>... it will be easy to recognize the email from > "security@paypal.com" didn't come ebay.
Actually not. Certainly not in the short term. The "From" header field would say "scurity@paypal.com" and this is what the mail program will show to the user. The "Sender" field and envelope-from would show "87i697y098@spammersdomain.oh88769.tld" and would pass both SPF and SenderID tests. To overcome this kind of "problem" one would need a new email client that can show the "sender" field if it is different from the "From", but this would become ineffective because it would be that way for many email messages that are legitimate but have different "sender" and "from" addresses, as both SPF would now require in many cases to allow messages from forwarders, mailing lists etc. to pass the tests. Phishers would adpat immediately!
> There are some long-term implications that allow > SPF to help in the fight against spam... Certainly there are. These are customer lock-in...
In the long run, once the domain of the sender is authenticated, it
will be possible to use that domain as part of a mechanism to
determine the likelihood that a given message is spam, using, for
example, reputation and accreditation services. (These services are
not the subject of the present mechanism, but it should enable them.)
This quote shows exactly what the makers of these standards really want: Services that put harsher limits on their users would be able to gain more reputation. Email recipients would perfer receiving email from these services. Users would migrate to these services. These services would be able to offer very limited services and charge more for more services. Many things that are now possible would become impossible.
f you have your own domain you may publish any range of IP addresses as "authorized to send your mail. But most probably these would be servers shared by many other users, including those that host spy sending zombies that woud be able to send using your address in "from" and capitalize on your "reputation" until it is becomes so low that they move own to using someone else's reputation.
So... users would gradually (or not so gradually) would be forced to give up most of the freedom they now have and prefer a very limited email system just so their email can get through. And all that to support a "standard" that cannot even stop simple phishing attempts!
The problem with SPF is not really SPF. It is understanding what it does and what it doesn't. The only thing SPF does is enabling the owner of a domain to publish a list of IP addresses of servers that may send mail "from" her domain. It only means that mail "from" that domain thatis sent from a server outside this range is certainly forged, at least from the point of view of whoever controls the DNS records for that domain. But IT DOES NOT MEAN that email with an email address with that domain coming from a server in the published IP range is necessarily not "forged". The quoted paragraph above shows exactly what MS aims at with the "SenderID standard": to put domain owners that do not have complete control on the (shared) servers they use at a disadvantage, by making their mail system unreliable. To be 100% reliable you'd need to either be an organization big enough to have its own mail servers that do not route through an ISP, or you'd have to give up using your own domain and instead use an email address from a service big enough to run their own servers. (Running a server on a PC at home on a broadband connection doesn't count as "your own server". Even if it is configured to deliver directly out, the ISP might route all outgoing SMTP traffic through their server, so you would have to include that in your SPF record, and get the reputa
People think they should be able to find "out of print" stuff on P2P networks if they are not avilable elsewhere. But this is precisely what anti-piracy advocates (that are mainly distributors of copyrighted work) want to avoid! They don't need competition from multitude of "out of print" works, that include a lot of stuff that is nuch higher quality than the new stuff they have to sell (There is much more old stuff than new stuff. The percentage of high quality stuff in both is probably the same, but there's nuch more old stuff than new stuff. Actually, new suff might have less because in the past making derivative work was not considered copyright infringement, so writers could build on high quality work to build yet more high quality work. Nowadays building on higher quality work might present greater liability).
If what is pirated is a binary distribution file (an installer) then it is not even a copy of the copyrighted work. The copyrighted work the the author created is the source. The binary files are not a cop[y of it but are a product created according to instructions in the source. The source code is a set of instructions for producing the binaries. Theinsteller is not even a copy of this. The installer is a different set of instructions for translating compressed information and recreating the binaries from it (and it is also instruction on puting those binaries in certain locations on the users file system).
In much the same way an MP3 file is not a copy of a musical work. It is a set of instruction that if followed can recreate a copy of the music. Only when an MP3 file is used to play sound a copy is created.
In theory you can take the instructions that recreate music or software abd translate them into a subset of a natural language. Then is that escription a copy of the original? It seems that copyright is developing into something similar to patents. Any description of a thing can be considered a copy. This can then be used to obtain monopoly on ideas, even when those are not patented. Perhaps not now, but in the future if thing continue to evolve this way. Think what would happen if DRM in hardware is implemented and people try to overcome it by creating protocols to encode things like music in text files. Even for binaries, it is certainly possible to convert binary instructions into source code that simulates them, then later compile the code and optimize it to get something that does the same thing as the original using just a bit more resources. Would it be considered copying? If so, and if such practice would become widespread, then a compiler would become a tool widely used for infringing copyright, and then makers of compilers would be liable under DMCA...
Can overloading the patent system bring it to a halt? Not becessarilly.
But what is really needed is a way to make the finding of prior art much more effective than it is today. Most patents might be invalid due to proper art, but the process of finding the relevant prior art is very expensive. It is expecially so in software, not because it is software, but because a single product is usually made up of thousands of components connected together in different complicated ways. Each component and each relation between components might be patented, and though it is very likely that components similar enough may be related in the same way in something that was produced in the past (making it prior art) it can be anywhere including in software that does something that does something that looks completely different than what is perceived that a patented idea can do. That makes it practically impossible to locate prior art without scanning all existing software and actually underdatnding what every component really does in the most general way, and all the relation between the components, not only in the way they interact with each other, but also in theways they might interact with each other when put in a different environment. So a patent registered in relation with managing B2B on the internet might have prior art invalidating it in some resource management system in a mainframe OS from the 60's. Now how do you find the prioe art? You'd have to guess that it's there, and you'd have to understand that technology... and where would you find then info on 60'OS's.
So tools are needed to make all this info searchable in ways that make finding relevant data easier, therefore cheaper, and then more software patents would be chalenged.
The real problem with those patents is not that they apply to software, but that they apply the wrong criteria to determine what is patentable. Non-obviousness is not enough in a field where the production process is the puting together of elements in new nontrivial ways. This is exactly the same as in the Hugo novel example of Richard Stallman: novels are produced by putting together elements in non-trivial and innovative ways. If monolpoly on every step in the production of a novel is granted to "patent holders" then production becomes impossible, except for those protected by a private army (of lawyers) that enables them to comfortably infringe inside while their armies are defending the perimeter. If car manufacturers would have had to legally clear every single car they make (and not once for all cars of a certain model) there would be no cars produced. A programmer is required to clear every single line of code. If you compare it to the automobile industry, it would mean at most a few hundres lines of code per year, and the rest of the time spent on legalities. Except, of course, for those organizations with private legal armies that could hide their programmers in secret instalations, secretly infringe on patents, and have the perimeter legally guarded by constantly attacking others.
>...somebody could think up 10 product ideas every week > and patent them...
>... inability to check if the patent breaks one of the > simple rules set out: > 'No bussiness methods or mathematical algorithms', > 'Must be non-obvious to a professional from within that industry' > and 'There must be no prior art'
Creating software basically involves solving a series of "mathematical problems". Many of them non-trivial. The non-obviousness test fails for software because mathematical problems usually are non-obvious until you've solved them, and then many of them become obvious. What might not be obvious to some people is obvious to others, and there's nop common knowlege of "experts in the field" that can be used to determine "non-obviousness". The finding of non-obvious solutions to problems is the programmer's routine job. Software patents allow the patenting of whatever a programmer is routinely producing. Obviously it is not the aim of patent law to grant monoploly on the outcome of routine production.
Also: software is just a description of a process in a stripped down language (compared to natural language). Any process that can be described can be described in this kind of language and implemented on a computer. This was discovered by turing in the 30's, and led to the invention of the digital computer. This means that the fact that any process is implentable by computer is already encompassed in the invention of the computer, and shouldn't be repatented by allowing patents on input (software is input to the computer. Turing's main point was that there's no need for many kinds of computers' because there is a universal computer that can receive descriptions of processes as input). At least any "innovation" by replacing an element in a gadget by a computerized element should not be allowed, since it is obvious since the time Turing published his results' before digital computers existed.
People will NOT be watched by this technology!
on
The Evil in E-Mail
·
· Score: 1
Don't worry! People will not be watched by this technology!
The whole point is to narrow down the list of people that are watched using more expensive technology (such as human agents risking their lives. Since this technology quite obviously doesn't fulfil the goal, it will be dumped (or not used at all).
I have no idea about where that story you mentioned is, but the idea is really great.
A non-profit organization that would patent some ideas created during the process of creating FOSS and making it available to all FOSS for free (and perhaps making money that would go to furthering the cause of free software by licensing to non-FOSS*). It would protect FOSS from the possibility of ideas being hijacked and patented by others, and can also serve for building a "patent portfolio" for FOSS to level the legal ground in the world of software patents.
* If licensing to non-FOSS would be an option, criteria should be decided on in advance.
> 3. Distribution and advertising, well well, > looky here, an internet. Who put that there?
I think you missed an important point in the article:
James Purnell, the U.K. minister for creative industries and tourism,
recently discussed the copyright issue in several newspapers.
"The music industry is a risky business and finding talent and
artists is expensive," he told the Sunday Times. "There is
a view that long-term earners are needed so that the record
companies can plough money back into new talent."
The purpose of the proposed changes in copyright laws is not to encourage more productivity from the artists. It's just to make sure that the requirement that artists are "found by record companies" as a prerequisite to distribution is met. At least that whatit seems that this guy is trying to say. Artisits have to be "found", (you agreed with this) and they should be found by "record companies" in a way that wastes money (compared to costs of self promotion and distribution using the internet).
I was thinking about something big enough that cannot be ignored. Big enough that a patent examiner would not be able to ignore without risking looking unprofessional, and that a patent applicant would be expectred to check before applying for a patent.
You cannot say "there was no avaialble information I could find" if it's easy to find in the Wikipedia. Not if you claim you're an expert and testifying in a court of law. If it's in the Wikipedia you would have been exoected to search for it before you came to testify, and if you didn't your textimony would lose credibility in the eyes of the court.
(and I think there should be criminal punishment in case someone applies for a patent for something that is obviously someone else's ideas. Knowingly doing this amounts to fraud. The problem is the word "obviously", and for this purpose there's a need for standard inexpensive ways to obtain such info on "prior art", that one would be expected to use before making claims).
>... we may have to start a dues-payable coalition to patent members' innovations > just so they cannot be later enforced...
One idea I thought of, unrelated to the new law discussed here, is that there should be an open registry of ideas, so that anyone who wants to make sure her ideas cannot be patented by others, but doesn't want to file for patents on those ideas (or just doesn't need the monopoly privilege that goes with a patent, only the protection from others gaining this privilege) can publish their ideas so that they are recorded and accessible, and can be easily claimed as "prior art" if later a patent has to be nullified.
I really don't have more than a vague idea: something like a technical Wikipedia, that is open for people to record what they know, and records the time when information was added. And then can be edited (like Wikipedia, in a way that preserves editing history so it can serve as evidence) to connect things in logical ways so they can be easily found. Of course it should be fully searchable.
It can serve for letting people record their ideas so that it can be claimed that they were first (or that others were not first). Another use can be for recording past technological history in a way that makes it easier to find "prior art" (probably lots of ideas that are now patented as "software patents" were already used in the the early days of computing. But is there anyone that knows how to find it? probanly some of the methods used for billing on e-commerce on the internet were already used in mainframe computers billing systems in the 60's or 70's. But you need an old timer that knows those systems to find these things. If you create a central depository for these, you can have retired programmers from those ages contribute their knowledge. If you wait a few more years the knowledge would be gone. There would be noone that is able to read uncommentred COBOL code and tell you it does exacly what someone implemented in php and tried to patent). You'd need real people to contribute their knowledge about anything technical that was created in the past, and about where real evidnce about it can be found.
Anyway, if you want to be able to resist stupid patents, you need to leverage the community: create tools that allows the community to locate relevant info that shows patents are invalid at a very low cost. And for this you need efficient ways to communicate and record the info, and to retrieve it, and it has to be info that can be used in a court of law as evidence, so you need at least a credible organization that can verify timestamps.
Now of course you can argue that such a registry would allow anyone to browse it and patent whatever one finds in a "first to file gets patent" world. But I really don't think it can work. No court will buy such a cheap trick. At most it can put whoever tries to do it behind bars. If you have a reliable timestamp on the published idea. If you have a central repository that can testify about the time info was submitted, and if this repository is big enough that a patent applicant (or the lawyer representing the applicant) can be expected to search for prior art before claiming an idea is new, a court would not allow a patent. But if you don't have this, then whatever you published might not be considered verifiable by a court,and of course the patent appplicant would not be expected to be aware of it, and then a court might accept a "first to file claim".
Does what I write make sense? Someone, please make sense of it.
>... and I'm not about to replace my address - > it's too widespread to migrate my friends > and family to something else.
That's the main reason why people find it hard to change an email address, and that's the reason why I use different email addresses for different purposes or with different people: to lower the risk that more important addresses are lost, and to lower the burden of changing any one particular address.
Using a single or few addresses locks you up with those addresses. I had to keep the Hotmail address I used for subscriptions to different services for at least two years with all its spam, because I knew I gave it at some places I prefered not to lose mail from (places I gave a credit card number to...). Now I only use sneakemail.com addresses for registrations, and I always know who got what address. With friends/family I use several addresses in my own domain. Jokes and the like I send only with "From" and "To" addresses in spamgourmet.com (and recipients only in "Bcc"). Sometimes I use aliases in fastmail.fm.
> Greylisting will prevent you from receiving email > from a variety of non-complying SMTP hosts...
such as slashdot.org?
I tried enabling greylisting on the sneakemail.com address I use to receive email from Slashdot, and it blocked all the email from Slashdot. The logs on sneakemail show many delivery attempts from Slashdot, so I guess there is some kind of incompatibility between the way Slashdot tries to resend the message and the way Sneakemail expects it to be resent. I don't know who is to blame for the incompatibility. Probably no one, since there is no specification on HOW redelivery should be attempted. Anyway, it shows that there can be problems with greylisting because the way a client resends the mail is not well defined.
On the other hand, greylisting is a very effctive filter. I enabled greylisting on the address I have in the whois record of my domain, and I get practically no spam to that address (before greylisting I got quite a lot, and the sneakemail greylisting logs list lots of attempts that are easily recognizable as spam: lots of broadband connection IPs, and "from" address from domain not matching sending server.).
Publishing an address in Slashdot is the most effective way to receive spam, and receive spam fast. About 10 days ago I changed the address I use in Slashdot. The next day I already received spam on that address. The older address is now greylisted and doesn't receive any mail, but the logs show many messages blocked by greylisting (31 yesterday). What I do now is change the address I publish in Slashdot every once in a while, and enable greylisting the old address. It doesn't block all spam, but it takes a while for the volume of spam to the new address to build.
Why not let Bach's heirs profit from their inheritance? Would it make such a big difference?
All you'd have to do to play Bach's music that you don't do today, is locate his 20 children, 400 grandchildren, 8000 great grandchildren etc, contact their zillion lawyers, and just clear the copyright with each of them. And then you can perform the particular piece in a particular time and place. And then of course you financial institution would distrirbute the licensing fees to their Zillion bank accounts. Not too complicated! And then composers would know that their work "stays in the family"!
The only problem with this, is that even with just a few heirs, the costs of legally dealing with all heirs would really mean some other work with less legal issues would be performed. If playing Bach's works meant all his heirs have to agree, Bach's works would have been long gone!
$0 tax on copyright extension after a prescribed period is enough. The act of actively seeking extension has its cost too. Only interested parties would pay for keeping their works inaccessible to the public.
Read "Free Culture" by Lawrence Lessig (lessig.org). One of the most important exmples in this free online book is the way copyrights on Shalkespear's works affected the history of copyright laws (another example is how Disney and Holywood what today is considered infringement to build themselves).
The vast majority of copyrighted works do not make a cent for their "owners", and cannot make a cent. They did not ask to retain the monopoly granted by copyright laws. It was forced on them as a "default". If the default was that a work loses protection after a short term unless the "owner" actively extends the monoploly priviledge, then those "owners" wishing to still be able to profit from their works can extend their copyrights, while those who don't think it's worth theeffort do not, and the public can then access those works,
HOWEVER, the big "owners" of copyrights, those whose business model is trading in these state granted privileges, understand perfectly well that to be able to profit more from the privileges granted to them competition has to be avoided. And if the revival of old abandoned works loses the high cost of seeking the legal owners and clearing copyrights, then many of them can reenter profitability and become competitors. As long as an abandoned work can only be reintroduced commercially by the copyright owner who lost interest, or by someone with a big legal department that can handle the job of clearing copyrights properly, they don't create a real threat of competition. But when put in the public domain, the legal costs disappear, and then there are many people, not just one or a few, that can make use of the work, and many of these works would then be reused in many ways.
So it's just a matter of avoiding competition. I have nothing against letting Paul McCartney earn more money from Love Me Do (though I doubt he earns anything from this particular song. At that stage in their careers the Beatles were not in position to actually demand to get a share...) But I think it should be conditional upon active and frequent renewal of the monopoly privilege, so anything that is not a real source of profit or is of no interest to the "owner" passes automatically to the public domain, and is not held hostage by the costs of legalities.
BTW, my opinions on these matters are very much influenced by Prof. Lawrence Lessig (lessig.org). GO read his online books ond learn a lot on these matters. Reading doesn't imply you have to agree. Threre's a lot of historical and legal facts there, not just opinion.
OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)
The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...
Hotmail accounts are not disposeable if you use them for registration anywhere.
I used to use a Hotmail account like that. The problem is that after using it for a while and giving it in various places, I ended up with an account I couldn't dispose of, because it was given at some places I wanted to get notifications from. Furthermore, I did not remember exactly all the places where I used the Hotmail address to register, but I knew I would rather get notifications from some of them (especially in cases where money was involved). Of course there were places I did know I registered with that email address that wouldn't allow change of email address (stupid, ha?!) and there were places that allowed it but finding how to do it was too much effort.
So my conclusion is that any address you use more than once is not really disposable. What you need to overcome the problem described in the article is to use many addresses, each address once or with a small well defined group of senders. Addresses in one's own domain can serve that purpose, but has some drawbacks, and the main one is that it's a completely manual process. "Disposable address" services give different kinds of automation tools that achive different goals. I use spamgourmet.com (that was described in another reply to the parent) but only to post in forums or to "register" in places I never want to use again (like reregistering each time I want to read an article in places that "require preregistration"). The lesson of not remembering all the places I registered in made me use sneakemail.com for almost all registrations. It a bit more effort, by having to click a few links to generate a new address each time, but the advantage is that it is a place that records all the info I want to remember on registrations in one place, accessible from anywhere (and also makes it available as text or csv files). Sneakemail.com is a bit geeky in the way it builds actions from components, but that would only appeal to the average slashdotter... I only use my own domain for registration when I expect to receive large attachments bigger than sneakemail's limits, or for giving to people I know or work with, and even with this I use different addresses at various subdomains so I can easily block those that will get too much spam in the future.
One-time permanent addresses have many more uses, such as using the recipient's address for email authentication (the recipient's address is the only data that SMTP requires to be correct for email to be deliverable).
Abyway, the most important concept is "not to put all the eggs in the same basket"!
>... are leading us into a new dark age, > where knowledge itself is restricted to > a select few, a tyranny of DRM...
Don't worry! It would be short! (and would be followed by a global war).
When you have laws that people (or countries) cannot live with, people (or countries) first try to get by. When they decide they've had enough, they change the rules. If violence is necessary, it is used (think 1776...)
>... the school is doing more than its share by giving classes > and getting the product know to young prospective users.
True. But the real benefit that schools can give to FOSS is by contributing code. This is not something that can be expected from a single school or schhol district. However, this is something the FOSS proponents should encourage. There is a "coolness factor" in FOSS: you can build on it. You can add something and than say "I made part of it". High schools have lots of young talented people that can contribute. The problem is how to teach them that they can participate. How to make participation "cool".
To be "cool", participation in the development of FOSS should not be limited to geeks (sorry...) Right now it is very hard for a non-techie type to get started contributing to a open source project, or even to understand how to get started. There are many ways to contribute for "non-coders": graphics can be contributed. Documentation can be contributed. Interface design is something that needs lots of "non-geek" participation.
If FOSS can make it into a substantial number of high schhols, and if things are appropriately handled, FOSS can benefit from very high return in the form of students' participation in development. For this to work a critical mass has to be reached, and the "coolness factor" has to be leveraged. What you would want to see is students prefering FOSS because they can see how their ideas can be rapidly incorporated into the software, i.e., the software learns how to work with them, instead of them learning how to work with MS software.
I realize what I wrote here is very vague. Others might be able to say it in better English than mine. The important thing is that there are millions of kids with all sorts of talents and loads of creativity that can be leveraged to make better software. The average teenager has much more creative potential than the average 25 year old programmer. And what school kids can contribute that FOSS somewhat lacks is usability: not by recreating what MS has, but by doing it in new ways, that adults would never think of. There are fresh minds out there, but to recruit them you have to make an environment that compensates them in the way teenagers expect to be compensated: by making them feel "cool"!
Of course there are other important reasons why schools should bith use FOSS and encourage students to participate in its development, such as teaching the value of contribution to society: you use what others have contributed to you, and you pay back by helping others. You learn by doing things. Students can even get credit for donating time to open source projects...
I downloaded and installed OpenOffice.org on a WIN98 machine in an effort to gradually switch to open source software. But I have never been able to view even one MSWord document correctly in Ooo. (It was not the last version, and all documents I tried were mixtures of right to left text with math formulas. But that's what I need for everyday use. MSOffice has been doing this for years.) I hope sometime in the future it becomes more useful to me.
This is not so much different from the old Netscape vs. IE issue: IE supported bidirectionality years before Netscape, resulting in almost all Israelli websites created specifically for IE (there was no point writing code for nonexistent platfoems. It's quite similar with Ooo now. It doesn't work smoothly, and most people who try it and see it doesn't work for them go back to MS Office, and don't recommend Open Office to anyone.
Slashdot Mirror
> ... it will be easy to recognize the email from
...
> "security@paypal.com" didn't come ebay.
Actually not. Certainly not in the short term. The "From" header field would say "scurity@paypal.com" and this is what the mail program will show to the user. The "Sender" field and envelope-from would show "87i697y098@spammersdomain.oh88769.tld" and would pass both SPF and SenderID tests. To overcome this kind of "problem" one would need a new email client that can show the "sender" field if it is different from the "From", but this would become ineffective because it would be that way for many email messages that are legitimate but have different "sender" and "from" addresses, as both SPF would now require in many cases to allow messages from forwarders, mailing lists etc. to pass the tests. Phishers would adpat immediately!
> There are some long-term implications that allow
> SPF to help in the fight against spam
Certainly there are. These are customer lock-in...
Quote from [http://www.ietf.org/internet-drafts/draft-lyon-se nderid-core-01.txt%5D:
In the long run, once the domain of the sender is authenticated, it
will be possible to use that domain as part of a mechanism to
determine the likelihood that a given message is spam, using, for
example, reputation and accreditation services. (These services are
not the subject of the present mechanism, but it should enable them.)
This quote shows exactly what the makers of these standards really want: Services that put harsher limits on their users would be able to gain more reputation. Email recipients would perfer receiving email from these services. Users would migrate to these services. These services would be able to offer very limited services and charge more for more services. Many things that are now possible would become impossible.
f you have your own domain you may publish any range of IP addresses as "authorized to send your mail. But most probably these would be servers shared by many other users, including those that host spy sending zombies that woud be able to send using your address in "from" and capitalize on your "reputation" until it is becomes so low that they move own to using someone else's reputation.
So... users would gradually (or not so gradually) would be forced to give up most of the freedom they now have and prefer a very limited email system just so their email can get through. And all that to support a "standard" that cannot even stop simple phishing attempts!
The problem with SPF is not really SPF. It is understanding what it does and what it doesn't. The only thing SPF does is enabling the owner of a domain to publish a list of IP addresses of servers that may send mail "from" her domain. It only means that mail "from" that domain thatis sent from a server outside this range is certainly forged, at least from the point of view of whoever controls the DNS records for that domain. But IT DOES NOT MEAN that email with an email address with that domain coming from a server in the published IP range is necessarily not "forged". The quoted paragraph above shows exactly what MS aims at with the "SenderID standard": to put domain owners that do not have complete control on the (shared) servers they use at a disadvantage, by making their mail system unreliable. To be 100% reliable you'd need to either be an organization big enough to have its own mail servers that do not route through an ISP, or you'd have to give up using your own domain and instead use an email address from a service big enough to run their own servers. (Running a server on a PC at home on a broadband connection doesn't count as "your own server". Even if it is configured to deliver directly out, the ISP might route all outgoing SMTP traffic through their server, so you would have to include that in your SPF record, and get the reputa
People think they should be able to find "out of print" stuff on P2P networks if they are not avilable elsewhere. But this is precisely what anti-piracy advocates (that are mainly distributors of copyrighted work) want to avoid! They don't need competition from multitude of "out of print" works, that include a lot of stuff that is nuch higher quality than the new stuff they have to sell (There is much more old stuff than new stuff. The percentage of high quality stuff in both is probably the same, but there's nuch more old stuff than new stuff. Actually, new suff might have less because in the past making derivative work was not considered copyright infringement, so writers could build on high quality work to build yet more high quality work. Nowadays building on higher quality work might present greater liability).
If what is pirated is a binary distribution file (an installer) then it is not even a copy of the copyrighted work. The copyrighted work the the author created is the source. The binary files are not a cop[y of it but are a product created according to instructions in the source. The source code is a set of instructions for producing the binaries. Theinsteller is not even a copy of this. The installer is a different set of instructions for translating compressed information and recreating the binaries from it (and it is also instruction on puting those binaries in certain locations on the users file system).
In much the same way an MP3 file is not a copy of a musical work. It is a set of instruction that if followed can recreate a copy of the music. Only when an MP3 file is used to play sound a copy is created.
In theory you can take the instructions that recreate music or software abd translate them into a subset of a natural language. Then is that escription a copy of the original? It seems that copyright is developing into something similar to patents. Any description of a thing can be considered a copy. This can then be used to obtain monopoly on ideas, even when those are not patented. Perhaps not now, but in the future if thing continue to evolve this way. Think what would happen if DRM in hardware is implemented and people try to overcome it by creating protocols to encode things like music in text files. Even for binaries, it is certainly possible to convert binary instructions into source code that simulates them, then later compile the code and optimize it to get something that does the same thing as the original using just a bit more resources. Would it be considered copying? If so, and if such practice would become widespread, then a compiler would become a tool widely used for infringing copyright, and then makers of compilers would be liable under DMCA...
You don't expect me to write the idea here, do you? Does NZ have patents on "methods"?
I'll jurt give you a hint: it's biological, it has three letters and it rhymes with "rat"...
M$ cannot buy ClamAV - it's an open source project.
The "good side" of this story is that M$ is pushing users towards using ClamAV, and it is good because the project needs a critical mass of users.
Can overloading the patent system bring it to a halt? Not becessarilly.
But what is really needed is a way to make the finding of prior art much more effective than it is today. Most patents might be invalid due to proper art, but the process of finding the relevant prior art is very expensive. It is expecially so in software, not because it is software, but because a single product is usually made up of thousands of components connected together in different complicated ways. Each component and each relation between components might be patented, and though it is very likely that components similar enough may be related in the same way in something that was produced in the past (making it prior art) it can be anywhere including in software that does something that does something that looks completely different than what is perceived that a patented idea can do. That makes it practically impossible to locate prior art without scanning all existing software and actually underdatnding what every component really does in the most general way, and all the relation between the components, not only in the way they interact with each other, but also in theways they might interact with each other when put in a different environment. So a patent registered in relation with managing B2B on the internet might have prior art invalidating it in some resource management system in a mainframe OS from the 60's. Now how do you find the prioe art? You'd have to guess that it's there, and you'd have to understand that technology... and where would you find then info on 60'OS's.
So tools are needed to make all this info searchable in ways that make finding relevant data easier, therefore cheaper, and then more software patents would be chalenged.
The real problem with those patents is not that they apply to software, but that they apply the wrong criteria to determine what is patentable. Non-obviousness is not enough in a field where the production process is the puting together of elements in new nontrivial ways. This is exactly the same as in the Hugo novel example of Richard Stallman: novels are produced by putting together elements in non-trivial and innovative ways. If monolpoly on every step in the production of a novel is granted to "patent holders" then production becomes impossible, except for those protected by a private army (of lawyers) that enables them to comfortably infringe inside while their armies are defending the perimeter. If car manufacturers would have had to legally clear every single car they make (and not once for all cars of a certain model) there would be no cars produced. A programmer is required to clear every single line of code. If you compare it to the automobile industry, it would mean at most a few hundres lines of code per year, and the rest of the time spent on legalities. Except, of course, for those organizations with private legal armies that could hide their programmers in secret instalations, secretly infringe on patents, and have the perimeter legally guarded by constantly attacking others.
FireBird->FireFox->FireWolf->FireLion->FireApe->Fi reMan->FireWoman->???
Same kind of comparison...
> ...somebody could think up 10 product ideas every week ...
... inability to check if the patent breaks one of the
> and patent them
>
> simple rules set out:
> 'No bussiness methods or mathematical algorithms',
> 'Must be non-obvious to a professional from within that industry'
> and 'There must be no prior art'
Creating software basically involves solving a series of "mathematical problems". Many of them non-trivial. The non-obviousness test fails for software because mathematical problems usually are non-obvious until you've solved them, and then many of them become obvious. What might not be obvious to some people is obvious to others, and there's nop common knowlege of "experts in the field" that can be used to determine "non-obviousness". The finding of non-obvious solutions to problems is the programmer's routine job. Software patents allow the patenting of whatever a programmer is routinely producing. Obviously it is not the aim of patent law to grant monoploly on the outcome of routine production.
Also: software is just a description of a process in a stripped down language (compared to natural language). Any process that can be described can be described in this kind of language and implemented on a computer. This was discovered by turing in the 30's, and led to the invention of the digital computer. This means that the fact that any process is implentable by computer is already encompassed in the invention of the computer, and shouldn't be repatented by allowing patents on input (software is input to the computer. Turing's main point was that there's no need for many kinds of computers' because there is a universal computer that can receive descriptions of processes as input). At least any "innovation" by replacing an element in a gadget by a computerized element should not be allowed, since it is obvious since the time Turing published his results' before digital computers existed.
Don't worry! People will not be watched by this technology!
The whole point is to narrow down the list of people that are watched using more expensive technology (such as human agents risking their lives. Since this technology quite obviously doesn't fulfil the goal, it will be dumped (or not used at all).
I have no idea about where that story you mentioned is, but the idea is really great.
A non-profit organization that would patent some ideas created during the process of creating FOSS and making it available to all FOSS for free (and perhaps making money that would go to furthering the cause of free software by licensing to non-FOSS*). It would protect FOSS from the possibility of ideas being hijacked and patented by others, and can also serve for building a "patent portfolio" for FOSS to level the legal ground in the world of software patents.
* If licensing to non-FOSS would be an option, criteria should be decided on in advance.
> 3. Distribution and advertising, well well,
> looky here, an internet. Who put that there?
I think you missed an important point in the article:
James Purnell, the U.K. minister for creative industries and tourism,
recently discussed the copyright issue in several newspapers.
"The music industry is a risky business and finding talent and
artists is expensive," he told the Sunday Times. "There is
a view that long-term earners are needed so that the record
companies can plough money back into new talent."
The purpose of the proposed changes in copyright laws is not to encourage more productivity from the artists. It's just to make sure that the requirement that artists are "found by record companies" as a prerequisite to distribution is met. At least that whatit seems that this guy is trying to say. Artisits have to be "found", (you agreed with this) and they should be found by "record companies" in a way that wastes money (compared to costs of self promotion and distribution using the internet).
> the USPTO should be made aware of it
I was thinking about something big enough that cannot be ignored. Big enough that a patent examiner would not be able to ignore without risking looking unprofessional, and that a patent applicant would be expectred to check before applying for a patent.
You cannot say "there was no avaialble information I could find" if it's easy to find in the Wikipedia. Not if you claim you're an expert and testifying in a court of law. If it's in the Wikipedia you would have been exoected to search for it before you came to testify, and if you didn't your textimony would lose credibility in the eyes of the court.
(and I think there should be criminal punishment in case someone applies for a patent for something that is obviously someone else's ideas. Knowingly doing this amounts to fraud. The problem is the word "obviously", and for this purpose there's a need for standard inexpensive ways to obtain such info on "prior art", that one would be expected to use before making claims).
> ... we may have to start a dues-payable coalition to patent members' innovations ...
> just so they cannot be later enforced
One idea I thought of, unrelated to the new law discussed here, is that there should be an open registry of ideas, so that anyone who wants to make sure her ideas cannot be patented by others, but doesn't want to file for patents on those ideas (or just doesn't need the monopoly privilege that goes with a patent, only the protection from others gaining this privilege) can publish their ideas so that they are recorded and accessible, and can be easily claimed as "prior art" if later a patent has to be nullified.
I really don't have more than a vague idea: something like a technical Wikipedia, that is open for people to record what they know, and records the time when information was added. And then can be edited (like Wikipedia, in a way that preserves editing history so it can serve as evidence) to connect things in logical ways so they can be easily found. Of course it should be fully searchable.
It can serve for letting people record their ideas so that it can be claimed that they were first (or that others were not first). Another use can be for recording past technological history in a way that makes it easier to find "prior art" (probably lots of ideas that are now patented as "software patents" were already used in the the early days of computing. But is there anyone that knows how to find it? probanly some of the methods used for billing on e-commerce on the internet were already used in mainframe computers billing systems in the 60's or 70's. But you need an old timer that knows those systems to find these things. If you create a central depository for these, you can have retired programmers from those ages contribute their knowledge. If you wait a few more years the knowledge would be gone. There would be noone that is able to read uncommentred COBOL code and tell you it does exacly what someone implemented in php and tried to patent). You'd need real people to contribute their knowledge about anything technical that was created in the past, and about where real evidnce about it can be found.
Anyway, if you want to be able to resist stupid patents, you need to leverage the community: create tools that allows the community to locate relevant info that shows patents are invalid at a very low cost. And for this you need efficient ways to communicate and record the info, and to retrieve it, and it has to be info that can be used in a court of law as evidence, so you need at least a credible organization that can verify timestamps.
Now of course you can argue that such a registry would allow anyone to browse it and patent whatever one finds in a "first to file gets patent" world. But I really don't think it can work. No court will buy such a cheap trick. At most it can put whoever tries to do it behind bars. If you have a reliable timestamp on the published idea. If you have a central repository that can testify about the time info was submitted, and if this repository is big enough that a patent applicant (or the lawyer representing the applicant) can be expected to search for prior art before claiming an idea is new, a court would not allow a patent. But if you don't have this, then whatever you published might not be considered verifiable by a court,and of course the patent appplicant would not be expected to be aware of it, and then a court might accept a "first to file claim".
Does what I write make sense? Someone, please make sense of it.
> ... and I'm not about to replace my address -
> it's too widespread to migrate my friends
> and family to something else.
That's the main reason why people find it hard to change an email address, and that's the reason why I use different email addresses for different purposes or with different people: to lower the risk that more important addresses are lost, and to lower the burden of changing any one particular address.
Using a single or few addresses locks you up with those addresses. I had to keep the Hotmail address I used for subscriptions to different services for at least two years with all its spam, because I knew I gave it at some places I prefered not to lose mail from (places I gave a credit card number to...). Now I only use sneakemail.com addresses for registrations, and I always know who got what address. With friends/family I use several addresses in my own domain. Jokes and the like I send only with "From" and "To" addresses in spamgourmet.com (and recipients only in "Bcc"). Sometimes I use aliases in fastmail.fm.
> Greylisting will prevent you from receiving email ...
> from a variety of non-complying SMTP hosts
such as slashdot.org?
I tried enabling greylisting on the sneakemail.com address I use to receive email from Slashdot, and it blocked all the email from Slashdot. The logs on sneakemail show many delivery attempts from Slashdot, so I guess there is some kind of incompatibility between the way Slashdot tries to resend the message and the way Sneakemail expects it to be resent. I don't know who is to blame for the incompatibility. Probably no one, since there is no specification on HOW redelivery should be attempted. Anyway, it shows that there can be problems with greylisting because the way a client resends the mail is not well defined.
On the other hand, greylisting is a very effctive filter. I enabled greylisting on the address I have in the whois record of my domain, and I get practically no spam to that address (before greylisting I got quite a lot, and the sneakemail greylisting logs list lots of attempts that are easily recognizable as spam: lots of broadband connection IPs, and "from" address from domain not matching sending server.).
Publishing an address in Slashdot is the most effective way to receive spam, and receive spam fast. About 10 days ago I changed the address I use in Slashdot. The next day I already received spam on that address. The older address is now greylisted and doesn't receive any mail, but the logs show many messages blocked by greylisting (31 yesterday). What I do now is change the address I publish in Slashdot every once in a while, and enable greylisting the old address. It doesn't block all spam, but it takes a while for the volume of spam to the new address to build.
Why not let Bach's heirs profit from their inheritance? Would it make such a big difference?
All you'd have to do to play Bach's music that you don't do today, is locate his 20 children, 400 grandchildren, 8000 great grandchildren etc, contact their zillion lawyers, and just clear the copyright with each of them. And then you can perform the particular piece in a particular time and place. And then of course you financial institution would distrirbute the licensing fees to their Zillion bank accounts. Not too complicated! And then composers would know that their work "stays in the family"!
The only problem with this, is that even with just a few heirs, the costs of legally dealing with all heirs would really mean some other work with less legal issues would be performed. If playing Bach's works meant all his heirs have to agree, Bach's works would have been long gone!
$0 tax on copyright extension after a prescribed period is enough. The act of actively seeking extension has its cost too. Only interested parties would pay for keeping their works inaccessible to the public.
Read "Free Culture" by Lawrence Lessig (lessig.org). One of the most important exmples in this free online book is the way copyrights on Shalkespear's works affected the history of copyright laws (another example is how Disney and Holywood what today is considered infringement to build themselves).
The vast majority of copyrighted works do not make a cent for their "owners", and cannot make a cent. They did not ask to retain the monopoly granted by copyright laws. It was forced on them as a "default". If the default was that a work loses protection after a short term unless the "owner" actively extends the monoploly priviledge, then those "owners" wishing to still be able to profit from their works can extend their copyrights, while those who don't think it's worth theeffort do not, and the public can then access those works,
HOWEVER, the big "owners" of copyrights, those whose business model is trading in these state granted privileges, understand perfectly well that to be able to profit more from the privileges granted to them competition has to be avoided. And if the revival of old abandoned works loses the high cost of seeking the legal owners and clearing copyrights, then many of them can reenter profitability and become competitors. As long as an abandoned work can only be reintroduced commercially by the copyright owner who lost interest, or by someone with a big legal department that can handle the job of clearing copyrights properly, they don't create a real threat of competition. But when put in the public domain, the legal costs disappear, and then there are many people, not just one or a few, that can make use of the work, and many of these works would then be reused in many ways.
So it's just a matter of avoiding competition. I have nothing against letting Paul McCartney earn more money from Love Me Do (though I doubt he earns anything from this particular song. At that stage in their careers the Beatles were not in position to actually demand to get a share...) But I think it should be conditional upon active and frequent renewal of the monopoly privilege, so anything that is not a real source of profit or is of no interest to the "owner" passes automatically to the public domain, and is not held hostage by the costs of legalities.
BTW, my opinions on these matters are very much influenced by Prof. Lawrence Lessig (lessig.org). GO read his online books ond learn a lot on these matters. Reading doesn't imply you have to agree. Threre's a lot of historical and legal facts there, not just opinion.
OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)
The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...
Hotmail accounts are not disposeable if you use them for registration anywhere.
I used to use a Hotmail account like that. The problem is that after using it for a while and giving it in various places, I ended up with an account I couldn't dispose of, because it was given at some places I wanted to get notifications from. Furthermore, I did not remember exactly all the places where I used the Hotmail address to register, but I knew I would rather get notifications from some of them (especially in cases where money was involved). Of course there were places I did know I registered with that email address that wouldn't allow change of email address (stupid, ha?!) and there were places that allowed it but finding how to do it was too much effort.
So my conclusion is that any address you use more than once is not really disposable. What you need to overcome the problem described in the article is to use many addresses, each address once or with a small well defined group of senders. Addresses in one's own domain can serve that purpose, but has some drawbacks, and the main one is that it's a completely manual process. "Disposable address" services give different kinds of automation tools that achive different goals. I use spamgourmet.com (that was described in another reply to the parent) but only to post in forums or to "register" in places I never want to use again (like reregistering each time I want to read an article in places that "require preregistration"). The lesson of not remembering all the places I registered in made me use sneakemail.com for almost all registrations. It a bit more effort, by having to click a few links to generate a new address each time, but the advantage is that it is a place that records all the info I want to remember on registrations in one place, accessible from anywhere (and also makes it available as text or csv files). Sneakemail.com is a bit geeky in the way it builds actions from components, but that would only appeal to the average slashdotter... I only use my own domain for registration when I expect to receive large attachments bigger than sneakemail's limits, or for giving to people I know or work with, and even with this I use different addresses at various subdomains so I can easily block those that will get too much spam in the future.
One-time permanent addresses have many more uses, such as using the recipient's address for email authentication (the recipient's address is the only data that SMTP requires to be correct for email to be deliverable).
Abyway, the most important concept is "not to put all the eggs in the same basket"!
> ... are leading us into a new dark age, ...
> where knowledge itself is restricted to
> a select few, a tyranny of DRM
Don't worry! It would be short! (and would be followed by a global war).
When you have laws that people (or countries) cannot live with, people (or countries) first try to get by. When they decide they've had enough, they change the rules. If violence is necessary, it is used (think 1776...)
> ... the school is doing more than its share by giving classes
> and getting the product know to young prospective users.
True. But the real benefit that schools can give to FOSS is by contributing code. This is not something that can be expected from a single school or schhol district. However, this is something the FOSS proponents should encourage. There is a "coolness factor" in FOSS: you can build on it. You can add something and than say "I made part of it". High schools have lots of young talented people that can contribute. The problem is how to teach them that they can participate. How to make participation "cool".
To be "cool", participation in the development of FOSS should not be limited to geeks (sorry...) Right now it is very hard for a non-techie type to get started contributing to a open source project, or even to understand how to get started. There are many ways to contribute for "non-coders": graphics can be contributed. Documentation can be contributed. Interface design is something that needs lots of "non-geek" participation.
If FOSS can make it into a substantial number of high schhols, and if things are appropriately handled, FOSS can benefit from very high return in the form of students' participation in development. For this to work a critical mass has to be reached, and the "coolness factor" has to be leveraged. What you would want to see is students prefering FOSS because they can see how their ideas can be rapidly incorporated into the software, i.e., the software learns how to work with them, instead of them learning how to work with MS software.
I realize what I wrote here is very vague. Others might be able to say it in better English than mine. The important thing is that there are millions of kids with all sorts of talents and loads of creativity that can be leveraged to make better software. The average teenager has much more creative potential than the average 25 year old programmer. And what school kids can contribute that FOSS somewhat lacks is usability: not by recreating what MS has, but by doing it in new ways, that adults would never think of. There are fresh minds out there, but to recruit them you have to make an environment that compensates them in the way teenagers expect to be compensated: by making them feel "cool"!
Of course there are other important reasons why schools should bith use FOSS and encourage students to participate in its development, such as teaching the value of contribution to society: you use what others have contributed to you, and you pay back by helping others. You learn by doing things. Students can even get credit for donating time to open source projects...
I downloaded and installed OpenOffice.org on a WIN98 machine in an effort to gradually switch to open source software. But I have never been able to view even one MSWord document correctly in Ooo. (It was not the last version, and all documents I tried were mixtures of right to left text with math formulas. But that's what I need for everyday use. MSOffice has been doing this for years.) I hope sometime in the future it becomes more useful to me.
This is not so much different from the old Netscape vs. IE issue: IE supported bidirectionality years before Netscape, resulting in almost all Israelli websites created specifically for IE (there was no point writing code for nonexistent platfoems. It's quite similar with Ooo now. It doesn't work smoothly, and most people who try it and see it doesn't work for them go back to MS Office, and don't recommend Open Office to anyone.