Deregulation is a possible policy choice for governments everywhere, and it's not a bad idea to try learn from the experience of others who have chosen a certain policy. Here in Germany just recently, the regulation of energy markets has been loosened to allow competition -- there are ads for power companies in all of the media now, none of which ever existed before. If deregulation contributed to this calamity in the US, then others, elsewhere in the world, might want to draw the conclusion that deregulation shouldn't be taken too far.
Deregulation is discussed in some of the web stories that I posted, it was covered on the German TV news and BBC World last night, and I spent half my lunch hour explaining what I knew about it to my colleagues. Your assertion that the rest of the world doesn't care is quite simply false. I think you're just being dogmatic.
Well, let's see. The top story on all the TV news broadcasts in Germany last night was the power outage, and BBC World was giving non-stop, live coverage -- I could see Mayor Bloomberg's press conference live there. Right now on the German Internet news sites, it's the top two stories on Spiegel Online, the top story on Focus Online, the top story at the Sueddeutsche Zeitung, and I think I could on like this all day. It was also the sole topic of discussion at lunch with my colleagues here in Hamburg today.
I would think that a blackout affecting an estimated fifty million people would be very big news no matter where in the world it occurred. There's also a bit of Schadenfreude in the fact that it has hit the world's only superpower, and a bit of fascination about New York experiencing yet another historic blackout.
And yes, it is a relevant subject on a technology site, since energy is a technological field, and since our computers run on... you guessed it, electricity. If the same thing happens where we live, well then we'll have to stop using our computers. And where would we be then?!
I understand that many Slashdot readers are unaware of how US-centric it gets sometimes, but this time I don't think it's a problem.
It's a vicious Chinese rabbit with large, sharp, pointy teeth!
He'll bite your head clean off!
Re:The American spelling is objectively correct
on
Flavor vs. Flavour
·
· Score: 1
Not a bad bit of logic until this part:
... Even your pithy little insult at the end is rendered incorrect as well as pathetic by your own logic.
Blimey, mate, I guess I'll have to remember to use the <TOUNGE_IN_CHEEK> XML tags next time. Come on, this is silliness, how could you have taken me so seriously? What do you think that little foot icon is for? If you get this worked up over spelling flames, then it's a good thing you're not a Canadian reading the Register.
The American spelling is objectively correct
on
Flavor vs. Flavour
·
· Score: 1
... and I can prove it.
Even the Brits pronounce the dipthong 'ou' correctly in those places where it is correctly spelled ("correct spelling" meaning American English spelling), in words such as 'pronounce', 'house' and 'mouse', and especially 'sour', 'hour' and 'flour'. 'Flour' is pronounced exactly the same as 'flower', and rhymes with 'shower' and 'power'.
The words 'flavor' and 'color' are pronounced differently, without the dipthong, and so of course the letter 'u' doesn't not belong there. You don't pronounce them like 'FLAVE-hour' and 'CUL-hour', so logically and objectively, you don't spell them that way either. Hence even the Brits implicitly admit, every time they utter the words, that they are spelling them incorrectly. QED
(Of course, they still have their funny habit of leaving off the 'r' in those words, saying 'FLAVE-uh' and 'CUL-uh', which is obviously wrong as well. If a word isn't supposed have an 'r', there wouldn't be any 'r'.)
... there's this weird case-law which to my understanding means, that one wrong decision in one court has to be repeated by every other american court, and also that lawyers have to consider not only the given law but any case which might have some remote similarities to the case at hand.
Easy to tell that a German posted this, because I hear this weird criticism in Germany of the American concept of case law all the time. Let me guess, you're a German law student, right?
The rationale for case law is not all of this cockamamie stuff you've written. (Really, you're being sarcastic, aren't you? But if you don't understand something, can't you at least try to think of sensible reasons for the thing you don't understand? What kind of argument is: "They do this thing I don't understand because they're completely crazy!"?) The idea is that if a citizen gets treated a certain way in a courtroom, then other citizens can be expected to be treated similarly in similar situations.
Can you explain what's so weird about that? Doesn't that fit with ordinary intuitions about justice? Suppose that Schmidt goes to the court in Hamburg for a certain problem and gets away free, and then a week later Müller goes to a court in Düsseldorf for exactly the same problem and gets sentenced to jail. Isn't that weird? Isn't that unjust?
And incidentally, case law is not relevant in "every American court", but only under certain circumstances. For example, rulings in the different Federal districts do not have to agree with one another on certain judicial issues. If there's a significant conflict on some constituional matter, it might get resolved in the Supreme Court, but only there.
In his speech Wall referred to an attempt by Python to attempt to buy a high powered regular expression engine from a small African nation. This statement was later noted to be incorrect.
But it's technically accurate, because he said that the Ebonians said so.
If its time from Microsoft to move on from.NET then its time for Sun, IBM, Oracle, etc to move on from J2EE.
That's one company with the one technology, and three companies plus "etc." with the other. Wouldn't it make more sense for Microsoft to drop.NET and join everyone else with J2EE?
If you can read German (and this is heavily legal German, the hardest kind of language to work through), you might want to start with the three-page summary on page 104, rather than plow through all 100+ pages.
I don't have a lot of time, but here's my first impression. IANAL, etc., etc. The summary raises three categories of legal problems, involving (1) the copyright holder, (2) contract law, and (3) liability. Actually, it seems to me that everything boils down to the issue of liabiliy: who has to pay if the software is defective in some way. Identifying the copyright holder and clarifying the contract are all means to the end of deciding who has to pay up. Incidentally, the text occasionally mentions open source software in general, but it appears that the only license analyzed in detail is the GPL (at least in the summary).
The section about the copyright holder strikes me as a tremendous struggle with what should be an easy question. Prof. Spindler or whatever says that since so many people may have contributed to the development of GPL'd software, in so many different countries, there may be huge problems identifying the copyright holder. This is the longest and most complicated part of the summary, and I'm not into working it all through right now, especially since I don't see the problem. Isn't this a moot issue with the GPL, since there is always exactly one copyright holder, regardless of who else contributed? That is, if the distributor of GPL'd software elects to include someone else's contribution, they nevertheless distribute it under their own copyright?
There are other issues in this section: if a company pays employees to contribute to GPL'd software, they might not be able to let the company be the copyright holder, because they do it for money, and the GPL allegedly says you can only do this free of charge. (Is that right?) It also raises the problem that the GPL as a business contract (one business allows another to use software under the conditions of the GPL) may be problematic since it's only in English. And that it is difficult to know when the GPL applies to new development, since the criteria for determining whether one software is derivative of another are unclear.
The second part contains what I think is the most critical claim: That the exclusion of warranty and liability in GPL sections 11 and 12 is not valid under German law. Open source software is legally regarded as a gift, and even for gifts, German law requires certain minimal standards of consumer protection, for example against deliberate or gravely negligent defects.
And so in the third section, Prof. Spindler claims that there are liability issues related to open source software, for the aforementioned cases of deliberate or gravely negligent failures of the software. He specifically mentions that distributors may be liable for viruses distributed in the software. Also, third-party-users may have stronger liability claims if they suffer damages caused by GPL'd software. For example, if a provider uses GPL'd software that is used in turn by its customers, and the software has some kind of defect that harms the customers, then the provider itself may be limited with respect to liability claims against the software authors, but the customers might be able to make stronger claims against the provider. "Download centers" or software distributors (such as SuSE, I guess) may be liable for distributing defective open source software. And if a provider or distributor does not hire support or consultants to help them ensure that the software is not defective, they may be exposed to liability claims because they were insufficiently diligent.
As I said, this summary reflects a superficial read-through and I'd be surprised if I've really understood it all. Hope it helps, but don't sue me if my summary/translation is defective. %^)
There is nothing wrong with requesting that credit be given where credit is due.
Indeed, there is nothing wrong with that, but there certainly is something wrong with claiming credit where it isn't due. And that is what is happening when RMS insists on misnaming Linux as "GNU/Linux".
FSF failed to complete a kernel; the Linux developers succeeded. Various distributors such as Red Hat, SuSE and the rest used the Linux kernel, added a great deal of software, and added installers, documentation, and support of various kinds; some of the stuff is GNU software, a lot of it isn't. They now call their products "Red Hat Linux" or "SuSE Linux" or whatever. RMS & FSF & GNU do not deserve credit for the success of the results, and when RMS attempts to claim it, it is intellectual dishonesty that is uncomfortably similar to plagiarism.
... and it doesn't have to be the New York Times, just get any kind of publicity. I'd be very surprised if you can't get your local TV news to run a story about this, if you tell them everything you posted. Of course, the idiots at the TV station will hardly understand a word, nor will they try, but they just love a story about eeeeeevil hacker pirate people and an unresponsive FBI. They'll run a story with pictures of computers in darkened rooms, with something that looks like the Matrix on the screen, and scary minor-key music in the background.
And some poor spokesman for Charter will have to go on the news and say some crap like "This incident will be thoroughly investigated" or "We take the security of our customers very seriously" or some similar horseshit. Either that, or the TV news dorks will say, with ominous overtones in their voice, "Charter Communications did not return our calls".
Then Charter will either have to do something about it, or they will suffer damage to their image and ultimately to their business. The latter won't help you much, but if it turns out that way, then you know for sure that you've got to stop doing business with them. And you've given them a little bit of hurt that they certainly deserve.
Looks like a lawsuit against Linus might be on the way. One could object to this surmise by saying that any such lawsuit would be meritless, but that hasn't stopped SCO so far.
Linus would probably come away from a legal wrangle with SCO without any penalties from the court, but he would be faced with daunting legal bills and a distracting, upsetting strain on his time. Whatever they do, they can hurt him just by putting him through the ordeal.
So is somebody going to have to set up a "Save Linus" website pretty soon, asking for donations to his defense fund? Remember Randal Schwartz and his court battle with Intel? (Here's the Friends of Randal Schwartz site.) The whole thing could turn into quite a media frenzy with Linus at the center, honored as a hero by one side but demonized as a pirate by the other. I wish there were some way to prevent it from happening, but it's all up to SCO.
Good heavens! I'm a little startled at the thread so far -- all of these people stoutly declaring that violation of private class member access is not a security issue. I frankly thought that the Slashdot crowd understands these things a little better. If this matter is really so poorly understood, then the state of software security is in pretty bad shape.
Enforcement of access levels is an important feature of the security inherent in a programming language. Yes, you can trick your way around private in C++, and that is a security weakness of C++. Access to private members means that you have access to the internal implementation of a class, which the programmer specifically did not mean to let you have. To be sure, the fields you can manipulate may not do anything very interesting, and a hacker might not find a way to use them to compromise a whole system; but then again, may he can. You just can't know for sure any more. Generally, any code that can be made to execute instructions that the programmer did not intend is a potential security weakness. C programmers who write sprintf without bounds checking may be exposing their machine to a buffer overflow exploit; you just don't know.
Here's an example from Scott Oaks in Java Security: Suppose I'm using a shopping cart application that I downloaded from www.goodguys.com, and I trust it with my credit card number. Suppose they implement it by storing a CreditCard object as a member field. Suppose I'm also playing a game downloaded from www.badguys.com, and it's running in the same virtual machine; so it could conceivably access classes of the other application. I certainly hope that the first application prevents access to the CreditCard object, and I certainly hope that the virtual machine enforces that restriction very strictly.
Re:Stop the anti-MS BS all the damned time
on
Hijacking .NET
·
· Score: 1, Informative
This is NOT a security issue... A number of other languages allow this, most notably Java.
Making a member private is NOT a security mechanism. It is a DESIGN mechanism.
Uh, if you put an intemperate heading over your post, perhaps it would be better if you refrain from putting nonsense into its body.
Java certainly does not allow access to private class members from client code. That will cause a compiler error, end of story. The only way it could conceivably be done is through object serialization and deserialization, since the serialized form must respect the class definition, and deserialization must restore objects to their original state. The default serialization code makes it possible, but cautious programmers can prevent serialization from exposing private members by writing their own readObject() or readResolve() methods. (See chapter 10 of Joshua Bloch's Effective Java.)
And yes, exposing private members certainly is a security issue, because it gives client code the ability to manipulate the implementation of a class, which is meant to be encapsulated. The code can be made to do things that the programmer did not intend, and that is one of the things that makes software insecure.
It seems that most of the technical publishing companies still commit arboreal mass murder to publish these API sections.
Here's the age-old argument again, and I couldn't disagree more. As a medium for technical documentation, ink-on-paper just can't be beat.
With docs on paper, you can scribble notes in the margin. You can cross-reference by jamming your thumb in one place and your index finger in the other, and flipping back and forth. With a little skill, you can get your other eight fingers into the act as well. You can lie down on the couch with it, and take it to the john. The iLoo was just a hoax.
I hate having to scroll up and down to be able to see more than a few paragraphs. I hate having to click back and forth, or having to spread out windows on a screen, in order to be able to see two places at once. Electronic documentation just isn't natural, isn't intuitive, isn't human.
Your management has legitimate concerns, but these can be addressed with some open source packages, if the project is sufficiently mature and well-supported. This is where I see you making a common mistake: you speak of open source software as if all open source projects are the same.
For some of the very well-known open source projects -- such as Apache, much of what constitutes Linux, sendmail, Perl -- the documentation is excellent, the online resources are extensive and up-to-date, there are many opportunities for simple customization, and above all, there are full-time consultants and consulting firms who know the stuff very well and can be hired to help. In fact, if the latter is true, then your management can get exactly what they're looking for: full-time support.
Many other open source projects are obviously someone's part-time diversion, and it shows. There are many missing features and a few bugs, and no one who can get around to fixing them. The options for configuration and customization are limited. The documentation was done as an afterthought, it has whole critical chapters saying nothing more than "TBD", and it was apparently never proofread by a native speaker of English. (Sorry to have to add that last one, but unfortunately it's an all too common problem.) This is the stuff your management wants to stay away from, and they have good reason.
You mentioned two specific services you need: VNC and SSH. So why don't you research the quality of the available open source solutions? Evaluate them with respect to project maturity, online resources, quality of the documentation, and especially, find out if you can hire someone to provide support. I personally don't know what you can get, but if you're lucky, you can present your management with a professional solution that will satisfy their needs. And if you can't find that, then you shouldn't be going with the open source stuff anyway -- then your bosses may have saved you from a lot of heartache.
Note that in german you can read pronounciation even if you have never heard the word before. German pupils can usually read - if not very fluently - after 3 months in school!
I agree that German othography is very phonetic, much more so than English. Which is a fancy way of saying that you spell words pretty much the way you pronounce them. But your claim about 3 months has the ring of an invented statistic, and I think I can judge because I have a son in the German schools. Can you cite a source?
I wonder if a semi-unification of writing and speech, like unifying the writing of sylables (something like "nite" instead of "night") would help the iliteracy problem in the US in any way.
As an American who has lived in Germany for over fifteen years, I think I'm qualified to say that this is a load of Käsequark.
German literacy is that much better than American literacy because most Germans recognize that good education is a valuable social goal worth paying for. Of course, no one really likes paying higher taxes, but they see the value in it and do it. So the schools are much better funded, teachers are paid much better, and the teaching profession enjoys much more respect; sometimes in recent years, it's been almost impossible to get a teaching job, because so many people were trying to get in. The result is that schools attract much better talent and provide a much better atomsphere for learning.
Many Americans, on the other hand, are appallingly skinflinted about education, pay very little tax but whine about taxes like nothing else you can possibly imagine, and hence pay teachers much lower wages and much less respect. Some of them seem to believe in sprinkling magic pixie dust with bizarre social experiments like voucher systems, when in fact the problem is really very simple: You get what you pay for.
Your idea about changing English spelling is similar to the recent bit of extreme silliness in Germany with the "reformed spelling rules", according to which "daß" is now "dass". This boondoggle was supposed to make German spelling easier to learn because it's more "logical", although it's turned out to be no more logical than the system that came before it, and has only made things much more confusing. This is typical of the weird idea prevalent in Europe that some sort of institute or committee can dictate rules of language (people tell me that I'm not allowed to write "daß", so I always write "daß" just to piss them off). For some reason, many people over here don't realize that language is a biological, evolutionary phenomenon which is not under the control of "official rules", and the "language institutes" and "academies" are just committees of self-important idiots.
One thing I've learned coming from one country and living in another: some pretty ridiculous ideas can get a powerful grip on whole societies.
... they could just bundle their search engine into the operating system, make it impossible to uninstall, and make every search function on Windows point to it, with no way to configure the system differently. Hell, they might even have IE redirect any requests to www.google.com to msn.com. Then it won't matter if the MSN search engine is any better than Google; it's just that everyone who uses Windows will have to use it, whether they would have chosen it or not.
After the judicial system let them get away with crap like that the last time, why wouldn't they try it again?
... as in "Redhat Linux", "SuSE Linux", "Mandrake Linux", and so forth. It's the distributors, certainly not the FSF, who ought to be credited by name for this operating system we have running in front of us. They are the ones who put together the CDs, developed the installers, wrote additional software, and collected all the software packages that we can use. They have developed the support and sales organizations, and the distribution channels that have brought this OS out to the general public.
An important part of the software in a typical distro comes from the FSF, for which the FSF deserves considerable credit. But any distro has software from very many other sources; enough so that the FSF does not deserve so much credit as to get to choose the name.
Note that expressions like "Redhat Linux" or "SuSE Linux" really are common parlance, and these names communicate useful information. If I tell you I have SuSE Linux, then you can surmise that I have the YaST installer, a certain kind of layout under/etc, the SDB help system, and many other useful details. Maybe you need to know these things in order to help me solve a problem. But if somebody says they have "GNU/Linux", they're just making a political statement. If you want to know something useful about their system, your next question will have to be, "Yeah, but what distro do you have?"
Really now, did the folks at FSF India really mean to do RMS a favor? There are certainly many things for which RMS could be honored, and deservedly so. Why did they have to pick out the most controversial, tendentious and dubious of all of his pursuits? Frankly, I can imagine anything worse they could have done for him.
There is no "GNU/Linux", nor is there a "GNU/Hurd" or a GNU/anything else, because the FSF has failed to produce anything that might be called the GNU operating system. The FSF has produced a lot of outstanding software, but a GNU OS does not exist. Maybe someday, but not now. They have nothing comparable to the distro CDs from which an OS named "GNU" can be installed, in fact no installer that I know of, no support organization, nor anything else comparable to the value that organizations like Redhat, SuSE, Mandrake and the rest provide. And of course, there is no Hurd kernel. The FSF has been remarkably successful at many, many things, and I admire them greatly for it. But the effort to create an operating system called "GNU" has been a failure.
Thus to insist on calling something "GNU/Linux" is a kind of intellectual dishonesty that, to my mind, comes uncomfortably close to plagiarism. It is an attempt to get credit for other people's work.
Happy birthday to RMS, and congratulations for the many fine things he has accomplished in 50 years.
But an OS called GNU is not among those accomplishments, and the obsession with the name "GNU/Linux" is something for which no one deserves any praise.
Slashdot Mirror
... Taco has once again swallowed the Slashdot re-post Kool-Aid. (Click on the link under "ESR responds".)
Excellent prose, Eric, and gorgeous outrage. Your letter is a gem of righteous indignation.
... of crack-smoking SCO lawyers.
You insensitive clod!
A perfectly reasonable post expressing clear disappointment with a movie got modded down as Flamebait.
I submit that this is piss-poor moderation. Slashdot gets flamebait sometimes (a lot, actually), but this is not it.
Deregulation is a possible policy choice for governments everywhere, and it's not a bad idea to try learn from the experience of others who have chosen a certain policy. Here in Germany just recently, the regulation of energy markets has been loosened to allow competition -- there are ads for power companies in all of the media now, none of which ever existed before. If deregulation contributed to this calamity in the US, then others, elsewhere in the world, might want to draw the conclusion that deregulation shouldn't be taken too far.
Deregulation is discussed in some of the web stories that I posted, it was covered on the German TV news and BBC World last night, and I spent half my lunch hour explaining what I knew about it to my colleagues. Your assertion that the rest of the world doesn't care is quite simply false. I think you're just being dogmatic.
Well, let's see. The top story on all the TV news broadcasts in Germany last night was the power outage, and BBC World was giving non-stop, live coverage -- I could see Mayor Bloomberg's press conference live there. Right now on the German Internet news sites, it's the top two stories on Spiegel Online, the top story on Focus Online, the top story at the Sueddeutsche Zeitung, and I think I could on like this all day. It was also the sole topic of discussion at lunch with my colleagues here in Hamburg today.
I would think that a blackout affecting an estimated fifty million people would be very big news no matter where in the world it occurred. There's also a bit of Schadenfreude in the fact that it has hit the world's only superpower, and a bit of fascination about New York experiencing yet another historic blackout.
And yes, it is a relevant subject on a technology site, since energy is a technological field, and since our computers run on
I understand that many Slashdot readers are unaware of how US-centric it gets sometimes, but this time I don't think it's a problem.
He'll bite your head clean off!
Blimey, mate, I guess I'll have to remember to use the <TOUNGE_IN_CHEEK> XML tags next time. Come on, this is silliness, how could you have taken me so seriously? What do you think that little foot icon is for? If you get this worked up over spelling flames, then it's a good thing you're not a Canadian reading the Register.
... and I can prove it.
Even the Brits pronounce the dipthong 'ou' correctly in those places where it is correctly spelled ("correct spelling" meaning American English spelling), in words such as 'pronounce', 'house' and 'mouse', and especially 'sour', 'hour' and 'flour'. 'Flour' is pronounced exactly the same as 'flower', and rhymes with 'shower' and 'power'.
The words 'flavor' and 'color' are pronounced differently, without the dipthong, and so of course the letter 'u' doesn't not belong there. You don't pronounce them like 'FLAVE-hour' and 'CUL-hour', so logically and objectively, you don't spell them that way either. Hence even the Brits implicitly admit, every time they utter the words, that they are spelling them incorrectly. QED
(Of course, they still have their funny habit of leaving off the 'r' in those words, saying 'FLAVE-uh' and 'CUL-uh', which is obviously wrong as well. If a word isn't supposed have an 'r', there wouldn't be any 'r'.)
Easy to tell that a German posted this, because I hear this weird criticism in Germany of the American concept of case law all the time. Let me guess, you're a German law student, right?
The rationale for case law is not all of this cockamamie stuff you've written. (Really, you're being sarcastic, aren't you? But if you don't understand something, can't you at least try to think of sensible reasons for the thing you don't understand? What kind of argument is: "They do this thing I don't understand because they're completely crazy!"?) The idea is that if a citizen gets treated a certain way in a courtroom, then other citizens can be expected to be treated similarly in similar situations.
Can you explain what's so weird about that? Doesn't that fit with ordinary intuitions about justice? Suppose that Schmidt goes to the court in Hamburg for a certain problem and gets away free, and then a week later Müller goes to a court in Düsseldorf for exactly the same problem and gets sentenced to jail. Isn't that weird? Isn't that unjust?
And incidentally, case law is not relevant in "every American court", but only under certain circumstances. For example, rulings in the different Federal districts do not have to agree with one another on certain judicial issues. If there's a significant conflict on some constituional matter, it might get resolved in the Supreme Court, but only there.
But it's technically accurate, because he said that the Ebonians said so.
That's one company with the one technology, and three companies plus "etc." with the other. Wouldn't it make more sense for Microsoft to drop
If you can read German (and this is heavily legal German, the hardest kind of language to work through), you might want to start with the three-page summary on page 104, rather than plow through all 100+ pages.
I don't have a lot of time, but here's my first impression. IANAL, etc., etc. The summary raises three categories of legal problems, involving (1) the copyright holder, (2) contract law, and (3) liability. Actually, it seems to me that everything boils down to the issue of liabiliy: who has to pay if the software is defective in some way. Identifying the copyright holder and clarifying the contract are all means to the end of deciding who has to pay up. Incidentally, the text occasionally mentions open source software in general, but it appears that the only license analyzed in detail is the GPL (at least in the summary).
The section about the copyright holder strikes me as a tremendous struggle with what should be an easy question. Prof. Spindler or whatever says that since so many people may have contributed to the development of GPL'd software, in so many different countries, there may be huge problems identifying the copyright holder. This is the longest and most complicated part of the summary, and I'm not into working it all through right now, especially since I don't see the problem. Isn't this a moot issue with the GPL, since there is always exactly one copyright holder, regardless of who else contributed? That is, if the distributor of GPL'd software elects to include someone else's contribution, they nevertheless distribute it under their own copyright?
There are other issues in this section: if a company pays employees to contribute to GPL'd software, they might not be able to let the company be the copyright holder, because they do it for money, and the GPL allegedly says you can only do this free of charge. (Is that right?) It also raises the problem that the GPL as a business contract (one business allows another to use software under the conditions of the GPL) may be problematic since it's only in English. And that it is difficult to know when the GPL applies to new development, since the criteria for determining whether one software is derivative of another are unclear.
The second part contains what I think is the most critical claim: That the exclusion of warranty and liability in GPL sections 11 and 12 is not valid under German law. Open source software is legally regarded as a gift, and even for gifts, German law requires certain minimal standards of consumer protection, for example against deliberate or gravely negligent defects.
And so in the third section, Prof. Spindler claims that there are liability issues related to open source software, for the aforementioned cases of deliberate or gravely negligent failures of the software. He specifically mentions that distributors may be liable for viruses distributed in the software. Also, third-party-users may have stronger liability claims if they suffer damages caused by GPL'd software. For example, if a provider uses GPL'd software that is used in turn by its customers, and the software has some kind of defect that harms the customers, then the provider itself may be limited with respect to liability claims against the software authors, but the customers might be able to make stronger claims against the provider. "Download centers" or software distributors (such as SuSE, I guess) may be liable for distributing defective open source software. And if a provider or distributor does not hire support or consultants to help them ensure that the software is not defective, they may be exposed to liability claims because they were insufficiently diligent.
As I said, this summary reflects a superficial read-through and I'd be surprised if I've really understood it all. Hope it helps, but don't sue me if my summary/translation is defective. %^)
Indeed, there is nothing wrong with that, but there certainly is something wrong with claiming credit where it isn't due. And that is what is happening when RMS insists on misnaming Linux as "GNU/Linux".
FSF failed to complete a kernel; the Linux developers succeeded. Various distributors such as Red Hat, SuSE and the rest used the Linux kernel, added a great deal of software, and added installers, documentation, and support of various kinds; some of the stuff is GNU software, a lot of it isn't. They now call their products "Red Hat Linux" or "SuSE Linux" or whatever. RMS & FSF & GNU do not deserve credit for the success of the results, and when RMS attempts to claim it, it is intellectual dishonesty that is uncomfortably similar to plagiarism.
... and it doesn't have to be the New York Times, just get any kind of publicity. I'd be very surprised if you can't get your local TV news to run a story about this, if you tell them everything you posted. Of course, the idiots at the TV station will hardly understand a word, nor will they try, but they just love a story about eeeeeevil hacker pirate people and an unresponsive FBI. They'll run a story with pictures of computers in darkened rooms, with something that looks like the Matrix on the screen, and scary minor-key music in the background.
And some poor spokesman for Charter will have to go on the news and say some crap like "This incident will be thoroughly investigated" or "We take the security of our customers very seriously" or some similar horseshit. Either that, or the TV news dorks will say, with ominous overtones in their voice, "Charter Communications did not return our calls".
Then Charter will either have to do something about it, or they will suffer damage to their image and ultimately to their business. The latter won't help you much, but if it turns out that way, then you know for sure that you've got to stop doing business with them. And you've given them a little bit of hurt that they certainly deserve.
Looks like a lawsuit against Linus might be on the way. One could object to this surmise by saying that any such lawsuit would be meritless, but that hasn't stopped SCO so far.
Linus would probably come away from a legal wrangle with SCO without any penalties from the court, but he would be faced with daunting legal bills and a distracting, upsetting strain on his time. Whatever they do, they can hurt him just by putting him through the ordeal.
So is somebody going to have to set up a "Save Linus" website pretty soon, asking for donations to his defense fund? Remember Randal Schwartz and his court battle with Intel? (Here's the Friends of Randal Schwartz site.) The whole thing could turn into quite a media frenzy with Linus at the center, honored as a hero by one side but demonized as a pirate by the other. I wish there were some way to prevent it from happening, but it's all up to SCO.
... I justed installed LimeWire & will be downloading all night long. Come and get me Senator!
Good heavens! I'm a little startled at the thread so far -- all of these people stoutly declaring that violation of private class member access is not a security issue. I frankly thought that the Slashdot crowd understands these things a little better. If this matter is really so poorly understood, then the state of software security is in pretty bad shape.
Enforcement of access levels is an important feature of the security inherent in a programming language. Yes, you can trick your way around private in C++, and that is a security weakness of C++. Access to private members means that you have access to the internal implementation of a class, which the programmer specifically did not mean to let you have. To be sure, the fields you can manipulate may not do anything very interesting, and a hacker might not find a way to use them to compromise a whole system; but then again, may he can. You just can't know for sure any more. Generally, any code that can be made to execute instructions that the programmer did not intend is a potential security weakness. C programmers who write sprintf without bounds checking may be exposing their machine to a buffer overflow exploit; you just don't know.
Here's an example from Scott Oaks in Java Security: Suppose I'm using a shopping cart application that I downloaded from www.goodguys.com, and I trust it with my credit card number. Suppose they implement it by storing a CreditCard object as a member field. Suppose I'm also playing a game downloaded from www.badguys.com, and it's running in the same virtual machine; so it could conceivably access classes of the other application. I certainly hope that the first application prevents access to the CreditCard object, and I certainly hope that the virtual machine enforces that restriction very strictly.
Uh, if you put an intemperate heading over your post, perhaps it would be better if you refrain from putting nonsense into its body.
Java certainly does not allow access to private class members from client code. That will cause a compiler error, end of story. The only way it could conceivably be done is through object serialization and deserialization, since the serialized form must respect the class definition, and deserialization must restore objects to their original state. The default serialization code makes it possible, but cautious programmers can prevent serialization from exposing private members by writing their own readObject() or readResolve() methods. (See chapter 10 of Joshua Bloch's Effective Java.)
And yes, exposing private members certainly is a security issue, because it gives client code the ability to manipulate the implementation of a class, which is meant to be encapsulated. The code can be made to do things that the programmer did not intend, and that is one of the things that makes software insecure.
Here's the age-old argument again, and I couldn't disagree more. As a medium for technical documentation, ink-on-paper just can't be beat.
With docs on paper, you can scribble notes in the margin. You can cross-reference by jamming your thumb in one place and your index finger in the other, and flipping back and forth. With a little skill, you can get your other eight fingers into the act as well. You can lie down on the couch with it, and take it to the john. The iLoo was just a hoax.
I hate having to scroll up and down to be able to see more than a few paragraphs. I hate having to click back and forth, or having to spread out windows on a screen, in order to be able to see two places at once. Electronic documentation just isn't natural, isn't intuitive, isn't human.
Your management has legitimate concerns, but these can be addressed with some open source packages, if the project is sufficiently mature and well-supported. This is where I see you making a common mistake: you speak of open source software as if all open source projects are the same.
For some of the very well-known open source projects -- such as Apache, much of what constitutes Linux, sendmail, Perl -- the documentation is excellent, the online resources are extensive and up-to-date, there are many opportunities for simple customization, and above all, there are full-time consultants and consulting firms who know the stuff very well and can be hired to help. In fact, if the latter is true, then your management can get exactly what they're looking for: full-time support.
Many other open source projects are obviously someone's part-time diversion, and it shows. There are many missing features and a few bugs, and no one who can get around to fixing them. The options for configuration and customization are limited. The documentation was done as an afterthought, it has whole critical chapters saying nothing more than "TBD", and it was apparently never proofread by a native speaker of English. (Sorry to have to add that last one, but unfortunately it's an all too common problem.) This is the stuff your management wants to stay away from, and they have good reason.
You mentioned two specific services you need: VNC and SSH. So why don't you research the quality of the available open source solutions? Evaluate them with respect to project maturity, online resources, quality of the documentation, and especially, find out if you can hire someone to provide support. I personally don't know what you can get, but if you're lucky, you can present your management with a professional solution that will satisfy their needs. And if you can't find that, then you shouldn't be going with the open source stuff anyway -- then your bosses may have saved you from a lot of heartache.
Oh, come off it. It's a great movie because the fight scenes are bitchin' and Carrie-Anne Moss in her tight black jumpsuit is HOT.
I agree that German othography is very phonetic, much more so than English. Which is a fancy way of saying that you spell words pretty much the way you pronounce them. But your claim about 3 months has the ring of an invented statistic, and I think I can judge because I have a son in the German schools. Can you cite a source?
As an American who has lived in Germany for over fifteen years, I think I'm qualified to say that this is a load of Käsequark.
German literacy is that much better than American literacy because most Germans recognize that good education is a valuable social goal worth paying for. Of course, no one really likes paying higher taxes, but they see the value in it and do it. So the schools are much better funded, teachers are paid much better, and the teaching profession enjoys much more respect; sometimes in recent years, it's been almost impossible to get a teaching job, because so many people were trying to get in. The result is that schools attract much better talent and provide a much better atomsphere for learning.
Many Americans, on the other hand, are appallingly skinflinted about education, pay very little tax but whine about taxes like nothing else you can possibly imagine, and hence pay teachers much lower wages and much less respect. Some of them seem to believe in sprinkling magic pixie dust with bizarre social experiments like voucher systems, when in fact the problem is really very simple: You get what you pay for.
Your idea about changing English spelling is similar to the recent bit of extreme silliness in Germany with the "reformed spelling rules", according to which "daß" is now "dass". This boondoggle was supposed to make German spelling easier to learn because it's more "logical", although it's turned out to be no more logical than the system that came before it, and has only made things much more confusing. This is typical of the weird idea prevalent in Europe that some sort of institute or committee can dictate rules of language (people tell me that I'm not allowed to write "daß", so I always write "daß" just to piss them off). For some reason, many people over here don't realize that language is a biological, evolutionary phenomenon which is not under the control of "official rules", and the "language institutes" and "academies" are just committees of self-important idiots.
One thing I've learned coming from one country and living in another: some pretty ridiculous ideas can get a powerful grip on whole societies.
... they could just bundle their search engine into the operating system, make it impossible to uninstall, and make every search function on Windows point to it, with no way to configure the system differently. Hell, they might even have IE redirect any requests to www.google.com to msn.com. Then it won't matter if the MSN search engine is any better than Google; it's just that everyone who uses Windows will have to use it, whether they would have chosen it or not.
After the judicial system let them get away with crap like that the last time, why wouldn't they try it again?
... as in "Redhat Linux", "SuSE Linux", "Mandrake Linux", and so forth. It's the distributors, certainly not the FSF, who ought to be credited by name for this operating system we have running in front of us. They are the ones who put together the CDs, developed the installers, wrote additional software, and collected all the software packages that we can use. They have developed the support and sales organizations, and the distribution channels that have brought this OS out to the general public.
/etc, the SDB help system, and many other useful details. Maybe you need to know these things in order to help me solve a problem. But if somebody says they have "GNU/Linux", they're just making a political statement. If you want to know something useful about their system, your next question will have to be, "Yeah, but what distro do you have?"
An important part of the software in a typical distro comes from the FSF, for which the FSF deserves considerable credit. But any distro has software from very many other sources; enough so that the FSF does not deserve so much credit as to get to choose the name.
Note that expressions like "Redhat Linux" or "SuSE Linux" really are common parlance, and these names communicate useful information. If I tell you I have SuSE Linux, then you can surmise that I have the YaST installer, a certain kind of layout under
Really now, did the folks at FSF India really mean to do RMS a favor? There are certainly many things for which RMS could be honored, and deservedly so. Why did they have to pick out the most controversial, tendentious and dubious of all of his pursuits? Frankly, I can imagine anything worse they could have done for him.
There is no "GNU/Linux", nor is there a "GNU/Hurd" or a GNU/anything else, because the FSF has failed to produce anything that might be called the GNU operating system. The FSF has produced a lot of outstanding software, but a GNU OS does not exist. Maybe someday, but not now. They have nothing comparable to the distro CDs from which an OS named "GNU" can be installed, in fact no installer that I know of, no support organization, nor anything else comparable to the value that organizations like Redhat, SuSE, Mandrake and the rest provide. And of course, there is no Hurd kernel. The FSF has been remarkably successful at many, many things, and I admire them greatly for it. But the effort to create an operating system called "GNU" has been a failure.
Thus to insist on calling something "GNU/Linux" is a kind of intellectual dishonesty that, to my mind, comes uncomfortably close to plagiarism. It is an attempt to get credit for other people's work.
Happy birthday to RMS, and congratulations for the many fine things he has accomplished in 50 years.
But an OS called GNU is not among those accomplishments, and the obsession with the name "GNU/Linux" is something for which no one deserves any praise.