This goes back to the digital sigs for website shop front ends, and "signed" ActiveX controls etc.
First off, just because something is liscensed, doesn't make it trustworthy. More problems will arise from people nievely trusting applications that have the "It's secure" sticker on it, instead of doing what they can to understand the application and it's proper implementation.
Secondly it would destroy the market for developers who refuse to conform to, or cannot afford "liscensing". MANY useful and integral applications, especially for non M$ platforms, rely on people making improvements and fixes in their spare time. Who's going to be willing to submit a quick hack to fix a problem if they might be liable for the result?
Hell who's going to code anything for free?? I'm certainly not willing to make myself personnaly liable without any monetary compensation. For legal fees if nothing else. Htf am I going to know that when my obscure software is compiled on the 2.9.4 kernel years from now, it creates an exploitable condition??
Going back to the first reply, the platform the software is running on makes a HUGE impact on it's security. How am I going to develop an application on a platform with an inherantly flawed API subject to hijacking etc?
How about physical security issues? What if a compromise occurs on a machine, that resulted from say a hardware keylogger ($40 from thinkgeek), or a disgruntled employee? Must I bear the burden of proof that it was not my application but one of these or a host of other issues that caused a compromise in a system running my software?
It's just a plain bad idea, poorly formulated, and not very well thought out. It's the "higher ups" deciding to place the blame on the developers, and remove personal liability from themselves.
It's funny, many of those authoring "cyber" legeslation, never seem to understand the scope or technology behind the problems they attempt to solve.
For example, what stops me from setting up a machine in Ethiopia and sending my important msg about erectile dysfunction, and my new miracle cream to millions of US addresses?
What stops me from plucking any number of wide open.hk hosts of the network and using them to send out my spam?
This "Anti-Spam" law is merely an attempt to appease he voting public, and show that our government is "doing something about the problem".
The best way to get rid of spam is to target the companies using it as a means of advertising.
Online money transactions have the longest paper trail and validation setup of any other consumer service online. If they're capable of receiving payments online, they're capable of being tracked down.
Slashdot Mirror
and damn my browser extension for "sanitizing" the post request and stripping the [p]
This goes back to the digital sigs for website shop front ends, and "signed" ActiveX controls etc. First off, just because something is liscensed, doesn't make it trustworthy. More problems will arise from people nievely trusting applications that have the "It's secure" sticker on it, instead of doing what they can to understand the application and it's proper implementation. Secondly it would destroy the market for developers who refuse to conform to, or cannot afford "liscensing". MANY useful and integral applications, especially for non M$ platforms, rely on people making improvements and fixes in their spare time. Who's going to be willing to submit a quick hack to fix a problem if they might be liable for the result? Hell who's going to code anything for free?? I'm certainly not willing to make myself personnaly liable without any monetary compensation. For legal fees if nothing else. Htf am I going to know that when my obscure software is compiled on the 2.9.4 kernel years from now, it creates an exploitable condition?? Going back to the first reply, the platform the software is running on makes a HUGE impact on it's security. How am I going to develop an application on a platform with an inherantly flawed API subject to hijacking etc? How about physical security issues? What if a compromise occurs on a machine, that resulted from say a hardware keylogger ($40 from thinkgeek), or a disgruntled employee? Must I bear the burden of proof that it was not my application but one of these or a host of other issues that caused a compromise in a system running my software? It's just a plain bad idea, poorly formulated, and not very well thought out. It's the "higher ups" deciding to place the blame on the developers, and remove personal liability from themselves.
It's funny, many of those authoring "cyber" legeslation, never seem to understand the scope or technology behind the problems they attempt to solve. For example, what stops me from setting up a machine in Ethiopia and sending my important msg about erectile dysfunction, and my new miracle cream to millions of US addresses? What stops me from plucking any number of wide open .hk hosts of the network and using them to send out my spam?
This "Anti-Spam" law is merely an attempt to appease he voting public, and show that our government is "doing something about the problem".
The best way to get rid of spam is to target the companies using it as a means of advertising.
Online money transactions have the longest paper trail and validation setup of any other consumer service online. If they're capable of receiving payments online, they're capable of being tracked down.