Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Is MySQL Slowly Turning Closed Source?

einhverfr Re:Just fork it (336 comments)

Because MySQL uses threads. It doesn't fork() to serve more requests, like PostgreSQL does ;-)

more than 2 years ago

Is MySQL Slowly Turning Closed Source?

einhverfr Re:Just use Postgresql (336 comments)

But there is a huge difference.

For MySQL, the database primarily serves the application. The boss is the app developer who gets to tell the db (through the app) whether to treat zero dates as valid or not, or whether 2009-02-30 is a valid date. The app dev is king. This works well enough when there is only one application writing to any given relation (many readers is not a problem there because the writing app is king). But it doesn't work well as a data centralization and management solution. If you have 20 apps writing to the db and they may all be using different sql_mode settings, that is going to be a mess if they share relations.

For PostgreSQL, data is king. The applications consume managed data. The DBA is the one who gets to make the hard calls and every app developer gets to live with the decisions made. MySQL is thus a bottom app tier while PostgreSQL is a data management and centralization solution. They are *very different* and if you have 20 apps sharing the same relations, PostgreSQL will be far saner because multiple readers do not have to tolerate eachothers' sql_mode settings.

more than 2 years ago

Is MySQL Slowly Turning Closed Source?

einhverfr Re:Just use Postgresql (336 comments)

I am starting to plumb the depths of PostgreSQL object-relational capabilities and wow, these are incredible. Not quite as impressive as DB2 or Oracle but I suspect that once people start realizing how awesome this is, they will get needed facelifts.

more than 2 years ago

Is MySQL Slowly Turning Closed Source?

einhverfr Re:Just use Postgresql (336 comments)

Well typically the installation is run as a root user (it doesn't have to be) because of file permissions considerations. However, it runs as a non-root-user and will actually fail to start if you try to run as root.

However there is absolutely no reason you can't run initdb as any user you'd like. you can't set up the startup scripts as a non-root user though for obvious reasons.

more than 2 years ago

Ask Slashdot: Companies That Force Employees To Join Social Networks?

einhverfr Re:Why not, it's just another work tool (364 comments)

Also, I try to use social networking really with three categories of activities in mind:

1) Self-promotion: This stuff always goes on the social networking media. That';s what the media is there for!

2) Public thoughts: This is sort of like a mini-blog service. Things can go there if audience-appropriate.

3) Private activities and thoughts: No way in hell am I putting those on a social networking site!

more than 2 years ago

FOIA Request Shows Which Printer Companies Cooperated With US Government

einhverfr Re:What's the problem? (355 comments)

There is a great deal to learn from history. We might not always be able to avoid the hard lessons, but the easy lessons (i.e. what has worked) is far more productive anyway. And I think technology changes things less than you might think.... The technology is different but the human needs are the same, and the human flaws too.....

more than 2 years ago

FOIA Request Shows Which Printer Companies Cooperated With US Government

einhverfr Re:What's the problem? (355 comments)

Well, there are actually two uses for the yellow dots.

The first is tracking fake documents back to their source. There your idea has some merit.

The other is noting that a document was printed on a laser printer anyway. For example, TSA agents look at all id's with a blue light, presumably looking for these dots. A magnifying glass, looking at microprint on, say, passports would get further than the yellow light, and would not be more expensive or time consuming. Indeed the same magnifying glass might even show these yellow dots. The current scheme only catches cheap fakes. Someone mounting a major counterfeiting operation for things like visas and passports would use better technology than that though.

The issue that this is a cheap way to identify fakes is very dangerous because it is fairly easy to circumvent.

more than 2 years ago

Ask Slashdot: Life After Software Development?

einhverfr Re:Nope. (416 comments)

Interesting how mortgages also tie people to jobs. They reduce geographic mobility and make it so if you cannot work for someone else, you cannot effectively buy a house without a guarantor who does.....

One thing our society has been amazingly good at doing is making people dependent on corporations for jobs.....

It is *hard* to be self-employed in the US, but it is the only way to be free.

more than 2 years ago

Ask Slashdot: Life After Software Development?

einhverfr Re:Nope. (416 comments)

About twenty percent of US adults now live in multigenerational households so evidently it isnt that big of an issue.

more than 2 years ago

Ask Slashdot: Life After Software Development?

einhverfr Re:Nope. (416 comments)

Better yet, move into an apartment and rent your house out. That protects your ability to pay your mortgage while protecting your interest in your house.

The next thing to do is to figure out how to eat during that time. I suspect the minimum monthly budget is probably something like 250/person if you aren't in practice, and around $100/person if you are (and if you want to be happy with this food you had better be a good and creative cook! Yes, there are a million and a half ways to cook beans with a little meat and onions!).

Or, if that fails, and your only issue is explaining the issues to those who don't get it, work with someone who doesn't mind doing the explaining. In fact I would be happy to take over this part of your projects, for a fee of course ;-)

more than 2 years ago

$6 Trillion In Fake US Treasury Bonds Seized In Switzerland

einhverfr Re:Wow (199 comments)

Presumably the bonds would be sold to third parties....

Then eventually banks would own them but when it would be time to collect.... oops, not valid.....

more than 2 years ago

Kentucky Telephone Companies Pushing For Option To End Basic Service

einhverfr Re:This Could Be Made Fair (157 comments)

The better idea would be for the counties to use eminent domain to take over the lines and phone switches and rent them back to the telcos!

Actually, this is not a bad idea. The telco's could then rent out the services to competing providers meaning an end to the monopoly and a need for such price controls. The original telco's could use their settlements to buy additional switches to stay in business, leasing the lines back from the counties.

Monopolies are not free markets. One can create a free market by nationalizing the natural monopoly portion and then renting out access on a RAND basis to all potential competitors on a per-subscriber basis.

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:No Chicken Nuggets. (554 comments)

All kids need bacon cheeseburgers from time to time too.....

Especially Jewish and Muslim ones.

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:INspector is Right (554 comments)

All of these are unnecessary if you put the effort into designing a good diet around it.

Milk is problematic for a number of reasons though. These include:

Lactose intolerance varies substantially by ethnic group. Mongolians are almost never intolerant, nor are Scandinavians. On the other hand Italians and Chinese are. Requiring that kids drink milk is probably not a good thing in an ethnically diverse culture.

Also there are many groups which have prohibitions about milk. Jews, for example, if they keep kosher, are supposed to aggressively separate milk and dairy. These are not to be eaten in the same meal. They are not to be prepared using or served on the same utensils..... Insisting that children drink milk is in many cases very culturally insensitive too.

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:Despicable (554 comments)

It might be interesting to ask:

What exemptions are available for Jewish kids? What if a low income family converts to Judaism and decides to no longer mix meat and dairy in the same meal?

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:Despicable (554 comments)

The linked to debunking was certainly interesting but not entirely sure what it debunks.

I haven't read the statute in question. It isn't clear to me who to believe in terms of which child care facilities fall under its domain. I would suggest that were there is doubt, ordinary citizens tend to assume for good reason that the statute covers even if it gets interpreted not to.

But school employees who are tasked with enforcing school rules are typically understood to be, legally, agents of the state. They are state agents, and therefore what goes on in a public school brings the state into the childrens' lives. This is important in areas like search and seizure law regarding public vs private schools. The private school might be able to claim some parental authority in the absence of the parent's presence regarding searches and seizures, but a public school is subject to the 4th amendment. So I don't think it is unfair to say that this was done by a "state agent." However calling the individual a "federal agent" is pretty clearly unfair. The only one who did this however was Limbaugh and I don't know anyone who listens to him seriously.

Secondly nobody really disputes that the facts of the girl being offered the full cafeteria lunch in addition to what she had brought from home. The question is whether this was a functional replacement or a functional supplement. That's a question that hasn't been adequately addressed yet either.

As an interesting aside, I note they require meat and dairy in the same meal. What happens if the family converts to Judaism?

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:Despicable (554 comments)

This is the interesting thing here. The only reference to the USDA is to the USDA guidelines. The right-wing seems intent on blaming Obama. The AP version of the story suggests it's the TEACHER'S FAULT!!

This really surprises me for a couple reasons. The first is that this is a state statute. The Republicans are interested in states rights, correct? Why are they trying to make Obama take the fall for something stupid the state did?

Oh wait, the Republicans only talk about states rights.... the way Obama talks about civil liberties.... Sort of like "Please note how important these are to our way of life and pay no attention while we shred them...."

Similarly, blaming the teacher for a bad policy is a bad idea. The teacher is either poorly training (the responsibility of the state in this case), or the school has poor policies on the matter (also the responsibility of the state).

Either way, the state of North Carolina is entirely at fault here. But what do you expect from a state whose laws allow first cousins to get married as long as they aren't double first cousins?

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:Despicable (554 comments)

Now I realize "adequately" is up for some debate. I would be suspicious if I were sending my child to school with lunch and got this kind of feedback. I would try to work it out with the school. However, as an outsider looking at the situation, it's hard to know what's going on. I hate to say it, but if the school earnestly believes the parent is not providing sufficient food for their child, and the parent disagrees, then it's time for a judge to decide what's going on.

Look, a lot of kids don't eat their lunches at all. Kids can do just fine on two meals a day and no matter what the options are, a lot of them do anyway.

If the kid is getting two good meals at home, and eating nothing but cashews for lunch, that's no reason to drag the family before a court. Only if there is additional evidence of lack of adequate nutrition should that be considered.

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:Despicable (554 comments)

If it is included in the contract.

On further review, it looks like the state's position is that the parent shouldn't have been charged here and that they are investigating.

The Republicans are blaming Obama and the Democrats are blaming the teachers. You'd think nobody recognizes that there's a state statute at issue.

more than 2 years ago

School Sends Child's Lunch Home After Determining it Unhealthy

einhverfr Re:Disagree with your interpretation (554 comments)

From The Friendly Article, " On top of it, her mother was then sent a bill for the cafeteria food."

Even the Carolina Online article linked to in that one suggests strongly that she was charged, although it is somewhat ambiguous. FWIW, the state seems to say that charging the parent would be inappropriate in this case. But it isn't entirely clear one way or the other. I son't see the note. It could say "according to state law we can charge you for this. You owe us $1.25."

It's better to check the article before assuming I didn't read it. The article, and the article it linked to, both suggest strongly that the parent was charged.

more than 2 years ago



Arizona Ponders FCC Decency Standards for the Classroom

einhverfr einhverfr writes  |  more than 2 years ago

einhverfr writes "Eugene Volokh has posted an interesting discussion of a bill that has been introduced in Arizona, which would tie public school educator conduct to the FCC standards or decency for radio and television. The bill is essentially a three strikes system, firing teachers if they violate FCC standards three times.

While the goal of the bill may seem reasonable, the details strike me as silly. What do you think?"

Link to Original Source

10 Underrated Features of PostgreSQL

einhverfr einhverfr writes  |  more than 3 years ago

einhverfr (238914) writes "Chris Travers writes, "Here are a list of features which I think are generally underrated in PostgreSQL and why. Many though not all of these are being used in the development version of LedgerSMB, and more of these will likely be used as time goes on either by the main software or by addons."

What do you think? What PostgreSQL (or other RDBMS) features are heavily underrated?"

Link to Original Source

LedgerSMB 1.3.0 Released

einhverfr einhverfr writes  |  more than 3 years ago

einhverfr writes "LedgerSMB 1.3.0 has been released after several years of development, and sporting important database changes, an enhanced security framework and more.

The new release features role-based permissions management, separation of duties, fixed asset management and depreciation, and much more. This has been billed as the most significant release of this open source financial accounting and ERP package to date.

One unique feature of LedgerSMB 1.3.0 is the emphasis on both encapsulating accounting logic in stored procedures, and also making these procedures discoverable, allowing for looser ties between the application and database logic than has been the case in the past."

Link to Original Source

Obama Administration to Seek Encryption Backdoor M

einhverfr einhverfr writes  |  more than 4 years ago

einhverfr writes "From a New York Times article (free registration required etc):

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is "going dark" as people increasingly communicate online instead of by telephone.

Their solution? Require all software to be subject to federal wiretaping capabilities. In particular:

Developers of software that enables peer-to-peer communication must redesign their service to allow interception.

Is this even possible? Presumably "peer to peer communication" would include things like email. Even if it is possible, this strikes me as an unbelievably bad idea."
Link to Original Source


Ultracapacitors soon to replace many batteries?

einhverfr einhverfr writes  |  more than 7 years ago

einhverfr writes "According to an article in the IEEE Spectrun, the synergy between batteries and capacitors — two of the sturdiest and oldest components of electrical engineering — has been growing, to the point where ultracapacitors may soon be almost as indispensable to portable electricity as batteries are now.

Some researches expect to soon create capacitors capable of storing 50% as much energy as a lithium ion battery of the same size. Such capacitors could revolutionize many areas possibly from mobile computing (no worries about battery memory), electricity-powered vehicles, and more."

Link to Original Source

LedgerSMB turns 1 year old

einhverfr einhverfr writes  |  more than 7 years ago

einhverfr writes "LedgerSMB, an open source accounting system, has turned 1 year old today. The past year has seen three major releases, a few problems, and a lot of support from the community. Read below for more information on the last year's accomplishments and the plans for the next year.

LedgerSMB began as a fork from SQL-Ledger by developers who were unhappy with the security of that codebase.

The last year has seen 3 major releases and 21 minor ones. The major releases have added better Point of Sale support, local sales tax support, and many other features, and have also included structural security enhancements. The minor releases have continued to address security issues as well as other bugs in the software. Every major release to date has had at least moderate structural security enhancements, and we expect the next major release (1.3) to be the final release in that trend.

When 1.3.0 is released, we expect it to finally create a stable and robust security architecture. Additionally, the contact management portions of the application will be re-engineered and rewritten on the new architecture. This framework is designed to allow people to write applications in other languages which integrate with the application using any of a number of options (from database stored procedures to web services). 1.3.0 is close to feature freeze at the moment.

Following 1.3.0, we expect to move all the rest of the financial logic over to the new framework. Following that, we will implement any additional outstanding areas into the mew framework. clean it up, and address user interface and workflow issues."

Link to Original Source

einhverfr einhverfr writes  |  more than 7 years ago

einhverfr writes "Recently the argument over SQL-Ledger's change of license has taken an interesting turn. Apparently people who feel that this is no longer open source or free software have filed a complaint with Sourceforge asking that the project's mailing list and hosting be shut down. Sourceforge's response seems to be that since the developer isn't actually hosting the packages on Sourceforge anymore, that this is within the terms of use. Some seem to note that this would allow any proprietary software vendor to use Sourceforge for non-Free projects as long as they don't actually host the downloads there. What do you think? Where should the line be drawn?"

einhverfr einhverfr writes  |  more than 7 years ago

einhverfr writes "SQL-Ledger 2.8.0 has been released. It includes a whole list of new features, but perhaps that is not the biggest story. The main developer appears chosen to move the license away from the GPL and to a new custom license which appears to be quite different and even incompatable. However, a further examination of the code indicates that several files mention the GPL but that license is not included. So was the oversight not including the GPL? Or in not removing the references to the GPL?"

einhverfr einhverfr writes  |  more than 7 years ago

einhverfr writes "Microsoft's Open Source Software lab's Port25 web site has published a primer (written by me) on running PostgreSQL on Windows. This paper covers the installation and initial configuration of PostgreSQL 8.2 on Windows up to a point where a database is created and plpgsql is installed in it. We assume an ability to walk through the install wizard in general, though screens that do require additional information are covered (with screenshots). Important options in the postgresql.conf and pg_hba.conf are covered, as are database creation in PgAdmin III."

einhverfr einhverfr writes  |  more than 8 years ago

einhverfr writes "A serious authentication flaw has been found in the popular open source accounting program SQL-Ledger which allows users to bypass login requirements. What is unusual about this problem is those who reported it are now offering a fork of the software after accusing the maintainer, Dieter Simader, of being unwilling to work with them on a fix. Mr Simader, for his part is accusing those who forked the software of not playing fair. The individual who released the security alert has an entry on his blog. Which raises the interesting question: Who do you trust with your accounting data?"



A Cure Worse than the Disease: Amending the Constitution vs. Citizens United

einhverfr einhverfr writes  |  more than 3 years ago

Recently a set of six senators have proposed a Constitutional Amendment to overturn the controversial Supreme Court case of Citizens United v. FEC which held that corporations were allowed to make unlimited expenditures with regard to elections provided that those were independent expenditures, not coordinated with candidates.

The Citizens United case overturned two previous Supreme Court cases, McConnel v. FEC (which was a case the court evidently had trouble drawing lines over given the fact that 9 justices produced 8 opinions, and pieces of four of the opinions commanded a majority of the court), and Austin v. Michigan Chamber of Commerce. Some First Amendment scholars from across the political spectrum have hailed the decision. For example Eugene Volokh, a Republican, has generally felt this was an important protection of Constitutional liberties, and the ACLU played an important role in filing amicus briefs in favor of Citizens United, and has been very much in favor of the decision. Others have seen it as an open invitation to Corporations to meddle in politics.

Before we get into the Constitutional Amendment and why everyone, on both sides of this issue, should be opposed to it, it's worth noting that the questions of first amendment law in election finance cases seeks to balance two competing interests. The first is to ensure that the people can write and publish on political topics surrounding an election, and the second is to ensure the integrity of the elections. Citizens United draws this line by saying that independent expenditures are different from coordinated expenditures (5-4 holding, but the dissent didn't offer an alternative except to wait for another case), and that disclosure laws were entirely Constitutional (8-1 holding). The fundamental problem is that while money is not speech, regulating how people can spend money in order to express themselves regulates a lot of speech. The court correctly noted that the Constitution didn't differentiate between, say, the New York Times and, say, Merke, and therefore, couldn't grant the government the ability to ban Merke from buying television ads without banning the New York Times' right to print editorials in favor or opposed to candidates.

Indeed the concern over freedom of the press was at the core of Citizens United. Surely when Alito asked S. G. Malcolm Stewart if the government could Constitutionally ban books, he had no idea that the only answer S. G. Stewart could give would be "yes" (an answer repeated by S. G. Kagan at rehearing, see the same link above for all oral argument), and hence a question probably intended to address an issue of statutory interpretation set the stage for a Constitutional showdown. To be fair, both Stewart and Kagan tried very hard to avoid giving that answer but both were unable to come up with any alternative that would save the law as written, because the Supreme Court tends to err more on the side of facial challenges (striking down laws) than as-applied challenges (mandating exceptions) when it comes to freedom of expression. The dissent felt the correct decision was to say, in essence, "we don't have sufficient record to make this decision. Declare it as moot and let them bring another case to us through the courts."

Citizens United was hailed as a major First Amendment victory by the ACLU, and many other organizations which work on First Amendment issues, and by major First Amendment scholars such as Eugene Volokh. However, many others have seen it as a doorway to corporate tampering with our elections.

However, for any controversy, there are solutions that are far worse than the cure. This is one of them. The relevant portion of the proposed Amendment is:

SECTION1. Congress shall have power to regulate the raising and spending of money and in kind equivalents with respect to Federal elections, including through setting limits onâ" ...
(2) the amount of expenditures that may be made by, in support of, or in opposition to such candidates.

The omitted paragraph 1 allows the government to regulate gifts and donations to candidates, something already within the power of the government. Section 2 grants identical powers to the states.

Now, it's important to note what is covered under Section 1 paragraph 2. In essence any money spent communicating a message on an election for or against a candidate in any way falls under government power. Presumably this could include purchasing gas to go to a rally, publishing pamphlets, buying Obama's books to give to undecided friends in 2012..... These are all independent expenditures and could fall under government regulation under such an amendment. And nowhere in the amendment does the word 'corporation' appear.

In essence the proposed amendment is that we trust to Congress the ability to arbitrarily limit the freedom of the press not only by corporations but also by natural persons. Such an amendment would prevent a first amendment challenge to some laws already on the books (say, a foreigner here on a student visa publishes a blog posting on a site that he/she pays for hosting on opposing an anti-immigrant candidate. This is already against the text of campaign finance law, but would probably allow either an as-applied or facial challenge to the law even before Citizens United but that would be taken away).

This proposed Constitutional Amendment then goes well beyond repealing Citizens United in that it takes away Constitutional protections that each of us enjoy.

Now, the subject of independent expenditures is a controversial one. However, given that only defenders of Citizens United have offered any data defending their side, I am forced to at least tentatively conclude that the ACLU is right on this one. However for the purpose of the rest of this post, I will assume that this is a serious problem and offer recommendations for changing this proposed amendment so that it does not strip us all of fundamental Constitutional rights.

If the problem is a concentration of power over spending in our elections, it seems to me unwise to further concentrate that power in the hands of the state. Instead it would seem to me that granting power to Congress to curb the worst abuses only, while preserving the power of the common man would be preferable. In this case, if the problem is specifically corporate spending, then allow Congress to limit Expenditures, not part of profit-making goods and services offered at standard prices, on the parts of for-profit corporations only. This would be sufficiently broad enough to ban Corporate donations to Citizens United and the ACLU, but not sufficiently broad to regulate what fliers and pamphlets you or I can print to distribute. It would allow Congress to prevent Corporations from offering special discounts for such material, but would not prevent them from offering standard discounts (such as volume discounts available to everyone else).

In the end, it's easy to get whipped up into a frenzy and believe that because we must do something that this must be done. This is unfortunately common. We see on the other side of our politics, amendments to state Constitutions which forbid state judges from using foreign laws to inform decisions, forgetting that in international contracts or other cases where conflict of laws issues may come up, these foreign laws are extremely relevant to the cases. Like this present proposal, the problem is with being overbroad, and therefore causing a great deal of harm to our basic freedoms in the name of solving problems.

Every American should be opposed to this amendment. Those who oppose Citizens United and seek to overturn it should insist that the amendment to do so be narrow. Those who support it should listen to the others but make sure their concerns are addressed.


LedgerSMB 1.3.0 -- Why it's cool

einhverfr einhverfr writes  |  more than 3 years ago

LedgerSMB 1.3.0 was released today after several years of development (perhaps nearly joining the ranks of Perl 6 and Duke Nukem Forever). The release offers a number of compelling features, such as separation of duties, far improved payment handling, better cash reconciliation and the like. But what makes LedgerSMB 1.3.0 cool is how we are pushing the envelope technically and attempting to provide a framework for quickly building new programs which re-use our application's functionality.

Simply put, the cool approach we are taking is in making stored procedures discoverable, much like web services. This is done by assigning semantic meaning to argument names, and then using a mapping function to pull argument names from the system catalogs, mapping these to object properties. This offers many of the benefits of web services, such as offering a looser coupling between database and application layers than is traditional, and it facilitates the development of add-ons or even other applications which re-use LedgerSMB functionality.

One key element to making this work is the principle that the database in such an environment should be the centerpiece of the computing environment rather than the bottom tier of a multi-tier architecture. Thus every application user is a database user, the database itself enforces permissions, and can act not only as a data store but also a message queue, possibly routing data to other applications (via queue tables and PostgreSQL's LISTEN/NOTIFY framework). In essence the database does everything that could be done with set functions.

Of course the database doesn't do everything. We don't hand it raw http query strings, or have it output HTML documents assembled from data inside the database. This is the job of the application layer, which is to manage the interaction with the human component. Separating this role off, then allows for more diversity in usage in the future. We are thus no longer tied to a web interface for the long-run, and could allow other client apps to be built on our software in the mean time, all sharing a common security and data logic framework.

In this regard, PostgreSQL takes on traditional middleware roles in LedgerSMB from 1.3 onward. This isn't to say it is an application server in the classical sense, but rather that it takes on many roles of application servers. We've found this approach to be quite scalable because hand-tuned SQL generally performs better (and is easier to troubleshoot) than ORM-generated SQL statements, and yet of course much business logic is not in the db server at all but rather in the application which provides the interface between the db server and the user interface, whatever that may be.

Work has already begun on 1.4 to take this approach to an even higher level, as we re-engineer the financial logic to make use of this approach.


Why The Encryption Back Door Proposals are Bad (Technically)

einhverfr einhverfr writes  |  more than 4 years ago

Permission is hereby granted to distribute modified or unmodified copies of this content far and wide. I, the author, do request though do not require that the link to the New York Times story is preserved in any redistribution, however.

(Copyright (c) 2010, Chris Travers)

The New York Times has reported today that the Obama Administration is seeking legislation to require backdoors into encryption software that could be used for wiretapping. I believe this is deeply problematic for both technical and social reasons, but the technical reasons are probably the worst. Because this area is not well covered in the existing articles, I figure it's worth giving a quick primer here.

  Types of Encryption

The simplest form of encryption is what's called symmetric encryption. It comes in various forms, some simpler than others, but the basic process is conceptually simple. Two parties share a secret. One party takes the message and encodes that message with the shared secret, and the other party decodes it using that same shared secret. This encryption is reversible and the key is the same on both sides.

A trivial example might include what we think of as ROT-13 (used for obfuscation) where every letter is rotated 13 places forward. So "this is a sample message" becomes "guvf vf n fnzcyr zrffntr." Of course such a cypher is easily broken, but there are very good quality symmetric cyphers available, such as AES.

The real problem with symmetric cyphers is that they require that both sides knows the same key before encrypted communication begins. If you are communicating with a lot of third parties, you would find you'd either have to publish the key (making sure everyone else could decrypt the same messages!) or find some way of getting the keys to the other parties in advance. This obviously renders this form of encryption useless for initiating secure communications with individuals one has never met.

To solve this problem, public key encryption was designed. Public key encryption uses two keys, called a public key and a private key. Knowledge of the public key is not sufficient to derive the private key through any sort of feasible process, and these keys are usually very long (AES may be 256 or even 512 bits long, but public/private key pairs are often 1024, 2048, or 4096 bits long per key), making brute force even harder (since the public key is expected to be publicly available).

The public key is then published and the private key is retained. A user can then look up a public key, encrypt a message with it, and only the holder of the private key can decrypt it. Similarly a private key holder can sign a cryptographic hash of a message and anyone with the public key can validate this "digital signature." (A cryptographic hash is another form of encryption with is one-way, and is used in document validation, tamper-proofing, and password checking.)

Public key encryption depends on the idea that ONLY the appropriate party has the private key. When you make a secure purchase on, say, Amazon.com, Amazon sends you their public key, and you and them use this to negotiate a symmetric cypher (probably using AES or RC4). In this way you know the key was properly exchanged and eavesdropping on this sale by criminals is not possible. When you enter your credit card data is not intercepted by criminals. Protection of the private key is very, very important to this process, but even knowing the private key does not enable you to eavesdrop on a conversation in process since that's done with a symmetric cypher.

SSL, PGP, IPSec Opportunistic Encryption, and related technologies all use asymmetric encryption, but the differences tend to be in how keys are published and who is vouching for them. SSL is designed so that you know who you are talking to because a third party (like Verisign) is vouching for the identity of the server.

Problems with Backdoors in Public Key Encryption

To effectively wiretap public-key-based communications, you have to have access to the private key, or you have to tap them post-decryption. Tapping post-decryption works fine in some contexts, such as what you are purchasing at Amazon.com. However, it does not properly work when trying to capture the content of encrypted emails, since these are usually encoded with the recipient's private key. Communications encrypted in this way are not generally vulnerable to interception in the middle. Moreover, communication itself could include encrypted files as attachments and such which could be handled entirely outside the flow of the program (I can encrypt a file and then attach it and my email program doesn't care if it is encrypted).

There isn't a real way to retrofit peer to peer communications programs to allow this sort of interception without compromising the core of how encryption works. A company may maintain their own certificate authority and use it to publish keys for internal company communications. A person taking a company laptop home may then use those certificates to encrypt emails. There is no way to intercept the content of these communications without requiring that the company keep copies of all private keys, thus compromising their own security. Similarly, if I email out an OpenPGP key or an OpenSSH key, these are not sufficient to wiretap the communications that would be encrypted using those keys. The only way out would be to require the makers of the software to include a facility sending the private key to some sort of escrow service which could then provide the key to law enforcement, but this compromises the basic integrity of the software, and any attempt on open source programs could be easily circumvented.

Consequently, this doesn't actually affect the sorts of technologies an organized crime ring is likely to use. Instead it makes each of us more vulnerable to government spying, and it makes key data, such as credit card data, far more accessible to criminals.

Such a law would thus benefit organized crime at the expense of the average consumer. It's an unbelievably bad idea no matter how you look at it.


Misinformation Abounds regarding Vaccines and California Whooping Cough Epidemic

einhverfr einhverfr writes  |  more than 4 years ago

I have had a great laugh doing some research online (various sites) to try to figure out why this year's whooping cough epidemic is happening in California. It is amazing the amount of misinformation I have found. Pro-vaccine people are blaming it on anti-vaccine people (false, see below), and Anti-vaccine people are blaming it on the vaccine (also wrong). Some people are even blaming it on illegal immigration. As best as I can tell this is because the whooping cough vaccine is different from the vaccines of, say, Polio or Measles, and people try desperately hard to fit it into their agenda even when it doesn't fit. In my reading I have learned a lot about a type of vaccines I never really paid attention to. I figure it's time to set everyone straight.

The NPR article above is particularly laughable (really, NPR does enough good reporting they should know better) because they say whooping cough was once "wiped out." Not so, says the CDC.

Most vaccines against serious illnesses are called "live attenuated virus" vaccines. These include MMR and Polio, and and basically the idea is you give the body a weak version of the virus so it develops an immune response against a stronger version. Usually with appropriate doses, these provide permanent immunity, but there are rare cases where the virus can revert, so it is possible to get full-blown measles from the MMR vaccine, though once again this is rare. These are the vaccines which produce herd immunity.

It turns out that whooping cough vaccine is a different kind of vaccine altogether and in fact individuals are not actually vaccinated against the bacteria that cause the disease at all. Instead, the vaccine is against a toxin that is excreted by the bacteria, and that toxin, called an exotoxin, is what causes respiratory damage. The theory is that this way if you get the illness, your body will have a head start at damage control (by attacking and neutralizing the exotoxin) and so you won't get very sick. So the vaccine is a dose of denatured bacterial exotoxins, called toxoids, that your body can develop antibodies to. Other toxoid vaccines include tetanus and diphtheria. While it is possible to be allergic to an acellular toxoid vaccine like this one, it is entirely impossible to get the disease from it because there are no live (or even dead) microbes in the vaccine itself. Whooping cough, or pertussis, vaccine is usually given with diphtheria and tetanus toxoid vaccines together either as a DTaP or a Tdap depending on age of the individual, but adult vaccinations are rare.

One interesting feature about toxoid vaccines is that they don't actually provide direct immunity against the disease at all because the targets of antibody production aren't on the envelope of the microbe. Instead they work by reducing the severity (and length) of the illness. In short, they don't keep you from getting sick. They just keep you from getting extremely sick. Consequently most people reading this could still get diphtheria this winter, or whooping cough, and could even spread it, but you probably wouldn't know you were carrying a serious illness. In short these vaccines provide absolutely no herd immunity at all, though they may provide some epidemiological benefits in terms of reducing the number of individuals infected by a single person (the downside of course is that it makes diagnosis and monitoring much harder--- we simply don't have any idea, for example, how many minor cases of whooping cough or diphtheria actually occur every year. We just know they don't get sick enough to be diagnosed).

Yet the news media and many "experts" still talk about herd immunity from this vaccine. Indeed while the CDC recommends adults be vaccinated, they state clearly that herd immunity is not a direct factor and that it's not a simple choice.

And while it is not believed that whooping cough has an asymptomatic carrier state, diphtheria is shown to have one, particularly in vaccinated adults. (One possibility worth considering is that asymptomatic means just that, so even mild symptoms, such as those resembling the common cold could be a symptomatic carrier state.)

So the picture that emerges is that whooping cough vaccine prevents death and long, tiring illnesses in children, but doesn't stop the bug from circulating. So it's probably a good thing for kids to have. However, whooping cough is also very much out of control and not just this year, as the CDC admits.

Furthermore I have come to realize that a few times in the last decade I've gotten this cough which lasts a few weeks and then mostly goes away, except for periodic, very heavy coughing, and with no symptoms in between. In these cases, sometimes I have been diagnosed with asthma but the inhalers don't seem to help much (so I go back to using an herbal remedy which seems to work very well, but it is rather non-standard). This lasts a few more months, and then goes away. My current thinking is that my son probably picked up whooping cough at school and I picked it up from him. Since he was vaccinated, he only seemed to have the common cold, but I got something a bit worse.

This specific vaccine isn't about herd immunity, but rather reducing the severity of a serious childhood illness. It doesn't contain microbes, live or otherwise, and while it may reduce the spread of the illness there isn't sufficient data to know the extent of this. This particular vaccine is almost certainly worth giving to most kids. However, there is no benefit that non-vaccinated individuals get from those who are vaccinated in this case.

Whooping cough cycles come and go every few years. This is no different. While hospitalizations may be preventable with the vaccine, it's spread is probably not.


If I were a Libertarian, I'd be a Viking one

einhverfr einhverfr writes  |  more than 4 years ago

When people extol the values of a political philosophy, I like to look to history for empirical data. Obviously republican forms of government with general police powers to enforce the common will are much more common than successful libertarian states. We can look to Athens, the Roman Republic before Sulla or Caesar.

There is one prominent exception: Iceland between the period of Norse settlement (probably 8-9th Century) and Norwegian domination (12th century). Iceland was a remarkable place during these years but due to a number of problems eventually was subsumed into Norway. The country sported a national legislature and a national court system supported through a combination of private enterprise and taxes, but it had absolutely no executive power. People suggest it was the first democracy to rule a country. Well, it wasn't (it's hard not to consider Athens a country), but it was quite remarkable nonetheless.

Icelandic society had basically three social classes based on offices, obligations, and conditions of servitude. The top class was occupied by the "godhar" who possessed property rights to a "godhord" which was a public office which contained legislative, attorney, and priestly roles. The godhord could be sold, loaned out, inherited, etc. In other words it was treated just like real property. The godhar collected taxes on the maintenance of temples, received income from arbitration and attorney services, and had certain rights regarding international commerce, such as first pick of goods from an overseas merchant. While "godhi" is usually translated as "chieftain," they didn't "rule" areas, and only were responsible for people who entered into contracts with them.

The second class were the bondar or thingmen, who were freeman farmers who entered into a relationship with a godhi. The bondi was responsible to represent the godhi's interests when serving on a jury at the thing ("thing" being legal assembly), were expected to serve as guards or soldiers for the godhi if necessary, and so forth. Bondir were allowed under Icelandic law to change allegiances more or less at will, so this relationship had to be mutually beneficial if it was to last.

The third class were thralls, or slaves, who were usually either people captured in raids or prisoners of war. If a thrall was freed, the freed man or woman would have certain legal obligations to the former owner, and the former owner would have paternal duties to the freed individual, but the children of freed thralls would be fully free citizens with no such obligations. Thralldom provided a sort of POW status for those captured during warfare or raiding operations, and provided a limited set of legal rights to those so held. Thralls weren't "slaves" in the way we think of them from American history in terms of simple human chattel, but rather individuals who were captured at war and afforded some legal protections provided that they'd work. Thralls could own property and were afforded the right to purchase their own freedom if such wasn't given by their "owner."

Now, for the Icelanders, life was surprisingly good compared to Continental Europe. While life expectancy from birth in France was about 20 years during the 10th century, assuming the child wasn't exposed to death in Iceland (infanticide was legal), the child could expect to live 45 years. Moreover the rate of dental caries in France over that shorter lifespan was 10% (meaning 10% of teeth were lost on average, or were decayed). Despite the longer lifespan, the rate in Iceland was 2%. The typical theory is that this would indicate a general lack of carbohydrates in the Icelanders' diet (they ate mostly dairy products, meat, and dried fish smeared with butter).

The longer lifespan is all the more incredible due to the way the Icelandic justice system worked: if the sagas are any indication blood feuds were quite common and may have actually had a stabilizing impact on Icelandic society due to how they were structured. These were generally resolved in court via lawsuits where the side which lost most would be compensated by the side which lost less. Often these were arbitrated with the support of extended families, but sometimes they were actually full law suits.

This system worked remarkably well for a remarkably long time (about three to four centuries). However, eventually Iceland was essentially annexed into Norway. The major causes for the Icelandic decline were:

1) Environmental degradation and erosion (a surprisingly common problem in the pre-modern world, but one which was particularly problematic to people on an island with limited land)
2) Climate change (the little ice age) which cut off Iceland from the Greenland colonies and made the island politically and economically dependant on Norway, and
3) The conversion to Christianity and the political struggles over the church in Iceland eventually allowed Norway to annex the island without a fight (though more than 100 years after the conversion)

After losing independence, Iceland would not regain it until WWII. However the system worked surprisingly well for a surprisingly long time period, and was (relative to the time) not a very bad place to live by any measure.

However, of course, this worked fine for an insular area like Iceland. It would not have worked in a place more easily subject to invasion.

Further reading:
"Medieval Iceland" by Jesse Byock
"Viking-Age Iceland" by Jesse Byock
"The Vikings" by Else Roesdahl
"Everyday Life in the Viking Age" by Jacqueline Simpson


Health Care Reform and the Decline of Due Process

einhverfr einhverfr writes  |  more than 4 years ago

My single largest concern with the health care reform bill here is that the law, if upheld, would severely damage some of our most important Constitutional rights as American citizens. These rights are codified in the 5th Amendment and protect us all from unfair prosecution by the government in two ways: by requiring that due process not be denied, and by prohibiting the government from requiring self-incrimination.

It's important to realize how this mandate works as opposed to, say, the mandate to be insured when you drive in this regard. The state cannot force you or anyone else to admit to a traffic infraction or misdemeanor, so the only way this can be enforced is to require proof of insurance to drive, and to write tickets when this is not present during a traffic stop. Nonetheless, at least in my state, this can be challenged in court if you have insurance but the proof of it was not in the car during the traffic stop.

Obviously this sort of enforcement measure doesn't work when requiring people to purchase health insurance. I suppose Congress could make visiting an emergency room without insurance to be a misdemeanor or even a felony but that would just discourage the uninsured from seeking medical help when it was necessary. Consequently, Congress attempted to do something that's unprecedented: require disclosure of non-violation as part of the tax code and penalize people appropriately. This is where things become problematic.

To be sure there's no problem with Congress deciding to raise everyone's taxes by 2.5% and then giving everyone a tax credit equivalent to the current penalty, but that's not equivalent to the current system. Instead, if you make over about 28000 USD/year, you pay 2.5% as a penalty but if you make less, you pay $695 as a flat penalty. This penalty is equivalent to that which is assessed when one is convicted of various misdemeanors. While I think it might be argued that the objection of folks making more than 28k per year might be shadows instead of substance, for those making less, I don't think the law is Constitutional because it imposes a fixed penalty, requiring self-incrimination and denying due process. This is hence a "fine of not less than" structure pretending to be a tax, requiring self-incrimination, and adjudicated to a standard that would be impermissible if assessing a federal misdemeanor. I believe that such would be adjudicated to a preponderance of evidence, which is the standard for civil cases, not criminal cases. There are ways this could bleed over into criminal cases as well.

If this is upheld as Constitutional, then it is not an understatement to say that this is as much a threat to American liberty as any part of the so-called war on terror. The threat here is substantial and one that I don't think most Americans on either side of the isle appreciate: by eroding due process in the name of a social interest, we make it possible to use the tax code to make an end-run around the 5th Amendment, rendering our valued Constitutional protections of limited value. It seems to me that both parties seem intent on destroying due process guarantees in one way or another when it suits them, and I am very concerned about the future of my country. Our last hope at present is with the courts.

If this is upheld as Constitutional, there's no reason why a state couldn't list a bunch of crimes and require self incrimination on tax forms. At that point we move ever closer to a society characterized by "show me the man and I'll find you the crime." This is not what I want for my country. And while I have policy concerns over a single payer system in this country, they do not rise to this level. Let's hope that the courts protect our rights not to self-incriminate, and to ensure we have due process when accused of not having health insurance that the government deems acceptable.


Ruby Ridge and Waco, So Many Years Later

einhverfr einhverfr writes  |  more than 4 years ago

I thought about not writing this since the OK City Bombing occurred on the anniversary of Waco. However, in doing additional research into this topic, things have come up that must be said, and I believe that it is the patriotic duty of every American to consider these problems and strive to get our elected representatives to fix them. And whatever McVeigh's motives in the Oklahoma City Bombing, even if he was outraged at the atrocities committed by our government (which I doubt), he has hurt the cause of reform more than anything since.

First let me make one thing very clear. I have no inherent sympathy for white racists like Randy Weaver, nor do I have a great deal of sympathy for David Koresh. Neither man would be eligible to be my friend though for different reasons. Each I would have the sense to stay away from. However, as long as we strive to live in a nation ruled by laws, we must strive against the sort of excesses that were perpetrated against them by the government of the USA. Rampant lawlessness on the part of the FBI and BATF, and a military approach to domestic law enforcement have done great damage to my country, and threaten to do more as the "war on terror" slowly blurs the lines between domestic and international police actions.

Rule of law means that everyone, no matter how troublesome of character, is not subject to arbitrary and capricious attempts to deprive them of life, liberty, or property. Every American should read everything he/she can on these incidents and lobby Congress to make appropriate reforms. Furthemore this is not and should not be a partisan issue. The same problems that occurred at Ruby Ridge when George H W Bush was president occurred later at Waco when Bill Clinton had assumed that post.

A second important point is that while I find white racism (of the Aryan Nations type) very much a problem, it is well established that Randy Weaver was a law abiding citizen who never so much as got a traffic ticket prior to attempts by a government informant (who was paid per conviction) to railroad him. David Kopel has argued in his book, "No more Wacos" that one of the fundamental problems here was that the government was frequently paying informants on a contingency basis, and that this was encouraging entrapment of the sort that the jury found to have happened during the trial (Randy Weaver was acquitted on all counts except one count of failing to appear to stand trial). Kopel details abuse after abuse of government power in the Ruby Ridge incident. In the freely available chapter, however, a number of important details are missing which makes the incident even more problematic. In particular he glosses over the shoot to kill orders which were apparently to some extent already in place before the FBI arrived at the scene (given that the dogs were shot at by marshals prior). He also glosses over the allegations prior to the stand off that the Weavers fired at news helicopters (which was denied by everyone other than law enforcement).

Overall the picture that Kopel draws is of a law abiding citizen, albeit a white supremacist, who was railroaded for crimes he didn't commit, and improperly advised by judges and law enforcement, so that the fatal confrontation became inevitable. Unfortunately, as Harvey Silverglate documents in his book, "Three Felonies a Day: How the Feds Target the Innocent," this approach to federal law enforcement is quite common regardless of the type of crime alleged. The feds want convictions and tend to apply enormous pressure to get them even when they are clearly wrong, or have to stretch laws to the breaking point to get them. Silverglate is a veteran civil libertarian having done prestigious work at the ACLU and EFF, as well as founding FIRE.

On to Waco. Waco still stands as the largest massacre of Americans by Americans since Wounded Knee. In this case, 82 individuals, including 25 children, lost their lives in a military assault on a civilian compound in Texas, in 1993. The problems were the same, however: trumped up charges (many of which were fabricated out of whole cloth), excessive force including substantial evidence that law enforcement officers fired from helicopters prior to the ground raid commencing, and the overall conviction that military tactics were the appropriate method for dealing with domestic law enforcement situations.

In an Akron Law Review article, Can Soldiers Be Peace Officers, Kopel again takes up the issue of Waco and discusses the use of military tactics, as well as the close and in some cases illegal connections between the military and law enforcement agencies in that raid. In particular, it's worth noting that both Bradley and Abrams tanks were used by the FBI in this raid. Kopel's clear-headed evaluation of the situation, concluding that Koresh was probably mentally ill, and evaluating the issues in terms of how both sides reacted.

Of particular importance here though is Kopel's discussion of the evidence that the BATF officers began the raid not by approaching the front door but by strafing the roof of the dwelling with machine pistol fire from helicopters. The evidence is well discussed in Kopel's piece is interesting because it comes from a number of different sources and suggests that a military outlook was at issue even from the start. Assuming this is the case, then after already being fired at with no initial option to surrender, the Branch Davidians could have reasonably feared for their lives and assumed that the BAFT agents were coming in with lethal force.

The picture Kopel paints here is once again the same FBI unit which caused the problems at Ruby Ridge making the same mistakes all over, but with much larger stakes and with much more force.

I agree with Kopel that we need to work on demilitarizing our law enforcement, returning them to a proper "officer of the peace" status. This is becoming more important as the "war on terror" progresses. If you want to do something about it, write your congressmen urging reform of the Posse Comitatus Act, asking for a clear barrier where no military personnel or equipment can be used for domestic law enforcement, whether borrowed or rented from the military, and urge that the act be expanded to prevent use of the Navy and Marines in domestic law enforcement as well.


Why I oppose most "network neutrality" proposals

einhverfr einhverfr writes  |  more than 4 years ago

Please note, this is not a criticism of the ideals of network neutrality but rather of specific proposals. In general, I think it is important to ensure that ISP's are not blocking content for arbitrary reasons. However, in some cases, they may want to block content (with the customer's permission or in the customer's interest) and/or shape the traffic to prevent some individuals from saturating upstream links. Indeed, I think there are a number of reasons why ISP's would legitimately depart from the ideals of network neutrality without sacrificing the core benefits those ideals provide. The main areas of obvious departure include:

  • Blocking of network ports relative to security risks but with few legitimate uses, provided a customer can request non-blocked service
  • Blocking of known malware based on deep packet inspection (my ISP does this).
  • Utilizing traffic shaping and queuing in order to ensure that the main uses of an ISP continue to perform well.

These approaches are aimed at protecting users either from common mistakes that non-technically-minded users are likely to make or from compromised nodes of the network (viruses etc). A second main goal is to ensure reasonable customer satisfaction by ensuring that the most frequent applications of internet-based technologies perform adequately regardless of the behavior of other users. We do not need to treat a virus the same way as a web page request in order to get the primary benefits of network neutrality, and overly broad proposals would have the effect of limiting ISP choice in how to provide properly for customers. Therefore I would suggest that network neutrality should therefore be seen as excluding the following forms of broadband discrimination:

  • Blocking of network traffic for reasons of security, providing that a customer can opt-out of blocking rules
  • Blocking of known works and viruses, whether or not a customer can opt-out
  • Traffic shaping aimed specifically at ensuring that a small group of customers does not monopolize upstream links provided that performance is not degraded beyond available bandwidth (after higher priority queues are cleared)

FWIW, I don't see a lot of net neutrality proponents rushing to ban these sorts of practices. If we can exclude these practices from net neutrality-oriented legislation, I would be quite happy.


Pornography, Sexual Harassment, and Free Speech

einhverfr einhverfr writes  |  more than 4 years ago

Conventional wisdom, backed by court judgements, hold that allowing pornography to be visible in most workplaces constitutes sexual harrassment and is discriminatory against women. In this piece, I explore a counter-argument to this widely held belief. While I think workplaces are for working, and while it may be wise for a corporation even without threat of lawsuit to avoid allowing porn in the workplace, I think the courts have taken this too far and are further undermined by changing demographics in the consumption of pornography.

We have all heard that pornography is degrading to women, and courts have held that this is sufficient basis for a Title VII claim of sexual harassment. This premise, though, tends to be tied to the idea that pornography reduces women to sexual objects, and that allowing such depictions in most workplaces (obviously excluding pornography-related businesses) constitutes sexual discrimination (Title VII harassment claims are technically discrimination claims). This is a case where we start with the premise and assume the conclusion based on it. After all, it is incredibly difficult to determine what "degrading" means in an objective, legal sense and hence personal prejudices can be substituted for objective fact-finding. The EEOC, for example their definition of sexual harassment which includes any display of "materials that are in any way sexually revealing, sexually suggestive, sexually demeaning or pornographic." This definition of course, not only includes the playboy centerfold but also Leonardo Da Vinci's painting "Leda and the Swan" (which in the context of Greek myth is quite sexually suggestive as well as being sexually revealing even in the absence of such context).

Fortunately, the courts have been somewhat critical of these claims. In Robinson v. Jacksonville Shipyards, the pornography in the workplace was supporting evidence for the claim but other factors included the fact that individuals were placing such images in the plaintiff's toolbox and that there was other harassing conduct involved as well. In this case one might conclude that the mere presence of pornography was not sufficient to raise sexual harassment claims, but the overall environment was quite hostile (and even personally directed). Other cases I have been able to find have not been willing to find harassment on the mere basis that pornography was present in the workplace. However, what is troubling about the Robinson case is how the court's mandated sexual harassment policy banned all pornographic images in that workplace by court order.

Fortunately (at least from my point of view), personal prejudices of this sort are actually on their way out. One recent study concluded that around a third of all who purchased porn on websites were women. (While this site is probably not unbiased, the findings seem aggregated from proper studies.) When we do the math it turns out that nearly a third of women end up being porn consumers, and women are a rapidly growing demographic among porn consumers. Violet Blue, in her book, "The Smart Girl's Guide to Porn" argues that socially, we are moving towards gender parity in porn consumption.

What this means is that currently, a very large minority of women do not see pornography as sufficiently degrading to stop purchasing it. If pornography consumption is really approaching gender parity it seems silly to argue that displaying it is somehow discriminatory. However, courts tend to be methodologically conservative and may take some time to convince that such is not evidence of discrimination by itself.

UCLA Law Professor Eugene Volokh has written a very interesting article asking what speech is actually restricted in hostile work environment harassment law. One of the important points he brings to the table is the fact that most employers will err strongly on the side of caution to avoid being sued. This means that political and social debate. In particular he points out that:

Your answer would probably have to be "We won't know until it gets to court." With vague words like "severe," "pervasive," "hostile," and "abusive," that's generally all you can say. And because of this, the safe advice would be: "Shut the employees up." After all, the typical employer doesn't profit from its employees' political discussions; it can only lose because of them. The rational response is suppression, even if the lawyer personally believes that the speech probably doesn't reach the severe-or-pervasive threshold.[citations and footnotes omitted]

The result is that a definition of discrimination is fostered by our courts and government based on false premises which do not match the data on the ground. (The problem with the Court decisions is that it is difficult to know beforehand what will constitute harassment and hence employers have a strong desire to avoid anything possibly questionable.) This runs against basic first amendment protections and creates a substantial level of chilling speach. Worse, the same sorts of restrictions come into play in public accommodation harassment cases, where customers feel that the business is hostile towards them on account of protected categories. The result is a direct infringement on our ability to speak and advocate freely.

IMO, the solution is to provide proper protections for Constitutionally protected speech (including Pornography) and require that this be further balanced against any functionally discriminatory elements before suits can go forward. Furthermore, I think the Constitutional protections should be far stronger when applied to public accommodation harassment law instead of workplace harassment.

Tomorrow: Why the obscenity exception has to go (or at least be narrowed).


Sexting, Ferber, and Child Porn

einhverfr einhverfr writes  |  more than 4 years ago

This week the Third Circuit upheld the injunction against prosecution in the teen sexting case which has previously been mentioned on Slashdot. The third circuit didn't reach the question as to whether the photos at issue in the case were Constitutionally protected (this will probably be saved for trial). However, it seems to me that this is a good opportunity to discuss something a bit beyond the case: how vague child pornography laws are turning millions of normal teens into felons and sex offenders. I believe that the laws must be changed (either through legislative or judicial branches) to stop this trend. I think it should further be stopped without overly harming actual attempts to prosecute those who are engaged in the sexual abuse of minors by producing child pornography.

In 1982, the US Supreme Court ruled, in New York v. Ferber, that child pornography, whether technically obscene or not, was outside the protection of the first amendment. The Ferber case created this exception based on the compelling interest of the state in protecting children from sexual exploitation and abuse, and noted that the economic trade of child pornography was intrinsically connected to this sort of abuse. Given the negligible expressive value of such works in the context of Ferber, they were not protected by the First Amendment. I think this rationale was sound in 1982 and to some extent, as regards real child pornography, it is still sound today.

The rise of the internet and multi-media capable cellular phones has changed a great deal both in how real child pornography is distributed, tracked, and prosecuted, but it has also created a number of problems for the original Ferber rationale. The rise of sexting is one example, as is the rise of underage individuals taking photos of themselves engaged in sexual activity without the instigation of an adult. While Ferber is a helpful rule in tracking down those who aid and abet sexual predators, it also is criminalizing an increasing number of ordinary teens, in a direct affront to our basic rule of law and sense of justice. We are now facing the absurdity of throwing teenagers in prison and branding them for life as sex offenders in the name of protecting them from sexual predators. These sorts of prosecutions have a number of things in common: they are disconnected from the harm discussed in Ferber, they are typically non-economic in nature, and they may have, in their context, more than minimal expressive value.

First, Ferber was a response to a real problem regarding sexual exploitation and abuse of children. We can probably all agree that production of child pornography is a problem and that it may be legitimately outlawed. However, when a teenager takes sexually explicit pictures of him/herself and sends them to another teenager (typically a boyfiend or girlfriend), this is a very different situation. Here we do not have a sexual predator preying on a child. The rationale of the law and of Ferber is entirely inapplicable to the situation. It is further likely that only a small minority of such material is actually ever found, and that if current trends continue, the vast majority of sexually explicit images of real minors may be entirely divorced from the Ferber rationale. If this is the case, then Ferber would have to be revisited and either narrowed (which I support) or eliminated (which I do not).

Secondly, most of these are entirely non-economic in nature. I think Ferber could be held as applicable if an adult were paying a minor to take such pictures or to hand them over. However, where this is a private exchange of material from one teenager to another, then it doesn't seem that even the economic motivation portions of the rationale apply.

Finally, the Supreme Court has, in other cases, held that adults have an expressive right to be involved in non-obscene sexually explicit photographs. The child pornography cases to date have never reached a question of whether a minor has a right, absent adult intervention, to similar expression. If the First Amendment is truly seen by the courts as based on a natural right, then the bright line of saying "don't take sexy nude pictures of yourself before your 18th birthday" doesn't seem be tenable.

So what is to be done? I can think of a few options:

The first is that the Ferber rationale could be ruled to be inapplicable to prosecutions of minors. This would be the simplest approach and simply rule that minors cannot be prosecuted for charges relating to child pornography. There could be a number of Constitutional theories on which this could be based, including the idea that minors are not without expressive rights of this sort (and therefore strict scrutiny is not met as applied to minors), and that the rules are unconstititionally vague as applied to minors. This is the sort of thing which could be done as an "as-applied" Constitutional challenge or as a legislative change.

The second is that the Ferber rationale could be narrowed to require specific intent to possess child pornography AND a general intent to contribute to the exploitation, abuse, or privacy violations of a minor (i.e. intentionally possessing child pornograpohy, knowing that it was contributing to exploitation or abuse). This is more disruptive, and would make cracking down on child pornography harder but still possible. This is the sort of change that I am somewhat ambivalent towards, and I think only the legislature could really do it. Note that this would not categorically prevent minors from being prosecuted under these laws and would leave some sense of equal applicability.

Finally, Ferber could be overruled and obscenity laws only could be seen as applicable. I see this as very dangerous because I think obscenity laws should be declared Unconstitutional on both vagueness and first amendment grounds. Leaving this as the sole solution to the issue of child pornography would make that far harder. Only the courts could do this.

In the end, I favor simply excluding minors and those barely over the age of majority (say, those who are 18 years old) from such prosecutions, provided that there are no direct allegations of child abuse tied to the pictures (i.e. the Ferber rationale does not apply). If there are such allegations, they should have to be proven as a part of the trial process.

However, regardless of what we do, threatening to send adolescents to jail and brand them as sex offenders for life for doing what would be Constitutionally protected a few years later has to stop. Not only is it entirely unjust but it is an affront to the ideal that we live in a country ruled by laws in accordance to the ideals of Liberty and Justice.


Encounter with Jehovah's Witness missionaries

einhverfr einhverfr writes  |  more than 4 years ago

So today while I was at work a pair of Jehovah's Witnesses came to the door as part of their missionary work. I answered the door and knew immediately what was going on (two women I had never met knocking on my door? That's the JW MO....

So, they said they were talking with people about how they were discussing with people the problems of the world and where to turn for answers.

"I study ancient mythology." I told them.

"We're sharing the Word of God" they told me.

"That's your mythology" I told them, approvingly.

They seemed somewhat unsure of how to proceed. So they read me a bible verse and left. I thanked them politely for coming, but I don't think they will be back soon.


Letter to the USTR regarding the ACTA

einhverfr einhverfr writes  |  more than 4 years ago

BTW, here was my comment submitted to the USTR regarding the treaty.

RE: 2010 Special 301 Review
Docket Number USTR-2010-0003

Jennifer Choe Groves
Senior Director for Intellectual Property and
Innovation and Chair of the Special 301 Committee
Office of the United States Trade Representative
600 17th Street NW
Washington, DC 20508
Filed electronically via Regulations.gov

Dear Ms. Groves:

I am a software engineer and developer here in the US. I own copyrights to a number of software programs and published papers, some jointly with corporations or other natural persons. I have also authored two ebooks which are distributed online and one printed book which is available through major retailers. Software I produce is distributed world-wide.

I am deeply concerned about the rush towards greater liability for neutral service providers where copyright infringement is alleged. Holders of copyrights (including myself) should not be able to make end-runs around our traditional system of legal protections by threatening third parties into shutting off services which may be vital for conducting lawful business. This is especially dangerous where very fact-centric elements of copyright and trademark infringement accusations may need to be adjudicated by courts. These cases can occur where questions of fair use or derivation occur.

Thus I am concerned that the rush towards greater protection and greater third party liability will become a sword of Damocles hanging not only over the head of the average citizen but most especially over the head of the copyright holder. After all, if a set of mere accusations is enough to insist that material be taken down or internet access denied, then those who produce copyright-worthy materials will be the most exposed.

Instead, balance is needed, and consumer protections must be a major part of the equation. These consumer protections don't just protect consumers against rights-holders. They protect rights holders against unfair competition, and they protect innovators against entrenched market interests.

Instead of dictating how foreign countries should make laws ensuring elements well outside the traditional boundaries of copyright law (circumvention device control, etc), we should instead be interested in looking at ways to make claims more easily adjudicated when they come up. The emphasis on third-party liability is a major step backwards.

Please reconsider.

Chris Travers


Citizens United v. FEC

einhverfr einhverfr writes  |  more than 5 years ago

I have spent a lot of time thinking about the oral arguments posed in the rehearing of Citizens United vs. FEC. This is a case whether a corporation which exists primarily for political advocacy could have their movie denouncing Hillary Clinton played legally over cable in the last two months before the primary. The district and appellate courts said "no" based on campaign finance laws. They then argued before the Supreme Court over whether campaign finance laws could be applied to them in this context.

If only it were that simple. Instead of issuing a ruling, the court asked the parties to come back and argue whether or not two important precedents in this area (Austin v. Michigan Chamber of Commerce and McConnell v. FEC) should be overruled on first amendment grounds.

The ACLU, ever the champion of unpopular causes, has filed an amicus brief asking the court to rule the law in question facially overbroad and unconstitutional on first amendment grounds. The NRA also filed an amicus brief asking for more limited decisions on Constitutional grounds, striking down a single amendment and instead punting the issue back to Congress to fix the resulting issues.

The case is difficult for many people because of deep-seated prejudices about the virtues and perils of corporations in America. Some see corporations as good and wonderful engines of the economy which should be left alone from government interference and others see them as evil, greedy money-powered engines of social destruction which must be kept on a short leash. These prejudices get in the way of addressing serious concerns on both sides.

More troubling from my viewpoint though is the government's retreat from what is probably the most plausible defence of these cases: That very wealthy corporations (many of which have more wealth than any natural person in this country) can distort election dialog with their mere presence in that dialog. Instead Elena Kagan sought to emphasize corruption dangers and shareholder protection which seemed to be less well accepted by the court. In essence she asked them to keep the lines the same but change the underlying reasoning behind the line.

In the end though nobody seems to doubt that Citizens United should win, but the question is on what Constitutional basis. This leads in turn to the role of corporate first amendment rights and whether these even exist. Here the questions to seem to become far more murky.

Jamie Raskin, in his opinion piece "Corporations Aren't People" on NPR, said:

The corporation is not a membership organization but an "artificial entity," as the Supreme Court has called it, chartered by the state or federal governments to serve public purposes. Legally speaking, it has no independent constitutional standing outside of the rights of the people who own it -- and they already have the right as citizens to contribute and spend on campaigns. The idea now being promoted that CEOs have a First Amendment right to take other people's money out of corporate treasuries to spend on politics is outlandish.

Chief Justice John Marshall wrote in the Dartmouth College case that, "A corporation is an artificial being, invisible, intangible, and existing only in contemplation of law. Being the mere creature of law, it possesses only those properties which the charter of creation confers upon it, either expressly, or as incidental to its very existence."

I agree with John Marshall in his analysis but I don't think it necessarily follows that corporations don't have first amendment political campaign rights. Similarly even if we accept that corporations have first amendment political campaign rights we don't have to conclude that no regulation is possible. The fundamental question becomes whether Constitutional rights are applicable to an organization incidental to its very existence or not. Obviously some rights are not. Corporations can't vote, and IBM can't be nominated to fill a Supreme Court vacancy. Other rights, such as the rights to due process and equal protection of law are incidental to existing in the American legal system.

So which category includes freedom of speech? Or could this be settled instead by merely holding it to be a part of freedom of the press (which News Corp, NYT Corp etc. clearly have)?

Existing in the United States means participating in the marketplace of ideas. Both freedom of speech and of the press protect that marketplace from undue government control, and require that government rule are narrow as possible to meet legitimate and important government interests. The protection is not one which is limited to natural persons-- corporations routinely advertise their products and have some first amendment protections on those advertisements. Similarly, corporations have the right to petition government for a redress of grievances. I don't think it is outlandish at all to suggest that corporations, just like resident aliens, have a right to participate in our political system even if they can neither vote nor hold office. I don't think there is therefore any question that corporations have a right to disseminate company positions on election issues and candidates to the electorate in advance of an election.

Furthermore, it becomes difficult to distinguish a corporation like Citizens United, which exists for political advocacy, a corporation like News Corp or the NYT which IS allowed to air endorsements for candidates via freedom of the press, and a company like Microsoft or Oracle.

However, just because corporations, like natural persons, might have a right to participate in this dialog does not necessarily mean that no laws can be passed to protect the marketplace of ideas from being monopolized by corporate voices in these important areas-- there is no interest that I can think of more compelling for the government than the interest in free and fair access to election points of view. However, such laws would need to be narrowly tailored to meet this very compelling interest. Blanket bans on electioneering communications are facially overbroad, however, and should be struck down.

This shouldn't be a question of whether campaign finance reform itself as a concept is Constitutional but rather whether this specific section of this specific act is. I believe that the court should and probably will strike this down, but I hope that it does so without unduly undermining the rationale of Austin v. Michigan Chamber of Commerce.


On Health Care Reform and Software Development

einhverfr einhverfr writes  |  more than 5 years ago

One important news topic for the last month has been health care reform. I have decided to oppose the bills presented because even though I could probably live with the Senate bill, the House bill is rather terrifying.

Unlike most opponents of Obama's health care reform package, I am not opposing the ideas of public plans, etc. Rather my problems are with details, such as the dismantling of state regulatory action regarding insurance, and so forth. The Obama approach means ripping out an autochthonous system and replacing it with an engineered beaurocracy which is expected to function right the first time, even though it was crafted and (if it passes) pushed through with an attitude that "you're either with us or against us."

The fact though is that we are better off approaching the health care problems in this country the same way we would an unmaintainable codebase for an amazingly complex software application. They suffer from most of the same problems, and both are amazingly complex systems. Expecting a new system to work from day one is out of the question.

A better approach would be to approch this through an incremental approach. The first year we set up bipartisan task forces to study the problem and come up with sets of recommendations. The next year one problem is addressed in one bill, is fully discussed and eventually passed in a bipartisan effort. The following year another issue is dealt with etc. Dividing a complex problem up into multiple babysteps is a widely used tactic in successful software projects, and it should be more commonly used in legislation as well.

Such an approach would mean slower change than Obama supporters hope for, but it would mean a better system would emerge. It is unfortunate that the current approach seems to be to create bills that will eventually fail in order to capitalize on the issue in future elections. We need some reforms. The question of which ones and how they are to work in exact detail needs a lot more discussion, however.


Paper airplanes (yep)

einhverfr einhverfr writes  |  more than 5 years ago

Ever since I was in grade school, I have had an unnatural love of paper airplanes, and ever since I was in 7th grade, I have designed my own models.

More recently, though, I have turned my attention to the most complex and challenging area: aerodynamically correct paper airplanes, which fly on lift generated by the Bernouli's Prnciple. While this is quite difficult, the planes fly in ways which are unusual in terms of paper airplanes, and can be extremely rewarding. This is a post to help show some elements of this discipline for others. If there is interest, I will add some photographs of some of my airplanes.

The first point I would make is that lifting bodies are the easiest aerodynamically correct paper airplanes to make when trying to build monocoque airplanes. This is because the simplest lifting bodies can be made out of differentially folded cones, are reasonably simple to make out of a single piece of paper, and don't require the more complex solutions to things like attaching wings.

The simplest lifting bodies however, pose a different challenge. While the center of gravity is reasonably far forward, the center of pressure is fairly far back, making the planes quite spin prone. I have found two solutions to this problem: either enhance wingtip vortices to create drag on the swept wingtips or fold the tips into non-lifting stabilizers. Non-lifting stabilizers have the advantage of causing less drag, but both types work (and fly remarkably differently). Both have the effect of robbing the wingtip of lifting action and thus move the center of pressure forward.

If trying to build fixed-wing aircraft out of paper, this gets to be a lot more complicated. My first few models flew reasonably well, but not great. Stiffness of paper, monoquoque construction, etc. are rather problematic when building larger airplanes with paper and there are other challenges as well.

The biggest challenge is how to attach the wings. Here is where I will let you figure it out :-)


Thoughts on AF447

einhverfr einhverfr writes  |  more than 5 years ago

First, a disclaimer: I don't work in aerospace fields at all though I do design aerodynamically correct lifting body airplanes.... A lot of the conclusions here are my research as a layman. Rather I am writing here to put theories down on paper, as well as weigh relative weights of the theories. Also, my heart goes out to those who have lost loved ones in this tragedy, and if any are reading this, I hope it helps put some of the media speculation in more context.

Now.... What is known: At 0200Z (GMT), the pilot of AF447 sent a manual transmission that they were flying through a storm system. This corolates well with Tim Vasquez's projections and analysis but is way off from the BBC's maps. The plane would have entered the backward edge of the mesoscale convective system (MCS) and would have exited the forward edge, where the storm cells would have been strongest.

At 0210Z, the plane sent a series of ACARS messages denoting a large number of failures from 0210Z through 0214Z. These messages are designed to speed aircraft maintenance rather than determine the cause of an accident so they lack certain details which are important in this case. At the moment, however, they are one of the more important sets of information which is publically known.

After 0214Z, no further details are known. The vertical stabilizer was eventually recovered, but it isn't clear where or when it broke off yet. Most likely the vertical stabilizer was broken off by sideways forces but at the moment it isn't clear whether this happened in flight or during impact.

Finally, we have the Air Comet pilot report where the pilot at 7N49W reported seeing a bright light in the distance following a vertical downward trajectory for six second. Due to the curvature of the earth, the Air Comet pilot was not in a line of sight to the AF flight. The AC pilot could have seen a meteor.

Theories and weighting (note the weightings could change rapidly with new information):

1) Initial messages caused by lightening strike. Probability low to moderate. A lightening strike to the Radome could damage Pitot tube systems, weather radar, inertial reference systems, etc. The lightening strike would have to enter or exit on the radome to cause this sort of damage. Such would seem generally unlikely due to the tolerances involved. The main reason to suspect radome destruction is that pitot tube icing itself can't explain the TCAS fault reported. However, the inertial reference units are near the pitot tubes so it seems to me that severe turbulance-related damage would be more likely. Recovery of nose section, radome cover, etc should be sufficient to eliminate or confirm this possibility.

2) Meteor strike causing destruction of radome. Probability: extremely low. This would have a similar damage profile to the lightening strike scenario if the meteor was small enough to avoid further damage but large enough to destroy the radome. Also unlike a lightening strike, these are not events which frequently happen. Recovery of radome cover should be abe to rule this out or confirm it.

3) Pitot tube icing resulting in unsafe speed of aircraft. Probability: Moderate to high. Pitot tubes are known to ice up in conditions where no liquid water exists. For example a 1999 meteorological flight reported ice and graupel from 18k feet upwards through 41k ft and the DC8 involved in the 39-41k ft. range reported pitot tube icing. This would suggest that pitot icing can occur from processes different from structural icing. That case is worth reading in comparison to the present tragedy because it is reasonable to see the storms in both cases as comparable (both were equatorial meso-scale convective systems). The problem though is that the TCAS (Terrain Collision Avoidance System) faults might not be explained by simple cases of pitot icing because that system relies on groundspeed and GPS measurements rather than airspeed indicators. However, if severe turbulance was encountered (perhaps exacerbated by the autopilot increasing thrust to compensate for low airspeed readings), this might be sufficient to cause damage to aircraft systems including the TCAS and the IR systems (more on that below-- note though that the IR Disagree errors occur the next minute suggesting that they probably occur after the TCAS fault). While this seems like the most likely explanation, barring additional evidence to the contrary, it isn't possible yet to suggest that this is entirely certain. All of the 0210Z messages, however, except the TCAS error could be explained by the computer recognizing bad input from the Pitot tubes.

After the initial incident, the ACARS messages paint a picture of rapid deterioration of the situation. At least one internal reference unit failed, and shortly thereafter both primary and secondary air control systems would have failed. It is unclear at that point whether the aircraft was in direct law, or on manual backup (which gives LIMITED use of the rudder and elevator trim). The manual backup systems of an airbus are not designed for turbulance or even landing (they are only designed to provide some troubleshooting time while a plane is in-flight).

The next question is whether the aircraft broke up on impact or whether it broke up in the air. At the moment, there does not seem to be sufficient information to say. The last message, indicating a fault with the pressurization system due to external pressure increases COULD indicate decompression at that point, but it could also be due to cascades of bad information from the Air Data unit or an actual increase of outside pressure due to a rapid descent (for example, after a mach tuck allowed to progress too far due to lack of inertial reference). While it is likely that more detailed analysis of the vertical stabilizer will help answer this question, it is too soon to say whether it disintegrated in the air or when hitting the water (or a mixture of both). (The vertical stabilizer appears to have been broken off bit sideways force but whether this was the result of a sideways crash or problems in the air is currently uncertain.)

All in all, this is my rating of hypotheses surrounding the crash.

At this point, the evidence is not sufficient to conclude much beyond this IMO. Unfortunately a lot of this has been the subject of wild speculation from the media. Such speculation probably does not help anyone who is in search of truth whether due to curiosity or loss. I hope my post helps clarify at least one layman's view of the evidence for any such folk.


Lori Drew, The SCO Group, and the GPL

einhverfr einhverfr writes  |  more than 5 years ago

I have decided that I think that it is necessary at this point to put my thoughts together regarding the GPL, and when licence violations can gain the force of copyright violation. I am not a lawyer, but this has come out of watching a number of cases, discussing the issue with a number of lawyers, and trying to understand all sides.

When a GPL violation case comes up, folks generally are quick to argue that it is definitely copyright infringement. Stallman has even argued that nVidia's drivers infringe on Linus's copyrights. While I think that a subset of GPL violations do rise to the level of copyright infringement, I think these cases are somewhat overstated.

The GPL, despite what Stallman says, is a contract in which both parties agree to abide by certain behaviors in joint interest. The contract is an adherence contract similar in force to a web-site's terms of service (where use of the good or service requires adhering to the contract) and the consideration found is in the requirement of equal access to pulically distributed code. The GPL is much more like a contract than are more permissive licenses, like the BSD license, because the consideration factor is quite a bit greater. For example, while the BSD license might be argued not to include consideration since the only requirements are those required minimally by copyright law (not stripping copyright headers) and (when distributed in source form), not making false claims about warranties, the GPL actually requires the licensee to share something further with the idea that it will be available to the original developer. "I will share if you will share" is consideration while "I will share, but don't say I am giving a warranty when I am not" might be argued not to be. Similarly, the 4-clause BSD license (with the advertising clause) isclearly a contract, while the two-clause BSD license might not be.

At the same time, it seems reasonable to argue that a contract violation regarding copyright terms could become a copyright violation if the behavior is sufficiently outside the scope of the license. For example, if I grant someone a license to publish five copies of my book for a flat fee of $20, and they publish 5000 copies of the book, that would seem to be copyright violation, not a mere contractual issue. At the same time, I don't think it is copyright infringement if there is a reasonable argument to be made that the contract allows the use, or if the difference is small enough as to represent an issue resolvable through contract dispute (you print 6 copies instead of five by accident, that should be a contract matter). And certainly a mere reasonable disagreement as to the terms of a contract should not subject the loser in the case to copyright infringement sanctions.

Lawyers in contentious cases tend to find as many areas to allege misbehavior and as many grounds for relief as possible. Consequently, one can expect that any case of stepping outside of the perceived boundaries of a license will be labelled as copyright infringement because of the chance that the court will find for the plaintiff on this matter. It is thus understandable that lawyers will raise this issue in minor contractual disputes for leverage.

One of the most interesting cases which provides a parallel currently is United States v. Lori Drew. In this case, the US Attorney involved is seeking criminal sanctions over terms of service violations on MySpace's web site. Lori has been convicted of three misdemeanor counts of computer hacking for violating MySpace's terms of service (and creating a fake profile). Currently the court is considering throwing out those convictions in a directed verdict motion. If not, the next step is the 9th Circuit Court of Appeals. The judge is obviously having a hard time with the ruling since sentencing has been delayed for a total of seven months while he considers the motion to acquit. The key element here from many who support dismissing is that web site terms of service violations should simply not be prosecutable as crimes. Many of us feel that turning any term of service violation into a crime is dangerous to our system of law, and the same occurs with any other adherence contract. To hold the GPL to a different standard than MySpace's terms of service just because we like the license is hypocritical and similarly dangerous.

What I would propose in these cases is the concept of a penumbra around contracts, where violations are merely contractual issues. The penumbra would be defined both in terms of severity of the violation and vagueness in the contract. Any reasonable argument that the behavior was allowed in the contract would be sufficient to place the behavior under the penumbra where contractual violations could not lead to further legal or statutory challenges, as would the argument that the violation was not particularly egregious.

Back to my book analogy... Suppose in addition to limiting the number, I also require the book to be distributed on media suitable for being input directly into a computer or an offer valid for three years to provie such. Suppose the publisher does this by typesetting the book in the OCR-B font, and arguing that this is suitable for optical scanning and therefore they have met their terms under the contract. I take them to court. I don't think the court should entertain the notion that there are copyright violations in this case because there is a reasonable argument to be made that printing the book in a medium designed for both humans and computers is allowed by the contract. If I ultimately prevail, it should be on intent of the contract, and it should be a contractual matter.

So the next issue becomes the question of whether the GPL can regulate bridges (via linking) between a GPL application and a closed source application. Stallman says such bridges (such as the LGPL components of the nVidia drivers) are not in line with the license. He raises arguments which seem to be similar in nature to the arguments raised by The SCO Group in their suit against IBM. The major questions are:

1) Does linking NECESSARILY imply derivation?
2) Is derivation contageous? I.e. if A is derivative of B, and B is derived of C, can we say that A is derivative of C without further evidence?

Regarding the nVidia Driver issue, the typical understanding is that nVidia has ported the core logic of their windows drivers into a module which is independant of the Linux API itself. nVidia then provides a Linux driver, under the LGPL, which links the Linux kernel and the closed source module together and handles how the Linux kernel interacts with the closed-source module. Assuming this is the case, it would seem that nVidia has actually fulfilled their rights under the GPL v2. The reasons are elucidated by a reading of various rulings in SCO v. IBM.

In SCO, the court ruled that derivation was not contageous, and that one must show a continuity of the expressive elements in order to find derivation. In short, if A is derivative of B, and B is derivative of C, in order to say that A is derivative of C, one must show actual structures in A that are derivative of structures in C. It seems unlikely, given the standard understanding of this case, that the nVidia drivers in fact are derivative of the Linux kernel in this way, so they are not bound by the GPL. Similarly, under the GPL v3, it seems to my mind that one could easily create such a bridge without running amok because one can add additional permissions to specific modules (or even license modules under more permissive licenses like the BSD license).

The second issue, however, is the question of whether linking is decisive in the derivation discussion is an interesting one and has been dealt with substantially in other papers (see previous journal entries for citations). The general attitude seems to be that linking does not by itself imply derivation though it could lend some weight to the idea, particularly where object-oriented techniques like inheritance are used. However, a lack of linking does not mean that a work is not derivative either, particularly in more expressive content such as game displays (altering a game display, however done, might well be seen as creating a derivative work).

However, even if such a view were to be frowned on by the courts, I would hope they would see reasonable arguments to the contrary as requiring damages based solely on contractual violations rather than copyright infringement. Either way, I think Stallman is wrong and is advancing some dangerous arguments which we are rightly wary of in different cases. The key issues for me are: 1) do most lawyers I know accept those arguments, and 2) would we feel differently if those arguments were being advanced against Free/Open Source Software?


Why the patent threat hasn't materialized

einhverfr einhverfr writes  |  more than 5 years ago

Everyone worries about software patents. Yet despite sabre rattling from Microsoft, we haven't yet seen any major patent litigation against Free and Open Source Software. This entry explores the disincentives for enforcing patents against Free and Open Source Software as well as a little more information as to which project may need to worry more than others.

The scope of patent problems in the software industry are fundamentally new. Even the auto industry which at one point had several hundred manufacturers with major patent litigation for many years did not compare to the problems today. Not only are there overlapping patent claims, but the claims themselves are somewhat vague, and not tied sufficiently to a physical machine to be readily understandable as to what, exactly, is covered. Yet for all these problems, we see a few patent infringement lawsuits in the industry and these almost exclusively fall into two categories: countersuits and small players suing big players.

While patent protections and litigation may have been a big part of the reason for the consolidation of the auto industry in the early 20th century, patents apply to manufacture of physical goods with a high barrier to entry in a fundamentally different way to the production of intangible goods with a low barrier to entry. This is why business process and software patents have been threats which have failed to materialize.

To make an automobile, you have to:

  1. Build a factory
  2. Buy lots of expensive equipment
  3. Hire workers

Each of these costs money up front one hopes to make back through the manufacture of the product. A successful injunction means you are not only out of marketing your product, but also out your startup costs which would be substantial. Thus the mere possibility of patent litigation is an effective way to prevent competition.

In contrast, we see Free/Open Source Software requiring none of these. It can be made from home on common household equipment with essentially no startup costs. Some folks don't even make money writing the sotware, and it isn't terribly common that the developers themselves or the distribution companies have enough assets to make suits against them worth it.

So when we look at a company that might want to use patents to forestall competition, we see three real options:

  1. Do nothing, but maybe issue press releases stating that these infringe on unspecified patents. The problem with this is that until one notes which patents are at issue, this doesn't have a lot of credibility or effect.
  2. Issue a press release mentioning which patents one believes are infringed by which products. This has more credibility but opens up the business to a number of problems. First, the open source projects are likely to look at the patents and engineer around problem spots. Then one might see re-examination proceedings started, and some patents successfully challeged. So while this offers some short-term gains, it offers no long-term benefits and has some serious problems.
  3. One could actually sue over patent infringement. This would have more of an effect still than #2 above, but it has the same drawbacks. Furthermore, it is far more expensive than merely announcing the patent infringement issues because actual, costly patent litigation ensues along with, very likely, a great deal of pro bono work for the defence. Finally, it is even more risky because there is the chance that either the court or the patent office will invalidate the patent.

In these cases, litigating patents against Free or Open Source software doesn't make any strategic sense. No rational player will seek to use patents in this way. However, patents are a liability for big players (which is why I support Red Hat's patent pool). For larger players, it is typical for patents to be mostly useful in defence, but risky in offence. However, large players are vulnerable to patent lawsuits because they CAN pay royalties, etc. Consequently nearly every suit we see is by a smaller business against a big business.

I have concluded that software patents are useless against Free and Open Source software simply because they are usually easy to work around and the damage done by actual litigation is fairly limited.

Of course, IANAL, TINLA, and if you don't get that you shouldn't be reading Slashdot!


Proposal for a new Free Software License

einhverfr einhverfr writes  |  more than 5 years ago

The purpose of this license would be to provide better compatibility between "Free Documentation" and "Free Software." Currently, one of the big things hampering this collaboration is the inability to include material, say, from the GFDL in the help files of a GPL program. This proposal would rectify this by ensuring:

1) No auxiliary countent could be produced in DRM-ridden versions
2) Auxiliary content with invariant sections could still be used.

As in the GFDL, invariant sections could include neither code nor functional documentation, but could include things like political arguments and force these to be displayed in startup messages, code comments, help files and the like. Some flexibility would be allowed, so if help files with invariant sections were removed from a distribution, the same invariant sections could be distributed with the software in other means.

I have asked RMS for permission to create a derivative license of the GPL v3 which would allow invariant sections provided they are scoped similarly to the GFDL. We will see what the response is.


Thoughts on Google Books Settlement

einhverfr einhverfr writes  |  more than 5 years ago

As a self-published author (http://www.amazon.com/gp/product/1439223084/) I am very pleased with the structure of the book settlement. The structure of financial compensation needs to be looked into, but the real significance is how it relates to orphaned works (in-copyright, out-of-print). Many authors including myself have been hoping that orphaned works will be treated differently, and generally when publishers retire a book the author has little recourse and no way of bringing the book back to market, unless such terms are negotiated into the authoring contract. In some cases, authors might be able to buy back the rights to the book that is out of print (often for a fairly hefty sum of money), but this is not always possible.

The most expensive books in my library have copies on the market for between $1000 and $2000 dollars. These are inevitably out of print scholarly works published on a limited run because the audience was low. After they go out of print, the prices sky rocket and they become very difficult to track down. Books on folklore studies are some of the worst in this area.....

In the past I have argued that copyright law ought to be amended to revert rights on copyright books to the original authors who might be able to bring the books to market through other means. This agreement addresses these concerns in another way, by establishing a precedent that out of print books are pose fundamentally different copyright concerns than books currently in print. This sets possible groundwork (though not present in this case) for compulsatory licensing in republishing out of print books, and this would be a good way to address the problem of orphaned works.

Copyright is fundamentally a contract between society and artists, where society grants the artist a temporary monopoly on a work in exchange for being able to use the work later in an unrestricted way. This helps keep artists (including authors) fed, encourages them to create more works, and enriches society by eventually bringing these works into the public domain. When a book is taken out of print, society is cheated in this deal, and this becomes a bigger issue as copyright terms have become substantially longer.

Once copyright is given (and in the US, because one cannot sue for more than fiancial losses prior to registration, I would say this is after copyright is registered), I think we need to consider this contract complete. An author or publisher which removes a book from the market prior to the expiration of the term of copyright is cheating the public in this deal, and there are good reasons to argue that this monopoly should be weakened when this occurs. The idea of compulsatory licensing in this case makes sense because the author still gets paid as per the contract with society, but no longer has the right to remove the work from the market. Both sides get their dues.

The Google settlement does not get us all the way there, but the section relating to out of print books is a very significant step in the right direction.

Slashdot Login

Need an Account?

Forgot your password?