There is no remedy for you through the GPL, but if you ever expect a remedy through the courts, you will need proof of plagiarism. As I imagine you don't have the resources to hire lawyers who could force a disclosure of the hidden code, you need a mechanism that would allow you to prove copying with only a released copy of the proprietary software in hand.
What you need to do is include a highly obfuscated trigger in your code. When a series of complicated and rare actions execute through code, a trigger message is displayed proclaiming "This code written by ABC and licensed under the GPL". That would be irrefutable proof of copying.
I believe the legal criterion to establish plagiarism is replicated *errors*. Another option is to include an intentional but, again, very obfuscated bug in your code. Either method should demonstrate beyond doubt that their product is based upon yours.
This is only vaguely on-topic, but I would appreciate it if some of the more knowledgeable crowd could help me out.
In the next month and a half or so I'll be making a transition out of my current job into another post. This new position will require me, among other things, to crack our pre-deployment systems so that holes can be patched before release.
I don't think I'll have much trouble with the more prosaic "skript kiddie" side of the assignment, things like netcat and ping floods, but I'm concerned that I might miss some of the less glamorous holes due to lack of specific training in "white hat" cracking. This groups is more concerned about a coalition like the l0pht finding a vulnerability than they are about the more typical attacks.
Does anyone here have any expertise or suggestions about suitable books or webpages? Something along the lines of Applied Cryptography, except in the domain of cracking. Again, I'm looking higher-level material, not Online Hooliganism for Dummies:-)
Don't get your hopes up on this one; the signal could have come from anywhere, and they're running tests now.
Yes. It could be from some typically mundane source like outer space aliens. In my opinion, there should be regulations to restrict interstellar subspace communications to a few designatede bandwidth. With all the noise in this solar system I have difficulty contacting Command Zorb (weebles upon him!) in the Delta Quadrant. How am I supposed to receive my orders clearly when my brainwave transmissions are suffering from interference? For example, yesterday I was speaking with Commander Zorb (long may he froop!) in my head when an outer space alien interrupted with a comment that I should kill my family.
AOL is not an internet service provider, any more than MSN or Compuserve simply provide. These are really interfaces that allow users to access a number of community-based features, including a sort of debased web and NNTP experience.
I spent Christmas with some AOL users and they were asking me questions like "how do I delete that word I just typed?" These are people who not only lack the expertise but also the volition to turn to any, purer ISP.
Since AOL sells themselves as an intermediary, they reasonably plan their software around the notion that no one will attempt direct transactions with the net. If they tried to produce software that gave full functionality to advanced users *and* coddled beginners, they probably would end up with a confusing and inconsistent UI story. It's the dumb-down equivalent of "make the common case fast".
Moral of the story: if you want to run two or three ISP's on your machine, don't install what is essentially a wrapper to protect you from the complexity of the internet!
Given that you work for Microsoft and given the capitalistic culture of this company, it may be a stretch to imagine that folks write code for the fun of it!
Dude, that is staggeringly offensive. What kind of person do you think I am? All of us love to code here, even the testers, even the PMs. Hell, probably the maintenance people code when they aren't sweeping.
Maybe you think MS is evil, but don't assume its employees are all soulless idiots as well. -konstant Yes! We are all individuals! I'm not!
What is the difference between an amature passing around frat photos and a professional photographer? Usually some sort of quality control, standards and consistent conduct. The same thing should be true of code. You should be paying for the quality control testing, the guarenteed performance and functionality, and the reduction of risks as compared to say an amateur's effort.
No way. What BillG is arguing in this interview is that if you charge for software *directly*, and you don't enforce copyright on that material, then a user can obtain the services of a "professional photographer" at the rates of a "frat boy", simply by making use of the extremely available copy functions on home computers.
Now, if you charge for software *indirectly*, the way RedHat does, then this is a different issue and you would be correct. Of course, you cannot instantly and cheaply duplicate quality tech support the way you can a RedHat Linux CD.
BillG sez... G: Just like you go to a bank, and as a gesture of humanitarianism, you take their money and you give it away! That's a gesture of humanitarianism! In society, we don't need to pay... If something's expensive to develop, and somebody's not going to get paid, it won't get developed. So you decide: Do you want software to be written, or not?
Of course he's wrong about the banking metaphor. Money is unitary and only can increase through interest accruing loans (AFAIK). Software is like fire - it can be freely distributed without lessening the original flame.
He is right about the second comment, in a way, but in the context of freely distributed software, he doesn't understand what "expensive" really means. Not that I blame him for being unable to predict the future or understand a culture he had no hand in.
"Expensive", in terms of open source/bazaar software, is measured in units of *glamour* rather than units of *money*. Projects that are highly glamorous, like an OS, a compiler, or a web server, are built quickly and voluntarily. This is because the reward to a developer on an OSS project is the personal excitement and the renown that accrue to them through their work. But on the other hand, projects that almost anyone would consider tedious - like documentation of the third UI widget to the left three dialogs deep - is "expensive". It won't get done unless there is some other form of reward.
In OSS, that reward seems to be the incentive of converting newbies and defeating MS, but it's clearly not the overpowering drive that's enjoyed by, say, the KDE project.
I would be very interested to see how the future of the free software movement pans out with relation to these unglamorous undertakings. Will they eventually be assimilated into OSS, or will they remain in the purview of money-driven operations like MS?
Some would say that the major development in Windows2000 was the Active Directory, and that remainder of the issues he cites (security, stability, horsepower) were only fulfillments of a longstanding promise.
Now, if Win2k came out only with those improvements in implementation and no changes in underlying architecture, then he would be justified in saying that M$ was playing catchup to Linux. But again, there is the AD, which is the major marketing point and really quite a massive overhaul of the way many organizations currently function. For that feature alone (there are others but I don't understand them very well) it seems unjustified to call M$ a bunch of copycats when it comes to Win2k.
I won't go quite as far as the poster about abstaining from online credit card purchases, but I do have a method by which I can at least identify the culprit company if anything goes wrong.
Whenever I make an online purchase, I use the name (or first initial) of the company as my own middle name. That way, if someone steals my personal info, emails me spam, or any number of invasions, I will know instantly from the name on the billing which I company I should never use again.
Of course, this does nothing to prevent your information from actually being stolen in the first place...
I don't believe anyone feels that the people taking the information are not guilty. Whats at issue here is the security the companies are using to prevent theft. If you leave your car alone, running out in a parking lot with the doors unlocked, someone will steal it. No one says the person doing it is not guilty, but it was also your fault for not providing good security.
I agree. That wasn't what I was getting at. The real question is, how much of security is necessary to stop "real" criminals, and how much of it is necessary to stop egotistical crusaders bent on proving a point about computer security?
I don't take Kung Fu lessons because I can walk down my street without being attacked. But if you start attacking people to make the point that they are defenseless, then suddenly those lessons are necessary after all....
If we're still focusing on the internet in 100 years, then we'll be in sorry shape indeed. The electric light bulb was popularized around the turn of this last century (was the the 1901 Paris World's Fair that was covered in lights?) but you didn't hear anybody in 1980 rhapsodizing about the wonders brought to us by the "man-made suns". Well, maybe one of Jon Katz's ancestors...:-)
Poor Time Warner. They sure are getting the short end of the stick with their meager mega-million dollar deal. Maybe the government should consider subsidizing them.
Unfortunately, as long as companies keep storing customer's/client's valuable information in insecure places with insecure software, there will always be some cr/hacker that will find a way to nab it. Even more unfortunately, the media will skew and distort this to the point where the spoonfed masses won't see the real point (which is that better security is needed at these online companies). Such is life.
DEFENDANT: Your honor, I only killed that man to demonstrate how extremely poor most people are at self defense! Consider it an act of charity to society at large.
JUDGE: I never saw it that way! I will enroll in a Tai Jitsu Kata class immediately! Case dismissed!!!!
---
ATTORNEY: And so you see ladies and gentlemen of the jury, my client did not rob the bank as an act of theft per se, but rather as valiant display of public zeal! How many of you slept easy last night entrusting your money to the poorly secured bank vaults of the neo-syndicalist dogs at First National Savings?!!?!
JURY FOREMAN: This man is a hero! I am going to stuff my money into my mattress forthwith! Down with the WTO! Case dismissed!!!!
---
JUDGE: For your crimes against society, I hereby sentence you to hang by the neck until dead!
DEFENDANT: But your honor, by poisoning the water supply of the local KiddieCare Nuture Center, I indicated strikingly the need for higher quality water filtration. And by ransoming the life of 2 year old Phiddeas Quilch (whom I knew already to be dead) I displayed the ironic certainty that a society designed around monetary transactions is inherently debased with greed and treachery!
JUDGE: You are a wonderful person!!! Thank you!!! Cased dismissed!!!
Unfortunately, as long as companies keep storing customer's/client's valuable information in insecure places with insecure software, there will always be some cr/hacker that will find a way to nab it. Even more unfortunately, the media will skew and distort this to the point where the spoonfed masses won't see the real point (which is that better security is needed at these online companies). Such is life. DEFENDANT: Your honor, I only killed that man to demonstrate how extremely poor most people are at self defense! Consider it an act of charity to society at large. JUDGE: I never saw it that way! I will enroll in a Tai Jitsu Kata class immediately! Case dismissed!!!! --- ATTORNEY: And so you see ladies and gentlemen of the jury, my client did not rob the bank as an act of theft per se, but rather as valiant display of public zeal! How many of you slept easy last night entrusting your money to the poorly secured bank vaults of the neo-syndicalist dogs at First National Savings?!!?! JURY FOREMAN: This man is a hero! I am going to stuff my money into my mattress forthwith! Down with the WTO! Case dismissed!!!! --- JUDGE: For your crimes against society, I hereby sentence you to hang by the neck until dead! DEFENDANT: But your honor, by poisoning the water supply of the local KiddieCare Nuture Center, I indicated strikingly the need for higher quality water filtration. And by ransoming the life of 2 year old Phiddeas Quilch (whom I knew already to be dead) I displayed the ironic certainty that a society designed around monetary transactions is inherently debased with greed and treachery! JUDGE: You are a wonderful person!!! Thank you!!! Cased dismissed!!! -konstant Yes! We are all individuals! I'm not!
It's easy to confuse oneself with the meaning of "barrier to entry". Technical people such as yourself, who are accustomed to associating that phrase with the name of a certain software giant (hmmm...) often mistakenly believe that the only meaningful type of entry barrier is a financial or legal one. Big Evil Corporation secures exclusive contracts with manufacturers and retailers, and procedes to engineer their products further and further away from compatibility with the products of other products.
True, Red Hat cannot hope to produce this sort of barrier. For one, there is the nature of the GPL, for another, the ethics of the community that is fostering their growth from a seedling startup to a major force.
But if Linux ever becomes a product that is sold primarily to the mainstream customer and not to the elites (real or self-deluded:-) who populate slashdot, then an equally powerful barrier becomes important: mindshare.
The average consumer is unlikely ever to choose an OS based upon its most technical details. In reality, people who pursue computers to accomplish unrelated work rather than as a hobby get their purchasing information from friends, trade mags, and marketers, not from the spec sheet. They are provably unlikely to purchase an unknown product if a name brand is beside it on the shelves. Look at the respective popularites of K-Mart and The GAP.
The real difficulty a startup Linux company will have in the next decade is not pressing CDs but differentiating itself from the competition. This can only be done by promoting their brand into consumer households. It's a race for mindshare, not technical superiority. And Red Hat has a gigantic head start.
Clones are twins. And twins are clones. I understand that you'll reserve the term "clone" until I can take a clipping from your fingernails and grow a Hemos Mark II inside a bubbling vat, but in my opinion it's pretty important not to make this false clone/twin distinction.
The reason is that, if we continue to think of a clone as different from a twin in some vague, undefinable way, then we are sure to treat clones as less than human if ever the technology becomes widespread.
People are often arrogant about the things they create. If we allow ourselves to be deceived in considering clones "our creatures" rather than as human twins achieved at a rather late date:-) then we know what will result. We've all read the sci-fi: sex slaves, war drones, and second class status.
Yes it would be stupid! Surely the origin of a genetic duplicate is irrelevant when determing the intrinsic worth or rights of the duplicate. But somehow I fear that logic wouldn't play a very large role in the decision.
We have a chance to forstall all this if we try to change our thinking now, before clones are walking down the street alongside us.
I would like to comment on some of the responses I'm seeing to my post.
Essentially, the counterargument is that the individual servers are owned privately and thus nobody has the right to speak using those private resources.
However, that is precisely my point. On the Internet, there is not much in the way of public property. Imagine a physical world in which there were no public sidewalks, squares or roads. Free speech could effectively be killed by the private owners of territory forbidding speech on their grounds. That is the danger I was trying to illustrate - a future world too completly balkanized, to the utter exclusion of publicly owned, centrally overseen venues for unpopular speech.
One theme we are seeing kicked around this board (by our friendly neighborhood Libertarian contingent:) is the statment that the UDP's success proves that central oversight, ie. government interference, is unnecessary.
This is largely true. The UDP is a demonstration of successful self-coordination and democratic mob action. Individual admins opt-in to the UDP, or they opt-out, with only their own consciences as judge.
However, traditionally, governmental oversight has never been necessary in cases like this one, where an entity is punished for harming others. As the Libertarians correctly point out, community action will generally take care of such rogues. But government has been necessary in cases where a universally unpopular, but legal, viewpoint is expressed by an ostracized group.
Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.
In cases like the hypothetical one above, civil rights legislation has a real and legitimate role to play. In the UDP FAQ, it is mentioned that only a government can legally perform censorship. However, Libertarians can't have it both ways - either they can accept civil liberties checks and regulations from the Feds, or they must assume the responsibility of allowing Usenet to become a government unto itself. At that point, the distinction between censorship and "private choice" becomes indistinct.
I'm not against the UDP or weak government, but I'm not against centralized civil rights standards either - that is the notion behind the constitution of the United States after all.
I like the law is a little to lax, and I wonder if this isn't some sort of a ploy by the US gov't. I mean, for years, they have had very little popular support about their encryption laws, and now they draft a law that is so sweeping and reforming that even the US gov't staunchest critics go "Whoa, wait a minute, let's not get *too* crazy here". Then, with perfect honesty, the US gov't can yank the law away, and say, "Hey, we *wanted* to open the export laws up, but popular support was against us, so we dropped it because *we* *love* *our* *voters*".
That doesn't seem likely. Very few voters are even aware of cryptography, let alone the concept of export restrictions. Those who are, generally are technically savvy individuals like ourselves, who tend to oppose such regulation. Since nearly the entirety of the popular reaction to encryption limits has been from this fairly elite group, the scenario you illustrate is basically just as unlikely as the entire population of slashdot waking up tomorrow and deciding that online export freedoms are a bad thing. That is to say, very very unlikely.
But if we view the reality of the situation, we see that this has very little to do with voters. It is propelled by two forces. One apparently (and gratifyingly) is the "GnuPGP" project that essentially rendered strong crypto limits moot. The second, more important influence is from United States tech companies and their constituent option-paid workers. Many of these companies are horribly wealthy, and many of them feel annually the testing, development, and marketing pinch of producing both a high and a low version of their crypto-enabled products. These companies want restrictions dead.
If you want to pitch in your efforts by writing your congressman, I heartily recommend you elaborate to him/her the fact that your tech employer is paying through the nose because of this national policy and would be sure to see higher nets each year if this cumbersome beaurocratic nonsense went away. Better yet, I recommend getting your whole business involved in lobbying for this change, if only by means of a letter from the CEO/CIO to the appropriate lawmaker.
Congress is in the pocket of fat cats, but that doesn't mean we can't still get our way once in a while if we pull the right strings.
Having worked on crypto for some time, I've come to greatly admire Thawte for their careful identity authentication practices, which made a strong contrast with Verisign.
Verisign certainly is large, and their root key is probably in more trusted stores than Verisign's, but not by much. Both, for example, are in the IE4/5 trusted store that comes with shipping windows. IE3 too, I believe. And Thawte will issue keypairs for no charge. Or at least, they used to.
Verisign has made a practice of issueing "temporary" certificates containing arbitrary unverified data. True, the user cert is marked as temporary, and the key expires after I believe 40 days, but the marking is buried and 40 days is ample time to perpetrate a fraud on an unwary user. As a game, the members of my test team would send messages to each other "signed" by famous figures like Ghandi and President Clinton. Since the from header is trivial to forge, these mails looked like the real deal to a cursory inspection. You would have to have a medium-level understanding of crypto even to guess they might be fakes.
Thawte has never allowed this sort of thing to go on. When I applied for my one and only Thawte keypair I had to submit a great deal of information about myself, all of which they verified over the course of a day. I understand Verisign's desire to promote their product, and certainly it must work because of their prominence, but playing fast and loose with authentication is a surefire way to get the whole crypto industry discredited in the eyes of the public.
Do you have any idea how many companies were driven out of business by M$ vaporware announcements? Etc... etc..
I have never said that Microsoft is not culpable of crimes. On some charges I personally think we probably are. On others, I'm not sure. Losing the DoJ trial, for example, might gratify me as justice. But on this particular count, I emphatically thing that we are the ones being wronged. I don't believe in marking any person or any company permanently with black because of their other wrongs. I try to evaluate case by case, and this case was a sorry thing indeed.
Anyway, don't get too angry about this. Remember that for your company $150 million probably isn't even significant digits. I mean it wouldn't be noticed after round off error.
So it's justified because MS is rich?
150 million dollars is approximately 150 times what I can even dream of seeing in my lifetime. The notion that this kind of money should go to a company that (in my view) has behaved very immorally is a travesty.
The sum is irrelevant. It's the principle that riles me up.
*cough* *sputter* Oh dear. I think I've just been trolled.
The difference is, you get to be smug and superior and I have to spend 20% of my online time proving I'm not a devil simply because I have @microsoft.com behind my alias. Yes I'm resentful!
I guess you would prefer it, if people didn't hold you responsible for the choice that you have made. Well, that's not gonna fly around here. If you weren't even with the company yet in '92, then surely when you joined, you knew what you were getting into. And you did it anyway.
I won't respond to your other comments because I've already done so too many times, but I would like to point out to you that free software and Linux do not have a stranglehold on virtue.
Linux is, I'm sure, a very competent operating system. However, it is also elitist. The predominant ethic scorns newbies and laughs at ignorance. Linux is a step backward, in my view, from my personal goal of software that brings the power of technology to truly uninformed novices who could benefit from computers but who have been taught - by people like yourself - to fear it. Microsoft is the only company that seems to care about this crowd. That is why I choose to work for them.
Thank you for bringing up this valid point. I have changed my user info to reflect my affiliation.
However, I would like to explain that I didn't disclose my employer because
1) people here hate MS irrationally and I didn't want to end up in dozens of tedious scraps over nothing. Don't bother denying it, you know it's true.
2) we've been asked by the company not to post anything about our legal woes that might seem like an official statement if it were twisted out of context. That seems to happen a lot these days... Of course I'm about as far from official as you can get, but that hardly seems to stop some people.
However, I don't see there's much choice now. Hopefully my non-MS posts, which constitute a large majority, will continue to be moderated with the same objectivity they always have. I somewhat doubt it, however.
DDJ does seem pretty good. This month's security issue has convinced me to get a subscription.
However, I'm not sure it's legally relevant whether Microsoft wanted to disable DR-DOS with the concealed code. It certainly looks dastardly, doesn't it? But legally, Caldera would have had to prove harm, and I'm not sure they really could do that, considering that the error was ignorable, only present in a single beta build, and that, furthermore, developers writing apps for either platform would supposedly have been supported by the "100% compatible DR-DOS".
Slashdot Mirror
There is no remedy for you through the GPL, but if you ever expect a remedy through the courts, you will need proof of plagiarism. As I imagine you don't have the resources to hire lawyers who could force a disclosure of the hidden code, you need a mechanism that would allow you to prove copying with only a released copy of the proprietary software in hand.
What you need to do is include a highly obfuscated trigger in your code. When a series of complicated and rare actions execute through code, a trigger message is displayed proclaiming "This code written by ABC and licensed under the GPL". That would be irrefutable proof of copying.
I believe the legal criterion to establish plagiarism is replicated *errors*. Another option is to include an intentional but, again, very obfuscated bug in your code. Either method should demonstrate beyond doubt that their product is based upon yours.
-konstant
Yes! We are all individuals! I'm not!
This is only vaguely on-topic, but I would appreciate it if some of the more knowledgeable crowd could help me out.
:-)
In the next month and a half or so I'll be making a transition out of my current job into another post. This new position will require me, among other things, to crack our pre-deployment systems so that holes can be patched before release.
I don't think I'll have much trouble with the more prosaic "skript kiddie" side of the assignment, things like netcat and ping floods, but I'm concerned that I might miss some of the less glamorous holes due to lack of specific training in "white hat" cracking. This groups is more concerned about a coalition like the l0pht finding a vulnerability than they are about the more typical attacks.
Does anyone here have any expertise or suggestions about suitable books or webpages? Something along the lines of Applied Cryptography, except in the domain of cracking. Again, I'm looking higher-level material, not Online Hooliganism for Dummies
Thanks!
-konstant
Yes! We are all individuals! I'm not!
emmet sez..
Don't get your hopes up on this one; the signal could have come from anywhere, and they're running tests now.
Yes. It could be from some typically mundane source like outer space aliens. In my opinion, there should be regulations to restrict interstellar subspace communications to a few designatede bandwidth. With all the noise in this solar system I have difficulty contacting Command Zorb (weebles upon him!) in the Delta Quadrant. How am I supposed to receive my orders clearly when my brainwave transmissions are suffering from interference? For example, yesterday I was speaking with Commander Zorb (long may he froop!) in my head when an outer space alien interrupted with a comment that I should kill my family.
-konstant
Yes! We are all individuals! I'm not!
AOL is not an internet service provider, any more than MSN or Compuserve simply provide. These are really interfaces that allow users to access a number of community-based features, including a sort of debased web and NNTP experience.
I spent Christmas with some AOL users and they were asking me questions like "how do I delete that word I just typed?" These are people who not only lack the expertise but also the volition to turn to any, purer ISP.
Since AOL sells themselves as an intermediary, they reasonably plan their software around the notion that no one will attempt direct transactions with the net. If they tried to produce software that gave full functionality to advanced users *and* coddled beginners, they probably would end up with a confusing and inconsistent UI story. It's the dumb-down equivalent of "make the common case fast".
Moral of the story: if you want to run two or three ISP's on your machine, don't install what is essentially a wrapper to protect you from the complexity of the internet!
And, just to be even-handed: AOL SUX!!!
-konstant
Yes! We are all individuals! I'm not!
Given that you work for Microsoft and given the capitalistic culture of this company, it may be a stretch to imagine that folks write code for the fun of it!
Dude, that is staggeringly offensive. What kind of person do you think I am? All of us love to code here, even the testers, even the PMs. Hell, probably the maintenance people code when they aren't sweeping.
Maybe you think MS is evil, but don't assume its employees are all soulless idiots as well.
-konstant
Yes! We are all individuals! I'm not!
What is the difference between an amature passing around frat photos and a professional photographer? Usually some sort of quality control, standards and consistent conduct. The same thing should be true of code. You should be paying for the quality control testing, the guarenteed performance and functionality, and the reduction of risks as compared to say an amateur's effort.
No way. What BillG is arguing in this interview is that if you charge for software *directly*, and you don't enforce copyright on that material, then a user can obtain the services of a "professional photographer" at the rates of a "frat boy", simply by making use of the extremely available copy functions on home computers.
Now, if you charge for software *indirectly*, the way RedHat does, then this is a different issue and you would be correct. Of course, you cannot instantly and cheaply duplicate quality tech support the way you can a RedHat Linux CD.
-konstant
Yes! We are all individuals! I'm not!
BillG sez...
G: Just like you go to a bank, and as a gesture of humanitarianism, you take their money and you give it away! That's a gesture of humanitarianism! In society, we don't need to pay... If something's expensive to develop, and somebody's not going to get paid, it won't get developed. So you decide: Do you want software to be written, or not?
Of course he's wrong about the banking metaphor. Money is unitary and only can increase through interest accruing loans (AFAIK). Software is like fire - it can be freely distributed without lessening the original flame.
He is right about the second comment, in a way, but in the context of freely distributed software, he doesn't understand what "expensive" really means. Not that I blame him for being unable to predict the future or understand a culture he had no hand in.
"Expensive", in terms of open source/bazaar software, is measured in units of *glamour* rather than units of *money*. Projects that are highly glamorous, like an OS, a compiler, or a web server, are built quickly and voluntarily. This is because the reward to a developer on an OSS project is the personal excitement and the renown that accrue to them through their work. But on the other hand, projects that almost anyone would consider tedious - like documentation of the third UI widget to the left three dialogs deep - is "expensive". It won't get done unless there is some other form of reward.
In OSS, that reward seems to be the incentive of converting newbies and defeating MS, but it's clearly not the overpowering drive that's enjoyed by, say, the KDE project.
I would be very interested to see how the future of the free software movement pans out with relation to these unglamorous undertakings. Will they eventually be assimilated into OSS, or will they remain in the purview of money-driven operations like MS?
-konstant
Yes! We are all individuals! I'm not!
Ok, here I go...
Some would say that the major development in Windows2000 was the Active Directory, and that remainder of the issues he cites (security, stability, horsepower) were only fulfillments of a longstanding promise.
Now, if Win2k came out only with those improvements in implementation and no changes in underlying architecture, then he would be justified in saying that M$ was playing catchup to Linux. But again, there is the AD, which is the major marketing point and really quite a massive overhaul of the way many organizations currently function. For that feature alone (there are others but I don't understand them very well) it seems unjustified to call M$ a bunch of copycats when it comes to Win2k.
Just a viewpoint to consider.
-konstant
Yes! We are all individuals! I'm not!
I won't go quite as far as the poster about abstaining from online credit card purchases, but I do have a method by which I can at least identify the culprit company if anything goes wrong.
Whenever I make an online purchase, I use the name (or first initial) of the company as my own middle name. That way, if someone steals my personal info, emails me spam, or any number of invasions, I will know instantly from the name on the billing which I company I should never use again.
Of course, this does nothing to prevent your information from actually being stolen in the first place...
-konstant
Yes! We are all individuals! I'm not!
I don't believe anyone feels that the people taking the information are not guilty. Whats at issue here is the security the companies are using to prevent theft. If you leave your car alone, running out in a parking lot with the doors unlocked, someone will steal it. No one says the person doing it is not guilty, but it was also your fault for not providing good security.
I agree. That wasn't what I was getting at. The real question is, how much of security is necessary to stop "real" criminals, and how much of it is necessary to stop egotistical crusaders bent on proving a point about computer security?
I don't take Kung Fu lessons because I can walk down my street without being attacked. But if you start attacking people to make the point that they are defenseless, then suddenly those lessons are necessary after all....
Seems kind of stupid after a point, doesn't it?
-konstant
Yes! We are all individuals! I'm not!
If we're still focusing on the internet in 100 years, then we'll be in sorry shape indeed. The electric light bulb was popularized around the turn of this last century (was the the 1901 Paris World's Fair that was covered in lights?) but you didn't hear anybody in 1980 rhapsodizing about the wonders brought to us by the "man-made suns". Well, maybe one of Jon Katz's ancestors... :-)
Poor Time Warner. They sure are getting the short end of the stick with their meager mega-million dollar deal. Maybe the government should consider subsidizing them.
Speaking of Bambi vs. Godzilla, check out this hilarious movie.
-konstant
Yes! We are all individuals! I'm not!
Unfortunately, as long as companies keep storing customer's/client's valuable information in insecure places with insecure software, there will always be some cr/hacker that will find a way to nab it.
Even more unfortunately, the media will skew and distort this to the point where the spoonfed masses won't see the real point (which is that better security is needed at these online companies). Such is life.
DEFENDANT: Your honor, I only killed that man to demonstrate how extremely poor most people are at self defense! Consider it an act of charity to society at large.
JUDGE: I never saw it that way! I will enroll in a Tai Jitsu Kata class immediately! Case dismissed!!!!
---
ATTORNEY: And so you see ladies and gentlemen of the jury, my client did not rob the bank as an act of theft per se, but rather as valiant display of public zeal! How many of you slept easy last night entrusting your money to the poorly secured bank vaults of the neo-syndicalist dogs at First National Savings?!!?!
JURY FOREMAN: This man is a hero! I am going to stuff my money into my mattress forthwith! Down with the WTO! Case dismissed!!!!
---
JUDGE: For your crimes against society, I hereby sentence you to hang by the neck until dead!
DEFENDANT: But your honor, by poisoning the water supply of the local KiddieCare Nuture Center, I indicated strikingly the need for higher quality water filtration. And by ransoming the life of 2 year old Phiddeas Quilch (whom I knew already to be dead) I displayed the ironic certainty that a society designed around monetary transactions is inherently debased with greed and treachery!
JUDGE: You are a wonderful person!!! Thank you!!! Cased dismissed!!!
-konstant
Yes! We are all individuals! I'm not!
Unfortunately, as long as companies keep storing customer's/client's valuable information in insecure places with insecure software, there will always be some cr/hacker that will find a way to nab it. Even more unfortunately, the media will skew and distort this to the point where the spoonfed masses won't see the real point (which is that better security is needed at these online companies). Such is life. DEFENDANT: Your honor, I only killed that man to demonstrate how extremely poor most people are at self defense! Consider it an act of charity to society at large. JUDGE: I never saw it that way! I will enroll in a Tai Jitsu Kata class immediately! Case dismissed!!!! --- ATTORNEY: And so you see ladies and gentlemen of the jury, my client did not rob the bank as an act of theft per se, but rather as valiant display of public zeal! How many of you slept easy last night entrusting your money to the poorly secured bank vaults of the neo-syndicalist dogs at First National Savings?!!?! JURY FOREMAN: This man is a hero! I am going to stuff my money into my mattress forthwith! Down with the WTO! Case dismissed!!!! --- JUDGE: For your crimes against society, I hereby sentence you to hang by the neck until dead! DEFENDANT: But your honor, by poisoning the water supply of the local KiddieCare Nuture Center, I indicated strikingly the need for higher quality water filtration. And by ransoming the life of 2 year old Phiddeas Quilch (whom I knew already to be dead) I displayed the ironic certainty that a society designed around monetary transactions is inherently debased with greed and treachery! JUDGE: You are a wonderful person!!! Thank you!!! Cased dismissed!!!
-konstant
Yes! We are all individuals! I'm not!
It's easy to confuse oneself with the meaning of "barrier to entry". Technical people such as yourself, who are accustomed to associating that phrase with the name of a certain software giant (hmmm...) often mistakenly believe that the only meaningful type of entry barrier is a financial or legal one. Big Evil Corporation secures exclusive contracts with manufacturers and retailers, and procedes to engineer their products further and further away from compatibility with the products of other products.
:-) who populate slashdot, then an equally powerful barrier becomes important: mindshare.
True, Red Hat cannot hope to produce this sort of barrier. For one, there is the nature of the GPL, for another, the ethics of the community that is fostering their growth from a seedling startup to a major force.
But if Linux ever becomes a product that is sold primarily to the mainstream customer and not to the elites (real or self-deluded
The average consumer is unlikely ever to choose an OS based upon its most technical details. In reality, people who pursue computers to accomplish unrelated work rather than as a hobby get their purchasing information from friends, trade mags, and marketers, not from the spec sheet. They are provably unlikely to purchase an unknown product if a name brand is beside it on the shelves. Look at the respective popularites of K-Mart and The GAP.
The real difficulty a startup Linux company will have in the next decade is not pressing CDs but differentiating itself from the competition. This can only be done by promoting their brand into consumer households. It's a race for mindshare, not technical superiority. And Red Hat has a gigantic head start.
-konstant
Yes! We are all individuals! I'm not!
Clones are twins. And twins are clones. I understand that you'll reserve the term "clone" until I can take a clipping from your fingernails and grow a Hemos Mark II inside a bubbling vat, but in my opinion it's pretty important not to make this false clone/twin distinction.
:-) then we know what will result. We've all read the sci-fi: sex slaves, war drones, and second class status.
The reason is that, if we continue to think of a clone as different from a twin in some vague, undefinable way, then we are sure to treat clones as less than human if ever the technology becomes widespread.
People are often arrogant about the things they create. If we allow ourselves to be deceived in considering clones "our creatures" rather than as human twins achieved at a rather late date
Yes it would be stupid! Surely the origin of a genetic duplicate is irrelevant when determing the intrinsic worth or rights of the duplicate. But somehow I fear that logic wouldn't play a very large role in the decision.
We have a chance to forstall all this if we try to change our thinking now, before clones are walking down the street alongside us.
Clones = Twins
Twins = Clones
-konstant
Yes! We are all individuals! I'm not!
I would like to comment on some of the responses I'm seeing to my post.
Essentially, the counterargument is that the individual servers are owned privately and thus nobody has the right to speak using those private resources.
However, that is precisely my point. On the Internet, there is not much in the way of public property. Imagine a physical world in which there were no public sidewalks, squares or roads. Free speech could effectively be killed by the private owners of territory forbidding speech on their grounds. That is the danger I was trying to illustrate - a future world too completly balkanized, to the utter exclusion of publicly owned, centrally overseen venues for unpopular speech.
-konstant
Yes! We are all individuals! I'm not!
One theme we are seeing kicked around this board (by our friendly neighborhood Libertarian contingent :) is the statment that the UDP's success proves that central oversight, ie. government interference, is unnecessary.
This is largely true. The UDP is a demonstration of successful self-coordination and democratic mob action. Individual admins opt-in to the UDP, or they opt-out, with only their own consciences as judge.
However, traditionally, governmental oversight has never been necessary in cases like this one, where an entity is punished for harming others. As the Libertarians correctly point out, community action will generally take care of such rogues. But government has been necessary in cases where a universally unpopular, but legal, viewpoint is expressed by an ostracized group.
Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.
In cases like the hypothetical one above, civil rights legislation has a real and legitimate role to play. In the UDP FAQ, it is mentioned that only a government can legally perform censorship. However, Libertarians can't have it both ways - either they can accept civil liberties checks and regulations from the Feds, or they must assume the responsibility of allowing Usenet to become a government unto itself. At that point, the distinction between censorship and "private choice" becomes indistinct.
I'm not against the UDP or weak government, but I'm not against centralized civil rights standards either - that is the notion behind the constitution of the United States after all.
-konstant
Yes! We are all individuals! I'm not!
I like the law is a little to lax, and I wonder if this isn't some sort of a ploy by the US gov't. I mean, for years, they have had very little popular support about their encryption laws, and now they draft a law that is so sweeping and reforming that even the US gov't staunchest critics go "Whoa, wait a minute, let's not get *too* crazy here". Then, with perfect honesty, the US gov't can yank the law away, and say, "Hey, we *wanted* to open the export laws up, but popular support was against us, so we dropped it because *we* *love* *our* *voters*".
That doesn't seem likely. Very few voters are even aware of cryptography, let alone the concept of export restrictions. Those who are, generally are technically savvy individuals like ourselves, who tend to oppose such regulation. Since nearly the entirety of the popular reaction to encryption limits has been from this fairly elite group, the scenario you illustrate is basically just as unlikely as the entire population of slashdot waking up tomorrow and deciding that online export freedoms are a bad thing. That is to say, very very unlikely.
But if we view the reality of the situation, we see that this has very little to do with voters. It is propelled by two forces. One apparently (and gratifyingly) is the "GnuPGP" project that essentially rendered strong crypto limits moot. The second, more important influence is from United States tech companies and their constituent option-paid workers. Many of these companies are horribly wealthy, and many of them feel annually the testing, development, and marketing pinch of producing both a high and a low version of their crypto-enabled products. These companies want restrictions dead.
If you want to pitch in your efforts by writing your congressman, I heartily recommend you elaborate to him/her the fact that your tech employer is paying through the nose because of this national policy and would be sure to see higher nets each year if this cumbersome beaurocratic nonsense went away. Better yet, I recommend getting your whole business involved in lobbying for this change, if only by means of a letter from the CEO/CIO to the appropriate lawmaker.
Congress is in the pocket of fat cats, but that doesn't mean we can't still get our way once in a while if we pull the right strings.
-konstant
Yes! We are all individuals! I'm not!
Having worked on crypto for some time, I've come to greatly admire Thawte for their careful identity authentication practices, which made a strong contrast with Verisign.
Verisign certainly is large, and their root key is probably in more trusted stores than Verisign's, but not by much. Both, for example, are in the IE4/5 trusted store that comes with shipping windows. IE3 too, I believe. And Thawte will issue keypairs for no charge. Or at least, they used to.
Verisign has made a practice of issueing "temporary" certificates containing arbitrary unverified data. True, the user cert is marked as temporary, and the key expires after I believe 40 days, but the marking is buried and 40 days is ample time to perpetrate a fraud on an unwary user. As a game, the members of my test team would send messages to each other "signed" by famous figures like Ghandi and President Clinton. Since the from header is trivial to forge, these mails looked like the real deal to a cursory inspection. You would have to have a medium-level understanding of crypto even to guess they might be fakes.
Thawte has never allowed this sort of thing to go on. When I applied for my one and only Thawte keypair I had to submit a great deal of information about myself, all of which they verified over the course of a day. I understand Verisign's desire to promote their product, and certainly it must work because of their prominence, but playing fast and loose with authentication is a surefire way to get the whole crypto industry discredited in the eyes of the public.
-konstant
Yes! We are all individuals! I'm not!
Do you have any idea how many companies were driven out of business by M$ vaporware announcements?
Etc...
etc..
I have never said that Microsoft is not culpable of crimes. On some charges I personally think we probably are. On others, I'm not sure. Losing the DoJ trial, for example, might gratify me as justice. But on this particular count, I emphatically thing that we are the ones being wronged. I don't believe in marking any person or any company permanently with black because of their other wrongs. I try to evaluate case by case, and this case was a sorry thing indeed.
-konstant
Yes! We are all individuals! I'm not!
Thank you very much for your kind words.
-konstant
Yes! We are all individuals! I'm not!
Anyway, don't get too angry about this. Remember that for your company $150 million probably isn't even significant digits. I mean it wouldn't be noticed after round off error.
So it's justified because MS is rich?
150 million dollars is approximately 150 times what I can even dream of seeing in my lifetime. The notion that this kind of money should go to a company that (in my view) has behaved very immorally is a travesty.
The sum is irrelevant. It's the principle that riles me up.
-konstant
Yes! We are all individuals! I'm not!
I'm in it for the ideals
*cough* *sputter* Oh dear. I think I've just been trolled.
The difference is, you get to be smug and superior and I have to spend 20% of my online time proving I'm not a devil simply because I have @microsoft.com behind my alias. Yes I'm resentful!
I guess you would prefer it, if people didn't hold you responsible for the choice that you have made. Well, that's not gonna fly around here. If you weren't even with the company yet in '92, then surely when you joined, you knew what you were getting into. And you did it anyway.
I won't respond to your other comments because I've already done so too many times, but I would like to point out to you that free software and Linux do not have a stranglehold on virtue.
Linux is, I'm sure, a very competent operating system. However, it is also elitist. The predominant ethic scorns newbies and laughs at ignorance. Linux is a step backward, in my view, from my personal goal of software that brings the power of technology to truly uninformed novices who could benefit from computers but who have been taught - by people like yourself - to fear it. Microsoft is the only company that seems to care about this crowd. That is why I choose to work for them.
-konstant
Yes! We are all individuals! I'm not!
Thank you for bringing up this valid point. I have changed my user info to reflect my affiliation.
However, I would like to explain that I didn't disclose my employer because
1) people here hate MS irrationally and I didn't want to end up in dozens of tedious scraps over nothing. Don't bother denying it, you know it's true.
2) we've been asked by the company not to post anything about our legal woes that might seem like an official statement if it were twisted out of context. That seems to happen a lot these days... Of course I'm about as far from official as you can get, but that hardly seems to stop some people.
However, I don't see there's much choice now. Hopefully my non-MS posts, which constitute a large majority, will continue to be moderated with the same objectivity they always have. I somewhat doubt it, however.
-konstant
Yes! We are all individuals! I'm not!
DDJ does seem pretty good. This month's security issue has convinced me to get a subscription.
However, I'm not sure it's legally relevant whether Microsoft wanted to disable DR-DOS with the concealed code. It certainly looks dastardly, doesn't it? But legally, Caldera would have had to prove harm, and I'm not sure they really could do that, considering that the error was ignorable, only present in a single beta build, and that, furthermore, developers writing apps for either platform would supposedly have been supported by the "100% compatible DR-DOS".
-konstant
Yes! We are all individuals! I'm not!