What is "access to culture"? The article specifically uses two P2P file-sharing programs as examples. Is this about pirating media (music, movies), or about publishing source code?
You are probably right, and Free Software is just instrumentalized here. If I read the proposed law correctly (my French isn't that good, and it's French legalese), it's about DRM software, and similar to the anti-circumvention provisions of the DMCA, or contributory infringement for publishing DRM-less software (Grokster). Neither has stopped Free Software in the U.S., and it's unlikely that the proposed law would change things significantly in France. In Germany, we got similar new law quite some time ago, and it didn't have a negative impact, either.
Anyway, there isn't a big difference between free and proprietary software as far as DRM is concerned. In both cases, you need specialized knowledge to circumvent the implemented measures, or a prefabricated tool.
After 5 to 7 years of continuous to near-continouos operation, I would be looking at moving those servers to a back-up position and replace them with newer hardware.
Sure, you might need a few new device drivers, but I don't think this is sufficient reason to switch over to a completely new version of the operating system (and installed applications). Keep mind that migrating GNU/Linux installations from one piece of hardware to another is easy, and reinstallation from scratch might not be.
Windows : migrate or die *nix : oh, I've not touched that server for 3 years, bulletproof, see : 1 year uptime
The "Linux" that Novell sells comes with forced upgrades, too. After five to seven years (depending how early you adopt a new release), it's over and you have to upgrade.
The nice thing about free software is that you don't have to play by the rules set by vendors. Obviously, Novell can't really push that point.
Actually, Java projects are a minority of the Apache projects, [...] Apache recently has gotten a lot of new committers in XML and web services development. Like with Axis2 and Synapse. They also have a project called Maven, [...]
In other words, massive copyright infringement drives the demand for more bandwith, which drives research, investment and competition, benefitting the society enormously in the form of better technology (both communication and processing, since you need processing power for routing), better communication infrastructure, and cheaper prices for both. I see this as yet another reason for weaker, not stronger, copyright laws.
Interesting line of thought. But I don't think it's compelling. Contemporary file sharing protocols (especially the search component) are often rather inefficient. Making file sharing clearly legal would make it possible to offer more centralized services supporting it (where it makes sense), which would increase efficiency and reduce bandwidth usage.
On the other hand, if you outlaw file sharing completely and enforce it rigorously, as a user, you'd have to tunnel all file sharing traffic over secure anonymization networks (similar to what Tor does). Each packet would run back and forth through the network, in order to obscure its sender and receiver, tremendously increasing bandwidth requirements. So, following your argument, truly fascist copyright laws would advance networks even more.
Try monitoring a campus network where you have several thousand users and an obscenely large amount of bandwidth.
I have done this and it is much easier than you think. Warez traffic (let's drop this "darknet" term, I always think that it's an end-user-empowered network run over dark fibers) doesn't follow the typical 24-hour cycle in the traffic pattern. The number of legitimate hosts with such a traffic pattern is pretty small in my experience, so it's quite possible to spot the offenders.
Of course, as a network admin, there isn't much you can do when the host admin says that periodic transfers of multiple GB are perfectly legitimate and done for research purposes. But detection is not the real obstacle.
Part of the real issue is that so much traffic on research networks is filesharing and warez crap. If you started to enforce an AUP, the bandwidth would drop to minuscule levels, and you wouldn't have any plausible justification whatsoever for those fat pipes. And people feel they need them because of the dick size wars at some research conferences.
There is a solution: create a pool of free content.
Of course, right now, this mostly works for texts. Wikipedia, for example, evokes fears in publishers that only free content is passed on. More and more, their allegedly superior products are simply not relevant in public discussion because nobody is willing to pay the price for professional editorial review, DRM or not.
Sure, decent recording equipment is not actually cheap, and audio files need more bandwidth for transmission, but these costs continue to decrease. There is an answer to this, of course: playing devices which only play encrypted content, and not unencrypted, free content. But I doubt it will get as far as that because it is a very significant restriction on free speech.
Bullshit. Most unix software is not aware of symlinks because it doesn't have to be. Generally, only system utilities care about the existance of symlinks.
I wonder if this attitude leads to all those race conditions when creating files in/tmp, which can be exploited by planting symlinks at the right time.
I don't know exactly where you got sidetracked in this, but the debate was over providing source code. Under no circumstances can you charge whatever you want for source code.
Uh-oh, read again. There is no clause in the GPL that forbids this in general. Only if I do not give you the source code immediately, I cannot charge you for it later (apart from distribution costs). No other restrictions on the cost of source code exists in the GPL.
Yes, it's true, you cannot sell the source code. But you can "charge no more than your cost of physically performing source distribution".
3b is just one choice among others. If you distribute source code from the start, you can ask whatever price you want. The 3a option has no price limit whatsoever. There might be practical issues if you just take some GPLed and try to resell it, but if you add significant value, you can be sure that people are willing to pay prices which are obscene. Incidentally, this also discourages them from sharing with others who haven't paid anything, even though the GPL grants them that right.
WHy do you ne4ed named captures you got $1 through $N
When N is somewhat large (7? 9?), counting becomes difficult, and the resulting code is hard to read. It's not needed for feature completeness (unlike regular expressions as first-class objects), but it makes the code more readable in some cases.
(Come to think of it, I don't use named captures in my Python code.)
I think Perl has mostly catched up again. There was a time when Python offered regular expressions as a first-class type, but Perl didn't. But the named captures which are offered by Python and others are only available as "highly experimental" extension in Perl.
I think the bigger issue is the indemnification clause.
I don't think so. Postfix (aka "IBM Secure Mailer") is shipped by quite a few distributions, and the IBM Public License contains an indemnification clause which is very much like Sun's.
no linux distribution on earth includes those plugins, how are they getting away with it?
Sun's Java license forbids distribution together with competing technology, like the GNU Compiler Collection. For obvious reasons, most GNU/Linux distributions choose GCC over Java.
If people are tired of the record companies, why don't they just stop listening for a while and find other forms of entertainment?
The answer to your question probably is related to the phenomenon that people typically download from P2P networks the very same music they constantly hear on the radio.
Have you heard of anybody who actually lost money due to phishing, and wasn't reimbursed by their bank, provided that they were willing to submit their computer to an independent third party for forensic analysis?
Maybe the situation in the U.S. is drastically different, but over here, the banks take full responsiblity, and things aren't much better. We even use one-time passwords and two-factor authentication, but all this doesn't help that much if there's a trojan horse on the customer's machine.
I also recently had my TWiki-based wiki farm broken into, for the 3rd time in 4 years, despite trying to stay up to date at least with Debian releases.
TWiki is not part of any official Debian release. The current round of bugs was fixed for the twiki package in unstable in March 2005, in version 20040902-2.
Since TWiki's security problems seem intractable (giant Perl codebase that's very difficult to audit and doesn't seem to have been designed to handle security)
Actually, it's not that bad. External processes are only invoked in very few places, and it's more or less straightforward to patch them so that shell command injection is probably impossible (not "provably impossible" of course, but close). See my TWiki robustness patch for the details.
I wouldn't recommend to anyone that they run a publically-viewable TWiki installation at this point.
The alternatives aren't that much better, unfortunately. You might be able to trade shell command injection for SQL injection. The wiki mindset seems to be quite a bit away from a computer security mindset. But this shouldn't come as a surprise because giving permission to random visitors to edit your site needs quite a bit of faith.
You purchased a product from a vendor, you should expect them to solve problems with that product or explain how to properly secure it, or just ignore the issue which says something about their product and commitment to support.
Uhm, a rootkit is third-party software. If you install it and it causes problems, you must ask the ISV from whom you obtained that software. Same as with any other type of program from ISVs.
Oh come on, it's nearly impossible to find the URL history! Ctrl-H is a very, very complex cracking method.
Digital forensics is performed offline. You don't run the browser software to read its history.
However, I fail to see how this would create problems for law enforcement. Most of the interesting data is readily available. And the data formats haven't changed that much since the days when Netscape was the dominant browser.
Sounds like another "Well, it's on the news all the time so it must be sucking up a lot of bandwidth."
A couple of years ago, a large German research network established a lower bound of 46% P2P traffic at its borders. This was before BitTorrent was in wide use, and I would be extremely surprised if the P2P share has decreased since then.
We ended up with a lot of problem because of this worm... less because it actually caused problems with the machines but more because we could see machines constantly trying to infect one another.
Next time you should try blocking the botnet controllers at the network perimeter. Usually, this simple measure significantly reduces propagation on your internal network, even if you don't have internal compartmentalization.
Of course it is a bit strange to release some piece of software, tell everyone it's free, and then register a trademark with the name of the software and try to enforce it. Surely this was done with good intent, but it really hurts projects like Debian, which would have to buy trademark licenses for Linux, Mozilla, Bacula, and God knows what.
Slashdot Mirror
What is "access to culture"? The article specifically uses two P2P file-sharing programs as examples. Is this about pirating media (music, movies), or about publishing source code?
You are probably right, and Free Software is just instrumentalized here. If I read the proposed law correctly (my French isn't that good, and it's French legalese), it's about DRM software, and similar to the anti-circumvention provisions of the DMCA, or contributory infringement for publishing DRM-less software (Grokster). Neither has stopped Free Software in the U.S., and it's unlikely that the proposed law would change things significantly in France. In Germany, we got similar new law quite some time ago, and it didn't have a negative impact, either.
Anyway, there isn't a big difference between free and proprietary software as far as DRM is concerned. In both cases, you need specialized knowledge to circumvent the implemented measures, or a prefabricated tool.
After 5 to 7 years of continuous to near-continouos operation, I would be looking at moving those servers to a back-up position and replace them with newer hardware.
Sure, you might need a few new device drivers, but I don't think this is sufficient reason to switch over to a completely new version of the operating system (and installed applications). Keep mind that migrating GNU/Linux installations from one piece of hardware to another is easy, and reinstallation from scratch might not be.
Windows : migrate or die
*nix : oh, I've not touched that server for 3 years, bulletproof, see : 1 year uptime
The "Linux" that Novell sells comes with forced upgrades, too. After five to seven years (depending how early you adopt a new release), it's over and you have to upgrade.
The nice thing about free software is that you don't have to play by the rules set by vendors. Obviously, Novell can't really push that point.
Actually, Java projects are a minority of the Apache projects, [...] Apache recently has gotten a lot of new committers in XML and web services development. Like with Axis2 and Synapse. They also have a project called Maven, [...]
Axis2, Synapse and Maven are Java projects.
In other words, massive copyright infringement drives the demand for more bandwith, which drives research, investment and competition, benefitting the society enormously in the form of better technology (both communication and processing, since you need processing power for routing), better communication infrastructure, and cheaper prices for both. I see this as yet another reason for weaker, not stronger, copyright laws.
Interesting line of thought. But I don't think it's compelling. Contemporary file sharing protocols (especially the search component) are often rather inefficient. Making file sharing clearly legal would make it possible to offer more centralized services supporting it (where it makes sense), which would increase efficiency and reduce bandwidth usage.
On the other hand, if you outlaw file sharing completely and enforce it rigorously, as a user, you'd have to tunnel all file sharing traffic over secure anonymization networks (similar to what Tor does). Each packet would run back and forth through the network, in order to obscure its sender and receiver, tremendously increasing bandwidth requirements. So, following your argument, truly fascist copyright laws would advance networks even more.
Try monitoring a campus network where you have several thousand users and an obscenely large amount of bandwidth.
I have done this and it is much easier than you think. Warez traffic (let's drop this "darknet" term, I always think that it's an end-user-empowered network run over dark fibers) doesn't follow the typical 24-hour cycle in the traffic pattern. The number of legitimate hosts with such a traffic pattern is pretty small in my experience, so it's quite possible to spot the offenders.
Of course, as a network admin, there isn't much you can do when the host admin says that periodic transfers of multiple GB are perfectly legitimate and done for research purposes. But detection is not the real obstacle.
Part of the real issue is that so much traffic on research networks is filesharing and warez crap. If you started to enforce an AUP, the bandwidth would drop to minuscule levels, and you wouldn't have any plausible justification whatsoever for those fat pipes. And people feel they need them because of the dick size wars at some research conferences.
The fight against DRM cannot be won.
There is a solution: create a pool of free content.
Of course, right now, this mostly works for texts. Wikipedia, for example, evokes fears in publishers that only free content is passed on. More and more, their allegedly superior products are simply not relevant in public discussion because nobody is willing to pay the price for professional editorial review, DRM or not.
Sure, decent recording equipment is not actually cheap, and audio files need more bandwidth for transmission, but these costs continue to decrease. There is an answer to this, of course: playing devices which only play encrypted content, and not unencrypted, free content. But I doubt it will get as far as that because it is a very significant restriction on free speech.
Bullshit. Most unix software is not aware of symlinks because it doesn't have to be. Generally, only system utilities care about the existance of symlinks.
/tmp, which can be exploited by planting symlinks at the right time.
I wonder if this attitude leads to all those race conditions when creating files in
I don't know exactly where you got sidetracked in this, but the debate was over providing source code. Under no circumstances can you charge whatever you want for source code.
Uh-oh, read again. There is no clause in the GPL that forbids this in general. Only if I do not give you the source code immediately, I cannot charge you for it later (apart from distribution costs). No other restrictions on the cost of source code exists in the GPL.
Yes, it's true, you cannot sell the source code. But you can "charge no more than your cost of physically performing source distribution".
3b is just one choice among others. If you distribute source code from the start, you can ask whatever price you want. The 3a option has no price limit whatsoever. There might be practical issues if you just take some GPLed and try to resell it, but if you add significant value, you can be sure that people are willing to pay prices which are obscene. Incidentally, this also discourages them from sharing with others who haven't paid anything, even though the GPL grants them that right.
WHy do you ne4ed named captures you got $1 through $N
When N is somewhat large (7? 9?), counting becomes difficult, and the resulting code is hard to read. It's not needed for feature completeness (unlike regular expressions as first-class objects), but it makes the code more readable in some cases.
(Come to think of it, I don't use named captures in my Python code.)
I would actually like to know why developers would choose Perl over alternatives today on a new project.
I use Perl if I can reuse existing code and cut down development time significantly (using some CPAN module, or an application framework such as RT).
I think Perl has mostly catched up again. There was a time when Python offered regular expressions as a first-class type, but Perl didn't. But the named captures which are offered by Python and others are only available as "highly experimental" extension in Perl.
I think the bigger issue is the indemnification clause.
I don't think so. Postfix (aka "IBM Secure Mailer") is shipped by quite a few distributions, and the IBM Public License contains an indemnification clause which is very much like Sun's.
no linux distribution on earth includes those plugins, how are they getting away with it?
Sun's Java license forbids distribution together with competing technology, like the GNU Compiler Collection. For obvious reasons, most GNU/Linux distributions choose GCC over Java.
If people are tired of the record companies, why don't they just stop listening for a while and find other forms of entertainment?
The answer to your question probably is related to the phenomenon that people typically download from P2P networks the very same music they constantly hear on the radio.
Have you heard of anybody who actually lost money due to phishing, and wasn't reimbursed by their bank, provided that they were willing to submit their computer to an independent third party for forensic analysis?
Maybe the situation in the U.S. is drastically different, but over here, the banks take full responsiblity, and things aren't much better. We even use one-time passwords and two-factor authentication, but all this doesn't help that much if there's a trojan horse on the customer's machine.
I get a redirect loop on all three web sites. Are they Internet-Explorer-only, or what?
I also recently had my TWiki-based wiki farm broken into, for the 3rd time in 4 years, despite trying to stay up to date at least with Debian releases.
TWiki is not part of any official Debian release. The current round of bugs was fixed for the twiki package in unstable in March 2005, in version 20040902-2.
Since TWiki's security problems seem intractable (giant Perl codebase that's very difficult to audit and doesn't seem to have been designed to handle security)
Actually, it's not that bad. External processes are only invoked in very few places, and it's more or less straightforward to patch them so that shell command injection is probably impossible (not "provably impossible" of course, but close). See my TWiki robustness patch for the details.
I wouldn't recommend to anyone that they run a publically-viewable TWiki installation at this point.
The alternatives aren't that much better, unfortunately. You might be able to trade shell command injection for SQL injection. The wiki mindset seems to be quite a bit away from a computer security mindset. But this shouldn't come as a surprise because giving permission to random visitors to edit your site needs quite a bit of faith.
You purchased a product from a vendor, you should expect them to solve problems with that product or explain how to properly secure it, or just ignore the issue which says something about their product and commitment to support.
Uhm, a rootkit is third-party software. If you install it and it causes problems, you must ask the ISV from whom you obtained that software. Same as with any other type of program from ISVs.
(1,440 2-up duplex letter impressions or 1,354 2-up A4 duplex impressions)
Ah, these numbers are indeed far more reasonable. IBM sold printers in the 270 pages/minute range back in 1995 or so.
Oh come on, it's nearly impossible to find the URL history! Ctrl-H is a very, very complex cracking method.
Digital forensics is performed offline. You don't run the browser software to read its history.
However, I fail to see how this would create problems for law enforcement. Most of the interesting data is readily available. And the data formats haven't changed that much since the days when Netscape was the dominant browser.
Sounds like another "Well, it's on the news all the time so it must be sucking up a lot of bandwidth."
A couple of years ago, a large German research network established a lower bound of 46% P2P traffic at its borders. This was before BitTorrent was in wide use, and I would be extremely surprised if the P2P share has decreased since then.
We ended up with a lot of problem because of this worm... less because it actually caused problems with the machines but more because we could see machines constantly trying to infect one another.
Next time you should try blocking the botnet controllers at the network perimeter. Usually, this simple measure significantly reduces propagation on your internal network, even if you don't have internal compartmentalization.
Is there any evidence that Linus requested this.
The Linux Mark Institute? Yes, he approved. See Linux Mark Institute: Protecting the Linux trademark (written by Jon "maddog" Hall in 2002) and a more recent comment by the same author.
Of course it is a bit strange to release some piece of software, tell everyone it's free, and then register a trademark with the name of the software and try to enforce it. Surely this was done with good intent, but it really hurts projects like Debian, which would have to buy trademark licenses for Linux, Mozilla, Bacula, and God knows what.