Well, then if you don't like the license, don't use the software. Using GPL software against the terms of the license because you couldn't find any other free code to use is hardly an excuse. That's what he said in the first sentence of his post: "I still see this as a reason not to use GPL, preferring instead to use..." That's perfectly legit.
Although I disagree with his views on the GPL (I think it's great), fotbr sounds like he is acting perfectly ethically.
But that is a win/win situation. By the time your competition can use your code to release a competing project, you've already got market share, so you don't lose much by competition unless your prices are horribly escalated. If they release an improved product using your code, then they must release it under the GPL as well, meaning you can then incorporate *their* code in *your* product. In the end, everybody -- you, your competitor and the consumer -- wins.
I had a consulting client who asked me about spamvertising her business. I just told her that if she wanted to spam her potential clients, that was fine, but she would be running her network by herself, because I would quit.
That's what I do, but it nearly backfired on me once when I slowed down enough to necessitate shifting gears. Unfortunately, instead of going from 4th to 3rd, I accidentally (honest!) went from 4th to 1st.
The tailgater went from merely unhappy to extremely pissed in about half a second. Come to think of it, my transmission wasn't too happy about it, either.
In my environment, the hub for my service area is an hour away by 737 (no roads there, either). The outlying villages are all accessible either by charter air service, boat (in the summer, and only some of the outlying villages) or snowmobile (in the winter). Some of my central offices are on mountain tops that in really bad weather may not even be reachable for a week or more.
In other words, just reaching over to turn the router off isn't always an option. In fact, for me, it usually isn't an option.
How do you do this when your router is sitting in an unmanned wire center 500 miles away? If the router is sitting right next to you, why are you using telnet rather than a console cable to get into the thing?
In either case, it is because nothing was written to the running config that the "reload in 15" command works.
I did something just as bad at the beginning of my IT career:
We had a horrendous Clipper-based database that contained all of our company's purchase orders, sales orders, customer invoices, etc. It was about 900MB back when the original Pentium was still new and the biggest consumer grade hard drive you could buy was just over a gig. The database used to have a lot of corruption problems, and it was my job to fix it when that happened. Once in a while, the tools I had to fix the corruption wouldn't work, and I'd have to restore from the previous day's backup. So far, no problem...until the database got so large that it wouldn't fit on the network share that we were backing up to. Unfortunately, the backup script didn't detect the failure.
You guessed it. One day I had to restore from backup, but the database hadn't actually been backed up for quite a while -- about six months, in fact. Problem was, the only way to restore was to erase the data first, then run the restore script because our hard drives weren't big enough to hold both a copy of the (broken) database and the restored version.
I have been a vocal supporter of "backup and verify" ever since.
telnet 192.168.1.1 cisco-router$ en cisco-router$ reload in 15 isco-router$ config t cisco-router(config)# int g0/1 cisco-router(config-if)# ip address 10.1.1.1 mask 255.255.255.0 Connection Closed
IT Admin: Gah...Now I have to wait 15 minutes for the router to reload. Oh, well...time to get a soda.
Dude, if you can figure out how to make that happen, you will become an IT hero.
I had a client who called me to help build a network for her new business. I interviewed the client to determine her needs, asked a lot of follow-up questions to make sure I really understood what she wanted and expected from her network, then started drafting up a design to meet these goals. She then became the Client from Hell.
It wasn't bad enought that she ignored most of what I said she needed. Oh, no. She bought unbelievably sub-standard equipment --most of it used or donated. I kid you not, this was two years ago, and three of her computers were running *Windows 95*. She found a pretty, $5000 software product that is the core of her business, but didn't listen when I pointed out the (many) design flaws in the program. For example, who uses DHCP to assign an address to a standalone host when the client software that talks to that host has to have the IP address (not FQDN of the host, the IP address!) statically set in the configuration file?!?! Of course, she then whined when things broke and I couldn't fix them right away.
I would have just walked away from that job, but it's kinda hard to do when the client is a family member:/
Agreed wholeheartedly. I hope you weren't arguing with my post above, because if so, I suspect it was because I wasn't as clear as I could (should) have been.
Border searches as described in TFA are entirely bogus, and need to be stopped NOW. Yes, customs inspects freight in and out of the country, and yes, I have allowed customs to search my bags when entering the country for the reasons given above. But although I might be willing to start my laptop for airport security to "prove" that my laptop isn't a cleverly disguised bomb, customs or TSA would find a very loud, very outraged individual were they to begin rifling through my hard drives' contents without a search warrant. And as I indicated above, they would find not only a loud, outraged individual, but a potentially violent individual were they to attempt a body cavity search.
Yeah, I had this argument with a friend at work this morning.
The way I see it, you have two options: 1) they are enemy combatants subject to military tribunals and the Geneva conventions, or 2) they are civilians subject to the laws of the country in which they were arrested. You can't have it both ways -- or more accurately, neither way.
You have no privacy and should have no expectations of it when crossing a border.
The customs officials has the right to perform full body cavity searches on you without warrant, so what makes you think searching your laptop for illegal data is somehow "overstepping their bounds"?
You may disagree about whether this is morally acceptable or not, but the border agents were fully within their right to search and seize the laptop. The EFF is not going to get anywhere with this.
Pure bovine scatology ("b.s.", for most of us).
There is a document in the U.S. called the Constitution of the United States of America. I don't recall reading anywhere in that document (and yes, I have read it) that says all of the protections afforded by the Constitution are null and void when crossing the border. Any claims to the contrary are strictly interpretation and legal maneuvering. The only reason the government gets away with searches at the border are 1) we agree that there is a practical need for some security at the border, and 2) therefore, we allow the government infringe upon the protections granted by the Constitution.
FWIW, if a border agent were to attempt a body cavity search on me or any of my immediate family without having a **** good reason, that agent better call for a lot of backup.
Actually, privacy at the border is limited to diplomats. Everybody else doesn't have any. Huh. I don't remember reading that in the Constitution. Guess I just missed it, then.
Don't cross the border with things you don't want customs agents to find. That goes for...trade secrets...on a laptop. So if you are a businessperson, traveling for business purposes, you shouldn't be able to take information across the border that will clench the deal? Or maybe, once you arrive at your destination, you should hook up to your hotel's ultra-secure public internet connection and download the gigs of data at the cheapest fricking broadband speed the hotel could buy from the local ISP -- which, incidentally, is shared among all 200 guests in the hotel. And God forbid that the hotel's internet connection should be down when you arrive. I'm sure your business rival would be more than happy to give you a second chance to make your sales pitch to the prospective client before they make their sales pitch. </sarc>
Nack. The Bill of Rights gives us freedom from search and seizure without due process of law. If agents of the government have no reason to suspect I have committed a crime -- and by definition, crossing the border in compliance with the laws of the countries involved cannot possibly be interpreted as "committing a crime" -- then by a strict interpretation of the Bill of Rights, they have no probable cause to search my laptop at the border. All of this bunk about how the Constitution doesn't apply at the border is just that -- bunk.
So by your logic, how long will it be until, when crossing the border, I have to prove that every MP3 on my laptop was legally obtained??? Or are we only searching for naughty pictures at the border?
Just out of curiosity, how would anyone posting on IIRC know what the quickest, most painless method of suicide was? If they are posting, they either didn't succeed or have never tried the method they are advocating.
First, don't put all your eggs in one basket. NYCL may or may not be a musician, so he may or may not have the ability to "build a viable alternative." However, he is a lawyer, so legal action is something he is capable of (and therefore is actively) doing. If you really want something better, let everyone interested do what they do best. Don't just pin your hopes on one method of attack and pray it works.
Second, how do you know the enemies of the RIAA aren't trying to build a viable alternative? Ever been to MySpace (gag) or Soundclick or any of a number of other indie artist web sites? There are quite a few indie musicians trying to produce music without working within the existing power structure; I'm one of them, as is my brother and several of my best friends.
Third, the RIAA lawyers aren't "just trying to win cases for their client." If all they were doing is taking reasonable steps to protect the IP of their client, I wouldn't have any problems with them. As unpopular as it may be on/., I don't see any reason an artist, song writer, etc. shouldn't get paid for the works they produce. I don't torrent/p2p file share copyrighted works for this reason. However, the way in which the RIAA lawyers are going about the process is unethical at best and illegal at worst. There have been plenty of stories on/. and elsewhere regarding the probable illegality of MediaSentry's investigations without having a license to do so in the relevant jurisdictions. This story is an example of the RIAA lawyers trying to bamboozle a judge. There are plenty more examples; I'm sure a Google search will turn up plenty of reading, if you are so inclined.
Fourth, and finally, while NYCL may be building a cult of personality here on/., I doubt it is because he wants a bunch of geek hero worshippers. From what I've been able to see, NYCL is actively dogging the RIAA, and even if he enjoys all the praise he gets here (wouldn't you?), the fact is, he is doing something to help others out. If you recall, on one of his first appearances here on/. he kinda got flamed a bit for a while -- there were a lot of "wow, you're a lawyer and you claim to want to help people out? What's the color of the sky on your planet?" snarky comments. However, his actions seem to have won over a lot of people. At least from what little I know about him, he has swayed/. public opinion by putting his money where his mouth is. For that, I respect him.
As a U.S. bank are you really going to tell your customers, "By the way, if you ever need to access your account while on vacation outside the country, you're out of luck?"
The full text from the grandparent post:
If you're operating a U.S. bank, why in the world would you want Vietnamese and Chinese IPs visiting your site or hammering your firewall ? Do you have an admin over there, SSHing in ?
If you are a bank, do you have your users signing in via SSH???
No, you probably don't want to block access to HTTPS (you ARE using HTTPS, right?) or SMTP from Vietnam or China (I would add Korea to this list based on the SSH and spam mails I've seen from Korean networks), and yes, I am aware that this implies that it would be possible to brute force your customers' passwords if you don't do something sensible like lock out their accounts after x invalid password attempts.
No, that means that there were patches available but they were never applied...
To me, that sounds like a known vulnerability. I think one of the posts above is probably a better answer to the question "what makes up the other 75%, if not a known or unknown vulnerability":
Username: admin Password: password
Leaving the system in a default state isn't a flaw in the software so it isn't a software vulnerability. It's a lazy/sloppy sys admin. Unfortunately, this leads to playing semantic games -- "what exactly is a vulnerability?"
Slashdot Mirror
Although I disagree with his views on the GPL (I think it's great), fotbr sounds like he is acting perfectly ethically.
But that is a win/win situation. By the time your competition can use your code to release a competing project, you've already got market share, so you don't lose much by competition unless your prices are horribly escalated. If they release an improved product using your code, then they must release it under the GPL as well, meaning you can then incorporate *their* code in *your* product. In the end, everybody -- you, your competitor and the consumer -- wins.
Exactly...unless the boss didn't BCC to the realtors???
I had a consulting client who asked me about spamvertising her business. I just told her that if she wanted to spam her potential clients, that was fine, but she would be running her network by herself, because I would quit.
She wasn't happy, but she didn't send any spams.
Now I *know* you are lying. In the DC area, there is *never* a road with three completely empty lanes
That's what I do, but it nearly backfired on me once when I slowed down enough to necessitate shifting gears. Unfortunately, instead of going from 4th to 3rd, I accidentally (honest!) went from 4th to 1st.
The tailgater went from merely unhappy to extremely pissed in about half a second. Come to think of it, my transmission wasn't too happy about it, either.
Exactly.
In my environment, the hub for my service area is an hour away by 737 (no roads there, either). The outlying villages are all accessible either by charter air service, boat (in the summer, and only some of the outlying villages) or snowmobile (in the winter). Some of my central offices are on mountain tops that in really bad weather may not even be reachable for a week or more.
In other words, just reaching over to turn the router off isn't always an option. In fact, for me, it usually isn't an option.
How do you do this when your router is sitting in an unmanned wire center 500 miles away? If the router is sitting right next to you, why are you using telnet rather than a console cable to get into the thing?
In either case, it is because nothing was written to the running config that the "reload in 15" command works.
I did something just as bad at the beginning of my IT career:
We had a horrendous Clipper-based database that contained all of our company's purchase orders, sales orders, customer invoices, etc. It was about 900MB back when the original Pentium was still new and the biggest consumer grade hard drive you could buy was just over a gig. The database used to have a lot of corruption problems, and it was my job to fix it when that happened. Once in a while, the tools I had to fix the corruption wouldn't work, and I'd have to restore from the previous day's backup. So far, no problem...until the database got so large that it wouldn't fit on the network share that we were backing up to. Unfortunately, the backup script didn't detect the failure.
You guessed it. One day I had to restore from backup, but the database hadn't actually been backed up for quite a while -- about six months, in fact. Problem was, the only way to restore was to erase the data first, then run the restore script because our hard drives weren't big enough to hold both a copy of the (broken) database and the restored version.
I have been a vocal supporter of "backup and verify" ever since.
Easy fix:
telnet 192.168.1.1
cisco-router$ en
cisco-router$ reload in 15
isco-router$ config t
cisco-router(config)# int g0/1
cisco-router(config-if)# ip address 10.1.1.1 mask 255.255.255.0
Connection Closed
IT Admin: Gah...Now I have to wait 15 minutes for the router to reload. Oh, well...time to get a soda.
Respect your IT pro's opinions.
Dude, if you can figure out how to make that happen, you will become an IT hero.
I had a client who called me to help build a network for her new business. I interviewed the client to determine her needs, asked a lot of follow-up questions to make sure I really understood what she wanted and expected from her network, then started drafting up a design to meet these goals. She then became the Client from Hell.
It wasn't bad enought that she ignored most of what I said she needed. Oh, no. She bought unbelievably sub-standard equipment --most of it used or donated. I kid you not, this was two years ago, and three of her computers were running *Windows 95*. She found a pretty, $5000 software product that is the core of her business, but didn't listen when I pointed out the (many) design flaws in the program. For example, who uses DHCP to assign an address to a standalone host when the client software that talks to that host has to have the IP address (not FQDN of the host, the IP address!) statically set in the configuration file?!?! Of course, she then whined when things broke and I couldn't fix them right away.
I would have just walked away from that job, but it's kinda hard to do when the client is a family member
Agreed wholeheartedly. I hope you weren't arguing with my post above, because if so, I suspect it was because I wasn't as clear as I could (should) have been.
Border searches as described in TFA are entirely bogus, and need to be stopped NOW. Yes, customs inspects freight in and out of the country, and yes, I have allowed customs to search my bags when entering the country for the reasons given above. But although I might be willing to start my laptop for airport security to "prove" that my laptop isn't a cleverly disguised bomb, customs or TSA would find a very loud, very outraged individual were they to begin rifling through my hard drives' contents without a search warrant. And as I indicated above, they would find not only a loud, outraged individual, but a potentially violent individual were they to attempt a body cavity search.
Yeah, I had this argument with a friend at work this morning.
The way I see it, you have two options: 1) they are enemy combatants subject to military tribunals and the Geneva conventions, or 2) they are civilians subject to the laws of the country in which they were arrested. You can't have it both ways -- or more accurately, neither way.
Well said. Wish I had mod points for you!
The customs officials has the right to perform full body cavity searches on you without warrant, so what makes you think searching your laptop for illegal data is somehow "overstepping their bounds"?
You may disagree about whether this is morally acceptable or not, but the border agents were fully within their right to search and seize the laptop. The EFF is not going to get anywhere with this.
Pure bovine scatology ("b.s.", for most of us).
There is a document in the U.S. called the Constitution of the United States of America. I don't recall reading anywhere in that document (and yes, I have read it) that says all of the protections afforded by the Constitution are null and void when crossing the border. Any claims to the contrary are strictly interpretation and legal maneuvering. The only reason the government gets away with searches at the border are 1) we agree that there is a practical need for some security at the border, and 2) therefore, we allow the government infringe upon the protections granted by the Constitution.
FWIW, if a border agent were to attempt a body cavity search on me or any of my immediate family without having a **** good reason, that agent better call for a lot of backup.
Not just teenagers -- I've spoken to waaaaay too many adults who hold the same opinions. Very scary indeed.
Don't cross the border with things you don't want customs agents to find. That goes for...trade secrets...on a laptop. So if you are a businessperson, traveling for business purposes, you shouldn't be able to take information across the border that will clench the deal? Or maybe, once you arrive at your destination, you should hook up to your hotel's ultra-secure public internet connection and download the gigs of data at the cheapest fricking broadband speed the hotel could buy from the local ISP -- which, incidentally, is shared among all 200 guests in the hotel. And God forbid that the hotel's internet connection should be down when you arrive. I'm sure your business rival would be more than happy to give you a second chance to make your sales pitch to the prospective client before they make their sales pitch. </sarc>
Nack. The Bill of Rights gives us freedom from search and seizure without due process of law. If agents of the government have no reason to suspect I have committed a crime -- and by definition, crossing the border in compliance with the laws of the countries involved cannot possibly be interpreted as "committing a crime" -- then by a strict interpretation of the Bill of Rights, they have no probable cause to search my laptop at the border. All of this bunk about how the Constitution doesn't apply at the border is just that -- bunk.
So by your logic, how long will it be until, when crossing the border, I have to prove that every MP3 on my laptop was legally obtained??? Or are we only searching for naughty pictures at the border?
"Geeks in Black" -- Defending the Earth from the scum of the universe???
Just out of curiosity, how would anyone posting on IIRC know what the quickest, most painless method of suicide was? If they are posting, they either didn't succeed or have never tried the method they are advocating.
Just wondering...
Wrong on multiple counts.
/., I don't see any reason an artist, song writer, etc. shouldn't get paid for the works they produce. I don't torrent/p2p file share copyrighted works for this reason. However, the way in which the RIAA lawyers are going about the process is unethical at best and illegal at worst. There have been plenty of stories on /. and elsewhere regarding the probable illegality of MediaSentry's investigations without having a license to do so in the relevant jurisdictions. This story is an example of the RIAA lawyers trying to bamboozle a judge. There are plenty more examples; I'm sure a Google search will turn up plenty of reading, if you are so inclined.
/., I doubt it is because he wants a bunch of geek hero worshippers. From what I've been able to see, NYCL is actively dogging the RIAA, and even if he enjoys all the praise he gets here (wouldn't you?), the fact is, he is doing something to help others out. If you recall, on one of his first appearances here on /. he kinda got flamed a bit for a while -- there were a lot of "wow, you're a lawyer and you claim to want to help people out? What's the color of the sky on your planet?" snarky comments. However, his actions seem to have won over a lot of people. At least from what little I know about him, he has swayed /. public opinion by putting his money where his mouth is. For that, I respect him.
First, don't put all your eggs in one basket. NYCL may or may not be a musician, so he may or may not have the ability to "build a viable alternative." However, he is a lawyer, so legal action is something he is capable of (and therefore is actively) doing. If you really want something better, let everyone interested do what they do best. Don't just pin your hopes on one method of attack and pray it works.
Second, how do you know the enemies of the RIAA aren't trying to build a viable alternative? Ever been to MySpace (gag) or Soundclick or any of a number of other indie artist web sites? There are quite a few indie musicians trying to produce music without working within the existing power structure; I'm one of them, as is my brother and several of my best friends.
Third, the RIAA lawyers aren't "just trying to win cases for their client." If all they were doing is taking reasonable steps to protect the IP of their client, I wouldn't have any problems with them. As unpopular as it may be on
Fourth, and finally, while NYCL may be building a cult of personality here on
NYCL, you rock
Ah...sorry. My mistake.
The full text from the grandparent post: If you're operating a U.S. bank, why in the world would you want Vietnamese and Chinese IPs visiting your site or hammering your firewall ? Do you have an admin over there, SSHing in ?
If you are a bank, do you have your users signing in via SSH???
No, you probably don't want to block access to HTTPS (you ARE using HTTPS, right?) or SMTP from Vietnam or China (I would add Korea to this list based on the SSH and spam mails I've seen from Korean networks), and yes, I am aware that this implies that it would be possible to brute force your customers' passwords if you don't do something sensible like lock out their accounts after x invalid password attempts.
To me, that sounds like a known vulnerability. I think one of the posts above is probably a better answer to the question "what makes up the other 75%, if not a known or unknown vulnerability":
Username: admin
Password: password
Leaving the system in a default state isn't a flaw in the software so it isn't a software vulnerability. It's a lazy/sloppy sys admin. Unfortunately, this leads to playing semantic games -- "what exactly is a vulnerability?"