http://www.cdt.org/crypto/admin/000110cryptoregs.s html
Skip down to the words "open source".
"3. Also in 740.13, to, in part, take into account the "open source" approach to software development, (snip) Looks good to me!:-) Am I missing anything?
Yes. To start with, 740.13(e) applies only to source code. I don't see anything in the regulations which gives special dispensations to binaries generated from such code, so if you wanted to host compiled binaries on your (U.S.) site along with the source code, then I believe you would have to formally apply to BXA and request classification of your software; based on the results of that request you might be able to export the binaries under the ENC license exception (e.g., using 740.17(a)(2) or 740.17(a)(3), depending on whether the products get "retail" status or not). However you might have to implement access controls on the binaries beyond what you have on the source code, for example to prevent download requests from "government end-users" and the "T7" nations (North Korea, Iran, Iraq, etc.)
If your source code implements an "open cryptographic interface" (e.g., something like the RSA PKCS#11 API) then your binaries are even more tightly controlled, and it looks as if you might have to apply for a formal export license (as opposed to using a license exception); see 740.15(f). (But again, this restriction does not apply to the source code, just the binaries.)
Next, there's the issue of prohibitions against "technical assistance", per 744.9. These prohibitions appear to be moot in the case of assistance with source code, based on the language in 744.9(a) that says it doesn't apply when you're already "entitled to export the encryption commodities and software in question to the foreign person(s) receiving the assistance." However 744.9 appears to still apply in some cases like where the person you're providing the assistance to is a national of North Korea, etc.
(The new regulations don't give you any blanket exemption from "knowingly exporting or reexporting" stuff to the "T7" nations; 740.13(e)(2) only gives you a specific "safe harbor" to put stuff up for public download without triggering the "T7" prohibitions. However that doesn't cover cases like export or assistance via email.)
Then there's the issue of combining U.S. and non-U.S. open source encryption source code, both in the U.S. and elsewhere. Based on 740.17(d), "foreign products" including U.S. encryption source code don't require BXA review or classification, and can be freely exported from the U.S. However there still might be issues here due to language elsewhere in the regulations. The prior regulations had some complicated "de minimis" language which in effect made it illegal for non-U.S. code imported into the U.S. to then be exported out again, even if the non-U.S. code had no U.S. content at all, and I'm not sure yet if vestiges of that might not be lurking somewhere.
740.17(d) also states that "foreign products" incorporating U.S. source code are "subject to the EAR". This I'm sure will alarm some people outside the U.S., but I don't know if this actually would cause any problems in practice. It may be directed at persons under U.S. jurisdiction, to alert them that they still have to follow U.S. regulations when exporting such "foreign products"; it may also be intended to give the U.S. government leverage over non-US persons or companies who might export such products to "T7" nations.
So at least in my opinion the effect of the new regulations on FSBs is not entirely straightforward, and I think we'll have to wait for further public review of the regulations to see if some of this becomes clearer.
For many companies, Red Hat included, it is far easier to justify "giving away the crown jewels" if you are guaranteed that your competitors won't be able to tweak them with a new feature and outsell you because they have the feature and you cannot figure out how they did it. For that reason companies that "give away the farm" feel far safer putting it under a GPL than they do a BSD license.
A few weeks ago a copy of an earlier draft was sent past a mailing list I am on with a request for feedback. I couldn't make heads or tails of it and I said so, but I sent back a simple test case which I considered the minimum necessary for the relaxation to be meaningful. (My case was whether code to handle SSL could be distributed standard with Perl on the main ftp sites, allowing Perl programmers to retrieve https protected pages.)
Others on the list actually went a lot further and managed to show that with the way it was written open source could be exported only if it met a restriction which was, oh my, impossible for open source software to meet!
Well it looks like they took account those comments. The current language is unambiguous about open source being permissable, and unambiguously lets SSL modules to be put on CPAN.:-)
Oh right, and the presiden tial powers bear examining. Particularly the section on treaties. US treaties can override other types of laws. (Which is why the Seattle protests against the WTO happened.)
Just for completeness, I should mention the proper judicial authority. Like it or not, the courts interpret the laws. And if their interpretations don't match the original author's intentions, such is life. (Sometimes this is necessary. For instance the inclusion of women in the Civil Rights Act of 1963 was intended to help sink the bill. It was accidentally left in as the bill was passed in memory of JFK and thus history was made...)
But I agree with you that in the last century the US federal government has stretched its authority well beyond what the Constitution ever intended. Whether this was the wrong thing to do is another question...
You said this was your "knee-jerk reaction" and you were right. Now go back and read the intro.
Personally I have far less objection to the fact that it is on the ballot (even though I disagree with the initiative) than I do to the way that they are trying to make sure that only one side will be voting.
If you are a Republican then you can go vote for your primary and discover this issue. (Probably stated on the ballot in a slanted way.)
If you are a Democrat you have to have heard about this issue and go there only to vote.
Additionally primaries generally attract only the fringe of each party. To win in the primaries Republicans have to take positions far right of where they will portray themselves in the general election, and Democrats have to go left of where they go for the general election.
The result is that the vote was arranged in a way where only the right-wing fringe will realistically vote. Where then are the rights of the majority? If the same ballot were put in November's election, then I would object far less. But it is not, and it is not because the authors don't want this to be a fair election.
An additional, peripheral, issue here is that many whose taxpayer money is being decided don't have a vote. This vote is only open to residents of the city, not to outlying community who use the library and whose taxes help pay for it. This too subverts the principle of democracy, however without evidence that the attitudes in the city and surrounding community differ I would not call it a malicious perversion of the principles of democracy.
But the vote given is a malicious perversion of the principles of democracy. I consider this type of tactic no better than Stalin's using his position as Secretary to hold important votes at which he had arranged that a quorum would get the news of the vote in time to show up, and that quorum was handpicked to vote how he wanted them to vote. Secretary was not originally intended to mean "leader of the USSR" but Stalin made it that.
The above coward is drawing a completely bogus comparison between Open Source and cheating. Open Source is not about copying other people's work. It is about building on what has been done and made publically availablle so you can do more. It coincidentally has significant advantages as a software development mechanism.
It is no more cheating for me to work in Perl than it is cheating for me to write a math paper and quote results that someone else proved.
Real systems are complex. You are not going to figure them out from scratch on your own. And, no matter how good OSS is, they are going to fail from time to time. If you don't actually understand what is going on, you won't be able to trouble-shoot your problems. Here is what happened to me over the weekend. My boss was headed off to a conference, and on his copy of a Linux machine root could login, ordinary users could not, and some of the CGI programs were broken. What was wrong? Turned out the disk was full.
This certification exam is meant to separate out the people who actually understand what is going on from those who are just guessing and copying what they don't understand. I am not an administrator, but I was better than someone with that bozo's pathetic attitude.
Ah, why am I bothering to respond to this imbicile?
Well we have had good news (the Caldera settlement) and bad news (the Supreme Court won't hear this case). But the bad news was largely expected and so should be already factored into the market. And the good news was a complete surprise so it is not.
It is amazing who can get a short-term loan if they walk into a bank with an option on a guaranteed profit. In fact if you do this you will have no choice but to sell immediately to pay back the loan...
Whether there does for your faith is another matter. But many deeply religious people who also understand science quite well have found what they consider acceptable reconcillations of science and religion, including Martin Gardner, Frank Tippler (though his reconciliation seems to be crazy to me), Larry Wall and many, many more.
Additionally most of what you have to say about determinism etc is not necessarily true. For instance both Bohm's interpretation and the Everett interpretation of QM are complete deterministic (in extremely different ways) so determinism and QM can definitely co-exist. (Though Everett's view does make it hard to state what the future - or even the present - really is.)
OTOH there is nothing produced in science that in the slightest will shake up an atheist's belief that religion is a series of made-up stories. By contrast there are many religious positions that science flatly contradicts. (Which is why people resist trying to understand Evolution.) So while some religious positions have no issues, others, well...
Cheers, Ben
PS In case it matters (it shouldn't) I personally am an atheist.
Seriously, if you understand GR, then you understand as non-intuitive as it may be, it is quite possible that there was no "before the Big Bang" to talk about. Time only makes sense within the space-time manifold, and we have reason to believe that the manifold has a boundary there.
First the twinned photons. This is the infamous EPR effect, where two photons "remain connected and aware of each other" even though they are separated. However it cannot be used to transmit information. Huh? Well there is a simple demonstration of that, and here is a layman's outline.
First of all, have you heard of different interpretations of QM? The truth is that we don't really understand QM, but there are various "interpretations" of it, any of which fits with the world we see. They all say that we will see the same things, so we cannot run an experiment and say which is right. However the flip side of that is that whatever is true in one, is also true in any other.
Well the Everett Interpretation is one interpretation. In this interpretation when we observe an event and think that we observe a collapse of a quantum mechanical state, there is no collapse. Instead we have merely become entangled with the event, and there are now several of us, who don't interact with each other.
Thinking in terms of that cat, the cat is both dead and alive before you open the box, and is STILL both dead and alive after you open it. However there are now two of you, one of which saw the dead cat, one of which saw the live one. And since the two of you cannot interact, you both think that the alive/dead state of the cat collapsed!
OK, got that? Good, now we are going to use it.:-)
In the EPR effect there are two photons which two people observe in two places. When they come back together they realize that what one observed affected what the other observed, even though that would take communication faster than light. At least that is what it looks like.
But wait! In the Everett interpretation if person A observes photon 1 and person B observes photon 2, then A and B both split when they observe the photons. All that the quantum says is which copy of A will meet which copy of B. But that is a prediction about a future event that takes place below the speed of light (person A walks over to B and asks how it is going). In A's region there is in fact no extra information gained about B's region at all. So no information was transferred!
The other question you had was tunnelling. Well that is similar. With tunnelling you set things up and can show after the fact that some of the electrons went across faster than light. Cool. Some of them might even have gone backwards in time. Ultra-cool.
However the receiver cannot figure out which ones did this until after the fact, and amazing as it sounds, no action on the sender's side will affect what the receiver is seeing until after light could have travelled from the sender to the receiver.
When the Superonducting Supercollider project died a few years ago, I remember people in other areas (eg fluid mechanics) saying that it was good because big colliders cost so much, only matter to a small portion of the scientific community, and even a small fraction of the money would do a lot more good in other areas of science.
Being a prominent member of the high energy physics community you must have had to deal with these people. How do you answer their argument?
An anonymous coward pointed me at Stuart Chesire's home page which has a lot of interesting rants, including a technical white-paper on latency that almost exactly matches what John Carmack just wrote.
And I thought that it was just to waste time and make the girl next to me in the lab (who was an awesome player) swear constantly!
I remember that game. Whoo boy do I remember it! Too bad it didn't survive the PowerPC transition.:-( (OK, it got rewritten, but it was simply never the same.)
Until you have read The Mythical Man Month you won't understand why things keep on not working out. You won't understand why Microsoft can throw thousands of programmers at something and come out with a POS. You won't understand why the quality of Open Source shocked Eric Raymond. And you won't appreciate Eric Raymond's "loophole" to Brooks law - primary development does not scale, debugging does.
Seriously, if you want to understand how this industry works, read this books. Then start reading other classics like Code Complete. They are classic for a reason, and if you think that you know it but you have not read them, odds are you probably don't really know it...
Slashdot Mirror
If they scan your computer and find you have an email server (which a lot of Linux users do for personal use) will it be shut down?
Wondering...
Ben
Forgot to say who did that (very nice) analysis.
It was Frank Hecker...
Cheers,
Ben
*sigh*
Ben
For many companies, Red Hat included, it is far easier to justify "giving away the crown jewels" if you are guaranteed that your competitors won't be able to tweak them with a new feature and outsell you because they have the feature and you cannot figure out how they did it. For that reason companies that "give away the farm" feel far safer putting it under a GPL than they do a BSD license.
Cheers,
Ben
They don't stop you or even slow you. You send an email and also put a link up. That is it.
You know, free speech also protects your right to hold a march downtown. You still have to notify the city, etc to do so.
Regards,
Ben
Open Source software can be released "without review" but the first person to do so has to send them the URL. :-)
I can live with that restriction...
Cheers,
Ben
A few weeks ago a copy of an earlier draft was sent past a mailing list I am on with a request for feedback. I couldn't make heads or tails of it and I said so, but I sent back a simple test case which I considered the minimum necessary for the relaxation to be meaningful. (My case was whether code to handle SSL could be distributed standard with Perl on the main ftp sites, allowing Perl programmers to retrieve https protected pages.)
:-)
Others on the list actually went a lot further and managed to show that with the way it was written open source could be exported only if it met a restriction which was, oh my, impossible for open source software to meet!
Well it looks like they took account those comments. The current language is unambiguous about open source being permissable, and unambiguously lets SSL modules to be put on CPAN.
Cheers,
Ben
The above post may be offtopic, yes, but I think that it is definitely of general interest and should be moderated up.
YMMV but that is my opinion.
Cheers,
Ben
Why not read the relevant section for yourself?
Oh right, and the presiden tial powers bear examining. Particularly the section on treaties. US treaties can override other types of laws. (Which is why the Seattle protests against the WTO happened.)
Just for completeness, I should mention the proper judicial authority. Like it or not, the courts interpret the laws. And if their interpretations don't match the original author's intentions, such is life. (Sometimes this is necessary. For instance the inclusion of women in the Civil Rights Act of 1963 was intended to help sink the bill. It was accidentally left in as the bill was passed in memory of JFK and thus history was made...)
But I agree with you that in the last century the US federal government has stretched its authority well beyond what the Constitution ever intended. Whether this was the wrong thing to do is another question...
Regards,
Ben
You said this was your "knee-jerk reaction" and you were right. Now go back and read the intro.
Personally I have far less objection to the fact that it is on the ballot (even though I disagree with the initiative) than I do to the way that they are trying to make sure that only one side will be voting.
If you are a Republican then you can go vote for your primary and discover this issue. (Probably stated on the ballot in a slanted way.)
If you are a Democrat you have to have heard about this issue and go there only to vote.
Additionally primaries generally attract only the fringe of each party. To win in the primaries Republicans have to take positions far right of where they will portray themselves in the general election, and Democrats have to go left of where they go for the general election.
The result is that the vote was arranged in a way where only the right-wing fringe will realistically vote. Where then are the rights of the majority? If the same ballot were put in November's election, then I would object far less. But it is not, and it is not because the authors don't want this to be a fair election.
An additional, peripheral, issue here is that many whose taxpayer money is being decided don't have a vote. This vote is only open to residents of the city, not to outlying community who use the library and whose taxes help pay for it. This too subverts the principle of democracy, however without evidence that the attitudes in the city and surrounding community differ I would not call it a malicious perversion of the principles of democracy.
But the vote given is a malicious perversion of the principles of democracy. I consider this type of tactic no better than Stalin's using his position as Secretary to hold important votes at which he had arranged that a quorum would get the news of the vote in time to show up, and that quorum was handpicked to vote how he wanted them to vote. Secretary was not originally intended to mean "leader of the USSR" but Stalin made it that.
Sincerely,
Ben Tilly
Even if they have agreed to do the project, come up with funding, etc it still takes a year or more to come out.
:-)
Even after they have done the filming, it still takes many months before it comes out.
In short, don't expect to see it this millennium.
Cheers,
Ben
The above coward is drawing a completely bogus comparison between Open Source and cheating. Open Source is not about copying other people's work. It is about building on what has been done and made publically availablle so you can do more. It coincidentally has significant advantages as a software development mechanism.
It is no more cheating for me to work in Perl than it is cheating for me to write a math paper and quote results that someone else proved.
Real systems are complex. You are not going to figure them out from scratch on your own. And, no matter how good OSS is, they are going to fail from time to time. If you don't actually understand what is going on, you won't be able to trouble-shoot your problems. Here is what happened to me over the weekend. My boss was headed off to a conference, and on his copy of a Linux machine root could login, ordinary users could not, and some of the CGI programs were broken. What was wrong? Turned out the disk was full.
This certification exam is meant to separate out the people who actually understand what is going on from those who are just guessing and copying what they don't understand. I am not an administrator, but I was better than someone with that bozo's pathetic attitude.
Ah, why am I bothering to respond to this imbicile?
Ben
Looking through Brainbench's list of certifications that they offer, I noticed that they offered a Linux Administrator offering.
Are we heading for a world where certifications become like standards, there are just so many to choose from?
How worthwhile are any of these anyways?
Cheers,
Ben
Personally if I were an advertiser who had paid money for an ad or logo that was edited out of a live shot, I would want to sue.
If I were the owner of a building who had chosen not to have a billboard and one was plastered on anyways for the evening news, I would want to sue.
But would either have a case?
Wondering,
Ben
I would expect MSFT stock to rise today.
Why?
Well we have had good news (the Caldera settlement) and bad news (the Supreme Court won't hear this case). But the bad news was largely expected and so should be already factored into the market. And the good news was a complete surprise so it is not.
Ah well, we will find out in a few hours...
Cheers,
Ben
It is amazing who can get a short-term loan if they walk into a bank with an option on a guaranteed profit. In fact if you do this you will have no choice but to sell immediately to pay back the loan...
Cheers,
Ben
Whether there does for your faith is another matter. But many deeply religious people who also understand science quite well have found what they consider acceptable reconcillations of science and religion, including Martin Gardner, Frank Tippler (though his reconciliation seems to be crazy to me), Larry Wall and many, many more.
Additionally most of what you have to say about determinism etc is not necessarily true. For instance both Bohm's interpretation and the Everett interpretation of QM are complete deterministic (in extremely different ways) so determinism and QM can definitely co-exist. (Though Everett's view does make it hard to state what the future - or even the present - really is.)
OTOH there is nothing produced in science that in the slightest will shake up an atheist's belief that religion is a series of made-up stories. By contrast there are many religious positions that science flatly contradicts. (Which is why people resist trying to understand Evolution.) So while some religious positions have no issues, others, well...
Cheers,
Ben
PS In case it matters (it shouldn't) I personally am an atheist.
See the press release.
Ben
Seriously, if you understand GR, then you understand as non-intuitive as it may be, it is quite possible that there was no "before the Big Bang" to talk about. Time only makes sense within the space-time manifold, and we have reason to believe that the manifold has a boundary there.
Cheers,
Ben
You have 2 questions really.
:-)
First the twinned photons. This is the infamous EPR effect, where two photons "remain connected and aware of each other" even though they are separated. However it cannot be used to transmit information. Huh? Well there is a simple demonstration of that, and here is a layman's outline.
First of all, have you heard of different interpretations of QM? The truth is that we don't really understand QM, but there are various "interpretations" of it, any of which fits with the world we see. They all say that we will see the same things, so we cannot run an experiment and say which is right. However the flip side of that is that whatever is true in one, is also true in any other.
Well the Everett Interpretation is one interpretation. In this interpretation when we observe an event and think that we observe a collapse of a quantum mechanical state, there is no collapse. Instead we have merely become entangled with the event, and there are now several of us, who don't interact with each other.
Thinking in terms of that cat, the cat is both dead and alive before you open the box, and is STILL both dead and alive after you open it. However there are now two of you, one of which saw the dead cat, one of which saw the live one. And since the two of you cannot interact, you both think that the alive/dead state of the cat collapsed!
OK, got that? Good, now we are going to use it.
In the EPR effect there are two photons which two people observe in two places. When they come back together they realize that what one observed affected what the other observed, even though that would take communication faster than light. At least that is what it looks like.
But wait! In the Everett interpretation if person A observes photon 1 and person B observes photon 2, then A and B both split when they observe the photons. All that the quantum says is which copy of A will meet which copy of B. But that is a prediction about a future event that takes place below the speed of light (person A walks over to B and asks how it is going). In A's region there is in fact no extra information gained about B's region at all. So no information was transferred!
The other question you had was tunnelling. Well that is similar. With tunnelling you set things up and can show after the fact that some of the electrons went across faster than light. Cool. Some of them might even have gone backwards in time. Ultra-cool.
However the receiver cannot figure out which ones did this until after the fact, and amazing as it sounds, no action on the sender's side will affect what the receiver is seeing until after light could have travelled from the sender to the receiver.
Cheers,
Ben
When the Superonducting Supercollider project died a few years ago, I remember people in other areas (eg fluid mechanics) saying that it was good because big colliders cost so much, only matter to a small portion of the scientific community, and even a small fraction of the money would do a lot more good in other areas of science.
Being a prominent member of the high energy physics community you must have had to deal with these people. How do you answer their argument?
Thanks,
Ben
An anonymous coward pointed me at Stuart Chesire's home page which has a lot of interesting rants, including a technical white-paper on latency that almost exactly matches what John Carmack just wrote.
(Lots of other good rants as well...)
Cheers,
Ben
Thanks to the ever-handy Google I quickly tracked down his home page with all sorts of things like his Latency rant. Lots of other reading material...
Cheers,
Ben
And I thought that it was just to waste time and make the girl next to me in the lab (who was an awesome player) swear constantly!
:-( (OK, it got rewritten, but it was simply never the same.)
I remember that game. Whoo boy do I remember it! Too bad it didn't survive the PowerPC transition.
Cheers,
Ben
Seriously.
Until you have read The Mythical Man Month you won't understand why things keep on not working out. You won't understand why Microsoft can throw thousands of programmers at something and come out with a POS. You won't understand why the quality of Open Source shocked Eric Raymond. And you won't appreciate Eric Raymond's "loophole" to Brooks law - primary development does not scale, debugging does.
Seriously, if you want to understand how this industry works, read this books. Then start reading other classics like Code Complete. They are classic for a reason, and if you think that you know it but you have not read them, odds are you probably don't really know it...
Cheers,
Ben