Having recently worked on setting up a government procurement framework, I can offer this.
It is not uncommon to find that the procurement criteria or legal contracts you have to use explicitly assume that it is licenses to use the software which are being purchased. Since many open source licenses don't work that way, they end up getting excluded by default. This is not an evil plot to exclude open source software, it's just that this is the way software is generally purchased (or at least, it was in the past).
I had many meetings with various government bodies and lawyers to ensure that our framework did NOT make those assumptions. Once everything was properly been explained, I found people were very willing to make the necessary changes.
What makes you say that travel outside the solar system is impossible? We have two probes already about to leave the solar system. Given we have only been travelling through the air for 100 years or so, and into space for the last 50, I'm astonished at your confident predictions of impossibility.
You might be interested in Project Icarus - a serious project to design an interstellar craft, using technologies only slightly in advance of our current capabilities. It's a thought experiment - no-one imagines actually building such a craft in the near future.
And in any case, who knows how the future will be? It may be very difficult to send humans in their current form on interstellar voyages - but we may change our form, download our minds into nano-scale processors, or even figure out some new physics in the next 100 years!
Nice breakdown of the possibilities, but like many people you mix up evolution with abiogenesis. Evolution says nothing about the origin of life, only about how it changes and adapts to its environment over time. Theories of the creation of life from inanimate matter are called abiogenesis:
Well, my young family and I would quite like to return from Seattle to London at some point. Have another flight booked on Tuesday evening, so will be delayed by 5 days at that point... but the flight back goes right over Iceland. Seriously considering other options...
But data.gov is not hosting apps, just the data. It's doing this webby thing TBL invented called "linking" to them.
Almost magically, they are actually hosted and written by by entirely different people and organisations, and yet you can access them from data.gov's own pages.
Maybe you should click on one of those "links" at the top of this page and RTFA...
This is just a statistical argument. There are simply far more ways to be disorganised than organised. So it's just very, very unlikely (but not impossible) for large numbers of things to behave in a way that looks like "time-reversal" to us. This is why you get the difference between the scales - it's just the combinatorial explosion you get when arranging large numbers of things.
I seriously wonder why anyone think this provides any deep explanation of time itself - glad to be enlightened if I'm missing something deep (or obvious) here...
You are right about the issue being file formats and physical media, but you are dead wrong about the risks. You have to distinguish between rescuing something which is already obsolete vs. keeping something "alive" as you go along.
If you're talking about rescuing obsolete stuff, then it ranges from hard to impossible, mostly because it generally isn't economic to recreate older media readers. For file formats, it's also expensive, but for some formats will be possible.
If you're talking about migrating information, then physical media is essentially irrelevant, and the process is a no-brainer (large volumes may pose problems, but they aren't media issues). However, migrating unstructured information with complex content (e.g. documents with macros) to new formats is extremely hard (if not impossible), as each format has different capabilities. It just isn't possible to transform the information losslessly. Over time, this inevitably results in information loss.
Errr... I freely admit I haven't exhaustively looked through the data currently available, but the whole point of data.gov.uk is to publish data in semantic web formats. If the current stuff isn't quite there yet - it will be, and in totally standardised, mash-up-able, formats. I wasn't aware there was any MS format stuff on there at all.
Disclaimer: I know the people involved in this project, and they constantly talk about using XML, RDF, GRDDL, OWL, and so on...
All of these systems are designed to protect users from each other on a single system, when a computer was an expensive resource. It's just that unix had a good multi-user single-machine design long before windows did.
But the threat model these days is running untrusted code from the network. Very few machines actually have more than one user on them - they all have their own machines. And all of that code is running with the full privileges of the user, with access to all their data.
That is the. problem these days. And it's not one that unix is any better at solving than windows is. I would add that I've used Ubuntu as my primary desktop for the last 4 years - I'm no Windows fanboy - but neither am I blind to the security weaknesses of my chosen operating system.
Learning math & OOAD are not mutually exclusive choices.
I do agree with what you say to some extent though. I've seen code written by math "geniuses", and it often looks as you describe. Somehow they appreciate the elegance and beauty of mathematical theory, but fail abysmally at translating that into practical code that shares the same sort of beauty. In fact, this describes my current software rescue project quite well.
But I would advise learning math, and OOAD, *and* other programming disciplines like functional programming - objects are not the right choice for all problem spaces. And do get into the beauty, elegance and power of all of those things!
Well, relational databases were *supposed* to be built on set theory. But they ended up including NULLs, which aren't compatible with sets. Try reading "Database in Depth" by C. J. Date for some amusingly acerbic and useful analysis of relational theory:
Absolutely! In my previous job (many years ago), I insisted that developers mark areas of dodgy code with a few standardised comments, like://KLUDGE: reason for kludge
The rationale was that we often had to kludge things up to hit silly deadlines, but at least we knew where these dodgy bits of code were so we could clean them up later, and to look at them in particular when we hit wierd bugs. The other side of marking the code like this was I published monthly metrics to the team and to senior management - the "Kludgeometer", broken down by different areas of the code. Once that number started getting high in a given area, it got a whole lot easier to win support to clean the code up - and they eventually agreed to keep the number within reasonable tolerances across the entire codebase.
I was briefly a Y2K consultant - it certainly wasn't me overhyping the problem or overcharging for non-solutions, although I'm sure such people did exist.
If anything, it was the IT departments who wanted to replace their infrastructure and were just looking for an excuse, and the consultant was the convenient excuse. I audited lots of systems and gave most of them a basically green light - just a few simple things to do and they'd be fine. It was quite frequent that I was told to rewrite the report to imply a greater risk than really existed (or rather, told to stop "underselling" the risk)...
It always amazes me that people are in any way surprised that the molecules used by life on Earth turn out to be easy to form, either on Earth itself or in space. It would be far more surprising and interesting if life on Earth involved molecules that are really hard to make under normal conditions.
However, this research does demonstrate that these molecules can form in space, which may indicate that they are also common across the universe, not just due to local conditions that held on the early Earth. Which in turn, lends credence to the notion that if life has arisen elsewhere in the universe, we may expect it to be made of similar stuff to ourselves.
As you rightly point out, if you're already working in a live Windows / Outlook / Exchange environment, then having the PST format spec is largely irrelevant.
However, There are huge amounts of government data locked up in PST files. I work in digital preservation - our use case is to profile the information contained in these files, both to determine if their contents should be preserved for accountability and historic interest reasons, and to be able to process their contents on a server and apply preservation policies to them.
So roll on the PST spec - it will be a major help in unlocking government data, assuring accountability, and preserving what it for the ages. When so much vital information is locked up in an undocumented format, there are always lots of use cases that will be important to a significant group of people. They may be corner cases to you, but they will be vitally important to others.
The GLP is not a contract, it is a license, so I don't think a court can invalidate it in the same way as an illegal contract. Since there is no binding agreement between two parties, there is nothing for a court to strike down.
If the terms of a license require illegal behaviour from the user, then I guess no-one could be licensed without becoming a criminal.
Thanks for responding so comprehensively. Your reasoning appears to be informed by a much greater understanding of the law in general than I possess.
Having said that, I don't necessarily buy into all your arguments. I particularly don't agree that the CMA is only intended to prevent access to private data. I believe it is intended to prevent the misuse of computers, which comprises unauthorised access and changes to programs as well as data. If, as you argue, the Act does not apply to programs as well as data, then we will need more legislation.
Note that the Act does not define what constitutes a computer either. In my MSc this was emphasised as a strength of the Act, as the nature of computers has shifted considerably since the Act was produced, yet it can still be applied to novel devices (e.g. mobile phones) which did not exist at the time the Act was framed.
As far as my reference to a "basic test for authorisation goes", I am afraid I can't point you to any solid legal references. All I can say is discussions on the nature of what constitutes authorisation formed a large part of our studies on the CMA - and it is clearly a grey area.
First: the CMA is very careful to mention both programs and data in each major section. You cannot assume that the act is only meant to prevent access to private data.
Second: I am not qualified to comment.
Third: Each major section consitutes a separate offence. Again, you cannot assume that access to programs don't count because you happen to interpret the wider goal of the Act to prevent access to private data. The Act says what it says, regardless of the wider intention you read into it.
Fourth: there may be good defences - not qualified to comment.
Fifth: The BBC caused the computer to perform a function without the authorisation of the owner. It is irrelevant that the owner did not create the means for them to do this, or may have been unaware of its existence. This is not a defence.
Sixth: If you publish a service for consumption by others, then it is reasonable for others to consume it, and accessing this service would not be an offence. However, it seems highly unlikely that most of the computers fall into this category.
Seventh: the BBC cannot authorise access to someone else's computer, regardless of whether they are on the botnet themselves. The basic test of authorisation is that if they do not *know* whether they have authorisation to access a given computer, then attempting access is unauthorised. Absence of knowledge does not give you a free pass to attempt access! In other words, it is not a defence to claim you didn't know whether you had authorisation or not, so therefore you assumed you had it! If you don't know - ask.
Eighth: it is not clear what you mean here. You seem to be talking about things your computer does under your control with your authorisation. The Act is focussing on access to other people's machines, not your own. Changes that occur to either your own or other machines due to authorised access are immaterial.
Again, you focus on your interpretation of what you think the Act is trying to achieve (protection of private data), which is immaterial - you need to focus on what the Act says (unauthorised access to programs and data is illegal).
There is no need for criminal intent to commit an offence under CMA section 1. Finally, have a read of section 17 (Interpretation):
17 Interpretation (1) The following provisions of this section apply for the interpretation of this Act. (2) A person secures access to any program or data held in a computer if by causing a computer to perform any function he-- (a) alters or erases the program or data; (b) copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held; (c) uses it; or (d) has it output from the computer in which it is held (whether by having it displayed or in any other manner); and references to access to a program or data (and to an intent to secure such access) shall be read accordingly.
It is clear, to me at least, that the BBC has committed an offence under section 1(1) of the Computer Misuse Act (unauthorised access), and probably under section 3 as well (unauthorised modification).
Note: I am not a lawyer, but I have studied the CMA during an Information Security Masters degree. I would be very interested to hear why you do *not* think they have committed any offence.
Quite right. There is a huge difference between information being publicly available (e.g. you have to physically visit an official building), and publication to anyone with a passing interest on the internet.
I work at a government archive, and we have to make similar distinctions. All our records are public records, and hence have to be available for inspection under the Public Records Act (if they are not temporarily closed under the FoI Act).
However, we have no legal duty to actively publish the records, and other laws can further restrict our ability to do so - for example, the Data Protection Act or the Copyright Designs and Patents Act.
In some cases, we will produce a redacted version (with personal/restricted details stripped out), publish that (and of course, retain the original until such a time as those details are no longer an issue). For example, census data can't be fully released until 100 years have passed (although anonymised data can be released a bit earlier).
There is a huge difference between making available and active publication. Internet search engines transform the landscape of what is possible and/or desirable. It's not only about access to the information in the first place - it's about ease of access. And no, this isn't an insurmountable barrier - but you have to do some serious legwork if you want the information (assuming it is open at all), which prevents casual invasions of privacy.
Slashdot Mirror
Having recently worked on setting up a government procurement framework, I can offer this.
It is not uncommon to find that the procurement criteria or legal contracts you have to use explicitly assume that it is licenses to use the software which are being purchased. Since many open source licenses don't work that way, they end up getting excluded by default. This is not an evil plot to exclude open source software, it's just that this is the way software is generally purchased (or at least, it was in the past).
I had many meetings with various government bodies and lawyers to ensure that our framework did NOT make those assumptions. Once everything was properly been explained, I found people were very willing to make the necessary changes.
What makes you say that travel outside the solar system is impossible? We have two probes already about to leave the solar system. Given we have only been travelling through the air for 100 years or so, and into space for the last 50, I'm astonished at your confident predictions of impossibility.
You might be interested in Project Icarus - a serious project to design an interstellar craft, using technologies only slightly in advance of our current capabilities. It's a thought experiment - no-one imagines actually building such a craft in the near future.
http://www.icarusinterstellar.org/blog/project-icarus-design-interstellar-spacecraft/
And in any case, who knows how the future will be? It may be very difficult to send humans in their current form on interstellar voyages - but we may change our form, download our minds into nano-scale processors, or even figure out some new physics in the next 100 years!
Nice breakdown of the possibilities, but like many people you mix up evolution with abiogenesis. Evolution says nothing about the origin of life, only about how it changes and adapts to its environment over time. Theories of the creation of life from inanimate matter are called abiogenesis:
http://en.wikipedia.org/wiki/Abiogenesis
http://www.timesonline.co.uk/tol/news/world/africa/article2971369.ece
Regardless of the size of your brain, I think you may have a small mind ;)
Well, my young family and I would quite like to return from Seattle to London at some point. Have another flight booked on Tuesday evening, so will be delayed by 5 days at that point ... but the flight back goes right over Iceland. Seriously considering other options...
But data.gov is not hosting apps, just the data. It's doing this webby thing TBL invented called "linking" to them.
Almost magically, they are actually hosted and written by by entirely different people and organisations, and yet you can access them from data.gov's own pages.
Maybe you should click on one of those "links" at the top of this page and RTFA...
This is just a statistical argument. There are simply far more ways to be disorganised than organised. So it's just very, very unlikely (but not impossible) for large numbers of things to behave in a way that looks like "time-reversal" to us. This is why you get the difference between the scales - it's just the combinatorial explosion you get when arranging large numbers of things.
I seriously wonder why anyone think this provides any deep explanation of time itself - glad to be enlightened if I'm missing something deep (or obvious) here...
You are right about the issue being file formats and physical media, but you are dead wrong about the risks. You have to distinguish between rescuing something which is already obsolete vs. keeping something "alive" as you go along.
If you're talking about rescuing obsolete stuff, then it ranges from hard to impossible, mostly because it generally isn't economic to recreate older media readers. For file formats, it's also expensive, but for some formats will be possible.
If you're talking about migrating information, then physical media is essentially irrelevant, and the process is a no-brainer (large volumes may pose problems, but they aren't media issues). However, migrating unstructured information with complex content (e.g. documents with macros) to new formats is extremely hard (if not impossible), as each format has different capabilities. It just isn't possible to transform the information losslessly. Over time, this inevitably results in information loss.
LOCKSS - Lots of Copies Keeps Stuff Safe:
http://lockss.stanford.edu/lockss/Home
Errr... I freely admit I haven't exhaustively looked through the data currently available, but the whole point of data.gov.uk is to publish data in semantic web formats. If the current stuff isn't quite there yet - it will be, and in totally standardised, mash-up-able, formats. I wasn't aware there was any MS format stuff on there at all.
Disclaimer: I know the people involved in this project, and they constantly talk about using XML, RDF, GRDDL, OWL, and so on...
Right on. Mod parent up!
Not true.
All of these systems are designed to protect users from each other on a single system, when a computer was an expensive resource. It's just that unix had a good multi-user single-machine design long before windows did.
But the threat model these days is running untrusted code from the network. Very few machines actually have more than one user on them - they all have their own machines. And all of that code is running with the full privileges of the user, with access to all their data.
That is the. problem these days. And it's not one that unix is any better at solving than windows is. I would add that I've used Ubuntu as my primary desktop for the last 4 years - I'm no Windows fanboy - but neither am I blind to the security weaknesses of my chosen operating system.
Learning math & OOAD are not mutually exclusive choices.
I do agree with what you say to some extent though. I've seen code written by math "geniuses", and it often looks as you describe. Somehow they appreciate the elegance and beauty of mathematical theory, but fail abysmally at translating that into practical code that shares the same sort of beauty. In fact, this describes my current software rescue project quite well.
But I would advise learning math, and OOAD, *and* other programming disciplines like functional programming - objects are not the right choice for all problem spaces. And do get into the beauty, elegance and power of all of those things!
Well, relational databases were *supposed* to be built on set theory. But they ended up including NULLs, which aren't compatible with sets. Try reading "Database in Depth" by C. J. Date for some amusingly acerbic and useful analysis of relational theory:
http://www.amazon.co.uk/Database-Depth-Relational-Theory-Practitioners/dp/0596100124
He worked with E. Codd on the original relational model.
Absolutely! In my previous job (many years ago), I insisted that developers mark areas of dodgy code with a few standardised comments, like: //KLUDGE: reason for kludge
The rationale was that we often had to kludge things up to hit silly deadlines, but at least we knew where these dodgy bits of code were so we could clean them up later, and to look at them in particular when we hit wierd bugs. The other side of marking the code like this was I published monthly metrics to the team and to senior management - the "Kludgeometer", broken down by different areas of the code. Once that number started getting high in a given area, it got a whole lot easier to win support to clean the code up - and they eventually agreed to keep the number within reasonable tolerances across the entire codebase.
Over the "wire"? All my data comes to me over the "aether", not some melted mineral ;)
I was briefly a Y2K consultant - it certainly wasn't me overhyping the problem or overcharging for non-solutions, although I'm sure such people did exist.
If anything, it was the IT departments who wanted to replace their infrastructure and were just looking for an excuse, and the consultant was the convenient excuse. I audited lots of systems and gave most of them a basically green light - just a few simple things to do and they'd be fine. It was quite frequent that I was told to rewrite the report to imply a greater risk than really existed (or rather, told to stop "underselling" the risk)...
It always amazes me that people are in any way surprised that the molecules used by life on Earth turn out to be easy to form, either on Earth itself or in space. It would be far more surprising and interesting if life on Earth involved molecules that are really hard to make under normal conditions.
However, this research does demonstrate that these molecules can form in space, which may indicate that they are also common across the universe, not just due to local conditions that held on the early Earth. Which in turn, lends credence to the notion that if life has arisen elsewhere in the universe, we may expect it to be made of similar stuff to ourselves.
As you rightly point out, if you're already working in a live Windows / Outlook / Exchange environment, then having the PST format spec is largely irrelevant.
However, There are huge amounts of government data locked up in PST files. I work in digital preservation - our use case is to profile the information contained in these files, both to determine if their contents should be preserved for accountability and historic interest reasons, and to be able to process their contents on a server and apply preservation policies to them.
So roll on the PST spec - it will be a major help in unlocking government data, assuring accountability, and preserving what it for the ages. When so much vital information is locked up in an undocumented format, there are always lots of use cases that will be important to a significant group of people. They may be corner cases to you, but they will be vitally important to others.
The GLP is not a contract, it is a license, so I don't think a court can invalidate it in the same way as an illegal contract. Since there is no binding agreement between two parties, there is nothing for a court to strike down.
If the terms of a license require illegal behaviour from the user, then I guess no-one could be licensed without becoming a criminal.
However, IANAL...
Thanks for responding so comprehensively. Your reasoning appears to be informed by a much greater understanding of the law in general than I possess.
Having said that, I don't necessarily buy into all your arguments. I particularly don't agree that the CMA is only intended to prevent access to private data. I believe it is intended to prevent the misuse of computers, which comprises unauthorised access and changes to programs as well as data. If, as you argue, the Act does not apply to programs as well as data, then we will need more legislation.
Note that the Act does not define what constitutes a computer either. In my MSc this was emphasised as a strength of the Act, as the nature of computers has shifted considerably since the Act was produced, yet it can still be applied to novel devices (e.g. mobile phones) which did not exist at the time the Act was framed.
As far as my reference to a "basic test for authorisation goes", I am afraid I can't point you to any solid legal references. All I can say is discussions on the nature of what constitutes authorisation formed a large part of our studies on the CMA - and it is clearly a grey area.
Taking some of your points in turn:
First: the CMA is very careful to mention both programs and data in each major section. You cannot assume that the act is only meant to prevent access to private data.
Second: I am not qualified to comment.
Third: Each major section consitutes a separate offence. Again, you cannot assume that access to programs don't count because you happen to interpret the wider goal of the Act to prevent access to private data. The Act says what it says, regardless of the wider intention you read into it.
Fourth: there may be good defences - not qualified to comment.
Fifth: The BBC caused the computer to perform a function without the authorisation of the owner. It is irrelevant that the owner did not create the means for them to do this, or may have been unaware of its existence. This is not a defence.
Sixth: If you publish a service for consumption by others, then it is reasonable for others to consume it, and accessing this service would not be an offence. However, it seems highly unlikely that most of the computers fall into this category.
Seventh: the BBC cannot authorise access to someone else's computer, regardless of whether they are on the botnet themselves. The basic test of authorisation is that if they do not *know* whether they have authorisation to access a given computer, then attempting access is unauthorised. Absence of knowledge does not give you a free pass to attempt access! In other words, it is not a defence to claim you didn't know whether you had authorisation or not, so therefore you assumed you had it! If you don't know - ask.
Eighth: it is not clear what you mean here. You seem to be talking about things your computer does under your control with your authorisation. The Act is focussing on access to other people's machines, not your own. Changes that occur to either your own or other machines due to authorised access are immaterial.
Again, you focus on your interpretation of what you think the Act is trying to achieve (protection of private data), which is immaterial - you need to focus on what the Act says (unauthorised access to programs and data is illegal).
There is no need for criminal intent to commit an offence under CMA section 1. Finally, have a read of section 17 (Interpretation):
17 Interpretation
(1) The following provisions of this section apply for the interpretation of this Act.
(2) A person secures access to any program or data held in a computer if by causing a computer to perform any function he--
(a) alters or erases the program or data;
(b) copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held;
(c) uses it; or
(d) has it output from the computer in which it is held (whether by having it displayed or in any other manner);
and references to access to a program or data (and to an intent to secure such access) shall be read accordingly.
It is clear, to me at least, that the BBC has committed an offence under section 1(1) of the Computer Misuse Act (unauthorised access), and probably under section 3 as well (unauthorised modification).
Note: I am not a lawyer, but I have studied the CMA during an Information Security Masters degree. I would be very interested to hear why you do *not* think they have committed any offence.
Quite right. There is a huge difference between information being publicly available (e.g. you have to physically visit an official building), and publication to anyone with a passing interest on the internet.
I work at a government archive, and we have to make similar distinctions. All our records are public records, and hence have to be available for inspection under the Public Records Act (if they are not temporarily closed under the FoI Act).
However, we have no legal duty to actively publish the records, and other laws can further restrict our ability to do so - for example, the Data Protection Act or the Copyright Designs and Patents Act.
In some cases, we will produce a redacted version (with personal/restricted details stripped out), publish that (and of course, retain the original until such a time as those details are no longer an issue). For example, census data can't be fully released until 100 years have passed (although anonymised data can be released a bit earlier).
There is a huge difference between making available and active publication. Internet search engines transform the landscape of what is possible and/or desirable. It's not only about access to the information in the first place - it's about ease of access. And no, this isn't an insurmountable barrier - but you have to do some serious legwork if you want the information (assuming it is open at all), which prevents casual invasions of privacy.