This article is pretty confusing, actually. Chris Connell claims that vendors should "Open Source" for transparancy, but then obfucascate the code by adding or subtracting code to keep it from being truly functional. Well, there goes the end user's ability to compile and test the code, to debug the code, and to really be certain that what you've got in the binary version is the same as what was shipped via source distribution.
He goes on to suggest that vendors withhold crucial functions or methods, and 'stub' them out in the source code. Well, those are easily enough to reverse engineer from the binaries and the debugger, so that's no real solution from the vendor trying to protect IP. And it doesn't help the 'customer' at all, because your still stuck with not having the full tranparency that Open Source is supposed to provide.
I'm actually not pro- or anti- open source. I kinda sit on the fence on this issue (Though I do like the BSD style license). However, I think that Mr Connell is trying to stand on both sides of the fence at the same time. It doesn't really work.
Microsoft is not the first, and will not be the last to try this... Does anyone remember Digital? I hear that it was more difficult to understand their licensing then it was to program one of these beasts... A google groups search confirms:
It doesn't matter if there is no money in the account - if paypal thinks that they have authorization to make the transaction, and they attempt to do so, your bank will most likely give them the money, give you a negative account balance, and stick you with overdraft fees.
I hate to be the bearer of bad news, but your solution is not really optimal. It still leaves you exposed to greater risk than a credit card only solution.
The motorcyclists in Europe have been hit hard by the ticketing machines, or so I've heard.
Actually, I lived in Germany for several years, and my experience is that motorcyclists almost never got photo tickets, as the systems in Germany take a frontal photo, and there is no front license plate on motorcycles.
I don't like the machines either but I don't think running a red light is a "minor" violation at all. It's the arrogance of most drivers that they can make that judgement that leads to awful collisions.
Except that most lights are configured as "fast yellow", where the amount of time spent as yellow is deliberately set low. Also, it's been shown that red-light cameras actually increase the rate of accidents near the intersection. It's often not the driver causing the accident, but the municipality seeking revenue over safety (ie, placing cameras instead of increasing yellow times).
I imagine that Micro$oft et al. are trying to accomplish much the same thing with their DNUG in terms of attracting people to.NET...
Except your missing one key fact. Most of the DNUGs are started by 'regular people' trying to learn.NET, and not started by Microsoft. So yes, while I am sure that Microsoft supports the idea of DNUGs, they are not the driving force that is starting them. It's actually just a bunch of 'geeks' that want to learn about new technology. How's that so different from LUGs?
The Cynical Hedgehog spake:
They forced Bell to open their networks to CLECs. This isn't all that different
...And jerdenn argued:
Actually, that statement is only partially correct. The FCC decision you are speaking of has been reversed in a recent court decision, and is expected to be brought more So, while the FCC did force the baby bells to "open" the networks to the CLECs, you'll be seeing them closed back up again soon.
I would like to know what pieces of open source software you use, either personally or professionally, that you or your company have "funded".
Sure - RTEMS. It's an RTOS that my very-large-but-not-to-be-named company uses for one of our hardware products. We buy support from the vendor, contribute patches if we find a bug, etc. It's actually a pretty good deal for us. We don't want to have to write the OS ourselves, but at the same time we need access to the source if we need to make a change...
You don't buy bandwidth. You LEASE access to the ISP's equipment. They are free to block whatever they want. If you don't like it, get another ISP, but ultimately that's the way it works.
Yup, and once you start blocking based on content, you most likely lose any "common carrier" status that you might have had before, and start becoming liable for content that you don't block.
You're paying for bandwith. Not the fucking email or news. Believe me.
No, he's paying for a combination of services that include email / news / etc. Like Hans said, it is only free if he can access it without paying anything.
You tell me that two T1s to your house costs $49.95? Woah. You own.
oh yeah? come to Atlanta GA and then try to get along without a license and car.
Too true. I lived in one of the suburbs of ATL for a while and my car broke down. The last bus in my _very_ busy part of the county stopped running at 5pm!!! This county is actually anti-public transportation because the current powers that be are afraid that a thriving public transportation system will bring an 'unwanted element' into the area.
Slashdot Mirror
This article is pretty confusing, actually. Chris Connell claims that vendors should "Open Source" for transparancy, but then obfucascate the code by adding or subtracting code to keep it from being truly functional. Well, there goes the end user's ability to compile and test the code, to debug the code, and to really be certain that what you've got in the binary version is the same as what was shipped via source distribution.
He goes on to suggest that vendors withhold crucial functions or methods, and 'stub' them out in the source code. Well, those are easily enough to reverse engineer from the binaries and the debugger, so that's no real solution from the vendor trying to protect IP. And it doesn't help the 'customer' at all, because your still stuck with not having the full tranparency that Open Source is supposed to provide.
I'm actually not pro- or anti- open source. I kinda sit on the fence on this issue (Though I do like the BSD style license). However, I think that Mr Connell is trying to stand on both sides of the fence at the same time. It doesn't really work.
-jerdenn
Ok, point taken. I'm not safe, but I am incrementally safer than just leaving the key on the hard drive.
I do keep putty on the floppy, but you are correct that I am still susceptible to several other attacks.
jerdenn
On second thought, wouldn't it be possible (as a sysadmin) to just obtain the user's private key right off their computer?
That's exactly why I keep my SSH and PGP keys on a floppy. It's slow, but safe.
-jerdenn
You laugh, but most large companies offer these classes (same subject, different titles).
The world is just too dilbertesque for me...
Jerry
Microsoft is not the first, and will not be the last to try this... Does anyone remember Digital? I hear that it was more difficult to understand their licensing then it was to program one of these beasts... A google groups search confirms:
usenet post
-jerdenn
Yup - And I've got one word for you:
Overdraft.
It doesn't matter if there is no money in the account - if paypal thinks that they have authorization to make the transaction, and they attempt to do so, your bank will most likely give them the money, give you a negative account balance, and stick you with overdraft fees.
I hate to be the bearer of bad news, but your solution is not really optimal. It still leaves you exposed to greater risk than a credit card only solution.
Jerry
Nope, POKE 65495,0 was a way of "overclocking" a Tandy Co-Co.
Jerry
The motorcyclists in Europe have been hit hard by the ticketing machines, or so I've heard.
Actually, I lived in Germany for several years, and my experience is that motorcyclists almost never got photo tickets, as the systems in Germany take a frontal photo, and there is no front license plate on motorcycles.
-jerdenn
I don't like the machines either but I don't think running a red light is a "minor" violation at all. It's the arrogance of most drivers that they can make that judgement that leads to awful collisions.
Except that most lights are configured as "fast yellow", where the amount of time spent as yellow is deliberately set low. Also, it's been shown that red-light cameras actually increase the rate of accidents near the intersection. It's often not the driver causing the accident, but the municipality seeking revenue over safety (ie, placing cameras instead of increasing yellow times).
-jerdenn
Ha! I remember Zaphod_B!
Yup, I read slashdot for a long time before getting an account, too...
j.
This whole thing sounds like Bad Medicine to me...
-jerdenn
Second, why is it funny that the Linux guru didn't know NT? Do your NT gurus know Linux internals?
Actually, yes, they do. However, our Linux gurus know nothing about windows.
-jerdenn
I imagine that Micro$oft et al. are trying to accomplish much the same thing with their DNUG in terms of attracting people to .NET...
.NET, and not started by Microsoft. So yes, while I am sure that Microsoft supports the idea of DNUGs, they are not the driving force that is starting them. It's actually just a bunch of 'geeks' that want to learn about new technology. How's that so different from LUGs?
Except your missing one key fact. Most of the DNUGs are started by 'regular people' trying to learn
-jerdenn
Why are you running PCAnywhere on a W2K Server? That's what Terminal Services installed in administrator mode is build for....
-jerdenn
Just off of the A.P. wire:
Chicken Little reports that the sky is falling.
-jerdenn
The Cynical Hedgehog spake:
...And jerdenn argued:
They forced Bell to open their networks to CLECs. This isn't all that different
Actually, that statement is only partially correct. The FCC decision you are speaking of has been reversed in a recent court decision, and is expected to be brought more So, while the FCC did force the baby bells to "open" the networks to the CLECs, you'll be seeing them closed back up again soon.
-jerdenn
This would actually be funny if the grammatical mistakes weren't quite so glaring.
I would like to know what pieces of open source software you use, either personally or professionally, that you or your company have "funded".
Sure - RTEMS. It's an RTOS that my very-large-but-not-to-be-named company uses for one of our hardware products. We buy support from the vendor, contribute patches if we find a bug, etc. It's actually a pretty good deal for us. We don't want to have to write the OS ourselves, but at the same time we need access to the source if we need to make a change...
-jerdenn
You don't buy bandwidth. You LEASE access to the ISP's equipment. They are free to block whatever they want. If you don't like it, get another ISP, but ultimately that's the way it works.
Yup, and once you start blocking based on content, you most likely lose any "common carrier" status that you might have had before, and start becoming liable for content that you don't block.
-jerdenn
You're paying for bandwith. Not the fucking email or news. Believe me.
No, he's paying for a combination of services that include email / news / etc. Like Hans said, it is only free if he can access it without paying anything.
You tell me that two T1s to your house costs $49.95? Woah. You own.
You are comparing apples to oranges.
-jerdenn
oh yeah? come to Atlanta GA and then try to get along without a license and car.
Too true. I lived in one of the suburbs of ATL for a while and my car broke down. The last bus in my _very_ busy part of the county stopped running at 5pm!!! This county is actually anti-public transportation because the current powers that be are afraid that a thriving public transportation system will bring an 'unwanted element' into the area.
-jerdenn
CNN=Conservative Network News
CNN is hardly known for it's conservative bent. Their reporting is rather leftish, in fact.
-jerdenn
Microsoft doesn't use Source Safe... That would involve 'eating their own dogfood'.
Sorry, I just hate SS.EXE with a passion...
-jerdenn
Actually, the google cache does store images... For example, here is everyone's hero, CmdrTaco...
-Jerdenn
So, why can't individual biometric devices also have a key, and only 'trusted' scanners are allowed to communicate?
Doesn't that solve your 'replay attack' scenario?
-Jerdenn