I think this is a good point. Technology designed by humans will always tend to be defeatable by other technology also designed by humans. We see this in many other arenas of life as well: we have nuclear weapons, so do they; I have a Club, he has a freon can; I have a lock, he has a drill.
Nobody insists credit card numbers on shopping receipts be obscured by moire patterns or shredded by a "trusted" authority. In fact, in RL almost anyone you meet or interact with has the *technical* capacity to rip you off.
I believe these problems will be addressed in the computer world, as they have been in RL, through social and legal means, not technological.
Interesting. The article seems to spend too much attention on irrelevancies like the programmers' clothing and personal lives, but it also describes the process they use. For those who don't want to dig through the article:
Spec comes before implementation. If you want to make a change, you spec it first, then everyone meets and talks about the spec, then once they all agree you can make the change.
A friendly rivalry between coders and testers. "Fix those bugs, can't let the testers find anything" / "Can't let them slip a shoddy one through, let's do our best to break their system".
When a mistake turns up, don't blame the people involved - blame the process, *then fix it so it won't let the mistake happen again*. Thus, the process gets better and better - and the process, of course, lives as long as the task, surviving changes of team - and people aren't encouraged to hide their mistakes.
Big database tracking every line of code, all changes made, all errors found, fixed, how, with explanation. I'm not so sure how this could be done effectively, but it sure must create lots of automated reference material, provided you can navigate it correctly (not heuristically, this has to work 100% of the time). This must help some with the previous step.
If the system fails and someone dies, who could be sued? For that matter, who's really responsible?
The GPL makes a point of disclaiming all warranties and establishing a use-at-your-own-risk understanding.
Would that stand up in court though? Perhaps some liability can't be disclaimed. Who is sued then? Say they bought a distro. Is the distributor at fault? If they got it free, can they blame who gave it to them? Does getting it free erase giver's liability?
Could they hunt down the person responsible for the offending code and sue them?
Should this company be responsible for verifying that every line of the OS works right? Hell no - that's impossible for a single company that didn't design it. Should they then be using an OS that NOBODY has checked in this way?
Should the Linux community stand up and tell them, "this isn't a good idea. Nobody is ABSOLUTELY sure this code won't fail. Someone could die unless you use a better-checked product"?
Perhaps someone should hire marketing, distribution, and QA engineers, and sell a fault-checked Linux.
Ah, maybe you should go outside, take a walk, note the clothes on your back, the food in your belly, the roof on your house. Your ability to rest two days out of seven instead of working, and to say whatever you want to in public forums.
CNN reported today that the the new model Ford Taurus is equipped with a mechanical arm and sensor that waits until darkness, then explores your garage, looking for non-Ford vehicles, and if it finds them destroys them with a mechanically launched grenade.
"!!!!" "!!!!" said customers in horror.
"We believe we're doing them a favor," said a spokesperson from Ford. "They might own substandard non-Ford vehicles. By demolishing these junkheaps we're helping them upgrade to a better car."
"Like our new SUV, for example," he continued, whipping out an ad chart, "the most innovative and comfortable road experience yet."
But a spokesperson for consumers said, "!!", making incoherent sounds of frustration before throttling himself with his own necktie.
If this so-called "ordnance marketing" campaign proceeds as planned, Ford may expand it to older-model Fords, its spokesperson says. "Any less would be selling our customers short!"
The article analyzes which candidates have the best presence on the Internet, with supporting evidence, but makes no guesses as to how much the Internet will affect the election.
I greatly fear I'm stepping into a flamewar here, but I see something I enjoy and value being threatened.
I thought this story was interesting, and spawned an interesting and thought-provoking discussion. More like it (even if a post is off-base or poorly informed, that it raises a lot of issues and shakes loose information) will keep me happy.
It wasn't the kind of thing I'd expect to see/find on ABC Nightly, but to me this is a feature, not a bug. I value Slashdot for the way it bucks the tendency of so many information sources to filter and grind their information into baby food so it can be spoon-fed to an unthinking audience. Slashdot trusts me to do my own filtering, and I prefer to.
I didn't find a straight answer as to whether someone could license their rights to organizations or only to individuals. The "work-fo r-hire" part seems to indicate the attitude behind the law: someone working for hire cedes rights thus obtained to their employer or employers. This is explicitly applied to authorship rights. It might apply to licensee rights and duties too; so if a person becomes a licensee - or if something happens to trigger one of their rights as a licensee (more likely with GPL) - in the course of work for hire, the rights and duties thus incurred might be transferred to their employer.
This would let an organization do what was posted about before, keeping source locked away while releasing binaries to their employees.
Interesting asides (the law is worth reading or searching for "interesting" bits, despite its complexity):
Check out Chapter 102. Looks to me like copyrights are mostly meant to apply to arts and entertainment. They explicitly don't apply to "procedures", "processes", or "systems". Other parts mention computer software, but usually focus on games. Do copyrights apply to non-entertainment software at all? Perhaps patents are more appropriate?
Chapter 107, on "fair use": "criticism, comment, news reporting, teaching, scholarship, or research" are not infringements of copyright. Since licenses are transfers of copyright-derived rights, I'd say this makes no-benchmarking, no-review-writing, and no-reverse-engineering (research) license clauses invalid, especially for non-commercial licensees, state laws like the proposed UCITA nonwithstanding.
I'm not sure whether licensees can be organizations or just individuals. That affects this.
Assuming an organization can be a single GPL licensor or licensee:
A licensor can sue a licensee, or a licensee a licensor, for damages to them caused by license violation.
If a provider has given the software to anyone before, they are already licensor and every other person and organization in the world is already a licensee. If this is the first time they're giving it to anyone, they become a licensor and all others become licensees.
Org could sue Provider for damages caused to it by breaches of the provider's duties as licensor (for example, trying to give them binaries without source), or Provider could sue Org for damage (to their reputation, say) caused by Org's breach of its duties as licensee.
Two branches from here: (1) Org is licensee as an organization, and its employees are part of it. Its employees are not individual licensees. (2) Employees are themselves single licensees if they receive the software from other parts of Org, and Org is their licensor.
(1) Org becomes a licensor through its employee's action, and everyone in the world becomes a licensee. Org's provider, or those who receive the binaries, can sue Org for damages unless it also gives source to the same people. Org can't sue its employee for license breach, because no license has passed between it and its employee.
(2) Org could sue an employee who distributes source without binaries. But it's required to give source to employees on their demand!
Conclusion: Org can't sue Employee for GPL breach, unless Employee had access to source but tried to give away only binaries.
I'm not sure of this following part. Either or both cases may allow an employee who rebelliously gives out "company" GPL'd software to be fired and/or sued for breach of employment contract. It could be that in case (2), Org's acceptance of the GPL prohibits it from entering conflicting agreements (like an employment contract prohibiting the employee from distributing in-house GPL'd software), or (if the employee was hired before Org got the software) that such existing contracts with its employees really prohibited it from legally accepting the conflicting GPL.
I don't think so. Microsoft could have gone on to coerce hardware manufacturers into keeping their specs secret, for example, which would have killed free OS's dead.
"you" is the licensee (sec. 0); "all third parties" is everyone else in the world, not just those who receive the software.
This means: If you change a GPL'd thing, you must "license" it to the rest of the world (giving them your same rights to it if they can get at it), but you don't have to actually give it to them.
Of the people you choose to give it to, you can't give them binaries without source.
-----------------
I figure the NSA thinks it'd be good for national security if the nation's comptuer infrastructure wasn't full of simple-minded security holes. They're going to develop this and release it free to the public.
The evil you know, the evil you don't... I have virtually no social or love life, but I have a decent, useful, and well-paying job. What if sacrificing this and running off into the unknown wouldn't gain me anything, or anything I value? It's a known sacrifice for an unknown chance of gain. It may suck to be lonely, but it would suck even worse to be lonely, unemployed, bored, and broke.
I don't think that those in the tech industry know what they want any better than the average person. That is, they've got an idea, but the details aren't really worked out.
Kind of an aside, but - I don't think people used to be like this. If I tried to configure Sendmail but didn't want to worry about the details, I wouldn't get very far. Perhaps a lot of life is like this.
I'll offer a dissenting view. Don't do anything stupid, V. Not to say you should choose one way or the other, but the "love is beyond earthly cares" approach is seriously naive.
I met my first girlfriend under circumstances forcing us to be apart the following year. We both blew it off, assuming it wouldn't cause significant trouble. It was all pretty and idyllic.
We broke up eight months later, after two months of the most vicious emotional mayhem of my life. In retrospect, trying to keep it up at a distance was mostly responsible. This turned what could have been a good experience, or lasting mutual happiness (played right), into a net loss.
For those who don't want to sift thru legalese, under their new policy you lose a domain to someone if: (1) you have it only to sell it back to them; (2) you have it only to stop them from using it; (3) they're your business competitor and you're using it to "disrupt" their business; or (4) you're impersonating them or faking their sponsorship for commercial gain.
1 and 2 are reasonable, 3 would be a problem if it applied to just anyone (people satirizing or criticizing the trademark owner a la gwbush.com) but is OK restricted to business competitors, and 4 is alright in spirit but could be misused by broad interpretation ("That guy whose last name matches our paint company's trademark is using the disputed domain name to attract customers to his tax consulting business", etc.)
Mostly seems a pretty fair set of rules against both cybersquatting and domain bullying. Exception is that vague 4 may still allow some bullying.
I think User Friendly is funny, but the culture wars between "techies" and "non-techies" frustrate and depress me.
When I worked at tech support (in a hospital), I understood that the people I was supporting were hired to care for sick people, keep track of expenses and reimbursement, etc., not to fix computers. Fixing computers was my job.
Not to explain to them how they could fix it themselves, not even to make the exact changes they knew how to ask for, but to understand what they needed the computers to do and make sure the computers could.
Often this took me all day. Every minute a nurse, security guard, surgeon,... spends fighting his/her computer is a minute they're not caring for someone, keeping an eye out, or curing a disease. That's why tech support people are necessary.
I'm aware I was in the cushier and more idealistic end of the job category. I'll bet sitting in one place answering call after call from some angry joe who wants his porn fix but can't get his screen name to work and takes it all out on you can be real frustrating. But for those of you who spend most of the day browsing or playing Ultima Online, then go out with your buddies and crack about those idiots who pay your salary, you should take a look at your bank account and find less insulting stuff to circulate.
It'd be nice to have a system - on any OS - where you do ONE THING, or it's even automatic at reboot, and the system updates itself with all the latest patches from a website. Not "sit down and read through 50 300-page books, then spend a week fighting the machine". Not "spend 12 hours searching the web to make sure you've got everything". ONE THING.
I think trust is an important consideration for NG's, even between people nominally on the same side, like family members, friends, business partners, supplier and customer,... NG's rarely if ever say what they mean, instead of what they want other people to hear.
If an NG writing a geek article didn't know that geeks are not like this, s/he wouldn't expect an honest answer from a geek, and so wouldn't ask one. Instead, s/he'd draw his/er own conclusions and write them.
Why the other NG's will listen to this NG but not to an actual geek seems to have something to do with NG trust priorities, but the complexities of this culture are really beyond me.
Possibly an alien thing is always untrusted - unknown, thought not worth studying, and therefore unpredictable and untrusted. But then why write the article at all?
Perhaps an alien thing is thought unimportant as long as it appears to deliver no value to NG's; then if it becomes valuable, there is a gray zone where it is still unknown (=> untrusted) but it is important to learn more, so trusted NG's are given the task of studying it and reporting.
Or perhaps NG's don't understand the unimportance of trust maneuverings to geeks, and construe a geek's failure to seek the trust of NG's as actual untrustworthiness.
Sounds like a fair and empirical test to me: set up two boxes with customary tools and security measures, then let people try to hack them. The conclusion: Linux security needs work.
Slashdot Mirror
I think this is a good point. Technology designed by humans will always tend to be defeatable by other technology also designed by humans. We see this in many other arenas of life as well: we have nuclear weapons, so do they; I have a Club, he has a freon can; I have a lock, he has a drill.
Nobody insists credit card numbers on shopping receipts be obscured by moire patterns or shredded by a "trusted" authority. In fact, in RL almost anyone you meet or interact with has the *technical* capacity to rip you off.
I believe these problems will be addressed in the computer world, as they have been in RL, through social and legal means, not technological.
Interesting. The article seems to spend too much attention on irrelevancies like the programmers' clothing and personal lives, but it also describes the process they use. For those who don't want to dig through the article:
Spec comes before implementation. If you want to make a change, you spec it first, then everyone meets and talks about the spec, then once they all agree you can make the change.
A friendly rivalry between coders and testers. "Fix those bugs, can't let the testers find anything" / "Can't let them slip a shoddy one through, let's do our best to break their system".
When a mistake turns up, don't blame the people involved - blame the process, *then fix it so it won't let the mistake happen again*. Thus, the process gets better and better - and the process, of course, lives as long as the task, surviving changes of team - and people aren't encouraged to hide their mistakes.
Big database tracking every line of code, all changes made, all errors found, fixed, how, with explanation. I'm not so sure how this could be done effectively, but it sure must create lots of automated reference material, provided you can navigate it correctly (not heuristically, this has to work 100% of the time). This must help some with the previous step.
If the system fails and someone dies, who could be sued? For that matter, who's really responsible?
The GPL makes a point of disclaiming all warranties and establishing a use-at-your-own-risk understanding.
Would that stand up in court though? Perhaps some liability can't be disclaimed. Who is sued then? Say they bought a distro. Is the distributor at fault? If they got it free, can they blame who gave it to them? Does getting it free erase giver's liability?
Could they hunt down the person responsible for the offending code and sue them?
Should this company be responsible for verifying that every line of the OS works right? Hell no - that's impossible for a single company that didn't design it. Should they then be using an OS that NOBODY has checked in this way?
Should the Linux community stand up and tell them, "this isn't a good idea. Nobody is ABSOLUTELY sure this code won't fail. Someone could die unless you use a better-checked product"?
Perhaps someone should hire marketing, distribution, and QA engineers, and sell a fault-checked Linux.
Ah, maybe you should go outside, take a walk, note the clothes on your back, the food in your belly, the roof on your house. Your ability to rest two days out of seven instead of working, and to say whatever you want to in public forums.
Perspective is a great and important thing.
CNN reported today that the the new model Ford Taurus is equipped with a mechanical arm and sensor that waits until darkness, then explores your garage, looking for non-Ford vehicles, and if it finds them destroys them with a mechanically launched grenade.
"!!!!" "!!!!" said customers in horror.
"We believe we're doing them a favor," said a spokesperson from Ford. "They might own substandard non-Ford vehicles. By demolishing these junkheaps we're helping them upgrade to a better car."
"Like our new SUV, for example," he continued, whipping out an ad chart, "the most innovative and comfortable road experience yet."
But a spokesperson for consumers said, "!!", making incoherent sounds of frustration before throttling himself with his own necktie.
If this so-called "ordnance marketing" campaign proceeds as planned, Ford may expand it to older-model Fords, its spokesperson says. "Any less would be selling our customers short!"
The article analyzes which candidates have the best presence on the Internet, with supporting evidence, but makes no guesses as to how much the Internet will affect the election.
I greatly fear I'm stepping into a flamewar here, but I see something I enjoy and value being threatened.
I thought this story was interesting, and spawned an interesting and thought-provoking discussion. More like it (even if a post is off-base or poorly informed, that it raises a lot of issues and shakes loose information) will keep me happy.
It wasn't the kind of thing I'd expect to see/find on ABC Nightly, but to me this is a feature, not a bug. I value Slashdot for the way it bucks the tendency of so many information sources to filter and grind their information into baby food so it can be spoon-fed to an unthinking audience. Slashdot trusts me to do my own filtering, and I prefer to.
Keep 'em coming, Rob.
Here is U.S. copyight law: http://www.law.cornell.ed u/copyright/copyright.table.html
I didn't find a straight answer as to whether someone could license their rights to organizations or only to individuals. The "work-fo r-hire" part seems to indicate the attitude behind the law: someone working for hire cedes rights thus obtained to their employer or employers. This is explicitly applied to authorship rights. It might apply to licensee rights and duties too; so if a person becomes a licensee - or if something happens to trigger one of their rights as a licensee (more likely with GPL) - in the course of work for hire, the rights and duties thus incurred might be transferred to their employer.
This would let an organization do what was posted about before, keeping source locked away while releasing binaries to their employees.
Interesting asides (the law is worth reading or searching for "interesting" bits, despite its complexity):
Check out Chapter 102.
Looks to me like copyrights are mostly meant to apply to arts and entertainment. They explicitly don't apply to "procedures", "processes", or "systems". Other parts mention computer software, but usually focus on games. Do copyrights apply to non-entertainment software at all? Perhaps patents are more appropriate?
Chapter 107, on "fair use":
"criticism, comment, news reporting, teaching, scholarship, or research" are not infringements of copyright. Since licenses are transfers of copyright-derived rights, I'd say this makes no-benchmarking, no-review-writing, and no-reverse-engineering (research) license clauses invalid, especially for non-commercial licensees, state laws like the proposed UCITA nonwithstanding.
I'm not sure whether licensees can be organizations or just individuals. That affects this.
Assuming an organization can be a single GPL licensor or licensee:
A licensor can sue a licensee, or a licensee a licensor, for damages to them caused by license violation.
If a provider has given the software to anyone before, they are already licensor and every other person and organization in the world is already a licensee. If this is the first time they're giving it to anyone, they become a licensor and all others become licensees.
Org could sue Provider for damages caused to it by breaches of the provider's duties as licensor (for example, trying to give them binaries without source), or Provider could sue Org for damage (to their reputation, say) caused by Org's breach of its duties as licensee.
Two branches from here:
(1) Org is licensee as an organization, and its employees are part of it. Its employees are not individual licensees.
(2) Employees are themselves single licensees if they receive the software from other parts of Org, and Org is their licensor.
(1)
Org becomes a licensor through its employee's action, and everyone in the world becomes a licensee. Org's provider, or those who receive the binaries, can sue Org for damages unless it also gives source to the same people.
Org can't sue its employee for license breach, because no license has passed between it and its employee.
(2)
Org could sue an employee who distributes source without binaries. But it's required to give source to employees on their demand!
Conclusion: Org can't sue Employee for GPL breach, unless Employee had access to source but tried to give away only binaries.
I'm not sure of this following part. Either or both cases may allow an employee who rebelliously gives out "company" GPL'd software to be fired and/or sued for breach of employment contract. It could be that in case (2), Org's acceptance of the GPL prohibits it from entering conflicting agreements (like an employment contract prohibiting the employee from distributing in-house GPL'd software), or (if the employee was hired before Org got the software) that such existing contracts with its employees really prohibited it from legally accepting the conflicting GPL.
I don't think so. Microsoft could have gone on to coerce hardware manufacturers into keeping their specs secret, for example, which would have killed free OS's dead.
"you" is the licensee (sec. 0); "all third parties" is everyone else in the world, not just those who receive the software.
This means:
If you change a GPL'd thing, you must "license" it to the rest of the world (giving them your same rights to it if they can get at it), but you don't have to actually give it to them.
Of the people you choose to give it to, you can't give them binaries without source.
-----------------
I figure the NSA thinks it'd be good for national security if the nation's comptuer infrastructure wasn't full of simple-minded security holes. They're going to develop this and release it free to the public.
The evil you know, the evil you don't... I have virtually no social or love life, but I have a decent, useful, and well-paying job. What if sacrificing this and running off into the unknown wouldn't gain me anything, or anything I value? It's a known sacrifice for an unknown chance of gain. It may suck to be lonely, but it would suck even worse to be lonely, unemployed, bored, and broke.
I don't think that those in the tech industry know what they want any better than the average person. That is, they've got an idea, but the details aren't really worked out.
Kind of an aside, but - I don't think people used to be like this. If I tried to configure Sendmail but didn't want to worry about the details, I wouldn't get very far. Perhaps a lot of life is like this.
I'll offer a dissenting view. Don't do anything stupid, V. Not to say you should choose one way or the other, but the "love is beyond earthly cares" approach is seriously naive.
I met my first girlfriend under circumstances forcing us to be apart the following year. We both blew it off, assuming it wouldn't cause significant trouble. It was all pretty and idyllic.
We broke up eight months later, after two months of the most vicious emotional mayhem of my life. In retrospect, trying to keep it up at a distance was mostly responsible. This turned what could have been a good experience, or lasting mutual happiness (played right), into a net loss.
For those who don't want to sift thru legalese, under their new policy you lose a domain to someone if:
(1) you have it only to sell it back to them;
(2) you have it only to stop them from using it;
(3) they're your business competitor and you're using it to "disrupt" their business; or
(4) you're impersonating them or faking their sponsorship for commercial gain.
1 and 2 are reasonable, 3 would be a problem if it applied to just anyone (people satirizing or criticizing the trademark owner a la gwbush.com) but is OK restricted to business competitors, and 4 is alright in spirit but could be misused by broad interpretation ("That guy whose last name matches our paint company's trademark is using the disputed domain name to attract customers to his tax consulting business", etc.)
Mostly seems a pretty fair set of rules against both cybersquatting and domain bullying. Exception is that vague 4 may still allow some bullying.
I think User Friendly is funny, but the culture wars between "techies" and "non-techies" frustrate and depress me.
... spends fighting his/her computer is a minute they're not caring for someone, keeping an eye out, or curing a disease. That's why tech support people are necessary.
When I worked at tech support (in a hospital), I understood that the people I was supporting were hired to care for sick people, keep track of expenses and reimbursement, etc., not to fix computers. Fixing computers was my job.
Not to explain to them how they could fix it themselves, not even to make the exact changes they knew how to ask for, but to understand what they needed the computers to do and make sure the computers could.
Often this took me all day. Every minute a nurse, security guard, surgeon,
I'm aware I was in the cushier and more idealistic end of the job category. I'll bet sitting in one place answering call after call from some angry joe who wants his porn fix but can't get his screen name to work and takes it all out on you can be real frustrating. But for those of you who spend most of the day browsing or playing Ultima Online, then go out with your buddies and crack about those idiots who pay your salary, you should take a look at your bank account and find less insulting stuff to circulate.
This isn't exactly a Robinson Crusoe-like survival contest. It's a simulation of cannibalism.
Several people stranded together. At regular intervals, one of them must go; which one is decided by group will.
The only part that doesn't fit is the last vote, where the ghosts of the eaten decide the fate of the survivors.
It'd be nice to have a system - on any OS - where you do ONE THING, or it's even automatic at reboot, and the system updates itself with all the latest patches from a website. Not "sit down and read through 50 300-page books, then spend a week fighting the machine". Not "spend 12 hours searching the web to make sure you've got everything". ONE THING.
NY Times has never spammed me.
I think trust is an important consideration for NG's, even between people nominally on the same side, like family members, friends, business partners, supplier and customer, ... NG's rarely if ever say what they mean, instead of what they want other people to hear.
If an NG writing a geek article didn't know that geeks are not like this, s/he wouldn't expect an honest answer from a geek, and so wouldn't ask one. Instead, s/he'd draw his/er own conclusions and write them.
Why the other NG's will listen to this NG but not to an actual geek seems to have something to do with NG trust priorities, but the complexities of this culture are really beyond me.
Possibly an alien thing is always untrusted - unknown, thought not worth studying, and therefore unpredictable and untrusted. But then why write the article at all?
Perhaps an alien thing is thought unimportant as long as it appears to deliver no value to NG's; then if it becomes valuable, there is a gray zone where it is still unknown (=> untrusted) but it is important to learn more, so trusted NG's are given the task of studying it and reporting.
Or perhaps NG's don't understand the unimportance of trust maneuverings to geeks, and construe a geek's failure to seek the trust of NG's as actual untrustworthiness.
Sounds like a fair and empirical test to me: set up two boxes with customary tools and security measures, then let people try to hack them. The conclusion: Linux security needs work.