we are already taking steps towards being able to offer ages people perfect memories again, by the introduction of the artificial hippocampus. (To my knowledge there are no people, as yet, with this device, but it works in Rats)
Having the ability to crack the "memory code" of our brains with a better hippocampus
ISTR the artificial hippocampus is a "brute force" device that simulates the real hippocampus as a black box - i.e. we don't actually know how the hippocampus works but were able to produce a "black box simulation" by creating a lookup table of inputs -> outputs by measuring the inputs and outputs of the real thing.
when I see an open 802.11 network broadcasting invitations for me to use it how would I be expected to know if it's accidentally open or intentionally open?
the Same why you are have implicit invitation to enter a shop, but not to enter the unlock stock/back room.
Sorry, that argument makes no sense - by your analogy an open 802.11 network _is_ an open shop - how is anyone supposed to know if it's actually open or if the owner accidentally left the "open" sign in the door and the door wide open?
By your analogy, I can connect to any open network (the shop) but not to any of the machines on that network (the back room) - i.e. I can still use it for internet access. People have been arrested for doing this.
So again, I'm asking - given 2 wireless networks, one of which is open intentionally for public use and the other is open accidentally because it was set up by a complete moron, how would I be expected to know the difference?
If you publish a www.example.com record in the DNS, it would be entirely reasonable to assume that you've authorized people to stop by your website, yes.
So does that mean I'm breaking the law if I visit http://example.com/ rather than http://www.example.com/ since it didn't explicitly tell me through a published DNS record that it was a public web server?
or "Terms of use"
How would I find out about the terms of using your web site without visiting the website in the first place?
Note that this does not mean that launching a set of requests to exploit, say, a PHP vulnerability
Absolutely - if you are obviously having to circumvent some security (nomatter how crap) then you probably shouldn't be doing it. But what I'm saying is that when people leave systems completely open why should the "client" be held responsible for this rather than the "server" - in many cases it's impossible to tell (at least before connecting to a service) whether it was intended to be a legitimately public service or not. Using 802.11 as an example - when I see an open 802.11 network broadcasting invitations for me to use it how would I be expected to know if it's accidentally open or intentionally open?
You fire up Windows, it tells you "oh look there's an access point", you click ok and the access point hands you an IP address via DHCP - how were you to know that was a private access point that some idiot left open?
Worse than this, say I had an open Linksys access point at home which was left in it's default configuration, so my laptop knows to associate with an AP called "Linksys", I then move in range of another open Linksys access point which is broadcasting it's SSID of "Linksys" my laptop would happilly associate with it without asking me. Should I be arrested because my laptop associated with someone else's network automatically?
I certainly agree that people who are circumventing some security are in the wrong and need to be dealt with, but I'm very worried about the trend to treat people who don't bother to secure their systems as "innocent" and people who make use of these public systems as "guilty".
If I walk into a public house and ask for a beer, I don't expect to get arrested because "oops we didn't mean for it to look like a public house":)
People need to take responsibility for their own actions - if you didn't bother to turn on the basic security options on your systems then that's _your_ fault - the other party that takes advantage of that lack of security may not be malicious.
Next: what about the rights of computer owners? Spyware is installed, without consent, on personal computers (mostly Windoze boxes), which are recognized spaces of personal property. In one sense, it is quite similar to breaking and entering
I'm more inclined to think of it as rape, but maybe that's taking it too far. Maybe we should be thinking of cracking + rootkit installation as someone breaking into your home and crapping on your sofa.
I will agree, people who don't/can't protect their computers are just as foolish as people who leave their doors unlocked while on vacation; however, if someone enters without permission, even if the door is unlocked, the intruder is still criminally liable.
The laws definately need to be clarified I think though - certainly the UK Computer Misuse Act is very open to interpretation. What constitutes "unauthorised access"?
If someone connects to your web server, who authorised the access? In this case it's reasonable to assume that a web server that's open to the public network provides implicitly authorised access... or is it?
What if your web server is actually just the web interface on your DSL router that you didn't bother securing? The web server is open to the public network so surely it has implicitly authorised the access, right?
If we extend the idea, surely accessing *any* port on your machine that you left open to the world without needing authentication should be considered authorised - in that case, if you leave your windows server with your hard drive shared to the world should it be considered illegal for someone to connect to it and delete all your data?
And in these cases the client is actually going and connecting to these ports to find out if they are open - when you connect to a web server you didn't _know_ the port was open to the world until you tried connecting to it. This isn't the case for open 802.11 networks though - in this case the network is actively inviting you to connect to it so shouldn't accessing that be considered _more_ "authorised" than a web server which didn't invite you? The authorities seem to think not since several people have been arrested for using open access points.
I'm not sure these problems are solvable by changing the computer misuse laws though - maybe passing some laws that _require_ manufacturers to ship devices in a secure configuration is the way to go.
Bundling a free (as in beer) web browser with their OS qualifies as taking advantage of their monopoly?
Yes - giving people something which is Just There (rather than them needing to go out of their way to download or buy it) is a pretty good way of making sure the majority of people won't even bother looking at the competition. When you are using a monopoly product in order to distribute this then you are unfairly abusing a monopoly. The destructive influence this has had can quite clearly be seen:
1. Netscape, Mosaic, etc were all competing and rapidly developing the feature set of their products. (As you would expect with free market competition). 2. MS enter the market and bundle IE - now everyone has a web browser installed as standard, why bother looking at the competition? 3. The competing browsers die since very few people are now using them 4. As IE reaches market saturation, MS see no point in continuing development - the feature set stagnates for years
Even though IE6 is 5 years or so behind the competition, the majority of people still use it - the majority of people probably don't even know that there are alternatives to IE.
When you have a monopoly platform, you can use it to launch into almost any market and completely destroy all the competition - this is considered an unfair abuse of the monopoly and is thus illegal. I'm unsure how you can ever think that using a monopoly to completely destroy a market is a Good Thing for the end user - choice and competition produces innovation.
If spam legislation is supposed to work, why do we get more?
I believe that most new anti-spam laws are simply politicians trying to make it look like they're doing something good without having to actually _do_ anything. When people look at new anti-spam legislation they seem to believe it's excellent and will help with the spam problem (this is what the politicians want people to think), but most people seem to ignore the fact that the spammers are already breaking the law and noone's stopping them so how will more laws help?
I.e. most spam is sent through botnets - this is illegal (using a system without the owner's permission is a violation of the Computer Misuse Act here). A lot of spam is fraud, again, illegal. Spamming is also a violation of almost all ISP's AUPs so the ISPs should be taking action against people sending spam (even people with compromised machines) - as it is most ISPs seem to ignore abuse reports about compromised machines (if they bother to have an abuse email address at all).
If the Government here in.au heard of this and comprehended it the port blocks would go up on port 25 in no time at all.
There are legitimate reasons for not using your ISP's SMTP relay:
1. Many ISPs only let you send from the address/domain they allocated for you. I.e. if you registered your domain through a third party you may not be able to send mails from that domain through your ISP's relays (to the ISP it would look like spoofing since they have no knowledge of that domain)
2. You're adding another potential point of failure to the system for no good reason (and when it fails you have to wait for the ISP to fix it rather than fixing it immediately yourself).
If you're using a dial-up connection then relaying via the ISP's server is a good idea since it's always online and can therefore do retries when sending to unreachable systems. However, if you're machine is always turned on and connected to the internet then this advantage disappears.
If the ISPs, all ISPs, set a maximum of, say, 1 outgoing email per second for all of their general users, wouldn't that make a zombied PC too slow to be viable? If not, how about 1 per 5 seconds? Or 10?
It would do absolutely no good because the limits would almost certainly be placed on the number of mails being relayed through the ISP's servers and spammers don't do this - they either send directly from a compromised machine or via an open relay.
Stopping people sending directly would be a Bad Thing (I for one only use my ISP for an internet connection, I don't use their mail servers, etc).
Passing some laws that require ISPs to kick customers off who run open relays would be a good start (and very easilly testable). Kicking customers who don't patch their machines would also be an excellent idea but hard to test.
IMHO the ISPs should do a "credit rating" type system like the banks use - if you're shown to get cracked regularly and/or don't clear up your mess quickly then you get a bad "internet rating" and no ISP will give you an unfiltered account. I.e. persistent offenders will end up with only being able to surf the web. At the moment there really is no motivation for people to run secure systems - most trojans and worms don't actually cause much trouble for the owner of the compromised machine. (If people lost all their work whenever they got compromised they might give more of a damn:)
so far all of the physical laws we know are computable.
Nope, sorry - quantum theory introduces randomness, and randomness cannot be computed deterministically (and all computers are deterministic). Of course, there are 3 questions:
1. Is quasi-randomness "good enough" for a simulation to work? If so it doesn't matter that we can't generate true randomness. 2. Is the randomness found in quantum physics _really_ random, or is it generated by some deterministic behaviour we don't (yet) understand? I.e. maybe the "randomness" we see in the quantum world could be generated by some deterministic behaviour outside our universe (and stuff outside our universe need not be governed by our universe's laws so could be very strange indeed, but still simulatable). 3. Maybe we can use quantum physics to build a non-deterministic computer to simulate quantum physics accurately.
being self-aware is not something that humans really understand but that doesn't mean that it is subjective.
Seems quite subjective actually. And I'm not convinced that "self awareness" has much to do with conciousness - one could say that a computer is self-aware (the system is "aware" of the various parts of itself - memory, disks, etc) but you wouldn't say it's concious.
Conciousness is the thing that's _really_ hard to define, and how do we even know whether something is concious or not if we are unable to communicate with it?
The ball will follow the curvature of the surface, regardless of the presence of gravity.
However, placing a stationary ball on the sheet in zero-G would result in the ball remaining stationary - not falling toward the mass, so this doesn't seem to model gravity correctly at all.
The balloon (space time) is expanding. Anything that has mass is like a piece of tape stuck to the balloon. The tape resists the expansion of the balloon
If gravity is mearly preventing the expansion of a portion of the universe, why doesn't it simply ensure that the matter doesn't expand? Instead we see that gravity actually makes matter _collapse_ together.
Also, I've never been overly clear on what the difference is between space-time itself expanding and the matter expanding (i.e. compare an explosion, where the surrounding matter is thrown away from the source of the explosion, to a balloon being inflated and therefore moving things on it's surface apart - is there actually any difference? In both cases the distance between objects can be measured and thus seen to be increasing)
You can think of it as being like putting a heavy object on to a trampoline - the surface is pulled down under it. If you put a ball on it near the object, it'll roll down the sheet towards it.
But the ball only rolls down the sheet because of the influence of gravity. This model has always struck me as flawed because it describes gravity as "just a distortion in the sheet" but in order for that distortion to have the effect it has you need there to be a real force that acts perpendicular to the sheet (e.g. gravity).
If your business relies on my screws, and I decide to stop selling them to you, or charge you a higher price, you're equally screwed. Or unscrewed, as the case may be.
Screws are usually commonly available parts with compatable parts made by many different manufacturers. Software libraries, OTOH are very different - there's often only a single manufacturer providing a library to do something and producing a compatable library _may_ be a copyright violation (i.e. to make libs compatable you would usually have to use a copy of the function and data prototypes from the original library's.h files which are, of course, copyrighted just like any other work)
Also, in the case of physical stuff like screws, I can buy a large quantity up-front and am therefore guaranteed supply of that quantity. If a distribution licence can be revoked then the same cannot be done here (I can't buy 10,000 unrevokable licences up-front to be guaranteed a supply since you could revoke all of those licences before I use them).
You always have the option to manufacture your own screws
Screws aren't (generally) patentable - software is increasingly patentable and you may well be sued for patent infringement if you produced your own solution to do the same job.
If you pay for them, then they're clearly worth chat I'm charging you. That's what value is: whatever someone's willing to pay.
The question is: are they worth what you're charging because they're actually good products, or are they only worth what you're charging because the customers are already locked in and it would be more expensive for them to change.
You can see examples of this already - there are a large number of people who would migrate away from Windows (e.g. to OS-X or Linux) if they weren't locked into it through the software and/or hardware they use. One could argue that this allows Microsoft to charge unreasonably high prices since many people have no option but to pay them. It also gives them the ability to force people to pay for upgrades (the latest version of some software you use won't work on old versions of windows - you have to pay to upgrade).
So I'm not arguing that this isn't already happening, I'm just saying that it would seem like a bad idea to allow this to happen more easilly and in more situations.
If you signed a contract that doesn't specify that it terminates at a particular time, then you can't just arbitrarily cancel it because you realize you should have asked for more money.
The grand parent said there should be a law that specifically allowed the copyright holder to revoke *any* licence nomatter what the licence's wording is. I was pointing out why this might be a Bad Thing.
the right for them to terminate the license at will (despite any contractual wording to the contrary) should be built into law
This could be very bad in some situations because it could be used by the copyright holder to hold a distributor to ransom.
For example, you write a library of software functions. I build my own product on top of your library and buy a distribution licence from you. I'm now selling my product, which includes (and is intimately tied to) your library - you're probably getting a slice of the revenue too as part of the licence deal.
Now, you decide you want more money - you terminate my licence (as the law you suggested would allow you to do) and then ask me for a lot more money in order to get a new licence.
It's far too expensive for me to competely redevelop my product to either rely on another library or to develop my own library to do a similar job (not to mention possible software patent problems if I produce my own library instead of using yours), so I am now forced to pay you the crazy amount of money you're asking for.
Similarly, if you wanted to put me out of business (maybe you want a slice of my market?) you could revoke my licence and I'd be truly buggered.
Your idea is great if you're assuming the distributor is evil and the original copyright holder is not - unfortunately it seems more and more as if we have to assume everyone is evil until they prove otherwise.:( There have probably always been a lot of people abusing their power in an effort to make money, but increasingly it seems that those people have more and more power.
Blindly quoting from a legal blog and slam it here for being jargon makes as much sense as slamming a Slashdot article for being jargon-y on a political website.
I don't think the complaint was that Groklaw was using legal jargon, it was that the front page of Slashdot was using legal jargon...
Perhaps irony is when someone makes a post on Slashdot decrying the use of jargon.:-/
But slashdot is (or at least pretends to be) a technical forum and so everyone here _should_ know technical jargon. As always, language used should be appropriate to the audiance - if you're talking to a bunch of techies then technical jargon is going to be ok but legal jargon probably isn't - similary if you're talking to a bunch of lawyers then they're not going to have a clue about technical jargon but will be fine with the legal talk.
It's kinda like trying to get gcc to compile COBOL:)
What Google has done is to take an ephemeral work and make it available: 1) permanently
I would say "indefinately". Which really isn't that different to an NNTP server, which will (under it's normal operation) keep an archive of the article for an indefinate length of time. The only difference here is that a normal NNTP server will _usually_ (but not always) only archive it for a few days whereas Google archives it for longer. Either way, the length of time it's archived for is arbitrary and up to the operator of the server holding the article.
2) in a different medium (the web, not Usenet)
Ok, fair enough, but this is a bit vague. If you email someone on Gmail then when they read it your copyrighted article (the email) is now presented in a web page - Gmail has changed your article from being an email to being a web page.
3) in a way that makes money.
Well if that was a crime you could sue all the ISPs who have NNTP servers too - they aren't doing that for fun, they make money out of providing people with Usenet access.
Let me give another example. Joe creates a web page with his opus.
I think the web is a bit different - the web is a technology that doesn't *require* the article to be copied to remote servers in order to work. (And the publisher can send headers telling remote caches how long they can hold a copy if they take one).
Usenet, on the other hand, *requires* that articles be archived on thousands of remote servers for an arbitrary length of time - it is simply the way the technology works. It would seem that publishing via that technology means you implicitly give a licence to do that.
Does someone who copies his work suddenly have the right to redistribute it forever, and in a different medium, in a way that makes them money?
Well like it or not, ISPs run web caches and they make money out of it (web caches save upstream bandwidth == increased profit). If you didn't want the ISP to cache your article then you should've made it uncachable with the correct HTTP headers.
it's about Joe retaining his rights to his works unless he explicitly signs those rights away
If you have to _explicitly_ sign away rights rather than being allowed to _implicitly_ sign them away then the Internet is screwed anyway - you'd have to sign a licence with every usenet posting allowing all NNTP servers to archive your article for an arbitrary length of time for usenet to even work. Similarly you'd have to sign a licence allowing people to quote parts of your emails when they reply.
Sorry but some stuff *is* implicit - if publish work via a medium that *requires* you to sign away a right in order to work then you have implicitly given up that right by choice. If you didn't want to give up that right you should've used a different medium that worked in a different way.
And I remain unconvinced that we should be treating the many different protocols which do similar jobs as separate media and disallowing conversion between them - usenet and http are both methods of transferring text electronically and I see no reason to prevent usenet being converted to http. Similarly, MP3 and OGG are both methods of digitally storing audio and there's no reason to prevent people from converting between them freely and treating them as the same medium (although the RIAA will dispute this).
there is no way I know of for an author to put something in the public domain just by their choice of the medium by which they spread their ideas.
It's not in the public domain, but I think he's implicitly given a licence for anyone to distribute the posting in it's original form (and quote it in a reply) because that's the way the medium works. What _should_ constitute an infringement of his copyright is republishing it as your own work (which Google isn't doing - Google explicitly cites the original author of the posting, they don't claim it was written by Google).
UseNet postings always have been archived, it's just that Google archives them indefinately rather than for a few days or weeks as normal NNTP servers would. I would think that if you post a message to a medium that *requires* archiving for arbitrary lengths of time in order to work then you are implicitly giving permission for your message to be archived.
I don't really see this case as much different to publishing an article in a newspaper and then suing the library for archiving that newspaper. (I'll stop right here - don't want to give anyone ideas:)
the only way to protect your machine against attacks by someone with physical access to it is to raise a BIOS password or encrypt your files, not a bad idea in any case.
Encrypting the hard drive is an answer, but then you have the problem of where do you store the key to access it? If it's stored in the bootloader or the kernel then that can be extracted by the attacker if they have physical access to the system. This is basically the same as the DRM problem - you can encrypt the content but you always have to decrypt it to use it so you need the key stored somewhere and that is always a possible attack vector.
Also, you need to think very carefully about the ramifications of encrypting data - if you lose the key you're screwed.
Encrypting the hard drive using keys stored in Palladium is an option but it only protects you from someone removing the drive and installing it in another machine, and again - if you motherboard (with it's Palladium chip) blows up you're buggered.
SCTP sounds like a kitchen sink solution; it has some nice features and some useless features.
What's useless to one application is useful to another. Most of the features can be turned on and off, so the application developer can pick what's suitable for their use.
For example, manually opening multiple connections through different interfaces and then having the SCTP implementation figure out which one to send through is nonsense; if the system has multiple routes to the Internet, then that can be taken care of at the IP level.
This is one thing that I almost agree with you on - multihoming should probably be done at the IP level. But that requires that intermediate routers be modified to introduce the required functionality and we have already seen that many ISPs have no interest in adjusting their infrastructure to support new technologies (multicast, IPv6, etc). SCTP's multihoming support has the advantage that only the end points of the connection need to care, to the rest of the network it's just plain old IPv4.
Similarly, preservation of write boundaries is a useless gimmick that is rarely needed, and when it is needed, can be easily implemented in user code.
I'm not sure why you think this is a "useless gimmick". Very few applications want a byte stream - almost everything works on the datagram level. Think about HTTP - you send the server a bunch of headers (these are separate datagrams), the server returns a bunch of headers (again, separate datagrams) and the actual object data (one massive datagram). At the moment this is done over a byte stream and in order to maintain the boundaries between the datagrams you have to delimit them at the sending end and then parse them at the receiving end. With almost every application wanting to send multiple datagrams instead of a byte stream isn't it better to have this handled at the protocol level rather than reimplementing it for every application? Almost the only things which benefit from byte streams rather than datagram streams are interactive stuff like telnet and SSH (even SSH would benefit from SCTP when you're multiplexing multiple tunnels)
The four-way handshake during setup is possibly useful, but you can trivially get the same with TCP in a backwards compatible fashion if you configure your kernel to protect against SYN spoofing.
TCP SYN cookies are weak in comparison to the SCTP 4-way handshake.
Altogether, I'm not quite sure what problem SCTP is supposed to solve. SCTP has made its way into some other standards, so it will probably be unavoidable, but it's not a well-designed protocol in my opinion.
SCTP was originally designed for telephony applications (it is used to transport SIGTRAN traffic and can also be used to transport SIP). It is designed to combine the benefits of TCP (reliable ordered delivery with congestion control) with the benefits of UDP (preservation of message boundaries and unordered delivery). But while designing a new protocol it was worthwhile addressing other problems that have shown up with TCP and UDP. I would hazard a guess that the _only_ reason TCP is so widely used is because it's the only widely available transport that provides congestion control and reliable ordered delivery - most applications are _not_ suited to communicating through byte streams and many do not even require the data to arrive in order. If SCTP is widely available as an alternative protocol I can see it being used for new applications purely because the preservation of message boundaries removes the need for a chunk of parsing code.
Slashdot Mirror
I know three people with one glass eye each and the glass one moves with the real one. They say it takes several years to get it working
Isn't the glass eye just replacing the eye ball - i.e. isn't it attached to the original muscles? If it is then why do you have to "retrain"?
That said, I imagine that it'd be much easier to retrain the muscles controlling an eye that's giving real visual feedback.
we are already taking steps towards being able to offer ages people perfect memories again, by the introduction of the artificial hippocampus. (To my knowledge there are no people, as yet, with this device, but it works in Rats)
Having the ability to crack the "memory code" of our brains with a better hippocampus
ISTR the artificial hippocampus is a "brute force" device that simulates the real hippocampus as a black box - i.e. we don't actually know how the hippocampus works but were able to produce a "black box simulation" by creating a lookup table of inputs -> outputs by measuring the inputs and outputs of the real thing.
when I see an open 802.11 network broadcasting invitations for me to use it how would I be expected to know if it's accidentally open or intentionally open?
the Same why you are have implicit invitation to enter a shop, but not to enter the unlock stock/back room.
Sorry, that argument makes no sense - by your analogy an open 802.11 network _is_ an open shop - how is anyone supposed to know if it's actually open or if the owner accidentally left the "open" sign in the door and the door wide open?
By your analogy, I can connect to any open network (the shop) but not to any of the machines on that network (the back room) - i.e. I can still use it for internet access. People have been arrested for doing this.
So again, I'm asking - given 2 wireless networks, one of which is open intentionally for public use and the other is open accidentally because it was set up by a complete moron, how would I be expected to know the difference?
If you publish a www.example.com record in the DNS, it would be entirely reasonable to assume that you've authorized people to stop by your website, yes.
:)
So does that mean I'm breaking the law if I visit http://example.com/ rather than http://www.example.com/ since it didn't explicitly tell me through a published DNS record that it was a public web server?
or "Terms of use"
How would I find out about the terms of using your web site without visiting the website in the first place?
Note that this does not mean that launching a set of requests to exploit, say, a PHP vulnerability
Absolutely - if you are obviously having to circumvent some security (nomatter how crap) then you probably shouldn't be doing it. But what I'm saying is that when people leave systems completely open why should the "client" be held responsible for this rather than the "server" - in many cases it's impossible to tell (at least before connecting to a service) whether it was intended to be a legitimately public service or not. Using 802.11 as an example - when I see an open 802.11 network broadcasting invitations for me to use it how would I be expected to know if it's accidentally open or intentionally open?
You fire up Windows, it tells you "oh look there's an access point", you click ok and the access point hands you an IP address via DHCP - how were you to know that was a private access point that some idiot left open?
Worse than this, say I had an open Linksys access point at home which was left in it's default configuration, so my laptop knows to associate with an AP called "Linksys", I then move in range of another open Linksys access point which is broadcasting it's SSID of "Linksys" my laptop would happilly associate with it without asking me. Should I be arrested because my laptop associated with someone else's network automatically?
I certainly agree that people who are circumventing some security are in the wrong and need to be dealt with, but I'm very worried about the trend to treat people who don't bother to secure their systems as "innocent" and people who make use of these public systems as "guilty".
If I walk into a public house and ask for a beer, I don't expect to get arrested because "oops we didn't mean for it to look like a public house"
People need to take responsibility for their own actions - if you didn't bother to turn on the basic security options on your systems then that's _your_ fault - the other party that takes advantage of that lack of security may not be malicious.
Next: what about the rights of computer owners? Spyware is installed, without consent, on personal computers (mostly Windoze boxes), which are recognized spaces of personal property. In one sense, it is quite similar to breaking and entering
:)
I'm more inclined to think of it as rape, but maybe that's taking it too far. Maybe we should be thinking of cracking + rootkit installation as someone breaking into your home and crapping on your sofa.
I will agree, people who don't/can't protect their computers are just as foolish as people who leave their doors unlocked while on vacation; however, if someone enters without permission, even if the door is unlocked, the intruder is still criminally liable.
The laws definately need to be clarified I think though - certainly the UK Computer Misuse Act is very open to interpretation. What constitutes "unauthorised access"?
If someone connects to your web server, who authorised the access? In this case it's reasonable to assume that a web server that's open to the public network provides implicitly authorised access... or is it?
What if your web server is actually just the web interface on your DSL router that you didn't bother securing? The web server is open to the public network so surely it has implicitly authorised the access, right?
If we extend the idea, surely accessing *any* port on your machine that you left open to the world without needing authentication should be considered authorised - in that case, if you leave your windows server with your hard drive shared to the world should it be considered illegal for someone to connect to it and delete all your data?
And in these cases the client is actually going and connecting to these ports to find out if they are open - when you connect to a web server you didn't _know_ the port was open to the world until you tried connecting to it. This isn't the case for open 802.11 networks though - in this case the network is actively inviting you to connect to it so shouldn't accessing that be considered _more_ "authorised" than a web server which didn't invite you? The authorities seem to think not since several people have been arrested for using open access points.
I'm not sure these problems are solvable by changing the computer misuse laws though - maybe passing some laws that _require_ manufacturers to ship devices in a secure configuration is the way to go.
But anyway, my rant is going way off topic
Bundling a free (as in beer) web browser with their OS qualifies as taking advantage of their monopoly?
Yes - giving people something which is Just There (rather than them needing to go out of their way to download or buy it) is a pretty good way of making sure the majority of people won't even bother looking at the competition. When you are using a monopoly product in order to distribute this then you are unfairly abusing a monopoly. The destructive influence this has had can quite clearly be seen:
1. Netscape, Mosaic, etc were all competing and rapidly developing the feature set of their products. (As you would expect with free market competition).
2. MS enter the market and bundle IE - now everyone has a web browser installed as standard, why bother looking at the competition?
3. The competing browsers die since very few people are now using them
4. As IE reaches market saturation, MS see no point in continuing development - the feature set stagnates for years
Even though IE6 is 5 years or so behind the competition, the majority of people still use it - the majority of people probably don't even know that there are alternatives to IE.
When you have a monopoly platform, you can use it to launch into almost any market and completely destroy all the competition - this is considered an unfair abuse of the monopoly and is thus illegal. I'm unsure how you can ever think that using a monopoly to completely destroy a market is a Good Thing for the end user - choice and competition produces innovation.
If spam legislation is supposed to work, why do we get more?
I believe that most new anti-spam laws are simply politicians trying to make it look like they're doing something good without having to actually _do_ anything. When people look at new anti-spam legislation they seem to believe it's excellent and will help with the spam problem (this is what the politicians want people to think), but most people seem to ignore the fact that the spammers are already breaking the law and noone's stopping them so how will more laws help?
I.e. most spam is sent through botnets - this is illegal (using a system without the owner's permission is a violation of the Computer Misuse Act here). A lot of spam is fraud, again, illegal. Spamming is also a violation of almost all ISP's AUPs so the ISPs should be taking action against people sending spam (even people with compromised machines) - as it is most ISPs seem to ignore abuse reports about compromised machines (if they bother to have an abuse email address at all).
If the Government here in .au heard of this and comprehended it the port blocks would go up on port 25 in no time at all.
There are legitimate reasons for not using your ISP's SMTP relay:
1. Many ISPs only let you send from the address/domain they allocated for you. I.e. if you registered your domain through a third party you may not be able to send mails from that domain through your ISP's relays (to the ISP it would look like spoofing since they have no knowledge of that domain)
2. You're adding another potential point of failure to the system for no good reason (and when it fails you have to wait for the ISP to fix it rather than fixing it immediately yourself).
If you're using a dial-up connection then relaying via the ISP's server is a good idea since it's always online and can therefore do retries when sending to unreachable systems. However, if you're machine is always turned on and connected to the internet then this advantage disappears.
If the ISPs, all ISPs, set a maximum of, say, 1 outgoing email per second for all of their general users, wouldn't that make a zombied PC too slow to be viable? If not, how about 1 per 5 seconds? Or 10?
:)
It would do absolutely no good because the limits would almost certainly be placed on the number of mails being relayed through the ISP's servers and spammers don't do this - they either send directly from a compromised machine or via an open relay.
Stopping people sending directly would be a Bad Thing (I for one only use my ISP for an internet connection, I don't use their mail servers, etc).
Passing some laws that require ISPs to kick customers off who run open relays would be a good start (and very easilly testable). Kicking customers who don't patch their machines would also be an excellent idea but hard to test.
IMHO the ISPs should do a "credit rating" type system like the banks use - if you're shown to get cracked regularly and/or don't clear up your mess quickly then you get a bad "internet rating" and no ISP will give you an unfiltered account. I.e. persistent offenders will end up with only being able to surf the web. At the moment there really is no motivation for people to run secure systems - most trojans and worms don't actually cause much trouble for the owner of the compromised machine. (If people lost all their work whenever they got compromised they might give more of a damn
so far all of the physical laws we know are computable.
Nope, sorry - quantum theory introduces randomness, and randomness cannot be computed deterministically (and all computers are deterministic). Of course, there are 3 questions:
1. Is quasi-randomness "good enough" for a simulation to work? If so it doesn't matter that we can't generate true randomness.
2. Is the randomness found in quantum physics _really_ random, or is it generated by some deterministic behaviour we don't (yet) understand? I.e. maybe the "randomness" we see in the quantum world could be generated by some deterministic behaviour outside our universe (and stuff outside our universe need not be governed by our universe's laws so could be very strange indeed, but still simulatable).
3. Maybe we can use quantum physics to build a non-deterministic computer to simulate quantum physics accurately.
being self-aware is not something that humans really understand but that doesn't mean that it is subjective.
Seems quite subjective actually. And I'm not convinced that "self awareness" has much to do with conciousness - one could say that a computer is self-aware (the system is "aware" of the various parts of itself - memory, disks, etc) but you wouldn't say it's concious.
Conciousness is the thing that's _really_ hard to define, and how do we even know whether something is concious or not if we are unable to communicate with it?
The ball will follow the curvature of the surface, regardless of the presence of gravity.
However, placing a stationary ball on the sheet in zero-G would result in the ball remaining stationary - not falling toward the mass, so this doesn't seem to model gravity correctly at all.
The balloon (space time) is expanding. Anything that has mass is like a piece of tape stuck to the balloon. The tape resists the expansion of the balloon
If gravity is mearly preventing the expansion of a portion of the universe, why doesn't it simply ensure that the matter doesn't expand? Instead we see that gravity actually makes matter _collapse_ together.
Also, I've never been overly clear on what the difference is between space-time itself expanding and the matter expanding (i.e. compare an explosion, where the surrounding matter is thrown away from the source of the explosion, to a balloon being inflated and therefore moving things on it's surface apart - is there actually any difference? In both cases the distance between objects can be measured and thus seen to be increasing)
You can think of it as being like putting a heavy object on to a trampoline - the surface is pulled down under it. If you put a ball on it near the object, it'll roll down the sheet towards it.
But the ball only rolls down the sheet because of the influence of gravity. This model has always struck me as flawed because it describes gravity as "just a distortion in the sheet" but in order for that distortion to have the effect it has you need there to be a real force that acts perpendicular to the sheet (e.g. gravity).
If your business relies on my screws, and I decide to stop selling them to you, or charge you a higher price, you're equally screwed. Or unscrewed, as the case may be.
.h files which are, of course, copyrighted just like any other work)
Screws are usually commonly available parts with compatable parts made by many different manufacturers. Software libraries, OTOH are very different - there's often only a single manufacturer providing a library to do something and producing a compatable library _may_ be a copyright violation (i.e. to make libs compatable you would usually have to use a copy of the function and data prototypes from the original library's
Also, in the case of physical stuff like screws, I can buy a large quantity up-front and am therefore guaranteed supply of that quantity. If a distribution licence can be revoked then the same cannot be done here (I can't buy 10,000 unrevokable licences up-front to be guaranteed a supply since you could revoke all of those licences before I use them).
You always have the option to manufacture your own screws
Screws aren't (generally) patentable - software is increasingly patentable and you may well be sued for patent infringement if you produced your own solution to do the same job.
If you pay for them, then they're clearly worth chat I'm charging you. That's what value is: whatever someone's willing to pay.
The question is: are they worth what you're charging because they're actually good products, or are they only worth what you're charging because the customers are already locked in and it would be more expensive for them to change.
You can see examples of this already - there are a large number of people who would migrate away from Windows (e.g. to OS-X or Linux) if they weren't locked into it through the software and/or hardware they use. One could argue that this allows Microsoft to charge unreasonably high prices since many people have no option but to pay them. It also gives them the ability to force people to pay for upgrades (the latest version of some software you use won't work on old versions of windows - you have to pay to upgrade).
So I'm not arguing that this isn't already happening, I'm just saying that it would seem like a bad idea to allow this to happen more easilly and in more situations.
If you signed a contract that doesn't specify that it terminates at a particular time, then you can't just arbitrarily cancel it because you realize you should have asked for more money.
The grand parent said there should be a law that specifically allowed the copyright holder to revoke *any* licence nomatter what the licence's wording is. I was pointing out why this might be a Bad Thing.
the right for them to terminate the license at will (despite any contractual wording to the contrary) should be built into law
:(
This could be very bad in some situations because it could be used by the copyright holder to hold a distributor to ransom.
For example, you write a library of software functions. I build my own product on top of your library and buy a distribution licence from you. I'm now selling my product, which includes (and is intimately tied to) your library - you're probably getting a slice of the revenue too as part of the licence deal.
Now, you decide you want more money - you terminate my licence (as the law you suggested would allow you to do) and then ask me for a lot more money in order to get a new licence.
It's far too expensive for me to competely redevelop my product to either rely on another library or to develop my own library to do a similar job (not to mention possible software patent problems if I produce my own library instead of using yours), so I am now forced to pay you the crazy amount of money you're asking for.
Similarly, if you wanted to put me out of business (maybe you want a slice of my market?) you could revoke my licence and I'd be truly buggered.
Your idea is great if you're assuming the distributor is evil and the original copyright holder is not - unfortunately it seems more and more as if we have to assume everyone is evil until they prove otherwise.
There have probably always been a lot of people abusing their power in an effort to make money, but increasingly it seems that those people have more and more power.
Blindly quoting from a legal blog and slam it here for being jargon makes as much sense as slamming a Slashdot article for being jargon-y on a political website.
I don't think the complaint was that Groklaw was using legal jargon, it was that the front page of Slashdot was using legal jargon...
Perhaps irony is when someone makes a post on Slashdot decrying the use of jargon. :-/
:)
But slashdot is (or at least pretends to be) a technical forum and so everyone here _should_ know technical jargon. As always, language used should be appropriate to the audiance - if you're talking to a bunch of techies then technical jargon is going to be ok but legal jargon probably isn't - similary if you're talking to a bunch of lawyers then they're not going to have a clue about technical jargon but will be fine with the legal talk.
It's kinda like trying to get gcc to compile COBOL
What Google has done is to take an ephemeral work and make it available:
1) permanently
I would say "indefinately". Which really isn't that different to an NNTP server, which will (under it's normal operation) keep an archive of the article for an indefinate length of time. The only difference here is that a normal NNTP server will _usually_ (but not always) only archive it for a few days whereas Google archives it for longer. Either way, the length of time it's archived for is arbitrary and up to the operator of the server holding the article.
2) in a different medium (the web, not Usenet)
Ok, fair enough, but this is a bit vague. If you email someone on Gmail then when they read it your copyrighted article (the email) is now presented in a web page - Gmail has changed your article from being an email to being a web page.
3) in a way that makes money.
Well if that was a crime you could sue all the ISPs who have NNTP servers too - they aren't doing that for fun, they make money out of providing people with Usenet access.
Let me give another example. Joe creates a web page with his opus.
I think the web is a bit different - the web is a technology that doesn't *require* the article to be copied to remote servers in order to work. (And the publisher can send headers telling remote caches how long they can hold a copy if they take one).
Usenet, on the other hand, *requires* that articles be archived on thousands of remote servers for an arbitrary length of time - it is simply the way the technology works. It would seem that publishing via that technology means you implicitly give a licence to do that.
Does someone who copies his work suddenly have the right to redistribute it forever, and in a different medium, in a way that makes them money?
Well like it or not, ISPs run web caches and they make money out of it (web caches save upstream bandwidth == increased profit). If you didn't want the ISP to cache your article then you should've made it uncachable with the correct HTTP headers.
it's about Joe retaining his rights to his works unless he explicitly signs those rights away
If you have to _explicitly_ sign away rights rather than being allowed to _implicitly_ sign them away then the Internet is screwed anyway - you'd have to sign a licence with every usenet posting allowing all NNTP servers to archive your article for an arbitrary length of time for usenet to even work. Similarly you'd have to sign a licence allowing people to quote parts of your emails when they reply.
Sorry but some stuff *is* implicit - if publish work via a medium that *requires* you to sign away a right in order to work then you have implicitly given up that right by choice. If you didn't want to give up that right you should've used a different medium that worked in a different way.
And I remain unconvinced that we should be treating the many different protocols which do similar jobs as separate media and disallowing conversion between them - usenet and http are both methods of transferring text electronically and I see no reason to prevent usenet being converted to http. Similarly, MP3 and OGG are both methods of digitally storing audio and there's no reason to prevent people from converting between them freely and treating them as the same medium (although the RIAA will dispute this).
there is no way I know of for an author to put something in the public domain just by their choice of the medium by which they spread their ideas.
:)
It's not in the public domain, but I think he's implicitly given a licence for anyone to distribute the posting in it's original form (and quote it in a reply) because that's the way the medium works. What _should_ constitute an infringement of his copyright is republishing it as your own work (which Google isn't doing - Google explicitly cites the original author of the posting, they don't claim it was written by Google).
UseNet postings always have been archived, it's just that Google archives them indefinately rather than for a few days or weeks as normal NNTP servers would. I would think that if you post a message to a medium that *requires* archiving for arbitrary lengths of time in order to work then you are implicitly giving permission for your message to be archived.
I don't really see this case as much different to publishing an article in a newspaper and then suing the library for archiving that newspaper. (I'll stop right here - don't want to give anyone ideas
the only way to protect your machine against attacks by someone with physical access to it is to raise a BIOS password or encrypt your files, not a bad idea in any case.
Encrypting the hard drive is an answer, but then you have the problem of where do you store the key to access it? If it's stored in the bootloader or the kernel then that can be extracted by the attacker if they have physical access to the system. This is basically the same as the DRM problem - you can encrypt the content but you always have to decrypt it to use it so you need the key stored somewhere and that is always a possible attack vector.
Also, you need to think very carefully about the ramifications of encrypting data - if you lose the key you're screwed.
Encrypting the hard drive using keys stored in Palladium is an option but it only protects you from someone removing the drive and installing it in another machine, and again - if you motherboard (with it's Palladium chip) blows up you're buggered.
in li.eu of this sunrise period you speak of, would sex.eu be spoken for already by some entity?
d _on_sex/
http://www.theregister.co.uk/2005/12/13/church_bi
And no, I have no idea how someone can apply for sex.eu in the sunrise period
It's *Linux* that is driving ther adoption !
For the record, Solaris 10 has a built in SCTP stack too...
SCTP sounds like a kitchen sink solution; it has some nice features and some useless features.
What's useless to one application is useful to another. Most of the features can be turned on and off, so the application developer can pick what's suitable for their use.
For example, manually opening multiple connections through different interfaces and then having the SCTP implementation figure out which one to send through is nonsense; if the system has multiple routes to the Internet, then that can be taken care of at the IP level.
This is one thing that I almost agree with you on - multihoming should probably be done at the IP level. But that requires that intermediate routers be modified to introduce the required functionality and we have already seen that many ISPs have no interest in adjusting their infrastructure to support new technologies (multicast, IPv6, etc). SCTP's multihoming support has the advantage that only the end points of the connection need to care, to the rest of the network it's just plain old IPv4.
Similarly, preservation of write boundaries is a useless gimmick that is rarely needed, and when it is needed, can be easily implemented in user code.
I'm not sure why you think this is a "useless gimmick". Very few applications want a byte stream - almost everything works on the datagram level. Think about HTTP - you send the server a bunch of headers (these are separate datagrams), the server returns a bunch of headers (again, separate datagrams) and the actual object data (one massive datagram). At the moment this is done over a byte stream and in order to maintain the boundaries between the datagrams you have to delimit them at the sending end and then parse them at the receiving end. With almost every application wanting to send multiple datagrams instead of a byte stream isn't it better to have this handled at the protocol level rather than reimplementing it for every application? Almost the only things which benefit from byte streams rather than datagram streams are interactive stuff like telnet and SSH (even SSH would benefit from SCTP when you're multiplexing multiple tunnels)
The four-way handshake during setup is possibly useful, but you can trivially get the same with TCP in a backwards compatible fashion if you configure your kernel to protect against SYN spoofing.
TCP SYN cookies are weak in comparison to the SCTP 4-way handshake.
Altogether, I'm not quite sure what problem SCTP is supposed to solve. SCTP has made its way into some other standards, so it will probably be unavoidable, but it's not a well-designed protocol in my opinion.
SCTP was originally designed for telephony applications (it is used to transport SIGTRAN traffic and can also be used to transport SIP). It is designed to combine the benefits of TCP (reliable ordered delivery with congestion control) with the benefits of UDP (preservation of message boundaries and unordered delivery). But while designing a new protocol it was worthwhile addressing other problems that have shown up with TCP and UDP. I would hazard a guess that the _only_ reason TCP is so widely used is because it's the only widely available transport that provides congestion control and reliable ordered delivery - most applications are _not_ suited to communicating through byte streams and many do not even require the data to arrive in order. If SCTP is widely available as an alternative protocol I can see it being used for new applications purely because the preservation of message boundaries removes the need for a chunk of parsing code.