Before we know the full impact of this, we will have to see how governments incorporate it into their national laws. The directive itself, however bad, could be worse...
There are two arms to the anti-circumvention provision. One prohibits actual circumvention, the other prohibits distribution of technology designed to enable circumvention to take place.
The second "thrust" is much looser than the first. For example DeCSS may not be caught by the second arm because its primary purpose is to enable DVDs to be played on Linux, and not circumvention.
This argument would be made stronger if DeCSS was incorporated into a Linux DVD player, in such a way that the decryption technology was not exposed to the user. As software developers we try to build systems that are as flexible as possible. In this case we need to build an inflexible system. Distribute the source by all means, but make the system a Linux DVD player and nothing else. Lawyers like this sort of thing...
The first "thrust" prohibits actual circumvention but without exceptions. This is because you might buy something which is, for example, a Linux DVD player and a DVD decryptor. When you come to use it, you will choose which function you are going to employ. If you choose the latter you are breaking the law.
Now, this does not really change the current situation very much. It is illegal to import foreign releases of films into the EU until there has been a domestic release too. Now it will be illegal to play them as well but so what. You were already breaking the law if you chose to do this.
Once there has been an EU release, you are no longer circumventing anything by playing the DVD on Linux.
Of course this is not final, because much depends on how national governments implement the directive. I also don't know how much the courts will buy into this argument. Until there have been a few cases it is difficult to say how a statute will be interpreted. Wait and see...
I'm curious—are there a lot of people out there who are interested in working on sponsored open source projects? I can't help feeling that this ought to be a good business model, and it is just that SourceXChange didn't get the marketing right.
I know I would be interested in hearing from people wanting to do this sort of thing.
Equifax certificates derive trust from the Thawte roots.
Equifax marked my cert as suitable for use as a CA. Fortunately Thawte set the maximum chain length to one so I can't actually sign other certs. If they hadn't done this I would be able to set up my own CA, and the browsers would give it the same trust they give Thawte. Scary.
I found Equifax fine for customer service. Installing the cert was a bit of a nuisance because there was an extra step in the chain compared to a Thawte or Verisign cert. However once that was overcome everything worked fine.
I can't verify the source code of PGP 7 but I know I don't trust PGP 6. It is just too big to verify. I was doing some unusual stuff and it kept crashing. So were these crashes because of exploitable buffer overruns? I don't know. It's a shame because PGP 2 was (and is) rock solid.
Another problem is that many of the features in OpenPGP are difficult to implement. With PGP 2, the trust associated with a key can be calculated using Dijkstra's algorithm. With OpenPGP it is much harder because when signing you can say in what circumstances the signature is valid. So instead of each key having a fixed trust value, it can have a potentially unlimited number of trust values for different situations.
Finally, all versions of PGP are too hard for novices to use. I wrote whisper to provide an easier way for novices to encrypt messages. You can use Whisper even if you are just a Microsoft Office person. You won't get any fancy crypto technology though (unless AES counts). Whisper is GPL'd.
A while ago I did some experiments compressing audio with bzip. The results were surprisingly good. Some things would compress—losslessly of course—to about twice the size of the equivalent MP3. The audio was recorded at CD sampling rates but lower quality.
Before you get too excited, I should say that this was only done for some audio tracks that were important for a project I was working on. I haven't tried ripping a track off a CD and compressing it that way.
A lot of people (who understand PC hardware better than I do) seem to think that these patents are bogus. So why are all the SDRAM manufacturers caving in?
I think the answer could be that they are being offered favourable terms to do so. It could be in Rambus' interest to play it like this, because it provides some news which is favourable to shareholders. Of course at the moment there is a particular need for this, with the rumours that Intel might ditch RDRAM.
Of course, every dot-com has to have one or two patents just to keep the VCs happy. But how useful will Hotlinks' patents be?
Suppose the EU decides not to embrace software patents. Then I could open up a search engine over here, which uses the exact same technology—and there would be nothing that Hotlinks could do.
Even if the EU does adopt software patents, there will be places that don't. China anyone...?
How useful are patents going to be when it is no longer necessary to have a physical presence in any particular country?
When the US government set ICANN up they didn't seem to understand that people had a choice whether to use it or not. You can put services—such as root DNS—on the Internet, but you can't force people to use them.
I could set up a root DNS service tomorrow. No one would use it, but technically it could be done. If ICANN start to depart from what most Internet users want, someone will set up something different that will gain wide acceptance.
Remember the Name.Space people? Their proposal would have worked technically even if there were other reasons why people were against it.
PHP recently ceased being open source (if in a rather technical way). The PHP licence says:
The software incorporates the Zend Engine, a product of Zend Technologies, Ltd. ("Zend"). The Zend Engine is licensed to the PHP Association pursuant to a grant from Zend that can be found at http://www.php.net/license/ZendGrant/) for distribution to you under this license agreement, only as a
part of PHP. In the event that you separate the Zend Engine
(or any portion thereof) from the rest of the software, or
modify the Zend Engine, or any portion thereof, your use of the
separated or modified Zend Engine software shall not be governed
by this license, and instead shall be governed by the license
set forth at http://www.zend.com/license/ZendLicense/.
The licence must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
I hope this doesn't mean that Python is going to go the same way.
What do you mean "it has been declared open source by the powers that be"? You are allowed to have an opinion too. My opinion is that I don't want TrollTech to have a stranglehold over all commercial development for the Linux desktop.
Who thinks TrollTech negotiated in good faith about their new license? Alternatively, who thinks they saw an opportunity to free load off the free software community and become the next Microsoft at our expense? I don't have any easy answers, but I would want them before committing to KDE in any way. (Remember that anyone wanting to develop a commercial application for KDE would have to buy a license from Troll.)
Who thinks the QPL complies with the open source definition? It may be an "approved license", but look at clause six of the OSD. The QPL doesn't allow you to use the software for developing commercial applications. This is discrimination against a "field of endeavour"; a violation of clause six.
As an earlier poster said, "if you don't like the QPL, don't use KDE". Well, I won't -- fortunately GNOME is pretty good. But those who do use KDE put us all at risk, because in the end applications might require KDE in order to work.
Slashdot Mirror
There are two arms to the anti-circumvention provision. One prohibits actual circumvention, the other prohibits distribution of technology designed to enable circumvention to take place.
The second "thrust" is much looser than the first. For example DeCSS may not be caught by the second arm because its primary purpose is to enable DVDs to be played on Linux, and not circumvention.
This argument would be made stronger if DeCSS was incorporated into a Linux DVD player, in such a way that the decryption technology was not exposed to the user. As software developers we try to build systems that are as flexible as possible. In this case we need to build an inflexible system. Distribute the source by all means, but make the system a Linux DVD player and nothing else. Lawyers like this sort of thing...
The first "thrust" prohibits actual circumvention but without exceptions. This is because you might buy something which is, for example, a Linux DVD player and a DVD decryptor. When you come to use it, you will choose which function you are going to employ. If you choose the latter you are breaking the law.
Now, this does not really change the current situation very much. It is illegal to import foreign releases of films into the EU until there has been a domestic release too. Now it will be illegal to play them as well but so what. You were already breaking the law if you chose to do this.
Once there has been an EU release, you are no longer circumventing anything by playing the DVD on Linux.
Of course this is not final, because much depends on how national governments implement the directive. I also don't know how much the courts will buy into this argument. Until there have been a few cases it is difficult to say how a statute will be interpreted. Wait and see...
I know I would be interested in hearing from people wanting to do this sort of thing.
Equifax marked my cert as suitable for use as a CA. Fortunately Thawte set the maximum chain length to one so I can't actually sign other certs. If they hadn't done this I would be able to set up my own CA, and the browsers would give it the same trust they give Thawte. Scary.
I found Equifax fine for customer service. Installing the cert was a bit of a nuisance because there was an extra step in the chain compared to a Thawte or Verisign cert. However once that was overcome everything worked fine.
Another problem is that many of the features in OpenPGP are difficult to implement. With PGP 2, the trust associated with a key can be calculated using Dijkstra's algorithm. With OpenPGP it is much harder because when signing you can say in what circumstances the signature is valid. So instead of each key having a fixed trust value, it can have a potentially unlimited number of trust values for different situations.
Finally, all versions of PGP are too hard for novices to use. I wrote whisper to provide an easier way for novices to encrypt messages. You can use Whisper even if you are just a Microsoft Office person. You won't get any fancy crypto technology though (unless AES counts). Whisper is GPL'd.
Before you get too excited, I should say that this was only done for some audio tracks that were important for a project I was working on. I haven't tried ripping a track off a CD and compressing it that way.
I think the answer could be that they are being offered favourable terms to do so. It could be in Rambus' interest to play it like this, because it provides some news which is favourable to shareholders. Of course at the moment there is a particular need for this, with the rumours that Intel might ditch RDRAM.
Suppose the EU decides not to embrace software patents. Then I could open up a search engine over here, which uses the exact same technology—and there would be nothing that Hotlinks could do.
Even if the EU does adopt software patents, there will be places that don't. China anyone...?
How useful are patents going to be when it is no longer necessary to have a physical presence in any particular country?
I could set up a root DNS service tomorrow. No one would use it, but technically it could be done. If ICANN start to depart from what most Internet users want, someone will set up something different that will gain wide acceptance.
Remember the Name.Space people? Their proposal would have worked technically even if there were other reasons why people were against it.
What do you mean "it has been declared open source by the powers that be"? You are allowed to have an opinion too. My opinion is that I don't want TrollTech to have a stranglehold over all commercial development for the Linux desktop.
Who thinks the QPL complies with the open source definition? It may be an "approved license", but look at clause six of the OSD. The QPL doesn't allow you to use the software for developing commercial applications. This is discrimination against a "field of endeavour"; a violation of clause six.
As an earlier poster said, "if you don't like the QPL, don't use KDE". Well, I won't -- fortunately GNOME is pretty good. But those who do use KDE put us all at risk, because in the end applications might require KDE in order to work.
Well done Debian for keeping it out.