If it's illegal behavior, then divulge it to law enforcement rather than a journalist.
And what if law enforcement is unresponsive, for whatever reason (incompetence, lack of resources, corruption)? Also, you may have to hire a lawyer merely to find out whether the reported behaviour is indeed illegal. If you report it to the police, but a court later finds that the company did in fact have the law on their side, will the company now be able to find out who made them subject to investigation and lots of bad PR?
If it's morally corrupt but not illegal, then I'm not convinced there should be protection.
So in the end, you are better off not talking to the press at all about anything, because you don't know whether the reported activity will be found illegal, and you will lose your anonymity if it isn't. I'm not asking for complete anonymity under any circumstances, I'm asking for anonymity granted in a predictable fashion on known criteria. When requesting anonymity in return for information, "we'll consider it" is not an acceptable answer whether from a newspaper or from law enforcement. It should be either yes or no.
In this case, it seems that the journalist himself may have broken the law.
That may be so, and if publishing someone's trade secret is illegal, the plaintiff should target the publisher and have him pay damages, thereby preventing the press from becoming a haven for dissemination of regular trade secrets. While I can understand the plaintiff also wanting to nail the leak, I think allowing them to do so will harm the ability of the press to make contact with more deserving whistleblowers.
The decision to publish rests with the publisher, and with the publisher alone. Therefore his source should not be penalized differently depending on his decision. If someone violates an NDA and talks to a journalist, but the journalist refuses to publish or use the information in any other way, what harm is done? Why should third parties (could be anybody, but especially journalists) be forced to act as informants against either of two parties in a private contract dispute?
By the way, that Freedom of the Press Act I referred to has a history going back to 1766, though its current version was drafted in 1949, with government censorship efforts during World War II in fresh memory. The Swedish government had made a habit of invoking an old and poorly conceived "transport prohibition" to prevent the distribution of newspapers criticizing German politics, and after the war strong protection for press freedom was seen as the best way to prevent a reoccurrence. It's a lesson I hope future generations will learn by reading rather than from hands-on experience. Guess which country invokes contrieved intellectual property claims to silence political opposition abroad even today?
I don't see protecting the source of a trade secret in the same light as, say, protecting a whistle blower who tips off a journalist to illegal or morally corrupt behavior.
I agree that those situations are different. However, they could be intertwined to the point that someone may technically have to violate an NDA in order to disclose morally corrupt behaviour. While a court could declare the NDA non-binding under certain circumstances, such an outcome cannot be reliably predicted by the whistle blower or the journalist before the information is handed over.
If you obtained trade secrets under an NDA, you do NOT have the right to tell those to a journalist at all.
Of course not. The issue is, does the journalist have to assist the plaintiff in identifying the leak?
Either it was "stolen" by someone, or someone breached their contract. In that case, the journalist may have broken the law by inducing the leak.
Journalists are supposed to be third parties disseminating information to the public. When you talk to a journalist, you do so voluntarily and at your own risk. The journalist cannot know what information is covered by an NDA and what is not. Should he be afraid even to ask questions? Does the law effectively make him bound by the contract as well?
It seems reasonable to investigate, and part of that investigation would be asking the journalist where he got the information.
The possibility of a contract being broken, or a crime being committed, does not necessarily allow every potential means of investigation. Can you obtain a search warrant or a phone wiretap in order to resolve a case of petty theft or a business dispute? Forcing a journalist to reveal his source sounds like pretty much the same thing.
For an alternate legal take on the issue of anonymity and the press, see the Swedish Freedom of the Press Act, in particular Chapter 3 (On the right to anonymity), Article 3. In Sweden, I believe Apple (a private enterprise) could have asked the journalist for his source without risking anything, but the journalist might face a fine or up to one year in prison if he complied and answered.
Apple didn't fulfil its obligations to investigate internally FIRST.
Sitting in a different jurisdiction, knowing little about U.S. law, I find myself asking: So all it takes for a U.S. corporation to compel a journalist (or anybody else) to reveal his source is that they conduct an internal investigation?
I understand we are talking about the First Amendment here, about fundamental civil rights. You should be able to talk to the press and trust them not to reveal their source unless some action of your own allows them to. If the law won't respect your anonymity, you should know so beforehand and not talk at all. But here your right to anonymity is appearantly dependent on a procedural matter of fact that can be established only after you have talked to the press, and it's the plaintiff alone that gets to decide whether that investigation will happen.
Imagine being denied your Fifth Amendment right not to testify against yourself merely because the plaintiff has acted with due diligence and performed the (hypothetically) required tap-dance-on-a-harpsicorde in the courtroom. It's not like Apple must obtain someone's permission to conduct an internal investigation, right?
The most appropriate solution is the one that works for the majority of users.
No, that's not the most appropriate solution but the most common one. Your solution (the government) is not the most appropriate one for me, therefore I'm not buying it. If a majority of users want your solution, they are free to use it, but then I must wonder why sheer market pressure hasn't yet made that solution materialize. Nobody is preventing your government from issuing a blacklist, service providers like yours are crying for it on behalf of their customers, yet nothing seems to be happening. Why? And how would that solution in any way affect my needs, or the technical and legal abilities of my ISP to fulfill my demands?
Being a petty 0.0.0.0 ass hat does little good for any one
I never claimed it did; it was just to demonstrate that the number of host addresses in any particular addressing scheme doesn't matter. Blocking the entire network is just as pointless as blacklisting a single abusive host - either way, you are removing only a single host from the network, be it your own server or the abusive client. As usual, the optimal solution lies somewhere in between; large groups of users agreeing to block large groups of addresses. There is no single source of abuse that could be disconnected, nor any single authority on what constitutes abuse that we all could rely on.
don't forget to remind me about wireless in your reply
Consider it done, and to save time I'm responding to your reminder in advance of seeing it, guessing what it's about: It doesn't matter whether a blacklisted host is wireless or not, as I don't care about the physical host, only about the abuse history of the addresses it uses. If a wireless open relay travels the world, spamming via a thousand different IP addresses on different networks, to me it's just the same as if a thousand zombie machines on land lines relay one junk message each. I'm not dealing individually with each host, but usually with individual network providers, expecting them to either keep the abuse below a tolerable level or face blacklisting.
Blocking in the reality is all about accuracy. Blocking and leaving open specific addresses not blindly obstructing whole ranges of adresses.
Indeed it is, and since I don't have the resources myself to monitor the entire Internet down to the level of detail I'd want, I expect others to assist me, in return for me assisting them. I will monitor my network, you will monitor yours, and then we can exchange data. When I can find nobody on a remote network to form such a partnership with, or when the network owner is actively obstructing my efforts, I will have to go for the second best option, which is to block the entire network. Allowing them to continue abusing my resources is not an option to me when they don't give me anything in return; it would be like rewarding them for being mean. If they eventually change their mind and want to cooperate, I'll be all for it, but noone has so far offered a fair and equal deal.
For a lot of companies one missed communication can cost millions of dollars. For end users accidental misses can cause enormous frustration.
Unchecked network abuse can have the exact same consequences. However, no two users are alike, and any company wanting to be reachable from precisely any IP address should of course receive what they ask for; they should have the resources to cope with the abuse. In the meantime, I should be able to receive the protection I ask for from my ISP, and if I request that mail from certain IP addresses not be delivered to my inbox (and I'm even willing to pay for that extra service), I expect that to happen, or I'll look for another ISP. Bringing in the g
Either you spend all that time and money asessing applicable IPs to be blocked and unblocked or somebody else does it for you for free and takes legal responsibility for it (guess which will win).
Somebody else already does this for a lot of us, sometimes for free, sometimes for a fee, and that somebody is not the government. As for legal responsibility, everybody are responsible for their own actions, except governments which tend to place themselves above the law. If you don't want to assume responsibility for your own business, your government certainly won't do it for you (and in order for me to be more specific, you will have to explain what actions you are concerned about).
Now take into account IPV6 and good luck, you will end up doing nothing but blocking and unblocking IPs all day long (from spamming entertainment centres, toasters, fridges even mobile spam from vehicles).
The China story is about blocking the IP space of an entire nation, not individual hosts. It takes a single line of text to block an entire IPv4 range of size/16 assigned to an ISP. When IPv6 takes off, it will take a single line of text to block an address range of size/64 (which I believe is the smallest range normally assigned to a single entity under IPv6, in spite of it containing 2^64 128-bit addresses, or 4 billion times the number of potential IPv4 hosts). There won't overnight be 4 billion times as many network providers to block, and nobody is concerned about individual toasters.
A government list always implies liability and accountability with IPs put on and taken of in a recognisable and manageble process (ignoring anything that homeland security does of course).
That is, ignoring the current track record of at least one powerful government. As for the government ensuring a manageable process, I'd like to see an example of that first, otherwise it merely looks like wishful thinking.
I know I am looking at it from the ISP point of view but that is the only one that really counts going forward.
As you should be doing, if you are an ISP. As I'm not an ISP, but a private Internet user, I'm looking at it from my point of view, since that is the only one that really counts for me. Since I manage a router at work, and I have experience from maintaining a blacklist, I can be fairly specific in my demands when shopping for Internet access. I usually don't do business with vendors who think they know better than me what I want, and I certainly won't give my money to someone who thinks the government knows that better than me.
As I said, wasting time in a fools paradise thinking that you as a individual can effectively block IPs when IPV6 takes over in is just silly.
Read my explanation above. It takes only 0.0.0.0/0 to effectively block the entire IPv4 Internet, if I wanted to. IPv6 addresses are only four times as long, but pose no significant problem to blacklists, unless registrars start distributing individual/128-size addresses randomly worldwide (which they won't). Tell me your IPv6 address range, and I'll show you how to blacklist it in five seconds.
However, I wish you good luck in convincing your government (or any government) to establish an IP address blacklist to protect your servers from network abuse. In order for it to be successful, it must prove effective in comparison with all other blacklists in existance. I work for my government (indirectly), I have seen "legal responsibility" in action, and it's a pretty good antedote to effectiveness, as in "yes, they run an open relay, but since we depend on their money we cannot refuse accepting their mail".
The only catch with any kind of blocking is you are in effect taking the law into your own hands.
No, the law needs not enter the picture at all. You are assuming that a third party (such as an ISP) is doing the blocking against the wishes of two parties trying to communicate, in which case it would constitute undue interference. That is what the Chinese government is doing against its own citizens.
Blacklisting Chinese address space is about server owners protecting their property from unwelcome visitors. That's their right to do, unless they have contractual obligations with customers telling otherwise. I'm a customer of an ISP, and I demand that the services I use are kept unhampered by abuse. If that requires severing connectivity with much of Asia, so be it. If I want Asian customers, I can buy space on a server aimed specifically at that market without requiring everybody else to handle the abuse they receive from "my" potential customers.
IP blocking registers should be maintained by the government, with an accompanying system for handling complaints etc. A private distributed electronic police force is unacceptable. There needs to be a system of responsibility and accountability put in place.
Have you really thought this thing through? A government-maintained list of blocked IP addresses is precisely what you will find in China. I'm sure they have a system for handling complaints as well, but who will bother to complain if they merely risk being labelled a threat? I don't exactly see how the words "government" and "responsibility" can fit into the same paragraph.
Besides, a government-maintained blacklist would be pretty pointless, as few people would use it if they weren't forced to. The idea behind blacklists is that if they become popular, the market forces will eventually drive the listed providers out of business, thereby eliminating the abuse they caused. The government doesn't need a blacklist to drive someone within their own jurisdiction out of business; they can levy fines against the company or shut it down by law instead. Blacklists are useful precisely because the law doesn't get involved; you don't need a government license to organize a boycott.
Anything a web-hosting service does that affects their connectivity is unethical if they don't disclose it to their own customers, whether it relates to DoS attacks, virus e-mail or plain political censorship. How service providers sort these things out with their customers is an issue entirely different from the one I'm discussing, the consequences of severing connectivity with large portions of the Internet population. I'm a private user rather than a business, and I want my ISP to take effective action against abuse, but I also want my fellow customers to have a choice, so I prefer solutions which can be enabled or disabled on a per-customer basis.
While zombie requests for non-existing services aren't dangerous themselves, they do indicate that the sending host has a problem and may spell trouble to you in the future. Also, if you are concerned about your server logs and their usefulness for statistics, you want an easy way to filter out those zombie requests without losing all your error logs in the process. If a particular kind of request is never logged by my server, I don't want the request to be successful to the sender either, because I have already assumed that it's bogus and I want to tell the sender so (just in case a human is watching).
Blocking the specific ports noone is using makes little sense, if you really know what ports are never used. If you don't know, blocking them is a good security measure regardless of where the request comes from. It still doesn't help you distinguish between good and bad requests being sent to the ports or services you do use, and what at first glance looks like a benign request for a non-existing service may eventually turn out to trigger a buffer overrun problem in the server. Remember, the sender may know something about your server that you don't, so it's a good idea to at least keep an eye on those error logs.
The point of refusing access from certain IP addresses is not to deny service to any particular individual (or nationality, in case of entire countries being affected), but to protect against likely abuse and encourage individuals to use some other IP address. As long as your boycott is aimed at their network infrastructure (for aiding abuse) rather than at the country itself (for political reasons), individual users routing their traffic via other networks is not a problem; it's what you want them to do. The idea is that the secondary network will sort out the abuse (by making sure they know who their customers are, or by other means). If they fail to do so, they will be blacklisted too.
Therefore I see no point in specifically blacklisting any single country, if not for political reasons. Entire countries are blacklisted because they conveniently map to large portions of IP address space. Some Chinese universities probably received their IP blocks before the commercial operators did, and may therefore have addresses in completely separate ranges. If the universities are a bit better at managing their networks, and the bulk of the abuse therefore comes from the commercial blocks, there is no reason both should be listed merely for being assigned to the same country.
Likewise, a single address block may contain several operators in different countries, causing them all to be blacklisted simply because telling them apart takes too much time. It's all about network abuse history, not about nationality. And, I wouldn't have to rely on everyone else blocking a single abused network either, unless they all were to forward that abuse to me.
I have however considered blocking mail servers indiscriminately "bouncing" virus messages having our domain forged onto them, when they have received those messages from IP addresses (often Chinese ones) already included in public blacklists. They could avoid such action on my part by simply using said blacklists themselves, but exactly how they solve their problem is up to them. If they simply avoid "notifying" innocent people every time they receive junk mail or other abuse, I will not bother them.
I appreciate that we agree on where to place the blame here. That said, I don't see why even a broadband provider lock-in would be too difficult to circumvent. Couldn't you get a Unix account with some other ISP, and route your traffic through a proxy on their network? After all, this is what spammers do to work around various blacklists, except that they steal such services instead of paying for them.
I don't know whether there are proxy configurations suitable for this task already, but I see no reason why it couldn't be done. The same goes for ISP policies, which seem keen on banning random stuff that isn't in high demand from users. I don't have broadband connection myself, but I use traditional dial-up from home, so maybe I'm not seeing the problem here.
It may be inconvenient to you, sure, but the idea is that you will be faced with a single inconvenience of your own design, rather than a diverse set of hoops forced upon you by others. The network abuse problem is near your end of the wire; it should preferrably be handled there too. Then we can watch a dynamic market for premium address space emerge. Who doesn't want to arrive at the virtual party in a shining white IP address, even if it's merely a rental one?
Eventually, ISP lock-in will have to go, broadband or no broadband. All you need is a network owner willing to carry your traffic between A and B; it shouldn't matter how many other providers you are forced to do business with. The current lock-in situation is one reason I don't have broadband yet, since the market forces are disabled. I also prefer buying services one by one, rather than as complete packages, to simplify switching when those services deteriorate. Connectivity from one vendor, e-mail from a second, web space from a third... Having your own domain thus becomes essential, because you can bring it with you when your provider makes a mess (I learned this the hard way).
I'm happy with my current ISP, and I don't foresee any trouble there. I plan to run some blacklisting service of my own, mainly for fun. Should my ISP begin to host spammers, I may not be able to move out immediately, but I'll make a point of adding him to my blacklist even if I end up getting my own mail returned to me thanks to that listing...
Come to think of it, providers locking in their customers make a suitable target for another kind of blacklist, one intended to promote consumer choice rather than punish spammers (although there may be some overlap here, as any provider in a monopoly situation is less likely to deal properly with spammers than one facing normal competition). If customers of lock-in providers get a reputation for not being welcome everywhere, don't you think those providers will start seeing customers demanding a better deal? Similar to boycotting trade with people living under dictatorship, to help them liberate themselves.
It should be, and if they only selected 90 recipients anyway, it shouldn't have been too much work screening them manually before mailing them. In any case, it would have been less work than what they tricked 80 mistaken recipients to do for them, unpaid. One trained lawyer can probably screen each recipient's website in less than two minutes, while 80 non-lawyers are likely to spend more than five minutes on average reading the legal notice and contemplating whether they may be infringing.
If I'll ever receive an unexpected legal notice from someone I don't know, I'll treat it as junk mail until the sender spends some effort to actually contact me, at which time I will request compensation for wasting my time before addressing whatever issue they want to bring to my attention.
I have difficulty joining several IRC networks or even posting on slashdot without jumping through hoops because it seems that there are an awful lot of kiddies on my subnet that like to spam/flood/ircbot. Could it get worse?
Sure it can get worse; it may eventually be impossible for you to do anything at all, regardless of your willingness to jump through hoops, as long as you share subnet with those kiddies (or whatever issue people have with your IP address). If I were in your situation, I'd be grateful to be provided with any service at all, even in a manner inconvenient to me.
Will there be a point where I'll have to switch ISP just to get the services I want?
If you live in a rough neighbourhood, where kids throw stones at passing cars, chances are that the icecream salesman will never stop outside your house. Nobody is blaming you for the vandalism, but having you as a customer simply doesn't outweigh the costs and risks associated with visiting your street in the first place. If you want to do business at home, either teach your neighbours to play nice, or move to a better neighbourhood. You probably won't like buying icecream via mail order.
This analogy fails only when you consider the realities of moving; it's far easier to switch ISP than to switch residential quarters. So why cling on to a tainted IP address? The more people are willing to switch ISP because of poor network abuse ratings, the more eager providers will be to keep those kiddies at bay without relying on third parties to identify them (I stopped reporting abuse several years ago, because I couldn't find a single ISP willing to pay me for doing so).
I agree, and while there are probably many legitimate mail servers still unknown to TrustedSource, a "raised concern" for this reason alone should not be enough to reject mail from that source. Maybe if a number of other tests simultaneously flash yellow warning lights, the fact that the IP address has no history of past mail may be enough to trigger a rejection.
My problem with the TrustedSource site, however, is that they don't seem to provide any documentation explaining how their ratings are calculated, or how they are supposed to be used. My mail server certainly won't access their website to look up the IP address of each incoming message. Do they provide their ratings also via DNS, or is that a service limited to paying customers only? If they want to sell that service, they should either show or explain what I will get by paying, not merely provide free interactive lookups that will be boring after two minutes.
I like the concept of reputation-based mail processing, but it's just a generalization of blacklists, which have been around for nearly a decade. Anything new here? I'm afraid they just lost my attention, and I regard myself as patient.
Since I'm not familiar with how a "not for profit" corporation is defined under United States (or Australian) law, nor what LMI or LAI have said on the matter, I'm unable to state anything with certainty.
According to what others have said on Slashdot (and since everybody on Slashdot is a lawyer, you can trust their word), the license is only required if you register your name or trademark with "Linux" in it. I suppose "registering" here means registering it with the USPTO or some other government agency making sure it doesn't clash with an existing name. If your government is anything like mine, registering involves paying an administrative fee of some size. If you do that, paying an additional fee to clear the "Linux" name for your use doesn't seem like a lot to ask. Of course, there may be special cases where this additional fee would still be inappropriate.
On the other hand, if you don't officially register your organization at all, but merely use your name including "Linux" informally among yourself, and don't make any money from it (collecting membership fees to pay for regular expenses hardly counts as "making money"), would it still constitute an organization subject to trademark licensing? I have a hard time seeing how, unless trademark law in your country is really nuts, and considers any gathering of people a "business" event similar to a trade show. It may make sense to regulate the exact wording of statements (including names of things) made in advertising, but hardly in casual speech or informal notes on paper.
Bigger players can be made to subsidize smaller ones, but only to a certain extent, or the fee structure will affect how licensees organize themselves. As I understand it, the "projected annual gross revenue" doesn't refer to the entire corporation, but to the money made specifically on the product or business having "Linux" in its name. If Microsoft were to create a web browser based on the Linux kernel and call it "Microsoft Linuxplorer" but give it away free of charge, no strings attached (or at least earn less that $100,000 annually on it), I get the impression they would only have to pay the $200 fee for the name. A number of other multi-million dollar companies acting the same way, and LMI would soon have no licensees at all paying either $9,000 or $5,000 to subsidize the smaller ones, but they would all try to be subsidized by each other.
A better strategy would be to draw the line between the for-profit and not-for-profit entities, letting all the former subsidize the latter (common sense suggests that it's safer having a lot of customers/supporters/whatever paying a small sum each, than having a few of them pay through their noses). However, here you must consider the specifics of national legislation, whether it's possible for a for-profit entity to establish a not-for-profit one and move part of its activities there. These things must be strictly regulated, but I believe they may be regulated differently in different places. Isn't LMI (Linux Mark Institute) itself a not-for-profit entity? Yet numerous Slashdot posters seem to be accusing them of making money!
I have read that the Church of Scientology was once awarded tax-exempt status (as a religious congregation I think) by the United States taxation authorities. Maybe they are registered as a not-for-profit too (it certainly wouldn't surprise me)? If trademark law doesn't allow LMI to make a difference between "good guys" and "bad guys" all acting as not-for-profit entities, maybe a small fee for all of them will be a lesser evil than a zero fee being too attractive an opportunity for numerous "bad guys" to ignore?
Obviously, I don't have any direct answers for you, only speculations. I doubt you will find definitive answers on Slashdot, so I suggest you contact LMI and ask them directly. Please consider though that you may not be the only one asking them, in case you wonder why it takes them so long to respond...
While LMI supervises worldwide enforcement of the tra
Indeed... I'm getting tired of commenting, the same clueless objections keep reproducing themselves all over this discussion like rabbits.
I think it may be time for a practical demonstration. Someone, please file a fraudulent trademark application for "Slashdot", then request renaming the slashdot.org domain to something else unless a fee is paid. Or, if the trademark is already in the hands of its proper owner, launch a campaign to have the owner "release it into the public domain" (after which it can be registered by anybody else), in the spirit of free speech and beer and whatever!:-)
Sending it to everyone with "Linux" on their web site is like the notice stamped into my crowbar that says, "WEAR EYE PROTECTION". It's just legal CYA. If they didn't do that, they could lose the trademark, which would be a disaster for Linux.
That notice is the only thing I really question about LAI (if it happened as described; I didn't receive it myself since I don't live in Australia). Sending e-mail to every author of a web page containing the word "Linux" is spamming, whether required by law or not. If they had at least done some manual screening to try to weed out non-infringing uses, but made a simple mistake in one or a few cases, that could have been excused after an explanation. Expecting any inappropriate recipients to sort it out themselves is not something I tolerate.
Several years ago, the Software Publishers Association sent spam to 300,000 FTP system administrators to warn about the potential for software piracy. I was one of the recipients, and I immediately blocked their 207.95.37.0/24 network in our router, prohibiting them from talking TCP to our university department network again. They are still blocked, though I doubt they have noticed.
As for the law requiring a notice being sent, I doubt it, but I guess I have spent fewer hours studying law than the number of really stupid laws worldwide, and I know nothing about Australian law in particular. In any case, any spammer telling me "it's the law" will be treated just the same as any other spammer: Blacklisting and blocking. Hard to implement retroactively, I'm afraid, but I need to make the point that my mailbox does not exist for the purpose of people fulfilling whatever legal obligations they have or believe they have towards somebody other than me, period. If you absolutely need to yell at people, please do it where nobody can hear you.
Will my refusal to receive their notice make them lose their trademark? Probably not, but if they lose it, I will tell them "it's the law" and suggest that they keep their hands off my mailbox next time. In this way, spamming could also spell disaster for Linux.
And sending email is the only cost-effective way to do it.
Yes, that's what spammers usually say, expecting recipients to pay the bill instead. There ain't no such thing as a free lunch.
I'm all for Linux Mark Institute protecting Linus Torvald's trademark; they are doing us all a favour. All I ask is that they don't engage in spamming in order to protect it. However, I have no evidence indicating that they did, only hearsay, so I see no cause for action in this case.
this poses no immediate danger in that someone in the community had to change what they are doing (in this case, change product names) or face immediate threat of lawsuit
A few years ago, good guys publishing Linux-related stuff were being threatened by someone who demanded license fees for use of the "Linux" trademark, which he turned out to have registered himself at the USPTO. I don't remember the name of the guy, but it wasn't Linus Torvalds or anybody else in the community. It was eventually possible to get him to transfer the registration to Linus (or maybe it was invalidated, I don't know which), but doing so did cost a lot of money and legal work.
That's the incident that started this thing. In order to protect the good guys from being challenged again and again over this by various bozos, Linus has delegated authority over the name to Linux Mark Institute so that they can protect the name worldwide, but running such an operation does cost real money (I doubt any national trademark registry allows you to register a trademark free of charge).
Remember, "free software" isn't about "free" as in beer, but as in freedom. Sometimes you have to pay real money for that freedom, or someone else may take your freedom and your money away.
This isn't about Microsoft, which I doubt will resort to releasing bogus "Linux" software just to tarnish the name. It's about all the anonymous bozos trying to make a quick buck off something they had no part in creating, hurting us all in the process. LMI cannot base its trademark license conditions on the concept of a single enemy such as Microsoft, but has to consider the realities of trademark law and established business practice, including the risk of lawsuits.
Yeah, now they'll have to pay $5000 to call the product "Windows Linux".
If their product is based on Linux, why not? However, if their product is not based on Linux, but merely pretends being so, thus tarnishing the Linux name, merely paying $5,000 to LMI will not grant Microsoft a license to use it that way (or in any other way they would like).
An annual trademark license is not something you can buy at 7-11 without telling what you are going to use it for. Neither can you duplicate it or resell it yourself. It wasn't the high license fee requested by Sun Microsystems that forced Microsoft to stop tweaking their Java implementation, while still calling it Java. It was the conditions of the license prohibiting such use of the name, irrespective of any fee paid.
the trademark should only be enforced when it's being used to refer to something incorrectly
Hopefully, the number of incorrect uses of the trademark should be very few compared to the number of correct uses, maybe even zero. Still, registering trademarks in 200 different jurisdictions costs money, and Linus can't pay for that out of his own pocket (other individuals have already contributed substantial amounts personally to defend the Linux trademark against incorrect use, before the Linux Mark Institute was established). Therefore anybody using the trademark correctly in their business should help pay for the administration.
If LMI engages in litigation against fraudulent use, hopefully the court will make the defendant pay the legal costs of LMI in that particular case, but LMI cannot rely on damages awarded through spurious litigation to pay also for their day-to-day costs; then they would have to seek litigation much like SCO or the RIAA to ensure a steady stream of income.
Imagine trying to distribute your music free of charge to your fans, while relying entirely on damages from lawsuits against bootleggers to pay for your studio and production costs? The fewer lawsuits, the higher damages you will have to seek in each one, because the production costs will be the same... Division by zero is not your friend!
The legal reasons already given above are of course also quite relevant and valid, regardless of the financial ones.
But if Brandix benefitted from the accumulated value of the Linux product (and obeyed the GPL), but avoided all mention of "Linux", and delivered outstanding value to the market, it might eventually eclipse the Linux brand.
Isn't this somewhat similar to how Linux has benefitted from the accumulated value of the GNU/Linux product (and obeyed the GPL), but avoided all mention of "GNU", and delivered outstanding value to the market, and thereby has eclipsed the GNU brand? Linux has become a household name; GNU has not.
Except that RMS never charged anyone for using the GNU trademark (I suppose it's not even registered). If this is the worst that can happen to Linux, I will not lose any sleep over it.
Besides, I understand that current trademark law in many countries doesn't really provide much of a choice to Linus; he can either register the name and be relatively safe, or he can try to protect it with his bare hands against every sleezebag out there wanting to make a quick buck. With a separate trademark registry in every national market, that's a lot of opportunities for fraud.
By the way, when I first heard about LMI, I thought of Lisp Machines Incorporated, one of the two companies (the other being Symbolics) formed to commercialize the hacker workstation conceived at the MIT AI Lab, where RMS worked. It was the commercialization of the lisp machine software and the conflicts it created in the hacker community that eventually led RMS to create the GPL. Is this story coming to a full circle now?
How is this different from opting out directly to the spammer, according to the instructions received in the spam message,
Because the merchant's ability to sell to customers who arrived at the site via normal means is impacted.
I made a grammatical mistake in my previous comment; I meant to point out that common sense advises against sending any hints to spammers that their junk has been read, in particular if they can figure out which address triggered the response.
Then I read a bit more about the Blue campaign, getting the impression that those honeypot addresses used are kept secret from the spammers or any other non-trusted party. However, in order for community members to benefit from this service, the spammers must somehow find out what real addresses to avoid, suggesting they will get away with spamming non-members. Is this so? Then I could never join the Blue Community; doing so might reveal my e-mail address to anybody spamming me, which I don't want (they already have the address of course; I just don't want to tell them that it belongs to a live Internet user). Whether signing up for the service has other positive side effects would then be an entirely academic issue.
In general, I agree with this; however, Blue Community has a right to charge for their service. If you choose not to participate (or cannot participate - they only have a Windows client and I run Linux) then you are no worse off then you were before. It would be nice if entire lists were being discarded by spammers but I do not believe it is reasonable to expect this.
If everything else stays the same, 21,000 Internet users signing up with Blue Community will have no effect on the spam I receive, correct - but I don't believe everything else will stay the same. In particular, that means 21,000 fewer voices demanding a spam-free Internet, now that they have made themselves a spam-free Blue Community. It's their right to do so, no doubt, but it's a selfish choice.
Even if a majority of Internet users would join the Blue Community (highly unlikely, of course), would the service still operate as well? Maybe most spammers are willing to sacrifice a tiny audience of 21,000 in return for their freedom to spam everybody else, but that reasoning won't scale very well when the community grows. Neither do I think a single organization should wield the power of half the Internet, so I guess I'm just as happy with the Blue Community remaining an insignificant minority.
For these reasons, I believe that any meaningful efforts against spam will need to benefit Internet users way beyond its central core of direct supporters, and do so in a significant and generous way. Maybe the Blue Community already does so, in which case I wish them good luck, but I don't really see how. If the easy way out for the spammer is to simply stop annoying Blue Community members, why would they have to shred a single domain of theirs?
This is problematic because of the number of truly innocent victims who get caught up in the fight.
There are no truly innocent victims in this fight, except perhaps non-users of the Internet being denied essential services from companies caught up fighting each other on the Internet. If you use the Internet, even from a free account, you already provide the spammers with one more reason to spam - your eyeballs. When you pay an ISP for your account, some of your money will pay for infrastructure mainly used by spammers, while some will pay ISP staff to clean up after spammers. Some providers will be better than others at keeping spammers away, but no provider has a hidden fund of money to pay for all the damages caused by spam, and eventually their costs will be passed on to their customers, either as increased fees, or as deteriorating services. You will at the same time become a victim of and an involuntary contr
One spam - one opt-out request. Continue to ignore those requests? Complaint to the merchant paying the spammer to spam.
How is this different from opting out directly to the spammer, according to the instructions received in the spam message, something we have been advised and kept advising others since the beginning of time... I mean beginning of spam? The idea is that you should never confirm to a suspected spammer that you have read his mail; that will only increase his profit when reselling your address, and you will receive more spam.
I will only bother to unsubscribe to a mailing list I have voluntarily subscribed to, period. Giving the spammer even one chance to remove my address from a list he compiled himself (or bought from another spammer) means treating him with the same respect as any honest mailing list owner, something I cannot do. When an honest mailing list owner ignores my unsubscribe request, I complain. When a spammer wastes my time sending me mail I never asked for in the first place, I detonate - there is no time for graceful escalation, a process reserved for those who have merely made an explainable and excusable mistake. Spammers don't make mistakes, they are mistakes.
Even if I would award the spammer the benefit of graceful escalation, the removal of a single e-mail address (or even all the addresses of some organized community, such as the Blue Community) is much too small a compensation in return for my labour. If his mailing list is tainted by inappropriately added members, then all of the list has to go, not just those addresses that have been listed with a particular service. Otherwise, this community will become a service to the spammers just as much as to its own members, leaving non-members out in the cold, as unfortunate victims of continued abuse. Sounds too close to a protection racket to me, even if no money is paid for the service...
Life is too short for complaining about spam; immediate blacklisting (with a working mechanism for appeal; even we can make mistakes) of the spammer's IP address, netblock, service provider, or country (as deemed appropriate) is what I consider the only workable solution in the long run, because I have other things to do than pruning the mailing lists of spammers. And yes, I work at a (Swedish) state university, where blacklists are frowned upon by administration. I have therefore abandoned my university address, instead using a private domain where I can install any blacklists I like. In time my employer will learn too, I hope, but I will not let myself and my delete button suffer under this load of junk until then (whether next month or after my retirement). I may even offer my service to my colleagues, when I find it stable enough.
There are 4 billion IPv4 addresses out there. Refusing access from 100 million of them is no big deal, especially if you can point to evidence of past abuse. Want to send me mail? Sure, just shut down all the zombie relays your ISP has been hosting for the past two years, wait a month for the results to be verified, and your ISP will be delisted. If your message is urgent, use my formmail service. Thank you for your kind assistance!
As long as the brakes in my car actually work, I don't care whether the code controlling them is dull, stupid, or unoriginal. While an invention is expected to be original, I know of no restrictions against either dull or stupid inventions. However, I'd rather not find my brakes suddenly disabled and the "patent infringement" warning lamp lit up because my car dealer failed to pay his license fee, so maybe "unoriginality" is actually a feature of life-critical systems we should strive to preserve, in order to keep them unhampered by patents?
I'll accept and respect patents on inventions as such, but not on legal tricks. For an invention to be considered an invention as such, it must have Buddha nature. A legal trick does not have Buddha nature, and is therefore not considered as such, even if it constitutes or forms part of an invention. The question of what constitutes "Buddha nature" is left as an exercise for the defendant.
The codecision procedure ultimately requires agreement between Council and Parliament. Even if the negotiations were to be based on the original proposal, I don't think the Parliament would suddenly accept something they had already amended twice, but they would have rejected it in the third reading instead.
One problem is however that both Council and Parliament must decide internally what they think, and what happened in March this year showed that even the "common position" of the Council need not represent a majority of that body. The parliamentary votes are likewise orchestrated by the different party groups, and procedural circumstances might possibly result in a formal "agreement" between the two bodies without enjoying majority support anywhere. However, such an outcome is just speculation on my part.
I don't think the prospect of having to rewrite the proposal from scratch was the primary reason for the Council to effectively ignore what the Parliament said in 2003. Instead, the Council members were subjected to intensive lobbying by major corporations, leading to formal "compromise amendments" with no substance at all (May 2004). If rewriting the proposal from scratch had been the only way to allow software patents, I'm sure no effort had been spared rewriting it. In reality, the pro-swpat lobby was mostly satisfied with the original proposal, and their efforts were aimed at retaining an unclear text, nullifying the attempts by Parliament to merely clarify it.
There is little chance the Commission will launch a new proposal in the near future. First, they already said earlier this year they wouldn't do it if Parliament rejected the current proposal (thereby misstating Parliament's reasons for rejection). Second, there is a formal limit as to how soon another proposal can be made on the same topic (three years, maybe). Third, this patent thing is hardly top priority for the Commission, currently troubled by the lack of popular support for the proposed constitution and other things, but rather for the software giants, who won't be in a hurry to abolish software patents anyway, if that is where harmonization will eventually lead. And, without a new constitution, I believe the Commission still is the only body capable of proposing new laws.
If we want to change patent law, we will have to lobby for that on the national level, and that won't lead us forward fast. Waiting for the EU to try, try, and try again until they do it right will take even longer.
Anyway, my point wasn't that it would have been desirable to continue working on that directive, but rather that those who claimed that merely voting on any amendments might result in a law worse than no law at all were lying, or at least seriously misinformed.
Problem with amending a bad proposal to make it better is that you never know which amendments will pass and the outcome is very likely to be hard to interpret and illogical at best.
Passing any amendments would not have meant the amended directive becoming law; it would have meant negotiations between the Council and Parliament to resolve their differences. Even Parliament itself would have taken a final vote on the whole directive after the 178 amendment votes, to make sure they would be happy with the result. And if Council and Parliament were to agree on a version different from the original proposal, I think also the Commission would have been able to pull the plug and withdraw it entirely.
The notion that the Parliament's amended version might have left Europe with an inconsistent piece of legislation subject to no further discussion has been spread by pro-swpat politicians who didn't even want to see the amendments tabled in the first place; they would rather kill the directive than allow people to consider alternative texts. Warning about imminent legal chaos helped achieve that.
If you want to show your appreciation, don't even consider e-mail. Use snail mail instead, maybe even handwritten. It clearly demonstrates that you think it's worth both the postage and your effort to write and send it, and the recipient hardly risks getting spammed that way.
Sending e-mail to congratulate someone is almost like sending a get-well-card postage-due. It's cheap, in every possible sense of the word.
Slashdot Mirror
And what if law enforcement is unresponsive, for whatever reason (incompetence, lack of resources, corruption)? Also, you may have to hire a lawyer merely to find out whether the reported behaviour is indeed illegal. If you report it to the police, but a court later finds that the company did in fact have the law on their side, will the company now be able to find out who made them subject to investigation and lots of bad PR?
So in the end, you are better off not talking to the press at all about anything, because you don't know whether the reported activity will be found illegal, and you will lose your anonymity if it isn't. I'm not asking for complete anonymity under any circumstances, I'm asking for anonymity granted in a predictable fashion on known criteria. When requesting anonymity in return for information, "we'll consider it" is not an acceptable answer whether from a newspaper or from law enforcement. It should be either yes or no.
That may be so, and if publishing someone's trade secret is illegal, the plaintiff should target the publisher and have him pay damages, thereby preventing the press from becoming a haven for dissemination of regular trade secrets. While I can understand the plaintiff also wanting to nail the leak, I think allowing them to do so will harm the ability of the press to make contact with more deserving whistleblowers.
The decision to publish rests with the publisher, and with the publisher alone. Therefore his source should not be penalized differently depending on his decision. If someone violates an NDA and talks to a journalist, but the journalist refuses to publish or use the information in any other way, what harm is done? Why should third parties (could be anybody, but especially journalists) be forced to act as informants against either of two parties in a private contract dispute?
By the way, that Freedom of the Press Act I referred to has a history going back to 1766, though its current version was drafted in 1949, with government censorship efforts during World War II in fresh memory. The Swedish government had made a habit of invoking an old and poorly conceived "transport prohibition" to prevent the distribution of newspapers criticizing German politics, and after the war strong protection for press freedom was seen as the best way to prevent a reoccurrence. It's a lesson I hope future generations will learn by reading rather than from hands-on experience. Guess which country invokes contrieved intellectual property claims to silence political opposition abroad even today?
I agree that those situations are different. However, they could be intertwined to the point that someone may technically have to violate an NDA in order to disclose morally corrupt behaviour. While a court could declare the NDA non-binding under certain circumstances, such an outcome cannot be reliably predicted by the whistle blower or the journalist before the information is handed over.
Of course not. The issue is, does the journalist have to assist the plaintiff in identifying the leak?
Journalists are supposed to be third parties disseminating information to the public. When you talk to a journalist, you do so voluntarily and at your own risk. The journalist cannot know what information is covered by an NDA and what is not. Should he be afraid even to ask questions? Does the law effectively make him bound by the contract as well?
The possibility of a contract being broken, or a crime being committed, does not necessarily allow every potential means of investigation. Can you obtain a search warrant or a phone wiretap in order to resolve a case of petty theft or a business dispute? Forcing a journalist to reveal his source sounds like pretty much the same thing.
For an alternate legal take on the issue of anonymity and the press, see the Swedish Freedom of the Press Act, in particular Chapter 3 (On the right to anonymity), Article 3. In Sweden, I believe Apple (a private enterprise) could have asked the journalist for his source without risking anything, but the journalist might face a fine or up to one year in prison if he complied and answered.
Sitting in a different jurisdiction, knowing little about U.S. law, I find myself asking: So all it takes for a U.S. corporation to compel a journalist (or anybody else) to reveal his source is that they conduct an internal investigation?
I understand we are talking about the First Amendment here, about fundamental civil rights. You should be able to talk to the press and trust them not to reveal their source unless some action of your own allows them to. If the law won't respect your anonymity, you should know so beforehand and not talk at all. But here your right to anonymity is appearantly dependent on a procedural matter of fact that can be established only after you have talked to the press, and it's the plaintiff alone that gets to decide whether that investigation will happen.
Imagine being denied your Fifth Amendment right not to testify against yourself merely because the plaintiff has acted with due diligence and performed the (hypothetically) required tap-dance-on-a-harpsicorde in the courtroom. It's not like Apple must obtain someone's permission to conduct an internal investigation, right?
No, that's not the most appropriate solution but the most common one. Your solution (the government) is not the most appropriate one for me, therefore I'm not buying it. If a majority of users want your solution, they are free to use it, but then I must wonder why sheer market pressure hasn't yet made that solution materialize. Nobody is preventing your government from issuing a blacklist, service providers like yours are crying for it on behalf of their customers, yet nothing seems to be happening. Why? And how would that solution in any way affect my needs, or the technical and legal abilities of my ISP to fulfill my demands?
I never claimed it did; it was just to demonstrate that the number of host addresses in any particular addressing scheme doesn't matter. Blocking the entire network is just as pointless as blacklisting a single abusive host - either way, you are removing only a single host from the network, be it your own server or the abusive client. As usual, the optimal solution lies somewhere in between; large groups of users agreeing to block large groups of addresses. There is no single source of abuse that could be disconnected, nor any single authority on what constitutes abuse that we all could rely on.
Consider it done, and to save time I'm responding to your reminder in advance of seeing it, guessing what it's about: It doesn't matter whether a blacklisted host is wireless or not, as I don't care about the physical host, only about the abuse history of the addresses it uses. If a wireless open relay travels the world, spamming via a thousand different IP addresses on different networks, to me it's just the same as if a thousand zombie machines on land lines relay one junk message each. I'm not dealing individually with each host, but usually with individual network providers, expecting them to either keep the abuse below a tolerable level or face blacklisting.
Indeed it is, and since I don't have the resources myself to monitor the entire Internet down to the level of detail I'd want, I expect others to assist me, in return for me assisting them. I will monitor my network, you will monitor yours, and then we can exchange data. When I can find nobody on a remote network to form such a partnership with, or when the network owner is actively obstructing my efforts, I will have to go for the second best option, which is to block the entire network. Allowing them to continue abusing my resources is not an option to me when they don't give me anything in return; it would be like rewarding them for being mean. If they eventually change their mind and want to cooperate, I'll be all for it, but noone has so far offered a fair and equal deal.
Unchecked network abuse can have the exact same consequences. However, no two users are alike, and any company wanting to be reachable from precisely any IP address should of course receive what they ask for; they should have the resources to cope with the abuse. In the meantime, I should be able to receive the protection I ask for from my ISP, and if I request that mail from certain IP addresses not be delivered to my inbox (and I'm even willing to pay for that extra service), I expect that to happen, or I'll look for another ISP. Bringing in the g
Somebody else already does this for a lot of us, sometimes for free, sometimes for a fee, and that somebody is not the government. As for legal responsibility, everybody are responsible for their own actions, except governments which tend to place themselves above the law. If you don't want to assume responsibility for your own business, your government certainly won't do it for you (and in order for me to be more specific, you will have to explain what actions you are concerned about).
The China story is about blocking the IP space of an entire nation, not individual hosts. It takes a single line of text to block an entire IPv4 range of size /16 assigned to an ISP. When IPv6 takes off, it will take a single line of text to block an address range of size /64 (which I believe is the smallest range normally assigned to a single entity under IPv6, in spite of it containing 2^64 128-bit addresses, or 4 billion times the number of potential IPv4 hosts). There won't overnight be 4 billion times as many network providers to block, and nobody is concerned about individual toasters.
That is, ignoring the current track record of at least one powerful government. As for the government ensuring a manageable process, I'd like to see an example of that first, otherwise it merely looks like wishful thinking.
As you should be doing, if you are an ISP. As I'm not an ISP, but a private Internet user, I'm looking at it from my point of view, since that is the only one that really counts for me. Since I manage a router at work, and I have experience from maintaining a blacklist, I can be fairly specific in my demands when shopping for Internet access. I usually don't do business with vendors who think they know better than me what I want, and I certainly won't give my money to someone who thinks the government knows that better than me.
Read my explanation above. It takes only 0.0.0.0/0 to effectively block the entire IPv4 Internet, if I wanted to. IPv6 addresses are only four times as long, but pose no significant problem to blacklists, unless registrars start distributing individual /128-size addresses randomly worldwide (which they won't). Tell me your IPv6 address range, and I'll show you how to blacklist it in five seconds.
However, I wish you good luck in convincing your government (or any government) to establish an IP address blacklist to protect your servers from network abuse. In order for it to be successful, it must prove effective in comparison with all other blacklists in existance. I work for my government (indirectly), I have seen "legal responsibility" in action, and it's a pretty good antedote to effectiveness, as in "yes, they run an open relay, but since we depend on their money we cannot refuse accepting their mail".
No, the law needs not enter the picture at all. You are assuming that a third party (such as an ISP) is doing the blocking against the wishes of two parties trying to communicate, in which case it would constitute undue interference. That is what the Chinese government is doing against its own citizens.
Blacklisting Chinese address space is about server owners protecting their property from unwelcome visitors. That's their right to do, unless they have contractual obligations with customers telling otherwise. I'm a customer of an ISP, and I demand that the services I use are kept unhampered by abuse. If that requires severing connectivity with much of Asia, so be it. If I want Asian customers, I can buy space on a server aimed specifically at that market without requiring everybody else to handle the abuse they receive from "my" potential customers.
Have you really thought this thing through? A government-maintained list of blocked IP addresses is precisely what you will find in China. I'm sure they have a system for handling complaints as well, but who will bother to complain if they merely risk being labelled a threat? I don't exactly see how the words "government" and "responsibility" can fit into the same paragraph.
Besides, a government-maintained blacklist would be pretty pointless, as few people would use it if they weren't forced to. The idea behind blacklists is that if they become popular, the market forces will eventually drive the listed providers out of business, thereby eliminating the abuse they caused. The government doesn't need a blacklist to drive someone within their own jurisdiction out of business; they can levy fines against the company or shut it down by law instead. Blacklists are useful precisely because the law doesn't get involved; you don't need a government license to organize a boycott.
Anything a web-hosting service does that affects their connectivity is unethical if they don't disclose it to their own customers, whether it relates to DoS attacks, virus e-mail or plain political censorship. How service providers sort these things out with their customers is an issue entirely different from the one I'm discussing, the consequences of severing connectivity with large portions of the Internet population. I'm a private user rather than a business, and I want my ISP to take effective action against abuse, but I also want my fellow customers to have a choice, so I prefer solutions which can be enabled or disabled on a per-customer basis.
While zombie requests for non-existing services aren't dangerous themselves, they do indicate that the sending host has a problem and may spell trouble to you in the future. Also, if you are concerned about your server logs and their usefulness for statistics, you want an easy way to filter out those zombie requests without losing all your error logs in the process. If a particular kind of request is never logged by my server, I don't want the request to be successful to the sender either, because I have already assumed that it's bogus and I want to tell the sender so (just in case a human is watching).
Blocking the specific ports noone is using makes little sense, if you really know what ports are never used. If you don't know, blocking them is a good security measure regardless of where the request comes from. It still doesn't help you distinguish between good and bad requests being sent to the ports or services you do use, and what at first glance looks like a benign request for a non-existing service may eventually turn out to trigger a buffer overrun problem in the server. Remember, the sender may know something about your server that you don't, so it's a good idea to at least keep an eye on those error logs.
The point of refusing access from certain IP addresses is not to deny service to any particular individual (or nationality, in case of entire countries being affected), but to protect against likely abuse and encourage individuals to use some other IP address. As long as your boycott is aimed at their network infrastructure (for aiding abuse) rather than at the country itself (for political reasons), individual users routing their traffic via other networks is not a problem; it's what you want them to do. The idea is that the secondary network will sort out the abuse (by making sure they know who their customers are, or by other means). If they fail to do so, they will be blacklisted too.
Therefore I see no point in specifically blacklisting any single country, if not for political reasons. Entire countries are blacklisted because they conveniently map to large portions of IP address space. Some Chinese universities probably received their IP blocks before the commercial operators did, and may therefore have addresses in completely separate ranges. If the universities are a bit better at managing their networks, and the bulk of the abuse therefore comes from the commercial blocks, there is no reason both should be listed merely for being assigned to the same country.
Likewise, a single address block may contain several operators in different countries, causing them all to be blacklisted simply because telling them apart takes too much time. It's all about network abuse history, not about nationality. And, I wouldn't have to rely on everyone else blocking a single abused network either, unless they all were to forward that abuse to me.
I have however considered blocking mail servers indiscriminately "bouncing" virus messages having our domain forged onto them, when they have received those messages from IP addresses (often Chinese ones) already included in public blacklists. They could avoid such action on my part by simply using said blacklists themselves, but exactly how they solve their problem is up to them. If they simply avoid "notifying" innocent people every time they receive junk mail or other abuse, I will not bother them.
I appreciate that we agree on where to place the blame here. That said, I don't see why even a broadband provider lock-in would be too difficult to circumvent. Couldn't you get a Unix account with some other ISP, and route your traffic through a proxy on their network? After all, this is what spammers do to work around various blacklists, except that they steal such services instead of paying for them.
I don't know whether there are proxy configurations suitable for this task already, but I see no reason why it couldn't be done. The same goes for ISP policies, which seem keen on banning random stuff that isn't in high demand from users. I don't have broadband connection myself, but I use traditional dial-up from home, so maybe I'm not seeing the problem here.
It may be inconvenient to you, sure, but the idea is that you will be faced with a single inconvenience of your own design, rather than a diverse set of hoops forced upon you by others. The network abuse problem is near your end of the wire; it should preferrably be handled there too. Then we can watch a dynamic market for premium address space emerge. Who doesn't want to arrive at the virtual party in a shining white IP address, even if it's merely a rental one?
Eventually, ISP lock-in will have to go, broadband or no broadband. All you need is a network owner willing to carry your traffic between A and B; it shouldn't matter how many other providers you are forced to do business with. The current lock-in situation is one reason I don't have broadband yet, since the market forces are disabled. I also prefer buying services one by one, rather than as complete packages, to simplify switching when those services deteriorate. Connectivity from one vendor, e-mail from a second, web space from a third... Having your own domain thus becomes essential, because you can bring it with you when your provider makes a mess (I learned this the hard way).
I'm happy with my current ISP, and I don't foresee any trouble there. I plan to run some blacklisting service of my own, mainly for fun. Should my ISP begin to host spammers, I may not be able to move out immediately, but I'll make a point of adding him to my blacklist even if I end up getting my own mail returned to me thanks to that listing...
Come to think of it, providers locking in their customers make a suitable target for another kind of blacklist, one intended to promote consumer choice rather than punish spammers (although there may be some overlap here, as any provider in a monopoly situation is less likely to deal properly with spammers than one facing normal competition). If customers of lock-in providers get a reputation for not being welcome everywhere, don't you think those providers will start seeing customers demanding a better deal? Similar to boycotting trade with people living under dictatorship, to help them liberate themselves.
It should be, and if they only selected 90 recipients anyway, it shouldn't have been too much work screening them manually before mailing them. In any case, it would have been less work than what they tricked 80 mistaken recipients to do for them, unpaid. One trained lawyer can probably screen each recipient's website in less than two minutes, while 80 non-lawyers are likely to spend more than five minutes on average reading the legal notice and contemplating whether they may be infringing.
If I'll ever receive an unexpected legal notice from someone I don't know, I'll treat it as junk mail until the sender spends some effort to actually contact me, at which time I will request compensation for wasting my time before addressing whatever issue they want to bring to my attention.
Sure it can get worse; it may eventually be impossible for you to do anything at all, regardless of your willingness to jump through hoops, as long as you share subnet with those kiddies (or whatever issue people have with your IP address). If I were in your situation, I'd be grateful to be provided with any service at all, even in a manner inconvenient to me.
If you live in a rough neighbourhood, where kids throw stones at passing cars, chances are that the icecream salesman will never stop outside your house. Nobody is blaming you for the vandalism, but having you as a customer simply doesn't outweigh the costs and risks associated with visiting your street in the first place. If you want to do business at home, either teach your neighbours to play nice, or move to a better neighbourhood. You probably won't like buying icecream via mail order.
This analogy fails only when you consider the realities of moving; it's far easier to switch ISP than to switch residential quarters. So why cling on to a tainted IP address? The more people are willing to switch ISP because of poor network abuse ratings, the more eager providers will be to keep those kiddies at bay without relying on third parties to identify them (I stopped reporting abuse several years ago, because I couldn't find a single ISP willing to pay me for doing so).
I agree, and while there are probably many legitimate mail servers still unknown to TrustedSource, a "raised concern" for this reason alone should not be enough to reject mail from that source. Maybe if a number of other tests simultaneously flash yellow warning lights, the fact that the IP address has no history of past mail may be enough to trigger a rejection.
My problem with the TrustedSource site, however, is that they don't seem to provide any documentation explaining how their ratings are calculated, or how they are supposed to be used. My mail server certainly won't access their website to look up the IP address of each incoming message. Do they provide their ratings also via DNS, or is that a service limited to paying customers only? If they want to sell that service, they should either show or explain what I will get by paying, not merely provide free interactive lookups that will be boring after two minutes.
I like the concept of reputation-based mail processing, but it's just a generalization of blacklists, which have been around for nearly a decade. Anything new here? I'm afraid they just lost my attention, and I regard myself as patient.
Since I'm not familiar with how a "not for profit" corporation is defined under United States (or Australian) law, nor what LMI or LAI have said on the matter, I'm unable to state anything with certainty.
According to what others have said on Slashdot (and since everybody on Slashdot is a lawyer, you can trust their word), the license is only required if you register your name or trademark with "Linux" in it. I suppose "registering" here means registering it with the USPTO or some other government agency making sure it doesn't clash with an existing name. If your government is anything like mine, registering involves paying an administrative fee of some size. If you do that, paying an additional fee to clear the "Linux" name for your use doesn't seem like a lot to ask. Of course, there may be special cases where this additional fee would still be inappropriate.
On the other hand, if you don't officially register your organization at all, but merely use your name including "Linux" informally among yourself, and don't make any money from it (collecting membership fees to pay for regular expenses hardly counts as "making money"), would it still constitute an organization subject to trademark licensing? I have a hard time seeing how, unless trademark law in your country is really nuts, and considers any gathering of people a "business" event similar to a trade show. It may make sense to regulate the exact wording of statements (including names of things) made in advertising, but hardly in casual speech or informal notes on paper.
Bigger players can be made to subsidize smaller ones, but only to a certain extent, or the fee structure will affect how licensees organize themselves. As I understand it, the "projected annual gross revenue" doesn't refer to the entire corporation, but to the money made specifically on the product or business having "Linux" in its name. If Microsoft were to create a web browser based on the Linux kernel and call it "Microsoft Linuxplorer" but give it away free of charge, no strings attached (or at least earn less that $100,000 annually on it), I get the impression they would only have to pay the $200 fee for the name. A number of other multi-million dollar companies acting the same way, and LMI would soon have no licensees at all paying either $9,000 or $5,000 to subsidize the smaller ones, but they would all try to be subsidized by each other.
A better strategy would be to draw the line between the for-profit and not-for-profit entities, letting all the former subsidize the latter (common sense suggests that it's safer having a lot of customers/supporters/whatever paying a small sum each, than having a few of them pay through their noses). However, here you must consider the specifics of national legislation, whether it's possible for a for-profit entity to establish a not-for-profit one and move part of its activities there. These things must be strictly regulated, but I believe they may be regulated differently in different places. Isn't LMI (Linux Mark Institute) itself a not-for-profit entity? Yet numerous Slashdot posters seem to be accusing them of making money!
I have read that the Church of Scientology was once awarded tax-exempt status (as a religious congregation I think) by the United States taxation authorities. Maybe they are registered as a not-for-profit too (it certainly wouldn't surprise me)? If trademark law doesn't allow LMI to make a difference between "good guys" and "bad guys" all acting as not-for-profit entities, maybe a small fee for all of them will be a lesser evil than a zero fee being too attractive an opportunity for numerous "bad guys" to ignore?
Obviously, I don't have any direct answers for you, only speculations. I doubt you will find definitive answers on Slashdot, so I suggest you contact LMI and ask them directly. Please consider though that you may not be the only one asking them, in case you wonder why it takes them so long to respond...
While LMI supervises worldwide enforcement of the tra
Indeed... I'm getting tired of commenting, the same clueless objections keep reproducing themselves all over this discussion like rabbits.
I think it may be time for a practical demonstration. Someone, please file a fraudulent trademark application for "Slashdot", then request renaming the slashdot.org domain to something else unless a fee is paid. Or, if the trademark is already in the hands of its proper owner, launch a campaign to have the owner "release it into the public domain" (after which it can be registered by anybody else), in the spirit of free speech and beer and whatever! :-)
That notice is the only thing I really question about LAI (if it happened as described; I didn't receive it myself since I don't live in Australia). Sending e-mail to every author of a web page containing the word "Linux" is spamming, whether required by law or not. If they had at least done some manual screening to try to weed out non-infringing uses, but made a simple mistake in one or a few cases, that could have been excused after an explanation. Expecting any inappropriate recipients to sort it out themselves is not something I tolerate.
Several years ago, the Software Publishers Association sent spam to 300,000 FTP system administrators to warn about the potential for software piracy. I was one of the recipients, and I immediately blocked their 207.95.37.0/24 network in our router, prohibiting them from talking TCP to our university department network again. They are still blocked, though I doubt they have noticed.
As for the law requiring a notice being sent, I doubt it, but I guess I have spent fewer hours studying law than the number of really stupid laws worldwide, and I know nothing about Australian law in particular. In any case, any spammer telling me "it's the law" will be treated just the same as any other spammer: Blacklisting and blocking. Hard to implement retroactively, I'm afraid, but I need to make the point that my mailbox does not exist for the purpose of people fulfilling whatever legal obligations they have or believe they have towards somebody other than me, period. If you absolutely need to yell at people, please do it where nobody can hear you.
Will my refusal to receive their notice make them lose their trademark? Probably not, but if they lose it, I will tell them "it's the law" and suggest that they keep their hands off my mailbox next time. In this way, spamming could also spell disaster for Linux.
Yes, that's what spammers usually say, expecting recipients to pay the bill instead. There ain't no such thing as a free lunch.
I'm all for Linux Mark Institute protecting Linus Torvald's trademark; they are doing us all a favour. All I ask is that they don't engage in spamming in order to protect it. However, I have no evidence indicating that they did, only hearsay, so I see no cause for action in this case.
A few years ago, good guys publishing Linux-related stuff were being threatened by someone who demanded license fees for use of the "Linux" trademark, which he turned out to have registered himself at the USPTO. I don't remember the name of the guy, but it wasn't Linus Torvalds or anybody else in the community. It was eventually possible to get him to transfer the registration to Linus (or maybe it was invalidated, I don't know which), but doing so did cost a lot of money and legal work.
That's the incident that started this thing. In order to protect the good guys from being challenged again and again over this by various bozos, Linus has delegated authority over the name to Linux Mark Institute so that they can protect the name worldwide, but running such an operation does cost real money (I doubt any national trademark registry allows you to register a trademark free of charge).
Remember, "free software" isn't about "free" as in beer, but as in freedom. Sometimes you have to pay real money for that freedom, or someone else may take your freedom and your money away.
This isn't about Microsoft, which I doubt will resort to releasing bogus "Linux" software just to tarnish the name. It's about all the anonymous bozos trying to make a quick buck off something they had no part in creating, hurting us all in the process. LMI cannot base its trademark license conditions on the concept of a single enemy such as Microsoft, but has to consider the realities of trademark law and established business practice, including the risk of lawsuits.
If their product is based on Linux, why not? However, if their product is not based on Linux, but merely pretends being so, thus tarnishing the Linux name, merely paying $5,000 to LMI will not grant Microsoft a license to use it that way (or in any other way they would like).
An annual trademark license is not something you can buy at 7-11 without telling what you are going to use it for. Neither can you duplicate it or resell it yourself. It wasn't the high license fee requested by Sun Microsystems that forced Microsoft to stop tweaking their Java implementation, while still calling it Java. It was the conditions of the license prohibiting such use of the name, irrespective of any fee paid.
Hopefully, the number of incorrect uses of the trademark should be very few compared to the number of correct uses, maybe even zero. Still, registering trademarks in 200 different jurisdictions costs money, and Linus can't pay for that out of his own pocket (other individuals have already contributed substantial amounts personally to defend the Linux trademark against incorrect use, before the Linux Mark Institute was established). Therefore anybody using the trademark correctly in their business should help pay for the administration.
If LMI engages in litigation against fraudulent use, hopefully the court will make the defendant pay the legal costs of LMI in that particular case, but LMI cannot rely on damages awarded through spurious litigation to pay also for their day-to-day costs; then they would have to seek litigation much like SCO or the RIAA to ensure a steady stream of income.
Imagine trying to distribute your music free of charge to your fans, while relying entirely on damages from lawsuits against bootleggers to pay for your studio and production costs? The fewer lawsuits, the higher damages you will have to seek in each one, because the production costs will be the same... Division by zero is not your friend!
The legal reasons already given above are of course also quite relevant and valid, regardless of the financial ones.
Isn't this somewhat similar to how Linux has benefitted from the accumulated value of the GNU/Linux product (and obeyed the GPL), but avoided all mention of "GNU", and delivered outstanding value to the market, and thereby has eclipsed the GNU brand? Linux has become a household name; GNU has not.
Except that RMS never charged anyone for using the GNU trademark (I suppose it's not even registered). If this is the worst that can happen to Linux, I will not lose any sleep over it.
Besides, I understand that current trademark law in many countries doesn't really provide much of a choice to Linus; he can either register the name and be relatively safe, or he can try to protect it with his bare hands against every sleezebag out there wanting to make a quick buck. With a separate trademark registry in every national market, that's a lot of opportunities for fraud.
By the way, when I first heard about LMI, I thought of Lisp Machines Incorporated, one of the two companies (the other being Symbolics) formed to commercialize the hacker workstation conceived at the MIT AI Lab, where RMS worked. It was the commercialization of the lisp machine software and the conflicts it created in the hacker community that eventually led RMS to create the GPL. Is this story coming to a full circle now?
I made a grammatical mistake in my previous comment; I meant to point out that common sense advises against sending any hints to spammers that their junk has been read, in particular if they can figure out which address triggered the response.
Then I read a bit more about the Blue campaign, getting the impression that those honeypot addresses used are kept secret from the spammers or any other non-trusted party. However, in order for community members to benefit from this service, the spammers must somehow find out what real addresses to avoid, suggesting they will get away with spamming non-members. Is this so? Then I could never join the Blue Community; doing so might reveal my e-mail address to anybody spamming me, which I don't want (they already have the address of course; I just don't want to tell them that it belongs to a live Internet user). Whether signing up for the service has other positive side effects would then be an entirely academic issue.
If everything else stays the same, 21,000 Internet users signing up with Blue Community will have no effect on the spam I receive, correct - but I don't believe everything else will stay the same. In particular, that means 21,000 fewer voices demanding a spam-free Internet, now that they have made themselves a spam-free Blue Community. It's their right to do so, no doubt, but it's a selfish choice.
Even if a majority of Internet users would join the Blue Community (highly unlikely, of course), would the service still operate as well? Maybe most spammers are willing to sacrifice a tiny audience of 21,000 in return for their freedom to spam everybody else, but that reasoning won't scale very well when the community grows. Neither do I think a single organization should wield the power of half the Internet, so I guess I'm just as happy with the Blue Community remaining an insignificant minority.
For these reasons, I believe that any meaningful efforts against spam will need to benefit Internet users way beyond its central core of direct supporters, and do so in a significant and generous way. Maybe the Blue Community already does so, in which case I wish them good luck, but I don't really see how. If the easy way out for the spammer is to simply stop annoying Blue Community members, why would they have to shred a single domain of theirs?
There are no truly innocent victims in this fight, except perhaps non-users of the Internet being denied essential services from companies caught up fighting each other on the Internet. If you use the Internet, even from a free account, you already provide the spammers with one more reason to spam - your eyeballs. When you pay an ISP for your account, some of your money will pay for infrastructure mainly used by spammers, while some will pay ISP staff to clean up after spammers. Some providers will be better than others at keeping spammers away, but no provider has a hidden fund of money to pay for all the damages caused by spam, and eventually their costs will be passed on to their customers, either as increased fees, or as deteriorating services. You will at the same time become a victim of and an involuntary contr
How is this different from opting out directly to the spammer, according to the instructions received in the spam message, something we have been advised and kept advising others since the beginning of time... I mean beginning of spam? The idea is that you should never confirm to a suspected spammer that you have read his mail; that will only increase his profit when reselling your address, and you will receive more spam.
I will only bother to unsubscribe to a mailing list I have voluntarily subscribed to, period. Giving the spammer even one chance to remove my address from a list he compiled himself (or bought from another spammer) means treating him with the same respect as any honest mailing list owner, something I cannot do. When an honest mailing list owner ignores my unsubscribe request, I complain. When a spammer wastes my time sending me mail I never asked for in the first place, I detonate - there is no time for graceful escalation, a process reserved for those who have merely made an explainable and excusable mistake. Spammers don't make mistakes, they are mistakes.
Even if I would award the spammer the benefit of graceful escalation, the removal of a single e-mail address (or even all the addresses of some organized community, such as the Blue Community) is much too small a compensation in return for my labour. If his mailing list is tainted by inappropriately added members, then all of the list has to go, not just those addresses that have been listed with a particular service. Otherwise, this community will become a service to the spammers just as much as to its own members, leaving non-members out in the cold, as unfortunate victims of continued abuse. Sounds too close to a protection racket to me, even if no money is paid for the service...
Life is too short for complaining about spam; immediate blacklisting (with a working mechanism for appeal; even we can make mistakes) of the spammer's IP address, netblock, service provider, or country (as deemed appropriate) is what I consider the only workable solution in the long run, because I have other things to do than pruning the mailing lists of spammers. And yes, I work at a (Swedish) state university, where blacklists are frowned upon by administration. I have therefore abandoned my university address, instead using a private domain where I can install any blacklists I like. In time my employer will learn too, I hope, but I will not let myself and my delete button suffer under this load of junk until then (whether next month or after my retirement). I may even offer my service to my colleagues, when I find it stable enough.
There are 4 billion IPv4 addresses out there. Refusing access from 100 million of them is no big deal, especially if you can point to evidence of past abuse. Want to send me mail? Sure, just shut down all the zombie relays your ISP has been hosting for the past two years, wait a month for the results to be verified, and your ISP will be delisted. If your message is urgent, use my formmail service. Thank you for your kind assistance!
As long as the brakes in my car actually work, I don't care whether the code controlling them is dull, stupid, or unoriginal. While an invention is expected to be original, I know of no restrictions against either dull or stupid inventions. However, I'd rather not find my brakes suddenly disabled and the "patent infringement" warning lamp lit up because my car dealer failed to pay his license fee, so maybe "unoriginality" is actually a feature of life-critical systems we should strive to preserve, in order to keep them unhampered by patents?
I'll accept and respect patents on inventions as such, but not on legal tricks. For an invention to be considered an invention as such, it must have Buddha nature. A legal trick does not have Buddha nature, and is therefore not considered as such, even if it constitutes or forms part of an invention. The question of what constitutes "Buddha nature" is left as an exercise for the defendant.
The codecision procedure ultimately requires agreement between Council and Parliament. Even if the negotiations were to be based on the original proposal, I don't think the Parliament would suddenly accept something they had already amended twice, but they would have rejected it in the third reading instead.
One problem is however that both Council and Parliament must decide internally what they think, and what happened in March this year showed that even the "common position" of the Council need not represent a majority of that body. The parliamentary votes are likewise orchestrated by the different party groups, and procedural circumstances might possibly result in a formal "agreement" between the two bodies without enjoying majority support anywhere. However, such an outcome is just speculation on my part.
I don't think the prospect of having to rewrite the proposal from scratch was the primary reason for the Council to effectively ignore what the Parliament said in 2003. Instead, the Council members were subjected to intensive lobbying by major corporations, leading to formal "compromise amendments" with no substance at all (May 2004). If rewriting the proposal from scratch had been the only way to allow software patents, I'm sure no effort had been spared rewriting it. In reality, the pro-swpat lobby was mostly satisfied with the original proposal, and their efforts were aimed at retaining an unclear text, nullifying the attempts by Parliament to merely clarify it.
There is little chance the Commission will launch a new proposal in the near future. First, they already said earlier this year they wouldn't do it if Parliament rejected the current proposal (thereby misstating Parliament's reasons for rejection). Second, there is a formal limit as to how soon another proposal can be made on the same topic (three years, maybe). Third, this patent thing is hardly top priority for the Commission, currently troubled by the lack of popular support for the proposed constitution and other things, but rather for the software giants, who won't be in a hurry to abolish software patents anyway, if that is where harmonization will eventually lead. And, without a new constitution, I believe the Commission still is the only body capable of proposing new laws.
If we want to change patent law, we will have to lobby for that on the national level, and that won't lead us forward fast. Waiting for the EU to try, try, and try again until they do it right will take even longer.
Anyway, my point wasn't that it would have been desirable to continue working on that directive, but rather that those who claimed that merely voting on any amendments might result in a law worse than no law at all were lying, or at least seriously misinformed.
Passing any amendments would not have meant the amended directive becoming law; it would have meant negotiations between the Council and Parliament to resolve their differences. Even Parliament itself would have taken a final vote on the whole directive after the 178 amendment votes, to make sure they would be happy with the result. And if Council and Parliament were to agree on a version different from the original proposal, I think also the Commission would have been able to pull the plug and withdraw it entirely.
The notion that the Parliament's amended version might have left Europe with an inconsistent piece of legislation subject to no further discussion has been spread by pro-swpat politicians who didn't even want to see the amendments tabled in the first place; they would rather kill the directive than allow people to consider alternative texts. Warning about imminent legal chaos helped achieve that.
If you want to show your appreciation, don't even consider e-mail. Use snail mail instead, maybe even handwritten. It clearly demonstrates that you think it's worth both the postage and your effort to write and send it, and the recipient hardly risks getting spammed that way.
Sending e-mail to congratulate someone is almost like sending a get-well-card postage-due. It's cheap, in every possible sense of the word.