But even here, again, when you look at a typical OS X desktop system, now many people:

1. Have apache enabled AND exposed to the public internet (i.e., not behind a NAT router, firewall, etc)?

2. Even have apache or any other services enabled at all?

...both of which would be required for this exploit. The answer? Vanishingly small to be almost zero.

So, in the context of OS X, it's yet another theoretical exploit; "theoretical" in the sense that it effects essentially zero conventional OS X desktop users. Could there have been a worm or other attack vector which then exploited the bash vulnerability on OS X? Sure, I suppose. But there wasn't, and it's a moot point since a patch is now available within days of the disclosure.

And people running OS X as web servers exposed to the public internet, with the demise of the standalone Mac OS X Server products as of 10.6, is almost a thing of yesteryear itself.

Nothing has changed since that era: all OSes have always been vulnerable to attacks, both via local and remote by various means, and there have been any number of vulnerabilities that have only impacted UN*X systems, Linux and OS X included, and not Windows, over very many years. So yeah, nothing has changed, and OS X (and iOS) is still a very secure OS, by any definition or viewpoint of the definition of "secure", when viewed alongside Windows (and Android).

But then he sold one.

An oversimplification. The US, UK, and allies variously broke many cipher systems throughout WWII. Still the US benefitted from this.

What if the Germans were using, say, Windows, Android phones, SSL, Gmail, Yahoo, and Skype, instead of Enigma machines?

I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...

...so when US adversaries (and lets just caveat this by saying people YOU, personally, agree are legitimate US adversaries) don't use their own "codes", but instead share the same systems, networks, services, devices, cloud providers, operating systems, encryption schemes, and so on, that Americans and much of the rest of the world uses, would you suggest that they should be off limits?

This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets? Or should we not be able to, because that power "might" be able to be abused -- as can any/all government powers, by definition?

This simplistic view that the only purpose of the government in a free and democratic society must be to somehow subjugate, spy on, and violate the rights of its citizens is insane, while actual totalitarian and non-free states, to say nothing of myriad terrorist and other groups, press their advantage. And why wouldn't they? The US and its ever-imperfect system of law is not the great villain in the world.

Take a step back and get some perspective. And this is not a rhetorical question: if someone can tell me their solution for how we should be able to target technologies that are fundamentally shared with innocent Americans and foreigners everywhere while still keeping such sources, methods, capabilities, and techniques secret, I'm all ears. And if you believe the second a technology is shared it should become magically off-limits because power might be abused, you are insane -- or, more to the point, you believe you have some moral high ground which, ironically, would actually result in severe disadvantages for the system of free society you would claim to support.

The only thing I don't quite understand is the possible motivation for XimpleWare to only sue for patent infringement, but not for copyright infringement. It's not like you have to choose between the two (you can have both), and anyway it seems that a copyright claim would be quite strong.

Maybe it's just to keep the lawsuit more contained and therefore save in attorney's fees and costs? On the other hand it seems to me that only claiming patent infringement encourages the defendants to challenge the validity of the patents (which are anyway questionable after Bilski and Alice Corp), while they would have much more incentive to settle if there also was a copyright claim that they had little hope of winning.

I actually noticed this trend about 8 years ago, and wrote a book to solve it. The book is called Programming from the Ground Up. It is a Linux-based assembly language book, but also teaches a lot about systems programming in general, but without being too technical.

For the other CS-oriented stuff that they don't teach, the two books you should get are how to design programs and Structure and Interpretation of Computer Programs. After that, I have written a series of articles to apply those ideas to "real" programming languages on IBM's developerWorks. You can find links to them here.

Whether the access is gained by the same way or a different way from how a copyright owner would do it is not material to the law; the authorization of the copyright owner is the defining criterion. The law defines circumvention thus:

to "circumvent a technological measure" means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner'

For example, most non-authorized decryption would quite obviously be done in the same way as a copyright owner authorized device would do it. This would not make it not circumvention within the meaning of the law; the definition of circumvention is quite broad and essentially focuses on circumventing the requirement for authorization.

A mechanism doesn't need to prevent copying in order to qualify for DMCA's anticircumvention protections; it only needs to control access to a work. That's why you specifically need an exception for phones, among other things, even if phone unlocking does not let you copy the phone or its software.

"No person shall circumvent a technological measure that effectively controls access to a work protected under [the Copyright Law]".

You would be right that this does not qualify as a DMCA takedown request. In this case that doesn't matter very much though, because the letter was sent to the publisher of the article, not only to a mere carrier of the article (like an ISP).

Normally carriers are not liable for what their customers do, unless they have sufficient (in legal terms, actual or constructive) knowledge of the infringing activity. The idea behind DMCA takedown requests is that by sending a certain formal request to an ISP, where you among other things must allege in good faith that your copyrights are being infringed, you put the ISP formally on notice that certain activity is infringing and thereby oblige the ISP to provisionally remove the content pending a counter-notice from the poster of the content. An ISP still has the option to not remove the content, but in that case it assumes liability if it turns out the content was in fact infringing. Significantly, sending a formal DMCA takedown request to an ISP has three special effects compared to sending a free-form cease and desist letter:

1) It puts the ISP under a threat of liability if it does not remove the content;

2) It absolves the ISP from liability towards the customer for removing the content;

3) It makes the sender of the takedown notice liable for damages and attorney's fees for knowingly materially misrepresenting facts in the notice.

So when sending a notice to an ISP (party other than who posted the information), it makes sense to send a DMCA notice, because the party has less incentive to act on free-form requests and because it can actually incur liability if it does. Thus many ISPs routinely disregard non-DMCA takedown requests.

When sending a notice to someone who actually posted the allegedly infringing content, it makes less sense to send a DMCA takedown request. The recipient is liable in any case, and sending the notice puts you in a disadvantage by making it more likely that you are liable for damages and attorney's fees.

I speculate Tektronix's challenge would most likely fail in this case rather because the information posted is not "any technology, product, service, device, component, or part thereof" that is primarily designed to circumvent a technical measure that effectively controls access to a protected work. (It certainly is primarily designed to circumvent, but it doesn't fall into any of the enumerated categories of technology, product, service, device or component.)

What's there to compare? Everything else is just Notepad.

Anything that improves the efficiency and effectiveness of our forces deserves recognition. If writing code and automating or stream-lining a process is successful, write the person who did it up for a citation or medal. I did it in the navy 20 years ago and received a NAM (Navy Achievement Award) for my efforts. Not all medals given in the military are for combat duties.

I don't think this article quite hits the nail. Specifically, its interpretation of the ruling is wrong (though IANAL). Having said that, this is certainly a positive ruling (if you are, like me, opposed to software patents), and in general my impression is that the trend is clearly against software patents. I'm not sure if there is any software patent the court would eventually uphold, but it generally prefers to avoid such sweeping rulings on matters that are not immediately before it. That is, the court is not entirely sure that no software patent can pass the muster, so it prefers to wait until it sees more credible software patents (like compression algorithms, apparently) to rule on those.

The article claims the Supreme Court ruled that the "invention" is not patent-eligible because "each step does no more than require a generic computer to perform generic computer functions". However, this is not the whole analysis and is akin to saying that no electrical circuit can get patent protection if it can be divided into basic components.

Let me quote the relevant parts from the ruling.

(page 7, emphasis added, internal quotations removed)

That is, the "elements", or the steps the algorithm in question performs, are to be considered both individually and as an ordered combination. The article somehow reads the second prong of this analysis entirely out, but such a reading is not faithful to the decision. Similarly to how an electrical circuit that consists of basic components can still merit patent protection, the court leaves open the possibility that an algorithm composed of "ordinary" steps might be eligible if the steps "as an ordered combination" contains an "inventive concept" that is "sufficient to ensure that the patent in practice amounts to significantly more than a patent upon [an abstract idea] itself".

The text that the article quotes is from page 15 of the ruling:

But this is only the paragraph that analyzes the claim elements separately. What the article does not recognize is the paragraph that immediately follows:

So, the fact that an algorithm only performs "purely conventional" steps is not the end of the inquiry; it just may be sufficient that such an algorithm when viewed as a whole ("ordered combination") may warrant protection.

The value of something isn't tied to it's ease of duplication, at all. Property is not the only lens by which to view value. For example, property rights are not in play if I hire someone to clean my garage.

I don't know if you can. In the real world, duplicating objects is impossible. However, duplicating information in computers is essentially free. Therefore, I'm not sure that simulating the notion of "property rights" on a computer even makes sense. It certainly doesn't make sense if it costs DRM to achieve it.

The means by which they revoke permissions after the time limit must be transparent. DRM fails to meet this criteria.

Care to elaborate? I live in a Scandinavian country too and I'm curious about what's american-right-wing about our school system :)