If I remember well, it was Umberto Eco who said that the equivalent of the burning of the Alexandria Library, in our modern age, would be massive implosion of the digital devices we use so much.
Wait... that sounds like a massive DDoS attack on the Internet. Reality is definitely getting ahead of fiction here...
Some EU institutions may not appreciate Palladium. For instance: would you trust Microsoft with the security of your armed forces if you were, say, the Swedish (neutral country) governement?
You have to remember that this is the same company that used the ominous variable "NSA_KEY" in some of its security software...;)
Not that I believe the NSA was responsible of this particular blunder... =)
That's not really surprising: 90% of the population of the world has never seen a PC.
The only problem is that most of these new machines contain a copy of M$ Wincrap instead of a copy of free (as in speech) software.
But, yes, there is still hope, and room for expansion...
Re:No, it still won't work.
on
Analyzing Palladium
·
· Score: 4, Interesting
Sorry, I have to disagree here: RISC chips could be the perfect answer to that problem.
One of the most successful chipmaker of all time is ARM. The first version of the ARM chip (a 16-bit RISC chip) was created by just two people, with no money, no help and no support from the main company (Acorn, at the time). If I remember well, these two people did not even have a lot of experience in chip design.
The great-grandchildren of this chip can now be found in millions of devices all over the world. iPaq, Nokia, HP, you name it: they all use it (even Palm, in its latest models).
Even when ARM1 came out, it was touted as more powerful than anything Intel had to offer at the time. It was also easier and cheaper to produce and consumed less power than all other CPU models.
And there are ARM clones out there, including one on Open Cores.org. Not that I think that desiging an ARM clone is necessarily good, just that that designing a cheap RISC CPU can be done.
So, designing a complete "GNU Hardware" system is possible, and it could even be a way of ditching the mess which is the PC architecture.
Think about it:
No Palladium, no DRM, no Micro$oft. Ever.
A new, open architecture, open CPU core, based on open standards and free for everyone to take, copy and reproduce.
Your choice of operating system: Linux, NetBSD, OpenBSD, you name it. Plus, a huge amount of quality software that will stay free for ever, thanks to the GPL.
Can't produce it in the US? Ask European firms! No luck? Try Taiwan, or China, or Korea or whatever.
Let's face it: some people (including me) would pay good money for a "no-Palladium" system. Especialy if I have no choice!
Operating Systems such as Linux are a commodity -- but a commodity that break M$ monopoly. I think it's time for the hardware itself to become a "free speech" comodity as well. And Palladium could push the Open Source community to do just that...
I can add at least one more reason this darn Palladium thingie won't work (for the previous reasons I mentioned, see the previous discussion on Palladium):
Economics & the rule of profit.
Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.
Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:
Clever hacks, designed to completely fool the Palladium/DRM solution into thinking some software/hardware combination is legit and acceptable. This is highly possible, given the fact that no secuity is foolproof, and the abysmal track record of Microsoftin security and stability.
The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs. For instance: small computers, based on accepted -- and fairly open -- industry standards such as IDE, PCI, USB and ARM processors.
The fact that somebody, somewhere is bound to remark that this whole Palladium thingie hurt sales, profits and image. When enough PC builders realize their mistakes, they'll backtrack faster than you can say "GNU/Linux kernel" back to non-DRM, non-Palladium (non-MS?) machines.
All of the above!!
Finally, I think the US.gov could go along with this hare-brained scheme, but do you think the EU will? And what about most third-world countries who, even as we speak, are flocking to open-source solutions in droves?
Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.
Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.
YMMV, IANAL, Standard::Disclaimer and so on and so forth.
Quickly collect as much sperm and eggs from endangered species as you can. If needed, try to collect these from live animals.
If this is not possible, use cloning techniques... and try to work out the bugs of the cloning process (rapid aging, damaged genes, etc...).
Wait until the ecological situation in the region of the endangered animal is back to normal (or as near normal as possible), "reproduce" the animal in a compatible donor, or a genetically-engineered one if no compatible donors are available. Re-introduce several cloned members of the specie. After a while, you should have restored "lost" species and ecological diversity.
And the best thing is, you can do this even more easily with plants.
I think this is much more interesting than freezing your own brain for posterity. Probably a much better use of genetics than GMOs...
As governmental databases will reach critical mass, especially with cross-indexing and cross-searches are made more and more common (Oracle database proposals anyone?), I can safely predict that this kind of abuse will only become more and more common.
Do you still think your government does not spy on you? Think again...
The Davis campaign committee reported receiving the Oracle check in June, two weeks after Oracle won the lucrative state software contract, which was awarded without competitive bidding.
Without competitive bidding... And a check received from a company boasting its software is unbreakable.
No, this is not quite on a par with the W. Bush dealings with Enron. But it's getting close.
Canal+ has a very long history of crackers kicking the living daylights out of their encryption/scrambling schemes.
When the channel was launched in the early '80s, it took less than two months for the electronic schematics of a "pirate" descrambler to be posted in a popular electronics magazine... who quickly pulled the issue from the shelves when sued by Canal+. It's been downhill ever since.
A lot of web sites in Belgium, Switzerland and the UK (hint: border countries) actually advertise pirate descramblers or electronics schematics.
I seriously doubt the company attacked by Canal+ had to spend millions and millions of $$$ to crack the scrambling -- the figure (as well as Canal+ losses) were probably grossly over-inflated by greedy lawyers and C+ legal department.
One final note: Canal+ has a nasty reputation in France and in the rest of Europe for cracking down hard on pirates & crackers. Jean-Marie Messier (CEO of Vivendi/Universal/Canal +), who is a complete megalomaniac, is probably to prove he has got a bigger... Uh... large... Ahem... hairy cojones than News Corps's CEO.
From what I can see on the picture (not clear), the cards are standardized "smart"-chip cards.
These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.
All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?
If such a card was introduced in, say, the European Union, citizens would probably have the right to:
A. Refuse to show your card or swipe it in a card reader unless the person in front of you could produce reasonable evidence he/she is works for a law enforcement agency. That excludes giving your card to a merchant in order to buy something, for instance.
B. Access all data which is contained on the card, and requests modifications and/or removal of sensitive information.
I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.
Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...
So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.
Hmmm... That was quick! Especially since the advisory reads:
Pine Internet Security Advisory
Advisory ID : PINE-CERT-20020301
Authors : Joost Pol
Issue date : 2002-03-07
Application : OpenSSH
Version(s) : All versions between 2.0 and 3.0.2
Pretty good job.
Couple of points...
on
Abusing the GPL?
·
· Score: 4, Insightful
IANAL, etc... etc... yadda, yadda, yadda.
The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Here is my take:
Doing this would be a sure-fire way to royally anger every sane-minded person out there. No legal action possible, of course, but a lot of ill-will, screams, flames and gnashing of teeth, especially if said GPL'd code includes volunteer work (which you seem to imply). Boycott of the company's product seems a logical conclusion.
What can be done in one way, can be done in the other way. If the project is interesting, and if volunteers are angry enough, they may well go through the code with a fine comb, clean it, insert understandable variable names, comment and generally un-obfuscate. Not an easy task, but one which is possible if motivation is high. See previous comment.
Other things to take into account:
Never understimate the power of UNIX text-processing tools. Perl, awk, Python and sed are your friends in this kind of GPL obfuscation. Again: if the motivation is here, and the project justifies it, the code will get cleaned-up. Even if the obfuscation reaches magnificent levels of deviousness and evil, the "Open Source" community will provide an alternative.
If the code is un-obfuscated (or an alternative is provided), I am sure a lot of companies and institutions who care about GPL would gladly host the project. Add a storm of negative comments and, bingo! code fork and instant (open/GPLed) competition... Your business is cooked and your revenue stream is dead,a nd I mean dead, since people will make a point of boycotting your products. Think SSH/OpenSSH. And (here is the nice part) there is nothing your company can do about it anyway... It's GPL code, remember?
Conclusion? Bad idea. VERY bad idea. Release code under GPL, play nice, and nobody gets hurt... (wink! wink!);)
IMHO, any company who tries that kind of stunt is going to end up on the trash-pit of dot-coms faster than you can say "GNU General Public License".
In the only interview with the al-Qaeda leader since the 11 September attacks, Bin Laden declares that "the battle has moved to inside America".
"I tell you, freedom and human rights in America are doomed. The US Government will lead the American people - and the West in general - into an unbearable hell and a choking life," he says.
"Export-grade" US crypto is ridiculously vulnerable, and this has been known for years. People who take crypto seriously outside of the US have other sourcesof crypto.
Despite this public knowledge, Al Quaeda has been using weak (MS-supplied) crypto to protect sensitive information... that could be discovered within days. Therefore:
Al-Quaeda/Bin Laden operatives are not the crime geniuses the US government say they are. As a matter of fact, they appear as pretty incompetent to me.
The [CIA | NSA] should have intercepted that data before 9/11 -- or, at the very least, got those machines before the reporters did. They also appear as pretty incompetent to me, and I don't know if that's good news or not...
Scott Mc Nealy (your esteemed *cough*cough* CEO) once said : "You have no privacy. Get over it". I may have a couple of words wrong, but you get the drift.
Considering Sept. 11th aftermath, the new rules being put into place in the USA (some say they are privacy-invading) and the fact that a lot of Open Source software reject the position of Mr McNealy, what do you think will happen?
Will we see a more privacy-oriented Sun as it embraces Open Source?
Or is it going to be business as usual? (Meaning: "You have no privacy. Get over it").
I think this question is especially relevant, since a lot of users are getting very wary of large companies (Redmondia comes to mind) tracking each and every gesture through the latest version of their software.
Since I am (slowly) moving all my machines to either Free/Net/OpenBSD or Linux, I won't need MiKro$0ft (tm) products anymore.
I won't need to upgrade yet again to another buggy, slow, unstable and bug-ridden products from Redmond.
I won't have to pay to fear the latest virus-worm-security-hole-of-the-day. I won't have to agree to stupid licenses that take away my rights to poke and prode and just learn from code source.
I won't have to store all my private information in an insecure, privacy-threatening "service". I won't have to upgrade my software every time a huge, greedy company decides that I have to.
I won't even have to upgrade my (second-hand) hardware, since the (windows) underpowered PCs I have right now can run all the applications I really need.
I will not have to wait for 10 full minutes for my machines to boot, and I will not have to reboot them several times per day.
Thank you, Mr Gates. By announcing Windows 9x (tm) won't be supported by your company anymore, you gave me the final incentive I needed to ditch your products once and for all.
And I am sure I won't be the only one. Have a nice day.
I have had some experience working with and helping blind users and, in my opinion, Linux use would greatly help them for one reason (and one reason only): character/terminal-based applications.
While the focus of most developers today is the pretty GUI/multimedia/gizmo-of-the-day, there are literally tons of useful applications that work perfectly well in text mode -- and that can be used with a Braille output and keyboard configured as a serial terminal.
Applications such as Lynx, links, mutt, vi, Emacs, nano, TeX, ispell, ps2ascii, etc... provide blind users with a level of service and capabilities they would hard-pressed to find under Windows. As a matter of fact, Linux and *BSDs are the only operating systems I know to maintain such a huge number of terminal-based applications.
Whenever you are tempted to program something only for a GUI, remember the UNIX philosophy and program a command-line utility, as well as graphical (X) shell -- you'll probably help a blind user somewhere!
Another alternative: just crack the fscking file format and keep the files forever.
It's been done before. It'll be done again. When will these clueless marketdroids and PHBs will understand that it is basically impossible to protect a file that you can download to an independent machine?
Example: DeCSS is legal in France. If I post DeCSS on a US server and this server is a mirror of a French server, does French law and "backup copy" laws apply to the US site as well?
No? Then this decision is nothing more than US protecting its huge mega-corporation. Yes? Then free speech is really better protected.
Slashdot Mirror
If I remember well, it was Umberto Eco who said that the equivalent of the burning of the Alexandria Library, in our modern age, would be massive implosion of the digital devices we use so much.
Wait... that sounds like a massive DDoS attack on the Internet. Reality is definitely getting ahead of fiction here...
To the Slashdot discussion that appeared on how webmasters were coding mostly for Microsoft Internet Explorer.
I mean, IE already does not respect the W3C standards as well as it should. And it is the dominant force on the net today.
If W3C was to charge money for some IP, what can prevent MS from saying: "Fsck off, we will set the standards, because we are the standard"?
Think about it. And be afraid. Be very afraid.
Two more reasons:
You have to remember that this is the same company that used the ominous variable "NSA_KEY" in some of its security software...
Not that I believe the NSA was responsible of this particular blunder... =)
That's not really surprising: 90% of the population of the world has never seen a PC.
The only problem is that most of these new machines contain a copy of M$ Wincrap instead of a copy of free (as in speech) software.
But, yes, there is still hope, and room for expansion...
One of the most successful chipmaker of all time is ARM. The first version of the ARM chip (a 16-bit RISC chip) was created by just two people, with no money, no help and no support from the main company (Acorn, at the time). If I remember well, these two people did not even have a lot of experience in chip design.
The great-grandchildren of this chip can now be found in millions of devices all over the world. iPaq, Nokia, HP, you name it: they all use it (even Palm, in its latest models).
Even when ARM1 came out, it was touted as more powerful than anything Intel had to offer at the time. It was also easier and cheaper to produce and consumed less power than all other CPU models.
And there are ARM clones out there, including one on Open Cores.org. Not that I think that desiging an ARM clone is necessarily good, just that that designing a cheap RISC CPU can be done.
So, designing a complete "GNU Hardware" system is possible, and it could even be a way of ditching the mess which is the PC architecture.
Think about it:
Let's face it: some people (including me) would pay good money for a "no-Palladium" system. Especialy if I have no choice!
Operating Systems such as Linux are a commodity -- but a commodity that break M$ monopoly. I think it's time for the hardware itself to become a "free speech" comodity as well. And Palladium could push the Open Source community to do just that...
Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.
Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:
Finally, I think the US
Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.
Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.
YMMV, IANAL, Standard::Disclaimer and so on and so forth.
... or stay, depending on your inclination. =)
Seriously, though, if the job is nice and the people there finally realize your worth and give you a nicer salary, why leave?
Better the devil you know than the four devils you don't know, as someone said...
OpenBSD 3.1!!! =))
Sorry, could not resist...
Okay, first stop misusing the word "momopoly"
"momopoly"? Is that a monopoly on momo or a monopoly controlled by momo?
Or are you reffering to your mom? This is utterly confusing, I am afraid...
Sorry... Couldn't resist! =)
Quickly collect as much sperm and eggs from endangered species as you can. If needed, try to collect these from live animals.
If this is not possible, use cloning techniques... and try to work out the bugs of the cloning process (rapid aging, damaged genes, etc...).
Wait until the ecological situation in the region of the endangered animal is back to normal (or as near normal as possible), "reproduce" the animal in a compatible donor, or a genetically-engineered one if no compatible donors are available. Re-introduce several cloned members of the specie. After a while, you should have restored "lost" species and ecological diversity.
And the best thing is, you can do this even more easily with plants.
I think this is much more interesting than freezing your own brain for posterity. Probably a much better use of genetics than GMOs...
As governmental databases will reach critical mass, especially with cross-indexing and cross-searches are made more and more common (Oracle database proposals anyone?), I can safely predict that this kind of abuse will only become more and more common.
Do you still think your government does not spy on you? Think again...
The Davis campaign committee reported receiving the Oracle check in June, two weeks after Oracle won the lucrative state software contract, which was awarded without competitive bidding.
Without competitive bidding... And a check received from a company boasting its software is unbreakable.
No, this is not quite on a par with the W. Bush dealings with Enron. But it's getting close.
(Not bad for a company under investigation!).
Somebody hack Passport, quick! Before this madness becomes reality and before "ID theft" takes on a whole new kind of meaning.
Even then, there is a sardonic part of me that relishes in possibility #3 above... =)
Canal+ has a very long history of crackers kicking the living daylights out of their encryption/scrambling schemes.
When the channel was launched in the early '80s, it took less than two months for the electronic schematics of a "pirate" descrambler to be posted in a popular electronics magazine... who quickly pulled the issue from the shelves when sued by Canal+. It's been downhill ever since.
A lot of web sites in Belgium, Switzerland and the UK (hint: border countries) actually advertise pirate descramblers or electronics schematics.
I seriously doubt the company attacked by Canal+ had to spend millions and millions of $$$ to crack the scrambling -- the figure (as well as Canal+ losses) were probably grossly over-inflated by greedy lawyers and C+ legal department.
One final note: Canal+ has a nasty reputation in France and in the rest of Europe for cracking down hard on pirates & crackers. Jean-Marie Messier (CEO of Vivendi/Universal/Canal +), who is a complete megalomaniac, is probably to prove he has got a bigger... Uh... large... Ahem... hairy cojones than News Corps's CEO.
Just my 0.02 Euros.
These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.
All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?
If such a card was introduced in, say, the European Union, citizens would probably have the right to:
I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.
Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...
So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.
Here is what can be found on their web site:
"OpenSSH 3.1 released March 7, 2002."
Hmmm... That was quick! Especially since the advisory reads:
Pine Internet Security Advisory
Advisory ID : PINE-CERT-20020301
Authors : Joost Pol
Issue date : 2002-03-07
Application : OpenSSH
Version(s) : All versions between 2.0 and 3.0.2
Pretty good job.
IANAL, etc... etc... yadda, yadda, yadda.
The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Here is my take:
Other things to take into account:
Conclusion?
Bad idea. VERY bad idea. Release code under GPL, play nice, and nobody gets hurt... (wink! wink!)
IMHO, any company who tries that kind of stunt is going to end up on the trash-pit of dot-coms faster than you can say "GNU General Public License".
Isn't BitKeeper a (gasp!) closed-source commercial software?
... TUX, Episode I: The revenge of the Borg!!
Shock! Horror! Has Linus Torvalds turned to the dark side of the code?!?!
Stay tuned for the next episode of
No comments:
In the only interview with the al-Qaeda leader since the 11 September attacks, Bin Laden declares that "the battle has moved to inside America".
"I tell you, freedom and human rights in America are doomed. The US Government will lead the American people - and the West in general - into an unbearable hell and a choking life," he says.
Click here for the whole article
Despite this public knowledge, Al Quaeda has been using weak (MS-supplied) crypto to protect sensitive information... that could be discovered within days. Therefore:
Just my US$0.02...
Scott Mc Nealy (your esteemed *cough*cough* CEO) once said : "You have no privacy. Get over it". I may have a couple of words wrong, but you get the drift.
Considering Sept. 11th aftermath, the new rules being put into place in the USA (some say they are privacy-invading) and the fact that a lot of Open Source software reject the position of Mr McNealy, what do you think will happen?
I think this question is especially relevant, since a lot of users are getting very wary of large companies (Redmondia comes to mind) tracking each and every gesture through the latest version of their software.
Many thanks in advance.
Since I am (slowly) moving all my machines to either Free/Net/OpenBSD or Linux, I won't need MiKro$0ft (tm) products anymore.
I won't need to upgrade yet again to another buggy, slow, unstable and bug-ridden products from Redmond.
I won't have to pay to fear the latest virus-worm-security-hole-of-the-day. I won't have to agree to stupid licenses that take away my rights to poke and prode and just learn from code source.
I won't have to store all my private information in an insecure, privacy-threatening "service". I won't have to upgrade my software every time a huge, greedy company decides that I have to.
I won't even have to upgrade my (second-hand) hardware, since the (windows) underpowered PCs I have right now can run all the applications I really need. I will not have to wait for 10 full minutes for my machines to boot, and I will not have to reboot them several times per day.
Thank you, Mr Gates. By announcing Windows 9x (tm) won't be supported by your company anymore, you gave me the final incentive I needed to ditch your products once and for all.
And I am sure I won't be the only one. Have a nice day.
I have had some experience working with and helping blind users and, in my opinion, Linux use would greatly help them for one reason (and one reason only): character/terminal-based applications.
While the focus of most developers today is the pretty GUI/multimedia/gizmo-of-the-day, there are literally tons of useful applications that work perfectly well in text mode -- and that can be used with a Braille output and keyboard configured as a serial terminal.
Applications such as Lynx, links, mutt, vi, Emacs, nano, TeX, ispell, ps2ascii, etc... provide blind users with a level of service and capabilities they would hard-pressed to find under Windows. As a matter of fact, Linux and *BSDs are the only operating systems I know to maintain such a huge number of terminal-based applications.
Whenever you are tempted to program something only for a GUI, remember the UNIX philosophy and program a command-line utility, as well as graphical (X) shell -- you'll probably help a blind user somewhere!
Another alternative: just crack the fscking file format and keep the files forever.
It's been done before. It'll be done again. When will these clueless marketdroids and PHBs will understand that it is basically impossible to protect a file that you can download to an independent machine?
Does it apply in reverse?
Example: DeCSS is legal in France. If I post DeCSS on a US server and this server is a mirror of a French server, does French law and "backup copy" laws apply to the US site as well?
No? Then this decision is nothing more than US protecting its huge mega-corporation. Yes? Then free speech is really better protected.
Just my US$0.02... =)