I don't know if they can. I don't see anything explicitly granting permission for this material to be used or distributed publicly. If I were a school, I'd be wary of getting sued for reproducing and distributing materials clearly copyrighted by the RIAA (see the bottom of each PDF).
Taken (without permission) from here, commentary mine:
Can I use file-sharing software to exchange music with other computers?
Although file-sharing software can be legal, the U.S. Supreme Court has ruled unanimously that file-sharing companies can be held responsible for encouraging people to illegally exchange copyrighted material over the Internet in this way.
So it can be legal, but file sharing sites are run by guilty bad guys.
Individuals who use file-sharing sites to upload and download copyrighted music without permission can also be sued or prosecuted.
That's about as straightforward as you can get...
In addition to these risks, file-sharing software gives others direct access to your computer hard drive and any private information, such as medical and financial records, that may be stored there.
Wait... what? Here they drop their PC "may" and "can", and straight-up say that file sharing software lets others access your important private data. This is a complete lie. It's not even partially true.
File-sharing software also makes computers more vulnerable to viruses, and may contain spyware, which is designed to feed information about your online activities to a third party, impeding your computerâ(TM)s performance in the process.
Also stating absolutely that file sharing software makes your computer slow and puts viruses on it. Also complete bullshit.
If the RIAA were presenting a reasonable view of copyright, I'd applaud them. This is pure FUD bullshit filled with not only bias, but flat-out lies. Any teacher that presents this curriculum should be fired immediately.
While what the RIAA curriculum is teaching might be counter to your moral beliefs (i.e. you may believe that all information should be free and copyright laws are an abomination), unless it is factually inaccurate it doesn't matter.
The part that concerns me is that the RIAA's curriculum is not presenting a fair and unbiased outlook on the copyright situation. The summary points out "fair use" as an example of a topic that's relevant but not discussed to any relevant degree. The message is more or less a mindless list of activities that may be illegal stating outright that they are illegal, and that is incorrect.
The RIAA is (ab)using its power (derived from its financial prowess) to gain an influence in schools and using an influence to spread an incomplete message to kids with the intention of modifying their behavior, their opinions, and their perspective on file sharing en masse. In an open forum, the solution is for an alternative party to present their own material, filling in the blanks and correcting errors and biased statements.
Schools, however, are not open forums. Unfortunately, the alternative parties don't really have the resources to compete with the RIAA, and likely won't be heard in a shouting contest. This leaves schools (and through them, kids, and through them, the future political climate) completely vulnerable to this one-sided propaganda.
Material that is presented in schools ought to be factual and unbiased (hah, but seriously). The rationale for this is that the children aren't necessarily mature, smart enough, and/or capable enough to exhibit their due diligence and perform their own research on the subjects that they are exposed to. They may (and most probably will) accept the school's teachings as unquestioned fact for at least the near future (this is marketed towards kids grades 3-8).
Of course, parents can always step in and attempt to un-bias (or re-bias) the curriculum, and that is their prerogative and their duty, but they can only operate on knowledge that they are aware of. Some will likely undo the RIAA's propaganda, but many will not, and those kids will grow up believing that the RIAA's half-truths are the entire picture.
Ultimately, a school should not use the material directly... they should petition interested parties and collect relevant information, then forge their own aggregate materials to present to children. However, both myself and the RIAA know full well many schools will take the easy path, and who knows... with good lobbying, maybe they'll be forced to.
What exactly makes this different from any of the other hundreds of sites with the same popup? Is it just because this is a large, well-known website like the New York Times?
That's my impression. I think the interesting thing here is that the presumption that reputable websites have reputable advertisements has been violated. NYT's advertising policies include the following paragraph:
The Times may decline to accept advertising that is misleading, inaccurate or fraudulent; that makes unfair competitive claims; or that fails to comply with its standards of decency and dignity.
Granted, they don't outright state that the content is prohibited, but they do imply a stance against this type of advertising. This is a clear violation of that intention, and they took the appropriate response. I'd be most interested in knowing if this particular advertisement was intentionally approved, "slipped through" accidentally, or was injected illicitly (e.g., their advertising server was hacked, etc.).
I had the exact same problem a while back. My solution was a little less straightforward than some, but is still simple enough. Basically, I leverage the freeware software Ext2 IFS, which installs software onto Windows that allows it to recognize the contents of Ext2/3 partitions.
Basically, I have my disk formatted with two partitions:
A 1GB FAT32 Partition
The rest as an Ext3 Partition
On the FAT32 partition, I place the latest version of Ext2 IFS. When I access the system on my main Linux box, I just mount / use the Ext3 partition.
When I visit friends or family and I plug it into their Windows box for the first time, Windows recognizes the FAT32 partition, so I can install the Ext2 IFS software that I put onto that partition. From then on (and every subsequent access), Windows automatically mounts it!
Windows doesn't reflect the Ext3 permissions, but if you have physical, portable access to an unencrypted hard drive, those mean nothing anyway. And, of course, make sure to ask friends and family before installing filesystem drivers:)
Consider something like cholera. Cholera gives you horrific diarrhea and vomiting, and the resulting dehydration can kill you pretty quickly, especially if you're very young or otherwise infirm. Going by the above-stated theory, that would normally be bad -- except that cholera exists in all your excretions, and other people can catch it from coming into close contact with those excretions. What's more, the normal route of infection is via contaminated water supply -- so if your excretions can make it back to the water supply, more's the better for cholera. Who cares if you drop dead?
Not that I disagree with your conclusion, but I do want to respond to your reasoning. The longer you live, the more you diarrhea, vomit, and get bitten. Over time, in that case, it seems (to me, at least) that a disease that keeps its host alive would reproduce more, and thus be more successful in the long run.
IANAD, but since this would all have been explored during the disease's evolution, I conclude that one of the following is the case:
Those diseases didn't used to affect humans, so their evolution within the human species is still relatively primitive.
The diseases themselves are relatively new, and thus not very mature
There is some evolutionary advantage to specifically having a dead host
The diseases have reached an equilibrium where the amount of time their host lives maximizes their efficiency versus other factors (e.g., the effort it takes them not to kill the host)
I have no idea what I'm talking about
The list was fun, but the first paragraph was really what I was going for!
I agree. While cloud-based applications and communications provide some extremely desirable features, a company's internal communications are its lifeblood. While good arguments can be made to trust this to Google's hosting services, good arguments can be made against it as well.
What Google really should do is provide an appliance - a suite of servers pre-loaded with Google Apps, GMail, etc. - that companies can buy or lease from them and integrate internally. They already do this for many technologies including Google Search and Google Earth.
Does anyone know QtJambi is doing? I heard that Nokia has stopped maintaining it since purchasing trolltech. Is that a big deal, or was it largely community supported to begin with?
I'm not really well-versed on the subject, but I did do some research earlier today, so I'll try and post what I found. It looks like you're correct, insofar as that Qt Softwaresays it will discontinue Qt Jambi. However, in the same press release, they mention that they will host and help maintain a community-driven version, which (I'm guessing) is here. The site itself makes no mention of the project halting, and the front page shows very regular updates, including a FreeBSD port.
I really hope Jambi enjoys continued development. In my opinion, bindings libraries like Qt Jambi are absolutely critical, both to unlocking the power of a language as well as fostering a diverse tool set and developer base for FOSS platforms. Furthermore, when you combine a cross-platform toolkit like Qt with a cross-platform language like Java (or Mono, for that matter), the result is pretty cool. Developers just have to overcome the misconception that Java is for applets/J2EE/embedded, and that the UI face of Java is Swing. It's a language, like any other, with pros, cons, and fans, and (in my opinion) exceptionally suited for desktop application development.
It has nothing to do with language or licensing. Mono is a patent trap for Linux: it holds patented MS technologies that, when more integrated into most Linux distros, can then be used against Linux in court by Microsoft who will sue them all for patent infringement.
Please correct me if I'm wrong, but my understanding is that the Mono project itself is segmented. Some technologies (notably WinForms and ASP.NET) certainly fall under MS parent, but the core technologies (C# and the CLI) are to be licensed under the MS Community Promise, which seems to waive MS's ability to enforce its patents on those specific technologies. This is similar to other FOSS-defensive patents/licenses, where technology is patented and then licensed under a patent waiver.
Just using Mono/C#/CLI doesn't open yourself up to any MS claims, provided you don't use the Mono libraries that don't have their patent enforcement waived. But this is the case with every set of libraries. Applications that want to avoid licensing issues need only avoid using the unfriendly technology, which is very doable with the segmented Mono. That's one reason why Linux Mono desktop applications (like Banshee) use GTK# instead of WinForms. I don't believe Banshee is subject to those patent claims.
Mono is just a tool; with Mono itself being GPL/LGPL and the MS-developed core dotNET patents (C# and CLI) being put under a FOSS-friendly license, it's really in the hands of the developers to ensure that individual applications don't link against MS's patent-enforceable technologies. This puts it on par with every other language, though.
Java is irrelevant for the desktop at this stage and Mono simply isn't welcome on my machines.
If your distribution does a good packaging job, and the licensing is kosher, I'd be interested in hearing a compelling reason why you care what language any given application is written in. My understanding is both are true for major Linux distributions.
Really this kind of end-user snobbery is pointless. Desktop applications should be evaluated on their design, functionality, effectiveness, ease of use, and desktop integration... not the language they are written in.
A major fault that I've seen in numerous sub-threads is the idea that a Java user interface equals Swing. It most certainly does not. Swing is merely Java's complete pure-Java (i.e. cross-platform) user interface geared towards providing a unified look-and-feel. In this respect, it does a good job. While there's nothing inherently wrong with it from a toolkit perspective, it is absolutely not appropriate for usage on the Linux desktop.
Programming for the Linux desktop means more than producing a windowed application; one must integrate their application, both in terms of user interface consistency and application interoperabililty, with a major desktop distribution. Specifically, I'm talking about Linux's "big two" desktop environments, KDE + Qt and GNOME + GTK+. While each of these environments have their preferred languages (C++ and C respectively), many other languages have no issues whatsoever being tightly integrated into them via bindings.
Java is no exception! In Java, I can program a wonderful GNOME/GTK+ application just fine with java-gnome. Similarly, I can program a Qt4 application with Qt Jambi (although I can't seem to find an equivalent KDE4 bindings library) in Java. An application written in either will appear and operate on par with any application written in other languages, either natively (via C or C++) or via another bindings library (Python has a tonofbindings).
Furthermore, just like GTK+ and Qt have cross-platform capability, so do the bindings, and if the appropriate binding library for a given platform is installed on that platform, the Java application, too, will be able to be cross-platform without modification. This is, of course, the job of the distribution and/or installer software, but operates similar to the Deluge (Python) installer for Windows, installing the client port of the toolkit (GTK+, in this case) and the language bindings (PyGTK) alongside the application.
That's exactly how the Mono desktop applications work: they write their logic in native C# and use GTK+ bindings (GTK#, in most cases) to integrate with the Linux desktop environment.
Any Java application written for the Linux desktop that uses Swing over native desktop bindings is foolish. Each has their place, for sure, but on the desktop integration is everything.
The virus itself is a complicated one. As per the article, it was installed on the system during a mass exploit dubbed Nine-Ball, which was loaded onto 40,000 legitimate websites. Visiting those sites caused the Nine-Ball script to execute, which redirected an iframe to a page containing malicious code which mounts a series of attacks. Those mentioned by the site are:
Exploit MS06-014, which targets the MDAC ActiveX control
Exploit CVE-2006-5820, which targets the AOL SuperBuddy ActiveX control
[Some] targeting Acrobat Reader"
[Some targeting] QuickTime
So basically, an application (browser) visits this malicious page. If that application runs the ActiveX controls mentioned (and presumably Acrobat Reader and/or QuickTime), it was vulnerable to the initial Nine-Ball exploit. IE qualifies for all 4 of those; Firefox can use ActiveX (I believe, with a plugin), but not out of the box... however, it does have plugins for Acrobat Reader and QuickTime.
If any of those vulnerabilities were present with the applicaton visited the iframe, it runs malicious code that installs a crapton of viruses on the host computer, among them the FFSearcher virus.
Once FFSearcher is on your computer, it causes itself to get run all of the time, probably as Administrator. It then proceeds to:
Executes a Windows root-kit to hide its presence
Injects code into browser application processes; for IE, it will inject an IE-specific payload, and for Firefox, it will inject a Firefox-specific payload. Each payload causes the infected browser to do all the malicious redirecting that is described in lower-level detail in the article.
So a nice, clean, and secure IE / Firefox get started up, but Windows, itself infected, loads the virus into them! No vulnerabilities are exploited, here. Since FFSearcher runs as Administrator, everything it does is straightforward and allowed by the system; it can do basically anything. What it chooses to do is target IE and Firefox. Since it's running as Administrator, it doesn't have to exploit any vulnerabilities in either; it just barges in and rewrites parts of them to do its bidding. Administrator can do things like that.
In conclusion, there isn't any vulnerability in IE or Firefox that's involved in FFSearcher, and the only reason FFSearcher doesn't pwn other browsers is because the author didn't bother to write a payload for them, too. FFSearcher, itself, was installed due to some browser vulnerability that happened sometime, and now, permanently present on the system, takes advantage of its Administrator privileges to do some pretty wicked stuff.
You posted good information and a nice perspective. I do agree with what you say, in spirit.
However, let's not forget that neither Microsoft nor Apache, including their coders and contributers, is innocent. They're both competing in an arena to provide drop-in solutions that form a backbone of the most technologically-vast infrastructure in the world (the Internet). There's money to be had, and responsibility comes right alongside it. Your kind of thinking, while very empathetic, is dangerous, as we have to hold these companies to a higher standard of coding.
It's a shame, but tons of people did fail miserably, and the failure could be enough to ruin the lives and livelihood of the victims (even if there are relatively few). Failing that, countless man-hours are being spent addressing, patching, avoiding, and detecting this bug. As small of a coding mistake as it is, it's going to cost a lot of people a lot of money, especially because of the popularity and criticality of the software.
Then again, if high-profile applications were properly jailed (on both Windows and Linux), it wouldn't be much of an issue at all. A lot of people are to blame for this not being pervasively commonplace.
Step 1: Find Copyrighted work
Step 2: Create derivative work without appropriate agreements/contracts
Step 3: Get sent cease and deist letter
Come on guys, wake up. This is someone else's work, you obviously misjudged the company you are dealing with. Why not start something from scratch, so that you don't end up in a situation like this.
This isn't some company stealing IP and creating a franchise. This isn't even a group of people attempting to destroy or dilute Square's market. CT:CE was simply an attempt by fans to continue the (arguably) deceased storyline that they loved.
Fan bases creating not-for-profit derivative works have created, sustained, and/or resurrected numerous corporate franchises, enough so that there's plenty of precedent of intelligent companies taking note of such behavior, supporting and encouraging it (World of Warcraft, Halflife, even Snakes on a Plane). Hell, most of the reason Chrono Trigger is still even relevant is because of its sustained Internet fan base! They complete the feedback loop, providing a voice to the creative consumer in the digital marketplace. This is not about IP; it's the suppression of digital culture itself.
Not only is Square just plain stupid to have let a franchise with clear fan interest die... they're beating that interest out of the community themselves!
I'll end this with a link to a relevant presentation by Lawrence Lessig that I saw posted earlier on/.. It portrays quite nicely why behavior such as that taken by Square is destructive to culture, art, and human interests. Using IP laws to break the feedback loop and force art into a strict producer-consumer model is harmful to everyone in the end.
Perhaps because most of the times when man believes himself wiser than nature we end up learning different.
Nature has no capacity for wisdom. It's a fundamental operation of (almost) any species to modify nature in the interest of its self-preservation. This is just another such undertaking.
What we're seeing, with the lawsuits, TBP, and other similar initiatives, is really just the marketing angle of their plan. They are working to establish the legitimacy of their stance on media "piracy" in the public and political eye.
Working in parallel, covertly at first, are initiatives with various global governments to move past the tiny actions towards a global solution: place wide-sweeping filters on the Internet. The establishment of "piracy" as an immoral, unethical, illegal, and harmful institution is critical to this overall goal, as those are qualities people have been traditionally been amiable to compromising their freedoms to avoid.
Can't stop the Internet? Of course you can! Governments control the backbone! Filter torrent traffic. Many ISPs (in the US, at least) are already doing this. Is it encrypted? Block anonymous encrypted traffic. Going through proxies? Blacklist them. Toss in bandwidth caps (or pay-per-byte billing), mandatory client-side controls, or any of the thousands of other things that computers are capable of doing.
It's really a matter of what the public will accept, and the public image of "piracy" is critical to altering that threshold. The Internet can be stopped, or at least severely hindered. It will be to the severe detriment of humankind, but forces like the RIAA are working diligently to grease those wheels every day.
I am, myself, curious about this. Java seems to have a decent sandbox model already implemented through the JVM and Runtime APIs. Additionally, it is (or can be) platform- and architecture-independent, which seems more conducive towards Internet usage since it doesn't require an x86 instruction set.
While the Applet model is still viable, I think more mature alternatives (Flash, for example) obsolete it. Rather, I would wager Google is targeting two specific scenarios:
Full-scale protected/sandboxed application deployment, as per their Quake example
Browser-based Web 2.0 content control, essentially replacing JavaScript with native code
In the case of (1), a nice sandboxed application API for Java would be more than adequate. Most (or maybe even all) of the work is already done for this, including the signing and distribution of the application code.
(2), which seems really interesting, could still be easily (comparatively) accomplished via a low-level browser control API that is implemented in the various browsers either internally or via add-ons.
Not to knock Google's approach, for it does seem (from what I've read so far) well-thought out. What I am wondering, though, is what advantage they are seeking in choosing directly-native code over something like Java or.NET. If I recall, most modern Java metrics show it performing competitively with native code.
I understand that some of the appeal of NaCl is that they are attempting to provide verifiable proof that any code executed in their environment is secure. However, there looks like there would still be a root of trust in the NaCl implementation just as much as Java sandboxing relies on appropriate JVM implementation. I don't believe it is inherently more secure (although NaCl is likely less complex, so easier to evaluate).
As a research project, NaCl is very cool. However, to reach the goal of web content running at native performance, there are more mature technologies out there such as Java that are also more Internet-conducive. Google shouldn't re-invent the wheel; rather, they should pursue the existing powerful technologies, lay down some API and sandbox groundwork, and push for browser compliance.
Slashdot Mirror
I don't know if they can. I don't see anything explicitly granting permission for this material to be used or distributed publicly. If I were a school, I'd be wary of getting sued for reproducing and distributing materials clearly copyrighted by the RIAA (see the bottom of each PDF).
Taken (without permission) from here, commentary mine:
Can I use file-sharing software to exchange music with other computers?
Although file-sharing software can be legal, the U.S. Supreme Court has ruled unanimously that file-sharing companies can be held responsible for encouraging people to illegally exchange copyrighted material over the Internet in this way.
So it can be legal, but file sharing sites are run by guilty bad guys.
Individuals who use file-sharing sites to upload and download copyrighted music without permission can also be sued or prosecuted.
That's about as straightforward as you can get...
In addition to these risks, file-sharing software gives others direct access to your computer hard drive and any private information, such as medical and financial records, that may be stored there.
Wait ... what? Here they drop their PC "may" and "can", and straight-up say that file sharing software lets others access your important private data. This is a complete lie. It's not even partially true.
File-sharing software also makes computers more vulnerable to viruses, and may contain spyware, which is designed to feed information about your online activities to a third party, impeding your computerâ(TM)s performance in the process.
Also stating absolutely that file sharing software makes your computer slow and puts viruses on it. Also complete bullshit.
If the RIAA were presenting a reasonable view of copyright, I'd applaud them. This is pure FUD bullshit filled with not only bias, but flat-out lies. Any teacher that presents this curriculum should be fired immediately.
While what the RIAA curriculum is teaching might be counter to your moral beliefs (i.e. you may believe that all information should be free and copyright laws are an abomination), unless it is factually inaccurate it doesn't matter.
The part that concerns me is that the RIAA's curriculum is not presenting a fair and unbiased outlook on the copyright situation. The summary points out "fair use" as an example of a topic that's relevant but not discussed to any relevant degree. The message is more or less a mindless list of activities that may be illegal stating outright that they are illegal, and that is incorrect.
The RIAA is (ab)using its power (derived from its financial prowess) to gain an influence in schools and using an influence to spread an incomplete message to kids with the intention of modifying their behavior, their opinions, and their perspective on file sharing en masse. In an open forum, the solution is for an alternative party to present their own material, filling in the blanks and correcting errors and biased statements.
Schools, however, are not open forums. Unfortunately, the alternative parties don't really have the resources to compete with the RIAA, and likely won't be heard in a shouting contest. This leaves schools (and through them, kids, and through them, the future political climate) completely vulnerable to this one-sided propaganda.
Material that is presented in schools ought to be factual and unbiased (hah, but seriously). The rationale for this is that the children aren't necessarily mature, smart enough, and/or capable enough to exhibit their due diligence and perform their own research on the subjects that they are exposed to. They may (and most probably will) accept the school's teachings as unquestioned fact for at least the near future (this is marketed towards kids grades 3-8).
Of course, parents can always step in and attempt to un-bias (or re-bias) the curriculum, and that is their prerogative and their duty, but they can only operate on knowledge that they are aware of. Some will likely undo the RIAA's propaganda, but many will not, and those kids will grow up believing that the RIAA's half-truths are the entire picture.
Ultimately, a school should not use the material directly ... they should petition interested parties and collect relevant information, then forge their own aggregate materials to present to children. However, both myself and the RIAA know full well many schools will take the easy path, and who knows ... with good lobbying, maybe they'll be forced to.
What exactly makes this different from any of the other hundreds of sites with the same popup? Is it just because this is a large, well-known website like the New York Times?
That's my impression. I think the interesting thing here is that the presumption that reputable websites have reputable advertisements has been violated. NYT's advertising policies include the following paragraph:
The Times may decline to accept advertising that is misleading, inaccurate or fraudulent; that makes unfair competitive claims; or that fails to comply with its standards of decency and dignity.
Granted, they don't outright state that the content is prohibited, but they do imply a stance against this type of advertising. This is a clear violation of that intention, and they took the appropriate response. I'd be most interested in knowing if this particular advertisement was intentionally approved, "slipped through" accidentally, or was injected illicitly (e.g., their advertising server was hacked, etc.).
I had the exact same problem a while back. My solution was a little less straightforward than some, but is still simple enough. Basically, I leverage the freeware software Ext2 IFS, which installs software onto Windows that allows it to recognize the contents of Ext2/3 partitions.
Basically, I have my disk formatted with two partitions:
On the FAT32 partition, I place the latest version of Ext2 IFS. When I access the system on my main Linux box, I just mount / use the Ext3 partition.
When I visit friends or family and I plug it into their Windows box for the first time, Windows recognizes the FAT32 partition, so I can install the Ext2 IFS software that I put onto that partition. From then on (and every subsequent access), Windows automatically mounts it!
Windows doesn't reflect the Ext3 permissions, but if you have physical, portable access to an unencrypted hard drive, those mean nothing anyway. And, of course, make sure to ask friends and family before installing filesystem drivers :)
Consider something like cholera. Cholera gives you horrific diarrhea and vomiting, and the resulting dehydration can kill you pretty quickly, especially if you're very young or otherwise infirm. Going by the above-stated theory, that would normally be bad -- except that cholera exists in all your excretions, and other people can catch it from coming into close contact with those excretions. What's more, the normal route of infection is via contaminated water supply -- so if your excretions can make it back to the water supply, more's the better for cholera. Who cares if you drop dead?
Not that I disagree with your conclusion, but I do want to respond to your reasoning. The longer you live, the more you diarrhea, vomit, and get bitten. Over time, in that case, it seems (to me, at least) that a disease that keeps its host alive would reproduce more, and thus be more successful in the long run.
IANAD, but since this would all have been explored during the disease's evolution, I conclude that one of the following is the case:
The list was fun, but the first paragraph was really what I was going for!
Although, that quote is oddly applicable, as blind (along with lame, deaf, and dumb) is more or less the result of the ongoing software patent trends.
I wonder if the request was delivered as a Word document.
Actually, at least in this respect, the vast majority of Americans can answer the questions faster than a Google query:
*yawns* Science is easy.
I agree. While cloud-based applications and communications provide some extremely desirable features, a company's internal communications are its lifeblood. While good arguments can be made to trust this to Google's hosting services, good arguments can be made against it as well.
What Google really should do is provide an appliance - a suite of servers pre-loaded with Google Apps, GMail, etc. - that companies can buy or lease from them and integrate internally. They already do this for many technologies including Google Search and Google Earth.
Does anyone know QtJambi is doing? I heard that Nokia has stopped maintaining it since purchasing trolltech. Is that a big deal, or was it largely community supported to begin with?
I'm not really well-versed on the subject, but I did do some research earlier today, so I'll try and post what I found. It looks like you're correct, insofar as that Qt Software says it will discontinue Qt Jambi. However, in the same press release, they mention that they will host and help maintain a community-driven version, which (I'm guessing) is here. The site itself makes no mention of the project halting, and the front page shows very regular updates, including a FreeBSD port.
I really hope Jambi enjoys continued development. In my opinion, bindings libraries like Qt Jambi are absolutely critical, both to unlocking the power of a language as well as fostering a diverse tool set and developer base for FOSS platforms. Furthermore, when you combine a cross-platform toolkit like Qt with a cross-platform language like Java (or Mono, for that matter), the result is pretty cool. Developers just have to overcome the misconception that Java is for applets/J2EE/embedded, and that the UI face of Java is Swing. It's a language, like any other, with pros, cons, and fans, and (in my opinion) exceptionally suited for desktop application development.
It has nothing to do with language or licensing. Mono is a patent trap for Linux: it holds patented MS technologies that, when more integrated into most Linux distros, can then be used against Linux in court by Microsoft who will sue them all for patent infringement.
Please correct me if I'm wrong, but my understanding is that the Mono project itself is segmented. Some technologies (notably WinForms and ASP.NET) certainly fall under MS parent, but the core technologies (C# and the CLI) are to be licensed under the MS Community Promise, which seems to waive MS's ability to enforce its patents on those specific technologies. This is similar to other FOSS-defensive patents/licenses, where technology is patented and then licensed under a patent waiver.
Just using Mono/C#/CLI doesn't open yourself up to any MS claims, provided you don't use the Mono libraries that don't have their patent enforcement waived. But this is the case with every set of libraries. Applications that want to avoid licensing issues need only avoid using the unfriendly technology, which is very doable with the segmented Mono. That's one reason why Linux Mono desktop applications (like Banshee) use GTK# instead of WinForms. I don't believe Banshee is subject to those patent claims.
Mono is just a tool; with Mono itself being GPL/LGPL and the MS-developed core dotNET patents (C# and CLI) being put under a FOSS-friendly license, it's really in the hands of the developers to ensure that individual applications don't link against MS's patent-enforceable technologies. This puts it on par with every other language, though.
Java is irrelevant for the desktop at this stage and Mono simply isn't welcome on my machines.
If your distribution does a good packaging job, and the licensing is kosher, I'd be interested in hearing a compelling reason why you care what language any given application is written in. My understanding is both are true for major Linux distributions.
Really this kind of end-user snobbery is pointless. Desktop applications should be evaluated on their design, functionality, effectiveness, ease of use, and desktop integration ... not the language they are written in.
A major fault that I've seen in numerous sub-threads is the idea that a Java user interface equals Swing. It most certainly does not. Swing is merely Java's complete pure-Java (i.e. cross-platform) user interface geared towards providing a unified look-and-feel. In this respect, it does a good job. While there's nothing inherently wrong with it from a toolkit perspective, it is absolutely not appropriate for usage on the Linux desktop.
Programming for the Linux desktop means more than producing a windowed application; one must integrate their application, both in terms of user interface consistency and application interoperabililty, with a major desktop distribution. Specifically, I'm talking about Linux's "big two" desktop environments, KDE + Qt and GNOME + GTK+. While each of these environments have their preferred languages (C++ and C respectively), many other languages have no issues whatsoever being tightly integrated into them via bindings.
Java is no exception! In Java, I can program a wonderful GNOME/GTK+ application just fine with java-gnome. Similarly, I can program a Qt4 application with Qt Jambi (although I can't seem to find an equivalent KDE4 bindings library) in Java. An application written in either will appear and operate on par with any application written in other languages, either natively (via C or C++) or via another bindings library (Python has a ton of bindings).
Furthermore, just like GTK+ and Qt have cross-platform capability, so do the bindings, and if the appropriate binding library for a given platform is installed on that platform, the Java application, too, will be able to be cross-platform without modification. This is, of course, the job of the distribution and/or installer software, but operates similar to the Deluge (Python) installer for Windows, installing the client port of the toolkit (GTK+, in this case) and the language bindings (PyGTK) alongside the application.
That's exactly how the Mono desktop applications work: they write their logic in native C# and use GTK+ bindings (GTK#, in most cases) to integrate with the Linux desktop environment.
Any Java application written for the Linux desktop that uses Swing over native desktop bindings is foolish. Each has their place, for sure, but on the desktop integration is everything.
The virus itself is a complicated one. As per the article, it was installed on the system during a mass exploit dubbed Nine-Ball, which was loaded onto 40,000 legitimate websites. Visiting those sites caused the Nine-Ball script to execute, which redirected an iframe to a page containing malicious code which mounts a series of attacks. Those mentioned by the site are:
So basically, an application (browser) visits this malicious page. If that application runs the ActiveX controls mentioned (and presumably Acrobat Reader and/or QuickTime), it was vulnerable to the initial Nine-Ball exploit. IE qualifies for all 4 of those; Firefox can use ActiveX (I believe, with a plugin), but not out of the box... however, it does have plugins for Acrobat Reader and QuickTime.
If any of those vulnerabilities were present with the applicaton visited the iframe, it runs malicious code that installs a crapton of viruses on the host computer, among them the FFSearcher virus.
Once FFSearcher is on your computer, it causes itself to get run all of the time, probably as Administrator. It then proceeds to:
So a nice, clean, and secure IE / Firefox get started up, but Windows, itself infected, loads the virus into them! No vulnerabilities are exploited, here. Since FFSearcher runs as Administrator, everything it does is straightforward and allowed by the system; it can do basically anything. What it chooses to do is target IE and Firefox. Since it's running as Administrator, it doesn't have to exploit any vulnerabilities in either; it just barges in and rewrites parts of them to do its bidding. Administrator can do things like that.
In conclusion, there isn't any vulnerability in IE or Firefox that's involved in FFSearcher, and the only reason FFSearcher doesn't pwn other browsers is because the author didn't bother to write a payload for them, too. FFSearcher, itself, was installed due to some browser vulnerability that happened sometime, and now, permanently present on the system, takes advantage of its Administrator privileges to do some pretty wicked stuff.
You posted good information and a nice perspective. I do agree with what you say, in spirit.
However, let's not forget that neither Microsoft nor Apache, including their coders and contributers, is innocent. They're both competing in an arena to provide drop-in solutions that form a backbone of the most technologically-vast infrastructure in the world (the Internet). There's money to be had, and responsibility comes right alongside it. Your kind of thinking, while very empathetic, is dangerous, as we have to hold these companies to a higher standard of coding.
It's a shame, but tons of people did fail miserably, and the failure could be enough to ruin the lives and livelihood of the victims (even if there are relatively few). Failing that, countless man-hours are being spent addressing, patching, avoiding, and detecting this bug. As small of a coding mistake as it is, it's going to cost a lot of people a lot of money, especially because of the popularity and criticality of the software.
Then again, if high-profile applications were properly jailed (on both Windows and Linux), it wouldn't be much of an issue at all. A lot of people are to blame for this not being pervasively commonplace.
Step 1: Find Copyrighted work Step 2: Create derivative work without appropriate agreements/contracts Step 3: Get sent cease and deist letter
Come on guys, wake up. This is someone else's work, you obviously misjudged the company you are dealing with. Why not start something from scratch, so that you don't end up in a situation like this.
This isn't some company stealing IP and creating a franchise. This isn't even a group of people attempting to destroy or dilute Square's market. CT:CE was simply an attempt by fans to continue the (arguably) deceased storyline that they loved.
Fan bases creating not-for-profit derivative works have created, sustained, and/or resurrected numerous corporate franchises, enough so that there's plenty of precedent of intelligent companies taking note of such behavior, supporting and encouraging it (World of Warcraft, Halflife, even Snakes on a Plane). Hell, most of the reason Chrono Trigger is still even relevant is because of its sustained Internet fan base! They complete the feedback loop, providing a voice to the creative consumer in the digital marketplace. This is not about IP; it's the suppression of digital culture itself.
Not only is Square just plain stupid to have let a franchise with clear fan interest die ... they're beating that interest out of the community themselves!
I'll end this with a link to a relevant presentation by Lawrence Lessig that I saw posted earlier on /.. It portrays quite nicely why behavior such as that taken by Square is destructive to culture, art, and human interests. Using IP laws to break the feedback loop and force art into a strict producer-consumer model is harmful to everyone in the end.
Perhaps because most of the times when man believes himself wiser than nature we end up learning different.
Nature has no capacity for wisdom. It's a fundamental operation of (almost) any species to modify nature in the interest of its self-preservation. This is just another such undertaking.
What we're seeing, with the lawsuits, TBP, and other similar initiatives, is really just the marketing angle of their plan. They are working to establish the legitimacy of their stance on media "piracy" in the public and political eye.
Working in parallel, covertly at first, are initiatives with various global governments to move past the tiny actions towards a global solution: place wide-sweeping filters on the Internet. The establishment of "piracy" as an immoral, unethical, illegal, and harmful institution is critical to this overall goal, as those are qualities people have been traditionally been amiable to compromising their freedoms to avoid.
Can't stop the Internet? Of course you can! Governments control the backbone! Filter torrent traffic. Many ISPs (in the US, at least) are already doing this. Is it encrypted? Block anonymous encrypted traffic. Going through proxies? Blacklist them. Toss in bandwidth caps (or pay-per-byte billing), mandatory client-side controls, or any of the thousands of other things that computers are capable of doing.
It's really a matter of what the public will accept, and the public image of "piracy" is critical to altering that threshold. The Internet can be stopped, or at least severely hindered. It will be to the severe detriment of humankind, but forces like the RIAA are working diligently to grease those wheels every day.
I am, myself, curious about this. Java seems to have a decent sandbox model already implemented through the JVM and Runtime APIs. Additionally, it is (or can be) platform- and architecture-independent, which seems more conducive towards Internet usage since it doesn't require an x86 instruction set.
While the Applet model is still viable, I think more mature alternatives (Flash, for example) obsolete it. Rather, I would wager Google is targeting two specific scenarios:
In the case of (1), a nice sandboxed application API for Java would be more than adequate. Most (or maybe even all) of the work is already done for this, including the signing and distribution of the application code.
(2), which seems really interesting, could still be easily (comparatively) accomplished via a low-level browser control API that is implemented in the various browsers either internally or via add-ons.
Not to knock Google's approach, for it does seem (from what I've read so far) well-thought out. What I am wondering, though, is what advantage they are seeking in choosing directly-native code over something like Java or .NET. If I recall, most modern Java metrics show it performing competitively with native code.
I understand that some of the appeal of NaCl is that they are attempting to provide verifiable proof that any code executed in their environment is secure. However, there looks like there would still be a root of trust in the NaCl implementation just as much as Java sandboxing relies on appropriate JVM implementation. I don't believe it is inherently more secure (although NaCl is likely less complex, so easier to evaluate).
As a research project, NaCl is very cool. However, to reach the goal of web content running at native performance, there are more mature technologies out there such as Java that are also more Internet-conducive. Google shouldn't re-invent the wheel; rather, they should pursue the existing powerful technologies, lay down some API and sandbox groundwork, and push for browser compliance.