Like you, I would prefer not to have any regulation requiring updates to computers. You may say I am playing Devil's Advocate or simply starved for debate by suggesting fines for negligent computer users.
However, to continue the discussion with the recall on your automobile: was the mitigating error a manufacturer goof or your goof? If you do not take your car in to get it fixed, do you think the manufacturer should still be held liable? Who would I take to court if the defect that caused your recall (ignored by you) takes off one of my arms?
I'm not sure if negligence in the automobile and land owner examples from my original post leads to civil or criminal cases. If civil, there need not be regulation for computer users... just a way to establish fault. If criminal, then yes -- regulation and the like would be both inevitable and undesirable.
And I believe it's a common axiom, "There's an exception to every rule, except to the rules for which there is no exception." But in this case, there was not a patch available (according to some sources) since the vulnerability was so fresh. I don't mean to say that, because users were trying to protect their computers through a third-party, they shouldn't be held liable -- I meant that because the exploit came so quickly, they should not.
Disclaimer: I am not a lawyer, though I would like to be soon.
But, when a computer operating system producer issues a patch well in advance of an attack, and the public has been urged to apply that patch, how could you say the OS maker is still liable? I'm not speaking specifically of the Witty attack, only of the several attacks of late that involved well-known and ready-fixed patches.
Why don't the intermediate points share liability for passing on the attacking packets? Hell, the operators of the intermediate points are generally trained for their equipment and pay people to monitor traffic and health. (This is making a point; actually I don't want my ISP or any of their providers policing my internet connection.)
I agree very much with you there -- both in what you're saying and with your objection. However, I think there is evidence that enough end computer users take absolutely no responsibility in protecting their computers with even simple patches. Don't you think some small fine (like, as another user suggested) an emissions ticket would be fair?
Now, in the case of Witty it's another story... since those affected were actually taking steps to protect their computers (firewalls).
At the risk of being modded down "Redundant", I would like to again say that yes, a patch is very much like an automobile recall. There are vulnerabilities being exploited even though patches have been available for months (if not years). As I'm sure every Slashdotter knows, the vast majority of computer users/owners just don't care enough to keep their computer up-to-date.
True, patching your computer against vulnerabilities is not exactly like performing routine maintenance on a car (since a computer doesn't actually "degrade" per se). However, I think the analogy still works with regards to the level of effort one should put into both cars and computers.
Perhaps, then, software developers should become more proactive in warning their users of vulnerabilities (as if they're not already). If Microsoft issues a patch, is that not like an automobile manufacturer issuing a recall?
Now, if a computer owner ignores all the warnings of vulnerabilities and active worms and does not patch his computer, that is when I feel he could be held liable for its participation in an attack. Just like with an automobile, a computer owner should take personal responsibility for the great power at his disposal and maintain it with care.
Perhaps not in Witty's case, since it infected computers of people who were taking steps to protect their computers (install firewalls). However, for the vast majority of internet worms, patches are available and a simple ignorance for not keeping up with those patches is not a sufficient defense in my opinion.
What I basically imply with my previous post is that users who are aware of the dangers of having an unpatched computer on the Internet could be found negligent if they fail to keep up with those patches. Even for a novice computer user, if there were cases where computer owners were found negligent for not patching, it would be pretty good incentive for him to at least learn a little about computer security.
If you're car has be sabotaged, and you *know about its resultant defect* you should be held liable. However, I think you are correct in saying that an owner should not be found negligent for unknowingly operating a sabotaged car.
But I think your comparison is incorrect. I meant to liken the non-application of patches by computer users to the car owner who doesn't perform routine preventative maintenance on his vehicle. If a car owner doesn't replace his brakes for 45,000 miles after they first start squeeling (from the metal "warning plate") and they fail, shouldn't he be held liable? Likewise, if a computer user does not follow the recommended Microsoft updates -- or worse, never applies a single patch -- shouldn't he be held liable for damage his machine causes?
For worms before patches, there should of course be no liability on the computer owner's part -- now, on the software developer's part is another story.
ZDNet UK had a preview of Windows XP SP2 recently (see link) that included discussion of the pack's implementation of software-based overflow protection. It also mentions that 64-bit processors include this protection in hardware (NX or "no eXecute"). So, there is a little progress being made.
A driver is responsible for the upkeep of his vehicle if his negligence causes an accident... a property owner is responsible for its upkeep if someone is injured on his property. I don't think it's a very large leap to be able to consider a computer owner liable for its upkeep if it is used in an attack, and I don't think many in this country would object either.
The concept would be at least as workable, in the courts, as any liability legislation is currently.
We need to go back to that world when unix and wang computers dominated the scene. Things were ugly and only techies have the answers.
The above is equivalent to: "We need to go back to that world when horses and carriages dominated the scene. Things were ugly and only blacksmiths have the answers." Therefore, "buggy folks would be worth more".
And of course by "innovators" he means thieves/pirates/whatever. Come on, no one is innovating by making copies of another's work, even if what you consider innovation is making it available in another medium (p2p networks). True innovation occurs in countries where the creator's rights to his work are protected, not in countries where his work belongs to "society" the minute it is made.
For half the cost, and with none of the profit going to the original creator -- thus, future R&D is halted... unless you expect the pirates to do R&D in the future.
That may be how it is, but that isn't how it has to be.
Windows Privacy Tray and GnuPG Made Easy libraries. Works for me, except for a bug when I try to sign and encrypt at the same time... the clipboard tools work for that.
If eMachines had a contract with AMD to sell their 64-bit processors for a certain amount of time (assuming it hasn't expired yet), Gateway must honor that agreement or pay a penalty for breach of contract. I guess your worries depend on how much time is left on the AMD 64-bit contract.
Your theory appears incorrect in Google. If a bunch of porn sites added XFree86 to their pages, wouldn't they also show up in the Holy One? I have a feeling the conspiracy theorists may be right on this one... MSN (or just an employee) intentionally blocked access to "XFree86" on their search engine.
Problem is, what if you copyright a database of all the US Senators e-mail addresses. Does that mean I can't gather that publicly available information and publish it without paying you?
You can independently gather US Senators' e-mail addresses on your own, so long as you don't blatently copy my database. This law, if you read it, is meant to protect the effort that went into creating the database, not necessarily the content of the database. So you cannot simply copy my database of US Senators' e-mail addresses and claim it as your own (and then sell it or "otherwise make available in commerce" as the bill requires). If you put your own effort into creating the database, it's yours to sell. Clear now?
There is one "new" $20 bill on the bottom-right of the first picture. It is not, however, burned that badly. But you're right, I too doubt 1996 series bills could have had RFID tags installed.
At first, I didn't know quite where you were headed with this post. When I read "sometimes, because of the overiding profit motive, the end consumer can be put at a disadvantage, and the natural model can become unbalanced," I was thoroughly confused. Why? Because it is an exact contradiction of the quote that it references:
Without any intervention of law, therefore, the private interests and passions of men naturally lead to divide and distribute the stock of every society, among all the different employments carried on in it, as nearly as possible in the proportion which is most agreeable to the interest of the whole society.
All the different regulations of the mercantile system, necessarily derange more or less this natural and most advantageous distribution of stock.
So it is not the profit motive that disrupts the natural model, but rather government regulations that restrict the free flow of capital from inefficient to efficient areas of the economy.
But that sidetracked me only a little. Reading on in your post, I see that you do in fact blame the government's intervention for the monopoly created by Microsoft. You equate intellectual propert regulations to the regulations that supported the East India Trading Company. To support this claim, you quote Mr. Hetzel as such:
Free markets make the formation of monopoly difficult because monopoly requires the adherence of all actual and potential sellers in a market. Self-interest makes achievement of such adherence difficult because each seller has an incentive to undercut the monopoly price in order to increase his share of the market. Monopoly power is increased or made possible if enforced by the government.
However, in the special case of intellectual property (copyrights, patents, and trade marks), competitors can reproduce exact and perfect copies of a company's goods with basically zero effort or cost. This is especially true in today's economy, where digital reproduction is costless (except for transportation). This allows competitors to literally undercut the "monopoly" price of intellectual property indefinitely, to nearly zero.
Intellectual property (monopoly) protections exist because the government understands that the value in copyrighted, patented, or trade marked goods lie in the high amount of mental effort that went into creating the first copy, not the subsequent physical effort that goes into making further copies.
To quote Ayn Rand:
Every type of productive work involves a combination of mental and physical effort: of thought and of physical action to translate that thought into a material form. The proportion of these to elements varies in different types of work. At the lowest end of the scale, the mental effort required to perform unskilled manual labor is minimal. At the other end, what the patent and copyright laws acknowledge is the paramount role of mental effort in the production of material values; these laws protect the mind's contribution in its purest form: the origination of an idea.
Dan, even a physically-intensive activity like dancing can be turned into intellectual property. Case in point: Lord of the Dance.
The dancers in that show do not have to constantly work to get paid, because they recorded their performance and sold copies of the recording for a profit. The bulk of their mental effort went into choreographing the performance, and without intellectual property protection anyone can copy their performance and sell it without consequence or cost (or effort for that matter).
That's not to say that another dancer cannot expand upon the ideas and methods in Lord of the Dance and create his own performance -- intellectual law allows for that.
You say that you don't tell your students they can't use the knowledge you've passed on to them. However, I'm sure if you choreographed a routine for one of your students and he turned around the next day claiming the performance as his own, you would be upset.
The value of intangible items like songs or software does not come from the physical effort that went into creating another copy, but rather from the mental effort that went into creating the FIRST copy. Like you said, copying an album is trivial, so why pay $15 for a piece of plastic that cost $0.10 to make? Because you're not. You're paying for the ideas/content ON the piece of plastic.
However, to compare the downfall of industries that rely on intellectual property with the downfall of the car industry or the US steel industry is naive. With both of those industries, the ratio of physical-to-mental effort leaned decidedly towards the physical end. Copying a car or forged steel is not a trivial matter. The auto and steel industries faced cheaper competition from abroad, not wholesale misuse/theft by their customers.
The RIAA has taken the freedoms of manufacturing cost management, shipping and storage managment, promotion management, distrobution pricing management, etc. away from the artist. The artist may be much more gifted in any or all of these areas, but the RIAA sees a single vision; which clearly places their own survival well ahead of that of the artist.
You can't seriously believe that a single artist, who is good at making music, is also "much more gifted" at marketing, production, management, etc. etc., than all of the thousands of music industry employees put together, can you? Where is this "uber-artist"? How does he find time to make new music? When can I meet him?
Well, if we're just going to throw out quotes, let me enter the fray:
"Every type of productive work involves a combination of mental and physical effort: of thought and of physical action to translate that thought into a material form. The proportion of these two elements varies in different types of work. At the lowest end of the scale, the mental effort required to perform unskilled manual labor is minimal. At the other end, what the patent and copyright laws acknowledge is the paramount role of mental effort in the production of material values; these laws protect the mind's contribution in its purest form: the origination of an idea."
- Ayn Rand
The term "intellectual property" therefore deliniates effort that is mostly mental from effort that is mostly physical. Value from intellectual property is not derived from the physical effort that went into creating copies of the work (say, pressing a CD or binding a book), but from the mental effort that went into creating the idea (composing a song or writing a story).
When you violate one's intellectual property rights, you disregard the high amount of mental effort (relative to physical effort) that went into creating that work. The "intellectual" modifier does not in fact change the definition property (you can no more use my car without compensating me than you can my music), it simply identifies the proportion of physical and mental effort involved in its creation.
Ah, but you can legally use a patented item that you developed independently... you just can't sell it or otherwise make it available to the public. Patents protect the first inventor's right to sell and distribute the product of their creative minds... they cannot stop you from developing your own for private use.
Try it: write your own VC-9 codec (based on the patent text) and use it only on your own computer (don't give it to anyone else for any price)... Microsoft won't bother you in a million years.
Slashdot Mirror
... in Canada.
However, to continue the discussion with the recall on your automobile: was the mitigating error a manufacturer goof or your goof? If you do not take your car in to get it fixed, do you think the manufacturer should still be held liable? Who would I take to court if the defect that caused your recall (ignored by you) takes off one of my arms?
I'm not sure if negligence in the automobile and land owner examples from my original post leads to civil or criminal cases. If civil, there need not be regulation for computer users ... just a way to establish fault. If criminal, then yes -- regulation and the like would be both inevitable and undesirable.
And I believe it's a common axiom, "There's an exception to every rule, except to the rules for which there is no exception." But in this case, there was not a patch available (according to some sources) since the vulnerability was so fresh. I don't mean to say that, because users were trying to protect their computers through a third-party, they shouldn't be held liable -- I meant that because the exploit came so quickly, they should not.
Disclaimer: I am not a lawyer, though I would like to be soon.
But, when a computer operating system producer issues a patch well in advance of an attack, and the public has been urged to apply that patch, how could you say the OS maker is still liable? I'm not speaking specifically of the Witty attack, only of the several attacks of late that involved well-known and ready-fixed patches.
I agree very much with you there -- both in what you're saying and with your objection. However, I think there is evidence that enough end computer users take absolutely no responsibility in protecting their computers with even simple patches. Don't you think some small fine (like, as another user suggested) an emissions ticket would be fair?
Now, in the case of Witty it's another story ... since those affected were actually taking steps to protect their computers (firewalls).
True, patching your computer against vulnerabilities is not exactly like performing routine maintenance on a car (since a computer doesn't actually "degrade" per se). However, I think the analogy still works with regards to the level of effort one should put into both cars and computers.
Now, if a computer owner ignores all the warnings of vulnerabilities and active worms and does not patch his computer, that is when I feel he could be held liable for its participation in an attack. Just like with an automobile, a computer owner should take personal responsibility for the great power at his disposal and maintain it with care.
What I basically imply with my previous post is that users who are aware of the dangers of having an unpatched computer on the Internet could be found negligent if they fail to keep up with those patches. Even for a novice computer user, if there were cases where computer owners were found negligent for not patching, it would be pretty good incentive for him to at least learn a little about computer security.
But I think your comparison is incorrect. I meant to liken the non-application of patches by computer users to the car owner who doesn't perform routine preventative maintenance on his vehicle. If a car owner doesn't replace his brakes for 45,000 miles after they first start squeeling (from the metal "warning plate") and they fail, shouldn't he be held liable? Likewise, if a computer user does not follow the recommended Microsoft updates -- or worse, never applies a single patch -- shouldn't he be held liable for damage his machine causes?
For worms before patches, there should of course be no liability on the computer owner's part -- now, on the software developer's part is another story.
ZDNet UK had a preview of Windows XP SP2 recently (see link) that included discussion of the pack's implementation of software-based overflow protection. It also mentions that 64-bit processors include this protection in hardware (NX or "no eXecute"). So, there is a little progress being made.
The concept would be at least as workable, in the courts, as any liability legislation is currently.
And of course by "innovators" he means thieves/pirates/whatever. Come on, no one is innovating by making copies of another's work, even if what you consider innovation is making it available in another medium (p2p networks). True innovation occurs in countries where the creator's rights to his work are protected, not in countries where his work belongs to "society" the minute it is made.
For half the cost, and with none of the profit going to the original creator -- thus, future R&D is halted ... unless you expect the pirates to do R&D in the future.
That may be how it is, but that isn't how it has to be.
Windows Privacy Tray and GnuPG Made Easy libraries. Works for me, except for a bug when I try to sign and encrypt at the same time ... the clipboard tools work for that.
If eMachines had a contract with AMD to sell their 64-bit processors for a certain amount of time (assuming it hasn't expired yet), Gateway must honor that agreement or pay a penalty for breach of contract. I guess your worries depend on how much time is left on the AMD 64-bit contract.
You caught me, though I never meant to imply otherwise. Sorry if I offended in you in any way.
Your theory appears incorrect in Google. If a bunch of porn sites added XFree86 to their pages, wouldn't they also show up in the Holy One? I have a feeling the conspiracy theorists may be right on this one ... MSN (or just an employee) intentionally blocked access to "XFree86" on their search engine.
You can independently gather US Senators' e-mail addresses on your own, so long as you don't blatently copy my database. This law, if you read it, is meant to protect the effort that went into creating the database, not necessarily the content of the database. So you cannot simply copy my database of US Senators' e-mail addresses and claim it as your own (and then sell it or "otherwise make available in commerce" as the bill requires). If you put your own effort into creating the database, it's yours to sell. Clear now?
There is one "new" $20 bill on the bottom-right of the first picture. It is not, however, burned that badly. But you're right, I too doubt 1996 series bills could have had RFID tags installed.
So it is not the profit motive that disrupts the natural model, but rather government regulations that restrict the free flow of capital from inefficient to efficient areas of the economy.
But that sidetracked me only a little. Reading on in your post, I see that you do in fact blame the government's intervention for the monopoly created by Microsoft. You equate intellectual propert regulations to the regulations that supported the East India Trading Company. To support this claim, you quote Mr. Hetzel as such:
However, in the special case of intellectual property (copyrights, patents, and trade marks), competitors can reproduce exact and perfect copies of a company's goods with basically zero effort or cost. This is especially true in today's economy, where digital reproduction is costless (except for transportation). This allows competitors to literally undercut the "monopoly" price of intellectual property indefinitely, to nearly zero.
Intellectual property (monopoly) protections exist because the government understands that the value in copyrighted, patented, or trade marked goods lie in the high amount of mental effort that went into creating the first copy, not the subsequent physical effort that goes into making further copies.
To quote Ayn Rand:
The dancers in that show do not have to constantly work to get paid, because they recorded their performance and sold copies of the recording for a profit. The bulk of their mental effort went into choreographing the performance, and without intellectual property protection anyone can copy their performance and sell it without consequence or cost (or effort for that matter).
That's not to say that another dancer cannot expand upon the ideas and methods in Lord of the Dance and create his own performance -- intellectual law allows for that.
You say that you don't tell your students they can't use the knowledge you've passed on to them. However, I'm sure if you choreographed a routine for one of your students and he turned around the next day claiming the performance as his own, you would be upset.
However, to compare the downfall of industries that rely on intellectual property with the downfall of the car industry or the US steel industry is naive. With both of those industries, the ratio of physical-to-mental effort leaned decidedly towards the physical end. Copying a car or forged steel is not a trivial matter. The auto and steel industries faced cheaper competition from abroad, not wholesale misuse/theft by their customers.
You can't seriously believe that a single artist, who is good at making music, is also "much more gifted" at marketing, production, management, etc. etc., than all of the thousands of music industry employees put together, can you? Where is this "uber-artist"? How does he find time to make new music? When can I meet him?
The term "intellectual property" therefore deliniates effort that is mostly mental from effort that is mostly physical. Value from intellectual property is not derived from the physical effort that went into creating copies of the work (say, pressing a CD or binding a book), but from the mental effort that went into creating the idea (composing a song or writing a story).
When you violate one's intellectual property rights, you disregard the high amount of mental effort (relative to physical effort) that went into creating that work. The "intellectual" modifier does not in fact change the definition property (you can no more use my car without compensating me than you can my music), it simply identifies the proportion of physical and mental effort involved in its creation.
Try it: write your own VC-9 codec (based on the patent text) and use it only on your own computer (don't give it to anyone else for any price) ... Microsoft won't bother you in a million years.