Posts by Lou Gosselin

Re: But they haven't exploited any vulnerability.

How is that even relevant?

Maybe your stuck on the WIFI example, so lets compare this with other real life examples:

It is illegal to intercept telephone calls, encrypted or not. The law doesn't care whether the criminals exploited a vulnerability or not, it's not relevant.

Our emails may pass through the routers of many organizations other than our ISP, some friendly, some not. We literally send emails unencrypted to them through the internet for delivery.

What would you think if the following was a legitimate defense?

"These emails were transmitted to our routers unencrypted. We did not need to exploit any vulnerabilities to read them, therefor we are entitled to read and even copy their contents."

This parallels very closely to what's happening in WIFI.

The wifi packets are directed to a destination which is clearly not the intercepting party, just as the ip packets are.

If you wish the law to allow WIFI interception, on what basis would the law incriminate IP interception and remain consistent?

@Giles Jones

Yes, that's a possibility. The opposite is also possible though. A 3rd party compiler could fare better than apple's, particularly for niche applications. There's no evidence either way.

Let's not forget that badly written code will probably perform poorly, apple compiler or not.

Assuming the compilers are on par and developers are competent, then apple's libraries may impose an extra level of indirection which reduce performance when compared to direct compilation. Of course it'd be mad for normal apps talk directly to syscalls in assembler, but I can see circumstances in which it may be reasonable for a 3rd party graphics or rendering library to do so in order to maximize efficiency/performance.

It would be wrong to simply assume 3rd party low level code generators like unity are inefficient or poor in quality. If the pass quality tests, it's silly to ban them on the basis of source language.

@myself

Hmm, I did somewhat contradict myself with "free" and "pay for".

What was meant was that there are many of us wouldn't mind providing free public wifi from our own residences and businesses provided that we know we can access free public wifi from elsewhere. There is mutual benefit.

Obviously we'd still have to pay for the wired network, but the point is wired bandwidth is so much cheaper and faster than anything mobile operators could provide. The additional cost to us for adding wifi or wimax access point is inconsequential. We, the public, could build a wireless data network better than any mobile operator.

Re: No such thing as secure

"Just stuff that hasn't been cracked yet."

That's easy to say, but much harder to prove.

Lets only focus on the fundamental security across the wire and not implementation faults, since implementation faults can implicitly be fixed (and therefor contradicts your statement that there is "no such thing as secure").

With regards to PKI, there are two possible cracks.

1. We discover a mathematical way to boil NP complete problems down to polynomial time without the need for brute force.

2. We discover a way to solve NP complete problems quickly, say using a theoretical scalable quantum computer.

In order to back your assertion for PKI, you would have to prove either of the above is feasible.

With regards to quantum encryption, there is theoretically nothing one can do on the line to uncover the data. Quantum entanglement creates a continuous stream of bits which can be used as a one time pad of infinite length.

To prove your assertion for Q-E, you'd need to invalidate the currently accepted principles of quantum mechanics to reproduce the random bit stream.

You may be right, but until you can prove it, the statement is at best an educated guess.

Re: Ummm

"Yes they can run on the bare metal."

Yes, however I can't help but think vmware's paul maritz is stretching the truth about eliminating the OS. By running on bare hardware, isn't vmware a kind of operating system itself?

It needs it's own hardware drivers*, provides it's own hardware abstractions, manages resources (cpu, interrupts, ram, disk, network, etc), enforces security policy, etc. These are all things an OS is expected to do. Instead of a win32 or linux syscall API, vmware has it's own.

Emulating hardware is slow, which is why vmware has "virtual" accelerated devices that don't even emulate real hardware, they have become a genuine software API. This is a good thing, since it increases performance, but it is looking and behaving more like an ordinary OS.

Actually I think it's pretty sly that they've been able to sell customers an OS without a UI, think of how many technical and political problems they avoid this way.

* a recent article discusses vmware's lack of bare medal support:

http://www.theregister.co.uk/2010/07/21/vmware_view_4_5_preview/

Re: Microsoft: Too proud to admit theft, again?

"Microsoft, like Apple, has a long history of stealing others I.P."

MS may deserve their status as a common enemy for many in IT, however the battle against nonsense software patents should not be selective in who it favors.

Everyone should be allowed to code whatever they please, to the best of their abilities, without artificial restraint, so long as they don't steal the code.

@DZ-Jay

"Obviously this applies to most all current web search implementations, hence the inclusion in the complaint of Netflix, Google, Apple, and most other web application giants..."

Absolutely, and it is rather unlikely that the developers for any of the defendants have ever seen or used this patent. It's totally absurd for anyone to hold a monopoly on the idea of displaying statistically correlated products to users.

"It is up to the court to determine if this patent describes an obvious device or a practical invention."

Since the USPTO and courts have a very poor track record with their handling of business/software patents thus far, it is difficult to have any confidence in them. If the USPTO had any sense of right and wrong, these types of patents would have been voided from the get go.

Those of us in software field plainly see the USPTO has outlived its usefulness, it's affect in the marketplace contradicts it's mission statement. The artificial software roadblocks are an impediment to progress because the benefits don't come close to justifying the overhead and harm.

Re: Not a design flaw...

Since this vehicle is up in the air, I'd assume that radio was not obstructed, but merely out of range.

If this is the case, I would think that the craft should report with a low signal condition before a complete loss occurs.

If not, it might even be a viable precaution to deliberately turn down the signal so that it enters no signal mode before being truly out of range. The operator could then boost the signal to give it instructions to come home.

I'm a little surprised this military gadget doesn't have a satellite transponder for this sort of thing.

@Sirius Lee

"there's no such thing as a software patent even in the US"

You should read the news.

http://www.theregister.co.uk/2010/06/28/us_supremes_software_patent/

Software has been patentable for years in the US, the supreme court merely confirmed that fact.

You seem to think all developers based in the US, such as myself, have more opportunities because of software patents, but you've completely ignored the negative side of software patents which I've listed, not to mention the cost and uncertainty of endless litigation. Every stupid little algorithm in a program is at risk of infringement. Even one algorithm may have different patent statuses in various contexts (such as desktop versus phone).

It is unrealistic for all developers (particularly small ones) to cross reference their own software with all the issued software patents. Not only would this reduce development to a screeching halt, but more resources are needed to re-implement and remove features to eliminate the infringement.

Thankfully in the US we can get by ignoring software patents until our profits go above radar. But it is fundamentally stupid to support any law on account that it's poor enforcement in practice helps minimizes it's harms.

Furthermore, software patents place knowledgeable developers (with regards to the law) in a situation where they simply do not know whether they're infringing or not. This type of uncertainty should not be codified into law.

Re: How would you present it?

Average would be acceptable, but median would be even better since it represents the typical speed without bias.

These are rather obvious, I and dare say the reason advertisers do not use them is because they are not that interested in revealing accurate numbers in the first place.

Re: Sigh... @Lou

"Want to bet? You seem to be on track when you mention PS3 or XBox. ;-)"

Doesn't seem like you read my whole post: "As long as android is an open os on open hardware, there is no DRM google can add which users cannot remove."

Sure they could lock down the handsets and only permit apps cryptographically signed by google, but that totally overlooks the value of android as an open platform. Having an open platform is more important to google and it's users than DRM is. Until that changes, there is absolutely nothing an app developer can ultimately do to stop a determined hacker willing to reverse engineer some code.

"the point is that your security only has to be strong enough that its not worth the effort to break."

Security by obscurity may work for unpopular apps that are unlikely to receive the attention of a skilled hacker, but it's unwise to bet on it, especially when hundreds or thousands of apps will be sharing the same obscurity techniques.

Missed the patent angle.

"I'm hoping that anything under the GPL is probably safe"

Anything sun produced under the gpl can be forked, renamed and continue to survive independently if the open source community manage to reorganize.

However, it is possible oracle posses software patents which, like it or not, gives them a legal authority to prevent open community efforts which infringe on "oracle's intellectual property".

I put that in quotes because ownership of intellectual ideas is an outrageously illogical concept.

Re: Xen scales rather well

For people running virtual machines on the desktop, KVM is far easier than XEN. XEN requires major customizations to the host OS.

I realize that XEN is targeting servers, but I could not get video drivers working properly with XEN on the desktop, and fairly or not, it left me with a bad taste.

Contrast that with KVM, one can trivially boot a KVM virtual machine off a cdrom or hard disk. It's a one-liner with no config files. My personal preference is that the virtual instances will run as well on my desktop as they do on the server, KVM does that naturally.

@VoodooTrucker

Totally agree, I blame all the corporate stagnation on too much control and lack of competition. Manufacturers and operators have colluded to lock out independent innovation.

Years ago I read about all the cool things one could develop on a bluetooth enabled phone. I downloaded an SDK and was ecstatic about the possibilities as I ran the examples on a virtual phone. However it was when I tried to download it to a real phone that I discovered how nokia and at&t simply disabled major functionality of the phone for third party developers.

I can't help but think of all the innovation consumers have lost out on because of greedy corporate control via DRM, which one may observe has ever less to do with copyrights and more to do with ending user control. If today's culture was more open, as it was for the original PC, then secure payments via cell phones would already be available to the public.

Re: Umm...

The courts confirmed that jailbreaking is legal. This isn't nearly as significant as one might initially think.

It just means apple (or sony, or tivo, etc) cannot sue it's customers for jailbreaking their own devices. However apple are under no obligation to support them once they do. It remains apple's prerogative to block jailbroken devices from their services if they so choose to turn their backs on these paying customers.

As for remotely killing a jailbroken phone, that's a major invasion of customer rights in my opinion. I'm guessing that the "R&D" on this patent predates the new ruling. They might not have filed it as they did had they known that jailbreaking was to be made expressly legal.

@Anonymous Coward, Re: I don't think you do understand the argument.

"Yes sure, not a major gaping hole, but a pointless giving away of information which shouldn't be given away."

While the login page does reveal the fact of whether an email has been registered or not, it does not reveal anything not already searchable elsewhere.

For instance, upon registration, facebook will search my webmail account for any "friends" that have been registered in facebook. Knowing that contacts are on facebook is a very practical and desirable feature. Eliminating this feature would make social networking painful to use legitimately.

If you're trying to keep your email address in a bottle, then social networking probably isn't for you. If you're that concerned about people finding you then just setup an alternate email.

The situation is different than if this were a bank website.

Re: What do they have to do?

I thought the article was thorough, but anyways...

When any advertiser starts advertising on google, clearly (however the secret bidding works) the other advertisers will have to start bidding more to keep their visibility. This is no different if the new advertisers are invented by google.

Google should ensure that, when placing it's own ads into the system, they don't not interfere with the bidding price for other advertisers. Otherwise that manipulation is at odds with the stated fairness of their ad auction process.

Of course, a healthy free market normally prevents a single entity from overcharging (since customers can easily leave). However a 90% google market share doesn't give advertisers much choice.

Re: obtuse

"You're advocating that a company's best defense against patent suits is to hire an army of lawyers to permanently go to war against the patent office."

Not really, the defensive patent argument goes more like this:

If I get sued or threatened on patent infringement, those having patents are in a more powerful position to counter sue or negotiate a cross license instead of paying royalties.

Some people say open source devs should acquire patents and donate them to an organization like the FSF to help open source developers defend themselves.

The fault with this argument is that acquiring patents cost real money and time. Sure it's possible to acquire patents purely for defensive use, but this represents an overhead that produces no benefits (other than lawsuit insurance).

People like me, who are against software patents, believe that the entire patent system directly and indirectly diverts resources away from legitimate R&D. It's really painful to pay money to support a known broken patent system.

In the end Gosling is right, "Even though we had a basic distaste for patents, the game is what it is, and patents are essential in modern corporations"

@ysth

I'll vote the same way as you, but large companies with large pocketbooks are the typical beneficiaries of software patents.

It enables them to have monopolies on software algorithms, even when independently implemented in someone else's source code on an irrelevant project. This makes them far more powerful than copyrights.

Software patents are a big burden for open source projects in particular, because the developers are usually just individuals using their technical skills to solve their own problems.

At least google has the resources to fight oracle, and failing that, the cash to license the patents. Most of us do not, and innovation not only stalls, but reverses when developers are forced to remove features to avoid litigation.

@Trevor_Pott

"Why are 'control-freak walled garden' and 'free range sanity holocaust' the only two options?"

Very level headed comments.

There is no reason that an app market place cannot (or should not) default to providing safe/vetted apps only, as long as it can be overridden by power users.

The only issue with this (and perhaps a large one), is that if desirable apps are not approved quickly enough, then normal users will be tempted to override protection mechanisms.

Still, it's definitely better that apple's garden, and illiterate users can still be protected from potential dangers of unrestricted access.

Re: iPhone effect?

If att's service begins to improve as verizon's degrades, then that's very probable evidence that you are right and iphone users are draining system resources for everybody else.

My personal cell phone experience is that att's service has been getting noticeably worse over the years in my area (Long Island, NY). What an improvement it would be to not loose calls all the time.

@J 3

"If Java is licensed under GPL (even if v 2), no one can restrict where or how it can be run -- that's one of the four basic freedoms."

If I write code, and it happens to contain patented algorithms, the patent holder has the right to control the use of my code until their patent runs out. It doesn't matter what license I use for my code.

As you can tell from the downvotes on my earlier post, it is unpopular to even suggest that the GPL may be inadequate for legal protection. Regardless, the fact remains that nearly all modern software, open source included, is subject to patents not belonging to the copyright holder.

There is no license which can be invented to override the patents of others. At best, a license can revoke all rights to the patent holders who would try to enforce their patent against the license, which is what the GPL does.

Many OS projects are in a state of denial when they claim "X does not infringe any patents". GPL code does not exempt developers from patent obligations. All this is why software patents should be abolished, people should never be prevented from using and licensing their own code however they see fit. It was wrong to ever grant software algorithms patent protection in the first place.

"Does the license trumps the patent (I'd think so), or vice-versa? "

It's not about one or the other taking precedence, they're different protections. Software patents protect the maths/algorithms, copyrights protect the source code. Owning a patent does not give the holder rights to other's source code, but it can control the commercial use of it.

@Flocke Kroes

"Non-techies can often remember one decent password if they press the key above or to the right each letter of a memorable quote"

Ideally passwords are truly random, but since we're subject to human limitations, we often resort to quasi random generated passwords. Just don't make your algorithm public, otherwise attackers can make the same substitution on their end to compensate.

"If a site should not need a password, try to log in as 'username' with 'password'. "

Or try bugmenot.com, handy especially on sites that want to verify your email address.

Re: Troll-zapping

That's an interesting point, but considering P/E ratios are ridiculously estimated to be anywhere between 25-50, verminx shareholders would probably expect a bid amounting to many times what today's lawsuits are worth.

Secondly, I don't expect anyone to spend good cash on a company just to throw away the assets.

Where's my "no software patents" icon?