Effectively, GPL locks out companies from using thier code directly.
On the contrary: the GPL allows any company to use the licensed code. They just can't re-release it under a non-GPL license.
As an interesting twist, this means that IBM has a say in whether LInux goes proprietary. I leave as an exercise for the reader to determine whether this could pose a problem later.
Every implementation must support 3DES, and y'know, 3DES has a twenty-five year track record of turning brilliant cryptanalysts into burned-out alcoholic wrecks.
If I had a mod point, I'd mod you up +1 Funny just for that image. Then again, I'm one sick dude.
Work on GnuPG was proceeding well before the patent on RSA expired; GnuPG uses a completely different algorithm (ElGamal, which uses discrete logs) for public-key encryption. ElGamal was technically covered by the Diffie-Hellman, but that expired in 1997. Click here for a brief description of ElGamal.
That having been said, I agree with you whole-heartedly that RMS's hard-headedness about PGP is our saving grace. Thankfully, we now have a PGP replacement that is just as effective, if slightly less user-friendly right now, as the original; and which is also useful for commercial enterprises (unlike the "free" version of PGP).
So let me ask this: why are you doing all these things?
Part of the reason why I got as much into math, physics and computers as I did, is because I wanted to live in the Star Wars world, even if I had to build it myself. I want to live in a world with zooming spaceships, robots, faster than light travel/communications, etc. If I can contribute a little bit to building that kind of world, then I'll be happy.
OK, I know, zero out of ten for realism, but hey, life isn't life without dreams. And thinking about function subspaces is more fun when you have Darth Vader's theeme going through your head. (The Beatles are better for Galois groups, strictly IMO.)
have your pick of more lucsious young firm jiggly females than I can even remember...
No no no...this boy's a geek, remember? I don't know about you, but those lucsious young firm jiggly females didn't give me so much as time of day in college (although they did occasionally throw beer cans at me from moving cars.. sometimes those cans were even almost empty). Double majors in math/cs aren't terribly sexy, even in leather jackets.
If you want to sell this kid on college, how about this: the really good CS schools, e.g., big ten, have some of the most technically imaginative people you'll ever meet. That alone could lead you to great things. Even the second-tier schools will get your creative juices flowing. And a college degree with a good GPA will open doors that otherwise would remain hermetically sealed. In rotten times (like these), they can make the difference between working contracts and flipping burgers. These days that definitely rocks harder than being a sex object for a legion of young, jiggly babes (but if you can get that too, then go for it.)
Re:"Spider-Man" To Cost Economy $300,000,000
on
Review: Spiderman
·
· Score: 1
I think it's more my own fault than that of the President, although I share your dislike of him.
It occurred to me lately that maybe it was my attitude that was getting in the way...I thought I was hot shit because of everything I'd done before. That's nonsense; the fact is, I have a lot of education, but I'm lacking experience, and my resume reflects this. I've gone through an attitude adjustment since then, partially due to this realization, mostly due to the fact
that I had actual work last week (Good news: finished the project ahead of schedule, no mistakes. Bad news: I get paid less. C'est la vie!)
In any case, some things are starting to pop up. Nothing exciting, but I'll take it. I'd rather live in Portland (where I know people) and write Visual Basic (or even move boxes of files around) for $25k, than live in New York City (where I know nobody) and write C++ for $200k. (I guess that means I'm not serious about my career; oh well. As long as I'm serious about doing an outstanding job; that should be enough once I get hired.)
Re:"Spider-Man" To Cost Economy $300,000,000
on
Review: Spiderman
·
· Score: 2
you do know/. is populated by geeks who are slacking off at work, don't you?
Speak for yourself! Some of us don't have jobs to slack off from!:)
If anything, that should slightly offset the $300 mil in damage caused by the next few weeks' openings.
I was a big fan of John McCain when he was running for President. He shakes things up politically, but has enough tact to get work done.
You'd think...problem is, it's his lack of tact that destroyed his campaign in the first place. He lost his temper during a radio interview with Michael Reagan, and Rush Limbaugh broadcast it all over the place at the behest of GOP apparachiks. McCain didn't have a chance after that.
I'd definitely rather have McCain than Bush right now. And I'd rather have Janet Reno in the White House than either of them. (Yes, she's anti-crypto, but that happens to everyone who gets to the White House. Just look what's become of "pro-privacy" John Ashcroft.)
Your reasoning makes perfect sense to investors like my grandfather; but I suspect that Microsoft investors, like dot-com investors of old, purchase Microsoft stock on the expectation of capital gains, not on the expectation of dividends.
In fact, it seems to me that this is the reason why most investors buy stock these days, including institutional investors. The rules have changed...possibly for the worse.
More Best Buy Shennanigans
on
Worst Buy
·
· Score: 4, Insightful
Here's another data point to consider, a story about how
Best Buy gave a customer a hard time, apparently, for buying something besides their top-of-the-line sattelite system.
I know it's going to be years before I make a purchase from Best Buy again...they're going to have go to a very long way to recover my confidence as a customer. Issuing a formal apology to their customers would be a start.
"The (states' ideas) would undermine all three elements of Microsoft's success, causing great damage to Microsoft, other companies that build upon Microsoft's products, and the businesses and consumers that use PC software," the world's richest man said in his 155-page written submission.
Hey, wait a second...
"The (states' ideas) would undermine all three elements of Microsoft's success..."
As I see it, there are two barriers to widespread adoption of PGP (or GnuPG). The first is usability; the second, more important one, is demand. People do not see the necessity of encryption, and in fact, many associate encryption with criminal activity.
The first problem can be solved through the proper use of technology: create user-friendly interfaces for key generation, key management, etc. The goal should be to make PGP/GPG as easy to use as a word processor, spreadsheet, or video game.
The second problem can be solved by promoting digital signatures as opposed to encrypted email.
Most people don't care that their email is as open as a postcard. In addition, a significant chunk of the population associate encrypted email with organized crime and terrorism. These are the factors we have to work against in promoting encryption as a way to keep email private.
Digital signatures are a different matter. There is no social prejudice against digital signatures per se, and the need for digital signatures is easy to demonstrate, as detailed below.
Most people believe the From: headers on their emails without question. Unfortunately, it doesn't take much technical skill to fabricate an email with a fabricated From: header. (Below is a Python script that does just this). It's therefore trivial for a malicious person to send all kinds of forgeries to you, your friends, your co-workers, etc. The social damage can be catastrophic.
Digital signatures solve this problem neatly: if you have any doubts about who actually sent the email, or the actual contents of the email, the digital signature gives you near mathematical certainty that the message and sender are authentic.
In my experience, it only takes a couple of humorous demonstrations to get the point across to your intended audience; after which, they become motivated to learn and use PGP/GPG to sign and verify the signatures of emails. Using PGP/GPG for encryption is a logical next step.
By the way, if you do try to demonstrate the forged From: header trick, please make absolutely sure that your audience is prepared ahead of time, and that you are legally authorized to do this, before you make your demonstration. Otherwise you could unnecessarily end up in a heap of trouble.
It should be noted that PGP and GPG have an advantage in meeting the demand for digital signatures, since they're both relatively mature technologies. The danger is that the government could push hard for their own scheme, with built-in back doors and/or mandatory key-escrow. Selling secure, non-escrowed encryption is going to be much harder in the present political climate than it was before.
Hope this helps.
#!/usr/bin/python #NB: some of this code comes from _Python Standard #Library_ by Frank Lundh. Buy a copy! # # Please note: this is for demonstration purposes only. I utterly # condemn any use of this code for illegal purposes. #
import smtplib import strings
fakemail = string.join(( "From: foo@bar.org", "To: bar@foo.org", "Subject: IMPORTANT", "X-FakeMail-Notice: This mail is FAKE!", "", "I like to pour hot grits down my pants. Thank you.", "", "This mail is FAKE!"), "\r\n")
server = smtplib.SMTP("localhost") server.sendmail("foo@ba r.org", ["bar@foo.org"], fakemail) server.quit()
These days, having moral courage usually means having the cash to back it up. Granted, Google has more cash than most high-tech companies these days, but not enough to shrug off Scientology. Also, Google could face a second, potentially more expensive investor lawsuit, should the Church of Scientology sue. Not taking proper steps to protect your investors' dollars is grounds for legal action; and the ultimate result, if and when you lose both lawsuits, could be the end of your company, with all those jobs lost and all your intellectual property on fire sale. This is the same reason why
Slashdot resorted to similar indirect means a year ago.
The simple fact is that corporations exist to increase shareholder value -- not to make moral stands, employ people, heal people, or do all those other fuzzy things that they sometimes do in the process of making money. I don't like it either, but that's the state of the world.
Personally, I see a world of difference between using an SUV or a pickup for research, construction, or other legitimate work, on the one hand; and using it to drive around the Suburbs "because bigger is better" on the other.
As a Georgia Tech alum, I can tell you that with a 73% male to 27% female student distribution, casual sex is anything but.
Maybe you should do what I did, and get off campus occasionally. There's plenty of cute girls at Georgia State, about a mile away. And if you're old enough, the Somber Reptile is always entertaining.
I realize this is just about fricking impossible with a 16 credit hour load, but if you ask me, anyone who takes more than 12 credit hours in a semester (it's semesters now, right?) at Georgia Tech is begging for an ass whipping.
So you're saying that you do this only for fame/employer karma?
Well, no. I also code to scratch personal itches and to contribute something to the community. While I prefer the GPL, I don't necessarily think that using a different license (such as BSD) in any way destroys the value of my contribution. It does change the ways in which my contribution may be used, but my contribution is still useful to the public at large.
For example: OpenBSD and Linux are both very valuable contributions to the community. OpenBSD's license does not make it a less valuable contribution (or, for that matter, a more valuable contribution) than Linux. Both are available to just about everybody; both contain significant innovations; both play nice with the corporate world. The difference lies in what can be done with derived works.
While I'd rather that derived works also remain free, I would argue that it might be in the interest of free software to occasionally use a BSD license instead of (L)GPL. This is in exceptional cases, such as when one is trying to make a codec into a widely adopted standard (e.g. Ogg Vorbis) or when legal prohibitions necessitate using such a license (e.g. MS's so-called open source license).
I definitely respect your opinion on this, since I feel much the same way. The only reason that I'm suggesting the use of a BSD or MIT license is because it allows one to give back to the community (by producing open source, GPL-compatible code) while still abiding by Microsoft's restrictions. I also recognize that it's very likely that any innovations put into a BSD licensed product essentially leave your control once you produce them. Unfortunately, Microsoft has created something of a Sophie's Choice with these clauses -- we can control our innovations, make our software GPL compatible, or abide by Microsoft's license. Choose two.
My primary concern here is GPL compatibility. If, in the process of making my work GPL compatible, I lose control of my innovations in order to play Microsoft's game, then I'm personally okay with that, as long as I get credit for that innovation in some way shape or form (e.g., a mention on a project web page, so I can put on my resume that I helped that project).
I am not a lawyer. That having been said, the clause at issue seems to be the following:
1.4 "IPR Impairing License" shall mean the GNU General Public License, the GNU Lesser/Library General Public License, and any license that requires in any instance that other software distributed with software subject to such license (a) be disclosed and distributed in source code form; (b) be licensed for purposes of making derivative works; or (c) be redistributable at no charge.
...
3.3 IPR Impairing License Restrictions. For reasons, including without limitation, because (i) Company does not have the right to sublicense its rights to the Necessary Claims and (ii) Company's license rights hereunder to Microsoft's intellectual property are limited in scope, Company shall not distribute any Company Implementation in any manner that would subject such Company Implementation to the terms of an IPR Impairing License
It occurs to me that there are two well-known open source licenses that satisfy this requirement: the BSD license and the MIT license. They both basically give carte blanche to use the licensed software in any way one pleases, and contain none of the so-called "Intellectual Property Rights Impairing" provisions..
So... can we re-license these projects under a BSD license? Or is there something I'm missing about the agreement? For example: if we link a GPL program against a BSD library, does that library become GPL?
NB: I believe very strongly that this is an effective way around this problem, so I may play devil's advocate with any replies. Hopefully we can hammer out a solution somehow.
I love yack0's suggestion. I would add this: if these people are MS junkies, you might have to teach them very basic UNIX skills: ls, rm, cd, more, less, pico, etc. Believe me when I tell you that you'll have at least one student who doesn't have even this level of skill.
Since this is a crash course, you can probably get away with giving them a short cheat sheet and recommending that they get their hands on a copy of Linux in a Nutshell. But don't forget to incorporate at least something about UNIX basics into the course.
If you knew your facts, you would know that leftist democrats favor this idea much more than republican/libertarians. Leftists tend to trust the government much more than republicans/libertarians.
I don't know too many persons on the Left who like this idea, either: not the environmentalists, not the socialists, and definitely not the gay rights or abortion rights crowds. And I doubt you'll find more than a handful of persons, out of the hundreds of thousands who voted Green, who support a national database. In fact, most of the Left is very suspicious of government survailance, because they remember what happened during the 1950s and 1960s with the FBI and various anti-activist Red Squads.
Despite what Rush Limbaugh might be telling people, freedom from survailance is not a simple Left-Right issue. This is more of an issue of both sides (the Left and the Right) against a frightened, probably gullible, and not terribly thoughtful Middle. Unfortunately, that Middle constitutes the bulk of the American electorate.
As for who trusts government more in general: there are people on the Left who want to outlaw guns and SUVs; there are people on the Right who want to outlaw homosexuality and abortion. In my mind, each side is as bad as the other with respect to government control.
Slashdot Mirror
On the contrary: the GPL allows any company to use the licensed code. They just can't re-release it under a non-GPL license.
As an interesting twist, this means that IBM has a say in whether LInux goes proprietary. I leave as an exercise for the reader to determine whether this could pose a problem later.
If I had a mod point, I'd mod you up +1 Funny just for that image. Then again, I'm one sick dude.
Work on GnuPG was proceeding well before the patent on RSA expired; GnuPG uses a completely different algorithm (ElGamal, which uses discrete logs) for public-key encryption. ElGamal was technically covered by the Diffie-Hellman, but that expired in 1997. Click here for a brief description of ElGamal.
That having been said, I agree with you whole-heartedly that RMS's hard-headedness about PGP is our saving grace. Thankfully, we now have a PGP replacement that is just as effective, if slightly less user-friendly right now, as the original; and which is also useful for commercial enterprises (unlike the "free" version of PGP).
So let me ask this: why are you doing all these things?
Part of the reason why I got as much into math, physics and computers as I did, is because I wanted to live in the Star Wars world, even if I had to build it myself. I want to live in a world with zooming spaceships, robots, faster than light travel/communications, etc. If I can contribute a little bit to building that kind of world, then I'll be happy.
OK, I know, zero out of ten for realism, but hey, life isn't life without dreams. And thinking about function subspaces is more fun when you have Darth Vader's theeme going through your head. (The Beatles are better for Galois groups, strictly IMO.)
No no no...this boy's a geek, remember? I don't know about you, but those lucsious young firm jiggly females didn't give me so much as time of day in college (although they did occasionally throw beer cans at me from moving cars .. sometimes those cans were even almost empty). Double majors in math/cs aren't terribly sexy, even in leather jackets.
If you want to sell this kid on college, how about this: the really good CS schools, e.g., big ten, have some of the most technically imaginative people you'll ever meet. That alone could lead you to great things. Even the second-tier schools will get your creative juices flowing. And a college degree with a good GPA will open doors that otherwise would remain hermetically sealed. In rotten times (like these), they can make the difference between working contracts and flipping burgers. These days that definitely rocks harder than being a sex object for a legion of young, jiggly babes (but if you can get that too, then go for it.)
I'm not a constituent of his, but he's earned my campaign contribution.
My fans dinna think
I could take much more
But I'm still alive
At two and four score
So get me some Burma Shave
Right from the store!
"He's dead, Jim."
"You idiot, I'm not dead. I'm not even in a bloody coma!"
"Oh...sorry..."
"Honest to Pete...and will you please tell Hemos and Commander whatever-his-name-is to change the bloody headline? Thank you!"
"He's dead, Jim."
or perhaps:
"Captan, I donna think she'll take much more!"
Good luck Scottie.
I think it's more my own fault than that of the President, although I share your dislike of him.
It occurred to me lately that maybe it was my attitude that was getting in the way...I thought I was hot shit because of everything I'd done before. That's nonsense; the fact is, I have a lot of education, but I'm lacking experience, and my resume reflects this. I've gone through an attitude adjustment since then, partially due to this realization, mostly due to the fact that I had actual work last week (Good news: finished the project ahead of schedule, no mistakes. Bad news: I get paid less. C'est la vie!)
In any case, some things are starting to pop up. Nothing exciting, but I'll take it. I'd rather live in Portland (where I know people) and write Visual Basic (or even move boxes of files around) for $25k, than live in New York City (where I know nobody) and write C++ for $200k. (I guess that means I'm not serious about my career; oh well. As long as I'm serious about doing an outstanding job; that should be enough once I get hired.)
Speak for yourself! Some of us don't have jobs to slack off from! :)
If anything, that should slightly offset the $300 mil in damage caused by the next few weeks' openings.
You'd think...problem is, it's his lack of tact that destroyed his campaign in the first place. He lost his temper during a radio interview with Michael Reagan, and Rush Limbaugh broadcast it all over the place at the behest of GOP apparachiks. McCain didn't have a chance after that.
I'd definitely rather have McCain than Bush right now. And I'd rather have Janet Reno in the White House than either of them. (Yes, she's anti-crypto, but that happens to everyone who gets to the White House. Just look what's become of "pro-privacy" John Ashcroft.)
Your reasoning makes perfect sense to investors like my grandfather; but I suspect that Microsoft investors, like dot-com investors of old, purchase Microsoft stock on the expectation of capital gains, not on the expectation of dividends.
In fact, it seems to me that this is the reason why most investors buy stock these days, including institutional investors. The rules have changed...possibly for the worse.
Here's another data point to consider, a story about how Best Buy gave a customer a hard time, apparently, for buying something besides their top-of-the-line sattelite system.
I know it's going to be years before I make a purchase from Best Buy again...they're going to have go to a very long way to recover my confidence as a customer. Issuing a formal apology to their customers would be a start.
From this article:
Hey, wait a second...
... fear, uncertainty, and doubt?
Disclaimer: IANIM (I am not in marketing)
As I see it, there are two barriers to widespread adoption of PGP (or GnuPG). The first is usability; the second, more important one, is demand. People do not see the necessity of encryption, and in fact, many associate encryption with criminal activity.
The first problem can be solved through the proper use of technology: create user-friendly interfaces for key generation, key management, etc. The goal should be to make PGP/GPG as easy to use as a word processor, spreadsheet, or video game.
The second problem can be solved by promoting digital signatures as opposed to encrypted email. Most people don't care that their email is as open as a postcard. In addition, a significant chunk of the population associate encrypted email with organized crime and terrorism. These are the factors we have to work against in promoting encryption as a way to keep email private.
Digital signatures are a different matter. There is no social prejudice against digital signatures per se, and the need for digital signatures is easy to demonstrate, as detailed below.
Most people believe the From: headers on their emails without question. Unfortunately, it doesn't take much technical skill to fabricate an email with a fabricated From: header. (Below is a Python script that does just this). It's therefore trivial for a malicious person to send all kinds of forgeries to you, your friends, your co-workers, etc. The social damage can be catastrophic.
Digital signatures solve this problem neatly: if you have any doubts about who actually sent the email, or the actual contents of the email, the digital signature gives you near mathematical certainty that the message and sender are authentic.
In my experience, it only takes a couple of humorous demonstrations to get the point across to your intended audience; after which, they become motivated to learn and use PGP/GPG to sign and verify the signatures of emails. Using PGP/GPG for encryption is a logical next step.
By the way, if you do try to demonstrate the forged From: header trick, please make absolutely sure that your audience is prepared ahead of time, and that you are legally authorized to do this, before you make your demonstration. Otherwise you could unnecessarily end up in a heap of trouble.
It should be noted that PGP and GPG have an advantage in meeting the demand for digital signatures, since they're both relatively mature technologies. The danger is that the government could push hard for their own scheme, with built-in back doors and/or mandatory key-escrow. Selling secure, non-escrowed encryption is going to be much harder in the present political climate than it was before.
Hope this helps.
That only limits the number of people who can sue. It doesn't eliminate the possibility of those investors suing, however.
These days, having moral courage usually means having the cash to back it up. Granted, Google has more cash than most high-tech companies these days, but not enough to shrug off Scientology. Also, Google could face a second, potentially more expensive investor lawsuit, should the Church of Scientology sue. Not taking proper steps to protect your investors' dollars is grounds for legal action; and the ultimate result, if and when you lose both lawsuits, could be the end of your company, with all those jobs lost and all your intellectual property on fire sale. This is the same reason why Slashdot resorted to similar indirect means a year ago.
The simple fact is that corporations exist to increase shareholder value -- not to make moral stands, employ people, heal people, or do all those other fuzzy things that they sometimes do in the process of making money. I don't like it either, but that's the state of the world.
Personally, I see a world of difference between using an SUV or a pickup for research, construction, or other legitimate work, on the one hand; and using it to drive around the Suburbs "because bigger is better" on the other.
Maybe you should do what I did, and get off campus occasionally. There's plenty of cute girls at Georgia State, about a mile away. And if you're old enough, the Somber Reptile is always entertaining.
I realize this is just about fricking impossible with a 16 credit hour load, but if you ask me, anyone who takes more than 12 credit hours in a semester (it's semesters now, right?) at Georgia Tech is begging for an ass whipping.
Well, no. I also code to scratch personal itches and to contribute something to the community. While I prefer the GPL, I don't necessarily think that using a different license (such as BSD) in any way destroys the value of my contribution. It does change the ways in which my contribution may be used, but my contribution is still useful to the public at large.
For example: OpenBSD and Linux are both very valuable contributions to the community. OpenBSD's license does not make it a less valuable contribution (or, for that matter, a more valuable contribution) than Linux. Both are available to just about everybody; both contain significant innovations; both play nice with the corporate world. The difference lies in what can be done with derived works.
While I'd rather that derived works also remain free, I would argue that it might be in the interest of free software to occasionally use a BSD license instead of (L)GPL. This is in exceptional cases, such as when one is trying to make a codec into a widely adopted standard (e.g. Ogg Vorbis) or when legal prohibitions necessitate using such a license (e.g. MS's so-called open source license).
I definitely respect your opinion on this, since I feel much the same way. The only reason that I'm suggesting the use of a BSD or MIT license is because it allows one to give back to the community (by producing open source, GPL-compatible code) while still abiding by Microsoft's restrictions. I also recognize that it's very likely that any innovations put into a BSD licensed product essentially leave your control once you produce them. Unfortunately, Microsoft has created something of a Sophie's Choice with these clauses -- we can control our innovations, make our software GPL compatible, or abide by Microsoft's license. Choose two.
My primary concern here is GPL compatibility. If, in the process of making my work GPL compatible, I lose control of my innovations in order to play Microsoft's game, then I'm personally okay with that, as long as I get credit for that innovation in some way shape or form (e.g., a mention on a project web page, so I can put on my resume that I helped that project).
I am not a lawyer. That having been said, the clause at issue seems to be the following:
It occurs to me that there are two well-known open source licenses that satisfy this requirement: the BSD license and the MIT license. They both basically give carte blanche to use the licensed software in any way one pleases, and contain none of the so-called "Intellectual Property Rights Impairing" provisions..
So ... can we re-license these projects under a BSD license? Or is there something I'm missing about the agreement? For example: if we link a GPL program against a BSD library, does that library become GPL?
NB: I believe very strongly that this is an effective way around this problem, so I may play devil's advocate with any replies. Hopefully we can hammer out a solution somehow.
I love yack0's suggestion. I would add this: if these people are MS junkies, you might have to teach them very basic UNIX skills: ls, rm, cd, more, less, pico, etc. Believe me when I tell you that you'll have at least one student who doesn't have even this level of skill.
Since this is a crash course, you can probably get away with giving them a short cheat sheet and recommending that they get their hands on a copy of Linux in a Nutshell. But don't forget to incorporate at least something about UNIX basics into the course.
I don't know too many persons on the Left who like this idea, either: not the environmentalists, not the socialists, and definitely not the gay rights or abortion rights crowds. And I doubt you'll find more than a handful of persons, out of the hundreds of thousands who voted Green, who support a national database. In fact, most of the Left is very suspicious of government survailance, because they remember what happened during the 1950s and 1960s with the FBI and various anti-activist Red Squads.
Despite what Rush Limbaugh might be telling people, freedom from survailance is not a simple Left-Right issue. This is more of an issue of both sides (the Left and the Right) against a frightened, probably gullible, and not terribly thoughtful Middle. Unfortunately, that Middle constitutes the bulk of the American electorate.
As for who trusts government more in general: there are people on the Left who want to outlaw guns and SUVs; there are people on the Right who want to outlaw homosexuality and abortion. In my mind, each side is as bad as the other with respect to government control.