Exactly. Even with open and verifiable hardware and software it is possible to have a secure, physically tamperproof (if you want it) system. The difference is the "secret" parts are crytographic keys utilized in well-understood ways, using recognized and provably true algorithms, not some "obscure" hacked-up in the back room after marketing dept complains system who's "security" relies on nobody guessing that their data is ROT13 encrypted before it is emailed to the election tally room.
Interesting that you should mention that. Not long ago, I came across a document claiming that one of the main reasons that the USSR invaded Afghanistan was that for several months prior, the CIA had been supporting raids across the border.
Now I don't know whether this is true or not, and I wish I could remember what the source was, but it is at least consistent with US history; using states as pawns to antagonaize/disrupt cold-war enemies. Iran would be another example.
Formal proof is irrelevant when you include implementation bugs, side-channel attacks and so on.
"Formal proof" only applies to the mathematical approximation of the system, and ignores the details of the hardware, not to mention programmers that can make mistakes. Does EAL7 mean anything if a cosmic ray burst hits the CPU?
And all this ignores the fact that most systems complex enough to be interesting are not amenable to formal proof. If that means that such systems cannot get EAL7, then it simply means EAL7 is itself not very interesting.
That isn't necessarily true. Undeniably, SCO's actions are against the spirit of the GPL, but they are arguing on a technicality, specifically clause 0:
This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
Essentially, they are saying that the copyright holder for some of the Linux kernel is misappropriated from SCO, and SCO did not themselves place the work under the GPL. Therefore, from the first sentence of Clause 0, the licence does not apply.
Unfortunately, it is technicalities like these that ultimately win the day in court. Of course, whether SCO can prove copyright misappropiation is another matter completely, but if they can, the GLP argument may not hold water.
Not at all. The whole argument is over who owns the 'IP' that IBM contributed to the Kernel. Is it IBM (who undeniably actually wrote it) or is it SCO (who have some vague argument based on derivative work of code licensed to IBM way back in the middle ages) ?
If SCO wins, it will mean that creating derived works from material you licenced from elsewhere might result in them later suing you, and possibly winning. That would have a radical effect on business. All existing cross-license agreements would be in doubt for a start, and future agreements (including copyright notices on free software) would have to be significantly changed to explicitly allow derivative works. That is significantly counter to current copyright law - at least as most people understand it.
Has anyone else been really frustrated that IBM have been sitting back and letting SCO get away with pure bullshit, with no response?
What I'm really hanging out for is some serious action from IBM. For example, if IBM announced that they would indemnify all Linux users against SCO lawsuits brought about due to actions from IBM themselves, then all of this "if you buy a UnixWare license, we won't sue you for using Linux" crap would instantly go away.
If IBM doesn't have the balls to make such a move, then what are they worried about? Even with the very strong technical case they have, their inaction seems weird to me.
companies did not depend on horses and carriages to keep their businesses working.
Really? There must have been quite a lot of infrastructure devoted to providing, eg, feed and shelter for horses, not to mention horse shoes, vets, saddles, etc etc. Replace that with service stations, petrol pumps, mechanics, etc etc. Quite a big change in skills!
Coming more on topic, the real question is, why does such a change, from Windows to Linux, require fundamental infrastructure changes?
OK, the answer is obvious, but that simply highlights the core issue here. The technical problems with such a change are relatively minor. Microsoft could probably port the Windows XP shell to run on top of X in a matter of months. But is anyone else in a position to do that? Imagine that you had just invested in a bunch of carriages and horses. Then, the car comes along. Some clever engineer in your company realizes that it would be not so difficult to modify the existing carriages and add petrol engines to them. (Not completely unrealistic; that is essentially what the early cars were, after all.) But, you can't, because the company you bought the carriages from owns all the 'intellectual property' of the carriages, and retrofitting them is a violation of the license agreement. Anyone from 19th century London would have laughed at you!
Today's economic enviroment is based around the idea that it is easier to pay someone else to build something for you, than it is for you to learn the required skills and build it yourself. It is this notion that allowed 'companies' (ie. cooperatives of specialist workers) to form in the beginning. In the past, there was never any laws to say that you could not build your own copy of something that you already own. It simply wasn't needed; for virtually all goods, the cost of building it yourself was (and still is) much greater than the cost of going out and buying another. But this has lost most of its meaning when applied to software. The cost of making another copy is essentially zero. Why should we try to force this new paradigm into the existing economic model? And more importantly, what is going to replace it?
Sure, the automobile case is a completely natural reaction for integrating a 'subversive' technology into an existing culture.
A modern sci-fi/fantasy analogy might be, someone invented a new form of car, say it has some ability to pass through traffic jams when the conventional cars are stuck; it also has less pollution, better turning circle, and folds up to be much more compact. But, it also has the side-effect that at any speed greater than 20MPH it emits an electromagnetic pulse that causes the engines of conventional cars to stall.
It is a sad indictment on the world today that it would probably take longer for such an invention to take hold than it did for the car to eliminate the horse and buggy.
Wht is this marked flamebait? I'll argue the case:
Versatile: No question. Simply look at the number of architectures that Linux will run on compared with Windows. From the IBM Linux wristwatch to a scattering of top 500 supercomputers. Linux is well represented across the a wide range. API versatility is there too. From win32 (via winelib) to POSIX to Java libraries. Probably 90% of Windows software runs perfectly well or has a functional replacement for Linux. The converse is certainly not true!
Reliability: No argument there. It seems to be a curse/truism that all large software projects have bugs, but the architecure of unix/linux is undoubtably more reliable than the mish-mash that is Windows. Not to mention the bugs the MS themselves introduce. DRDOS anyone? Does it concern anyone that MS's attempts at crippling competitors' products might have an unwanted side-effect of reducing stability of their core product?
Security: Security wasn't even on the radar for MS, until recently. The notion of provably secure architecure is simply incompatible with closed-source, marketing driven software.
Power: I think my comment on 'versatility' mostly covers this. For a more concrete example, take an arbitary shell script from Linux, and try to replicate the functionality from the Windows shell.
NOT Microsoft: This is probably the point that caused the Flaimbait moderation. But, surely choice is good as an end in itself? Software ought to be a commodity, and even if Microsoft software was a bastion of technical excellence, having a choice is nothing but beneficial.
Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?
Fine, this is not much of a problem for someone who is at their computer a lot and can basically delete spam as they arrive. I get a similar amount of spam as you (maybe slightly less, but still at least 10 per day, consistently). But what happens if you go on holiday for a month? Suddenly that small handful of 'delete' presses becomes a huge mass of junk, from which it is really hard to find the important messages. And what if you were away for 6 months? The task of filtering out the junk would be practically impossible.
For someone who doesn't work with computers, who maybe checks their email once a week, spam becomes a major chore.
Compare with snail mail; I get practically no junk mail (I also have a 'no junk mail' sign on the letterbox, which I suspect is legally enforcable where I live). Sorting out the mail after a long holiday (yeah I wish!) is actually an interesting and not long task.
The way it is now, it is impossible to use email for important communication (think bills, court documents, things you really _need_ to receive), simply because of spam. Filtering isn't the answer. Email was intended to be robust; either the message would get through or it would bounce. Spam filters make this no longer true, not by a long shot.
I thought RSA was a rediscovery of an algorithm already known, but classified ? Or am I thinking of Diffie-Hellman ?
Especially in cryptography, I suspect the requirement "Is this patentable? Can the comapny make money from this?" is actually a significant dampener on the pace of research. It also discourages publication.
This is an option, but MS/SCO/whoever may well respond with a simple "we deny everything, and we are not showing you our code, so there!". Without any concrete evidence, there is no legal recourse. Even with concrete evidence, they would fight it to the end.
By the way, MS have already publicly stated that they will indemnify all their customers in the case of IP claims against MS software. That already removes most of the sting from such a tactic.
Now, if IBM offered to do the same thing for Linux, that would really be something. Instantly, practically all of the SCO FUD would evaporate.
Now what would be more useful, ultimately, is some way to enforce copyright/patent law for closed-source code. Someone needs to make a case to the appropriate legislatures that closed-source code needs to be independently verifiable, perhaps in association with a copyright registry. eg, to copyright software, the code is submitted to an independent agency (library of Congress?), who would have the power & tools to verify IP claims.
Mono is irrelevant. Mono is MS's poster-child so that they can say "Yes, we are actively pushing interoperability!", to distracting attention from all other instances where they are doing as much as possible to quash interoperability.
I too find it difficult to believe that someone as smart as Miguel would allow himself to be used as a pawn. I suspect he is blinded by the technical case (which, in principle, is excellent - what Java & the JVM should have been but wasn't because of Sun's stupid petty fears of losing control).
Mono may well end up being independently useful, in much the same way that Java/JVM is useful (for some things) even without the cross-platform abilities. But the interoperability benefits of Mono exist purely at benevolence of Microsoft.
Absoutely. If Microsoft got itself into a Linux lawsuit it would be seen as "we failed to compete on technical grounds, lets bring in the lawyers instead". Besides, the SCO lawsuit has near zero chance of actually being upheld, and when it is finally thrown out of court, SCO won't exist anymore. I doubt MS want to be put in the position where they have to walk out of court with their tail between their legs.
No, MS would much rather have someone else do their dirty work for them. Of course, they can help them along a bit by giving them some back-door funding, and having the Chief Software Architect start unsubstantiated rumors that Linux is violating IP rights of Microsoft. Deliciously vague statement. What does he mean by "IP"? Trademarks? No, that would be trivial to remedy anyway. Copyright infringement? Hard to imagine anything substantial. Any code that MS values is kept pretty tightly under wraps anyway, and I have never seen any suggestions that any has been fraudulently obtained & misappropriated into an open project. Patents? Sure, its practically impossible to write a non-trivial piece of software that doesn't violate a large number of inane software patents. On technical grounds, few software patents would stand up, but the USPTO and the courts have never been renowned for their technical expertise. Of course, this equally applies to closed-source software too. The only difference is that it is essentially impossible to police closed source software. This in fact may be archilles heel: if MS can create the situation where practially all software violates someone's IP, but its only actually enforceable on open-source software.
Does anyone have any clue what Gates means by "One thing about the GPL is that you can't just license IBM Linux, or Red Hat Linux," Gates said. "The way the GPL works, if you license any Linux, you have to license all Linux." ??? For starters, you don't need a licence to use linux, the GPL is only relevant if you want to distribute it. But even then, if you want to distribute something derived from Linux version X, what does that have to do with Linux version Y? As far as the GPL is concerned, they are independent projects.
Re:The EU has very strong data protection laws...
on
The Beast of Brussels
·
· Score: 1
Sure, practices vary widely across the EU, but nevertheless, the rules exist. The national laws are supposed to be quite uniform, and as far as I know, this is true. The enforcement however, may be very patchy. But irrespective of how dilligent the national governments are, individuals do have recourse, in principle at least, to pursue companies or government agencies that are violating the laws.
This is what makes the US customs dispute I linked to before so interesting. European law prohibits transferring data that comes under directive 95/46 (the data protection directive) to a state that does not have similar data protection laws, namely the USA. The commission has just shrugged this off with "We think that assurances given by the USA are sufficient on law". But in the public statements the US has made on where this information will end up, it is clear that it already violates the directive. Never mind the fact that Ashcroft has carte-blanche to do whatever he likes with the information, with no disclosure (which is itself a severe violation of the directive).
Ultimately, it will require a modification to the directive, which will in turn require a weakeking of the data protection laws in each European nation. That is when it is going to get interesting. Is the Finnish government, for example, going to roll over and legislate an exemption from the data protection laws for US customs?
Re:Impossible for all the wrong reasons...
on
The Beast of Brussels
·
· Score: 2, Interesting
Absolutely incorrect. The EU has very strong data protection laws.
Unfortunately, the commission has chosen to ignore it in favour of pandering to US security paranoia, see here . It will be interesting to see if they ultimately get away with it.
But that is extremely dangerous for going downhill though. If you get fast enough that you cannot get your feet back on the pedals then you are in big trouble!
Slashdot Mirror
Exactly. Even with open and verifiable hardware and software it is possible to have a secure, physically tamperproof (if you want it) system. The difference is the "secret" parts are crytographic keys utilized in well-understood ways, using recognized and provably true algorithms, not some "obscure" hacked-up in the back room after marketing dept complains system who's "security" relies on nobody guessing that their data is ROT13 encrypted before it is emailed to the election tally room.
Should any entity (states included) be able to bypass the law by paying money? (or in this case, declining the offer of money)
"I fear that we have awakened a sleeping giant and filled him with a terrible resolve"
by Admiral Isoroku Yamamoto, of the Japanese Imperial Navy.
I don't know who did that translation (presumably the original was in Japanese).
Or, maybe not.... I think I prefer http nowdays ;)
Now I don't know whether this is true or not, and I wish I could remember what the source was, but it is at least consistent with US history; using states as pawns to antagonaize/disrupt cold-war enemies. Iran would be another example.
Surely Kissenger is one of the major reasons the US refused to join the International Criminal Court?
"Formal proof" only applies to the mathematical approximation of the system, and ignores the details of the hardware, not to mention programmers that can make mistakes. Does EAL7 mean anything if a cosmic ray burst hits the CPU?
And all this ignores the fact that most systems complex enough to be interesting are not amenable to formal proof. If that means that such systems cannot get EAL7, then it simply means EAL7 is itself not very interesting.
Err, isn't that a bit weird? An Elf who's religion specifically identifies Man as created in the image of the one true God?
This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
Essentially, they are saying that the copyright holder for some of the Linux kernel is misappropriated from SCO, and SCO did not themselves place the work under the GPL. Therefore, from the first sentence of Clause 0, the licence does not apply.
Unfortunately, it is technicalities like these that ultimately win the day in court. Of course, whether SCO can prove copyright misappropiation is another matter completely, but if they can, the GLP argument may not hold water.
If SCO wins, it will mean that creating derived works from material you licenced from elsewhere might result in them later suing you, and possibly winning. That would have a radical effect on business. All existing cross-license agreements would be in doubt for a start, and future agreements (including copyright notices on free software) would have to be significantly changed to explicitly allow derivative works. That is significantly counter to current copyright law - at least as most people understand it.
What I'm really hanging out for is some serious action from IBM. For example, if IBM announced that they would indemnify all Linux users against SCO lawsuits brought about due to actions from IBM themselves, then all of this "if you buy a UnixWare license, we won't sue you for using Linux" crap would instantly go away.
If IBM doesn't have the balls to make such a move, then what are they worried about? Even with the very strong technical case they have, their inaction seems weird to me.
Oops! I'm wrong. See ssomeone who knows what they're talking about.
Really? I thought all 'large' ( > 1) SI prefixes were capital letters. K = 1,000, M = 1,000,000, G = 1,000,000,000, T = ... etc etc
Really? There must have been quite a lot of infrastructure devoted to providing, eg, feed and shelter for horses, not to mention horse shoes, vets, saddles, etc etc. Replace that with service stations, petrol pumps, mechanics, etc etc. Quite a big change in skills!
Coming more on topic, the real question is, why does such a change, from Windows to Linux, require fundamental infrastructure changes?
OK, the answer is obvious, but that simply highlights the core issue here. The technical problems with such a change are relatively minor. Microsoft could probably port the Windows XP shell to run on top of X in a matter of months. But is anyone else in a position to do that? Imagine that you had just invested in a bunch of carriages and horses. Then, the car comes along. Some clever engineer in your company realizes that it would be not so difficult to modify the existing carriages and add petrol engines to them. (Not completely unrealistic; that is essentially what the early cars were, after all.) But, you can't, because the company you bought the carriages from owns all the 'intellectual property' of the carriages, and retrofitting them is a violation of the license agreement. Anyone from 19th century London would have laughed at you!
Today's economic enviroment is based around the idea that it is easier to pay someone else to build something for you, than it is for you to learn the required skills and build it yourself. It is this notion that allowed 'companies' (ie. cooperatives of specialist workers) to form in the beginning. In the past, there was never any laws to say that you could not build your own copy of something that you already own. It simply wasn't needed; for virtually all goods, the cost of building it yourself was (and still is) much greater than the cost of going out and buying another. But this has lost most of its meaning when applied to software. The cost of making another copy is essentially zero. Why should we try to force this new paradigm into the existing economic model? And more importantly, what is going to replace it?
A modern sci-fi/fantasy analogy might be, someone invented a new form of car, say it has some ability to pass through traffic jams when the conventional cars are stuck; it also has less pollution, better turning circle, and folds up to be much more compact. But, it also has the side-effect that at any speed greater than 20MPH it emits an electromagnetic pulse that causes the engines of conventional cars to stall.
It is a sad indictment on the world today that it would probably take longer for such an invention to take hold than it did for the car to eliminate the horse and buggy.
Versatile: No question. Simply look at the number of architectures that Linux will run on compared with Windows. From the IBM Linux wristwatch to a scattering of top 500 supercomputers. Linux is well represented across the a wide range. API versatility is there too. From win32 (via winelib) to POSIX to Java libraries. Probably 90% of Windows software runs perfectly well or has a functional replacement for Linux. The converse is certainly not true!
Reliability: No argument there. It seems to be a curse/truism that all large software projects have bugs, but the architecure of unix/linux is undoubtably more reliable than the mish-mash that is Windows. Not to mention the bugs the MS themselves introduce. DRDOS anyone? Does it concern anyone that MS's attempts at crippling competitors' products might have an unwanted side-effect of reducing stability of their core product?
Security: Security wasn't even on the radar for MS, until recently. The notion of provably secure architecure is simply incompatible with closed-source, marketing driven software.
Power: I think my comment on 'versatility' mostly covers this. For a more concrete example, take an arbitary shell script from Linux, and try to replicate the functionality from the Windows shell.
NOT Microsoft: This is probably the point that caused the Flaimbait moderation. But, surely choice is good as an end in itself? Software ought to be a commodity, and even if Microsoft software was a bastion of technical excellence, having a choice is nothing but beneficial.
Fine, this is not much of a problem for someone who is at their computer a lot and can basically delete spam as they arrive. I get a similar amount of spam as you (maybe slightly less, but still at least 10 per day, consistently). But what happens if you go on holiday for a month? Suddenly that small handful of 'delete' presses becomes a huge mass of junk, from which it is really hard to find the important messages. And what if you were away for 6 months? The task of filtering out the junk would be practically impossible.
For someone who doesn't work with computers, who maybe checks their email once a week, spam becomes a major chore.
Compare with snail mail; I get practically no junk mail (I also have a 'no junk mail' sign on the letterbox, which I suspect is legally enforcable where I live). Sorting out the mail after a long holiday (yeah I wish!) is actually an interesting and not long task.
The way it is now, it is impossible to use email for important communication (think bills, court documents, things you really _need_ to receive), simply because of spam. Filtering isn't the answer. Email was intended to be robust; either the message would get through or it would bounce. Spam filters make this no longer true, not by a long shot.
err, wouldn't that be the 'b' and 'B's ? 57 KBytes at 512 Kbits/sec ?
Especially in cryptography, I suspect the requirement "Is this patentable? Can the comapny make money from this?" is actually a significant dampener on the pace of research. It also discourages publication.
By the way, MS have already publicly stated that they will indemnify all their customers in the case of IP claims against MS software. That already removes most of the sting from such a tactic.
Now, if IBM offered to do the same thing for Linux, that would really be something. Instantly, practically all of the SCO FUD would evaporate.
Now what would be more useful, ultimately, is some way to enforce copyright/patent law for closed-source code. Someone needs to make a case to the appropriate legislatures that closed-source code needs to be independently verifiable, perhaps in association with a copyright registry. eg, to copyright software, the code is submitted to an independent agency (library of Congress?), who would have the power & tools to verify IP claims.
I too find it difficult to believe that someone as smart as Miguel would allow himself to be used as a pawn. I suspect he is blinded by the technical case (which, in principle, is excellent - what Java & the JVM should have been but wasn't because of Sun's stupid petty fears of losing control).
Mono may well end up being independently useful, in much the same way that Java/JVM is useful (for some things) even without the cross-platform abilities. But the interoperability benefits of Mono exist purely at benevolence of Microsoft.
No, MS would much rather have someone else do their dirty work for them. Of course, they can help them along a bit by giving them some back-door funding, and having the Chief Software Architect start unsubstantiated rumors that Linux is violating IP rights of Microsoft. Deliciously vague statement. What does he mean by "IP"? Trademarks? No, that would be trivial to remedy anyway. Copyright infringement? Hard to imagine anything substantial. Any code that MS values is kept pretty tightly under wraps anyway, and I have never seen any suggestions that any has been fraudulently obtained & misappropriated into an open project. Patents? Sure, its practically impossible to write a non-trivial piece of software that doesn't violate a large number of inane software patents. On technical grounds, few software patents would stand up, but the USPTO and the courts have never been renowned for their technical expertise. Of course, this equally applies to closed-source software too. The only difference is that it is essentially impossible to police closed source software. This in fact may be archilles heel: if MS can create the situation where practially all software violates someone's IP, but its only actually enforceable on open-source software.
Does anyone have any clue what Gates means by "One thing about the GPL is that you can't just license IBM Linux, or Red Hat Linux," Gates said. "The way the GPL works, if you license any Linux, you have to license all Linux." ??? For starters, you don't need a licence to use linux, the GPL is only relevant if you want to distribute it. But even then, if you want to distribute something derived from Linux version X, what does that have to do with Linux version Y? As far as the GPL is concerned, they are independent projects.
This is what makes the US customs dispute I linked to before so interesting. European law prohibits transferring data that comes under directive 95/46 (the data protection directive) to a state that does not have similar data protection laws, namely the USA. The commission has just shrugged this off with "We think that assurances given by the USA are sufficient on law". But in the public statements the US has made on where this information will end up, it is clear that it already violates the directive. Never mind the fact that Ashcroft has carte-blanche to do whatever he likes with the information, with no disclosure (which is itself a severe violation of the directive).
Ultimately, it will require a modification to the directive, which will in turn require a weakeking of the data protection laws in each European nation. That is when it is going to get interesting. Is the Finnish government, for example, going to roll over and legislate an exemption from the data protection laws for US customs?
Unfortunately, the commission has chosen to ignore it in favour of pandering to US security paranoia, see here . It will be interesting to see if they ultimately get away with it.
But that is extremely dangerous for going downhill though. If you get fast enough that you cannot get your feet back on the pedals then you are in big trouble!