Forgot your password?

Comment: Many bad analogies make comparisons useless (Score 1) 527

by sirlark (#46765741) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

"Many eyes makes bugs shallow" applies not only to people working on the buggy code itself, but also all the developers who use the code. Bugs are almost always almost found because of software behaviour, and in general bugs in closed or open software are equally likely to be discovered by end-users. Bug are far more likely to be found by developers though. Consider some different scenarios: (1) A bug is discovered because following the documentation on how to use some API doesn't work exactly as expected; a really bad bug because behaviour under normal conditions is wrong. (2) A bug is discovered because a developer makes an invalid call to an API and it doesn't error out gracefully; still a bad bug, but most developers are going to correct their code to use the API correctly, and maybe file a bug report if the problem is bad enough to break their software. In case (1) someone is always going to file a bug report, closed or open source doesn't matter. In case (2) is different; chances are a developer isn't going to bother submitting a bug report if the buggy code is closed source, they'll just write some validation around the API call to avoid the bug before it happens. If open source, this validation will probably be submitted as a patch upstream, or at least someone is likely to report the bug. But then there's case (3), heartbleed. What you've got here is a bug that for correct input works, no bug to file, for incorrect input appears to still work, so still no apparent bug, but for incorrect input it does extra stuff you don't know in advance to check for. A developer with a case (3) bug is far less likely to discover that bug. If the library is open, a developer debugging their code might step into the library code and see the problem, slightly increasing the likelihood of the bug being found in open source as compared to closed.

The point is that downstream developers count as 'eyes', and probably make up the majority of those eyes. Because of lower barriers to entry, open source projects when compared to their equivalent closed-source counter parts tend to have many more downstream developers. Even is the case of non-library, end-user application projects, other devs are write plugins, extensions etc. so this remains mostly true. The argument that the eyes don't exist is not true. The eyes may not be looking directly at the code, but the code's behaviour is being tested in a variety of other ways. Case (1) bugs are going to be found and reported regardless of whether the source is open or not. Case (2) bugs are probably equally likely to be found, but far more likely to be reported and fixed if the buggy code is open source if there is a downstream workaround. Case (3) bugs are hard to find either way, but are MUCH easier to fix in the open source world.

Comment: Re:Won't work with false ownership claims (Score 1) 306

Yes, that's what I said... "This particular case is very different". SONY don't own the copyright, and as far as I can tell, their not even claiming that they do. SONY didn't even take the clip down themselves, or issue a take down notice as far, again as far I can tell. Does the automation system actually file a take down notice technically, or does it just "take it down"? Does SONY corp fully control what's on the list of things to compare against for take downs? These are all questions that need answers before we can say exactly what happened. If google/youtube just assumes that anything in SONY controlled channels is owned by SONY (quite possible), then SONY didn't assert copyright ownership. Google/youtube asserted that SONY owned it, which is doubly fraudulent. This is a fuck up. It's a complicated fuck up, and it's a fuck up because google/youtube swings to far in favour of big media/MAFIAA. I'm not saying it's right, but this time, it's doesn't look direct malice.

Comment: Re:Won't work with false ownership claims (Score 2) 306

Read the GP Again... "claimant's copyright that was reportedly infringed immediately turned over to public domain". The claimant must, even with the fucked up copyright laws we still have, specify what copyright they own is being violated. So even in a false claim, Asshat Corp asserts you've violated their copyright on A, in your work B, they lose copyright on A. Your work, B, is unaffected. This particular case is very different from your normal take down request though, since Asshat Corp has taken your work, B, and included it in their line up (possibly legally if your work was creative commons without a non-commercial clause). Now an automatic system, which is fact totally one sided, has determined your B is the same as their B, and because it always assumes Asshat Corp own everything and everyone else is thief (because that reflects reality ) your B gets taken down. The problem here is the automation. The system should, when a potential infringing case is identified, check the licence of Asshat Corp's claimed infringing content. In this case it would have been CC, so no need to take down. If Asshat corp had CHANGED the license, and the original was CC-SA, then the blender guys would have a very good reason to file suit.

Comment: Re:What. (Score 1) 284

by sirlark (#46609333) Attached to: U.S. Court: Chinese Search Engine's Censorship Is 'Free Speech'
I've never understood why people think free and speech and libel laws don't work together. You can say what you want (free speech) even if it's false, inflammatory, libellous , whatever. By suing you for the HARM caused by your speech, I am in no way infringing or curtailing your right to do it again. Gag orders are a different matter, I agree, and jail time as a sentence gets iffy, because I don't believe anyone imprisoned really has free speech, and if that jail time is a result of exercising only free speech in the first place, that's a problem. But if you incite a riot, it's free speech, go ahead. But you are partially responsible for any damages. There is a conspiracy to commit vandalism, loot, whatever. If someone dies, it's conspiracy to commit murder, or maybe manslaughter. The point is, punishing someone doesn't infringe their right to free speech automatically, and punishing someone for the results of their speech is not inherently punishing them for speaking freely. Basically, I see free speech like this: You can say what you want, and you can't be punished for saying it unless it causes harm.

Comment: Re:Automatically? (Score 2) 142

by sirlark (#46520385) Attached to: Firefox 28 Arrives With VP9 Video Decoding, HTML5 Volume Controls
I use Gentoo on my primary machine and on my home media centre. I sync and update weekly. I've not had any circular dependencies portage couldn't work out (except in the enlightenment overlay) for months. Yes, using a high backtrace value (which is the default) means it takes a long time to calculate dependencies, but honestly, that's not time *I* have to spend figuring crap out. I can go and get a cup of tea, and gosh, since I have a multi-core machine, I can even get work done while it compiles in the background. The problems come in when you don't update regularly, and there's basically half the portage tree to update, but then updating regularly is the whole idea behind a rolling release. At least I'm not stuck with an outdated git version, or kernel, or django ... you get the point.

Comment: Re:Hmm.... (Score 3, Insightful) 279

by sirlark (#46490783) Attached to: U.S. Aims To Give Up Control Over Internet Administration

Iceland? They seem to have a much better track record than anyone else where internet regulation is concerned. Sure people try to get shit pushed through there, but they seem to have a high proportion of tech-savvy parliamentary members who shoot the unreasonable shit down.

Honestly though, what we need is a multi national non-profit who are allowed to charge for their services, or receive funding (equal/roportional: needs more discussion) from all countries

Comment: Re:Absolutely (Score 1) 212

by sirlark (#46426339) Attached to: Fedora To Have a "Don't Ask, Don't Tell" For Contributors
Thanks for the informative response. I suppose I never considered the contributions as services since no-one was paying for them, but of course this means that a system of reciprocal gift giving would then be an easy way to get around the restrictions. What about post (mail) and email though? Are personal communications also heavily restricted? What about family members communicating? I'm not trying to be difficult here, it's now you've got me curious as to how this would actually work. I suppose that if personal communications are allowed, an argument could be made that patches are simply personal communications along the lines of I think this is a good way to fix your lawnmower (as an analogue equivalent).

Comment: Re:Absolutely (Score 1) 212

by sirlark (#46420791) Attached to: Fedora To Have a "Don't Ask, Don't Tell" For Contributors
I don't know the intricacies of U.S. law, but I was under the impression that the law regarding ecryption algorithms as munitions was no longer in place. Unless there's something else restricting software specifically, there's no economic value to restrict unless you have paid developers in restricted/embargoed territtories who are receiving money across the border. The economic value (if any) comes at a later stage when the software is distributed and possibly sold, or more likely services surrounding the software are sold. Why is this an issue?

Comment: Re:Missing letter: k (Score 1) 141

by sirlark (#46292925) Attached to: Two Ubuntu Phones Coming In 2014, Aiming For Top 50 iOS/Android Apps

My point is that the geek niche won't need 50K apps ported. The GP claims nothing less than the full app suite would be of sufficient value, but past the top 50 (maybe 100) most apps are either games or utilities. My point is that the utilities are already there on a GNU system.

Regarding the debian chroot. Yes it gives you most of what you want, but it screws with your warranty and STILL there's stuff I'd like to be able to do that I cant. One example is to have every phone incoming or outgoing automatically recorded, and I get the option to permanently save afterwords. Mainly for dealing with calls from companies. Debian chroot doesn't give me enough access to the kernel to do that, at least I can't figure it out. Or making my tablet make a phone call, despite the fact the phone app is banned from use on the tablet. All I want i to top up my mobile data which for some unknown reason can't be done via SMS in this country (South Africa). My hope is that a genuinely open phone would allow these sorts of things to be developed.

Comment: Re:Missing letter: k (Score 2) 141

by sirlark (#46288659) Attached to: Two Ubuntu Phones Coming In 2014, Aiming For Top 50 iOS/Android Apps
Yes, the people interested in a less open system have a wide range of needs, but simply having access to a GNU userspace will take care of a LOT of the utilities... No need for firewall apps, calender apps, reminder apps as long ubuntu OS exposes a decent UI to all those things. You won't need a million different file manager apps, or text editor apps???? What fucking OS doesn't come with a basic text editor, even on a phone? Games and front ends to proprietary cloud services are going to the major things that need porting. There'd be a better office suite than anything available on a phone if libre office got ported. GNU/Linux/Ubuntu comes with a heell of a lot for free (as in beer, as in effort and as in speech). Throw in a hardware slide out keyboard and you might a real spritual successor to the n900.

Quark! Quark! Beware the quantum duck!