My take was that he was saying that EVERYONE vulnerable should be notified in the most efficient way possible, but no one else really needs to know. I think that is the theoretical goal from his point of view. ie: if everyone in an apartment building has a security issue, you tell them. You do not post it on fliers in front of the building, or broadcast it to criminals.
That being said, he, and Microsoft, are acting INCREDIBLY ignorant with respec to the way people use computers. People do not maintain computers, by and large. Paid administrators do, but home users work on it until something works, and then do not touch it out of fear that it will become a time sink. Eventually a bug is found, and they get remote rooted.I am still being attacked by computers on my subnet that have had IIS rooted and do not know about it. And that was puslished MONTHS ago.
ANY operating system serving ports on the Internet has to be watched and maintained. Until Microsoft realizes this, and actively provides for it, their products will continue to be the least secure around.
I agree, when the bugs come around it's time to delve into the source. But wouldn't it be much easier to locate the problem if the author had properly commented each portion of his code?
People really want the IDEAL of good documentation. The reality is that documentation NEVER gets you all the way there, and you end up in the source anyway. In the case of non-open products, you end up doing even sillier things like object dumps of the link libraries trying to figure out why the documentation is different from the actual library.
Poor/Incomplete/Out of date documentation is the Achilles Heel of open source.
Not in the kernel, it is not.
Documentation as the Achilles heel is end-user documentation. Developer documentation is a poor poor substitute for the source. Any problem can be traced through the kernel calls, flow charted, etc. There is no problem there. The source is critical, documentation is just about making it a little easier.
For the end user though, you cannot have an expectation the user will ever read the source, so documentation becomes important. I think you can strongly argue the kernel documentation is utterly irrelevant to the end user, though. Quite whining and "Use the source"
I know there are some people out there who are annoyed that Linux is unable to read some Quicktime files out there. That's not Apple's fault at all, rather it is the fault of the compression format used. Most of the Quicktime files are compressed using the Sorenson codec, because of the superior quality and great compression it offers. The problem is that Sorenson holds the patent on the codec and they have only produced a decoder for Windows and MacOS. In order for Linux users to play those Quicktime movies which use the Sorenson codec, Sorenson would have to produce a Linux version of the decoder. There are a few programs out there that can play Quicktime movies, but only the movies that use codecs supported by Linux.
Sorenson has nothing to do with it. Apple has exclusive licensing rights for the codec. Steve Jobs would rather lose his left testicle than see a Sorenson codec for linux. Honestly - that is all there is to it. People from Apple have posted as much to Slashdot if you care to search the archives. Sorenson has responded as such to queries from the xanim developer.
The patent will not expire for more than a decade, so this one is going to stick. The only tractable solution is to bug every single person that uses the Sorenson codec to please use another codec - like Cinepak or Radius. Sorenson is a really nice codec, but the web was founded on open formats.
The main difference with a plane ticket is that it represents a Contract for future service (the plane trip). In many cases, unless neted at time of sale, you may get a refund on the ticket if you do not agree to its terms of use.
In fact, you can nearly always get a refund, however, the amount of money refunded changes with the date. There are other restrictions too - and these are legal even though you cannot read the contract at the time of sale.
I was merely pointing out that just because you cannot read it at the time of sale does not invalidate a contract. However, as has been noted in the case of an EULA, you possess the software for life. It does not expire, and you can use it as much as you want. These are not terms consistent with contracts for service, and make the EULA:contract analogy sort of like calling a duck a goose.
It quacks like a duck, walks like a duck, but Microsoft says it is really a goose. That is what the judge is basically saying too. The sale of the Adobe software meets all normal criteria for copyrighted sales, except that one party claims it is a contract for service instead. It is not a goose, it is a duck.
it can be frustrating being right, all journaling really seems to do is attempt to fix the problems ext2fs has by laying another piece of code on top of it, instead of fixing the primary problem, that is that ext2 is broken as far as the BSD hackers are concerned.
Journalling is one solution to the problem, and soft updates is another. Each is worthwhile within its own contexts.
A solution analogous to soft updates is coming with the tux2 file system from Daniel Phillips, which uses ordered writes to ensure the integrity of a file system, as soft updates does. BTW, I'd find it REALLY interesting if a BSD filesystem hacker ACTUALLY said ext3 was broken because it used journalling and not ordered writes. I think you are just creating controversy where none exists.
Journalling keeps a near synchronous log of inconsistencies between the file system on disk and the one in the VM. This allows crashes to be reconstructed to a consistent state. Soft updates simply groups the inconsistencies and writes them in a particular order that ensures the consistent state can be restored after a crash. Each is faster under sets of circumstances, each can be slower under others. Linux will have both fairly soon. I personally think ordered writes is a more elegant solution, but either seems to solve the problem reasonably.
Since the EULA is neither presented nor signed at the time of purchase, it doesn't have bearing on the transaction.
This is not truly relevant, and there are legal counter-examples already. For example, you buy a plane ticket. Now, that ticket comes with a whole bunch of restrictions written on the back that you could not access in detail at the point of purchase. Yet you are bound by them nonetheless.
Case law on EULAs is still a little muddled, but at least one synopsis page is up at Dan Bernstein's site
in my mind, the eventual disposition of the IP rights depend on where the funding for the research came from.
So academic research department should be little more than extensions of whoever is buying their time ?
I am quite sorry, but that is far far far from the current state of affairs. If Bill Gates wants to fund something and own the IP, he can do that in house. He can hire consultants to do it. But he cannot hire a university professor to do it on university time. And it should come as no surprise that the rules are no different when it comes to government funding.
Universities OWN all licensing rights to IP generated within them. Sometimes companies have some limited rights of first refusal to license IP from universities.
The question should be rephrased as it is not the researchers against the funding source - but rather against the university. IP rights provide money to maintain the infrastructure that allowed the professor to conduct his research. Shouldn't it be the role of the researcher to establish the IP and let the university deal with it ? Now, if the university wants to open source something they already have exclusive licensing rights to, that is their decision.
Money does not buy you IP generated at universities. Money should guarantee the research gets done - and that is the ONLY reward for the funding source.
It has been known for some time that the earliest stages of dreaming can be strongly influenced by sensory input just before going to sleep. Whereas you cannot predict exactly what will be in the dream, it is fairly certain some of it will relate to what was happening just before you fall asleep. This is not as true of dreams later in the evening.
There is a nice trio of reviews of theories of sleep and dreaming in the latest issue of Science.
Your statements about transfer of license and archival backups is not strictly true.
Yes, under straight copyright law, they are true.
However..... there is such thing as a 'contract'. Now.. I'm not talking about stupid 'click-wrap' agreements.. I'm talking about real contracts, usually the result of some negotiation.
In Germany, for example, you can transfer things like Microsoft Operating Systems to other people. Even the EULA cannot take away this right. I am aware of ZERO cases in which the right to make archival backups of the software is not allowed.
I think it would be a HUGE step forward if contracts were not allowed to supercede rights awarded through copyright. Think about it - an author of a book does not prevent you from making archival copies, or from transferring your copyright (and all archivals) - or even charging a fee for it.
The software producers are principally interested in controlling as much of their market as possible - in order to maximize profits. No one would ever license a book that had to be relicensed every year in order to keep it working - yet many people are happy to do that to use Microsoft's software (not just them - DEC (now Compaq) is horrible this way).
This is just a broken market. It needs fixing from someone with some perspective and whose wallet has not been recently fattened by Microsoft or Disney - the corporations working hard to weaken US copyright law.
Re:By your silly definition, Mr. Editor,
on
Freedom or Power?
·
· Score: 5, Insightful
However. If I write software, with my time, and my effort, then nobody is going to tell ME under what terms I may let someone else use it. Period.
But copyright law already does that. If you let anyone use your software, they CAN make archival backups. They CAN transfer the copyright and all archival materials to someone else. They CAN implement ANY idea embodied by the work and use it as their own intellectual property. The only thing you have control over is the specific expression you use.
Whereas I agree that posturing over whether one thing or another is freedom or power is semantic and will NOT lead to a logical conclusion to the argument, I am almost completely unconvinced that copyright law as it currently applies to software is appropriate. It can be redefined however the government sees fit - its purpose, after all, is to encourage people to create works for limited time protection, so that public domain eventually becomes quite rich in intellectual property.
Currently many people are finding it less costly in the long run to create new operating systems instead of using those commercially available. That alone tells you we have had a near complete failure of the laws on software IP. It is long past due for a change.
Microsoft's general strategy is not to infiltrate and wage legal battles. Their corporate responsiveness is VERY different. They HATE lawsuits. IF someone threatens them with a patent, they buy it. If someone threatens them with a software program, they buy it (Citrix and NT-trigue software comes immediately to mind).
When that fails, they move to plan B. Look like the enemy, make a product just like it, and market the crap out of it.
Windows - made to look like MacOS.
Word - made to look like WordPerfect.
IE - made to look like Netscape.
The list goes on and on. In each case Microsoft tries their best to look like the competition. Sure, the functionality of their software sucks at first, but it gets better pretty fast. And their marketing is top notch.
This is how my comment is relevant. Microsoft is not a company that will try to infiltrate - the ensuing PR battle will likely do more harm than good. No - they try to look like the opposition. In this case, they will try to look like a support company because they will sell periodic upgrades as their "new" business model.
What I was considering is that this might be a back door tactic that somebody like Microsoft could use. If they could get people to infest the kernel with copyrighted and patented code it could really hose up the works it seems.
No, the world is moving in an altogether direction. Support. Microsoft is now selling subscriptions. They will sell this as comparable, but value added, compared to linux.
To whit: if you get linux, you have to maintain it, and periodically upgrade it. This costs money. To get MSFT Windows, you need to purchase it, and pay subscription costs.
Microsoft will be VERY convincing to CTOs that their model will end up saving the corporations money because of "hidden" support costs. This is Microsoft's big counter for linux being free. They pose as providing the thing that does cost money in linux - expertise and updating. This is a very intelligent business counter to Free Software. After all - this is M$ - and they do not bank a BILLION dollars in profit per month because they make dumb business decisions.
Why does it seem like all the responses to this are full of hot air ?
Some journalling filesystems exist because there are UNIX companies with expertise in them that support them, like XFS and JFS.
Some journalling filesystems are a natural migration for most linux users - like ext3.
And some people want to re-invent filesystems en todo like Hans Reiser, and a good journalled filesystem is just the first stop.
More than one is just "value added". They all work. They are all secure and stable. Some are faster than others - but XFS, ReiserFS and ext3 are all "fast enough" for almost any uses.
The parent echos a common complaint about Free Software - that developer resources are not dedicated appropriately. Well, developers work on what they want, or what they are paid to work on. This often leads to multiple efforts that accomplish similar goals - like window managers, desktop environments, word processors, journalled filesystems, VM management etc. But ultimately competition is good if intelligent test results are publicized.
Look at the Mindcraft web server benchmark results about 18 months ago. Now, linux blows the doors off IIS in the exact same test. The same is becoming true of filesystems. Test results show ext2/3 is slow with lots of small files - so a developer named Daniel Phillips added a directory hash that fixes this shortcoming.
This is not true. Under linux, mozilla, konqueror, w3m, and lynx are blocked.
This is a classic M$ move. I do not know their mentality, but there are several possible reasons.
1) They think the browser war is over, and they are doing this to nudge IE users to upgrade.
2).NET or some other future plan of theirs will require the capabilities of their most recent IE.
3) They are trying to finish the browser war.This one seems least likely to me. The war has been over for a long time.
4) They are getting flak from developers that use M$ tools for creating web sites because users of Mozilla or Netscape cannot view them properly. This helps THEIR developers.
The majority of the "real world" tests I have seen show that IF ext2 or ext3 has a deficit compared to XFS or ReiserFS, it is a REALLY small deficit.
People will say XFS scales better, but ext2/ext3 is limited in scalability only by the VFS layer which also limits XFS.
About the only real deficit with ext2/ext3 is lots of small files in one directory, but there is a directory hash patch from Daniel Phillips that fixes that - and will be included in 2.5.
The reality is that for the vast majority of users it will not make a difference which journalled file system they use. And if you have an application that depends heavily on the file system, bench your application on the different file systems. You will get an answer specific to you - and that is what matters to you.
Backup tools, which have little to do with performance, can also be important. Variants of dump exist for xfs and ext2/ext3, but not ReiserFS. Tar works for all of them.
Re:The Emacs Zen...
on
GNU Emacs 21
·
· Score: 3, Informative
Disclaimer: I dislike emacs.
"Why should I use Emacs when I have a much nicer looking application that is more user friendly?"
That depends. There are a LOT of text editors including nEdit, gedit, kedit, jed, joe, pico, [ng]vi[m]. Only emacs embeds other functionality within its own lisp code instead of providing text editing functionality to other programs using stdin and stdout - the UNIX way.
You should *really* spend some time on Emacs. There is an *amazing* Zen type of relationship that you start to appreciate after about 2 weeks of using it.
I used it for YEARS.
You also should drop your prejudice of lisp (keep an open mind for about 2 weeks). Lisp and schema are *great* languages. I just wish Emacs Lisp were clooser to common lisp or scheme. Fair enough. As a text editor user, I don't want to write ANY code. And if I were, I would certainly prefer not to use lisp, elisp, or scheme.
Ever need to parse or rework a file with 1000 lines? No problem. Just write a 10 line elisp script that does it for you with regexp. This took you maybe 5 minutes and saved you hours of work! yay emacs! This is classic emacs mentality. If you just LEARN the emacs way, you can use emacs for everything. Well, I bet if you can do it in 10 lines with elisp I can do it in one in the shell with small utilities like sed, awk, grep, and sort.
Why should emacs do everything ? It is absolutely crappy at everything except text editing. It is a fairly bad mail reader, a fairly bad news reader, and a HORRIBLE environment for writing functions to manipulate text. It is great for writing code or TeX though.
This is silly. Most exploits are damaging to the target systems
You are not living in reality. Exploit code published on security websites NEVER damages the system beyond that which is required to demonstrate the exploit - and does this with the full disclaimer that it is going to demonstrate the exploit. It doesn't get any simpler than that.
2) The source code should demonstrate the exact nature of the problem for the coders who wish to fix it. They would otherwise need to write their own exploit to test their fixes.
In the context of the current argument (e.g. Microsoft and bugs/exploits), this is an invalid point. Microsoft do not release source code, and thus you cannot patch their systems.
The exploit code would help people at Microsoft understand the exploit fully, and thus help them fix it. Somehow you completely misread the claim I made.
Microsoft is flogged every second of every day in a lot more channels than you can imagine. I don't think they really need any more pressure to fix things. They are fully aware that they write imperfect software (just like the rest of the world).
Microsoft spends BILLIONS each year marketing themselves as secure, good for business, blah blah blah. If they can't handle the heat from security websites doing the same thing to Microsoft that they have been doing to Unix for years, they are in real trouble.
The REAL reason Microsoft went to all this trouble was to save face. They think that this measure will decrease the necessity of having timely patched systems, and improve their image wrt security. They should start playing ball and make it EASIER to keep a system secure, and BERATE their users into applying security patches BEFORE bugs turn into compromised systems.
Plain and simple, they are targeted by disgruntled *nix using kids who don't even know why they hate m$. it's just what every other *nix kid does. M$ are pissed off because *nix kids are more tech savvy than M$ kids. Most m$ kids wouldn't have a clue how to compile an exploit script, whereas the *nix kids can, hence M$ get targetted more than *nix.
You are completely misunderstanding the mentality of the thief. The thief steals because it is easy. If it is easier to steal somewhere else, the thief will go there.
All Unix people know this VERY well. Unix exploits are nothing new, and script kiddies have been exploiting whatever is available for years. Now, there is a change - Microsoft machines with open ports. They are EASY to break into. Their admins are not watching, the machines are set up INSECURE by default, and there are plenty of exploits to go around.
There are not disgruntled Unix kids turning to Microsoft for exploits. There are thieves exploiting whatever is easiest to exploit.
The CodeRed bugs have not been fixed yet on millions of machines worldwide - and this exploit was publicized worldwide by the press. Microsoft is not taking action. It is THEIR fault.
For the argument that "it encourages faster patches", I have no problem with security experts blackmailing MS by saying "release a patch within a few days or I release the code!" But the current assumption that the problem is fixed as soon as a patch is released does far more harm than good. Yes, they are fully within their rights to release the code, but does it do any good besides making them feel righteous?
This is common courtesy in security today. People who find exploits tell the software maker first, and no one else. If the software maker responds with a fast patch, the exploit is published along with a note about the patch.
However, it is often the case that Microsoft doesn't come up with a prompt patch. Then, there is a real ethical dilemma. If I publish the exploit, I let the users of the software know they are not safe. They have the option to take action and avoid being compromised. Or, I can sit on my hands and allow everyone to be unsafe and NOT know about it.
Obviously there are lots of ways this could go, but I feel a LOT better letting people who care about their boxes protect them, and people who do not care about their boxes can get rooted and learn what being a server on the Internet is all about.
If we make publishing exploits illegal, only outlaws will publish exploits.
What gains are there to be had by having the source displayed all over the web?
1) The source display should allow any administrator to verify if he is vulnerable, and, after patching, that he is no longer vulnerable.
2) The source code should demonstrate the exact nature of the problem for the coders who wish to fix it. They would otherwise need to write their own exploit to test their fixes.
3) The source code should apply pressure to the software maker. It is akin to being flogged in public. The whole world knows you are vulnerable, and you ought to fix it.
4) The source code of the exploit should make the exploit obvious but not damage the system.
Source code exploits will ALWAYS be published in places where some crackers can get them. The challenge is designing an updating system that allows all users to apply patches in a timely fashion. I think Debian is actually closest on this one.
Microsoft is really going to get nowhere on this one. I've read accounts of people who send exploits to Microsoft in secrecy, and then HAVE to publish the code so that Microsoft is forced to fix the problem. If it doesn't impact Microsoft's marketing, Microsoft doesn't care.
The other issue that relates to this one is secure as possible by default. This principle applies to all Internet usage of computers. Yet Microsoft blatantly violated it in the following: Office Macros, email attachments, NT/Windows 2000 Server config (running IIS by default), Hotmail...
Patents protect an invention. It does not matter if you think of the same invention independently - you still need permission from the patent holder. That is how patents work.
Copyright protects expression, so if you can implement a method described in a copyrighted work without using the expression, it is legal. This is an appropriate interpretation for most software reverse engineering. If you do not use the source, you are always fine.
Re:OSS Test Harnesses? OSS Test Suites?
on
Kernel 2.4.12 Released
·
· Score: 3, Informative
Stanford already has a test suite for linux kernels, and it fixes hundreds of bugs that Alan Cox incorporates and passes along.
Re:Subscriptions
on
LWN in Trouble
·
· Score: 3, Interesting
Just a quick glance at the discussion list showed a good number of posters suggesting a subscription. Though it seems obvious, just pay for the product, subscriptions also offer another benefit: Payment in advance. This will ensure a steady stream of cash for production of the magazine.
Few people think it could or would work that way. Most people will go somewhere else if a subscription model is used.
The most obvious solution is for someone who would benefit from a solid linux news site like lwn to pick it up. IBM could fund it. Or HP. Or VA linux. Or Red Hat. Or some combination of them. Their expenses basically mean paying four people full-time.
Unfortunately, it is more likely they will be going under. I wonder what will happen to/. when the same thing happens to VA Linux in another year?
Slashdot Mirror
I read that a little differently.
My take was that he was saying that EVERYONE vulnerable should be notified in the most efficient way possible, but no one else really needs to know. I think that is the theoretical goal from his point of view. ie: if everyone in an apartment building has a security issue, you tell them. You do not post it on fliers in front of the building, or broadcast it to criminals.
That being said, he, and Microsoft, are acting INCREDIBLY ignorant with respec to the way people use computers. People do not maintain computers, by and large. Paid administrators do, but home users work on it until something works, and then do not touch it out of fear that it will become a time sink. Eventually a bug is found, and they get remote rooted.I am still being attacked by computers on my subnet that have had IIS rooted and do not know about it. And that was puslished MONTHS ago.
ANY operating system serving ports on the Internet has to be watched and maintained. Until Microsoft realizes this, and actively provides for it, their products will continue to be the least secure around.
I agree, when the bugs come around it's time to delve into the source. But wouldn't it be much easier to locate the problem if the author had properly commented each portion of his code?
People really want the IDEAL of good documentation. The reality is that documentation NEVER gets you all the way there, and you end up in the source anyway. In the case of non-open products, you end up doing even sillier things like object dumps of the link libraries trying to figure out why the documentation is different from the actual library.
Poor/Incomplete/Out of date documentation is the Achilles Heel of open source.
Not in the kernel, it is not.
Documentation as the Achilles heel is end-user documentation. Developer documentation is a poor poor substitute for the source. Any problem can be traced through the kernel calls, flow charted, etc. There is no problem there. The source is critical, documentation is just about making it a little easier.
For the end user though, you cannot have an expectation the user will ever read the source, so documentation becomes important. I think you can strongly argue the kernel documentation is utterly irrelevant to the end user, though. Quite whining and "Use the source"
The old asteroids arcade games are programmed X-Y scopes. Buy one, rip out the XY-Scope, and you are in business.
I know there are some people out there who are annoyed that Linux is unable to read some Quicktime files out there. That's not Apple's fault at all, rather it is the fault of the compression format used. Most of the Quicktime files are compressed using the Sorenson codec, because of the superior quality and great compression it offers. The problem is that Sorenson holds the patent on the codec and they have only produced a decoder for Windows and MacOS. In order for Linux users to play those Quicktime movies which use the Sorenson codec, Sorenson would have to produce a Linux version of the decoder. There are a few programs out there that can play Quicktime movies, but only the movies that use codecs supported by Linux.
Sorenson has nothing to do with it. Apple has exclusive licensing rights for the codec. Steve Jobs would rather lose his left testicle than see a Sorenson codec for linux. Honestly - that is all there is to it. People from Apple have posted as much to Slashdot if you care to search the archives. Sorenson has responded as such to queries from the xanim developer.
The patent will not expire for more than a decade, so this one is going to stick. The only tractable solution is to bug every single person that uses the Sorenson codec to please use another codec - like Cinepak or Radius. Sorenson is a really nice codec, but the web was founded on open formats.
The DMCA section 512 guarantees protection if you do NOT alter the contents of the users posts. See
The DMCA section 512
The main difference with a plane ticket is that it represents a Contract for future service (the plane trip). In many cases, unless neted at time of sale, you may get a refund on the ticket if you do not agree to its terms of use.
In fact, you can nearly always get a refund, however, the amount of money refunded changes with the date. There are other restrictions too - and these are legal even though you cannot read the contract at the time of sale.
I was merely pointing out that just because you cannot read it at the time of sale does not invalidate a contract. However, as has been noted in the case of an EULA, you possess the software for life. It does not expire, and you can use it as much as you want. These are not terms consistent with contracts for service, and make the EULA:contract analogy sort of like calling a duck a goose.
It quacks like a duck, walks like a duck, but Microsoft says it is really a goose. That is what the judge is basically saying too. The sale of the Adobe software meets all normal criteria for copyrighted sales, except that one party claims it is a contract for service instead. It is not a goose, it is a duck.
it can be frustrating being right, all journaling really seems to do is attempt to fix the problems ext2fs has by laying another piece of code on top of it, instead of fixing the primary problem, that is that ext2 is broken as far as the BSD hackers are concerned.
Journalling is one solution to the problem, and soft updates is another. Each is worthwhile within its own contexts.
A solution analogous to soft updates is coming with the tux2 file system from Daniel Phillips, which uses ordered writes to ensure the integrity of a file system, as soft updates does. BTW, I'd find it REALLY interesting if a BSD filesystem hacker ACTUALLY said ext3 was broken because it used journalling and not ordered writes. I think you are just creating controversy where none exists.
Journalling keeps a near synchronous log of inconsistencies between the file system on disk and the one in the VM. This allows crashes to be reconstructed to a consistent state. Soft updates simply groups the inconsistencies and writes them in a particular order that ensures the consistent state can be restored after a crash. Each is faster under sets of circumstances, each can be slower under others. Linux will have both fairly soon. I personally think ordered writes is a more elegant solution, but either seems to solve the problem reasonably.
Since the EULA is neither presented nor signed at the time of purchase, it doesn't have bearing on the transaction.
This is not truly relevant, and there are legal counter-examples already. For example, you buy a plane ticket. Now, that ticket comes with a whole bunch of restrictions written on the back that you could not access in detail at the point of purchase. Yet you are bound by them nonetheless.
Case law on EULAs is still a little muddled, but at least one synopsis page is up at Dan Bernstein's site
in my mind, the eventual disposition of the IP rights depend on where the funding for the research came from.
So academic research department should be little more than extensions of whoever is buying their time ?
I am quite sorry, but that is far far far from the current state of affairs. If Bill Gates wants to fund something and own the IP, he can do that in house. He can hire consultants to do it. But he cannot hire a university professor to do it on university time. And it should come as no surprise that the rules are no different when it comes to government funding.
Universities OWN all licensing rights to IP generated within them. Sometimes companies have some limited rights of first refusal to license IP from universities.
The question should be rephrased as it is not the researchers against the funding source - but rather against the university. IP rights provide money to maintain the infrastructure that allowed the professor to conduct his research. Shouldn't it be the role of the researcher to establish the IP and let the university deal with it ? Now, if the university wants to open source something they already have exclusive licensing rights to, that is their decision.
Money does not buy you IP generated at universities. Money should guarantee the research gets done - and that is the ONLY reward for the funding source.
It has been known for some time that the earliest stages of dreaming can be strongly influenced by sensory input just before going to sleep. Whereas you cannot predict exactly what will be in the dream, it is fairly certain some of it will relate to what was happening just before you fall asleep. This is not as true of dreams later in the evening.
There is a nice trio of reviews of theories of sleep and dreaming in the latest issue of Science.
Your statements about transfer of license and archival backups is not strictly true.
Yes, under straight copyright law, they are true.
However..... there is such thing as a 'contract'. Now.. I'm not talking about stupid 'click-wrap' agreements.. I'm talking about real contracts, usually the result of some negotiation.
In Germany, for example, you can transfer things like Microsoft Operating Systems to other people. Even the EULA cannot take away this right. I am aware of ZERO cases in which the right to make archival backups of the software is not allowed.
I think it would be a HUGE step forward if contracts were not allowed to supercede rights awarded through copyright. Think about it - an author of a book does not prevent you from making archival copies, or from transferring your copyright (and all archivals) - or even charging a fee for it.
The software producers are principally interested in controlling as much of their market as possible - in order to maximize profits. No one would ever license a book that had to be relicensed every year in order to keep it working - yet many people are happy to do that to use Microsoft's software (not just them - DEC (now Compaq) is horrible this way).
This is just a broken market. It needs fixing from someone with some perspective and whose wallet has not been recently fattened by Microsoft or Disney - the corporations working hard to weaken US copyright law.
However. If I write software, with my time, and my effort, then nobody is going to tell ME under what terms I may let someone else use it. Period.
But copyright law already does that. If you let anyone use your software, they CAN make archival backups. They CAN transfer the copyright and all archival materials to someone else. They CAN implement ANY idea embodied by the work and use it as their own intellectual property. The only thing you have control over is the specific expression you use.
Whereas I agree that posturing over whether one thing or another is freedom or power is semantic and will NOT lead to a logical conclusion to the argument, I am almost completely unconvinced that copyright law as it currently applies to software is appropriate. It can be redefined however the government sees fit - its purpose, after all, is to encourage people to create works for limited time protection, so that public domain eventually becomes quite rich in intellectual property.
Currently many people are finding it less costly in the long run to create new operating systems instead of using those commercially available. That alone tells you we have had a near complete failure of the laws on software IP. It is long past due for a change.
Microsoft's general strategy is not to infiltrate and wage legal battles. Their corporate responsiveness is VERY different. They HATE lawsuits. IF someone threatens them with a patent, they buy it. If someone threatens them with a software program, they buy it (Citrix and NT-trigue software comes immediately to mind).
When that fails, they move to plan B. Look like the enemy, make a product just like it, and market the crap out of it.
Windows - made to look like MacOS.
Word - made to look like WordPerfect.
IE - made to look like Netscape.
The list goes on and on. In each case Microsoft tries their best to look like the competition. Sure, the functionality of their software sucks at first, but it gets better pretty fast. And their marketing is top notch.
This is how my comment is relevant. Microsoft is not a company that will try to infiltrate - the ensuing PR battle will likely do more harm than good. No - they try to look like the opposition. In this case, they will try to look like a support company because they will sell periodic upgrades as their "new" business model.
What I was considering is that this might be a back door tactic that somebody like Microsoft could use. If they could get people to infest the kernel with copyrighted and patented code it could really hose up the works it seems.
No, the world is moving in an altogether direction. Support. Microsoft is now selling subscriptions. They will sell this as comparable, but value added, compared to linux.
To whit: if you get linux, you have to maintain it, and periodically upgrade it. This costs money. To get MSFT Windows, you need to purchase it, and pay subscription costs.
Microsoft will be VERY convincing to CTOs that their model will end up saving the corporations money because of "hidden" support costs. This is Microsoft's big counter for linux being free. They pose as providing the thing that does cost money in linux - expertise and updating. This is a very intelligent business counter to Free Software. After all - this is M$ - and they do not bank a BILLION dollars in profit per month because they make dumb business decisions.
Why does it seem like all the responses to this are full of hot air ?
Some journalling filesystems exist because there are UNIX companies with expertise in them that support them, like XFS and JFS.
Some journalling filesystems are a natural migration for most linux users - like ext3.
And some people want to re-invent filesystems en todo like Hans Reiser, and a good journalled filesystem is just the first stop.
More than one is just "value added". They all work. They are all secure and stable. Some are faster than others - but XFS, ReiserFS and ext3 are all "fast enough" for almost any uses.
The parent echos a common complaint about Free Software - that developer resources are not dedicated appropriately. Well, developers work on what they want, or what they are paid to work on. This often leads to multiple efforts that accomplish similar goals - like window managers, desktop environments, word processors, journalled filesystems, VM management etc. But ultimately competition is good if intelligent test results are publicized.
Look at the Mindcraft web server benchmark results about 18 months ago. Now, linux blows the doors off IIS in the exact same test. The same is becoming true of filesystems. Test results show ext2/3 is slow with lots of small files - so a developer named Daniel Phillips added a directory hash that fixes this shortcoming.
This is not true. Under linux, mozilla, konqueror, w3m, and lynx are blocked.
.NET or some other future plan of theirs will require the capabilities of their most recent IE.
This is a classic M$ move. I do not know their mentality, but there are several possible reasons.
1) They think the browser war is over, and they are doing this to nudge IE users to upgrade.
2)
3) They are trying to finish the browser war.This one seems least likely to me. The war has been over for a long time.
4) They are getting flak from developers that use M$ tools for creating web sites because users of Mozilla or Netscape cannot view them properly. This helps THEIR developers.
The majority of the "real world" tests I have seen show that IF ext2 or ext3 has a deficit compared to XFS or ReiserFS, it is a REALLY small deficit.
People will say XFS scales better, but ext2/ext3 is limited in scalability only by the VFS layer which also limits XFS.
About the only real deficit with ext2/ext3 is lots of small files in one directory, but there is a directory hash patch from Daniel Phillips that fixes that - and will be included in 2.5.
The reality is that for the vast majority of users it will not make a difference which journalled file system they use. And if you have an application that depends heavily on the file system, bench your application on the different file systems. You will get an answer specific to you - and that is what matters to you.
Backup tools, which have little to do with performance, can also be important. Variants of dump exist for xfs and ext2/ext3, but not ReiserFS. Tar works for all of them.
Disclaimer: I dislike emacs.
"Why should I use Emacs when I have a much nicer looking application that is more user friendly?"
That depends. There are a LOT of text editors including nEdit, gedit, kedit, jed, joe, pico, [ng]vi[m]. Only emacs embeds other functionality within its own lisp code instead of providing text editing functionality to other programs using stdin and stdout - the UNIX way.
You should *really* spend some time on Emacs. There is an *amazing* Zen type of relationship that you start to appreciate after about 2 weeks of using it.
I used it for YEARS.
You also should drop your prejudice of lisp (keep an open mind for about 2 weeks). Lisp and schema are *great* languages. I just wish Emacs Lisp were clooser to common lisp or scheme.
Fair enough. As a text editor user, I don't want to write ANY code. And if I were, I would certainly prefer not to use lisp, elisp, or scheme.
Ever need to parse or rework a file with 1000 lines? No problem. Just write a 10 line elisp script that does it for you with regexp. This took you maybe 5 minutes and saved you hours of work! yay emacs!
This is classic emacs mentality. If you just LEARN the emacs way, you can use emacs for everything. Well, I bet if you can do it in 10 lines with elisp I can do it in one in the shell with small utilities like sed, awk, grep, and sort.
Why should emacs do everything ? It is absolutely crappy at everything except text editing. It is a fairly bad mail reader, a fairly bad news reader, and a HORRIBLE environment for writing functions to manipulate text. It is great for writing code or TeX though.
This will reduce karma !
This is silly. Most exploits are damaging to the target systems
You are not living in reality. Exploit code published on security websites NEVER damages the system beyond that which is required to demonstrate the exploit - and does this with the full disclaimer that it is going to demonstrate the exploit. It doesn't get any simpler than that.
2) The source code should demonstrate the exact nature of the problem for the coders who wish to fix it. They would otherwise need to write their own exploit to test their fixes.
In the context of the current argument (e.g. Microsoft and bugs/exploits), this is an invalid point. Microsoft do not release source code, and thus you cannot patch their systems.
The exploit code would help people at Microsoft understand the exploit fully, and thus help them fix it. Somehow you completely misread the claim I made.
Microsoft is flogged every second of every day in a lot more channels than you can imagine. I don't think they really need any more pressure to fix things. They are fully aware that they write imperfect software (just like the rest of the world).
Microsoft spends BILLIONS each year marketing themselves as secure, good for business, blah blah blah. If they can't handle the heat from security websites doing the same thing to Microsoft that they have been doing to Unix for years, they are in real trouble.
The REAL reason Microsoft went to all this trouble was to save face. They think that this measure will decrease the necessity of having timely patched systems, and improve their image wrt security. They should start playing ball and make it EASIER to keep a system secure, and BERATE their users into applying security patches BEFORE bugs turn into compromised systems.
Plain and simple, they are targeted by disgruntled *nix using kids who don't even know why they hate m$. it's just what every other *nix kid does. M$ are pissed off because *nix kids are more tech savvy than M$ kids. Most m$ kids wouldn't have a clue how to compile an exploit script, whereas the *nix kids can, hence M$ get targetted more than *nix.
You are completely misunderstanding the mentality of the thief. The thief steals because it is easy. If it is easier to steal somewhere else, the thief will go there.
All Unix people know this VERY well. Unix exploits are nothing new, and script kiddies have been exploiting whatever is available for years. Now, there is a change - Microsoft machines with open ports. They are EASY to break into. Their admins are not watching, the machines are set up INSECURE by default, and there are plenty of exploits to go around.
There are not disgruntled Unix kids turning to Microsoft for exploits. There are thieves exploiting whatever is easiest to exploit.
The CodeRed bugs have not been fixed yet on millions of machines worldwide - and this exploit was publicized worldwide by the press. Microsoft is not taking action. It is THEIR fault.
For the argument that "it encourages faster patches", I have no problem with security experts blackmailing MS by saying "release a patch within a few days or I release the code!" But the current assumption that the problem is fixed as soon as a patch is released does far more harm than good. Yes, they are fully within their rights to release the code, but does it do any good besides making them feel righteous?
This is common courtesy in security today. People who find exploits tell the software maker first, and no one else. If the software maker responds with a fast patch, the exploit is published along with a note about the patch.
However, it is often the case that Microsoft doesn't come up with a prompt patch. Then, there is a real ethical dilemma. If I publish the exploit, I let the users of the software know they are not safe. They have the option to take action and avoid being compromised. Or, I can sit on my hands and allow everyone to be unsafe and NOT know about it.
Obviously there are lots of ways this could go, but I feel a LOT better letting people who care about their boxes protect them, and people who do not care about their boxes can get rooted and learn what being a server on the Internet is all about.
If we make publishing exploits illegal, only outlaws will publish exploits.
What gains are there to be had by having the source displayed all over the web?
1) The source display should allow any administrator to verify if he is vulnerable, and, after patching, that he is no longer vulnerable.
2) The source code should demonstrate the exact nature of the problem for the coders who wish to fix it. They would otherwise need to write their own exploit to test their fixes.
3) The source code should apply pressure to the software maker. It is akin to being flogged in public. The whole world knows you are vulnerable, and you ought to fix it.
4) The source code of the exploit should make the exploit obvious but not damage the system.
Source code exploits will ALWAYS be published in places where some crackers can get them. The challenge is designing an updating system that allows all users to apply patches in a timely fashion. I think Debian is actually closest on this one.
Microsoft is really going to get nowhere on this one. I've read accounts of people who send exploits to Microsoft in secrecy, and then HAVE to publish the code so that Microsoft is forced to fix the problem. If it doesn't impact Microsoft's marketing, Microsoft doesn't care.
The other issue that relates to this one is secure as possible by default. This principle applies to all Internet usage of computers. Yet Microsoft blatantly violated it in the following: Office Macros, email attachments, NT/Windows 2000 Server config (running IIS by default), Hotmail...
Patents protect an invention. It does not matter if you think of the same invention independently - you still need permission from the patent holder. That is how patents work.
Copyright protects expression, so if you can implement a method described in a copyrighted work without using the expression, it is legal. This is an appropriate interpretation for most software reverse engineering. If you do not use the source, you are always fine.
Stanford already has a test suite for linux kernels, and it fixes hundreds of bugs that Alan Cox incorporates and passes along.
The checker lives here
Just a quick glance at the discussion list showed a good number of posters suggesting a subscription. Though it seems obvious, just pay for the product, subscriptions also offer another benefit: Payment in advance. This will ensure a steady stream of cash for production of the magazine.
/. when the same thing happens to VA Linux in another year?
Few people think it could or would work that way. Most people will go somewhere else if a subscription model is used.
The most obvious solution is for someone who would benefit from a solid linux news site like lwn to pick it up. IBM could fund it. Or HP. Or VA linux. Or Red Hat. Or some combination of them. Their expenses basically mean paying four people full-time.
Unfortunately, it is more likely they will be going under. I wonder what will happen to