My thoughts exactly. Sort of a GPL but for patents instead of copyrights.
What would you call it? Patent already means according to Merriam-Webster's:
4. affording free passage : UNOBSTRUCTED
6. archaic : ACCESSIBLE, EXPOSED
(In addition to the obvious meaning of protected invention)
So open-patents would be kind of a tautology, even though not in practice. I can't think of any snappy words like copy-left for a free-software patent license.
If he comes up with something that's really a breakthrough, it would be a very good idea of him to patent it, license it to everyone for free but with the condition that anyone who uses it cannot assert crypto patents against other parties.
Netscape does this with their SSL API patent (granted, their patent is IMHO questionable) but they grant an automatic royalty free license to everyone to implement or use the SSL/TLS protocols, on the condition that they assert none of their own patents against other parties for implementing the SSL/TLS specs.
This is of course the perfect encryption mechanism; no one on earth can crack it, only the satelite up in the sky, and who's taking care they get all the information that goes through it?
You guessed it: the government. And then ask yourself: do you trust them with it?
Quantum cryptography is great if you are in line of sight of the party you want to communicate with, and it may be a perfect way to communicate with your aunt on the mars colony; but the only other option is private high-grade fiber from every home to every home, and that's a hell of a lot of fiber. (I forgot to mention a big mirror-carrying satellite in the sky as another option, although I don't know enough quantum physics to know if it would still work after the photons are deflected)
By the way, although the article is interesting, it isn't new, you can also find out about quantum crypto in Bruce Schneier's Applied Cryptography, 2nd edition, pages 554-557.
EjB
Re:They did the right thing. Now, give them a brea
on
Corel Clears the Air
·
· Score: 2
It sounds good.
I'm still cautious about wether they understand that even if they use a portion of a GPL'ed program in a new program (instead of modifying a GPL'ed file), they're required to license it under the GPL.
But I think this is a good response of Corel within an appropriate timeframe.
I also think that seeing how many people disliked their earlier proposal must have convinced Corel that some action was necessary - Bruce may be a good talker, but it's very nice that he can back up his diplomatic skills with some weight in the form of looming bad publicity.
And Corel should be thankful, for being averted from commiting software piracy. (If big companies can use big words to describe innocent teenage behaviour, so can we to describe the behaviour of big companies that should know better).
But all in all, I think we got what we wanted, nobody got hurt, so yea, I guess that qualifies as "success"!
You buy a book as an employee of a company. Do you believe you have the right to make copies of the book and distribute them among your collegues? Of course not.
Software copyrights are no different from book copyrights. You are not allowed to copy a copyrighted computer program, even within your company, unless explicitly permitted by a "license" (which is the legal term for a contract giving you rights and restrictions over copyrighted works in your possession, but I'm sure a real lawyer could word this more carefully)
Now there's only one license to the Linux kernel and to most of the other software contained in the Debian distribution, and that's the General Public License, as written by the Free Software Foundation, otherwise known as the GPL.
That license first states: Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Now making a copy, wether it is within Corel between employees, or by a Corel employee and given to an outsider, such as a participant in the beta testing program is, as the word say, an act of copying.
When Corel makes a copy, they can only do that in accordance with the GPL. The GPL does not contain an exception for beta-testing or in-house distribution. It clearly says that if you make a copy, you must grant the recipients all rights in the GPL.
A quick summary:
Copying unmodified code: You must keep intact all notices that refer to the GPL
Copying modified code: You must cause the modified code to be licensed under the GPL without charge to all recipients. (Which means that all recipients have all rights defined in the GPL)
Copying executable form: You must allow recipients full access to the source code and the source code must be licensed under the GPL.
Even more interesting is clause 6 from the GPL, which says that the recipient "automatically receives a license to copy, modify and distribute under the GPL".
This means that (and I have to insert a "probably" here) anyone, not only the authors of the software, have the right to challenge Corel. If someone gives me that beta-test copy from Corel, I have automatically received a license under the GPL from Corel, and if Corel sues me, I can defend myself with the GPL in hand.
This point gives a lot more credibility to the people on slashdot who complain about Corel, because it is also their rights that are trampled, not only the authors' rights.
In short, all these people in the past few articles about Corel who say that Corel is in the right because it is "only a beta-test" are simply wrong. The GPL has no exceptions.
A) you'd have a self-contradicting license, as the GPL says that anyone is allowed to distribute it to Corel but must allow Corel to use and distribute it under the GPL, and your extra disclaimer says Corel can't use and distribute it. I don't think a such a poor license would stand much in court.
B) you couldn't use anybody elses GPL code in your program, because your license isn't compatible with the GPL. You'd be punishing yourself and your users a thousand times more than you're punishing Corel.
I think Corel's PR problem is big enough alread if they don't fix it soon (they want any OSS "expert" that is asked for an opinion about Corel's Linux version to deride it?) without people resorting to measures that hurt OSS more than anything else.
It's all nice to have Bruce Perens explain things here, but what I'm really interested in is what the FSF and their most vocal representative Richard Stallman thinks of this.
After all, they created the license that we're talking about, they have the lawyers who waterproofed the license, so they are the ones who can most authoritatively say wether Corel did or didn't technically violate the GPL, all other considerations (like what a nice cozy corporation Corel is to embrace Linux) aside.
This is an internal beta test. They simply don't want places like cheapbytes to start selling CD's to the unwashed masses...
They can want all they like, but they have to stick to the license they accepted by distributing GPL-derived software.
But geez, why is everybody suddenly such a Corel friend? They're just a big bozo software company that doesn't get open source! They deserve all the criticism that has been leveled at other companies like RedHat that do get the spirit of open source and that contribute to GPL software fairly and squarely.
The whole point of OSS is that any programmer can download it, use it, test it, fix bugs etc.
Now Corel is inventing the Cathedral Model of software development again. They're not getting it: they're just using Linux because it's popular, not of the philosophy behind it.
I'm sorry to say, but I don't believe after seeing this that Corel is going to be a benefit to the OSS community, people will probably be needing to correct them all the time.
That's nice of you to say as an uninformed anonymous Coward.
If you check one of the many faqs, on the Internet, such as
http://www.faqs.org/faqs/us-visa-faq/part3/
You'll find such answers as:
Q: Having H-1B visa with one company, can I work some where else also, like part time job ? A: [from Rajiv S. Khanna, skhanna@immigration.com] You will have to get another H visa for the second employers. Note, you can simultaneously hold more than one H visas.
Q: During the process of H-1B visa, suppose if I get a better job what happens ? A: [from Rajiv S. Khanna, skhanna@immigration.com] Apply for a new H-1B
Q: Should I wait for my H-1B approval before I join the new job? A: [this question is related to the previous question ] [from Rajiv S. Khanna, skhanna@immigration.com] You must wait to get the second H-1B approved. H1 visas are employer specific.
So while you have to obtain new H1 visa, you can do it while working for your old company; you don't have to leave the US.
I don't know anything about Texas Instruments, but I do think any company who tries to stop you from going to another employer by telling lies is "malicious".
I recently read a story which said that the above is what (malicious) employers tell their H1 workers, but it's just not true (according to that story); you are allowed to change jobs while on that visa.
Well because it is NSI's e-mail service and the account is your nic-handle, it looks more official than just another e-mail service.
And second, (I don't know how it is in the states these days) but a bank sending unwanted credit cards causes quite an outrage here in the Netherlands.
A big organization tried this with its members, trying to force the terms of the credit card company (with regards to abuse, etc.) on their members, and because of the outrage they had to change it such that those terms would only go into effect after the first authorized use of the credit card.
So yes, I agree with your c), it's just as bad as sending an unwanted credit card, and I think that's pretty bad.
Marc Andreessen is not just any exec, he's played an important role in the emergence of the web. Plus he used to be "one of us". The whole bussiness of AOL and Netscape is also intertwined with the future of the software project that really launched the "open source" moniker in the publics eye, Mozilla.
So I really think it is an interesting article and that Slashdot should continue brining us this kind of news!
It's hard to grasp for people with a black-and-white worldview, but which one is better depends on your point of view.
If you believe in the principles of the FSF, I think you'll agree with me that the GPL is better.
If you want to write software that anyone can use for any purpose including making it un-free, etc. wihtout you having to worry over it a bit, then the BSD is now your license of choice.
If you're a bad-ass software company waiting to rip off the work of a bunch of smart kids with too much time on their hands, selling it, keeping the modified source secret and claiming you wrote the software yourself, I suppose you'd prefer the BSD too.
Then there's the practical part. It seems to me that the open source projects that attract most people, are most dynamic and most successful (linux kernel, linux utilities, gnome, gcc, gimp, etc. etc. [see www.fsf.org]) are GPL-based.
You say "Doing so, he makes the free software world less free by denying me the right to freely call software what I want to call it,"
I think you're delusional. No one is denying any right to you. RMS thinks it is fair that you or anyone else give the GNU project credit for the work they put into making Linux a success. I think they couldn't be more right, and I think you're being childish for making it into a problem.
RMS didn't say he would force anyone to do it.
Somehow I think you have a problem with giving him credit for his work because you don't believe in his ideas. Now I think _that_ is being a hippocrite.
But I don't think you're correct. I believe that you can change an existing license, but if your rights as a licensee are diminished by a change and the license didn't explicitly allow for changes to it, you are not bound by any changes that diminish your rights.
With this change, I don't think anyone can argue that their rights were diminished (barred crazy judges) so this is effectively a change to the license.
Perhaps a real lawyer can give a more definitive word on this.
Hey, first RMS is lambasted for being too principled, or even alarmist, en then for being practical?
I guess he can't do no good at all for some people.
JPEG's a great format too, for some purposes. PNG is probably better for the kind of images on the FSF website.
The reasons they didn't use PNG as their primary format had nothing to do with any inherent badness of PNG, it's just a practical decision. JPEG's just as unencumbered as PNG.
I knew the theory, but I'd never seen it in practice. Pretty cool. I guess all the moderators ran out of points so I'll just add a reply, since this is about the most relevant message for this article.
The problem with STO, where the actual "algorithm" (any steps taken to create that part of your security) is secret, is that you don't know if it is secure. Because it is not, or hardly (only collegues) peer-reviewed, no one has told you if you made any obvious mistakes, and no one can assign an upper- and lowerbound to the difficulty of breaking your "algorithm".
The algorithm you describe where the admin assigns a different port to the HTTP server is not STO; it can be analyzed, and flaws can be found. (And a great many there are)
There are of course problems with these attempts to use a general concept, such as port numbers here, as a key in a secure protocol. Probably the biggest is that it is not seen as a secret. If Mr. CFO goes to the companies' secret website at port 6301, employee John Doe can walk in an spot the port number in the web browsers' location bar, because the web browser hadn't thought it was a secret.
Probably Mr. CFO is also an average user who doesn't completely grasp the fact that the URL is now an important secret, so he writes it down on a post-it note attached to his monitor.
The other problem is that "innocent" users, such as search engines, may also scan a whole lot of ports to find a webserver, so a) Mr. Sysadmin will get a lot of false alerts on his pager and b) the information will end up for all to see in some Big Search-engine's Database.
The same goes for Joe Hacker who may be detected but has still taken all the necessary information within 4 seconds.
That is not necessarily true. Using a One Time Pad and the low order bits in pictures, audio etc. is 100% provably secure.
It is also possible to exchange information during seemingly innocent cryptographic actions; it is possible to hide information in a DSA signature for example, and even if you look carefully it is impossible to prove that there is hidden information or not.
Only the simplest steganography methods only rely on STO.
Slashdot Mirror
My thoughts exactly. Sort of a GPL but for patents instead of copyrights.
What would you call it? Patent already means according to Merriam-Webster's:
4. affording free passage : UNOBSTRUCTED
6. archaic : ACCESSIBLE, EXPOSED
(In addition to the obvious meaning of protected invention)
So open-patents would be kind of a tautology, even though not in practice. I can't think of any snappy words like copy-left for a free-software patent license.
EjB
If he comes up with something that's really a breakthrough, it would be a very good idea of him to patent it, license it to everyone for free but with the condition that anyone who uses it cannot assert crypto patents against other parties.
Netscape does this with their SSL API patent (granted, their patent is IMHO questionable) but they grant an automatic royalty free license to everyone to implement or use the SSL/TLS protocols, on the condition that they assert none of their own patents against other parties for implementing the SSL/TLS specs.
EjB
This is of course the perfect encryption mechanism; no one on earth can crack it, only the satelite up in the sky, and who's taking care they get all the information that goes through it?
You guessed it: the government. And then ask yourself: do you trust them with it?
Quantum cryptography is great if you are in line of sight of the party you want to communicate with, and it may be a perfect way to communicate with your aunt on the mars colony; but the only other option is private high-grade fiber from every home to every home, and that's a hell of a lot of fiber. (I forgot to mention a big mirror-carrying satellite in the sky as another option, although I don't know enough quantum physics to know if it would still work after the photons are deflected)
By the way, although the article is interesting, it isn't new, you can also find out about quantum crypto in Bruce Schneier's Applied Cryptography, 2nd edition, pages 554-557.
EjB
It sounds good.
I'm still cautious about wether they understand that even if they use a portion of a GPL'ed program in a new program (instead of modifying a GPL'ed file), they're required to license it under the GPL.
But I think this is a good response of Corel within an appropriate timeframe.
I also think that seeing how many people disliked their earlier proposal must have convinced Corel that some action was necessary - Bruce may be a good talker, but it's very nice that he can back up his diplomatic skills with some weight in the form of looming bad publicity.
And Corel should be thankful, for being averted from commiting software piracy. (If big companies can use big words to describe innocent teenage behaviour, so can we to describe the behaviour of big companies that should know better).
But all in all, I think we got what we wanted, nobody got hurt, so yea, I guess that qualifies as "success"!
EjB
You buy a book as an employee of a company. Do you believe you have the right to make copies of the book and distribute them among your collegues? Of course not.
Software copyrights are no different from book copyrights. You are not allowed to copy a copyrighted computer program, even within your company, unless explicitly permitted by a "license" (which is the legal term for a contract giving you rights and restrictions over copyrighted works in your possession, but I'm sure a real lawyer could word this more carefully)
Now there's only one license to the Linux kernel and to most of the other software contained in the Debian distribution, and that's the General Public License, as written by the Free Software Foundation, otherwise known as the GPL.
That license first states: Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Now making a copy, wether it is within Corel between employees, or by a Corel employee and given to an outsider, such as a participant in the beta testing program is, as the word say, an act of copying.
When Corel makes a copy, they can only do that in accordance with the GPL. The GPL does not contain an exception for beta-testing or in-house distribution. It clearly says that if you make a copy, you must grant the recipients all rights in the GPL.
A quick summary:
Copying unmodified code:
You must keep intact all notices that refer to the GPL
Copying modified code:
You must cause the modified code to be licensed under the GPL without charge to all recipients. (Which means that all recipients have all rights defined in the GPL)
Copying executable form:
You must allow recipients full access to the source code and the source code must be licensed under the GPL.
Even more interesting is clause 6 from the GPL, which says that the recipient "automatically receives a license to copy, modify and distribute under the GPL".
This means that (and I have to insert a "probably" here) anyone, not only the authors of the software, have the right to challenge Corel. If someone gives me that beta-test copy from Corel, I have automatically received a license under the GPL from Corel, and if Corel sues me, I can defend myself with the GPL in hand.
This point gives a lot more credibility to the people on slashdot who complain about Corel, because it is also their rights that are trampled, not only the authors' rights.
In short, all these people in the past few articles about Corel who say that Corel is in the right because it is "only a beta-test" are simply wrong. The GPL has no exceptions.
EjB
That's a veeerrry bad idea.
A) you'd have a self-contradicting license, as the GPL says that anyone is allowed to distribute it to Corel but must allow Corel to use and distribute it under the GPL, and your extra disclaimer says Corel can't use and distribute it. I don't think a such a poor license would stand much in court.
B) you couldn't use anybody elses GPL code in your program, because your license isn't compatible with the GPL. You'd be punishing yourself and your users a thousand times more than you're punishing Corel.
I think Corel's PR problem is big enough alread if they don't fix it soon (they want any OSS "expert" that is asked for an opinion about Corel's Linux version to deride it?) without people resorting to measures that hurt OSS more than anything else.
EjB
It's all nice to have Bruce Perens explain things here, but what I'm really interested in is what the FSF and their most vocal representative Richard Stallman thinks of this.
After all, they created the license that we're talking about, they have the lawyers who waterproofed the license, so they are the ones who can most authoritatively say wether Corel did or didn't technically violate the GPL, all other considerations (like what a nice cozy corporation Corel is to embrace Linux) aside.
EjB
This is an internal beta test. They simply don't want places like cheapbytes to start selling CD's to the unwashed masses ...
They can want all they like, but they have to stick to the license they accepted by distributing GPL-derived software.
But geez, why is everybody suddenly such a Corel friend? They're just a big bozo software company that doesn't get open source! They deserve all the criticism that has been leveled at other companies like RedHat that do get the spirit of open source and that contribute to GPL software fairly and squarely.
EjB
The whole point of OSS is that any programmer can download it, use it, test it, fix bugs etc.
Now Corel is inventing the Cathedral Model of software development again. They're not getting it: they're just using Linux because it's popular, not of the philosophy behind it.
I'm sorry to say, but I don't believe after seeing this that Corel is going to be a benefit to the OSS community, people will probably be needing to correct them all the time.
That's nice of you to say as an uninformed anonymous Coward.
If you check one of the many faqs, on the Internet, such as
http://www.faqs.org/faqs/us-visa-faq/part3/
You'll find such answers as:
Q: Having H-1B visa with one company, can I work some where else also, like part time job ?
A: [from Rajiv S. Khanna, skhanna@immigration.com]
You will have to get another H visa for the second employers. Note, you can simultaneously hold more than one H visas.
Q: During the process of H-1B visa, suppose if I get a better job
what happens ?
A: [from Rajiv S. Khanna, skhanna@immigration.com]
Apply for a new H-1B
Q: Should I wait for my H-1B approval before I join the new job?
A: [this question is related to the previous question ]
[from Rajiv S. Khanna, skhanna@immigration.com]
You must wait to get the second H-1B approved. H1 visas are employer specific.
So while you have to obtain new H1 visa, you can do it while working for your old company; you don't have to leave the US.
I don't know anything about Texas Instruments, but I do think any company who tries to stop you from going to another employer by telling lies is "malicious".
I recently read a story which said that the above is what (malicious) employers tell their H1 workers, but it's just not true (according to that story); you are allowed to change jobs while on that visa.
EjB
Well because it is NSI's e-mail service and the account is your nic-handle, it looks more official than just another e-mail service.
And second, (I don't know how it is in the states these days) but a bank sending unwanted credit cards causes quite an outrage here in the Netherlands.
A big organization tried this with its members, trying to force the terms of the credit card company (with regards to abuse, etc.) on their members, and because of the outrage they had to change it such that those terms would only go into effect after the first authorized use of the credit card.
So yes, I agree with your c), it's just as bad as sending an unwanted credit card, and I think that's pretty bad.
EjB
Well, if linking to warez is illegal, we'll soon get quickly moving underground warez-links sitez and people will link to those.
Will they then get sued for linking to a site that links to a site that has warez?
Researchers showed that the Internet is 9 clicks wide, so pretty soon all the Internet will truely be illegal.
EjB
I believe the term "FreeNet" is trademarked; you have to pay a license fee (for the name and the software) to use it.
EjB
My my, what words, what words..
Marc Andreessen is not just any exec, he's played an important role in the emergence of the web.
Plus he used to be "one of us".
The whole bussiness of AOL and Netscape is also intertwined with the future of the software project that really launched the "open source" moniker in the publics eye, Mozilla.
So I really think it is an interesting article and that Slashdot should continue brining us this kind of news!
EJB
So you're actually having a problem with a big political power acting self-righteously just so they can feel important?
;-)
And you're a US citizen?
Can't be, right?
It's hard to grasp for people with a black-and-white worldview, but which one is better depends on your point of view.
If you believe in the principles of the FSF, I think you'll agree with me that the GPL is better.
If you want to write software that anyone can use for any purpose including making it un-free, etc. wihtout you having to worry over it a bit, then the BSD is now your license of choice.
If you're a bad-ass software company waiting to rip off the work of a bunch of smart kids with too much time on their hands, selling it, keeping the modified source secret and claiming you wrote the software yourself, I suppose you'd prefer the BSD too.
Then there's the practical part. It seems to me that the open source projects that attract most people, are most dynamic and most successful (linux kernel, linux utilities, gnome, gcc, gimp, etc. etc. [see www.fsf.org]) are GPL-based.
EJB
You say "Doing so, he makes the free software world less free by denying me the right to freely call software what I want to call it,"
I think you're delusional. No one is denying any right to you. RMS thinks it is fair that you or anyone else give the GNU project credit for the work they put into making Linux a success. I think they couldn't be more right, and I think you're being childish for making it into a problem.
RMS didn't say he would force anyone to do it.
Somehow I think you have a problem with giving him credit for his work because you don't believe in his ideas. Now I think _that_ is being a hippocrite.
EJB
IANAL (me-too)
But I don't think you're correct. I believe that you can change an existing license, but if your rights as a licensee are diminished by a change and the license didn't explicitly allow for changes to it, you are not bound by any changes that diminish your rights.
With this change, I don't think anyone can argue that their rights were diminished (barred crazy judges) so this is effectively a change to the license.
Perhaps a real lawyer can give a more definitive word on this.
EJB
Hey, first RMS is lambasted for being too principled, or even alarmist, en then for being practical?
I guess he can't do no good at all for some people.
JPEG's a great format too, for some purposes. PNG is probably better for the kind of images on the FSF website.
The reasons they didn't use PNG as their primary format had nothing to do with any inherent badness of PNG, it's just a practical decision. JPEG's just as unencumbered as PNG.
So just stop it.
EJB
I knew the theory, but I'd never seen it in practice. Pretty cool. I guess all the moderators ran out of points so I'll just add a reply, since this is about the most relevant message for this article.
EJB
I can see why Microsoft is interested, they got plenty of digital bugs to experiment with.
EJB
The problem with STO, where the actual "algorithm" (any steps taken to create that part of your security) is secret, is that you don't know if it is secure.
Because it is not, or hardly (only collegues) peer-reviewed, no one has told you if you made any obvious mistakes, and no one can assign an upper- and lowerbound to the difficulty of breaking your "algorithm".
The algorithm you describe where the admin assigns a different port to the HTTP server is not STO; it can be analyzed, and flaws can be found. (And a great many there are)
There are of course problems with these attempts to use a general concept, such as port numbers here, as a key in a secure protocol.
Probably the biggest is that it is not seen as a secret. If Mr. CFO goes to the companies' secret website at port 6301, employee John Doe can walk in an spot the port number in the web browsers' location bar, because the web browser hadn't thought it was a secret.
Probably Mr. CFO is also an average user who doesn't completely grasp the fact that the URL is now an important secret, so he writes it down on a post-it note attached to his monitor.
The other problem is that "innocent" users, such as search engines, may also scan a whole lot of ports to find a webserver, so a) Mr. Sysadmin will get a lot of false alerts on his pager and b) the information will end up for all to see in some Big Search-engine's Database.
The same goes for Joe Hacker who may be detected but has still taken all the necessary information within 4 seconds.
EJB
That is not necessarily true.
Using a One Time Pad and the low order bits in pictures, audio etc. is 100% provably secure.
It is also possible to exchange information during seemingly innocent cryptographic actions; it is possible to hide information in a DSA signature for example, and even if you look carefully it is impossible to prove that there is hidden information or not.
Only the simplest steganography methods only rely on STO.
EJB
They shouldn't let their AI's post on human-oriented forums.