I am still recovering from whatever horror I contracted on my visit to the East Coast. The good news is that the word is "recovering" rather than "suffering"; four days of antibiotics didn't seem to help, but today, the fifth day, I am much better, and able to work. I still mistrust my judgment, and I fear my brain isn't working properly, but I no longer have any excuses for missing deadlines - even my own.
Begin with some residue from the Microsoft Patent Suit discussions. The furor seems to have died out, but I would not consider this closed just yet. Legal eagles often work slowly and behind the scenes. There remains the question of what Microsoft will do once GPL3 (link) has replaced GPL2.
Peter Glaskowsky says
Novell recently published redacted versions of its agreements with Microsoft in the SEC filing of its annual report. Groklaw has a summary of the information revealed in these documents.
I see that Novell already thought about the issues related to the Microsoft coupons for SUSE Linux, and believes (as I do) that the release of GPLv3 will not magically turn these coupons into Microsoft patent licenses.
It's certainly true that any new code covered by GPLv3 will have to be treated differently than the GPLv2 code, at least until the legality of the GPLv3 terms is evaluated.
Any first-year law student could make a case that GPLv3 imposes an unlawful restraint on trade, but finding a court willing to intercede will be difficult when there's hardly any commercial value to the code. Who's the injured party? Who has standing to bring a suit? Who would you sue? Certainly not Eben Moglen or the individual developers who apply GPLv3 to their code. Being stupid isn't a tort.
So I think the most likely effect of GPLv3 is to poison the Linux well, preventing commercial software developers from ever coming to terms with code licensed under those terms. Novell, IBM, and other commercial Linux developers may choose to fork the Linux codebase once again, sticking with GPLv2 terms that effectively allow patent licensing.
Dan Spisak adds:
Interesting, Microsoft and Xandros just announced a deal with each other that sounds like the Novell deal.
I find that interesting, in that XANDROS is the version of Linux I would recommend to SOHO users who want to become "Microsoft OS Free" as Robert Bruce Thompson has just about managed to be. Xandros runs a lot of Microsoft applications as well as the various Linux apps that do - or try to do - the same tasks. I've been impressed with Xandros, and if ever I do convert to Linux it is almost certainly the distribution I would begin with.
Robert Bruce Thompson, who introduced me to Xandros, says:
There are a few significant differences, notably no coupons. This looks to me like an attempt to get around the wording in the current draft of GPL v3, but it's not going to work.
When I got the press release yesterday morning from Xenia von Wedel (the chief PR rep for Xandros), I replied that Xandros had just cut its own throat. She replied within minutes to ask if I would be willing to talk to the CEO of Xandros about it. Ironically, she said it'd be an hour or so before she could set up the conference with him, because he was on a conference call with Microsoft. I told her not to bother, because it'd be a waste of everyone's time.
Xandros is so small and insignificant that the only possible reason I can see why Microsoft would have bothered is that this gives them one more Linux distributor other than Novell to point to. Ultimately, it doesn't matter. The OSS community is mocking Microsoft's patent threats, telling Microsoft to put up or shut up.
Either way, Microsoft is screwed. If it doesn't provide specificity about which of its patents are supposedly being violated, even the PHBs will realize that it's an empty threat. If Microsoft does specify, particularly with the recent Supreme Court decision, most or all of the patents they present are likely to be voided. If a few aren't, they'll be worked around fast enough to make Microsoft's head spin.
Microsoft is taking exactly the same approach that SCO tried and failed with. They're not interested in having Linux noninfringing. They want perpetual infringement with a corresponding royalty stream. But it just doesn't work that way, either in law or in practice. In fact, by refusing to mitigate, Microsoft is just making it even more likely that those few patents that might be usable against Linux end up being unenforceable.
Needless to say, Bob Thompson and I are not in full agreement here. I am certainly not ready to draw that conclusion. I do believe that this story is far from ended.
On Identity Theft:
A friend who is a detective at a nearby large suburban police department tells me that he spends most of his time on identity theft cases, but they're still mostly low tech (as in, an extra print of the credit card gets bought out the back door of the restaurant).
Our local (population 6,000; 2,000 homes) rural township had to designate an officer as a detective and add an unmarked car in order to pursue (mostly identity theft, more low tech than high) investigations outside its borders.
But checking your credit reports too often can have a negative effect; many bureaus ding your score every time there's an inquiry.
On Identity Theft Insurance:
In your previous mailbag you mentioned "Identity Theft Insurance". In my Computer Defense class, one of my students heard about LifeLock and did some research. They do all of the things we could do ourselves to protect our identity information. The only suspect item I can see is that they require a partial power of attorney to do their job, something that I would be reluctant to give. Two of my students are going to try out the service ($10/month). I'll pass on their experiences.
IT Instructor - Fox Valley Technical College
Before I gave Lifelock any power of attorney I would read this article: It appears that the founder of Lifelock has had problems in the past.
There is further discussion on a Wired blog.
Rick Hellewell adds
If you sign up for Lifelock, you give them financial power of attorney. That's a bit scary, IMHO. And when I read the above articles, I got very wary of that company.
I'd avoid them.
Regards, Rick Hellewell
Marty Winston also has a comment on Outlook:
Some of the "piggy" quality you attribute to Outlook may turn out to be caused not by it but by the antivirus software that's running - and turn up the spotlight on that if there isn't a generous amount of RAM on the system.
Which I well understand. I don't run much anti-virus software any more because I never open attachments unless I absolutely know their source; and even then seldom open unexpected attachments. I also do all my previews in plaintext. I do allow Microsoft OneCare to run on my main machines, and I hide behind a router...
Continuing the discussion on security:
Security Expert Rick Hellewell said
You'd be surprised (perhaps not) on how many businesses are not encrypting credit card data, even though the credit card companies have been trying (perhaps not very hard) to enfoce their Cardholder Information Security Program (CISP).
Rich Heimlich replied:
I spent several years helping a friend develop a credit card business that provides card services to organizations that cannot afford real card processing themselves (PayPal has really cut into that business lately). Most of his clients are Boy Scout clubs, Little Leagues, camps, etc.
Anyway, the one thing I'll never forget is this one:
When we first got going our first 3 months we did about 90,000 transactions. The software engine was brand new and I hadn't had the time to get a true demo mode developed. As a result we created fully working sites that simply had CHEAP products to buy or register for and we'd just refund the sales people any amount they put on these accounts.
One day the head of sales called me and said, "Something's wrong. The system isn't taking my card." I had him try another card and it failed too. Hmm...
We looked at our logs and found the bank was turning down both cards (same bank). We called the bank and they told us, "Incorrect expiration date". What? Okay, so we ran his cards through ourselves. Same result.
Both cards expired in October of 2006 (this was 2004). I had our developers look into it and they called back to tell me they found a bug. Those transactions passed January as the month so they thought the code was dropping the zero in "10" and sending a 1.
I thought that was troubling but then thought it was funny that in 90,000 transactions no one had used a card with an expiration month of October? The lead developer called me back and said the problem was worse. All two-digit expiration months were being cut down to a "1". Now I really wondered. How could no one in 90,000 transactions ever have used a card with 10, 11 or 12 in it? I was just starting to do my own searching when the developer called back again and said, "You're not going to believe this, but EVERY SINGLE transaction is sending January as the expiration month."
In other words, for months we'd been sending the banks invalid expiration months and until we ran into this one bank in North Carolina every single one of them had approved the purchases regardless. Again, this was only a couple of years ago when everyone was crazy about secure card processing issues. We continued to do audits of this from then on and found it to still be a problem up until last year when he sold the business to a bigger player.
All of which tells me to be very wary.
Subject: Replacement of HD.
1. I am not very good with computers.
2. I had a Compaq 7588. 500+ ram. 40GB HD.
3. HD failed. I tried to buy another 40GB HD. Not available. Was told I had to upgrade to 80GB.
4. In the meantime I installed a HD from an old IBM. Worked fine. until I discovered only had 2GB of memory.
5. I Bought a 80GB HD new. Called HP spent another $65.00, for online help. I was told that the 80GB HD was not compatible. Went back to store and was told they would install for $95.00.
6. If local repair tech. can load my original recovery disk with start up disk from my IBM HD. Then I should be able to.
7. If you can help I will be very grateful. Thank you for taking time to read this. I'm retired an only want to repair to give to my granddaughter 9 years old.
This came as I was preparing to go on my trip. Alas, I can't do a lot of individual consulting - just no time - but I put this to the advisors. Rick Hellewell answered:
There's a couple of issues here:
1) It may be that he bought the wrong type hard drive. This computer probably should be using an IDE drive...he may have gotten an ATA drive. (I'd go back and yell at the store, demanding refund or discounted installation.)
2) I found some IDE drives at Fry's; cost was under $100.
3) After installing the drive (most retail boxes - not white box drives - have pretty good instructions), he will need to re-install Windows from a Windows CD.
4) His recovery CD (assuming that is available) may be built for the original drive, and may not install properly on the newer / larger drive
5) His BIOS might not be able to handle a large capacity drive.
6) He might try installing a Ubuntu-based system, rather than Windows.
I'd agree that the money spent is more than the value of the computer. He might be able to watch for some specials on a complete system; such as an eMachines/Gateway that could be had (sometimes with monitor and color inkjet printer) for around $400 (I've bought similar at Best Buy). I'd see if he could return the 80G drive he bought, since it was not usable in his system (especially if he was advised by the store that that drive was OK to use with his system). Or, perhaps get some sort of discount on the installation of the drive.
Another option: look around for a local computer user's group or the computer geeks at the local high school to see if they would help him out for free.
Regards, Rick Hellewell
All of which is probably more information than was wanted, but the last option looks to be about the best. Find the geek down the street, or a user's group.
But he's probably much better off just finding a new system for the granddaughter. Our electronic toys obsolete fast. It's not that the old ones can't do everything they could do in the past. I have several ancient machines including three Windows 2000 systems and one Windows 95 system that work as well as they ever did. One burns CD's for me. It's slow but it's reliable and it's sure not going to be doing anything else. It also plays This Means War and Conquest of the New World, both games I rather liked in their day and which I wish someone would port to the latest hardware.
What they won't do is most of what I do now. Like it or not, old machines get obsolete because we expect so much more of our new systems.
Eric Pobirs thought about this and added
The advancing tech still engages me but wow, building a decent machine for cheap is so, well, cheap nowadays.
After much recent whining from my sister I made a trip to Fry's on Saturday and got:
AMD Athlon 4200+ X2 Boxed w/fan & heatsink, paired with an nFORCE4 motherboard $160 2GB DDR2 667MHz RAM $150 plus $10 rebate Antec mid-tower case 350W PSU $55 plus $50 rebate Maxtor 200GB SATA drive $50 Nvidia 7300GS 256MB PCI-E video $80 Sales tax $40
I had a old 8X DVD burner that never got installed as intended when purchased. Her old machine has a 16X DVD burner despite the much greater age of the rest of the machine, so the drives will get traded, leaving me with the 8X in reserve again. I'd originally planned to go with an ATI board that was $50 after a rebate but upon examination it was a wattage pig that required a 420W PSU at minimum.
Add to that a Vista license I got as a bonus from watching some webinars, which I'd have happily watched solely for their educational value, and it's a pretty nice box for under $500. Remember when those first barebones 386 systems came out for $5,000? Or $9,031 in 2006 dollars. For a while I was tempted to just get a name brand machine because price had come down so far but if I leave aside the value of my labor it was still a better deal to build my own, plus I actually enjoy PC building.
Of the software she uses, Quicken was long overdue for an update, and I actually hope Adobe PhotoDeluxe doesn't work under Vista since I'd as soon never see it again. It's one of those annoying programs that are good for novices but quickly become obsolete as they gain experience. At the same time it's annoying to experienced users because it tries to coddle the user by bypassing the normal way of handling many tasks like file management. Vista has pretty much everything it did and more built-in, so it can go away. Office 2003 won't be a problem.
Of course that isn't likely to help Jack Smith, but actually, almost anyone can learn to build PC's. You start by getting Building The Perfect PC by Robert Bruce Thompson and Barbara Thompson and spending a few nights reading it. Then acquire the parts and follow instructions. It's astonishingly easier than it looks, and a very rewarding experience. Just stick with the low cost stuff: that way you won't be tempted to get into silliness like overclocking (as if the machines aren't already more powerful than the software!).
Clerks in discount stores aren't likely to be helpful, but there are lots of people on line who like helping newcomers. And the Thompsons' book is more than good enough to get you through it.
I read Byte for years and it's good to see that your column is available again. I see you are still battling with various new versions of standard software that don't really work any better than the ones you reviewed back in 85. I've given up on progress and whenever I need to move or copy files on my Linux systems I use Midnight Commander, a Norton Commander clone.
In the May 21, 2007 mailbag there was a letter from James Chamier .
In it he writes:
"Whilst I understand the argument Mr Thompson and others make about open source, I cannot reconcile this with the need to make a living. I suspect both yourself and Mr Thompson would be against giving away your intellectual property in your books, why is software any different? Many "one man band" software developers used VB and continue to do so. "It just works".
Mr. Chamier's question :.."why is software any different?.." is easily answered - It's not, as long one understands that Open Source Software does not mean Open Intellectual Property Software. Open Source is not about giving away your I.P. or even about giving away your software. It is about the author making the decision to supply the source code in order to enable others to make changes as they see fit. It does not mean that a software writer who uses open source tools to create a product has to give away the software or the source code if he or she would rather not. Of course if the new program is based upon an existing open source product then the new derivative has to be open sourced, but in some cases, depending upon the original license type, the end product can still be sold commercially. OS X is a good example of this.
An analogy would be like saying a writer who writes in English has to give away his books because a public domain language was used. All authors essentially give away the source code to their intellectual property every time they sell a book. Their I.P. is protected by copyright etc. But the words, the plot, the story are right out there in the open, providing enjoyment to the readers and often inspiration to other authors.
I wonder if books would ever have been as popular had they been invented in the current legal environment? It would probably have meant that each publisher would have developed a proprietary language to 'protect' their range of books. Bizarre!
Which gives me something to think about. Next week I'll be down at the beach house working on Mamelukes; maybe I'll have some comments on this.