Let the user community build, test, and report bugs. Every couple weeks, developers can release a new test version to thousands of users.
Distribution of the code should not be a problem:
everything.com
Gullibility of
Fark
There's a demand for the product. The gamers have invested money, time, and pride in buying, learning to play, and becoming proficient with their games. It will be hard for them to quit the game--or even to quit trying to engage new players.
Apparently the marketing folks have decided they've accumulated a "critical mass" of players. The product now "sells itself".
The manufacturer no longer needs the exposure of multiple outlets for their product. What they need now is the ability to tightly control the perceived value (and the selling price) of their product.
Good marketing plan, IM[cynical]O.
Or, the Linux case modders would buy the beige box, then waste huge bucks making the thing look like an apple. And configure KDE to look just like OSX.
But, I have this image of poor Joe sitting there using his computer, and suddenly...the HDD explodes!
That'll teach him to host interesting content at his house!
Find out what the Client needs.
Convince him that's what he wants.
Convince him that it was his idea in the first place. (This is important. The Client is the smartest guy in the room--just ask him!)
Deliver what the Client needs while meeting the requirements of budget, functionality, and schedule.
Make sure the Client's looks like a f***ing genius in front of his bosses.
None of these are optional. If the consultant fails to do any of the above, the consultant does not get invited back to do the next job!
Having said that, I have the good fortune to work for a Client (for the past year and a half) who actually is the smartest guy in the room. If you ever have a Client who knows what he wants, lives in reality, and is committed to doing what is needed, cherish him! A Client with a full CNS (both a brain and a spine) is a rare jewel.
Most clients will sit the consultant down and say "Please shoot me in the foot.". When they do this, the consultant must explain that "this is going to hurt; do you really want to do this?" If they insist, the most you can do is be ready with bandages.
Some clients will ask you to shoot them in the head. By this, I mean doing things that will cause any safety concerns/violations or catastrophic financial consequences. Best you can do there is refuse to do the work.
I happen to have the good fortune to work for a Consulting company where the President stands by such decisions. I (and the Engineers working for me) have had the rare occasion to tell a Client "No, we won't do that. "It's unsafe" or "the liability is too great". In every instance, the President has stood behind us.
One final word: Pride. Forget about it. The Client is always right. There is nothing that will get you banned from the jobsite faster than embarassing the Client in front of his boss.
*ahem*
Neener
Neener
and, finally, Neener
That is all.
Does this mean that I've bred a superhorse when I put a race horse in a trailer and drive him cross-country at 80mph?
Stupid headline detracts from otherwise neat hobby-hack.