No they aren't. They are trying not to pay anyone. They committed large-scale commercial copyright infringement. Then, in response to a lawsuit, they tried to cut a deal.
As a previous manager once had in his.sig: it's often easier to ask forgiveness than permission.
A lot of civil rights have been advanced by "doing" instead of "asking" and then demanding that society respond. Now, this isn't on the same civil-rights level as a black woman sitting at the front of a bus, but it's still civil rights nonetheless. Google may be less altruistic than Ms Parks, but it's still a discussion that needed opening.
There is no such thing as perfectly-secure. They could already be hacked today, this isn't changing that. It merely introduces a new attack vector: the VM sandbox.
If the ROI is there, this can be mitigated. If they create a cloud using their existing hardware, and move their own apps into a priority cloud on that hardware, and sell the excess CPU time, then not only does an attacker need to figure out what VM they are in, and what, if any, vulnerabilities there are in that VM that they can exploit, they have to cause the parent virtual machine (let's face it, there's no reason why a virtual cloud needs to be sitting on physical hardware directly - and, for this purpose, AIX, Sun, and the mainframe are already on virtual machines anyway) to run arbitrary code that would then go and find other virtual machines, find the one of interest, and then cause THAT virtual machine to give up information.
Breaking IN to a virtual machine might prove more difficult than breaking OUT of a virtual machine. And you may need to break in to all of them just to find the one you need.
Security by obscurity isn't the same as no security. It's not perfect, but it does reduce the exposure.
And, besides, maybe they only sell CPU time to other corporations where they can better track who has access to what, with passworded VPNs that only go directly to the cloud that the password given grants access to.
It's all about ROI, and whether they can make it work while improving their overall financial picture. I bet they can. I'm not betting whether they do or not.
Webster's has anime as a Japanese import, but not otaku or hentai, both of which are also widely used in the English-speaking world.
I'm not sure your English-speaking world and my English-speaking world have much overlap if "otaku" (which I've never heard of before now) and "hentai" are "widely-used".
I'm not sure if you've ever worked with a lawyer before.
First, you threaten with an oversized, spiked club. Then, if the defendant has an expensive enough lawyer, you start to peel back the ludicrous claims such that you end up with a "compromise" agreement.
Drives me up the wall to deal with the corporate lawyers.
You don't compare the cost of your DB license against that of your bandwidth cost. That's apples and oranges. Moreover, they're orthogonal costs.
You compare the cost of your DB license against that of its competitors. So, you compare the cost of Oracle vs DB2 vs MSSQL vs PostGREsql vs MySQL vs Teradata, etc. Of course, some of these may affect your bandwidth cost (going with MSSQL will mandate Windows servers which may require a different hosting plan if you aren't self-hosting), but mostly don't affect it, so they're separate concerns.
So then the question is: is Oracle expensive for its performance compared to DB2, MSSQL, etc? If you believe the answer to be yes, and I doubt that you, specifically do, but others might, then saying "Oracle costs a lot" is warranted. I am explicitly not saying what I think so as not to cloud the issue here.
If you think Oracle is an outright steal for your requirements, and I'm sure many who work at Oracle would say so, then I'm sure you could argue that Oracle is not only not expensive, but the only obvious choice. And you might be right. At the same time as others might be right about Oracle being overpriced for their purposes.
One possibility, and I've not looked into this so this may not represent reality, is bundling: Oracle may bundle everything, and make you pay for most of it. DB2, as an example, may have everything in little pieces. With Oracle, if you need most of the bundle, you're getting a deal because IBM would nickle-and-dime you to death. But, for others who may not need much over and above plain SQL access to their data, DB2 would be far cheaper. And you'd both be right.
And both would be more expensive than the average developer's salary, make it look to the underinformed that both are expensive, whereas they probably will save your company more than their cost in development of an in-house equivalent that has similar performance and reliability.
Well, according to Gender Guesser, you come across as: Genre: Informal
Female = 530
Male = 892
Difference = 362; 62.72%
Verdict: MALE
It's been going on for ages.
Because nuking enemy territory from space, while the only way to be sure, might be a bit obvious as to the source. Merely poisoning their water supply with a cancer-creating virus would be far less obvious.
Actually, my question isn't why they aren't rushing 3.6.2 out the door. It's why they aren't rushing 3.6.0.1 out the door with a backfitted patch. Presumably 3.6.2 was already in development with a laundry list of other defects patched, and probably some (hopefully minor, if at all) features added. You don't want to rush that out the door. However, backfitting a security patch back into the already-available streams would be a good thing, even if the next official release is "merely" two weeks away. Especially for a zero-day in-the-wild-exploitable security flaw.
I know, I know. And yet, I'm not entirely convinced that it's better to have the apps you want/need while helping to send spam, and have your personal information sold to not just the highest bidder but to all bidders, running Windows, than it is to be secure on Linux, and be forced to make do with either no app, or simply a different app (not always worse) and have to learn something different.
It's a matter of priorities. Do I want to a) fight Windows security and have the apps I want, b) ignore security and have the apps I want, or c) have security, but have to learn some other app, or maybe do without that app.
Personally, I run XP inside VirtualBox on Linux, and only the apps I *must* run on Windows are in the virtual machine, everything else I do on Linux, even if it's not quite as polished as the Windows alternative, because when you combine the polish of the drivers with the security of the OS, I still think the Linux side comes out ahead. And I run git drivers for my ATI video card - not exactly the most stable way to go.
Right. And what do you propose as a way to get people to toe the line? Specifically, your line? Are you going to convene grand juries and prosecute the superstitious until they capitulate? And if they hold too dear to their beliefs, maybe we should just imprison them? I mean, tossing them to the lions seems far too antiquated.
I know, we can call these brave souls who prosecute the superstitious "inquisitors" since they're just inquiring into the superstitious beliefs, right? I got it, we'll call the whole thing an "inquisition"! I'm sure we've never seen one of THOSE before. I know I wouldn't expect it...
Well, if you hadn't stopped for a quickie with your girlfriend 100km away, your wife probably wouldn't have been so mad.
Ah, hell, what am I talking about. This is/. - you went to the nearest internet cafe and spent five hours playing WoW Online or something. THAT's why she's mad.
No, socialism isn't about helping the population - that's just the buzzwords they use to convince people to join their cause or vote for them (all parties have them, none follow through once they're in power - elections are about power, not ideology). If it were really socialism, the focus would be on taking from those who have, and giving to those who don't. Whereas what you guys just went through was taking from those who don't have (taxpayers) and giving to the rich (financial executives). Not socialism at all.
Nor is it on the extreme right wing: fascism. That'd be the case only if the government nationalised, say, a car company or something, just to keep the jobs going to prop up the government. It can't be that because the Democrats are left-wing. Right?
I still say that Capitalism deserves a constitutional amendment in the US prohibiting bailouts for corporations (without prohibiting bailouts for individuals - sorry, if a disaster hits and kills your business, you should have had insurance... and if it was your fault, well, then that company really should go under to make room for companies that don't do stupid things - but if a bank does go under, FDIC still is valid for your savings). If the security blanket was taken away, I don't think regulation would necessarily be required to keep banks afloat. They'd stop doing stupid things. And they'd probably spend more time lobbying against stupid government involvement, such as any encouragement to give out mortgages to those who can't afford it, just to keep themselves afloat.
Oh, and I seem to recall President Carter coming out late in Dubya's term against whatever Dubya was doing at the time.
Some would argue that then-Senator (now Secretary of State) Clinton should thus not publicly criticise the President since she is the former President in all but name;-)
However, that's not what this is about. It's about Clinton actually supporting the invasion. And, after a quick googling, I found I got it backward: it wasn't invading Afghanistan, it was invading Iraq that President Clinton was approving, which was, and still is, more contentious. Clinton probably saw the receipts from when the US sold Saddam those WMDs, and thus would be convinced of the merits of invasion.
Clinton could have sat idly by, and simply smiled and waved anytime someone asked him his opinion of Dubya's plans to invade. That would be "no public criticising". That's not what he did. Clinton actually said he approved of the invasion, even if not all the details of how - both approving and criticising. Maybe he didn't get the memo.
Why isn't he publicly calling for the attorney general and ministry of justice to investigate and prosecute all of the illegal activities perpetrated by Bush administration officials?
You, sir, don't understand politics very well.
The simple reason is that once you open that can of worms where investigations are opened against previous administrations by later ones, you'll not only validate nutjob conspiracy theorists, you'll also end up with investigations of even earlier presidents (do we want Clinton-era investigations reopened, especially since President Clinton is now the Secretary of State? Er, I mean his wife?), which won't do your own party any good.
And then, the next time a Republican gets into the White House, they'll open an investigation, whether warranted or not, on your own administration. No, better to leave Pandora's box well enough alone so you have a chance at escaping your term with some level of (possibly faked) integrity.
Further, such an investigation would inevitably lead the population to trust the office of President even less, which would be disastrous for the sitting President.
Of course, even with all of that, I have my own conspiracy theories on the situation: once sworn in, the new President is exposed to top-secret information that the rest of us don't know about which actually entirely justifies the previous administration's actions in the controversial areas, and ending those programs would have mortal consequences for the United States. I was very curious back in 2001 when President Bill Clinton (I'm not an American, but I think I've heard that once you get that title, you retain it even after leaving office) came out in support of Dubya's Al Queda conclusion, and his plans to topple the Taliban. (I don't remember him getting any air time on the issue of Iraq.) That made it sound to me like there was some other information that we weren't privy to that Clinton would have been aware of, having just completed his term not long ago, at that time, which would have made even the Democratic former president a believer in the mission, even when the House/Senate leaders of the Democrats were against it.
Now that he's in power, President Obama is also privy to the same information. Maybe that has forced him to reevaluate, without allowing him to divulge the information, or even that he has that information.
I'm not saying I actually believe this conspiracy theory. Just that it's a curiosity to me. It's merely my best theory for what I've seen (which isn't everything by a long shot - not being American, I don't get all the American news). It's also not a fancy conspiracy theory - it's missing the "they're all out to get us" part that makes conspiracy theories so much fun. It's based on a theory that the Presidents are simply men who are interested in power for themselves, and not quite as concerned about the rest of us.
I once worked as a student developer for a company whose products were protected by hardware dongle. Near the end of my internship there, one of the larger customers demanded a dongle-less way to run the software, and my then-employer complied. By overwriting the hardware-dongle DLL with one that simply returned back "true".
I got to implement that DLL. It was entertaining.
My current employer uses software license keys. They're even funnier. The lawyers get all in a fit about them, when, in reality, they are basically no protection whatsoever.
if there was an analog to this in the PC world - some hardware DRM you could put on your machine and be done with the various software based disc checked and network activated schemes once and for all - would you install it?
Absolutely. As long as it doesn't interfere with any other executables I want to run on my general purpose personal computer. And doesn't compromise my personal security through invading my privacy.
There is no patent infringement, but XEROX is looking for an easy settlement to fatten the piggy bank.
I think that if you're looking for an easy way to get cash, you don't sue a company made up of nearly nothing but PhDs over technology. Personally, if I were a CEO looking to spend $10m on an easy way to get cash, I'd invest $1m every month in the Powerball lottery. I'd probably come out ahead when compared with using it as a war chest against Google.
It's not equating "value" with "intellectual creation". It's equating "value" with "payment." While this can be true for physical goods (my house is worth exactly what I sell it for), it's not quite the same for services (if your employer ever paid you exactly what value you produced for the company, there'd be no profit left for the company). And, sorry to say, but IP is more like services (intangible) than physical good (tangible). So it's still a false equation, but slightly different than your supposition.
But do you have any reason to say that they aren't actually interested in preventing fraud?
Because they keep outsourcing the development of a mission-critical security system to the lowest bidder instead of the most qualified. They probably throw in laughable constraints, too, such as having to work on existing POS terminals.
If they were truly interested in preventing fraud instead of denying liability (while still getting to say in marketing that they protect you from fraud), they would contract the design of this system out to some real security experts - and, given the obvious quality of their design team in matters of security, they could post the job offer on slashdot to get some reasonable candidates - who would then use a public-private key encryption scheme where the POS terminal's public key would have to be signed by the credit card authority's private key, which could be verified by the chip by using the public key therein, and then the chip would use that public key to encrypt its own public key, which would be used by the POS terminal to encrypt the PIN that the user typed in, and send it back. And then, no matter whether the PIN is valid or not, the chip would send back some sort of data encrypted with the POS' public key again. That data would decrypt to something that was encrypted with the credit card company's public key, so that the POS terminal would then have to send it back to the credit card center (Visa, MC, Amex, whatever) to get it decrypted (along with its own public key so the credit card company could re-encrypt its response) to validate. The data sent back to the credit card company would include: the encrypted confirmation from the card (plus some random data that can get chopped off, e.g., some JSON-like data: '{verified:true,defeat-listeners:"adsh65ouhdsakljt"}' would be easy enough for the credit card company to get what it needs while discarding the rest while resulting in the packet changing every time), the amount of the transaction, the public key of the POS terminal, all encrypted again with the upstream public key. Upstream could decrypt, extract, and decrypt again. Oh yeah, and before the chip gets printed, its own public key would have to be signed by the credit card company, just to make it that tiny bit more difficult to forge.
For a laptop to sit in the middle and get anything out of such a system would be practically impossible. And, if done right, defeating it once won't mean easy-sailing after that. Maybe an electron-microscope on an exposed chip might help... but even then, I'm not sure it'd help enough.
And before real security experts jump on me, this is just something I thought up over the last ten minutes. If I were given a $50,000 consulting contract to design this, I'd spend far more than 10 minutes on it, and might find some of the kinks that are likely obvious to much more experienced people than I.
Slashdot Mirror
No they aren't. They are trying not to pay anyone. They committed large-scale commercial copyright infringement. Then, in response to a lawsuit, they tried to cut a deal.
As a previous manager once had in his .sig: it's often easier to ask forgiveness than permission.
A lot of civil rights have been advanced by "doing" instead of "asking" and then demanding that society respond. Now, this isn't on the same civil-rights level as a black woman sitting at the front of a bus, but it's still civil rights nonetheless. Google may be less altruistic than Ms Parks, but it's still a discussion that needed opening.
There is no such thing as perfectly-secure. They could already be hacked today, this isn't changing that. It merely introduces a new attack vector: the VM sandbox.
If the ROI is there, this can be mitigated. If they create a cloud using their existing hardware, and move their own apps into a priority cloud on that hardware, and sell the excess CPU time, then not only does an attacker need to figure out what VM they are in, and what, if any, vulnerabilities there are in that VM that they can exploit, they have to cause the parent virtual machine (let's face it, there's no reason why a virtual cloud needs to be sitting on physical hardware directly - and, for this purpose, AIX, Sun, and the mainframe are already on virtual machines anyway) to run arbitrary code that would then go and find other virtual machines, find the one of interest, and then cause THAT virtual machine to give up information.
Breaking IN to a virtual machine might prove more difficult than breaking OUT of a virtual machine. And you may need to break in to all of them just to find the one you need.
Security by obscurity isn't the same as no security. It's not perfect, but it does reduce the exposure.
And, besides, maybe they only sell CPU time to other corporations where they can better track who has access to what, with passworded VPNs that only go directly to the cloud that the password given grants access to.
It's all about ROI, and whether they can make it work while improving their overall financial picture. I bet they can. I'm not betting whether they do or not.
Webster's has anime as a Japanese import, but not otaku or hentai, both of which are also widely used in the English-speaking world.
I'm not sure your English-speaking world and my English-speaking world have much overlap if "otaku" (which I've never heard of before now) and "hentai" are "widely-used".
I'm not sure if you've ever worked with a lawyer before.
First, you threaten with an oversized, spiked club. Then, if the defendant has an expensive enough lawyer, you start to peel back the ludicrous claims such that you end up with a "compromise" agreement.
Drives me up the wall to deal with the corporate lawyers.
The internet has an operating system just as much as a colony of ants has a hive mind. They don't, but they sure act like they do.
Metaphors. Learn them. Use them. Love them. But don't anthropomorphise them. They hate it when you do that.
You're apparently measuring cost wrong.
You don't compare the cost of your DB license against that of your bandwidth cost. That's apples and oranges. Moreover, they're orthogonal costs.
You compare the cost of your DB license against that of its competitors. So, you compare the cost of Oracle vs DB2 vs MSSQL vs PostGREsql vs MySQL vs Teradata, etc. Of course, some of these may affect your bandwidth cost (going with MSSQL will mandate Windows servers which may require a different hosting plan if you aren't self-hosting), but mostly don't affect it, so they're separate concerns.
So then the question is: is Oracle expensive for its performance compared to DB2, MSSQL, etc? If you believe the answer to be yes, and I doubt that you, specifically do, but others might, then saying "Oracle costs a lot" is warranted. I am explicitly not saying what I think so as not to cloud the issue here.
If you think Oracle is an outright steal for your requirements, and I'm sure many who work at Oracle would say so, then I'm sure you could argue that Oracle is not only not expensive, but the only obvious choice. And you might be right. At the same time as others might be right about Oracle being overpriced for their purposes.
One possibility, and I've not looked into this so this may not represent reality, is bundling: Oracle may bundle everything, and make you pay for most of it. DB2, as an example, may have everything in little pieces. With Oracle, if you need most of the bundle, you're getting a deal because IBM would nickle-and-dime you to death. But, for others who may not need much over and above plain SQL access to their data, DB2 would be far cheaper. And you'd both be right.
And both would be more expensive than the average developer's salary, make it look to the underinformed that both are expensive, whereas they probably will save your company more than their cost in development of an in-house equivalent that has similar performance and reliability.
Well, according to Gender Guesser, you come across as:
Genre: Informal
Female = 530
Male = 892
Difference = 362; 62.72%
Verdict: MALE
It's been going on for ages.
No? Woops.
/me goes to re-write his rand() function...
int rand() // was 1;
{
return 0;
}
Fixed.
A lot of people believe grass is green.
Heretic! Everyone knows that the One True Colour of Grass is brown!
(Maybe I should water my lawn more often.)
Because nuking enemy territory from space, while the only way to be sure, might be a bit obvious as to the source. Merely poisoning their water supply with a cancer-creating virus would be far less obvious.
</cynicism>
Actually, my question isn't why they aren't rushing 3.6.2 out the door. It's why they aren't rushing 3.6.0.1 out the door with a backfitted patch. Presumably 3.6.2 was already in development with a laundry list of other defects patched, and probably some (hopefully minor, if at all) features added. You don't want to rush that out the door. However, backfitting a security patch back into the already-available streams would be a good thing, even if the next official release is "merely" two weeks away. Especially for a zero-day in-the-wild-exploitable security flaw.
Words...they fails me.
They "fails" you?
uh oh... now I've made Viacom angry.
I know, I know. And yet, I'm not entirely convinced that it's better to have the apps you want/need while helping to send spam, and have your personal information sold to not just the highest bidder but to all bidders, running Windows, than it is to be secure on Linux, and be forced to make do with either no app, or simply a different app (not always worse) and have to learn something different.
It's a matter of priorities. Do I want to a) fight Windows security and have the apps I want, b) ignore security and have the apps I want, or c) have security, but have to learn some other app, or maybe do without that app.
Personally, I run XP inside VirtualBox on Linux, and only the apps I *must* run on Windows are in the virtual machine, everything else I do on Linux, even if it's not quite as polished as the Windows alternative, because when you combine the polish of the drivers with the security of the OS, I still think the Linux side comes out ahead. And I run git drivers for my ATI video card - not exactly the most stable way to go.
Right. And what do you propose as a way to get people to toe the line? Specifically, your line? Are you going to convene grand juries and prosecute the superstitious until they capitulate? And if they hold too dear to their beliefs, maybe we should just imprison them? I mean, tossing them to the lions seems far too antiquated.
I know, we can call these brave souls who prosecute the superstitious "inquisitors" since they're just inquiring into the superstitious beliefs, right? I got it, we'll call the whole thing an "inquisition"! I'm sure we've never seen one of THOSE before. I know I wouldn't expect it...
Do you really want to go down that road?
Well, if you hadn't stopped for a quickie with your girlfriend 100km away, your wife probably wouldn't have been so mad.
Ah, hell, what am I talking about. This is /. - you went to the nearest internet cafe and spent five hours playing WoW Online or something. THAT's why she's mad.
No, socialism isn't about helping the population - that's just the buzzwords they use to convince people to join their cause or vote for them (all parties have them, none follow through once they're in power - elections are about power, not ideology). If it were really socialism, the focus would be on taking from those who have, and giving to those who don't. Whereas what you guys just went through was taking from those who don't have (taxpayers) and giving to the rich (financial executives). Not socialism at all.
Nor is it on the extreme right wing: fascism. That'd be the case only if the government nationalised, say, a car company or something, just to keep the jobs going to prop up the government. It can't be that because the Democrats are left-wing. Right?
I still say that Capitalism deserves a constitutional amendment in the US prohibiting bailouts for corporations (without prohibiting bailouts for individuals - sorry, if a disaster hits and kills your business, you should have had insurance ... and if it was your fault, well, then that company really should go under to make room for companies that don't do stupid things - but if a bank does go under, FDIC still is valid for your savings). If the security blanket was taken away, I don't think regulation would necessarily be required to keep banks afloat. They'd stop doing stupid things. And they'd probably spend more time lobbying against stupid government involvement, such as any encouragement to give out mortgages to those who can't afford it, just to keep themselves afloat.
Nah. That was predicted back in 1949. Though he was off by a few years on the actual timeline.
"Don't publicly criticise" != "Publicly endorse"
Oh, and I seem to recall President Carter coming out late in Dubya's term against whatever Dubya was doing at the time.
Some would argue that then-Senator (now Secretary of State) Clinton should thus not publicly criticise the President since she is the former President in all but name ;-)
However, that's not what this is about. It's about Clinton actually supporting the invasion. And, after a quick googling, I found I got it backward: it wasn't invading Afghanistan, it was invading Iraq that President Clinton was approving, which was, and still is, more contentious. Clinton probably saw the receipts from when the US sold Saddam those WMDs, and thus would be convinced of the merits of invasion.
Clinton could have sat idly by, and simply smiled and waved anytime someone asked him his opinion of Dubya's plans to invade. That would be "no public criticising". That's not what he did. Clinton actually said he approved of the invasion, even if not all the details of how - both approving and criticising. Maybe he didn't get the memo.
Why isn't he publicly calling for the attorney general and ministry of justice to investigate and prosecute all of the illegal activities perpetrated by Bush administration officials?
You, sir, don't understand politics very well.
The simple reason is that once you open that can of worms where investigations are opened against previous administrations by later ones, you'll not only validate nutjob conspiracy theorists, you'll also end up with investigations of even earlier presidents (do we want Clinton-era investigations reopened, especially since President Clinton is now the Secretary of State? Er, I mean his wife?), which won't do your own party any good.
And then, the next time a Republican gets into the White House, they'll open an investigation, whether warranted or not, on your own administration. No, better to leave Pandora's box well enough alone so you have a chance at escaping your term with some level of (possibly faked) integrity.
Further, such an investigation would inevitably lead the population to trust the office of President even less, which would be disastrous for the sitting President.
Of course, even with all of that, I have my own conspiracy theories on the situation: once sworn in, the new President is exposed to top-secret information that the rest of us don't know about which actually entirely justifies the previous administration's actions in the controversial areas, and ending those programs would have mortal consequences for the United States. I was very curious back in 2001 when President Bill Clinton (I'm not an American, but I think I've heard that once you get that title, you retain it even after leaving office) came out in support of Dubya's Al Queda conclusion, and his plans to topple the Taliban. (I don't remember him getting any air time on the issue of Iraq.) That made it sound to me like there was some other information that we weren't privy to that Clinton would have been aware of, having just completed his term not long ago, at that time, which would have made even the Democratic former president a believer in the mission, even when the House/Senate leaders of the Democrats were against it.
Now that he's in power, President Obama is also privy to the same information. Maybe that has forced him to reevaluate, without allowing him to divulge the information, or even that he has that information.
I'm not saying I actually believe this conspiracy theory. Just that it's a curiosity to me. It's merely my best theory for what I've seen (which isn't everything by a long shot - not being American, I don't get all the American news). It's also not a fancy conspiracy theory - it's missing the "they're all out to get us" part that makes conspiracy theories so much fun. It's based on a theory that the Presidents are simply men who are interested in power for themselves, and not quite as concerned about the rest of us.
I once worked as a student developer for a company whose products were protected by hardware dongle. Near the end of my internship there, one of the larger customers demanded a dongle-less way to run the software, and my then-employer complied. By overwriting the hardware-dongle DLL with one that simply returned back "true".
I got to implement that DLL. It was entertaining.
My current employer uses software license keys. They're even funnier. The lawyers get all in a fit about them, when, in reality, they are basically no protection whatsoever.
if there was an analog to this in the PC world - some hardware DRM you could put on your machine and be done with the various software based disc checked and network activated schemes once and for all - would you install it?
Absolutely. As long as it doesn't interfere with any other executables I want to run on my general purpose personal computer. And doesn't compromise my personal security through invading my privacy.
So I'll mark you down as a "no," then.
There is no patent infringement, but XEROX is looking for an easy settlement to fatten the piggy bank.
I think that if you're looking for an easy way to get cash, you don't sue a company made up of nearly nothing but PhDs over technology. Personally, if I were a CEO looking to spend $10m on an easy way to get cash, I'd invest $1m every month in the Powerball lottery. I'd probably come out ahead when compared with using it as a war chest against Google.
It's not equating "value" with "intellectual creation". It's equating "value" with "payment." While this can be true for physical goods (my house is worth exactly what I sell it for), it's not quite the same for services (if your employer ever paid you exactly what value you produced for the company, there'd be no profit left for the company). And, sorry to say, but IP is more like services (intangible) than physical good (tangible). So it's still a false equation, but slightly different than your supposition.
What do you mean "plotting"? They already left - just after Christmas! They'll be at the Pentagon in around April, give or take. You've been warned!
But do you have any reason to say that they aren't actually interested in preventing fraud?
Because they keep outsourcing the development of a mission-critical security system to the lowest bidder instead of the most qualified. They probably throw in laughable constraints, too, such as having to work on existing POS terminals.
If they were truly interested in preventing fraud instead of denying liability (while still getting to say in marketing that they protect you from fraud), they would contract the design of this system out to some real security experts - and, given the obvious quality of their design team in matters of security, they could post the job offer on slashdot to get some reasonable candidates - who would then use a public-private key encryption scheme where the POS terminal's public key would have to be signed by the credit card authority's private key, which could be verified by the chip by using the public key therein, and then the chip would use that public key to encrypt its own public key, which would be used by the POS terminal to encrypt the PIN that the user typed in, and send it back. And then, no matter whether the PIN is valid or not, the chip would send back some sort of data encrypted with the POS' public key again. That data would decrypt to something that was encrypted with the credit card company's public key, so that the POS terminal would then have to send it back to the credit card center (Visa, MC, Amex, whatever) to get it decrypted (along with its own public key so the credit card company could re-encrypt its response) to validate. The data sent back to the credit card company would include: the encrypted confirmation from the card (plus some random data that can get chopped off, e.g., some JSON-like data: '{verified:true,defeat-listeners:"adsh65ouhdsakljt"}' would be easy enough for the credit card company to get what it needs while discarding the rest while resulting in the packet changing every time), the amount of the transaction, the public key of the POS terminal, all encrypted again with the upstream public key. Upstream could decrypt, extract, and decrypt again. Oh yeah, and before the chip gets printed, its own public key would have to be signed by the credit card company, just to make it that tiny bit more difficult to forge.
For a laptop to sit in the middle and get anything out of such a system would be practically impossible. And, if done right, defeating it once won't mean easy-sailing after that. Maybe an electron-microscope on an exposed chip might help ... but even then, I'm not sure it'd help enough.
And before real security experts jump on me, this is just something I thought up over the last ten minutes. If I were given a $50,000 consulting contract to design this, I'd spend far more than 10 minutes on it, and might find some of the kinks that are likely obvious to much more experienced people than I.