decoration decoration
Stories

GROKLAW
When you want to know more... 		decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.

You won't find me on Facebook

Donate

Donate Paypal

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments

Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
To Trust Or Not To Trust, That is the Question
Wednesday, May 04 2005 @ 12:08 AM EDT

Here's a study in contrasts. First, from the proprietary world, we have an article on ZDNET about the Federation Against Software Theft (FAST) which is telling companies their IT staff can't be trusted. They say they need to be monitored to make sure they don't download software on to company computers:

FAST said that directors should be aware that their company's Internet activity could be being monitored by FAST itself, and any employee who downloads software illegally could make them personally liable for copyright infringement.

“All too often IT policy enforcement and management is left solely to the IT department, in the belief that when IT staff say that correct licences are in place, they are," said John Lovelock, director general at FAST. "But directors must not allow themselves to be fobbed off by IT staff as they can also be the culprits. Company directors need to have a firm grip on their technically able IT staff.”

So, more bullying from the software police. And just in case company directors don't get "a firm grip on their technically able IT staff", FAST is watching and will hold companies responsible for any IT staff misdeeds. What kind of world is that?

In contrast, you could join the Free World of software, where software is meant to be shared and nobody is monitoring anybody for a living. You do have to abide by the licenses, but they are not hard to abide by. Notice the contrast in this charming story about the Linux Kernel Archives. It's all volunteers, donating their time and expertise, and sometimes their equipment too. Thank you, HP, for donating new servers:

In a recent announcement to the Linux Kernel Mailing List, H. Peter Anvin detailed a recent upgrade of the infrastructure behind kernel.org. The new servers were donated by Hewlett-Packard, and are each quad Opterons with 24 gigabytes of RAM and 10 terabytes of disk space.Internet Systems Consortium, Inc. donates the bandwidth in the form of two independent gigabit-connected datacenters, PAIX Palo Alto ande200paul in San Francisco. H. Peter Anvin, Nathan Laredo, and Kees Cook all donate time to maintain the archives

It's a different mind set. And yet, the Linux cash cow sprang from it.

One thing Stallman was right about: licenses like the GPL which foster cooperation do impact what kind of a person you end up being and what kind of world we live in. It also can affect your business life, because you need to ask yourself: do I really want to spend time and resources on license upgrades, checking, monitoring, getting a tight grip on my IT staff, etc.? Or do I want to concentrate on my core business?

Not having to worry about such things isn't the only benefit to openness. SANS has just published its new list of Top 20 Most Critical New Vulnerabilities, and again Microsoft predominates. Business Week explains how a vulnerability makes it to the SANS top 20 list:

In selecting the top vulnerabilities, SANS uses five criteria: The problem must affect a large number of users. It must remain unpatched on a substantial number of systems. It must allow the takeover of a computer by an unauthorized remote user. There must be enough information about the flaw available on the Internet to let attackers exploit it. And it must have been discovered or first patched during the first three months of the year.

To no one's surprise, Microsoft's (MSFT ) Windows operating system and its components lead the list . . .

There are only two that could can affect a GNU/Linux user that I could see, and only if they use software that isn't integral to Linux. The two are a multiple media player bug that affects Linux Real Player 10 (along with Windows and Macs) and a Computer Associates License Manager bug. Neither was born in GNU/Linux, you might say. By that I mean, the Real Player problem affects you if you use Linux RealPlayer 10. There are many other media players in the GNU/Linux world. The CA bug affects the following: "All CA products that use the vulnerable CA License Package on AIX, DEC, HP-UX, Linux Intel, Linux s/390, Solaris, Windows and Apple Mac OSs are affected." So that one isn't Linux-specific in any way. But look at the extensive Microsoft list. It's simply amazing. I can't help but ask, why is anyone still using IE? And where in the world does Microsoft find folks willing to tell us with a straight face that Linux is less secure than Windows?


  


To Trust Or Not To Trust, That is the Question | 443 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 12:32 AM EDT
One problem is that they consider the number of users, and since Windows is such
a huge chunk of the market, non-Windows software might not be able to qualify no
matter how huge the exploit or bug.

That being said, I notice none of our favorite open-source apps available for
Windows on that list (Firefox, Apache, and so on).

[ Reply to This | # ]

Corrections here please
Authored by: jbb on Wednesday, May 04 2005 @ 12:40 AM EDT
To make it easy for PJ to find them.

---
SCO cannot violate the covenants that led to and underlie Linux without
forfeiting the benefits those covenants confer.

[ Reply to This | # ]

OT here please
Authored by: jbb on Wednesday, May 04 2005 @ 12:43 AM EDT
<a href="http://some.host.org">Linked text</a>

---
SCO cannot violate the covenants that led to and underlie Linux without
forfeiting the benefits those covenants confer.

[ Reply to This | # ]

Not so much real choice
Authored by: macrorodent on Wednesday, May 04 2005 @ 12:56 AM EDT
By that I mean, the Real Player problem affects you if you use Linux RealPlayer 10. There are many other media players in the GNU/Linux world.

In principle, yes. However, most of the streaming audio and video on the net that is not in Microsoft format is in the Realplayer format, and since there is no Microsoft player for Linux, you pretty much have to use the Realplayer if you want to see and hear streaming content. I do know there are other, open streaming systems, but they are not used much, compared to the two I mentioned.

In a way this vulnerability is another example of the "monoculture" problem often mentioned in connection of Windows security. If there were one widely used open streaming specification, but multiple independent implementations, the security problem could indeed be avoided by switching players, and it would have less effect anyway. Interestingly, the SANS list contains several apparently different players, but they clearly share some library. To avoid the "monoculture" disease, such components should also have multiple independent implementations, even though it looks like waste, and is contrary to the hallowed software engineering ideal of maximizing code reuse.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: tknarr on Wednesday, May 04 2005 @ 12:57 AM EDT

My first question to FAST would be "And exactly how do you intend to monitor my network without my having the FBI drop by your place for a little talk about criminal trespass? Bearing in mind the recent laws that make cyber-intrusion a terrorist act, of course.". The second question would be "And how do you intend to detemine that I'm not in fact licensed for any software you happen to observe being downloaded by my employees?".

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Briareus on Wednesday, May 04 2005 @ 01:09 AM EDT
Well, after all who _can_ be trusted? Certainly not your fellow IT department
worker, certainly not your boss, certainly not *gasp* yourself!

Sorry to say, software police, but for me and thousands of other IT workers like
me, linux is the funnest thing around. Personally, i make a hobby out of finding
open sources projects that extricate me from having to run your proprietary
rentware. Why would I ever copy yours?

Oh, and thanks for the coercion, but making me pay you protection money is not a
way to keep me and my wallet around, not when there are enthusiast programmers
who make such good works. I will support them.

Have fun in your shrinking marketplace. The rest of the business ecology will
move forward, finding new and unique ways to solve problems.

---
scary times are never dull

[ Reply to This | # ]

Downloaded software ?
Authored by: Latesigner on Wednesday, May 04 2005 @ 01:21 AM EDT
This sounds like another scare tactic.
It's runs along the lines of : You don't know what they're doing and they could
be doing anything!!!!
I wonder if that's how other peoples' code gets into Microsoft products?
You know with a few more organizations like this proprietary software companies
will have found a way to strangle themselves and save open source time and
trouble.

---
The only way to have an "ownership" society is to make slaves of the rest of us.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 01:36 AM EDT
I certainly don't agree with FAST or most of the things the RIAA does, but I'm not sure I understand the logic of your argument here. The article states "FAST recently discovered more than 5,800 illegal digital music files in a software audit of 2,500 PCs at a UK financial services organisation." However you follow that up with
You do have to abide by the licenses, but they are not hard to abide by.
It would seem that these folks weren't abiding by the licenses, so I'm not sure how to reconcile your statement.

The second thing I have a problem understanding is this quote:
In contrast, you could join the Free World of software, where software is meant to be shared and nobody is monitoring anybody for a living.
I'm having trouble reconciling what is going on at kernel.org with what is going on in the typical IT department FAST is speaking of. They just don't seem to have anything in common. Please don't get me wrong here, I love what is going on at kernel.org as well as at apache.org, sourceforge.net, and jboss.org to name a few. I'm just trying to make the connection as to what folks are doing illegally with commercial software has to do with open source collaboration.

[ Reply to This | # ]

To Trust Or Not To Trust, is No Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 01:40 AM EDT
Once upon a time, long, long ago, in a galaxy far, far away, to trust meant to
expect another would not act in ways which are deliberately hostile, because
they had an extended history of not having done so and of good-faith efforts to
repair misunderstandings.

Today, to trust means to expect another will not act in ways which are
deliberately hostile, despite that they have an extended history of having done
so and of bad-faith.

What is sad is not the illegitimate demands for trust, but instead of snorting
and turning our backs on such demands we indulge in these floods of
disparagement and turd-throwing, as if we know already we will fool ourselves
into proferring "just a little" trust and we will regret it even as we
do so.

[ Reply to This | # ]

OSS can be a casualty of these
Authored by: Anonymous on Wednesday, May 04 2005 @ 02:16 AM EDT
scare tactics from the FAST... If companies believe the FAST line and implement
"no download" policies, then users can't just go and pull down OOo,
Gimp or Firefox without having to jump through all the hoops and plead a case
for it. It's the implicit message behind all this that the only way to be legal
is to have bought and paid for licenses...

[ Reply to This | # ]

Revolution or Status Quo
Authored by: dodger on Wednesday, May 04 2005 @ 02:25 AM EDT
Stallman's gift to the world is more than GNU and the GPL. It hits at the roots
of the failure of capitalism and in fact is proposing a new structure to the
world, based upon COOPERATION. Cooperation is a business model that has the
potential to society forward (despite itself). The status quo is a money-driven,
blind monster, which ultimately is feeding upon mankind and the withering
resources of our planet. Whether you look at the U.S. failure to join in the
Kyoto Protocol, or even the enormous squandering of time and money in this
SCO/IBM squabble, the driving force is the driving force of our society - MONEY,
not the health or well being of people or the planet, but MONEY.

If we pull this GNU/GPL rabbit out of the hat, the prize is not merely the
exhilirating but trivial demise of SCO, but rather the reclaimation of our true
values and destiny to move forward in solving our real problems.

[ Reply to This | # ]

There's a simple reason for this: money
Authored by: cheros on Wednesday, May 04 2005 @ 02:45 AM EDT
If I recall correctly, FAST/BSA et al (take your pick depending on which country
you're in) make their money by retaining the penalties they squeeze out of their
victims (I say 'victims' because I have serious doubt about their tactics). The
software suppliers like MS "only" get the original license costs plus
the fear factor. It's not often spelled out in the press, but it appears that
this how their revenue is derived.

Now, think for one moment what would happen to this fat cash cow if we were all
running freeware and Open Sourced code.

That's right, no more FAST or BSA. Poof.

Now, translate that into business risk: no more jailtime risk for board level
directors because the janitor might install an unlicensed copy of tetris on his
machine. That alone ought to be cause to look at Open Source. Improved
reliability and lower TCO (get the *real* facts) might in some cases then look
like fringe benefits ;-)

= Ch =

[ Reply to This | # ]

Analytic vs Synthetic Truth
Authored by: TFBW on Wednesday, May 04 2005 @ 02:53 AM EDT
where in the world does Microsoft find folks willing to tell us with a straight face that Linux is less secure than Windows?

I'm studying philosophy at the moment, and one of the distinctions that philosophers like to make is between "analytic" and "synthetic" propositions. "Analytic" propositions are true or false only by merit of the meanings of the words used, whereas "synthetic" propositions describe some state of affairs in the real world, and thus their truth-value depends on the state of the world. "All bachelors are not married" is analytic, so long as you grant that "bachelor" implies "not married"; "I am not a lawyer" is synthetic, since its truth depends on whether or not I do something -- namely, practice law.

By any reasonable measure, "Linux is less secure than Windows" is obviously a synthetic proposition. The exact criteria for determining whether one thing is less secure than another are open to debate, but it clearly depends on something happening in the real world. For example, you might leave systems connected to the Internet and measure their mean time to security compromise.

The fact that the proposition is clearly synthetic and clearly false leaves us scratching our heads at Microsoft when they proclaim it as true. How can they have such a blatant disregard for the evidence? Sometimes they try to twist the evidence into their favour, but mostly they just talk as if it weren't a matter of evidence at all, just an indisputable, certain fact.

In other words, they treat it as an analytic proposition.

Bear this possibility in mind, next time you encounter an egregiously counterfactual claim from Microsoft or someone like them. It seems to be a popular trend in corporate circles to use apparently synthetic propositions, like "Linux is less secure than Windows", not as descriptions of the world around us, but rather as definitions of the word in use. In this case, we have a definition of "security" as "that property, or one of those properties, that Windows possesses to a greater extent than Linux".

Of course the definition offered is basically devoid of useful meaning and is in conflict with general usage, but that's neither here nor there to a company which finds it more convenient to hijack language itself than to fix its product.

[ Reply to This | # ]

Did I just hear a collective "Huh?"
Authored by: cmc on Wednesday, May 04 2005 @ 03:44 AM EDT
That's kind of funny and kind of sad, that FAST expects company directors to
oversee the IT department and make sure they're doing their jobs right. There's
a reason the IT department exists: because the company directories and other
management don't know anything about IT. How are they supposed to make sure the
IT staff isn't doing anything wrong when they don't understand the issues at
hand? Is FAST saying that the company directors shouldn't trust the IT staff,
and should instead count the licenses themselves? They wouldn't even know where
to look. Not to mention the lack of trust would probably cause at least half of
the IT staff to pack up and leave.

The KernelTrap story is down right now, which is too bad because that sounds
interesting. It must be downright impossible for some people to believe that
companies would actually donate hardware, services, and time for such a
corporate-unfriendly, communist, non-capitalist, unconstitutional thing like
Linux :)

As for why do people still use IE... I suspect it's for two reasons, make that
three. The first reason is that most people are clueless when it comes to
computers. They wouldn't even know the difference between IE and Firefox unless
it was pointed out to them. These types of people will simply use whatever is
already on the computer, and will not look for something better, because what
they have (IE) does what they need it to do. These are also the same people who
don't keep their virus signatures updated or use a firewall or get the latest
software patches, no matter how many times you tell them. The second reason is
because AOL uses IE as it's built-in browser (which I've held against them ever
since they bought Netscape). The third reason is because lots and lots of
"applications" and websites now use ActiveX. A lot of money has been
poured into the programming, and the companies don't want to pay to change it
out. I suspect it's the same reason we still have mainframes around. Because
the people with the applications/websites either cannot, or will not, change
their software.

cmc

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 06:15 AM EDT
Why is anybody still using IE?

My parents refuse to use Firefox, since they want to use "what everybody
else use", even if it is inferior. My mom even claims that since Firefox
also works in Linux, it is strange and hard to use. When I try to tell her
otherwise, she tells me that she don't want to hear it.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: blacklight on Wednesday, May 04 2005 @ 06:41 AM EDT
In the vast majority of the cases, the directors in question have no choice but
to trust their IT staff and management. They could bring in a third party to
execute a software audit, but a cost of doing so is giving the third party high
level administrative access to the network, disclosing the corporate policies to
the auditors and disclosing what applications are running on the servers. And if
somebody who works for the third party has an unethical bent ... The software
audits would also have to be surprise audits to increase the chance of catching
the culprits with their hands in the cookie jar. However, surprise audits are
like any surprise - disruptive to the work flow. Surprise audits may or may not
catch someone with his hand in the cookie jar, but they catch everybody else
with his or her pants down. And audits are simply snapshots - someone could get
AIDS five minutes after having been successfully tested for AIDS. Likewise, some
one could be downloading software five minutes after an audit.

I have never heard of FAST until today but the extreme aggresiveness of their
pronouncements indicates a desire to make a PR splash, either to make up for a
recent founding of the organization or to mask years of obscurity. And I take it
that the PR splash is a implicit, sub rosa call for proprietary software vendors
to join. Of course, the less enjoyable the proprietary vendors make of the
license ownership experience, the more likely that corporate buyers will narrow
the field of software vendors they are going to buy from. I note in passing that
the advent of Open Source software does create a potential conflict between
corporate buyers and IT - I mean, how does a corporate buyer beat down the price
of software that could be downloaded for free? There is a potential loss of
power/influence issue for corporate buyers here.

[ Reply to This | # ]

does this proposed patent reform eliminate prior art?
Authored by: warner on Wednesday, May 04 2005 @ 06:44 AM EDT

"The draft Patent Act of 2005 includes a number of changes to current patent law that have the effect of positioning of moving the US closer to international norms on patent protection, improving somewhat the tools to eliminate patents that are not truly novel or inventive, and moving the United States away from a system of unlimited exclusive rights for patent owners. These measures have benefits, but also deserve some comment.

First to file. The US system of first to invent is appealing in terms of our notions of rewarding the true inventor. There are also costs associating with resolving disputes over first to invent, and maintaining a system that is different from the rest of the world. The change to first to file is primarily driven by the need to make the system work better for the larger companies that do business worldwide. While the benefits of harmonization and efficiency are important, they remind us of whose interests are given priority in the designing the patent system.

Are we finalizing a system that transfers the value of software creation from programers to "publishers"?

"Allowing assignee to file patent application. This provision also reminds us that patent system is being fashioned to serve the needs and interests of the companies and institutions that own patents, rather than inventors. The change would enable employers to file patents against the wishes of the inventor. We oppose this provision."

Coders, I increasingly believe that the GPL may be the greatest defense you have in maintaining the value of your art, counter-intuitive perhaps, but consider it carefully. How does the proprietary-patent combo not ultimately transfer the value of software creation to "software publishers"?

If this change is passed how would the FAT patent have been challenged?

s ource



---
free software, for free minds and a free world.

[ Reply to This | # ]

Helping Closed Source Hang Itself...
Authored by: PSaltyDS on Wednesday, May 04 2005 @ 08:09 AM EDT
This kind of thing is exactly what the FOSS community needs to emphasise to users of closed source software (CSS). The REAL TCO of CSS must include the risk management, insurance, mitigation, and disaster recovery required to placate the BSA, FAST, and the other dedicated defenders of the rich and powerful. Disaster recovery of legal auditing fees, not data. People who understand FOSS principles are never found advocating getting around or violating any of Microsoft's EULA provisions. Strict compliance with draconian EULAs and lock-in licensing is what makes the real cost of CSS obvious to the kind of managers FAST was hoping to impress.

I am currently helping (with much personal pain and consternation) a non-profit install a new Win2K3 server and XP workstations. The director has been running Win9x and Office97 for many years and I'm too much of a Linux newbie to demonstrate OpenOffice replacing his current Excel97/Access97 operation. He's excited that he got about a 50% discount on the software to run his ministry to the homeless, prisoner, and their families. I'm horrified that I couldn't show him how the software should have been free (in both senses).

I'm perfectly aware that one solution to this particular situation is for me to become more knowledgeable, and I'm working on it. But one solution not available was to hire a GNU/Linux/OpenOffice guru to set it up. That would have cost much more than the software did, at least in the short term. Long term benifits and savings of the conversion would likely justify the immediate cost, but non-profits don't always have the resources for front loaded expenses like that.

---

"Any technology distinguishable from magic is insuficiently advanced." - Geek's Corrolary to Clarke's Law

[ Reply to This | # ]

It's the other way around
Authored by: Anonymous on Wednesday, May 04 2005 @ 08:41 AM EDT

I have worked, for several years, as systems administrator for a large defense
contrator.

From my experience, it's the IT staff that has to watch management to make sure
they don't put illegal software on the system. If an exec puts illegal software
on the system, it'll be admin that gets punished.

In a way why, NTFS is a blessing, because it can be set to keep users from
installing software on their systems - sometimes. If I could, I would yank the
floppies and cdroms out of the users machines as well.

[ Reply to This | # ]

What about trusting management?
Authored by: toads_for_all on Wednesday, May 04 2005 @ 09:04 AM EDT
"...in the belief that when IT staff say that correct licences are in
place, they are,..."

What about a manager that "assures the IT staff that correct licenses are
in place", and they AREN'T?

PHB decides that MS Office is too expensive to get licenses for all 200 machines
in the company. So he buys a volume licensing CD and 10 licenses, and tells IT
staff that he has secured 200 volume licenses. Pats himself on the back for
saving the company money.

Then when what usually hits the fan eventually does, PHB blames it on the IT
staff, saying that they assured him it was all legal.

Now, this has never happened to me personally, but I do have to regularly rely
solely on the word of a PHB that the appropriate licenses have been purchased.

[ Reply to This | # ]

Clarification on SANS Top 20
Authored by: Anonymous on Wednesday, May 04 2005 @ 09:25 AM EDT
Actually what you linked to is the Q1 2005 update to the Top 20 list. The actual SANS Top 20 list is always divided into the 10 top Windows problems and 10 top "UNIX" problems.

[ Reply to This | # ]

ASCAP/BMI Make Similar Threats -- and unfortunately it works!
Authored by: fdruseikis on Wednesday, May 04 2005 @ 09:27 AM EDT
Although there can be a lot of potential for confusion between FOSS and music, there is a class of music -- old-time and traditional music -- for which there is a vast public domain corpus that extends, in some cases, over several hundred years. I've seen the "FAST-type threats" applied in this context.

In the specific situation I was involved in, the board of directors of a local Square Dance hall (the kind that caters to western square dance clubs) was told (in a letter from ASCAP/BMI lawyers) that unless they paid ASCAP/BMI licenses *for all groups* they would be subject to lawsuits because they were hosting an unrelated group that had live musicians playing traditional music; and that group claimed there was no infringement (on ASCAP/BMI copyrights.) The specific context involved live musicians, who are not specifically responsible for securing rights to play music in live performance, only the "producers" of the event are responsible for securing the rights (since they control the gate.)

For those of you unfamilar with the finer points of hosting a dance event, western square dance callers almost always use records; but there are other traditional dance groups that use live music instead. So ASCAP/BMI specifically feels that they can get extra royalties beyond the original royalty on the recorded music itself. There's lots of precedent here, given elevator music, music in bars and restauruants, and other public places. How that extends to live performance of public domain music depends on a notion that a "popular performer" playing a traditional tune confers value to the traditional tune. Just substitute "word processor" for "traditional tune" and you can imagine the slippery slope you'll be on.

The upshot of the story was that the unrelated group needed to find another venue; because the board of directors didn't want to risk the lawsuit.

So, you don't have to be a large corporation to have this happen.

-Fred

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 09:38 AM EDT
Here is the link to FAST fast.org.uk They are just a lobby group on behalf of the software manufacturers. They also try and scare up money by scaring companies into getting audited by them. They are about as useful as MOG but not as funny

[ Reply to This | # ]

"Where does Microsoft(R) find these people?"
Authored by: Anonymous on Wednesday, May 04 2005 @ 10:09 AM EDT
PJ asked at the end of her article, "And where in the world does Microsoft
find folks willing to tell us with a straight face that Linux is less secure
than Windows?" The answer is as simple as, and identical to the answer to
the other question, "How is it that criminal monopolists are able to sleep
at night?"

"On a big pile of comfortable, fluffy, money."

It's a shame. But we are making a difference.

Groklaw is making a difference. Pubpat and Lamlaw and Y! and tuxrocks and
Cringely are all making a difference. Local user groups are making a
difference. Installfests are making a difference, one new user at a time.

The FUD-drones that have been sent to LUGs and mailing lists by the mothership
are being heard, then dismissed. But the new users just keep coming.

The bad guys keep trying to corrupt the public interest through federal
governments, but cities keep adopting FOSS.

Keep going, everyone. One drop at a time we are making a difference.

[ Reply to This | # ]

A quick chat with FAST
Authored by: Anonymous on Wednesday, May 04 2005 @ 11:24 AM EDT
A quick telephone conversation with FAST UK was quite interesting; no-one I
spoke to there could explain how they would monitor companies' Internet
activities in a way that was simultaneously legal and technically possible.

Perhaps a FAST representative can explain to us how this might be possible?

The only thing I can think of is if the one end of the communication being
monitored is controlled by FAST or their agents; a "honeypot", so to
speak. This could, for example, be part of a peer-to-peer network, or an FTP
server.

[ Reply to This | # ]

Shooting themselves in the foot?
Authored by: Anonymous on Wednesday, May 04 2005 @ 11:53 AM EDT
I don't know, but I would think that sending that kind of message to companies
might be counterproductive for the people these guys are supposedly trying to
protect. How are the managers supposed to be supervising what their IT staff
installs and how? That's why they hired the staff to begin with. Creating a
police state mentality within the company, can only be counterproductive,
causing employees to distrust each other.

Obviously, this is working to the advantage of FOSS. A cunning IT staff will
let their employer know that there are software vendors out there that won't
threaten to them sue them for copying software... which they are actually
encouraged to copy.

I know if I was running my own business, I wouldn't want the hassles of the
"licence police". And there is one easy solution to that.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: eggplant37 on Wednesday, May 04 2005 @ 12:02 PM EDT

I think Steven Vaughn Nichols, in his latest article hits the nail on the head:

...it would be great if you could trust Microsoft. It would be wonderful if Microsoft would even do as little as open up Microsoft Word's and Windows Media's formats. Or, heck, just make its protocol licensing GPL-compatible.

They won't. Or, if the boys from Redmond do, they'll immediately replace these once proprietary formats with something new that is proprietary.

No, when you look at Microsoft's track record, when you look at its business plan, which is based firmly on proprietary software licenses, there's simply no way that Microsoft intends on building any bridges with open-source software that won't be one way: Microsoft's way.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 12:15 PM EDT
Please.

If the "free" software folks trusted other folks as you say then
they'd be using BSD and trust that folks will contribute back to the community.

But it doesn't trust other folks to do the right thing so it enforces it via the
GPL. This is no different than the "evil" proprietary companies do.
What differs is the goal, not the methods or level of trust.

And that's humorous in a sad kind of way. "Free" software zealots
(not the entire community but a vocal minority) does the exact same thing as
Microsoft but feels it okay because the ends justify the means.

-V

[ Reply to This | # ]

IP violations by Window use
Authored by: lightsail on Wednesday, May 04 2005 @ 12:46 PM EDT
Will FAST be reporting all Windows based systems as illegal when MS is sued for
IP/copyright misuse by a partner/competitor?

[ Reply to This | # ]

Apple == "good citizen"
Authored by: Anonymous on Wednesday, May 04 2005 @ 12:52 PM EDT
Apple(r) is doing it the right way. They build on the BSD code, extend and
improve it, then give it back to the BSD folks. That sounds like the way it
should work when everyone "pitches in."

So how many times has Microsoft(r) returned patches on the BSD TCP/IP stack?
Okay; I'll wait. ... What's that? Never? So they just take and never give
back?

Now tell me why some developers prefer to have their work defended by the GPL?

[ Reply to This | # ]

I'm a fan of FAST and the BSA
Authored by: ExcludedMiddle on Wednesday, May 04 2005 @ 12:56 PM EDT
I am a big fan of the BSA, FAST, and other similar groups. I root for them when they find offenders. Companies steal software all of the time, and it's wrong. If you make your living selling software, stolen licenses cost real money.

I like them even more because they tend to drive companies to find alternatives, and lower cost solutions. And my favorite Free and Open Source software often fits that bill.

As an object example, let's take the Ernie Ball company, which makes guitar strings. A disgruntled former employee ratted on them to the BSA, who showed up with marshals and a request for an audit. Ernie Ball worked hard to comply, in ernest. After the settlement, the BSA publicised it as a big win, which infuriated the owner. The CEO reacted by ripping out every MS and proprietary product he could and replaced it with open source. And this was back in 2002-2003, when desktops were a bit less advanced than they are now.

Read this article for a good background on the case.

[ Reply to This | # ]

But Windows _IS_ more secure!
Authored by: Anonymous on Wednesday, May 04 2005 @ 01:31 PM EDT
It's also better adjusted, has higher self-esteem, loves us all
unconditionally.

B)

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 02:30 PM EDT
So company A is told not to trust their own sysadmins. But is asked to open all
their data to company B. Now company A has to worry about the sysadmins, general
staff and data and equipment disposal methods at company B. Stupid

1) Company B must sign non-disclosure agreement before access to network.
2) NDA to be bonded/insured by Company B. Any company A data seen outside of
Company B traced back to company B is to indicate full loss of data security by
company B and company B to be fully liable to company A.
3) If they sign hire a PI to talk to a janitor at company B
4) profit.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 02:57 PM EDT
I say good for FAST - this will just drive more people to Open source -

I do like what stallman said - it is the truth and I wish companies would wake
up to it.

How much money and time is used to track licenses in companies. You could
probably retire very nicely with the money that is spent at my company.

Anyway I can't wait for the day when open source has put companies like FAST and
BSA out of business along with Microsoft.

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 03:53 PM EDT
>>I can't help but ask, why is anyone still using IE? And >>where in
the world does Microsoft find folks willing to >>tell us with a straight
face that Linux is less secure >>than Windows?

I can think of a $billion$ reasons right off the top of my head. Too bad none of
these reasons have anything to do with Microsofts lack of security. Just there
willingness to collect $$ from consumers no matter how many laws they have to
break to get it done.


[ Reply to This | # ]

What is there to trust anyway?
Authored by: Anonymous on Wednesday, May 04 2005 @ 05:15 PM EDT
What is Microsoft offering?

They want to talk about licenses. What's to talk about? So far as the free &
open software folks are concerned, Microsoft can write their licenses any way
they want. And so can everyone else. It ain't FOSS's fault folk aren't willing
to share with greedy folk who won't share back.

They want to talk about protocols: what's to talk about? the standard protocols
are open, and if MS wants to hire some programmers with a clue, then they can
implement them. On the other hand, MS protocols are closed and shrouded. If they
want to change that mind-numbingly stupid decision, they can, any day they want.
If they don't, they can pay five million dollars a day in fines in Europe.
Their choice, and the FOSSF could really care less. After all, it's perfectly
legal even under the DMCA (with legal precedent in favor) to reverse-engineer
interfaces. If FOSS needs MS interfaces, they will get them.

They want to talk about patents? What's to talk about? FOSS folks don't patent,
they publish. MS doesn't innovate, so they'll never have any patents worth
spitting on -- any patents they try to use to harass the competition will be
busted anyway. Go ahead, Bill: see if anyone on earth cares about your
distributed screensaver patent, :P pffflt!

WHAT DO THEY WANT TO TALK ABOUT?

AND WITH THE LARGEST ARMY OF PAID SHILLS IN MIDDLE-EARTH SINCE THE FALL OF
SAURON (um, sorry, Stalin, I mean) WHAT'S KEEPING THEM FROM TALKING?

What they should do is look in a mirror and think about WHAT'S KEEPING ALL THEIR
HIRED TALK FROM BEING BELIEVED?

[ Reply to This | # ]

To Trust Or Not To Trust, That is the Question
Authored by: Anonymous on Wednesday, May 04 2005 @ 06:01 PM EDT
I manage what is a relatively small system: about 35 computers. Still, I think
managing licences for non-free software is a pain, complicated, and time
consuming. Some non-free licensing situations are significantly more involved
than "one license, one installation."

I work at a Christian charity, so we have little money but do not tolerate
breaking the law.

This license counting issue is one of the driving forces behind my push for
further adoption of free software. Already moving to OpenOffice.org and a Linux
server has made me happy.

To reduce our liability and to keep order, we have a policy against installing
non-free software. I don't like enforcing it or explaining it. When we get a
Linux terminal server, the issue will be moot.

[ Reply to This | # ]

Price Fixing Nonsense
Authored by: Anonymous on Wednesday, May 04 2005 @ 06:35 PM EDT
Although Mr. Wallace seems sorely confused as to where he lives, the law of the
Seventh Circuit seems to be:


"A successful claim under Section 1 of the Sherman Act requires proof of
three elements: (1) a contract, combination or conspiracy; (2) a resultant
unreasonable restraint of trade in the relevant market; and (3) an accompanying
injury." - Denny's Marina, Incorporated v. Renfro Productions,
Incorporated; 8 F.3d 1217 (7th Cir. 1993)

[ Reply to This | # ]

OT - My appologies....
Authored by: Stumbles on Wednesday, May 04 2005 @ 09:16 PM EDT
Every time I see the name "Wallace" I think Grommet cannot be far
behind. I know it is a disservice to place Grommet's owner in such a
terrible light after all he is such a polite fellow. I just can't help
myself.

---
You can tune a piano but you can't tune a fish.

[ Reply to This | # ]

FAST a front?
Authored by: meshuggeneh on Wednesday, May 04 2005 @ 10:40 PM EDT
How long has FAST been around?

I'm reminded of the insanely bad press MS and the BSA have been getting recently
in response to their ugly and arrogant attacks on their own users (i.e.,
companies that use MS software) and wonder if FAST isn't something cobbled
together to be the bad boy so BSA can try to look a little cleaner and neater
next time it tries to influence some legislation or something.

[ Reply to This | # ]

I've never really figured out Microsoft
Authored by: Night Flyer on Wednesday, May 04 2005 @ 11:54 PM EDT
maybe this is why I have Linux on my personal computer.

For instance:
MS has tons of money, they have lots of programmers, they have had years of
time...

Many of the types of entry points of malicious software (overflowing a buffer,
etc.) are well documented (though, admittedly, virus writers seem to be
disturbingly ingeniously and creative at times).

MS mouths the words that software security is a corporate goal but it continues
to generate and sell buggy software.

Go figure.

My solution was to try an alternative.

---
-----------------------------
Veritas Vincit - Truth Conquers

[ Reply to This | # ]

IT _is_ about trust
Authored by: ikocher on Thursday, May 05 2005 @ 12:45 AM EDT
If the company that I work for doesn't trust me... well I just quit. End of the
story.

I think IT is about trust. Just think about email privacy, the system going ok,
etc. These are the things that make the company produce real money, how much
trust salemen, support, etc must have in IT? No system == no company, is that
simple. So if the CEO/C*O can't trust their own people, the IT people, well
better get back to papper and pencil and stop those computers at once. I would
like to know of at least one company that can do that and _continue_ in
bussiness after that!

IT is about trust, only trust. Just one misplaced character in a configuration
file can bring many things down, a simple error. IT people responsability is
clear to IT people, well most of them anyway. IT knows no excuse to stop while
the system is down.

IT is sort of a design/research department in a company. About trust. Bad
design means lost sales and possible lawsuits.


I have worked in IT for many years, and one thing I am pretty proud of is that
people trust me. At my fingers I have sometimes way too much power, something I
try to reduce for security, but if I want to really cause problems, it is clear
that it will not be by downloading pirated materials. Company databases are a
much easy target.


These "FAST" guys are just bluffing, trying to make noise, and selling
a need that just doesn't and never will exist.



Ivan


[ Reply to This | # ]
Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details ) 		Site layout based on Woodlands theme by Bryan Bell.
Groklaw logo by John Crowley.
News Picks logo by Ted Thompson.
Powered By GeekLog
Created this page in 0.07 seconds