Quite a few posters in this thread seem to be missing the point of the ruling. That's easy to do when you only read summaries designed to push a certain point of view, and don't dig into the source material yourself. So let's have a look at the actual ruling:
To minimize the filing burden on manufacturers, this requirement was narrowly tailored to affect only those radios where the software can be modified by a party other than the manufacturer because such radios pose a higher risk of interference to authorized radio services.
(emphasis added) Now, here comes the actual snippet that seems to have a lot of people up in arms:
The Commission hereby states that it is its policy, consistent with the intent of Cognitive Radio Report and Order and Cisco's request, that manufacturers should not intentionally make the distinctive elements that implement that manufacturer's particular security measures in a software defined radio public, if doing so would increase the risk that these security measures could be defeated or otherwise circumvented to allow operation of the radio in a manner that violates the Commission's rules. A system that is wholly dependent on open source elements will have a high burden to demonstrate that it is sufficiently secure to warrant authorization as a software defined radio.
Again, emphasis added. FCC is not saying that OSS is inherently less secure. They are saying that it's their policy to make it difficult to modify a radio such that it violates FCC rules. That's all. It might even be possible, given the stipulation above, to do this with OSS. Of course you might run into the 'tivoization' clause of GPLv3 in so doing...
No, CardSpace is only peripherally related to SSO. It's more about providing the user with a single interface to allow him to manage the many, many identities he has, in a world where every 4th website wants you to create another login... each with different criteria for username, password, and so on.
Thought of the moment: IIS server's respsonding with, "You are using an Apple Computer. Cancel or Allow?"
Heh. You accuse Microsoft users of a trick that's already rampant amongst Microsoft haters. Try visiting John Simpson's page on resetting an AD password for instance (if you're using IE, you get a very snotty and longwinded rant instead of the url you specified). Or any of the thousands of web pages which detect IE and display a come-on for Firefox, or a link to the (now defunct?) stopie.com
Yet I can't say I've ever seen a site that says Hey, you're using Firefox, you should quit that and get IE! Hmm...
"Basic operating system theory was pretty much done by the end of the 1960s. IBM probably owned thousands of really 'fundamental' patents," Torvalds said in a response to questions submitted by InformationWeek.
So it wasn't email to some list; apparently InformationWeek mailed him directly. (I wondered the same thing, at first.)
Thank you for elucidating on this point - I hadn't realized it before, but yes, this is something that happens in various distro communities. It's kinda sad that many naysayers seem unable to see it, even with your clear explanation.
The current system minimizes cost, at the expense of security.
No, it finds the best balance between the two. Consider this: there's a vulnerability known to the white- and blackhat communities, but it isn't being widely exploited yet. However, the minute the patch rolls out, it's worldwide news, and all the script kiddies are reverse engineering it and automating the exploit so they can compromise unpatched systems by the hundreds or thousands.
So, yeah, let's take that 1x/month script kiddie window, and have it 3-7 times a month (MS have been releasing about that many patches per month lately). Let's make everyone choose between rebooting 1-2 times a week... or having unpatched vulnerabilities known not to a small black|white-hat community, but a huge botmaster/scriptkiddy/spyware community (who are finding profit in the excercise).
That'll increase security and lower costs, right? And for you, the non-MS user... it'll definitely lower the number of scripts strobing your firewall and costing you pennies per month in bandwidth charges, eh?
You know, given that there's so much contention over what IS part of the OS and what ISN'T, I'd be happy to settle on 'everything that's part of a default install' for the purpose of vulnerability assessment.
On top of the higher costs associated with Vista, you're STILL paying for anti-virus and firewall protection. For a business you still need all the overhead that goes into supporting XP. So, where's the win for business users with Vista? If by switching to Vista you could do away with the anti-virus subscription, that's a win. A big win. But you're still paying the anti-virus subscription with Vista on top of the higher costs for the base OS.
Well, this may be a contentious thing to say, but if you accept that running without root privs is all the AV protection you need in an OS, then you get the same level of protection in Windows if you run without Admin/PowerUser privs. While this was possible in prior Windows versions, Vista makes it a lot easier to actually accomplish, given that UAC allows for a much more seamless priv elevation when it is needed. So... if the heart of 'I don't need antivirus' is the non-root user, Vista delivers it.
As to firewall. That's a nonstarter of an argument; XP and Vista both provide eminently usable and effective firewalls. There is no need to pay for a thirdparty firewall in either OS.
AC has already noted that there really is no price premium for Vista over XP in a business deployment, and (s)he's correct. $299 = $299.
Once the initial learning hump has been crested, Vista will lower support/maintenance costs as compared to XP. A small amount at first, with the new deployment options WIM brings. Increasingly over time, as the security effects of UAC begin to kick in, and the lowered rate of security incidents becomes apparent.
Cute. But given that any file *could* be malware, of course the antimalware software needs to be able to attempt cleaning/deletion. It's also pretty obvious that this isn't some master plan by the Evil Geniuses of Redmond to have a joke at your expense by simply reaching out and deleting any file named 'loveletter.txt' for the pure BOFH joy of it.
Can we return to the land of reality now?
... designed to play on the fears of people who haven't actually bothered to read the licenses they are agreeing to.
I read (or at least skim) any license attached to any software I run. It's usually the basic stuff, and while a little bit lawyerese (in other words, precise), it's usually not that hard to understand. It's also usually reasonable, given what the software can do.
For instance, Doctorow specifically notes that an MS EULA makes sure you grant permission for Defender to delete files on your PC. Guess what: that's the whole point of Defender: to delete malware, which could be in (gasp!) any file! Oh noes!
EULAs exist for basically two reasons:
1) To limit the legal exposure of the company providing the content (music/movies/software/whatever). And, err... duh, that's a good thing, for both the company and you. If that company had no way to limit its legal exposure, it wouldn't be able to do business. The risk would be too large; it would only be a matter of time before some angry user had sued the business principals into the poorhouse for some perceived slight.
2) To explain the terms under which the content is sold/licensed/rented/whatever to you. You may not agree with those terms, but there they are, and you are given the choice. You may not bother to read the terms and excercise the choice, but you were at least given it.
Are Doctorow and the other EULA-haters in this thread suggesting they'd rather not know what their choices are? Or are they suggesting any entity that wants to release content for money or for free should have no rights or choices in the matter, just tossing their content over the wall and letting the rest of the world do whatever they want with it?
I have copies of hacker manuals that describe taking over Windows 2k servers using the tftp that is setup and running in a default install of Windows.
Better toss those hacker manuals out then; they are full of misinformation. There's no tftp client or server installed in any version of W2000 by default. SQL Slammer was a pain in the neck, true - but the patch for that vulnerability had been issued months before Slammer hit. Everything else you mention would not be an issue if users didn't run with Admin privs - and don't tell us it's not possible; I've been doing it since NT4.
Microsoft's security mistake was in the W2000 installer which created accounts with local Admin privs, and failed to tell the user about it. That snowballed as developers and testers began depending on Admin privs they may not have even known they had. It was a Microsoft mistake of colossal proportions; but as I just noted, you can fix it easily enough by simply running nonadmin, staying patched, and enabling the Windows Firewall.
Here it is: an open and apparently straight admission of what happened, by the guy who did it. You may not agree with him or his motives, but he had the cojones to step up and own his actions.
Doug: in the interests of complete disclousre, it might be worthwhile to mention what Rick was paid.
It's wrong because Wikipedia has a specific policy aimed against this sort of thing.
You might want to re-read that policy. Start at the paragraph that begins with However, in clear-cut cases, it is permissible to edit pages connected to yourself...
Y'know, I've noticed something. A lot of people seem to argue DRM out of both sides of their mouths. On the one hand, it is to be reviled because it makes {something} hard to do. On the other hand, it's inherently flawed and will always be cracked anyway, so what's the big deal?
Most. perhaps only many, people who copy electronic media would not have purchased the item anyway, at lest that's the claim. I tend to think it true.
Can we please, please, please drop this stunningly stupid argument forevermore from all discussions about content distribution and use? Stop and think about a world where it's, err, ok to just take things as long as you can claim you never really wanted to have those things. Try to figure out where that leaves you when a thief steals your coat on a hot day, or a squatter moves into your house while you're on vacation, or...
... an infinitude of other examples. Stop it. Stop it and think. You who make this bizarre argument are cutting of your own noses to spite your faces, and you're doing it over something as incredibly important and necessary to life as... music ?
The only solution I see is that people should be able to be paid at the production step, not at the distribution step.
I don't understand this at all. You envision fans lining up around the block to sit in the newly-constructed bleachers at the recording studios, for a fee? No? Then please explain. Who will pay at production step if they can't somehow recoup their investment through distribution?
Or is this the old 'artists should make their living money from performance' concept? If yes... whats your plan for authors and moviemakers?
The only rational explanation why is so that distributors and Microsoft can obtain a monopoly on digital media distribution.
See, that's where you lost it. It's also rational to beleive that MS simply want not to be excluded from digital distribution markets, as they would be (by some if not all of the major content producers) if they included no DRM playback functionality at all.
The content is designed to be viewed, therefore it can be accessed and someone will do so. There is no way to protect the content in question AND allow it to be decoded and viewed.
Technically, you are right. But as is common in the nerd gatherings, you've kinda focussed on the technical point whilst missing the overall goal. The goal of all that Protected Path stuff is not to eliminate piracy; of course that cannot be done. The goal is to reduce piracy; and this is accomplished when that 'air gap' is created. So now, pirate copies of that DRM'd media will need to travel the 'air gap' from monitor to videocam lens, or from speaker to microphone. That's gonna be noticeable to the end-users. Pirates will also have to do this airgap duplication at human playback rates, and in a quiet room (no busses driving by, planes overhead, etc) - no speeded-up duplication at hard disk copying rates over totally silent wires.
DRM isn't an attempt to break the laws of physics; saying so just helps lump you in with the people who have no problem with vastly overstating their cases as a matter of course.
Again: you're in business as a company. You have customers, and you have a community of nonpaying folks. If push comes to shove, which can you most afford to lose right now?
I'm sorry, but if this is insightful, y'all have a lot to learn about making a business work.
Slashdot Mirror
Quite a few posters in this thread seem to be missing the point of the ruling. That's easy to do when you only read summaries designed to push a certain point of view, and don't dig into the source material yourself. So let's have a look at the actual ruling:
To minimize the filing burden on manufacturers, this requirement was narrowly tailored to affect only those radios where the software can be modified by a party other than the manufacturer because such radios pose a higher risk of interference to authorized radio services.
(emphasis added) Now, here comes the actual snippet that seems to have a lot of people up in arms:
The Commission hereby states that it is its policy, consistent with the intent of Cognitive Radio Report and Order and Cisco's request, that manufacturers should not intentionally make the distinctive elements that implement that manufacturer's particular security measures in a software defined radio public, if doing so would increase the risk that these security measures could be defeated or otherwise circumvented to allow operation of the radio in a manner that violates the Commission's rules. A system that is wholly dependent on open source elements will have a high burden to demonstrate that it is sufficiently secure to warrant authorization as a software defined radio.
Again, emphasis added. FCC is not saying that OSS is inherently less secure. They are saying that it's their policy to make it difficult to modify a radio such that it violates FCC rules. That's all. It might even be possible, given the stipulation above, to do this with OSS. Of course you might run into the 'tivoization' clause of GPLv3 in so doing ...
No, CardSpace is only peripherally related to SSO. It's more about providing the user with a single interface to allow him to manage the many, many identities he has, in a world where every 4th website wants you to create another login ... each with different criteria for username, password, and so on.
Thought of the moment: IIS server's respsonding with, "You are using an Apple Computer. Cancel or Allow?"
Heh. You accuse Microsoft users of a trick that's already rampant amongst Microsoft haters. Try visiting John Simpson's page on resetting an AD password for instance (if you're using IE, you get a very snotty and longwinded rant instead of the url you specified). Or any of the thousands of web pages which detect IE and display a come-on for Firefox, or a link to the (now defunct?) stopie.com
Yet I can't say I've ever seen a site that says Hey, you're using Firefox, you should quit that and get IE! Hmm ...
Can you provide the source of this information?
"Basic operating system theory was pretty much done by the end of the 1960s. IBM probably owned thousands of really 'fundamental' patents," Torvalds said in a response to questions submitted by InformationWeek.
So it wasn't email to some list; apparently InformationWeek mailed him directly. (I wondered the same thing, at first.)
Thank you for elucidating on this point - I hadn't realized it before, but yes, this is something that happens in various distro communities. It's kinda sad that many naysayers seem unable to see it, even with your clear explanation.
The current system minimizes cost, at the expense of security.
No, it finds the best balance between the two. Consider this: there's a vulnerability known to the white- and blackhat communities, but it isn't being widely exploited yet. However, the minute the patch rolls out, it's worldwide news, and all the script kiddies are reverse engineering it and automating the exploit so they can compromise unpatched systems by the hundreds or thousands.
So, yeah, let's take that 1x/month script kiddie window, and have it 3-7 times a month (MS have been releasing about that many patches per month lately). Let's make everyone choose between rebooting 1-2 times a week... or having unpatched vulnerabilities known not to a small black|white-hat community, but a huge botmaster/scriptkiddy/spyware community (who are finding profit in the excercise).
That'll increase security and lower costs, right? And for you, the non-MS user ... it'll definitely lower the number of scripts strobing your firewall and costing you pennies per month in bandwidth charges, eh?
You may not agree with the conclusions. But there's some smart overview thinking here.
I also was dismayed at the lack of a summary table. So I built one.
http://adminfoo.net/2007/03/os-vulnerabilities-coYou know, given that there's so much contention over what IS part of the OS and what ISN'T, I'd be happy to settle on 'everything that's part of a default install' for the purpose of vulnerability assessment.
OK, good points about users turning off security protections. But hardly unique to Vista; you can do that in any OS. It's the price of popularity.
My apologies to steveodawg, whom I mistakenly attributed as AC in the above post.
On top of the higher costs associated with Vista, you're STILL paying for anti-virus and firewall protection. For a business you still need all the overhead that goes into supporting XP. So, where's the win for business users with Vista? If by switching to Vista you could do away with the anti-virus subscription, that's a win. A big win. But you're still paying the anti-virus subscription with Vista on top of the higher costs for the base OS.
Well, this may be a contentious thing to say, but if you accept that running without root privs is all the AV protection you need in an OS, then you get the same level of protection in Windows if you run without Admin/PowerUser privs. While this was possible in prior Windows versions, Vista makes it a lot easier to actually accomplish, given that UAC allows for a much more seamless priv elevation when it is needed. So ... if the heart of 'I don't need antivirus' is the non-root user, Vista delivers it.
As to firewall. That's a nonstarter of an argument; XP and Vista both provide eminently usable and effective firewalls. There is no need to pay for a thirdparty firewall in either OS.
AC has already noted that there really is no price premium for Vista over XP in a business deployment, and (s)he's correct. $299 = $299.
Once the initial learning hump has been crested, Vista will lower support/maintenance costs as compared to XP. A small amount at first, with the new deployment options WIM brings. Increasingly over time, as the security effects of UAC begin to kick in, and the lowered rate of security incidents becomes apparent.
YMMV.Cute. But given that any file *could* be malware, of course the antimalware software needs to be able to attempt cleaning/deletion. It's also pretty obvious that this isn't some master plan by the Evil Geniuses of Redmond to have a joke at your expense by simply reaching out and deleting any file named 'loveletter.txt' for the pure BOFH joy of it. Can we return to the land of reality now?
I read (or at least skim) any license attached to any software I run. It's usually the basic stuff, and while a little bit lawyerese (in other words, precise), it's usually not that hard to understand. It's also usually reasonable, given what the software can do.
For instance, Doctorow specifically notes that an MS EULA makes sure you grant permission for Defender to delete files on your PC. Guess what: that's the whole point of Defender: to delete malware, which could be in (gasp!) any file! Oh noes!
EULAs exist for basically two reasons:
1) To limit the legal exposure of the company providing the content (music/movies/software/whatever). And, err ... duh, that's a good thing, for both the company and you. If that company had no way to limit its legal exposure, it wouldn't be able to do business. The risk would be too large; it would only be a matter of time before some angry user had sued the business principals into the poorhouse for some perceived slight.
2) To explain the terms under which the content is sold/licensed/rented/whatever to you. You may not agree with those terms, but there they are, and you are given the choice. You may not bother to read the terms and excercise the choice, but you were at least given it.
Are Doctorow and the other EULA-haters in this thread suggesting they'd rather not know what their choices are? Or are they suggesting any entity that wants to release content for money or for free should have no rights or choices in the matter, just tossing their content over the wall and letting the rest of the world do whatever they want with it?
I have copies of hacker manuals that describe taking over Windows 2k servers using the tftp that is setup and running in a default install of Windows.
Better toss those hacker manuals out then; they are full of misinformation. There's no tftp client or server installed in any version of W2000 by default. SQL Slammer was a pain in the neck, true - but the patch for that vulnerability had been issued months before Slammer hit. Everything else you mention would not be an issue if users didn't run with Admin privs - and don't tell us it's not possible; I've been doing it since NT4.
Microsoft's security mistake was in the W2000 installer which created accounts with local Admin privs, and failed to tell the user about it. That snowballed as developers and testers began depending on Admin privs they may not have even known they had. It was a Microsoft mistake of colossal proportions; but as I just noted, you can fix it easily enough by simply running nonadmin, staying patched, and enabling the Windows Firewall.
Here it is: an open and apparently straight admission of what happened, by the guy who did it. You may not agree with him or his motives, but he had the cojones to step up and own his actions.
Doug: in the interests of complete disclousre, it might be worthwhile to mention what Rick was paid.
It's wrong because Wikipedia has a specific policy aimed against this sort of thing.
You might want to re-read that policy. Start at the paragraph that begins with However, in clear-cut cases, it is permissible to edit pages connected to yourself ...
They are privately paying a non-affiliated individual to fix it because they have been barred access.
I missed the part where Wikipedia barred Microsoft access? Can you provide sources for this allegation?
Y'know, I've noticed something. A lot of people seem to argue DRM out of both sides of their mouths. On the one hand, it is to be reviled because it makes {something} hard to do. On the other hand, it's inherently flawed and will always be cracked anyway, so what's the big deal?
Which is it?
Most. perhaps only many, people who copy electronic media would not have purchased the item anyway, at lest that's the claim. I tend to think it true.
Can we please, please, please drop this stunningly stupid argument forevermore from all discussions about content distribution and use? Stop and think about a world where it's, err, ok to just take things as long as you can claim you never really wanted to have those things. Try to figure out where that leaves you when a thief steals your coat on a hot day, or a squatter moves into your house while you're on vacation, or ...
... an infinitude of other examples. Stop it. Stop it and think. You who make this bizarre argument are cutting of your own noses to spite your faces, and you're doing it over something as incredibly important and necessary to life as ... music ?
The only solution I see is that people should be able to be paid at the production step, not at the distribution step.
I don't understand this at all. You envision fans lining up around the block to sit in the newly-constructed bleachers at the recording studios, for a fee? No? Then please explain. Who will pay at production step if they can't somehow recoup their investment through distribution?
Or is this the old 'artists should make their living money from performance' concept? If yes ... whats your plan for authors and moviemakers?
The only rational explanation why is so that distributors and Microsoft can obtain a monopoly on digital media distribution.
See, that's where you lost it. It's also rational to beleive that MS simply want not to be excluded from digital distribution markets, as they would be (by some if not all of the major content producers) if they included no DRM playback functionality at all.
The content is designed to be viewed, therefore it can be accessed and someone will do so. There is no way to protect the content in question AND allow it to be decoded and viewed.
Technically, you are right. But as is common in the nerd gatherings, you've kinda focussed on the technical point whilst missing the overall goal. The goal of all that Protected Path stuff is not to eliminate piracy; of course that cannot be done. The goal is to reduce piracy; and this is accomplished when that 'air gap' is created. So now, pirate copies of that DRM'd media will need to travel the 'air gap' from monitor to videocam lens, or from speaker to microphone. That's gonna be noticeable to the end-users. Pirates will also have to do this airgap duplication at human playback rates, and in a quiet room (no busses driving by, planes overhead, etc) - no speeded-up duplication at hard disk copying rates over totally silent wires.
DRM isn't an attempt to break the laws of physics; saying so just helps lump you in with the people who have no problem with vastly overstating their cases as a matter of course.
Again: you're in business as a company. You have customers, and you have a community of nonpaying folks. If push comes to shove, which can you most afford to lose right now?
I'm sorry, but if this is insightful, y'all have a lot to learn about making a business work.