Well, yes. "Tend to be more obsolete" is reassuring, until you realize that these crackers don't much recognize verbal agreements not to publish to other crackers, and both share with each other and steal from each other on a regular basis. So the rawest script kiddies receive infusions of the latest tools on a surprisingly frequent basis. The result is that the security through obscurity of keeping things unpublished becomes insecurity for most casual users.
While that's a concern, there is a fairly serious underground already in selling such vulnerabilities. Both script kiddies exchanging cheap tools, and serious crackers using, selling, and giving away tools to "trusted friends" have been in play for decades. And far, far too many vulnerabilities are unpublished by security groups, "because the vendor hasn't given permission an not yet provided a fix".
CERT is sitting on at least a few vulnerabilities, and has been doing so for at least 5 years on some of them, particularly vulnerabilities involving Windows. So who is safer now that the vulnerability has been available for 5 years, but legitimate people like you and me can't look it up? And Microsoft is not alone in this, although they're usually the worst offender.
You seem to have confidence that consumers, unhappy with a technology or corporate policy, can easily change that policy. I'm not: we've seen such corporate policy used illegally to hinder competitors before, and Microsoft is notorious for it. There are thiefs, crooks, and legal manipulators out there. We've seen them in action (such as SCO), and they've wasted a lot of our time and money.
And have you actually *READ* the Microsoft software licenses? Go read it on the MSDN software bundles, it's wildly more discriminatory than anything the FSF has even dreamed of offering.
I've seen good reports of fully virtualized servers for this, up to 10 entirely distinct operating systems on the same hardware server, to support exactly this sort of need. VMware and Xen seem to work well for this.
Richard does approach this from a moral standpoint, it's clear.
But for Linus to say law is not based on morals is... amazingly wrong, and shows a real failure to think about it if that's his real belief. Laws without moral codes are like programs without output. The laws have to be based on something. The common good, the rights of the individual, freedom of speech, ownership of property, etc. are all moral issues that the law balances. Laws also change to support moral changes: slavery is a prime example of this.
Decrying a law or rule merely because it has a moral basis ignores the whole of human history, and is like ignoring a computer program because it uses the number "0".
Overall I agree with what you wrote. But I'd like to disagree on 2 small points.
1: Other poeple are working on free softwae, just as groups besides Amnety International work on human rights. They're some of the most clear and effective leaders in the work, but not the only ones. Various BSD projects, for example, take this seriously.
2: RMS is not the whole of the FSF or the GNU projects. He's certainly the leader, and his beliefs have compelling power, but he's certainly not a cult leader of followers of unquestioned loyalty. We're geeks: we argue, debate, and often disagree and fork off our own ways of doing things. The FSF certainly fosters this where feasible.
The GPL does not to be clear and consistent to protect people from legal confusion, that's why it's so consistently defined by the FSF.
OK, that makes more sense. The $700 for just the license, with the Active Directory and other tools, makes more sense. But for that $700, you can buy a low end Terabyte network storage server, or buy two for on-line backups, and you're basically done. Storage itself is a commodity: you no longer need big iron to do quite large storage.
I missed the sarcastic frustration in your hackers crack: it's hard to detect sometimes. I've seen people as experienced and grounded as you seem to be toos out that kind of claim seriously: not as often as I used to, I admit. I'm not clear that you appreciate the "business side of things" in the long term. Compatibility is good in the short term, but the patent and Tivoization problems have been getting worse. Unless we want to see things like the fundamentally DRM-based "Trusted Computing" tools from Microsoft, already built into the current generation of Intel and AMD processors, used to lock out our hardware and software from doing their jobs with any software but the virgin, commercially packaged software from the original vendor, we need to address DRM and patent issues right now.
For example, it's a good thing that Microsoft failed miserably to get WinFS working for Vista. That's an XML based filesystem, and Microsoft has been filing hundreds if not thousands of XML patents. This makes open source drivers to access that filesytem vulnerable to serious patent issues. If Novell then turned around and wrote tools for it, layered on top of GPL components like the kernel or Samba, they could keep those components away from competitors with patent protection from Microsoft.
Is this a bit paranoid? Yes. Is it likely, given Microsoft's history of embrace and extend and unhook from compatibility with others? Absolutely.
That seems fair enough. But that $700 for an OEM server license is a capital cost, and not recoverable. It's not relevant to the money you make off the service *unless* it means you make more money than off of a Samba server, and that's pretty unlikely. And the capital cost of the heavier duty hardware that the Windows server requires, downtime for software upgrades and reboots, pain of upgrade paths, etc. are much higher.
If you think GPL'd stuff is only for hackers and hobbyists, you obviously haven't looked at the infrastructure of the Internet itself. Google just hired Jeremy Allison, one of the key maintainers and developers of Samba. Many of your home network routers and firewalls are Linux kernel and glibc based, which means they are using GPL licensed software. Render farms and computing clusters also make extensive use of Linux, the OS, with all its GPL components.
I'm not saying it's "the year of Linux". But large and successful companies, like Google and IBM, are using it heavily and pursing it avidly, and publishing their software changes.
Wait: so you're suggesting we should continue with the GPLv2 and stay vulnerable to the known vulnerabilities? That's unwise: the patent issue alone is a compelling one for us to switch to GPLv3 immediately.
For example, examine how the patents surrounding Microsoft's XML tools from SenderID poisoned public acceptance of the SPF anti-forged-email tools and basically sidelined if not outright ruined the project.
Amen. Samba is critical to a lot of hardware projects, particularly cheap network file servers. The patent protections and anti-Tivoization clauses are vital to keep Jeremy's and Andrew's, and our, work available to us for the future.
Watch what happens as "Trusted Computed", which should have been named "DRM Everything", will play out with DVD or hard drives registered to operate only with certain software, but that software hooked through Samba to provide file access to the contents. As much work as Microsoft spent on it, I expect to see at least a few major holes show up and allow this kind of access.
No, I've seen worse, from people who couldn't imagine a business selling new software and software services rather than keeping your software secret. The worst I've seen was from the same person who, seriously, thought it was better to fight the Taliban in Baghdad rather than in Ohio.
He was a nice person in many ways, but completely confused about a lot of subtler software and political issues. And a big Slashdot fan, too.
No. No, Windows really doesn't. Their services are expensive to license, difficult to support, and a basic security nightmare with useless documentation.
While Samba often tails providing new features of CIFS, formerly SMB, its overall security and robustness and scalability make it clearly superior. It's graceful integration with NFS, FTP, HTTPS, or other services are even better. This is why almost all of those cheap little network storage boxes, and a lot of big ones, rely on Samba. Whenever I've worked with people who haven't drunk the Windows 2003 or Windows NT "managed server" Kool-Aid, they've lept on and been happy with the performance of Samba servers, even in arrays well over 10 Terabytes.
GPL is "free", not merely open. And you don't have to like someone to find part of their beliefs helpful or relevant or very insightfu, but not agree with everything. That's basic science, and basic law, and consistent with what Richard says. Allow people to compete in the world of ideas, just don't take away his or our freedoms to do the same.
Well, no. A competent experienced engineer or the author themselves are the best support plan, with holiday coverage. But even the author doesn't know sometimes. I've been that author, and gone googling for help myself.
It's more against non-supported software in many places, so the helpdesk can know what they're likely to get calls about. It's also useful to have some evidence when you say "Why buy Adobe Acrobat, when 80% of our people are using Ghostview for free?" And it's handy when you need to vet developer code to make sure they didn't just build their new project out of GPL code that you didn't know about, and you'll have to go back and publish it.
Like looking in the refrigerator and seeing what's hiding in that bottom drawer, it seems a useful tool.
Hmm. I'm only slightly kidding. Sociopath is probably not the right diagnosis for them. I'm not a psychaitrist or psychologist, and don't have enough access to their records or their personal behavior, especially that of the notoriously secretive Cheny in his "undisclosed locations" to make such a diagnosis.
But at the level of delusion they're operating at, can you consider them sane?
Also, make no mistake, people who are profoundly insane have existed at the highest levels of power throughout history. Ronald Reagan's diagnosis of Alzheimer's disease was no surprise to anyone who watched the presidential debates and his meandering performance before his second election, and who had ever worked with senile family members at a family wedding. And if G. Gordon Libby during the Nixon adminstration wasn't a sociopath, whom would you diagnose as one? Presidential politics invite megalomania, as do leadership positions of any significant power. Joe McCarthy was paranoid, and apparently delusional: he was clearly bucking for a presidential election.
It's amazing people can stay remotely sane under that level of pressure: I applaud people like Gerald Ford, Jimmy Carter, and Bill Clinton for remaining even remotely sane under that pressure, and keeping some sense of self and of oscale intact.
Agreed. May I suggest buying one of those nice wide-screen terminals for typesetting, and setting it up horizontally? A secretary at a workplace showed me her setup for formatting 8.5" x 11" documents in life-size layouts, and I wanted it instantly for going through code with lots of of empty lines or lines saying "{" on them, to be able to read what they were actually part of.
The concept is easy to grasp. The implementation you suggest is, frankly, nuts. Inserting an additional software interpretation layer, namely of a new and unnecessary markup language purely for visual code interpretation, is wasteful of system resources in code that often needs to run *fast* and needs to run without a lot of other tools available.
Some of us actually do that: It's often faster and easier to grab the ISO on-line than for me to try and repair a damaged CD or DVD, and they do get damaged. It does leave the risk of viruses being implanted on the CD or DVD image: that's important to scan. with good quality anti-virus software.
But yes, some of us do actually follow the laws on such things.
Are you single? Can I bear your children? Or if you have children, can I adopt them and use them to replace the cut&paste Perl programmers I have to keep slapping in the head for bad coding practices?
Because indentation matters. In C, Perl, Python, PHP, and even keeping Java legible, it matters in associating tasks done in the same set of code legible. And line-wrapped code is often more difficult to read.
Well, yes. "Tend to be more obsolete" is reassuring, until you realize that these crackers don't much recognize verbal agreements not to publish to other crackers, and both share with each other and steal from each other on a regular basis. So the rawest script kiddies receive infusions of the latest tools on a surprisingly frequent basis. The result is that the security through obscurity of keeping things unpublished becomes insecurity for most casual users.
While that's a concern, there is a fairly serious underground already in selling such vulnerabilities. Both script kiddies exchanging cheap tools, and serious crackers using, selling, and giving away tools to "trusted friends" have been in play for decades. And far, far too many vulnerabilities are unpublished by security groups, "because the vendor hasn't given permission an not yet provided a fix".
CERT is sitting on at least a few vulnerabilities, and has been doing so for at least 5 years on some of them, particularly vulnerabilities involving Windows. So who is safer now that the vulnerability has been available for 5 years, but legitimate people like you and me can't look it up? And Microsoft is not alone in this, although they're usually the worst offender.
You seem to have confidence that consumers, unhappy with a technology or corporate policy, can easily change that policy. I'm not: we've seen such corporate policy used illegally to hinder competitors before, and Microsoft is notorious for it. There are thiefs, crooks, and legal manipulators out there. We've seen them in action (such as SCO), and they've wasted a lot of our time and money.
And have you actually *READ* the Microsoft software licenses? Go read it on the MSDN software bundles, it's wildly more discriminatory than anything the FSF has even dreamed of offering.
I see you've used CPAN!
I've seen good reports of fully virtualized servers for this, up to 10 entirely distinct operating systems on the same hardware server, to support exactly this sort of need. VMware and Xen seem to work well for this.
Richard does approach this from a moral standpoint, it's clear.
But for Linus to say law is not based on morals is... amazingly wrong, and shows a real failure to think about it if that's his real belief. Laws without moral codes are like programs without output. The laws have to be based on something. The common good, the rights of the individual, freedom of speech, ownership of property, etc. are all moral issues that the law balances. Laws also change to support moral changes: slavery is a prime example of this.
Decrying a law or rule merely because it has a moral basis ignores the whole of human history, and is like ignoring a computer program because it uses the number "0".
Overall I agree with what you wrote. But I'd like to disagree on 2 small points.
1: Other poeple are working on free softwae, just as groups besides Amnety International work on human rights. They're some of the most clear and effective leaders in the work, but not the only ones. Various BSD projects, for example, take this seriously.
2: RMS is not the whole of the FSF or the GNU projects. He's certainly the leader, and his beliefs have compelling power, but he's certainly not a cult leader of followers of unquestioned loyalty. We're geeks: we argue, debate, and often disagree and fork off our own ways of doing things. The FSF certainly fosters this where feasible.
The GPL does not to be clear and consistent to protect people from legal confusion, that's why it's so consistently defined by the FSF.
OK, that makes more sense. The $700 for just the license, with the Active Directory and other tools, makes more sense. But for that $700, you can buy a low end Terabyte network storage server, or buy two for on-line backups, and you're basically done. Storage itself is a commodity: you no longer need big iron to do quite large storage.
I missed the sarcastic frustration in your hackers crack: it's hard to detect sometimes. I've seen people as experienced and grounded as you seem to be toos out that kind of claim seriously: not as often as I used to, I admit. I'm not clear that you appreciate the "business side of things" in the long term. Compatibility is good in the short term, but the patent and Tivoization problems have been getting worse. Unless we want to see things like the fundamentally DRM-based "Trusted Computing" tools from Microsoft, already built into the current generation of Intel and AMD processors, used to lock out our hardware and software from doing their jobs with any software but the virgin, commercially packaged software from the original vendor, we need to address DRM and patent issues right now.
For example, it's a good thing that Microsoft failed miserably to get WinFS working for Vista. That's an XML based filesystem, and Microsoft has been filing hundreds if not thousands of XML patents. This makes open source drivers to access that filesytem vulnerable to serious patent issues. If Novell then turned around and wrote tools for it, layered on top of GPL components like the kernel or Samba, they could keep those components away from competitors with patent protection from Microsoft.
Is this a bit paranoid? Yes. Is it likely, given Microsoft's history of embrace and extend and unhook from compatibility with others? Absolutely.
That seems fair enough. But that $700 for an OEM server license is a capital cost, and not recoverable. It's not relevant to the money you make off the service *unless* it means you make more money than off of a Samba server, and that's pretty unlikely. And the capital cost of the heavier duty hardware that the Windows server requires, downtime for software upgrades and reboots, pain of upgrade paths, etc. are much higher.
If you think GPL'd stuff is only for hackers and hobbyists, you obviously haven't looked at the infrastructure of the Internet itself. Google just hired Jeremy Allison, one of the key maintainers and developers of Samba. Many of your home network routers and firewalls are Linux kernel and glibc based, which means they are using GPL licensed software. Render farms and computing clusters also make extensive use of Linux, the OS, with all its GPL components.
I'm not saying it's "the year of Linux". But large and successful companies, like Google and IBM, are using it heavily and pursing it avidly, and publishing their software changes.
Wait: so you're suggesting we should continue with the GPLv2 and stay vulnerable to the known vulnerabilities? That's unwise: the patent issue alone is a compelling one for us to switch to GPLv3 immediately.
For example, examine how the patents surrounding Microsoft's XML tools from SenderID poisoned public acceptance of the SPF anti-forged-email tools and basically sidelined if not outright ruined the project.
Amen. Samba is critical to a lot of hardware projects, particularly cheap network file servers. The patent protections and anti-Tivoization clauses are vital to keep Jeremy's and Andrew's, and our, work available to us for the future.
Watch what happens as "Trusted Computed", which should have been named "DRM Everything", will play out with DVD or hard drives registered to operate only with certain software, but that software hooked through Samba to provide file access to the contents. As much work as Microsoft spent on it, I expect to see at least a few major holes show up and allow this kind of access.
No, I've seen worse, from people who couldn't imagine a business selling new software and software services rather than keeping your software secret. The worst I've seen was from the same person who, seriously, thought it was better to fight the Taliban in Baghdad rather than in Ohio.
He was a nice person in many ways, but completely confused about a lot of subtler software and political issues. And a big Slashdot fan, too.
No. No, Windows really doesn't. Their services are expensive to license, difficult to support, and a basic security nightmare with useless documentation.
While Samba often tails providing new features of CIFS, formerly SMB, its overall security and robustness and scalability make it clearly superior. It's graceful integration with NFS, FTP, HTTPS, or other services are even better. This is why almost all of those cheap little network storage boxes, and a lot of big ones, rely on Samba. Whenever I've worked with people who haven't drunk the Windows 2003 or Windows NT "managed server" Kool-Aid, they've lept on and been happy with the performance of Samba servers, even in arrays well over 10 Terabytes.
GPL is "free", not merely open. And you don't have to like someone to find part of their beliefs helpful or relevant or very insightfu, but not agree with everything. That's basic science, and basic law, and consistent with what Richard says. Allow people to compete in the world of ideas, just don't take away his or our freedoms to do the same.
Well, no. A competent experienced engineer or the author themselves are the best support plan, with holiday coverage. But even the author doesn't know sometimes. I've been that author, and gone googling for help myself.
It's more against non-supported software in many places, so the helpdesk can know what they're likely to get calls about. It's also useful to have some evidence when you say "Why buy Adobe Acrobat, when 80% of our people are using Ghostview for free?" And it's handy when you need to vet developer code to make sure they didn't just build their new project out of GPL code that you didn't know about, and you'll have to go back and publish it.
Like looking in the refrigerator and seeing what's hiding in that bottom drawer, it seems a useful tool.
Hmm. I'm only slightly kidding. Sociopath is probably not the right diagnosis for them. I'm not a psychaitrist or psychologist, and don't have enough access to their records or their personal behavior, especially that of the notoriously secretive Cheny in his "undisclosed locations" to make such a diagnosis.
But at the level of delusion they're operating at, can you consider them sane?
Also, make no mistake, people who are profoundly insane have existed at the highest levels of power throughout history. Ronald Reagan's diagnosis of Alzheimer's disease was no surprise to anyone who watched the presidential debates and his meandering performance before his second election, and who had ever worked with senile family members at a family wedding. And if G. Gordon Libby during the Nixon adminstration wasn't a sociopath, whom would you diagnose as one? Presidential politics invite megalomania, as do leadership positions of any significant power. Joe McCarthy was paranoid, and apparently delusional: he was clearly bucking for a presidential election.
It's amazing people can stay remotely sane under that level of pressure: I applaud people like Gerald Ford, Jimmy Carter, and Bill Clinton for remaining even remotely sane under that pressure, and keeping some sense of self and of oscale intact.
Agreed. May I suggest buying one of those nice wide-screen terminals for typesetting, and setting it up horizontally? A secretary at a workplace showed me her setup for formatting 8.5" x 11" documents in life-size layouts, and I wanted it instantly for going through code with lots of of empty lines or lines saying "{" on them, to be able to read what they were actually part of.
The concept is easy to grasp. The implementation you suggest is, frankly, nuts. Inserting an additional software interpretation layer, namely of a new and unnecessary markup language purely for visual code interpretation, is wasteful of system resources in code that often needs to run *fast* and needs to run without a lot of other tools available.
Because that kind of ass is rented, not sold. And they tend to charge by the minute.
Some of us actually do that: It's often faster and easier to grab the ISO on-line than for me to try and repair a damaged CD or DVD, and they do get damaged. It does leave the risk of viruses being implanted on the CD or DVD image: that's important to scan. with good quality anti-virus software.
But yes, some of us do actually follow the laws on such things.
You *have* heard of Dick Cheney and Karl Rove, right?
Excuse me, but slapping blockquote or XML-ifying the low-level C or shell script or Perl is...
Goodness, I'm not sure I can explain how wrong that is.
Are you single? Can I bear your children? Or if you have children, can I adopt them and use them to replace the cut&paste Perl programmers I have to keep slapping in the head for bad coding practices?
Because indentation matters. In C, Perl, Python, PHP, and even keeping Java legible, it matters in associating tasks done in the same set of code legible. And line-wrapped code is often more difficult to read.