Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
User Journal

Journal Journal: Would "Fair Tax" (H.R. 25) end Open Source Software? 2

I was doing research on the (US) "Fair Tax" proposal (HR 25) which would abolish the IRS in favor of a national sales tax. In doing so, I noticed the provision which enforces taxes on bartering (sec 201'S103.d)) ) and was upset enough about that, but then I discovered that in combination with the fact that services would be taxed, not just products, and that "computer software" is explicitly excluded from "intangible property" (Sec 201'S2.a)(6)B), it may mean that Open Source software writers and users would need to pay sales tax on the "fair market value" of the software. I am hoping that I am missing something or reading something incorrectly, but here are the details:

Section 201'S103.d) reads:

(d) Barter Transactions- If gross payment for taxable property or services is made in other than money, then the person responsible for collecting and remitting the tax shall remit the tax to the sales tax administering authority in money as if gross payment had been made in money at the tax inclusive fair market value of the taxable property or services purchased.[Emphasis mine]

Open Source software (well, technically GPL-like licenses) is essentially a barter between a license to use the software on the one hand and a guaranteed license to use any resulting derivative works on the other. "You get to use this for free, but in exchange, I get whatever you make from it." Since all goods and services would be taxed under this proposal, then this would indicate that a user of Open Source would need to remit tax based on the "fair market value" of the software on the one hand and the writer would need to pay taxes on any software licensed back to them in return.

The potential taxes in this case are clearly going to be much higher than the typical price of the software ($0) and the software licensed back, especially for someone very early in the development tree might generate enough tax liability to bankrupt them.

Now, the Fair Tax does not tax "intangible property," so does this give us an out? A copyright is usually considered intangible and is, in fact, listed in Section 201'S2.a)(6)A as "intangible". But... B in that same subhead specifically excludes software from the definition of "intangible property" so it would be explicitly taxed under the "Fair Tax":

(B) CERTAIN TYPES OF PROPERTY- Such term does not include tangible personal property (or rents or leaseholds of any term thereon), real property (or rents or leaseholds of any term thereon) and computer software. [Emphasis mine]

So, presumably if I write a piece of software which might be marketed at, say, $100 a seat, and I release it under the GPL, then you would have to pay $30 in taxes to use it. If you go an turn it into a multi-million dollar system for removing brain tumors (and, as required, license the derivative work back to me), I now owe $800,000 in taxes and need to file bankruptcy (but I get to keep my silverware up to a certain value).

Obviously, this is nonsensical, but it seems to come from a plain-reading of the law. But wait, business-to-business purchases are not taxed, right? Right, at least mostly. If you use a taxable service or product in the production of another taxable service or product (see definition in 201'S2.a)(8)) then you only pay taxes on the last item or service in that chain. So, if you use my Open Source product to run your store, you need not pay taxes on it; the taxes will come out of the sales of your products. But if I use my software for personal use, I am still bankrupt.

The only other out I can see is if the donor simply makes the software public domain (in which case there is no reciprocation and no barter going on) or if all code is contributed to a "qualified non-profit" organization. In the latter case, the non-profit would not pay taxes on any benefit received and at least business users of the "free" software would not need to pay taxes on it, but private individuals would still need to pay taxes on the "fair market value" of the license they receive (and the qualified non-profit would have to collect those taxes).

What am I missing?

User Journal

Journal Journal: Iraq Open Letter

I have written a paper called An Open Letter to Supporters of the Iraq War About Ron Paul. It summarizes a lot of the views I have expressed in various posts here including a bit of information on my experience with the military as it relates to the situation.

This article talks about the Iraq War debate from the point of view of a conservative Republican in support of a Republican candidate, concern for long-term national defense, and a rational foreign policy. A broad case for orderly redeployment is made militarily, politically, and economically, starting with why the debate is necessary and patriotic to begin with. (~4500 words)

It should be going up in html on a site that can handle some traffic, probably Lew Rockwell's, but in the meantime, I have PDF up for download. It is produced with Docbook and I can provide it in a variety of formats if anyone wants copies or wants to host it.

I also developed a rather nice set of Ant rules for this and a few other papers that I use on my Mac to automate document production if anyone is interested. It validates, generates multiple formats including dependencies, converts graphics, zips output, tracks external dependencies (stylesheets, DTD, Fop library) and some goodies. There really do not seem to be a lot of (free) ready made tools or even reasonably complete examples for doing this.

User Journal

Journal Journal: Top Secret Device Identifies Political Affiliation from Air

In a recent helicopter attack on 'Al Qaeda gunmen' at the edge of Al-Khalis in Iraq, the US Military did not interact with the gunmen in any way prior to opening fire. This suggests that the US military is hiding a new technology which allows them to not only identify 'bad guys' at a distance, but also their precise political affiliation. If this technology were declassified, it could revolutionize the election process. However, since the gunmen turned out to be local militia coordinating with Iraqi police, the technology may require further fine-tuning.

This action, like the bombing of the wedding party at Falujah, angers me to almost no end. Regardless of any views of the Iraq War, its purpose, and our continued presence, it is unconscionable to use heavy weaponry in populated areas, let alone indiscriminately. Civilians, 'ragheads', are often treated callously and collateral damage is swept under the rug. I wonder just often 'Al Qaeda gunman' is shorthand for 'Don't Know Don't Care'.

When we occupied Iraq, we signed up for a very difficult and messy task. The region has been a hotbed for centuries. Urban warfare, sectarian conflict, and insurgency were easy to predict. There is no easy way to fight it, yet we continue to take short cuts: innocent civilians and our allies pay daily. One of the saddest aspects of this debacle is that the dead included both Shia and Sunni--- working together.

There is no technology to tell peoples' affiliation and intent from a distance. There is no way to tell the difference between a woman with a fruit basket and a woman with a bomb. You have to get close and personal, and yes, that means either exposing yourself and taking casualties or preemptively killing every man, woman, and child. We either need to face that or get out.

User Journal

Journal Journal: VA Tech and Simon's Rock Shootings

This entry is a compilation of some of my thoughts on the recent VA Tech shootings and the 1992 shooting at my College, Simon's Rock. Like many people, my thoughts are with the victims and survivors, but also on the past.

On December 14, 1992, a student by the name of Wayne Lo went on a rampage at Simon's Rock College of Bard (Now "Bard College at Simon's Rock"). It was a much smaller incident than the VA Tech shooting, not the least because the shooter did not clean his gun properly and his gun (an AK-S semi-automatic rifle) jammed repeatedly. At the end, two were killed and four wounded. The shooter himself, who could not commit suicide with the malfunctioning weapon, is still in prison. The campus, of about 350 students, was torn apart.

Like the VA Tech shooting, the campus administration were clustered together and dealing with an incident from earlier that day when the shooting started. There had been suspicion when a package arrived for Mr. Lo from an arms company, which he deflected by showing them some gun accessories he claimed he had obtained for his father, a Montana gun collector (the package had actually contained ammunition). A short time later, a residence director and family had received a death threat and had been escorted off campus. The administration had been widely criticized (and sued) for acting too slowly and for not intercepting the package (something they had no legal right to do). Like VA Tech, there had been nothing humanly possible to do and the criticism led to increasingly erratic rules in the years following.

The shooter started at the guard shack, critically wounding the security guard, then shot and killed a teacher driving onto campus. A student coming out of the library to assist the motorist was shot and killed next, and shots were fired into the library. He then proceeded past the pond and began firing into dormitories, wounding two others. I was on the phone with my girlfriend in one of the dorms when shots were fired into it. A number of people escaped when he inexplicably stopped firing, swore, then resumed. A friend of mine was saved when the Provost's dog distracted Wayne at a critical moment. Finally he holed up in the dining hall and surrendered.

When I hung up from my girlfriend (after finally convincing the idiot to lock her door and get under the bed...), the folks in my apartment immediately began calling police, ambulances, administration, etc. Then we started calling dorms and putting lists together of who could be accounted for and who could not. One student we had gotten hold of had seen another hit and go down and was crying in shame that he hid in his room instead of going to help. Our list had a lot of gaps in it and many would not be filled until the next day. Like VA Tech, the police arrived long after the shooting was done.

That first night was hell. After gathering in the dining hall, we were sent to bunk wherever we could. Several campus buildings, including dorms, were closed off with police all over. Our upper campus apartment was sleeping wall to wall. There were still people unaccounted for, people wounded who might not live, and explanations that were not forthcoming. For myself, I had another ghost to wrestle with: Wayne Lo had been a friend and former roommate and I had recognized his voice over the phone.

In the days that followed we learned more. We were also interviewed by state police. Reporters tried to interview us despite the police cordon; several snuck in through the woods that bordered the campus. One of them was dragged off bodily by a group of students after she attempted to interview the girlfriend of the student who had been killed. The shooting had occurred during finals week, and most of the test were canceled. Some left early, some stayed. Those of us needed for depositions had to stay.

Over that winter, I stayed with my girlfriend's folks in New England because I was told to be available for the trial. I was also ordered to not read papers, watch news, or discuss the incident for six months. I and others had to go to Boston for a day to talk to shrinks for one side or another. In the end, after being told I would be given 2-3 days notice to testify, I was called with less than 24 hours notice on the day of a major snowstorm and therefore never made it to the courthouse. I never testified, and a lot of the background on Wayne never made it onto the court record (or, therefore, into Gibson's book). It made little difference to the prosecution, however, as the evidence was airtight and he was found to be competent. I think he will be eligible for parole at 93.

In succeeding semesters, I had a great deal of difficulty coping with the wall of silence that surrounded the shooter. I was mourning for the victims like everyone else, but I had also lost Wayne, who I had considered a friend, and who had betrayed us all. But none of that could be expressed on that campus. I had a short essay published around campus, which opened some people's eyes, and elicited threats of violence from others.

That next year, as the administration tried to deal with the aftermath, new rules of all kinds were passed. Suddenly anything which had any conceivable relation to a weapon was now verboten. This came to a head one day when a student called in to security to say that another student had "a gun". The student in question was seized, the "weapon", a blue and yellow squirt gun, was confiscated, he was interrogated (for several hours) and suspended. After it was discovered that squirt guns were *not* actually on the new list, it was added retroactively.

A student community meeting was called and a protest organized. The core of the protest included myself, but also the two students who had been shot, and who, if anyone, had the most right to be paranoid and afraid. One of them was still walking on crutches from the three bullets he had taken. The Dean gave a statement, which was taped with his permission. He called out the students for daring to criticize his judgment in his attempts to protect them and filled his speech with fear mongering. Many students left in tears. The group of us who had started the protest had a transcript made and sent to a group of parents and the Board of Directors, which finally had a bit of an effect at reigning in the madness. The suspended student never returned to the school.

It never ceases to amaze me, but of the many people I have met in my life who have actually experienced and survived violence, they are usually *less* afraid and more stable than the ones who merely witnessed violence. It is the onlookers, the parents, the authorities who always seem to go off the deep end, not the ones who have the right to call for change. The victims quickly become pawns for people to assuage their own shame and guilt. Having been in contact with violence at several points, I do not have the overwhelming need some people seem to of making society or the government my protector. Perhaps part of that is because I have seen too many cases where authority is either powerless or actively detrimental, many times because of an inability or unwillingness to see a situation for what it is. Authority is important, but so is learning to stick up for yourself.

In particular, I am not pro gun control (outside carefully proscribed limits). I would rather people have a chance to defend themselves against a nut like Wayne than wait for the police to bag the bodies and wake up the families. Experience has shown in places like Virginia (outside the campus where people are actually allowed to carry weapons), that concealed carry does not increase crime and that armed citizens do often stop crimes in progress (although it is seldom newsworthy). After the shooting, I have a distaste for guns, and it took me years to work back up to firing one, but I believe it is a responsibility for someone to be able to care for oneself. I can cook and do basic mending as well.

It bothers me greatly that the Virginia Tech campus was closed to CCW permit holders just before this incident. I have no way of knowing of course, but I can just imagine someone dead among the sprawl of bodies who left their licensed weapon at home or in a car because of the new rule. Wayne had been a friend, but that night, I would have shot him in a heartbeat to stop him, even at the cost of my own life. Maybe he was sick, maybe it wasn't "his fault", but you don't let sick animals rampage, and it is everyone's responsibility, not just a few people in uniform, to keep our communities safe. The people in uniform can never be in enough places at once.

I hope the people at VA Tech pull through. I hope that the witch hunts and reactionary measures don't get too far out of control. I hope the kind of political opportunism that followed 9/11 does not happen here. I hope anyway. God bless, and, if you made it this far, sorry for the long-windedness.

User Journal

Journal Journal: 2006 FBI Cybercrime reports out

The FBI 2006 IC3 Internet Crime Report and The FBI/CSI 2006 Computer Crime and Security Survey (summary, must register for full report) are both out. The FBI/IC3 report deals with computer fraud reported in 2006, while the FBI/CSI survey (Computer Security Institute, not the TV show) is a survey of 616 security professionals in US organizations about attacks sustained, security precautions used, security budgets, losses due to attacks, and so forth in 2005.

According to the 2006 FBI Internet Crime Report the FBI Internet Crime Complaint Center processed 200,481 Internet-related crime complaints, a number which is down somewhat from 2005 but more than double 2003 figures. Complaints supported 86,279 criminal investigations at the federal, state, or local level. The complaints were varied, including auction fraud, non-delivery of goods, credit card fraud, computer intrusions, SPAM, and child pornography. Almost all involved financial loss, with a total loss of $198.4 million (up slightly from last year).

Among the survey findings is that the top four threats, viruses, unauthorized computer use, theft of equipment, and theft of intellectual property (in order) account for 74% of losses. Fifty-two percent of respondants reported unauthorized use of their systems in the twelve month period and 9% reported more than 10 such incidents. Total losses from the 313 respondents willing to provide figures were estimated at over $52 million. A disturbing trend is the number of respondents who claimed substantial loss from insiders.

Reported financial damages and number of successful attacks have noticeably decreased against previous years, but the survey is skewed toward companies with security policies in place (they have dedicated security personnel and have been in at least one CSI program) who have presumably been improving their defenses. Interestingly, 22% of those surveyed were in organizations with from 1-99 employees, so small to medium businesses were well covered. The survey notes that per employee expenditures on security are much higher in smaller organizations (by total revenue). The full report is an interesting read, especially their definitions of terms and assumptions.

User Journal

Journal Journal: Arete and Agon - Ecology and Greek Personal Development 1

Of late, particularly in some of the slashdot discussions involving environmental/enviro-economic problems, I find myself making posts like this one, which, though I feel are justified, are getting more argumentative than I want to be. I am getting close to the line between agon, "discerning judgment or evaluation", and krinos, "final or critical judgment" (or, if you prefer, "getting cranky"). I wanted to use this journal entry to explain where I feel the overall issue is, why it bothers me and talk a bit about Greek ideology.

First off, let me say, as I have said elsewhere, that I am not an enviro-fascist that thinks people need to revert to stone age technology. In some of my recent endeavors, I am indeed using and teaching traditional craft and farming technologies and using them myself, but this is more for purposes of living history and education than ecological policy per se. I do not believe that people need to go back to horse drawn plows (although, there are some applications, like low-impact tree-culling, where horses are ideal). As a slashdot reader, I obviously have a computer. As a disabled farmer, I actively seek conveniences and assistive devices to make my job easier.

The problem is not the technology per se, but the culture of profligate waste which surrounds it. This is why I do not think any technological solution will get us out of our developing predicament. Any margin which new technology gives us will simply be absorbed by more waste and consumption--- barring social change. Which change, I think will be hard in coming, if at all. As cascadingstylesheet responded to one of my posts, top down legislation of social change just breeds corruption at the top and injustice at the bottom.

In any case, I believe, from one of several factors, including economic dependence on foreign oil, we are in danger of learning our lesson by being slapped, hard, by reality. Technical solutions all have serious problems and may generally cause more harm than good, such as biofuel production's dependence on fossil fuels and competition with food for arable land. Whenever someone mentions conservation or social change as part of the solution, people become very incensed that encironmentalists are asking them to "go back to the trees" or otherwise give up a God-given write to certain must have conveniences. This is not limited to the environment, but connects with many things, such as the disappearance of local business to Walmart and chain bookstores, our over dependence on a fragile interstate trucking system, the trade deficit, and much more. This is just sad.

What makes it sad is that (many? most? US?) people are refusing not only to make a choice, but even to see that one exists at all. They take images handed to them from the media and cling to them to the bitter end, without even evaluating what the consequences might be. They complain about the consequences, and sometimes lament the loss of things that have disappeared, then shrug and go on. I can't say I always make good choices or am not sometimes forced into corners, but it is never because I don't care. Maybe I am just wired differently, but I cannot understand how other people can stand to live with their eyes closed.

Is it really too much to pick up a book instead of turning on the TV? To play cards and talk instead of sitting with video game? To go to a farmers' market instead of Walmart every so often? To live close to where you work? To walk down the street (assuming physical ability) instead of buying a treadmill, maybe say "Hi!" to a neighbor? To support a local business even if it is not quite as cheap or convenient as Megacorp(tm)? Sit in on an occasional town council meeting? To get a wash machine that cycles the rinse water into the next wash? etc, etc, etc. Sometimes (maybe most of the time) it isn't perfectly clear which way is the right way, but trying, thinking, adjusting, trying again, is the way to get there.

The Greeks had two very interesting concepts called Arete and Agon. Arete is the source of our word "Art", but it meant more to the Greeks, more like "excellence in all things" and is in line with the Renaissance's mens ano in corporus ano "A sound mind in a sound body." The Greeks believed that, even if you were particularly good at one thing, it was your responsibility to be well rounded as well.

Agon is the root of "agonize" and, simplistically, means "contest". It was the contest or debate of the will, the process of judgment. It came to be used to describe the moral tension in the plots of greek plays, and, in particular, the dialog between two characters mediated by the chorus as some great dilemma was fought out. Unlike Krinos, another Greek word meaning judgement, agon was not final, but an ongoing and continuing process of evaluation.

What would the world be without the agon--the agonistics of one man against another--to show everyone the order of precedence among men,just as no two other things on earth are alike? How could any of us alive know quality if competition and personal combat did not let all the world know who embodies excellence and who merely manages mediocrity?

--Odysseus, OLYMPOS

Agon, the responsibility to judge, is balanced by arete, the need to do it well, which requires compassion, empathy, and the ability to see faults in yourself, maybe that last above all. This can only be accomplished by doing it often--- constantly testing and revising. As Socrates said, "An unexamined life is not worth living." This code was taken up by the Romans, embodied in chivalry, and revived in the Renaissance, but despite the classical roots of our society, we have entirely lost touch with them. It was always a hard to reach ideal, but now it seems we no longer have that much. Our mythology is dead, our heroes sterile. Our society desperately needs to grab hold of something before we are overwhelmed by mediocrity and complacency.

For a short piece I wrote on comparing the forms of "judgement" used in the New Testament, look here. You may find it interesting even if you are not Christian.

User Journal

Journal Journal: April Fool's Submissions Overboard and Underfunny 2

I agree with some of the comments and submissions I have seen today that the yearly stupidity on Slashdot is just plain dumb. Unfortunately, these comments are drowned out. One or two good hoaxes would have made my day. ("Google Paper" was actually quite good). A score of idiotic and unbelievable posts just ruins the site and real news is buried. Having looked through the Firehose at several points today, there have been several serious submissions that have been voted up but have never made it to the main page. Another thing is that it is simply no fun if you don't have to figure out whether a story is a hoax because *every one of them* is. I just don't think people get that repeating mindless drivel is not a substitute for humor.

Oh well, at least things will get back to some semblance of normal tomorrow.

User Journal

Journal Journal: Berezovka Mammoth and Catastrophic Climate Change

The frozen woolly mammoth discovered near the Berezovka River in Siberia (1901) was mentioned in the movie The Day After Tomorrow, a dramatization of catastrophic climate change and is an anecdote that I have used on several occasions myself to indicate that climate change from global warming or other forces need not be smooth. After mentioning it in a post today, I did some online searching and found that much of what I understood about the event may be wrong.

My first encounter with the frozen mammoth was in the early nineties while going to school for my Environmental Science degree. I was reading journals related to climate change models and came across a study of the Berezovka Mammoth. Unfortunately, I no longer have the citation, but the article was in a credible, peer-reviewed journal.

The main points of the article were as follows:

  • The mammoth was found frozen and intact in Siberia.
  • Little or no tissue damage (from freezer burn) was present. In fact, meat was so well preserved that it was fed to sled dogs.
  • Deep freezing of a creature the size of a mammoth without freezer burn would require temperatures below -150 degrees Fahrenheit.
  • The mammoth had the remains of plants (grasses, leaves, and buttercups) in the mouth and stomach, indicating that it died during a warm season in a non-frozen area.

The article then went on to present several possible explanations for the sudden deep-freeze of a mammoth, favoring one involving volcanic outgassing of CO2. The idea was that the rapidly expanding gas supercooled the surrounding area and froze the mammoth. I was highly skeptical at the time of the volcano theory, but the image of the frozen mammoth with buttercups in its mouth stuck with me.

Another theory, actually more credible, was presented in The Day After Tomorrow, involving a rotating super-storm system drawing down supercooled air from the upper atmosphere at the cusp of a sudden climate change. This is a somewhat more plausible idea because it answers the question of why, if the mammoth froze suddenly in a relatively warm area, it did not just thaw, at least partly, in following years. A long term climate change answers that question very neatly.

Here is the problem: in trying to find a reference to the original paper I read, I cannot find any credible (Internet) source which suggests that the mammoth actually was deep frozen or supports the idea that there was no dessication, decomposition, or tissue damage. I can, however, find several pages (such as this one) which quote extensively from the original paleontologist's notes and publications, which indicate significant decay and muscles shrunk from dessication (as if from "freezer burn"). Interestingly, there is support for the idea that dogs ate 10,000 year-old meat, but then, my dog eats rabbit turds.

Other mammoth findings do not help much. Although many skeletons and tusks have been found, only four (five?) have been found frozen and relatively in tact. None, however, appear to have been deep frozen, but rather slowly frozen in cold mud or gravel. The recently discovered Jarkov Mammoth has undergone significant decay, including the total destruction of its brain.

Anyway, the "mystery of the frozen mammoths" for me may have become much less puzzling. I need to spend some time with Inter-Library Loan and see if I can get hold of some credible off-line material.

United States

Journal Journal: Whistle Blower Protections and FOIA in House

A number of oversight bills come before the U.S. House this week, including: H.R. 1309, the Freedom of Information Act Amendments of 2007,
H.R. 1255, the Presidential Records Act Amendments of 2007,
H.R. 985, the Whistleblower Protection Enhancement Act of 2007, and
H.R. 1362 - Accountability in Contracting Act.

The FOIA changes and whistleblower protections should make hiding illegal domestic spying/wiretapping programs much harder. I am having trouble finding any commentary in favor of the contracting bill. Its provisions for oversight on audit discussions not just final reports might catch problems which get buried by political maneuvering. They also want to make it harder for contractors to get Time and Materials contracts; although I am very much in favor of fixed-price contracts, I have not known the government to agree on requirements beforehand and requirements-drift in software projects can reach obscene levels. This would also seem to rule out XP-style subscription contracts.


Journal Journal: Physical Security in a Star Trek Universe 1

There was a program recently on Star Trek(*) technology and its influence on real inventions, I believe on the Discovery channel. The section on the transporter and my experience in high security environments (the Pentagon, pharma research labs, etc.) got me thinking on the staggering implications such a device would have on physical security of sensitive facilities.

Unlike many current explorations of potential teleportation which focus on end-point to end-point transfers (between a sender device and a receiver device), the Star Trek "transporter" is end-point to anywhere and anywhere to end-point; you can step on a transporter pad and beam down to a planet surface without having to be reassembled by another transporter device. Similarly, you can "beam-up" from any point, regardless of whether a transporter device is present, to a transporter pad at the receiving end. In the later series, the transporter device becomes a mere facilitator in point-to-point transfers where there is no transporter pad at either the source or the destination ("two to beam directly to sickbay"). It is interesting to note that the recent tv special claimed that the transporter technology was introduced into Star Trek in order to reduce the special effects budget by eliminating shuttle landings from each episode.

In any case, the best data security is often maintained by restricting physical access to the network, terminals, work area, and data storage. This is, of course, dramatically altered when an attacker can materialize at any point inside your facility. Star Trek level sensors could probably do a decent job of tracking individuals inside the facility and recognizing when an unexpected one shows up (in many episodes, the sensors can recognize "biosigns" and even pick out distinct individuals). This would not do much good, however, if an object, such as an armed H-bomb were beamed in instead, or something more subtle such as a chemical or biological agent which might not be immediately detectable.

A sophisticated attacker might merely beam in a monitoring device, small and with low power requirements and thus hard to find. A confederate could even precisely place such a device without the risk of being caught at a security check point with unauthorized equipment. Instead of transmitting gathered data and risking detection, the device could be beamed back out later, or if this were difficult (perhaps pinpointing the device from a distance was not easy), the data could be encoded in some way, perhaps on bacteria that the insider could remove without detection.

[Of course the attacker would not need to go to any of these lengths if network security worked like it does in BattleStar Gallactica, where merely running a cable between two computers enables remote exploit.]

New methods would need to be invented to counter these threats. Perhaps the use of transporter technology could be strictly limited, but prohibition rarely succeeds for long. Deflector shields apparently stop transporter function, so critical facilities could be shielded, not to protect from bombardment, but infiltration. Some sort of "transporter-lock", a method of raising and lowering shields in sequence to allow personnel egress and entry would need to be devised to prevent exposure. This would likely be hideously expensive due to energy constraints. Perhaps certain materials could be devised to block transporter beams, although in the series, transporters are used in a variety of circumstances, including beaming into deep underground caverns. Maybe the old standby, a Faraday Cage, would be sufficient to make transporting difficult or impossible.

In any case, I doubt this will be a worry in data centers any time soon. My imagination will almost stretch to accept that end-point to end-point teleportation may happen in the next few centuries. End-point to anywhere teleportation seems a problem of an entirely different magnitude.

(*) Star Trek is a registered trade mark of Paramount, yada yada yada.

User Journal

Journal Journal: Anti NAIS Bills in Missouri Legislature

I have just finished an article discussing the USDA's National Animal Identification System (NAIS) and current bills in the Missouri Legislature on the website for our farm-based business. Limited interest, but if you want to know more about another big government initiative, give it a read. Comments are welcome.

Data Storage

Journal Journal: ECMA-376 (OOXML) ECMA Responds to Comments

As reported on Groklaw ECMA has responded to comments from the ISO/JTC 1 Fast Track 30-day comment period. The original comments are included in an appendix at the end of ECMA's document. I found many of the comments enlightening, particularly the continued confusion expressed by both ECMA and the ISO representatives over how the "Fast-Track" process is supposed to work and the fact that "conflict" is not defined even though over 200 standards from ECMA have used this process so far.

Not as many countries gave negative comments as were expected. Interestingly, the American National Standards Institute (ANSI), the US representative to ISO, abstained from commenting. ECMA-376 must still go through a five month discussion period and be passed by a two-thirds vote of a thirty representative committee. Computerworld states that it expects eleven countries to vote against at this time, but this, of course, can change.

Below is the text of an email I sent to ANSI. We'll see if anyone reads it.

It has come to my attention that ANSI abstained from participating in the 30 day comment period for the ISO/IEC JTC 1 Fast Track process for the ECMA-376 standard "Office Open XML File Formats" due to an inability to reach consensus. As a business owner, former IT professional, former member of the Austin Group technical committee, and interested party in the recent efforts to standardize the preparation and storage of electronic government documents, I am writing to express my deep concerns with the proposed standard.

First of all, as is echoed by a number of ISO representatives and IT professionals, ECMA-376, a specification derived from Microsoft Office 2007's Office XML format, obviously conflicts with and duplicates the scope and purpose of ISO 26300 (ODF): to support common office formats, including word processor documents, spreadsheets, etc. It is confusing and counter productive to have two standards promoted by the same organization for the same purpose. ECMA glosses over this issue by stating that other arguably overlapping ISO standards such as HTML and PDF or SVG and CGM exist. In these cases, however, there are clear discriminating factors between the formats, such as the different industries and needs served by CGM (CAD and industrial design) and SVG (web and graphical design).

ECMA also states that ECMA-376 and ISO 26300 serve different markets, specifically that while ISO 26300 was designed from the ground up to serve existing and future document needs in a sensible and standards conformant manner, ECMA-376 was also designed to serve the needs of storing legacy documents which were stored in a number of existing binary formats. It may be argued from examination of the ECMA-376 specification that the data model of these legacy formats was the driving design factor.

While this does, indeed, distinguish the purpose of the two formats, the latter is of dubious value as an international standard. ECMA-376's distinguishing feature becomes that it takes a number of obscure, complex, and opaque binary file formats and converts them to a single monstrously complex (over 6,000 pages) obscure, complex, and opaque text format which contains numerous references to behavior in legacy applications which is never described. Rather than reference existing ISO standards for, e.g. times and dates, inline graphics, percentages, colors, citations, etc., ECMA-376 defines its own legacy encodings, in some cases, multiple conflicting encodings for similar data. It is difficult to see why anyone would want to recommend this format for new documents and it makes little sense to create a standard which is deprecated from its inception.

There are many examples of strange format choices within the ECMA-376 document structure. There are two calendars for expressing dates. One is based on a Gregorian calendar with a 1904 epoch, the other has a 1900 epoch with an (incorrect) assumption of a 1900 leap year. Rather than placing the burden of normalizing date stamps on a conversion program, the format continues to propagate a bug from Lotus 1-2-3 date handling. Percentages are expressed inconsistently and sometimes bizarrely. In some instances they are bare integers, such as "71" (in contrast to HTML "71%"). In some places they are expressed as integer fiftieths of a percent, so that, for instance, "200" represents "4%". In another place, they are represented as discrete constants, such that "pct87" represents "87.5%" [not a typo]. This is not a single technical detail nor a series of technical details, but rather an overall design choice for ECMA-376 to remain as close to the legacy data models as possible, thus requiring applications to retain those data models in perpetuity. ISO-26300, by contrast, puts the burden on conversion programs to retain knowledge of the legacy structures and normalize the data when producing a conformant document.

This design is most clearly expressed in ECMA-376 by tags like "autoSpaceLikeWord95" which requires the application to duplicate the unspecified behavior of a legacy application.

When faced with converting a legacy document, an application has several choices with regards to some of these obscure features and idiosyncrasies:

  1. Convert the document 1:1, leaving legacy features intact. This will mean that many applications, even though technically ECMA-376 conformant, will not render the document correctly. Indeed, Microsoft's own products have been criticized for mishandling their own legacy formats. It is difficult to see how the proposed standard adds to interoperability in this case.
  2. Attempt to convert the legacy schema, with or without human intervention, to adhere to modern conventions, such as converting broken dates and reinterpreting legacy layout options in terms of modern features. Here again, it is difficult to see what benefit ECMA-376 adds as ISO-26300 was specifically designed for this case.
  3. Convert to ISO-26300 1:1 leaving legacy features intact by using ODF extensibility features. Essentially, key-value pairs can be added to express legacy constraints like "autoSpaceLikeWord95" for applications to interpret if they wish. This has the benefits of not requiring a new standard and reusing existing standards for internal data such as times, dates, colors, languages, percentages, etc. Rendering and interoperability would be no worse than for the majority of ECMA-376 applications. ISO-26300:2006 may be extended, if necessary, to standardize some of these keys.

The ECMA-376 format is of clear value to Microsoft in supporting its legacy products and existing applications suite. By documenting this file format, Microsoft allows others to find value in the format as they will and to increase interoperability with Office 2007. Microsoft certainly deserves the community's thanks for this action. However, ECMA-376 is large, overly complex, does not promote general interoperability, and is of dubious value to the international standards community. Having two similar and competing standards will confuse the marketplace and cause balkanization of document storage. The lack of standardization within ECMA-376's internal structures duplicates the work of existing, mature standards, and locks application developers into perpetual support of legacy, non-standard data schema.

I hope that ANSI will pay due attention to this standard as the JTC-1 process progresses.

Slashdot Top Deals

"We learn from history that we learn nothing from history." -- George Bernard Shaw