Bill seem to miss one important problem: When writing general purpose software the developer, software company or distributer has no realistic chance of evaluating the risks involved in the vast number of posible uses.
Nor have they any realistic chance of evaluating how the software will work when other software is installed on the same system. There are simply too many combinations.
Clearly, the second problem can be mitigated by developing applications such that each can run in a separate sandbox, but this is not very efficient.
It is perfectly ok for free software to disclaim any liability - if you don't want to take upon you the responsibility and cost of malfunction, don't use the software.
Commercial products could take some responsibility, but this increases costs. Are customers at all willing to pay that extra cost? I think not, look at the amount of pirate software - people do not consider software of any value at all. It is likely that if vendors take upon them more responsibility for their products costs will go up, sales go down, more pirated and less secure software will appear and we're all worse off.
Just how many do you know who have a fully legal computer with no pirated software at all? (assuming they run windows).
Fact is that the less you are willing to pay the more responsibility you must take yourself. Just like an ordinary ensurance: If you don't have it and accident happens, there's only yourself to blame.
Ofcourse, the developer should not take the lack of legal responsibility as a pillow but always do his best, as should anyone else in whatever they do.
But also, the user must take the required time to learn how to use the product correctly and safely. For driving, people are required to take a drivers licence, learn the rules of the road, take courses to stay in control on slipery roads etc.
There is no such requirement for the use of computers, even when these are connected to the internet. People just connect to the internet and ofcourse they crash! And they are not held liable when they unknowingly host a zombie or distribute a virus becuase of malconfiguration.
As it shows, much problems can be avoided if people use their browser with reduced privileges. Ofcourse, they shouldn't be running as administrator in the first place, but most do of convenience and ignorance.
And what do people do when their computer starts to cause troubles? call a certisfied profesional? or call their neighbours 16 year old for help in exchange for a coke and a pizza? The last! Unlike cars, where people perfectly understand that the car must be repaired by profesionals and sent to a bianual check.
It's the consumers that define the market, and if consumers are not willing to pay for extra security, they won't get it, and they have to take the costs of any losses due to software malfunction.
You can't expect that kind of responsibility for general purpose software simply because the vendor have absolutely no way of knowing how you're going to use it. Hence, the vendor cannot estimate risks or posible losses.
In larger contracts it is common to include different means of compensations of the client in case of failure on behalf of the provider, but these are always special purpose contracts to solve a specific problem with a measurable level of succes. And the provider will almost always require a maximum compensation.
Secondly, there are options of getting coverage, insurance companies offers insuring against specific failures and attacks.
Thirdly, since failures are most often digital, it makes it extremely difficult to prove whether this is a fault of the installed software or incorrect use. And since many applications coexist on the same system, faults may not be caused by the individual application, but because of other software. So tracing out who is responsible can easily become practically imposible.
Somehow, I think that the Windows Vista Pirate edition is the only one that will be released on time...
Re:"Always trust code from Microsoft"
on
Do You Code Sign?
·
· Score: 1
This is not strictly correct. If you trust a specific user/code certificate to sign code or documents, you do not implicitly or explicitly trust any certificate authority up the chain.
The PKI trust model allows the users to determine if the certificate is trustable by assuming trust on some authorities. Hence, the trust only goes down. You can still disregard some or all CAs for trust and establish your own web of trust as in the PGP trust model by accepting individual certificates.
However, if the windows update really requests you to acknowledge the authority that assigns code signing certificates to Microsoft developers, then you are accepting far more than is indicated. I don't know if this is the case.
But there is another problem: Many CA certificates are preinstalled with software such as browsers (and I suppose for windows, the entire OS), without the user ever getting the challenge to individually accept these, view their CPS and other related information to determine if these CAs are in fact trustable.
Who decided which CAs should be trusted by my browser? AFAIK, in many cases, the CAs pays their way to the list, because it means business.
I think the PKI trust model only works if users are required to opt-in for each CA, and CAs are required to report any iregularities just as companies are required to inform of any identity theft.
If the patent only covers baseball, then let's patent the idea of patenting algorithms for determining when anything else than baseball is boring. Just so the world has some patent to counter MS with.
Now, I'm just waiting for the next generation device:
* The device you buy that hooks up - world wide - on which ever avialable network and determines where you are to give you the travel- or other relevant information.
* The device that reads ahead in time and knows where you're heading to give you the information before you get there
* The device that reads your mind and knows where you really want to be and gives you the information on how to get there, where to stay, and where to get a stiff drink when you arrive - not to mention, which excuse to use for your boss.
Then we're talking some intersting stuff.
Really, it shouldn't be that difficult to get the first part, hook up a laptop with a GPS and an internet connection and create a GPS based interface to wikitravel.org or some other travel guide, we have google maps and earth, this must be close coming up!
The world spendings on military was 1 trillion dollars last year, so if we could all just agree on not having any wars the next six years - it's just six years, then you can go kill again! - then we have funded this stuff.
Oh, and if we go for the cheap spaceship solution of 500 billion, then it's just 6 months without killing anyone.
The fine is 5% of their global sales, not EU sales. How much does their activities in EU account for?
I don't know, but it may make doing business in EU a cost, or a non/low-profit activity whose sole purpose is to maintain the world dominance.
Staying in EU may then only be motivated by the domino theory: If one country shifts to the "evil" side (that is whatever is oposed to Microsoft) then others will follow.
The alternative for Microsoft is to pass on the bill to the customers increasing the incensitive to using something more economically viable.
The discussion seems to be blurred by the fact that DRM is invented to prevent unfair use and not to impose unreasonable restrictions on the honest consumers.
I don't think that the content providers are happy with having to do this.
I would accept DRM if:
* I find price is reasonable
* Does not impose restrictions on my personal use
* DRM Expires after a reasonable time
70 years after the death of the artist does not seem reasonable to me - I happen to like stuff created by people who died 69 years ago:-)
There is no reason that music, text books etc. should be free, just as there is no reason that software should be free. The creator may choose either, and the consumer must then choose whether to support non-free content.
If I create something, then I can choose the conditions under which I will make it available, and you can choose whether you find it valuable enough to accept those conditions.
If ends don't meet then the product disappears - It's that simple.
Quit all that b*** about the companies charging unreasonable high fees - you are free not to use their product.
Did you write to your government? I did. I wrote to Prime minister Anders Fogh Rasmussen, Minister of economy and comerce Bendt Bendtsen, and that irish EU commisioner, Charlie McCreevy, explaining that a lot of voters were following this intensively and that their disgust with the lack of respect for democratic decisions may set EU to a complete halt as 9 more countries still have referendums regarding the European constitutions.
Offcourse it came in late, I wrote friday, because they (intentionally??) put it on the agenda with less than a weeks notice.
I was actually going to vote yes, EU has done much for the development of Europe, now taking a new huge leap accepting all the eastern European countries.
But the present treatment of the directive regarding software patents raises doubt: if the current EU shows such disrespect towards democracy, how can I send more power to Brussels and assume they will respect that?
Use your vote (if your government thinks you should have one), and use it wisely.
So, if software patents will finally make it into EU legislation, where do I get my freedom to innovate? Which government has not yet been bought by US corporations?
Considering that Peru has passed a law that obliges the use of OSS unless no OSS exist for the given task, that may be the place to go.
Can one get political asylum if I am being persecuted because of my ideas?
Electing the commision directly would in many eyes constitute the final move towards crating a united european nation in which countries are simply regions or states.
The commision is consituted by the governments, to ensure that all countries are represented, each country sends a candidate for the commision. The parlairment then has to vote to accept the commision.
In many areas, the European Union is still a colaboration between independent countries where the final decisions are taken not by the parlairment, nor by the commission but at meetings of the ministers of the member countries in which each country has veto.
When this is not the case, the commision has the power to put forward proposals, where the parlairment has only the power to vote in favour or against the proposal.
All these obstacles are done to counter critics that fear for the elimination of the national identities, and to ensure that all nations feel they have a say.
What is more complicated is the amount of members of parlairment for each country. In US it's nice and easy because you've divided it up in a congress where the states are represented according to population and a senate where each state has two senators.
In EU the same is intended, except in just one parlairment. The problem is that with a huge differnce in population among the states, to keep parlairment limited yet give all a vote, you can't have a US style congress.
The EU is a union of independent countries and for this reason has been carefully constructed to give the impression of a democratic political union while keeping as much power as posible in each country.
The parlament is democratic representive of the european citizens, whereas the commision on the other hand is the non-democratically elected government. The members of the commision are chosen by the primeministers of the member countries, so they are doubly indirectly elected.
The parlament has no power to propose new laws, they accept or decline. The commision has the power to propose a new law, but cannot force it through (allthough I think there are some exceptions).
So, the parlament can indicate that it would like the commision to take certain steps in a given direction, but they can't make it a law because that would require the commision to propose it. So the commision can ignore it.
However, the parlament can dismiss the entire commision. This causes a major political crisis and is avoided when posible. For example, there were a big fuz about an italian in the new commision that the parlament would not approve. But the parlament can only discard the entire commision, in the end Berlusconi found a replacement. So democracy sort of works sometimes.
Then everything becomes blurred when you include the council of ministers.
The idea of one-click-shopping is not protected in EU, but a particular implementation is protected by copyright.
Further, since you are not required to distributed code in source, it can be quite hard to copy your implementation.
Software is protected by copyright which expires 70 years after the death of the author - if copyright is owned by a company, then 70 years after publication (AFAIK).
Patents allow protection of ideas. These expires after 20 years from the patent being issued.
There is a clear requirement that the current patent laws in EU be cleared up! It is quite obscure and vague on some points and this has actually allowed for software patents to get through, just check the iiff.org website.
The discussion is not whether new and uniform patent legislation accross EU is needed. It is about the content.
The pros want EU to align with USA, in many other areas, aligning laws with important trade partners is beneficial for all parties. But with the development in USA in this case, the benefits of such alignment can be disputed.
Unfortunately the continual rejections and attempts to force through a particular piece of paper has now become a dispute about democracy and who has the power - attention seems to be shifted away from the original content.
I am looking forward for the process to restart so the discussion can get back on track.
Hvis jeg skal beholde mit udviklingscenter i Danmark, kræver det, at der kommer en afklaring på rettighedsspørgsmålet. Ellers flytter jeg det til USA, hvor jeg kan beskytte mine rettigheder, sagde Bill Gates ifølge Microsofts chefjurist Marianne Wier.
Translation by native:
"If I must keep my development center in Denmark it requires that the question of intelectual property is clearified. Otherwise I will move it to USA, where I can protect my rights" Said Bill Gates according to Microsofts chief layer Marianne Wier."
NOTE: Bill Gates does not explicitly say that software patents must be permitted (although he probably means it) but that the situation must be clarified.
OT: Everyone - pro and con - aggrees that the current situation is unclear, the disagreeing is about how to clear up things. The current proposal pretty much alignes legislation with US.
And an extra quote by the minister of science which is just as scary:
Original in danish from http://www.berlingske.dk/business/artikel:aid=5407 74
Vi oplever gang på gang, at viden er meget let at flytte med, og derfor skal man hele tiden være opmærksom på, at et selskab som Microsoft også kan flytte viden fra Danmark rundt i verden. Når en så stor virksomhed placerer sin største udviklingsafdeling uden for USA i Danmark, og så følger op med endnu flere investeringer, er det noget, vi fra det offentlige skal honorere.
Translation by native:
"We continuoulsy experience that knowledge is easy to move and therefore one must continuously be alert that a big company like Microsoft can also move knowledge from Denmark to the rest of the world. When such a large company choosed to place it's largest development center outside USA in Denmark, and follows up by further insvestments, then this is something, we from the public sector must hoerate"
Or, "of course we'll do whatever mr. Gates think is right."
No, there is a law forbidding foreigners to buy summer residence in Denmark. You will have to become danish citizen - and there you go: 67% of your income right into taxes. Oh, and add the 25% VAT on anything you buy and an extra 180% on your car.
What, did Microsoft's fortune disappear right there?
I don't know about windows, but on *nix systems you have programs to run crack attacks, dictionary based and using other parameters.
Set up a cron job to check if any users have updated their password within the last say 24 hours, start the process on those passwords. If crack succeeds, expire the password so change is forced on next login. Log the event, and create a monthly report.
This can all be done automatically. Obviously having an employee try guessing user passwords is not the inteligent solution.
Also, one must kill login sessions that has been idle too long. Users should logout, not just lock the screen, when they go home.
If you're stuck on M$, I'm sure automated attacks can be run, but I don't know if the subsequent action can be automized (code once).
You're right, it would be better to force users to choose strong passwords in the first place - but I haven't seen an OS solution that supports it. The two should be combined, and dictionaries updated regularly for optimal security.
But really, my point is, which ever protection methods you employ, you have a head start in front of the black hats. By continuously attacking your own systems, you will likely discover weaknesses before them. This should be particularly targeted against careless users since you can only check up on them not control them.
Using passphrases does not add much more entropy, although they may be easier to remember. They are still prone to sniffing, 40chars can easily be packed in a single ethernet frame. Could some one tell Microsoft to use encrypted connections?
Users hate passwords, they hate typing them, and they hate having to remember things. They will always opt for whatever is easy. They will hate you if you set a lower limit of 30 characters, and their passphrase was 28.
Passwords or passphrases - same thing - will be chosen easy the more obstacles you place on the users: Requiring users to change password every three months will leave your systems less secure:
Users will choose easier passwords, and/or they will rotate just two different passwords. No security gained.
Further, in the race with a bruteforce attack, nothing is gained unless you change your password to one that has been tried.
In stead, as the administrator you have a head start in the race with the crackers. Go password cracking and require users to change their password when it has been cracked.
If password is cracked too quickly it should be followed by disiplinary actions as a compromise of security. Ofcourse the users must be informed beforehand of such proceedures.
Due to the general election in Denmark the socialist party has withdrawn it's support for the software patent directive and demanded that the current government blocks the decision at least untill after the election on february 8.
Effectively, this means that if the minister of economy votes in favor of the directive on january 31, he will be forced to withdraw his vote when he returns.
For all the/.'ers who have done their part searching for extraterrestial life with SETI@HOME, and can't be on the windows communitygrid, there's a new project coming up:
Einstein@HOME. The project aims at searching for gravitational waves and needs your computer - checkout:
http://www.physics2005.org/events/einsteinathome/
The program will be available for Linux and windows.
They claim that this is a community project and results will be available to the public - yet, the first result, the software, is closed source.
They develop a client for Windows - the least community aware users (sorry). I'm sure that if they had developed the client OpenSource the community would by now be tenfold larger - if not for the interest in the particular project, then for the extra geek-points.
From a security point of view, the client run with the privileges of the user, with access to all your files - there is no mention of the risk that a maliciuos project can use the grid to acquire personal information from you, maybe install software or introduce backdoors. I run seti - but as a separate non-privileged user.
I block mail from most of China and South Korea, the mail blocked by these rules accounts for about 80-90% of all spam blocked by the server.
Before I started blocking I saved all spam, and looking into the headers I have found that while the mail was received from a host in China or South Korea, the true origin was a host in US, typically an IP in the range 24.0.0.0/8 which is reserved for cable users.
Slashdot Mirror
Bill seem to miss one important problem: When writing general purpose software the developer, software company or distributer has no realistic chance of evaluating the risks involved in the vast number of posible uses.
Nor have they any realistic chance of evaluating how the software will work when other software is installed on the same system. There are simply too many combinations.
Clearly, the second problem can be mitigated by developing applications such that each can run in a separate sandbox, but this is not very efficient.
It is perfectly ok for free software to disclaim any liability - if you don't want to take upon you the responsibility and cost of malfunction, don't use the software.
Commercial products could take some responsibility, but this increases costs. Are customers at all willing to pay that extra cost? I think not, look at the amount of pirate software - people do not consider software of any value at all. It is likely that if vendors take upon them more responsibility for their products costs will go up, sales go down, more pirated and less secure software will appear and we're all worse off.
Just how many do you know who have a fully legal computer with no pirated software at all? (assuming they run windows).
Fact is that the less you are willing to pay the more responsibility you must take yourself. Just like an ordinary ensurance: If you don't have it and accident happens, there's only yourself to blame.
Ofcourse, the developer should not take the lack of legal responsibility as a pillow but always do his best, as should anyone else in whatever they do.
But also, the user must take the required time to learn how to use the product correctly and safely. For driving, people are required to take a drivers licence, learn the rules of the road, take courses to stay in control on slipery roads etc.
There is no such requirement for the use of computers, even when these are connected to the internet. People just connect to the internet and ofcourse they crash! And they are not held liable when they unknowingly host a zombie or distribute a virus becuase of malconfiguration.
Take this story on securityfocus:
http://www.securityfocus.com/infocus/1848 on reducing browser privileges.
As it shows, much problems can be avoided if people use their browser with reduced privileges. Ofcourse, they shouldn't be running as administrator in the first place, but most do
of convenience and ignorance.
And what do people do when their computer starts to cause troubles? call a certisfied profesional? or call their neighbours 16 year old for help in exchange for a coke and a pizza? The last! Unlike cars, where people perfectly understand that the car must be repaired by profesionals and sent to a bianual check.
It's the consumers that define the market, and if consumers are not willing to pay for extra security, they won't get it, and they have to take the costs of any losses due to software malfunction.
You can't expect that kind of responsibility for general purpose software simply because the vendor have absolutely no way of knowing how you're going to use it. Hence, the vendor cannot estimate risks or posible losses.
In larger contracts it is common to include different means of compensations of the client in case of failure on behalf of the provider, but these are always special purpose contracts to solve a specific problem with a measurable level of succes. And the provider will almost always require a maximum compensation.
Secondly, there are options of getting coverage, insurance companies offers insuring against specific failures and attacks.
Thirdly, since failures are most often digital, it makes it extremely difficult to prove whether this is a fault of the installed software or incorrect use. And since many applications coexist on the same system, faults may not be caused by the individual application, but because of other software. So tracing out who is responsible can easily become practically imposible.
Somehow, I think that the Windows Vista Pirate edition is the only one that will be released on time...
This is not strictly correct. If you trust a specific user/code certificate to sign code or documents, you do not implicitly or explicitly trust any certificate authority up the chain.
The PKI trust model allows the users to determine if the certificate is trustable by assuming trust on some authorities. Hence, the trust only goes down. You can still disregard some or all CAs for trust and establish your own web of trust as in the PGP trust model by accepting individual certificates.
However, if the windows update really requests you to acknowledge the authority that assigns code signing certificates to Microsoft developers, then you are accepting far more than is indicated. I don't know if this is the case.
But there is another problem: Many CA certificates are preinstalled with software such as browsers (and I suppose for windows, the entire OS), without the user ever getting the challenge to individually accept these, view their CPS and other related information to determine if these CAs are in fact trustable.
Who decided which CAs should be trusted by my browser? AFAIK, in many cases, the CAs pays their way to the list, because it means business.
I think the PKI trust model only works if users are required to opt-in for each CA, and CAs are required to report any iregularities just as companies are required to inform of any identity theft.
If the patent only covers baseball, then let's patent the idea of patenting algorithms for determining when anything else than baseball is boring. Just so the world has some patent to counter MS with.
Sorry, but with a bit of engineering I guess you could build that reflecting parabola that would reflect and focus the beam on the shooter?
:-)
Determine how far away you are from the shooting target and ajust the parabola to have this as focal point.
Ofcourse, the shooters determine how long they want to be fried
Now, I'm just waiting for the next generation device:
* The device you buy that hooks up - world wide - on which ever avialable network and determines where you are to give you the travel- or other relevant information.
* The device that reads ahead in time and knows where you're heading to give you the information before you get there
* The device that reads your mind and knows where you really want to be and gives you the information on how to get there, where to stay, and where to get a stiff drink when you arrive - not to mention, which excuse to use for your boss.
Then we're talking some intersting stuff.
Really, it shouldn't be that difficult to get the first part, hook up a laptop with a GPS and an internet connection and create a GPS based interface to wikitravel.org or some other travel guide, we have google maps and earth, this must be close coming up!
Erik
The world spendings on military was 1 trillion dollars last year, so if we could all just agree on not having any wars the next six years - it's just six years, then you can go kill again! - then we have funded this stuff.
Oh, and if we go for the cheap spaceship solution of 500 billion, then it's just 6 months without killing anyone.
The fine is 5% of their global sales, not EU sales. How much does their activities in EU account for?
I don't know, but it may make doing business in EU a cost, or a non/low-profit activity whose sole purpose is to maintain the world dominance.
Staying in EU may then only be motivated by the domino theory: If one country shifts to the "evil" side (that is whatever is oposed to Microsoft) then others will follow.
The alternative for Microsoft is to pass on the bill to the customers increasing the incensitive to using something more economically viable.
The discussion seems to be blurred by the fact that DRM is invented to prevent unfair use and not to impose unreasonable restrictions on the honest consumers.
:-)
I don't think that the content providers are happy with having to do this.
I would accept DRM if:
* I find price is reasonable
* Does not impose restrictions on my personal use
* DRM Expires after a reasonable time
70 years after the death of the artist does not seem reasonable to me - I happen to like stuff created by people who died 69 years ago
There is no reason that music, text books etc. should be free, just as there is no reason that software should be free. The creator may choose either, and the consumer must then choose whether to support non-free content.
If I create something, then I can choose the conditions under which I will make it available, and you can choose whether you find it valuable enough to accept those conditions.
If ends don't meet then the product disappears - It's that simple.
Quit all that b*** about the companies charging unreasonable high fees - you are free not to use their product.
Just my 5 euro-cents
Erik
Did you write to your government? I did. I wrote to Prime minister Anders Fogh Rasmussen, Minister of economy and comerce Bendt Bendtsen, and that irish EU commisioner, Charlie McCreevy, explaining that a lot of voters were following this intensively and that their disgust with the lack of respect for democratic decisions may set EU to a complete halt as 9 more countries still have referendums regarding the European constitutions.
Offcourse it came in late, I wrote friday, because they (intentionally??) put it on the agenda with less than a weeks notice.
I was actually going to vote yes, EU has done much for the development of Europe, now taking a new huge leap accepting all the eastern European countries.
But the present treatment of the directive regarding software patents raises doubt: if the current EU shows such disrespect towards democracy, how can I send more power to Brussels and assume they will respect that?
Use your vote (if your government thinks you should have one), and use it wisely.
So, if software patents will finally make it into EU legislation, where do I get my freedom to innovate? Which government has not yet been bought by US corporations?
Considering that Peru has passed a law that obliges the use of OSS unless no OSS exist for the given task, that may be the place to go.
Can one get political asylum if I am being persecuted because of my ideas?
Electing the commision directly would in many eyes constitute the final move towards crating a united european nation in which countries are simply regions or states.
The commision is consituted by the governments, to ensure that all countries are represented, each country sends a candidate for the commision. The parlairment then has to vote to accept the commision.
In many areas, the European Union is still a colaboration between independent countries where
the final decisions are taken not by the parlairment, nor by the commission but at meetings of the ministers of the member countries in which each country has veto.
When this is not the case, the commision has the power to put forward proposals, where the parlairment has only the power to vote in favour or against the proposal.
All these obstacles are done to counter critics that fear for the elimination of the national identities, and to ensure that all nations feel they have a say.
What is more complicated is the amount of members of parlairment for each country. In US it's nice and easy because you've divided it up in a congress where the states are represented according to population and a senate where each state has two senators.
In EU the same is intended, except in just one parlairment. The problem is that with a huge differnce in population among the states, to keep parlairment limited yet give all a vote, you can't have a US style congress.
The socialist party withdrew definitively their support for the current directive last week.
. asp?Mode=2&Art icleID=27184
The directive no longer have a majority support in the parliarment, and so the government has no mandate to vote in favour of the directive.
This means that even if the directive appears as an A-item, it must be blocked.
In danish (sorry - I have no english equivalent):
http://www.computerworld.dk/default
The EU is a union of independent countries and for this reason has been carefully constructed to give the impression of a democratic political union while keeping as much power as posible in each country.
The parlament is democratic representive of the european citizens, whereas the commision on the other hand is the non-democratically elected government. The members of the commision are chosen by the primeministers of the member countries, so they are doubly indirectly elected.
The parlament has no power to propose new laws, they accept or decline. The commision has the power to propose a new law, but cannot force it through (allthough I think there are some exceptions).
So, the parlament can indicate that it would like the commision to take certain steps in a given direction, but they can't make it a law because that would require the commision to propose it. So the commision can ignore it.
However, the parlament can dismiss the entire commision. This causes a major political crisis and is avoided when posible. For example, there were a big fuz about an italian in the new commision that the parlament would not approve. But the parlament can only discard the entire commision, in the end Berlusconi found a replacement. So democracy sort of works sometimes.
Then everything becomes blurred when you include the council of ministers.
The idea of one-click-shopping is not protected in EU, but a particular implementation is protected by copyright.
Further, since you are not required to distributed code in source, it can be quite hard to copy your implementation.
Software is protected by copyright which expires 70 years after the death of the author - if copyright is owned by a company, then 70 years after publication (AFAIK).
Patents allow protection of ideas. These expires after 20 years from the patent being issued.
There is a clear requirement that the current patent laws in EU be cleared up! It is quite obscure and vague on some points and this has actually allowed for software patents to get through, just check the iiff.org website.
The discussion is not whether new and uniform patent legislation accross EU is needed. It is about the content.
The pros want EU to align with USA, in many other areas, aligning laws with important trade partners is beneficial for all parties. But with the development in USA in this case, the benefits of such alignment can be disputed.
Unfortunately the continual rejections and attempts to force through a particular piece of paper has now become a dispute about democracy and who has the power - attention seems to be shifted away from the original content.
I am looking forward for the process to restart so the discussion can get back on track.
Danish quote from http://www.borsen.dk/dn/70135:
7 74
Hvis jeg skal beholde mit udviklingscenter i Danmark, kræver det, at der kommer en afklaring på rettighedsspørgsmålet. Ellers flytter jeg det til USA, hvor jeg kan beskytte mine rettigheder, sagde Bill Gates ifølge Microsofts chefjurist Marianne Wier.
Translation by native:
"If I must keep my development center in Denmark it requires that the question of intelectual property is clearified. Otherwise I will move it to USA, where I can protect my rights" Said Bill Gates according to Microsofts chief layer Marianne Wier."
NOTE: Bill Gates does not explicitly say that software patents must be permitted (although he probably means it) but that the situation must be clarified.
OT: Everyone - pro and con - aggrees that the current situation is unclear, the disagreeing is about how to clear up things. The current proposal pretty much alignes legislation with US.
And an extra quote by the minister of science which is just as scary:
Original in danish from http://www.berlingske.dk/business/artikel:aid=540
Vi oplever gang på gang, at viden er meget let at flytte med, og derfor skal man hele tiden være opmærksom på, at et selskab som Microsoft også kan flytte viden fra Danmark rundt i verden. Når en så stor virksomhed placerer sin største udviklingsafdeling uden for USA i Danmark, og så følger op med endnu flere investeringer, er det noget, vi fra det offentlige skal honorere.
Translation by native:
"We continuoulsy experience that knowledge is easy to move and therefore one must continuously be alert that a big company like Microsoft can also move knowledge from Denmark to the rest of the world. When such a large company choosed to place it's largest development center outside USA in Denmark, and follows up by further insvestments, then this is something, we from the public sector must hoerate"
Or, "of course we'll do whatever mr. Gates think is right."
Cheers, Erik
No, there is a law forbidding foreigners to buy summer residence in Denmark. You will have to become danish citizen - and there you go: 67% of your income right into taxes. Oh, and add the 25% VAT on anything you buy and an extra 180% on your car.
What, did Microsoft's fortune disappear right there?
I don't know about windows, but on *nix systems you have programs to run crack attacks, dictionary based and using other parameters.
Set up a cron job to check if any users have updated their password within the last say 24 hours, start the process on those passwords. If crack succeeds, expire the password so change is forced on next login. Log the event, and create a monthly report.
This can all be done automatically. Obviously having an employee try guessing user passwords is not the inteligent solution.
Also, one must kill login sessions that has been idle too long. Users should logout, not just lock the screen, when they go home.
If you're stuck on M$, I'm sure automated attacks can be run, but I don't know if the subsequent action can be automized (code once).
You're right, it would be better to force users to choose strong passwords in the first place - but I haven't seen an OS solution that supports it. The two should be combined, and dictionaries updated regularly for optimal security.
But really, my point is, which ever protection methods you employ, you have a head start in front of the black hats. By continuously attacking your own systems, you will likely discover weaknesses before them. This should be particularly targeted against careless users since you can only check up on them not control them.
Cheers, Erik
Using passphrases does not add much more entropy, although they may be easier to remember. They are still prone to sniffing, 40chars can easily be packed in a single ethernet frame. Could some one tell Microsoft to use encrypted connections?
Users hate passwords, they hate typing them, and they hate having to remember things. They will always opt for whatever is easy. They will hate you if you set a lower limit of 30 characters, and their passphrase was 28.
Passwords or passphrases - same thing - will be chosen easy the more obstacles you place on the users: Requiring users to change password every three months will leave your systems less secure:
Users will choose easier passwords, and/or they will rotate just two different passwords. No security gained.
Further, in the race with a bruteforce attack, nothing is gained unless you change your password to one that has been tried.
In stead, as the administrator you have a head start in the race with the crackers. Go password cracking and require users to change their password when it has been cracked.
If password is cracked too quickly it should be followed by disiplinary actions as a compromise of security. Ofcourse the users must be informed beforehand of such proceedures.
Just my 5euro-cent contribution...
Due to the general election in Denmark the socialist party has withdrawn it's support for the software patent directive and demanded that the current government blocks the decision at least untill after the election on february 8.
A rt icleID=26766
Effectively, this means that if the minister of economy votes in favor of the directive on january 31, he will be forced to withdraw his vote when he returns.
Article (in danish):
http://www.computerworld.dk/default.asp?Mode=2&
For all the /.'ers who have done their part searching for extraterrestial life with SETI@HOME, and can't be on the windows communitygrid, there's a new project coming up:
Einstein@HOME. The project aims at searching for gravitational waves and needs your computer - checkout:
http://www.physics2005.org/events/einsteinathome/
The program will be available for Linux and windows.
They claim that this is a community project and results will be available to the public - yet, the first result, the software, is closed source.
They develop a client for Windows - the least community aware users (sorry). I'm sure that if they had developed the client OpenSource the community would by now be tenfold larger - if not for the interest in the particular project, then for the extra geek-points.
From a security point of view, the client run with the privileges of the user, with access to all your files - there is no mention of the risk that a maliciuos project can use the grid to acquire personal information from you, maybe install software or introduce backdoors. I run seti - but as a separate non-privileged user.
I block mail from most of China and South Korea, the mail blocked by these rules accounts for about 80-90% of all spam blocked by the server.
Before I started blocking I saved all spam, and looking into the headers I have found that while the mail was received from a host in China or South Korea, the true origin was a host in US, typically an IP in the range 24.0.0.0/8 which is reserved for cable users.