I guess my comment just doesn't explain itself very well.... but I did read your comment as saying GPL was too restrictive. On the off-chance that's what you or someone else might be thinking I'll just post my explanation:)
Laws against murder are restrictive to an individual -- they state that you will be punished for having absolute freedom over someone else. And this is a very good thing. While a state of anarchy gives each individual total freedom, it's not actually very good for society. Any successful organism needs to be able to replicate; and a law that increases the welfare of people will work to ensure that reproduction, even if it's restricting their freedoms*.
By the same token, the GPL is restrictive in that if you wish to make use of (and distribute) someone else's code you must share the code back. This ensures the 'life' of the code; that it will evolve, grow and reproduce.
So, in essence the 'restrictions' that the GPL imposes are the very traits that make it so prevelant. And that's a good thing.
*the trick is knowing how much freedom to give up... imho politically we're way past too much, well into power-grab territory
Hint: They do diddly-squat if you only use them on your fellow citizens rather then the government.
Straw-man. Just because a tool can be mis-used doesn't make it any less useful or its purpose any less compelling.
Maybe I misunderstood OP, but I read it as: Hint: It's time to take action...not as the strawman you describe.
Though, I'm of the opinion gun violence comes from social problems, not from the mere presence of guns themselves.
I think I'd agree with you there... Despite Canada having lots of guns (Moore claims more per capita then the US, don't know as fact) we still don't have any where near the crime rate...esp: gun crimes.
I read a while ago that crime increased with difference of income, not simply with the 'poor'....so this is where things like social programs make people far less likely to think they need to commit crime... but that's just a wild-ass guess.
I think you're overestimating the value they saw in his free as in speech philosophy and underestimating the value that disadvantaged (poorer) places see in stuff they can download off the Internet for free.
...and that is where it begins.
I switched to Linux first because I wanted free-as-in-beer software, but now that I'm more educated on the subject I've stuck with it because I want to help ensure free-as-in-speach. And that education *only* came about because I started using Linux.
Of the techies that I know, only the Linux users even *know* (doesn't matter if they agree/disagree) about the freedom issues./. is such a pro-linux site that even the MS-users (and I'm sure there's still lots 'n lots here!) know about the issues, but once you leave/. the number of people (including techies) who know about the issues (let alone agree that it's important) drops off dramatically.
Also, Stallman isn't a lawyer, although his intent is well and good, does he really understand what the consequences of his intent are?
Stallman might not be a lawyer, but he has one, and I think it's pretty safe to say that (as far as is possible) the legal consequences have been studied.
Of course, tivoisation is an unexpected consequence of the v.2 wording... so nothing is perfect, and depending on how the v.3 transition goes there may be a v.4 in another dozen years.
imho, Stallman's intent has never changed and he's never hidden his intent... anyone who believes that GPLv.3 is different than v.2 in intent has obviously never read Stallman.
When it comes to security (of all kinds) the question isn't "what's the harm if we do this?" but "what's the reward for doing this?"
So what exactly is the purpose of finger printing gvt employees? are they criminals now? they've already (presumably) done a background check and it was obviously ok (else they would not be there, right?)
First off every action has some potential risk, and every action that erodes rights and freedoms does increase the risk (by increasing the acceptance) of a police state.
Secondly, every action costs money, which increasing taxes.
Thirdly, every system (including fingerprinting) has some chance of error or false positives or other manner of being abused intentionally.
So, I'm back to: what does security fingerprinting provide, that isn't already being provided? If it's providing a redundant service then either it shouldn't be introduced, or the other service should be eliminated...
I'm not saying a tax patent doesn't serve the inventor's purpose; I'm saying that if the law is changed it *cannot* serve the inventor's (or anybody's) purpose and therefore it is no longer an invention.
yeah... but if patent officers were litterate most patents wouldn't be granted in the first place...
An invention is nonobvious if it would be viewed as an unexpected or surprising development by someone skilled in the technology of the particular field
Note that it needs to be unexpected to someone who knows something about the subject... just because no one has previously thought of something doesn't mean that it would be surprising once they did think about it. And that clause has (never?) been applied as written.
But back to "useful"... who determines usefulness? me? you? the patent office? Since (still AFAIK) the purpose or use of the patent is not part of the patent, a change in the law that renders it useless in the original (unwritten!) purpose doesn't mean that it *might* not have some other purpose. Therefore, once granted it would be pretty dangerous to start invalidating patents where someone could argue that it's no longer useful. Beyond that, who would argue that it's no longer useful? probably just people who've found a new use for the patent...hehe.
A patent is on the specific way of doing something... not on the end result. In other words, a patent may protect a way to convert steam into locomotion, but that didn't stop the internal combustion engine from also causing locomotion.
So what that means is that the tax patent will be some series of off-shore accounts, tax shelters, shell companies and the interactions between them. This sequence of actions is what will be protected, and even if the tax code changes, this series of actions will still be protected. The fact that no one will use it to reduce their tax burden is not important, since the goal is not patented -- just the actions.
You can't patent "tax planning" -- the prior art would kill the patent immediately.
By the same note, anyone who unwittingly performs the same series of actions (not to get around taxes, but possibly for some other internal structuring reasons) is still guilty of patent infringement...
The OP said that the patent would be invalidated, and this is false. Worthless yes, but not invalidated.
IANAL yadda yadda whatever, but patents get invalidated for reasons like prior art... not because it doesn't serve it's author's original intented purpose... Purpose (AFAIK) isn't even in a patent, and it's every patent holders wet dream that some purpose they never thought of becomes the next big thing and they get rich for something they didn't think of...
and that tax break is removed in the next budget then the patent is no longer valid.
It's still valid... it's just worthless.
A patent on a better horse-buggy whip thingie wan't invalidated when the horseless carriage came along... just that no one cared about your patent any more...
Events overtaking your idea doesn't invalidate your patent... just renders it worthless. (where worthless means that your idea requires no protection because no one will use your idea....)
well... 6-weeks might have been too long (I'm no expert) but...
Vendors need an incentive to write bug free code
I think most people agree that writing 100% bug free code is impossible. Basing a plan on the impossible is seldom a good idea.
Black hats often have the security hole before you.
Yup. In the current 700+ day scenario it's easy for this to be true. Shorten the time line and this will be dramatically reduced.
those six weeks are six more weeks that a user is susceptible to damage without any chance at turning off the service, reconfiguring it, putting up a firewall, changing passwords, and otherwise mitigating any potential problems
Ok... I agree that there might be some work-arounds for some problems (not all!).
However I can't agree to a zero-day release since for any given bug that is found by a researcher there is a probability less than 100% that the Bad Man finds it and begins to use to to exploit systems. If the researcher releases then it's safe to assume there is a 100% probability that the Bad Man knows about it and attempts to make use of it. Finding unprotected systems is just a numbers-game. Not every shop will have read the exploit or have been able to determine whether or not they are vulnerable. Consider time-zones alone, let alone over-worked sysadmins with other existing priorities! And this is why zero-day exploits are so dangerous...and zero-day exploits is exactly what you're describing.
However I fully agree that it's the end-user that suffers here (and that was the reason for my initial post!) and perhaps 6-weeks is too long, but for sure 0-days is too short.
Perhaps a shorter duration before full public disclosure, and if/where the researcher can see a work-around, release minimal info along with suggested action on the 0-day time-line. This won't work for every situation, but where possible might be a good middle ground...
I for one am tired of major vendors that don't fix problems.
Business only understands one thing: money. So this needs to cost them money.
So to me the solution is simple: Researchers privately disclose bugs to the vendor along with a Public Release Date....maybe 6-weeks in the future. Non-Negotiable. Fixed or not*, the bug is fully and publicly disclosed on that date. Since OSS (and MS DRM! heheh) has shown that bugs can be fixed in days or at the most a few weeks this should give a motivated company plenty of time to fix it. And only money motivates a business.
When vendors start getting threatning calls/letters from their customers (either to sue or jump ship) due to unpatched exploits that are public knowledge then they will be forced to fix them.
Oh sure, the vendors will cry foul (and sadly some will probably try and sue researchers instead of fixing their problems) but the fact is that if one person can find an exploit then a second person can find this exploit. And the other guy might not have noble intentions. Every day that a findable exploit exists is a day that the system is at risk...
*This is actually important, b/c if you read the rant you'll note that the 'fixes' are half-assed. I'm pretty confident that if the exploit was going to be made public that the fixes would be more robust...or the company will go bust.
Just in time... and I tried the page with my v.7 (didn't load) and tried it with the v.9 beta and it loaded (perfectly,...well, AFAICT, since I've never seen it before, and don't have a WinBot to see what would have looked like under v.8)
mmm, I think we need to discuss Rivalrous here.
Having complete access and control over my house doesn't impact your control over your house. Despite the fact that both are houses.
Now if you in some way make use of or block my access to my house then I no longer have use and control of my house. This is because there is only one house and only one may control it at any given time.
Now by contrast my making use of an unlicensed copy of some work doesn't stop you (or anyone else) from making use of either another unlicensed copy, nor any licensed copy.
This is because ideas are non-rivalrous.
Physical property, by contrast, is rivalrous.
This is one of the major reasons why any anology for Intellectual Monopoly that tries to liken it to physical property falls apart. Unfortunately, this includes your analogies...
The only way for an analogy to work, my use of my house would have to impact your usage of your house...and in the physical world, that just doesn't work.
ugh... while I loathe to get into your examples/analogies, they completely miss the point.
If you had a wife, and I slept with her, have I violated your rights? You still have complete access to her---but not the same exclusive access you had. While wives are not property, marriage implies the same sort of exclusivity as IP law has.
Ignoring the shear awfulness of the implications (which you do deny, but nonetheless you have made!) I do *not* in fact have "complete access" for while you are sleeping with my wife, I can not.
Alternatively, if I put a boot on your car (and it's in your drive way and I have no other interest in your property) so you could not drive off, have I stolen your car? You still have complete access to it, right? No, you can't drive it, which is the primary purpose of having a car.
Aah, slightly better (in that it's not offensive) and is exactly the same. I do not have complete access to my car: Complete access would mean that I could use it as I see fit, and this includes driving it
So they key difference is that my having or making use of an unlicensed version in no way impacts yours or any other persons 'legal' version.
And this is why so called Intellectual Property isn't property at all, and in fact is nothing like property, but rather it is an Intellectual Monopoly, because what it is, in fact, is a state guaranteed monopoly over an idea. And this monopoly requires state guarantee, because without it, there is no natural way to enforce this.
Without physical property laws I can still pick up a shovel and (attempt) to defend my property. But short of some kind mass slaughter, information and ideas are impossible to revoke...and that still doesn't stop someone else somewhere else from independently having the same idea.
Either way, this is the beginning of the end.
Unless I'm misreading this, this will be the first time that a personal computer is (by design) under the control of a (foreign*) corporate entity and not the hardware owner.
So what that means is that if MS doesn't like something (that runs in kernel-space) they can revoke the rights of that code to run on all** computers, regardless of what the hardware owner thinks or wants.
The next step is, of course, to extend this to user-space...
* I'm not US-ian **...well, not my PC, but certainly those that are going to run Vista.
Well, *apparently* you can get banned from WoW and no amount of esplainin' helped. ...(at least the last time I read what was there they maintained that they were getting kicked off for running under wine...it's too long-a-read to see if that's changed.)
"The game trained him ''how to point and shoot a gun in a fashion making him an extraordinarily effective killer."
By that rationale, most action films would also be complicit in many homicides. This accusation has been thrown out of court so many times I won't even bother to cite individual cases.
Let's shut down the firing ranges and remove weapons training from the military and police. Afterall, this really *is* training to make "him an extraordinarily effective killer."
Adams and Franklin were refering to resisting an occupation force, the US is combating an externally commanded islamo-fascist terror insurgency. They are not the same. Indeed it is a love of liberty that inspires citizens to give the federal government the powerful tools they need to wipe it out completely.
First off, your assertion that giving up liberty can possibly result in an elimination of terrorism is absurd.
Secondly, for the purpose of the discussion of trading freedom for security it is the same thing.
Whether you fail to remove an occupying government that doesn't grant you freedoms, or whether you grant the sitting government powers to trample your freedoms, you still have no freedom. And if you do so for promised 'security' then...well, I think the quote applies.
Sadly, I doubt it is "a love of liberty" that allows this, it is a horrible mix of apathy and fear and ignorance.
Seriously, name one institution who ever thought they had too much money
So I think the point is that you can trust the greed factor will cause it to be impossible for it to be "managed properly". Creating a system with a natural limit (essentially a limit outside of our control) causes the system to work correctly.
This is like saying that a command economy can work if "managed properly"...and we saw how well that worked.
wow... with logic like that you are well qualified to work as our security officer...
Sticking your head in the sand doesn't actually make security problems go away.
So the banks system has N security holes, where some other number X have already been identified by the bank and reviewed for severity and decisions were made as to how to deal with them.
This guy identified some set of problems that are in N and possibly in X.
Other people (aka: Bad Guys TM) have identified some other set of vulnerabilities in this system and may be taking advantage of them right now.
So let's review:
The bank has no way of knowing that the guy communicated all the information he had. Maybe there's more than one security hole that he discovered (very likely if the system is really shoddy...)
So what? His disclosures don't affect the number currently in existence. They exist whether he tells the bank or not. And if he found them, someone else can find them. Furthermore, if he had dishonerable intentions he probably wouldn't have disclosed any to begin with. Even if he made a partial disclosure, the disclosure doesn't make him any more or less of a threat.
The bank has no way of fixing the issue instantly. Especially since banks have some really heavyweight development procedures in place, which make even the most trivial change a matter of several months of development. Thus, the "security researcher" could still cause damage by revealing the hole to the public before it can be fixed.
He told the bank about the problems. He's made no threat (that I'm aware of) to go public. If anything the bank is now in a potentially better position to fix the problems then they were before he contacted them. If any of the problems he found were not already identified then he has in fact increased their security position, not decreased it.
Or maybe the bank feels that the hole is obscure enough that it doesn't warrant spending boatloads of money fixing it (... more money than the "researcher" asked for, if he's smart...). But now, the bank no longer has the choice of ignoring the issue, it's either pay the researcher, or invest money in an otherwise unneeded (in the eyes of the bank) development.
Security through obscurity is no security at all.
If they had identified and reviewed any of the problems he outlined and decided that it wasn't a problem worth fixing (and he's added no new data to the problem) then it's either still not worth fixing, or the analyst who decided it wasn't worth fixing needs his/her nuckles rapped.
When are people going to realise that the internet is a hostile environment, and that any exploit that exists will eventually be found by someone with malicious intent. Ignoring problems, suing honest researchers etc does nothing to increase your security posture. Meanwhile those that are dishonest are in no way deterred by some threat of legal action.
This incident was merely a response to someone getting embarrassed. Someone in the organisation got caught with security vulnerabilities and decided to take legal action to get the heat off of themselves. Pitiful really.
well... I'll start my repeating my original disclaimer that not every company can switch (profitably - 'cause for enough money *any* company can switch)
So, I don't know CNC, and maybe your company is going to be the exception that can't switch. That's ok - it's not a perfect world:)
But on the off-chance that you do find some OSS software (or find yourself working somewhere else some day) I'd just like to clear one MS FUD from your post:
If we switch to OSS, what guarantee do we have that a critical specialty application won't go unsupported next week?
Support is something you pay for. And even if you've bought some commercial closed-source software you've no guarantee that they won't close their doors tomorrow, or (what *every* company does: de-support your version, forcing you to either pay for an upgrade, or become de-supported.)
If anything, the support questions should be pushing you *towards* OSS, not away from it.
Assuming that the developers decide to quit, with OSS, you can hire anyone to support the application: you have the source code and you can fix the bugs. Pay for it out of what you would have been paying for support.
With closed-source/proprietary software when the developer folds (or de-supports) you're f*^! because even if you *could* fix the bug yourself you're not allowed to...
There is a real world out here, and in it there are thousands of small companies that have to use computers to communicate with their customers and suppliers and to keep up with their competitors but that are too small to afford even a part-time IT guru. Companies like that have to buy their accounting software, their production software, their shop management software, their design software--and what's for sale out here in the real world only runs on Windows.
So these hypothetical companies can afford to buy software, but can't afford some IT consulting?...and that ignores the obvious problem that Windows needs an admin as much than linux does and so these companies are living on borrowed time.
While I won't claim that every company can move everything to linux I'd suggest that the vast majority can. IT Managers buy Windows because they always have, their users are used to it (hell, they're used to it)
There used to be a saying that no one gets fired for picking IBM...the same is true for MS. Sure it has problems, but they're problems that everyone accepts now, and introducing linux will remove some problems and introduce some new ones...and one of those might get you fired.
Ernie Ball moved his entire organisation over to open-source. So it can be done. And he says the move is saving him money. "I know I saved $80,000 right away by going to open source, and each time something like (Windows) XP comes along, I save even more money because I don't have to buy new equipment to run the software." -- Ernie Ball
I can never seem to get it to work with Real's stuff,
Not sure if this will help, but having just investigated this for someone else, note that links on a site lead to a re-director file. The link you click on is a text-file that contains the URL of the media. So to use mplayer you need to download the link, open it, and pass the link inside to mplayer.
After that every file I've tried has worked... maybe someone knows of a way to get mplayer to read the redirector?
Slashdot Mirror
Laws against murder are restrictive to an individual -- they state that you will be punished for having absolute freedom over someone else. And this is a very good thing. While a state of anarchy gives each individual total freedom, it's not actually very good for society. Any successful organism needs to be able to replicate; and a law that increases the welfare of people will work to ensure that reproduction, even if it's restricting their freedoms*.
By the same token, the GPL is restrictive in that if you wish to make use of (and distribute) someone else's code you must share the code back. This ensures the 'life' of the code; that it will evolve, grow and reproduce.
So, in essence the 'restrictions' that the GPL imposes are the very traits that make it so prevelant. And that's a good thing.
*the trick is knowing how much freedom to give up ... imho politically we're way past too much, well into power-grab territory
I read a while ago that crime increased with difference of income, not simply with the 'poor'....so this is where things like social programs make people far less likely to think they need to commit crime... but that's just a wild-ass guess.
I switched to Linux first because I wanted free-as-in-beer software, but now that I'm more educated on the subject I've stuck with it because I want to help ensure free-as-in-speach. And that education *only* came about because I started using Linux. /. is such a pro-linux site that even the MS-users (and I'm sure there's still lots 'n lots here!) know about the issues, but once you leave /. the number of people (including techies) who know about the issues (let alone agree that it's important) drops off dramatically.
Of the techies that I know, only the Linux users even *know* (doesn't matter if they agree/disagree) about the freedom issues.
Of course, tivoisation is an unexpected consequence of the v.2 wording
imho, Stallman's intent has never changed and he's never hidden his intent ... anyone who believes that GPLv.3 is different than v.2 in intent has obviously never read Stallman.
Thanks!
So what exactly is the purpose of finger printing gvt employees? are they criminals now? they've already (presumably) done a background check and it was obviously ok (else they would not be there, right?)
First off every action has some potential risk, and every action that erodes rights and freedoms does increase the risk (by increasing the acceptance) of a police state.
Secondly, every action costs money, which increasing taxes.
Thirdly, every system (including fingerprinting) has some chance of error or false positives or other manner of being abused intentionally.
So, I'm back to: what does security fingerprinting provide, that isn't already being provided? If it's providing a redundant service then either it shouldn't be introduced, or the other service should be eliminated...
from nolo.com:
An invention is nonobvious if it would be viewed as an unexpected or surprising development by someone skilled in the technology of the particular field
Note that it needs to be unexpected to someone who knows something about the subject... just because no one has previously thought of something doesn't mean that it would be surprising once they did think about it. And that clause has (never?) been applied as written.
But back to "useful" ... who determines usefulness? me? you? the patent office? Since (still AFAIK) the purpose or use of the patent is not part of the patent, a change in the law that renders it useless in the original (unwritten!) purpose doesn't mean that it *might* not have some other purpose. Therefore, once granted it would be pretty dangerous to start invalidating patents where someone could argue that it's no longer useful. Beyond that, who would argue that it's no longer useful? probably just people who've found a new use for the patent...hehe.
A patent is on the specific way of doing something ... not on the end result. In other words, a patent may protect a way to convert steam into locomotion, but that didn't stop the internal combustion engine from also causing locomotion.
So what that means is that the tax patent will be some series of off-shore accounts, tax shelters, shell companies and the interactions between them. This sequence of actions is what will be protected, and even if the tax code changes, this series of actions will still be protected. The fact that no one will use it to reduce their tax burden is not important, since the goal is not patented -- just the actions.
You can't patent "tax planning" -- the prior art would kill the patent immediately.
By the same note, anyone who unwittingly performs the same series of actions (not to get around taxes, but possibly for some other internal structuring reasons) is still guilty of patent infringement...
The OP said that the patent would be invalidated, and this is false. Worthless yes, but not invalidated.
IANAL yadda yadda whatever, but patents get invalidated for reasons like prior art... not because it doesn't serve it's author's original intented purpose... Purpose (AFAIK) isn't even in a patent, and it's every patent holders wet dream that some purpose they never thought of becomes the next big thing and they get rich for something they didn't think of...
A patent on a better horse-buggy whip thingie wan't invalidated when the horseless carriage came along ... just that no one cared about your patent any more... ... just renders it worthless. (where worthless means that your idea requires no protection because no one will use your idea....)
Events overtaking your idea doesn't invalidate your patent
However I can't agree to a zero-day release since for any given bug that is found by a researcher there is a probability less than 100% that the Bad Man finds it and begins to use to to exploit systems. If the researcher releases then it's safe to assume there is a 100% probability that the Bad Man knows about it and attempts to make use of it. Finding unprotected systems is just a numbers-game. Not every shop will have read the exploit or have been able to determine whether or not they are vulnerable. Consider time-zones alone, let alone over-worked sysadmins with other existing priorities! And this is why zero-day exploits are so dangerous...and zero-day exploits is exactly what you're describing.
However I fully agree that it's the end-user that suffers here (and that was the reason for my initial post!) and perhaps 6-weeks is too long, but for sure 0-days is too short.
Perhaps a shorter duration before full public disclosure, and if/where the researcher can see a work-around, release minimal info along with suggested action on the 0-day time-line. This won't work for every situation, but where possible might be a good middle ground...
Business only understands one thing: money. So this needs to cost them money.
So to me the solution is simple: Researchers privately disclose bugs to the vendor along with a Public Release Date....maybe 6-weeks in the future. Non-Negotiable.
Fixed or not*, the bug is fully and publicly disclosed on that date. Since OSS (and MS DRM! heheh) has shown that bugs can be fixed in days or at the most a few weeks this should give a motivated company plenty of time to fix it. And only money motivates a business.
When vendors start getting threatning calls/letters from their customers (either to sue or jump ship) due to unpatched exploits that are public knowledge then they will be forced to fix them.
Oh sure, the vendors will cry foul (and sadly some will probably try and sue researchers instead of fixing their problems) but the fact is that if one person can find an exploit then a second person can find this exploit. And the other guy might not have noble intentions. Every day that a findable exploit exists is a day that the system is at risk...
*This is actually important, b/c if you read the rant you'll note that the 'fixes' are half-assed. I'm pretty confident that if the exploit was going to be made public that the fixes would be more robust...or the company will go bust.
Just in time... and I tried the page with my v.7 (didn't load) and tried it with the v.9 beta and it loaded (perfectly, ...well, AFAICT, since I've never seen it before, and don't have a WinBot to see what would have looked like under v.8)
You would think that that simple fact would make it the official card of GNU ...
Having complete access and control over my house doesn't impact your control over your house. Despite the fact that both are houses.
Now if you in some way make use of or block my access to my house then I no longer have use and control of my house. This is because there is only one house and only one may control it at any given time.
Now by contrast my making use of an unlicensed copy of some work doesn't stop you (or anyone else) from making use of either another unlicensed copy, nor any licensed copy.
This is because ideas are non-rivalrous.
Physical property, by contrast, is rivalrous.
This is one of the major reasons why any anology for Intellectual Monopoly that tries to liken it to physical property falls apart. Unfortunately, this includes your analogies...
The only way for an analogy to work, my use of my house would have to impact your usage of your house...and in the physical world, that just doesn't work.
So they key difference is that my having or making use of an unlicensed version in no way impacts yours or any other persons 'legal' version.
And this is why so called Intellectual Property isn't property at all, and in fact is nothing like property, but rather it is an Intellectual Monopoly, because what it is, in fact, is a state guaranteed monopoly over an idea. And this monopoly requires state guarantee, because without it, there is no natural way to enforce this.
Without physical property laws I can still pick up a shovel and (attempt) to defend my property. But short of some kind mass slaughter, information and ideas are impossible to revoke...and that still doesn't stop someone else somewhere else from independently having the same idea.
Unless I'm misreading this, this will be the first time that a personal computer is (by design) under the control of a (foreign*) corporate entity and not the hardware owner.
So what that means is that if MS doesn't like something (that runs in kernel-space) they can revoke the rights of that code to run on all** computers, regardless of what the hardware owner thinks or wants.
The next step is, of course, to extend this to user-space...
* I'm not US-ian
**...well, not my PC, but certainly those that are going to run Vista.
Well, *apparently* you can get banned from WoW and no amount of esplainin' helped.
...(at least the last time I read what was there they maintained that they were getting kicked off for running under wine...it's too long-a-read to see if that's changed.)
Secondly, for the purpose of the discussion of trading freedom for security it is the same thing.
Whether you fail to remove an occupying government that doesn't grant you freedoms, or whether you grant the sitting government powers to trample your freedoms, you still have no freedom. And if you do so for promised 'security' then ...well, I think the quote applies.
Sadly, I doubt it is "a love of liberty" that allows this, it is a horrible mix of apathy and fear and ignorance.
This is like saying that a command economy can work if "managed properly"...and we saw how well that worked.
Sticking your head in the sand doesn't actually make security problems go away.
So the banks system has N security holes, where some other number X have already been identified by the bank and reviewed for severity and decisions were made as to how to deal with them.
This guy identified some set of problems that are in N and possibly in X.
Other people (aka: Bad Guys TM) have identified some other set of vulnerabilities in this system and may be taking advantage of them right now.
So let's review:
So what? His disclosures don't affect the number currently in existence. They exist whether he tells the bank or not. And if he found them, someone else can find them. Furthermore, if he had dishonerable intentions he probably wouldn't have disclosed any to begin with. Even if he made a partial disclosure, the disclosure doesn't make him any more or less of a threat. He told the bank about the problems. He's made no threat (that I'm aware of) to go public. If anything the bank is now in a potentially better position to fix the problems then they were before he contacted them. If any of the problems he found were not already identified then he has in fact increased their security position, not decreased it. Security through obscurity is no security at all.If they had identified and reviewed any of the problems he outlined and decided that it wasn't a problem worth fixing (and he's added no new data to the problem) then it's either still not worth fixing, or the analyst who decided it wasn't worth fixing needs his/her nuckles rapped.
When are people going to realise that the internet is a hostile environment, and that any exploit that exists will eventually be found by someone with malicious intent. Ignoring problems, suing honest researchers etc does nothing to increase your security posture. Meanwhile those that are dishonest are in no way deterred by some threat of legal action.
This incident was merely a response to someone getting embarrassed. Someone in the organisation got caught with security vulnerabilities and decided to take legal action to get the heat off of themselves. Pitiful really.
So, I don't know CNC, and maybe your company is going to be the exception that can't switch. That's ok - it's not a perfect world
But on the off-chance that you do find some OSS software (or find yourself working somewhere else some day) I'd just like to clear one MS FUD from your post:
Support is something you pay for. And even if you've bought some commercial closed-source software you've no guarantee that they won't close their doors tomorrow, or (what *every* company does: de-support your version, forcing you to either pay for an upgrade, or become de-supported.)If anything, the support questions should be pushing you *towards* OSS, not away from it.
Assuming that the developers decide to quit, with OSS, you can hire anyone to support the application: you have the source code and you can fix the bugs. Pay for it out of what you would have been paying for support.
With closed-source/proprietary software when the developer folds (or de-supports) you're f*^! because even if you *could* fix the bug yourself you're not allowed to...
paying for a license != guaranteed support
While I won't claim that every company can move everything to linux I'd suggest that the vast majority can. IT Managers buy Windows because they always have, their users are used to it (hell, they're used to it)
There used to be a saying that no one gets fired for picking IBM ...the same is true for MS. Sure it has problems, but they're problems that everyone accepts now, and introducing linux will remove some problems and introduce some new ones...and one of those might get you fired.
Ernie Ball moved his entire organisation over to open-source. So it can be done. And he says the move is saving him money.
"I know I saved $80,000 right away by going to open source, and each time something like (Windows) XP comes along, I save even more money because I don't have to buy new equipment to run the software."
-- Ernie Ball
After that every file I've tried has worked... maybe someone knows of a way to get mplayer to read the redirector?