I didn't say any of them were fee to run, just that they provide free services, and nonetheless have paid employees. The post I was responding to implied that this was impossible:
the person that pays them to work must have a business model that doesn't involve giving away what their employees produce
This is simply false, so I provided counterexamples.
That said, I do think that the public broadcasting model is a good one for Free Software. People are already prepared to expect high-quality programming for free from PBS/NPR, so it should make the concept of high-quality programs for free seem much less bizarre.
And while the image of software outright begging for money is pretty funny (the dialog wouldn't be modal, BTW; NPR doesn't prevent you from changing the channel during their pledge drives), there are lots ways to conduct a pledge drive that could work for software.
Donated banner ads on Web sites
Messages on download pages for the software
Messages on support pages for the software
Messages on the software's homepage
Using the existing "Hint of the Day" mechanism many programs already use.
Posts to support forums
Email Free Software users who have agreed to receive these emails.
Media coverage
The trick would be finding one or two organizations to do it and coordinating across many projects. After all, it's your local PBS/NPR affiliate that asks for your money, not each individual show---that would get annoying fast, especially if they were each sending you a letter. And people who are already using Free Software probably wouldn't be visiting download or support pages very often; you'd have to assume they would download more software, and see the request for donations while they were doing that, which requires coordination. The Free Software Foundation and Debian seem like the two best candidates for coordinators, although for all I know they might think this is an asinine idea.
Becoming a charity doesn't really help you get money very much; it just gives people an incentive to donate more (since they can deduct the donation from their taxable income). I've only seen a few organizations (meaning the Free Software Foundation) able to subsist mostly on donations, and I would be very surprised if large funders were willing to grant-fund software right now.
Of course, in the future, that might change, but right now I don't believe funders understand what Free Software is, and if they do why it's important, and even if they see its importance they're likely to fund more direct needs (such as food and shelter) well before software development.
This is pretty much how GNU and Linux/BSD beat commercial linux in the '90s. Where I used to work, we used Solaris for everything. But as we needed it to do more and more, we installed more and more Free applications---Sendmail, Apache, BIND, gcc, emacs, etc. The quality of those applications built our confidence in the quality of Free Software in general. Eventually we were just using Solaris as a platform for running Free software. In mailing lists and other discussion groups, it became clear that this Free software was mostly developed on Free operating systems, and so would probably run better there. Before long, we started switching things over to Linux.
This is exactly the right strategy for getting people away from Windows. Unfortunately, it requires doing a lot of development work on Windows, which is just plain no fun. I think that's why we aren't seeing this strategy take firmer hold.
Antivirus software is for people who, from time to time, make a mistake. Like mis-clicking on an attachment at 3am, or misreading a file type and running an unsafe file.
Well, I guess it's harder for you then it is for me. You look at the sender, you look at the subject and body, and you look at the attachment. Then, your freaking mail client asks you, "Are you sure you want to open this?" IF you know what to watch out for, those should be plenty of "last chances".
I'm not saying I do this; I don't even run Windows or use a mail client that supports HTML. I'm pretty sure I've never received a virus that would run on my OS. I'm just saying a reasonable, smart, and prudent person should still plan for this, because it will happen someday.
Antivirus software is for people who believe in Security In Depth, a school of thought which says that you should use multiple layers of security, so that if one fails you aren't screwed.
Well, so is encrypting your filesystem, having a locking screensaver, unplugging your network cable when idle, etc. Obviously another layer is a good thing. But at what point do you decide that it's not worth the money or slowdown to take that extra step. And yes, scanning for 50,000 (and growing) data patterns every time you open a file WILL slow your system down.
At the point where it costs more than $50 ($20 after rebate) or where the cumulative slowdown is greater than the odds of getting a virus times the time it would take to recover from it. Many people's work (mine included) is close enough to irreplacable that the time-to-recover tends towards infinity, making the virus software a pretty obvious choice.
I guess the difference of opinion that we have is that you believe it's extremely unlikely that you will someday make a mistake, whereas I believe it's nearly certain that all of us make mistakes every day.
Antivirus software is for people who, from time to time, make a mistake. Like mis-clicking on an attachment at 3am, or misreading a file type and running an unsafe file.
Antivirus software is for people who run software that has bugs in it. You mentioned you are using Windows...
Antivirus software is for people who believe in Security In Depth, a school of thought which says that you should use multiple layers of security, so that if one fails you aren't screwed.
Antivirus software is for people whose data is worth more than $50 (or $20 after rebate).
My experience has been that if a network is configured in an idiotic way (such as allowing telnet and not FTP), it's not because its operators have made careful and well-considered decisions about what to allow and disallow, but simply because they're idiots. That sort of eliminates the whole ethical dilemna.:-)
Instead of allocating from the heap with malloc, just create an anonymous memory map using mmap, setting PROT_EXEC to allow execution. Something like:
m = mmap(NULL,
1000000,
PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON,
-1,
0);
will allocate 1000000 bytes of memory which can contain executable code on Linux and BSD. On some other Unices you have to use/dev/zero, but the technique is pretty much the same.
You can't just subpoena information and use it for purposes other than your legal case. The New York Times tried this a couple dozen years ago, suing people they wanted to write stories about so they could get information from discovery and depositions then publishing this information, and the courts decided it wasn't legal.
Sorry, can't provide a reference; this is based on what my wife told me when she was in law school.
Right...But configuring your client to accept your own CA is no easier or harder than adding the SSH keys to your known_hosts file, and doesn't offer you better protection, either. Well, maybe for large networks it's easier, since you only have to add the CA's key instead of a key for each machine.
Also, when SSH came out, creating your own CA was significantly harder than it is now, IIRC. I remember spending several hours trying to figure it out in 1997 or so.
ssh makes port forwarding simpler and more secure than stunnel. I can connect from my machine on my desk to a machine in the office, and ask ssh to create a local port localhost:8080 on my desk which forwards to a remote port 80 on an internal network, and so be able to connect to a machine behind a firewall. While I'm sure it's possible to do that with stunnel, it's much tricker than:
. Ditto for X11 forwarding. Of course, stunnel is useful for many other things that ssh can't do at all.
ssh can ensure that the server is legit, if you transfer the key into your known_hosts file by some secure mechanism. It doesn't support the same chain-of-authority mechanism that SSL does, which is both an advantage and a disadvantage. I think ssh would have caught on much less quickly if we'd had to purchase a certificate for every computer we ran it on.
Quoting passages of a book to establish reference is a pretty clear-cut case of fair use.
The same laws apply to Weblogs as to any other way of publishing information. The article is about how many people publishing Weblogs don't know publishing law so don't realize this, or overestimate how hard it will be to track them down and catch them.
The big thing is better forms of authentication. The only authentication method rsh had was to check if the machine you were connecting from was listed in.rhosts and the port you were connecting from was a priveleged port. You can imagine how poorly this worked in a dialup world---and even in the more traditional setting rsh was designed for, it had no protection at all from another computer on the network changing its IP address to one in.rhosts and logging into other computers.
ssh adds password authentication to rsh, and adds authentication by certificate to rsh, rcp, and rlogin. This makes the authentication into something reasonable.
ssh also automatically does X11 port forwarding, and can forward any other ports you want. The r* protocols have no mechanism for this.
Finally, IIRC ssh predates SSL. Otherwise it might have been designed to use SSL. I'm not sure about this one, though.
Wired security builds on top of the physical security you already have, while wireless security can pass through many physical boundaries, and so needs more protection to be equally secure.
For example, to tap into my wired network at home, you'd need to first get access to my house. This is dangerous, and there's a real risk of getting arrested. To tap into my wireless network, you'd need to sit outside my house for a few hours in a truck. It's much less likely you'd get caught doing that, and if you did the consequences would be much smaller.
Because of this, people who wouldn't dream of going on a burglary spree will cheerily drive around in a truck looking for wireless access points to use.
In other words, the barrier to breaking into a wireless network is much lower than for a wired network, so there are many more people who are willing to do it, so it's more likely to happen.
It's interesting that the Open Source Definition says specifically you can't refuse to sell software to a country or government because you don't like their policies. Quoting from a chapter in a book by Bruce Perens:
The license must not discriminate against any person or group of persons.
A license provided by the Regents of the University of California, Berkeley, prohibited an electronic design program from being used by the police of South Africa. While this was a laudable sentiment in the time of apartheid, it makes little sense today. Some people are still stuck with software that they acquired under that license, and their derived versions must carry the same restriction. Open Source licenses may not contain such provisions, no matter how laudable their intent.
No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
Your software must be equally usable in an abortion clinic, or by an anti-abortion organization. These political arguments belong on the floor of Congress, not in software licenses. Some people find this lack of discrimination extremely offensive!
I wonder how people's reactions might be different if Amnesty were trying to put pressure on RedHat, the Free Software Foundation, authors of kernel IP filtering tools, or authoring of Web filtering tools. All of these can be used for censorship; in fact, Web filtering tools are designed for this specifically!
-funroll-loops: Perform the optimization of loop unrolling. This is only done for loops whose number of iterations can be determined at compile time or run time.
-funroll-all-loops: Perform the optimization of loop unrolling. This is done for all loops. This usually makes programs run more slowly.
If it were a license to *use* the software, then the contract perhaps wouldn't be legally binding (even with a shrink-wrap license), since the user has downloaded the software legally and is only using it.
But the GPL is a license to *copy* the software and incorporate it into your own work. If Sigma didn't read the license, they might assume that they had the normal rights that copyright grants them under the law, which do not include incorporating the software into your own code (or even making a copy of it, for that matter). If they don't agree to the terms of the GPL, they cannot copy the software at all, and if they do they have to abide by its terms.
I think that the GPL would stand up just fine in court, particularly in a clear-cut case such as this (assuming XVID's allegations are true).
Slashdot Mirror
That said, I do think that the public broadcasting model is a good one for Free Software. People are already prepared to expect high-quality programming for free from PBS/NPR, so it should make the concept of high-quality programs for free seem much less bizarre.
And while the image of software outright begging for money is pretty funny (the dialog wouldn't be modal, BTW; NPR doesn't prevent you from changing the channel during their pledge drives), there are lots ways to conduct a pledge drive that could work for software.
- Donated banner ads on Web sites
- Messages on download pages for the software
- Messages on support pages for the software
- Messages on the software's homepage
- Using the existing "Hint of the Day" mechanism many programs already use.
- Posts to support forums
- Email Free Software users who have agreed to receive these emails.
- Media coverage
The trick would be finding one or two organizations to do it and coordinating across many projects. After all, it's your local PBS/NPR affiliate that asks for your money, not each individual show---that would get annoying fast, especially if they were each sending you a letter. And people who are already using Free Software probably wouldn't be visiting download or support pages very often; you'd have to assume they would download more software, and see the request for donations while they were doing that, which requires coordination. The Free Software Foundation and Debian seem like the two best candidates for coordinators, although for all I know they might think this is an asinine idea.Becoming a charity doesn't really help you get money very much; it just gives people an incentive to donate more (since they can deduct the donation from their taxable income). I've only seen a few organizations (meaning the Free Software Foundation) able to subsist mostly on donations, and I would be very surprised if large funders were willing to grant-fund software right now.
Of course, in the future, that might change, but right now I don't believe funders understand what Free Software is, and if they do why it's important, and even if they see its importance they're likely to fund more direct needs (such as food and shelter) well before software development.
This is pretty much how GNU and Linux/BSD beat commercial linux in the '90s. Where I used to work, we used Solaris for everything. But as we needed it to do more and more, we installed more and more Free applications---Sendmail, Apache, BIND, gcc, emacs, etc. The quality of those applications built our confidence in the quality of Free Software in general. Eventually we were just using Solaris as a platform for running Free software. In mailing lists and other discussion groups, it became clear that this Free software was mostly developed on Free operating systems, and so would probably run better there. Before long, we started switching things over to Linux.
This is exactly the right strategy for getting people away from Windows. Unfortunately, it requires doing a lot of development work on Windows, which is just plain no fun. I think that's why we aren't seeing this strategy take firmer hold.
It's not automatically stupid to expect to get paid for giving things away for free.
Real Goods has a pretty good page with information about rechargable batteries.
I'm not saying I do this; I don't even run Windows or use a mail client that supports HTML. I'm pretty sure I've never received a virus that would run on my OS. I'm just saying a reasonable, smart, and prudent person should still plan for this, because it will happen someday.
At the point where it costs more than $50 ($20 after rebate) or where the cumulative slowdown is greater than the odds of getting a virus times the time it would take to recover from it. Many people's work (mine included) is close enough to irreplacable that the time-to-recover tends towards infinity, making the virus software a pretty obvious choice.
I guess the difference of opinion that we have is that you believe it's extremely unlikely that you will someday make a mistake, whereas I believe it's nearly certain that all of us make mistakes every day.
Antivirus software is for people who, from time to time, make a mistake. Like mis-clicking on an attachment at 3am, or misreading a file type and running an unsafe file.
Antivirus software is for people who run software that has bugs in it. You mentioned you are using Windows...
Antivirus software is for people who believe in Security In Depth, a school of thought which says that you should use multiple layers of security, so that if one fails you aren't screwed.
Antivirus software is for people whose data is worth more than $50 (or $20 after rebate).
In the US (at least here in Michigan, where my wife practices law), you're even not allowed to have a lawyer in small claims court.
My experience has been that if a network is configured in an idiotic way (such as allowing telnet and not FTP), it's not because its operators have made careful and well-considered decisions about what to allow and disallow, but simply because they're idiots. That sort of eliminates the whole ethical dilemna. :-)
Instead of allocating from the heap with malloc, just create an anonymous memory map using mmap, setting PROT_EXEC to allow execution. Something like:
/dev/zero, but the technique is pretty much the same.
m = mmap(NULL,
1000000,
PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON,
-1,
0);
will allocate 1000000 bytes of memory which can contain executable code on Linux and BSD. On some other Unices you have to use
No. There's talk this may be addressed in GPL3.
You can't just subpoena information and use it for purposes other than your legal case. The New York Times tried this a couple dozen years ago, suing people they wanted to write stories about so they could get information from discovery and depositions then publishing this information, and the courts decided it wasn't legal.
Sorry, can't provide a reference; this is based on what my wife told me when she was in law school.
Right...But configuring your client to accept your own CA is no easier or harder than adding the SSH keys to your known_hosts file, and doesn't offer you better protection, either. Well, maybe for large networks it's easier, since you only have to add the CA's key instead of a key for each machine.
Also, when SSH came out, creating your own CA was significantly harder than it is now, IIRC. I remember spending several hours trying to figure it out in 1997 or so.
OK, I wasn't sure which came first.
ssh makes port forwarding simpler and more secure than stunnel. I can connect from my machine on my desk to a machine in the office, and ask ssh to create a local port localhost:8080 on my desk which forwards to a remote port 80 on an internal network, and so be able to connect to a machine behind a firewall. While I'm sure it's possible to do that with stunnel, it's much tricker than:
ssh -L8080:intranet.my.office:80 desktop.my.office
. Ditto for X11 forwarding. Of course, stunnel is useful for many other things that ssh can't do at all.
ssh can ensure that the server is legit, if you transfer the key into your known_hosts file by some secure mechanism. It doesn't support the same chain-of-authority mechanism that SSL does, which is both an advantage and a disadvantage. I think ssh would have caught on much less quickly if we'd had to purchase a certificate for every computer we ran it on.
Quoting passages of a book to establish reference is a pretty clear-cut case of fair use.
The same laws apply to Weblogs as to any other way of publishing information. The article is about how many people publishing Weblogs don't know publishing law so don't realize this, or overestimate how hard it will be to track them down and catch them.
The big thing is better forms of authentication. The only authentication method rsh had was to check if the machine you were connecting from was listed in .rhosts and the port you were connecting from was a priveleged port. You can imagine how poorly this worked in a dialup world---and even in the more traditional setting rsh was designed for, it had no protection at all from another computer on the network changing its IP address to one in .rhosts and logging into other computers.
ssh adds password authentication to rsh, and adds authentication by certificate to rsh, rcp, and rlogin. This makes the authentication into something reasonable.
ssh also automatically does X11 port forwarding, and can forward any other ports you want. The r* protocols have no mechanism for this.
Finally, IIRC ssh predates SSL. Otherwise it might have been designed to use SSL. I'm not sure about this one, though.
ssh is a replacement for the rsh/rlogin/rcp tools, not for telnet. You can do things like:
/home/gifford; tar cf -' |tar xf -
...
ssh some.host 'cd
and
for i in host1 host2 host3 host4
do
killall -HUP inetd
done
which are very hard to do with telnet.
Wired security builds on top of the physical security you already have, while wireless security can pass through many physical boundaries, and so needs more protection to be equally secure.
For example, to tap into my wired network at home, you'd need to first get access to my house. This is dangerous, and there's a real risk of getting arrested. To tap into my wireless network, you'd need to sit outside my house for a few hours in a truck. It's much less likely you'd get caught doing that, and if you did the consequences would be much smaller.
Because of this, people who wouldn't dream of going on a burglary spree will cheerily drive around in a truck looking for wireless access points to use.
In other words, the barrier to breaking into a wireless network is much lower than for a wired network, so there are many more people who are willing to do it, so it's more likely to happen.
A license like this would not meet the Open Source Definition. See my earlier post on this same subject.
It's interesting that the Open Source Definition says specifically you can't refuse to sell software to a country or government because you don't like their policies. Quoting from a chapter in a book by Bruce Perens:
I wonder how people's reactions might be different if Amnesty were trying to put pressure on RedHat, the Free Software Foundation, authors of kernel IP filtering tools, or authoring of Web filtering tools. All of these can be used for censorship; in fact, Web filtering tools are designed for this specifically!
:-)
Search for bugs in Bugzilla for all of these things, and if there aren't already bugs file your own. Otherwise they'll never get fixed.
> To see the OSS browsers like Opera
Opera isn't open source at all.
From gcc(1):
-funroll-loops: Perform the optimization of loop unrolling. This is only done for loops whose number of iterations can be determined at compile time or run time.
-funroll-all-loops: Perform the optimization of loop unrolling. This is done for all loops. This usually makes programs run more slowly.
This probably isn't true.
If it were a license to *use* the software, then the contract perhaps wouldn't be legally binding (even with a shrink-wrap license), since the user has downloaded the software legally and is only using it.
But the GPL is a license to *copy* the software and incorporate it into your own work. If Sigma didn't read the license, they might assume that they had the normal rights that copyright grants them under the law, which do not include incorporating the software into your own code (or even making a copy of it, for that matter). If they don't agree to the terms of the GPL, they cannot copy the software at all, and if they do they have to abide by its terms.
I think that the GPL would stand up just fine in court, particularly in a clear-cut case such as this (assuming XVID's allegations are true).