Slashdot Mirror

Brute force, however, will always work, no matter what algorithm you use. The only way to make a more secure password, is to use a better password, a better hash algo won't help a damn.

Now think your brute-force system works every time?

Now all I need to do is send two MD5 values; the original password and the hash plus the login number, itself hashed. The first verifies that it's the correct password, the second verifies it's the correct use. The login system only needs to verify the second identifier is a match, it never needs to store it. All you'll ever have is the first half of the solution, because it will always change. No amount of brute force can break a one-time pad especially where the pad isn't stored. All that is stored is the login number, presuming you can figure out where it is. And if you don't know whether the login number goes first, or goes after the password, you're likely to get caught long before you can gain access.

Or even easier, when I log on, my system sends me the time and date, I (on my computer that connects to it) send back the hash of my password, plus send that hash concatenated with the date and time it sends me, MD5-encrypt, and send that hash back to it. It knows when it sent me the time and date, so it splits it into two pieces, checks the first to make sure it's a valid hash of my password, then takes that and concatenates it with the date and time it sent me and checks it against the second hash.

Also, since you don't know that what I'm sending is actually, in effect, two passwords, you're trying to break a 256-bit cypher instead of trying to break two 128-bit ones; I'm not sure but it might mean you're looking in the wrong place and will never get the correct answer.

This does four things: (1) The attacker would also have to tap the transmission between me and the host computer; (2) they would have to know the context of the transmission since they wouldn't know that the hash was actually two hashes; (3) even if they crack the hash, all they get is a password that isn't even useful any more because it was a one-time pad; and (4) it prevents use of man-in-the-middle replay attacks since the identifier, either the time of day or the login number would be wrong.

I think S/Key did something like this, but went even further because it used a series of words to encapsulate the numbers, so you not only needed to know the password, you had to know which access number it was, and you had to know what word translates to which number.

I think maybe I'll write this up, it sounds like it might just be a really good idea.

Paul Robinson <Postmaster@paul.washington.dc.us>

I note that my sister has a Disney tv and DVD player set, the TV is a bright red 13" set with Mickey Mouse ears on it, and the DVD player acts as the base to set the TV on. A DVD player and a 13" TV should probably together be less than $200 and I know she paid considerably more than that.

In effect, Disney expects to get a premium on this computer of close to $200 for what in effect is at most a $50 pair of speakers (and probably closer to $20) shaped as Mickey Mouse ears.

Paul Robinson <Postmaster@paul.washington.dc.us

With respect to the following section:

3.6.4 Manual Emergency Stop Unit
Each vehicle must be additionally equipped with an externally actuated manual emergency stop capability. Activating the manual emergency stop must promptly bring the vehicle to a complete halt in the DISABLE mode. At least one actuator and its labeling must be easily visible and accessible by an average human standing anywhere around the vehicle. The manual emergency stop must be easy to identify and activate safely, even if the vehicle is moving at a walking pace. The operation instructions for manual emergency stop actuators must be clearly labeled in English and Spanish. The instructions must not be interfered with by any other labeling or advertising. A demonstration of the manual emergency stop capability will be required as part of the NQE.

I ask the following:

1. Is the above provision complied with by a standard power brake such as is usally and customarily activated by a common, ordinary brake pedal on a standard automobile that is operated by the driver of a manned vehicle, or does it require some additional piece of equipment such as a button, lever or other control?
2. Is this complied with by, for example, a vehicle having ordinary controls such as a common brake pedal on the drivers' side of the passenger compartment of a passenger vehicle, but modified, say, so the doors are removed, allowing someone to simply jump into an operating, unmanned vehicle while it is moving and thus stop the vehicle simply by stepping on the brake?
3. The above says "externally actuated." Does this mean that the emergency stop must simply be accessible by someone on or in the vehicle (such as a person who gets into, say, a passenger compartment) as opposed to being inside of a control area, or does it require the emergency stop to be accessible from outside of the vehicle?
4. If an acceptable method for manual stop includes a standard, ordinary brake pedal as stated in question (1), obviously visible and accessible from a drivers' seat such that an ordinary person able to operate an automobile could use it, does it require labeling?
5. If the method for manual stop requires something separate from or in addition to a common, ordinary brake pedal as stated in question (1), is the manual stop method complied with by use of, for example, a lever which pushes or pulls directly or indirectly by other rods, wires or other devices on a common brake pedal?
6. Where an additional method is used for the method of manual stop either because it is chosen or required is something in addition to a common brake pedal, such as a lever or button, is the labeling requirement complied with by a sign saying something such as "Emergency Stop - Pull orange lever" or "Emergency Stop - Push orange lever" or "Emergency Stop - Push green button", (where, obviously,.the device used for this purpose is a lever colored orange or a green-colored button), or must the object itself be marked with something like "Emergency Stop"? (The above indicates that it is required to be labelled in English and Spanish so presume the labelling includes both languages.)

Respectfully Submitted
Paul Robinson <postmaster@paul.washington.dc.us>

[U]sability is a relatively new matter for us. How we react [ ] is similar [ ] to phenomena we didn't understand. Lightning was explained by Thor's Hammer, the plague was a punishment from God, and so forth. In our case, we replace "God's will" with "Companies", "Reports" and "Experts." We don't understand usability, so we push responsibility for it onto someone else.

- Frans Englich, Open source usability is a technical problem we can solve on our own

I have reached the conclusion [ ] limited to hard-core pornography. I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description; and perhaps I could never succeed in intelligibly doing so. But I know it when I see it...

Paul Robinson <Postmaster@paul.washington.dc.us>

Paul Robinson <Postmaster@paul.washington.dc.us>

Paul Robinson <Postmaster@paul.washington.dc.us>

Porn and violence is tearing apart marriages and families. Anyone who can't see the moral decay and complete deterioration of society as a whole because of these two abhorations has their head up their ass.

Were the 1950s a more moral time, when in the south, any "uppity nigger" who demanded his civil rights such as being able to vote ended up getting lynched? Or in the 1960s where they just got firehosed and attacked by Bull Connor's police dogs? How about the 1940s when them gooks were properly put in concentration camps even if they were American citizens? Yeah, we're a lot less moral and more violent than when the Three Stooges routinely poked each other's eyes out.

The problem is not entertainment; it is a lack of a valid and consistent moral code. The religionists have a weak and inconsistent moral code which has so many holes in it that pointing out their hypocricies will get them angry. Unless and until people act to establish a validatable moral code - one not based on some alleged God who supposedly will punish people after they die - but on a logical and rational basis to show why bad behavior has consequences here and now, you will have problems. Most people are good; give them sound values that make sense and most of them will stay that way. But people want easy and quick fixes or they don't know what they are doing and choose religion, which doesn't necessarily work once you find the holes (inconsistencies and hypocricies) in it. Which every man-made religion has.

Paul Robinson <Postmaster@paul.washington.dc.us>

I don't know if actually using 'postmaster' as my e-mail address cuts down on spam for me, because I get quite a bit of it anyway.

Also, I have an address of spamiam on this domain which I use for mailers where I don't care about the mail they might send.

Paul Robinson <Postmaster@paul.washington.dc.us>

1. I like the idea C came up with of the ++ operator (and --, and to a lesser extent some of the equal codes such as *=, /= etc.), e.g. instead of
   A = A+1; You have
   A++; or ++A; depending on whether you want A to be increased before using it or after you use it.
   
   
2. I like the idea Pascal came up with to distinguish an assignment from a comparison. The equal symbol = is only used for comparison. To assign a value to a variable you must use the "becomes" symbol :=. This eliminates the possibility of nasty errors in C such as
   if B=C { being used where they should have used if B==C { N.B. Yes, I know there are checks in certain cases that require you to put certain of these type of expressions in () to allow them without getting compiler warnings, and I also know that there have been attempted system hacks where this type of exploit has been attempted to grant priveleges by doing a comparison using = instead of ==.

   If assignment used a special sequence that can't be used in any other case (or did not allow assignment inside of a statement), check code that implemented root access hacks (A test for privelege against the user's privelege code which grants the user root privelege) would be impossible in the first place.

In an attempt to add a little more light than heat to this issue, let me add my .02 Euros. I am not a lawyer although I've had to defend myself in court a few times, so I do know a few things.

This is a temporary restraining order. These are commonly issued "ex parte" meaning at the request of one of the parties and may even be done where the other party did not even show up or was given notice. The purpose is to "preserve the status quo." The court apparently - from the description of the TRO - issued it verbatim as the plaintiff filed it. I doubt the court even knew what half the terms on the order meant. I had trouble and I'm somewhat familiar with Internet networking.

In the case at hand, it may be that the contract with the provider could in theory have allowed immediate repossession of the IP address space which was loaned to them in the event they changed providers. In which case, if the company that has the particular IP space, allowing them to have their address range "snatched away" from them immediately would constitute irreparable harm, since it can take up to a week for an address change to propagate throughout the Internet.

A Temporary Restraining Order is intended to keep things as they are at the time it was issued, until such time as a court has the opportunity to hear evidence and to make a decision. Generally they are issued subject to the following conclusions:

1. The party asking for the order (the plaintiff, here) is quite likely to suffer irreparable harm if the relief requested by the order is not granted.
2. The party to whom the order is issued against (the defendant, here) either will not suffer harm as a result of the order or the amount of harm is minor or substantially less than that which would occur to the other party if the order isn't granted.

There are additional conditions involved, but these are the two most important. Here, allowing the customer to keep the number on a temporary basis while the court decides the issue does not necessarily harm the defending ISP and failing to do so would probably be devastating to the customer.

Now, to the extent the customer has other options (such as using the number block which they have been assigned directly) will provide the court with a reasonable solution as to why the TRO should be dissolved after the customer has some reasonable time to correct the problem, e.g. to renumber their systems and advertise the new routes to the various routers and DNS systems might require, say 7-10 days.

Also, if the contract between the company and the ISP provides them sufficient protection to allow them the time necessary to renumber and reroute then the need for the TRO becomes moot. However, if the contract was silent on this point or explicitly allowed immediate repossession then the TRO may have been a valid issue in order to preserve the status quo for the time being until the issue can be sorted out.

This is the basic reason such decisions are issued, so that things can remain as they are until the court can figure out who is entitled to relief. It does not necessarily mean the customer will win or even has a valid cause of action, it just simply means that it is less catastrophic to the ISP to require they not "yank" the IP addresses from the customer than it would be to allow them to do so, pending the outcome of the actual trial on the merits of the issues involved.

Please excuse me if this is obvious, but I thought it might help.

In his commentary on Brooks' work. There are a number of issues Willis comments about, including a 'sneer' at the software rent and memory rent. And other comments on the expensive costs of computers at that time. Realize Brooks' is talking about programming on mainframes, machines where you mostly did batch processing and served hundreds or thousands of users.

It wasn't all that long ago when parts for micro computers were expensive, very expensive. I remember when 16 megabytes of memory - and a lot slower than what is available now - cost US$400. I remember when an 80 megabyte hard drive cost US$420.00. I remember these prices because that's what I paid. This is less than 15 years ago. The availablility of really powerful computers for individuals at astonishingly low prices is an extremely recent development.

The lowering of prices (and the resultant raising of the standard of living for those who buy those things) has been going on for thousands of years, as long as we've had free markets to allow this to happen. But initially (or as long as someone has had monopoly control over supply) prices were high and often the items were difficult to obtain. As products become commodities, prices drop. This is why 640 MB CDs (commodity) are now as low as 16c each (qty. 100), 50c each qty. 1. 4,200 MB DVD-Rs are $1 each (qty 4), while 100MB zip disks (proprietary) are still about $8 each (almost no discount in quantity).

Willis is comparing terms and conditions now with the situation of (much worse scarcity) of 30-35 years ago, then cracks up in laughter at his own ignorance of the past.

While it may be arguable whether California can impose upon a wireless carrier these provisions and make them stick, there is one way they can make them stick: by denying court access and credit reporting.

If they are not allowed to sue in any California court to collect their unpaid bills if they do not comply, are not permitted to file with any California court or collect upon a judgement obtained from any court or from an arbitration panel, and are forbidden to file with credit reporting agencies reports of bad debts if they do not comply with these rules, they can still be held to them even if they can't be required to do so to operate.

The California Public Utilities Commission has plenty of authority. The California Constitution gives the legislature the authority to write any provision into the Public Utilities Code to regulate any form of public utility even if that provision would otherwise violate the State Constitution. And choosing whether a corporate entity has a right to access the courts and under what terms has long been within a state's province.

A swapless system won't be faster for the same workload, usually the contrary, in fact, since lack of swap denies the system the opportunity to optimize RAM hit ratios.

As for the idea of putting swap on a RAMdisk, it is completely brain-dead (unless you have exotic memory arrangements such as NUMA) - the kernel is going to waste a lot of time copying memory from the active region to the ramdisk region and back. A straight swapless system will be preferable.

Under normal circumstances it would make sense that having all available memory would make more resources available than stealing some to make a virtual memory swap space, but as most operating sytems are designed to swap pages out as they are unneeded or when processes start to hit the high-water mark, the overhead of the swap manager running and being unable to do anything due to no swap at all just might be higher than the small amount of time needed to do some unnecessary copying of memory to swap out some rarely-used pages.

Short of someone running a test on a machine with no swap at all vs. say a tiny amount of ram used as a ramdisk (say 5 meg on a 1 GB machine) it's probably an academic argument to say flat out that no swap will always provide better peformance than swap to ramdisk, especially if the kernel is designed to expect to be able to have swap around.

If the kernel is designed to only swap out on resource shortages and not to optimize running processes as well, then swap to Ramdisk is a brain-dead operation. But I suspect the actual method of operation is a little more complicated than mere copy-on-resource-shortage, and thus it is conceivable that swap-to-ramdisk may provide better performance than no swap at all.

This is an obvious power-grab by New York state officials probably because Verizon is pissed and wants something done about this destructive upstart competitor who has the NERVE to do an end-run around carefully bought and paid-for state regulators and offer local service in a way that completely cuts Verizon out of the loop.

There is a big difference between a wireline telephone company and a data service provider who allows you to connect voice traffic to the PSTN. By this reasoning, the people who implement tpc.int to allow people to send faxes by e-mail could also be (regulated and) taxed. And what about efax which will provide you with an incoming fax number to receive faxes, I suppose they are next.

Paul Robinson <Postmaster@paul.washington.dc.us>

It will end up like the red light traffic cameras that are exploding into use in the US. They just send the ticket to the registered owner. It doesn't matter who might have been driving, you WILL pay the ticket because it's your car. No exceptions, no excuses.

The problem here is that for some activities, the liability quotient is strict liability, that is, liability without fault. If the material is not stored on his computer, he has no liability. If someone stores kiddie porn on his computer, generally there is no defense available; it's presumed you knew it was there unless you can get a jury to believe you didn't download it. Now whether failing to secure his network makes him liable (or relieves him from liability) is another issue.
Paul Robinson >Postmaster@paul.washington.dc.us>

In my not-so-humble opinion, it's the Linux community that looks bad, not Fred Langa. The virulent, dogmatic reponses look childish, especially when they sound like the folks who preach the virtues of tin-foil hats [ ] I've been running Linux for a long time, and [ ] it can be a pain-in-the-rump to install;

When I first tried Linux many years ago I could not get it to work, it was too hard for me, and I'm a computer programmer with 24 years of experience going back to typing in bootstrap code on a PDP-11 and using FORTRAN 66 on punch cards on an IBM 370 mainframe. I have seen - and used -many versions of Linux now, some of which do an excellent job, but in some cases there are parts which are missing which are solved in Microsoft Windows. Now, granted some of this is because the hardware is not accessible or specifications are unavailable. But Linux will be a "server operating system" and won't be considered "desktop" ready as long as it can't do what Windows can: provide a reasonably easy and complete install (or be pre-installed) on most machines. If there are deficiencies it makes the product look bad. It does not matter that it's the hardware manufacturer's fault for not providing Linux drivers, it still makes Linux look bad that it can't do what Windows can do.

I think his comments in comparing a Commercial Linux Distribution to a similarly priced Windows XP distribution is valid. (Personally I think the last decent version of Windows was Me, but that's beside the point...)

87? In sweden our cars runs on 95,96 or 98 octane gas

It wouldn't surprise me to learn that Sweden uses one method and the USA uses another.

Octane defines how well the fuel can take high temperatures without selfigniting. 98 octane is only here in high performance cars, so I presume higher is better. Does cars that run on 87 octane fuel really suck then?

High octane is not always better, but gas companies would like you to believe that because high-octane gas costs more.

Paul Robinson <Postmaster@paul.washington.dc.us>

So your solution, which begins as a $1 peice of 'standard' code that you sell:

#!/usr/local/bin/perl
#
# Script Solutions, INC.

print "Hello, World!";
...can then be 'customized', for any fee, tax-free. Right?

Now you know why if there's an sales tax exemption on cost of labor (which there has to be, otherwise employees would have to collect and remit, and employers would have to pay, sales tax on the wages they pay their employees), there are lots of ways to get around a sales tax on the sale of custom software, and why the whole idea really has problems.

Paul Robinson <Postmaster@paul.washington.dc.us>

The profit from writing custom software is already taxed as income to the programmer or entity who wrote it.

Uh, excuse me, but sales taxes are imposed on the buyer, not the seller; the seller just acts as collection agent for the state. The sales tax (that the buyer collects from the seller) is supposed to be added on to the purchase price and paid (by the seller) to the state. It is an extra charge on top of the price of the goods sold and is not a cost to the seller (unless they sell goods including tax). Do you think Walmart has to pay income tax on the money it collects as sales tax? Obviously it doesn't and neither does any other merchant.

If you give something away to someone, whether it's free books at your yard sale or free sample CDs of Linux® at a sales booth at some tech convention, how much sales tax does the recipient owe? Zero.

If you are running a store and sell someone a CD of Microsoft Windows® you're supposed to charge them sales tax on the $149.95 upgrade price or the $495.00 no previous edition price (or whatever it currently is).

If you are running a software house and you sell someone a CD of an application which costs $5,000 including customization, some part of that cost is for the software itself and thus should be taxed same as Microsoft Windows (if you believe imposing sales tax on items which are sold is a legitimate action of the government).

Raising the issue of a 'sales tax' on free items is a red herring here. The issue is whether custom software should be 'sold' for a fee untaxed, while commercial, off the shelf (COTS) software is sold for a fee is subject to sales tax.

This was an old issue, oh, 20 years ago when I lived in California and had a sales tax permit, and one of the items in the monthly newsletter the Franchise Tax Board sent out was a mention that while labor for customizing software was not subject to sales tax, the base price of software sold was, same as any other commodity. I don't think it's unreasonable to treat the non-labor tax aspect of custom software any different from the non-labor tax aspect of COTS software.

Paul Robinson <Postmaster@paul.washington.dc.us>

With the exorbitant fees that (select one:) [ebay | Microsoft] charge these days, you would find a way to offer [ buyer protection | quality ].

What really cheeses me off about businesses that benefit from a network effect (like [ebay | Microsoft]) is that once they have their customers "locked in" there is no incentive for them to improve their business because it is very hard for competitors to challenge them.

On a sidenote, check out [New Zealand's version of ebay | Open Office]. The interface is so much cleaner and easier to use. I'm surprised how [e-bay | Microsoft] can have such a [crap, ugly interface | bloated, buggy software package] and continue to operate as a successful company.

Need I say more?

Paul Robinson <Postmaster@paul.washington.dc.us>

If efforts are made to maintain compatibility for older versions of Windows in WINE, is there a possibility that, in a few years, Linux will be more compatible with Windows95 and Windows98 than the latest versions of the Windows OS?

An ironic twist of fate, indeed!

With Microsoft constantly trying to force people on an endless (revenue generation) treadmill of continuous upgrades, I think it is quite likely that is exactly the situation we could potentially see, in view of the fact that Microsoft has officially ceased support for and abandoned anything below at least NT 4.0 (meaning all 16-bit apps plus Microsoft Windows 95 & 98), it may mean that people wanting to run apps that require older software may find using Linux to be a more effective alternative than any current offering from Microsoft.

We had to buy a copy of Windows Me (from Ebay) to replace XP Home because the games we have would not run on my sister's brand-new Sony Vaio desktop which ran XP. Once we switched (downgraded) to Microsoft Windows Me the programs ran fine.

Paul Robinson <Postmaster@paul.washington.dc.us>

How does one handle the requirements with respect to third-party controls for use in a design environment and the use of license keys (which are stored in the registry) such as is done by Visual Basic 5 and 6 and Delphi (among others)?

Paul Robinson <Postmaster@paul.washington.dc.us>

It may be unfair, but it's cheaper to pay $50,000 in royalties on a patent that might be found by a court to be invalid than to spend $1.5 million proving it is. Or spending $1.5 million to defend a suit and have the court decide it is valid and you also have to come up with an additional $500,000 in royalties plus court costs and their attorney's fees, perhaps.

Paul Robinson <Postmaster@paul.washington.dc.us>

Not to be too much of a downer, but here's one for $70 a week

It wasn't really funny. The article it mentioned is seriously offering that little. From comments at that site it sounded like the guy doing that was a spammer, and wanting to hire Indian or Russian programmers.

Whether we like it or not (and I'm sure we don't), companies will pay whatever is the least they have to. If you feel this is unfair, then you need to change something. Either become more valuable or get into something else. That, or

• find some way to make it illegal to outsource work to other countries and
• also make it illegal for the company to move and
• also make it illegal for the company to buy from a subsidiary or third-party outside the country and
• make it illegal to resell packaged software which is imported and
• make it illegal to transfer software internationally over telecommunications links and
• require registration of all programmers and all code to be corresponded to a specific programmer and
• require a specific programmer who clames to have written code to prove he didn't simply subcontract with someone else (at lower rates) to write it while (s)he acts as a front (wo)man and
• proscribe any other scheme used to hide the source of a computer program being written by someone who is paid considerably less and
• outlaw re-use of free sofware which does not require payment to the author at all

By the time you've done all the above suggestions to keep out the riff-raff of $70 a week programmers (or even cheaper solutions) your country's economy has collapsed from lack of imports and/or exports. So complaining about cheap imported software development isn't going to solve the problem. Making the people who do the work locally more valuable (than the people in other countries) is.

The existence of the Internet as a means to transfer source code and applications anonymously and inexpensively, (or even just transferring files by modem, even at 6c a minute, 2 meg of zip files of source code on a 53Kbps modem connection takes 4 hours and costs $25.00; mailing a CD costs less than $5 and often $1 or less) as well as source code libraries as well as inexpensive pre-packaged applications and free software means that expensive people are going to be threatened by cheaper people or solutions unless they are so good that even the low cost or even free stuff can't touch their capabilities.

This is what happened to the automakers in the 1970s when people started buying less expensive, better quality Japanese cars. It damn near killed the American automobile Industry (and rightfully so) because the crap they were producing was too expensive relative to the quality of the product being produced. I think that the same thing is happening to the software industry. We can produce software that is much more valuable than the stuff produced elsewhere. But we have to make the effort to redesign the processes we use to produce software to make it more valuable over the development done by hordes of cheap programmers living in third-world countries at those wages.

Paul Robinson <Postmaster@paul.washington.dc.us>

If Iomega was smart, they would change their company name and hope people don't find out.

If it worked for ValueJet it could certainly work for Iomega. Hell, they could probably just buy some other less-well-known disk or disk drive maker and use their name. (Except maybe Seagate, which is probably the only drive maker with a worse reputation.)

Paul Robinson <Postmaster@paul.washington.dc.us>

Not only that, but your numbers are probably on the conservative side, I think you can buy bulk 170 GB hard drives for around $100, which means (using your inexpensive $45 shell) for a net of $145 we can get an equivalent speed drive (actually the drive speed isn't usually that critical, the bus often can't even reach the maximum sped most drives can handle) which is 5 times the size of Iomega's drive for less than 1/3 the price.

This reminds me of a story about DEC's disk drives. Don't know if it's true but I'll pass it along.

Back in the 1970s, Digital Equipment Corporation ("DEC") sold minicomputers such as the PDP-11 and mainframes such as the Decsystem 20. DEC also sold a high capacity disk drive which was about the size of a washing machine, had a capacity of 100 megabytes, and cost US $27,000.00. You could buy an equivalent drive from what was then hands down the best maker of the finest quality hard drives, Control Data Corporation ("CDC"), for about $7,000, but you also had to buy a controller card for about $300.00 because the DEC drives used a really stupid controller card and put all the smarts into the disc drive. CDC put very little intelligence in the drive and used the controller to handle it.

Okay, no problem, basically I remember people would say that they would love to be an all DEC shop but they couldn't afford it because DEC's prices were so high. DEC often pointed out that their equipment was of high quality and high reliability and that was why it was expensive.

On that point, DEC was absolutely correct, and here's the story: apparently someone owned both one of DEC's drives and a CDC drive, and opened both of them up to take a look inside them.

What they discovered was that the DEC drive was basically the additional circuitry not on its controller card, wired to... the very same CDC hard drive! DEC was essentially charging a 300% markup for a rebadged CDC drive!

Then again, I am considering buying 1-800-eat-shit for my technical support line...

Paul Robinson <Postmaster@paul.washington.dc.us>

Remeber if you work as a level designer in a company making a game [don't] expect to work with tools that are full fledged.

The tools you are going to work with will constantly evolve, your tools availble will be added and removed as the game moves on.

I shudder to think, with the level of the tools that are being distributed with the published editions, how bad the stuff that is used internally (and isn't even up to release quality) is like. Having used the third-party one done for Doom, and the one included with Duke Nukem, I'd say there isn't a dime's bit of difference whether it's internally or externally developed, they're all pretty much the same: they don't do all of what you need and they're full of bugs. :)

I've had 27 years of experience programming and I can't figure out how to use Q3Radiant (the editor for Quake III Arena). Maybe I'm just not that bright. :)

Paul Robinson <Postmaster@paul.washington.dc.us>

Quake 3 comes with the same editor that the id team used (and designed) and it's free.

Quake 3... Use it... Love it...

Paul Robinson <Postmaster@paul.washington.dc.us>

They'll get the job done (presuming you can figure out how to use it; more on this below), but often there are severe bugs that damage the map, you have to remember to do alternate saves under different names (to recover from this problem), you have to test the map in another program from the one you're designing in, etc.

The method for designing maps usually involve designing an area, then perhaps setting parameters such as size, height above or below 0 of the floor, lighting levels, etc.

The problem begins because they use a graphic-based system to design maps, there is no capability to edit a map in some form in which you could specify parameters as text in order to check. Often the display gives you no information about the area in question except a visual image. You have no way of figuring out what the dimensions of the area are.

Then there is the complexity of the tools. Up through Duke Nukem it was reasonable to be able to edit a page, but the new tools for Quake III for example, are impossible to figure out how to use.

Maybe I'm just not very bright, but I don't think I'm all that stupid, I'm 43 years old and I've been doing programming for 27 years, on everything up through and including mainframes.

When you want to enable features in these editors, it usually requires including some kind of flag sprite or other image, perhaps on an image if you want to make it an actor, then setting parameters on that sprite in a different mode.

Often you need to use special textures or color modes to enable certain features, but it's not made clear when this is necessary.

Whether this is intentional to sell people a reference manual on the game editor, or there just isn't much interest in documenting a secondary tool, there is usually no help and no explanations available about how to use these tools, and often no explanation on what to do with them.

Since it's a database program and now open source, I guess we can add the obligatory quote:

"For the memory of a lifetime, Rekall, Rekall, Rekall..."
Paul Robinson <Postmaster@paul.washington.dc.us>

They only offer the money if the person who wrote it is arrested. If these worms originated from China, Brazil or Indonesia, I'm pretty certain no-one is getting arrested.

Being in some foreign country that doesn't have a law against it won't protect someone for long if someone who was affected by it is mad enough to bring them to a country where it is. (The courts consistently have said they will not consider how the person got to them, whether the person voluntarily walked in or a private party kidnaped them and brought them to court.)

Some people have done this already. It's called a Honeypot. You put up a machine either with nothing of importance or with faked material in order to attract people to try and break into it for the purpose of figuring out how they are doing so. Paul Robinson <Postmaster@paul.washington.dc.us>

(For those that don't get the simile, I'm referring to the scene of Neo's interrogation in The Matrix.)

costing Microsoft an estimated $40 million to $50 million a year.

It's not costing Microsoft jack, because that $40-50 million never existed.

Was that at the end of the article (about textbooks selling at a discount from the manufacturer's sticker price) were sponsored links for places that sell textbooks at a discount and places that buy and sell used textbooks!
Paul Robinson <Postmaster@paul.washington.dc.us>

You have a book. It is copied (not as a copy on a computer system) other than in a method you approve. It is not a software program that was copied, nor is it an access control system that was defeated. What you have is a "moral rights" violation under the Berne Union Copyright Treaty and U.S. Law. I do not think the DMCA applies here.
Paul Robinson <postmaster@paul.washington.dc.us>, or <paul@elusive-butterfly.net>

U.S. Law also makes it illegal to cooperate in any boycott against Israel by other countries.

I wonder how the U.S. would take it if other countries prohibited U.S. companies from doing business there if they cooperate in boycotts against Cuba, North Korea or those countries, or required them to comply with their anti-boycott rules if they prohibited such practices?

Not that I personally agree with how those countries operate, I find it rather amusing that the U.S. requires a boycott of certain other countries, but makes it illegal to follow required boycotts by some countries of their disfavored country(ies).

Paul Robinson < postmaster@paul.washington.dc.us>, or < paul@elusive-butterfly.net>

Sorry, but if you're going to contribute to a community, you have certain obligations to fill

No. You don't. It's FREE software. "Free" means that it doesn't take rights away from the user, and it doesn't impose additional rights on the developer. What else would you think "free" meant?

If everybody makes an obscure interface for their app just so they can make a few bucks on a manual, then who's going to adopt it?

THEN USE SOMETHING ELSE!!!!!!!

Write some code for your new app. Write a code obfuscator; a program that takes some C code and produces some more C code that's functionally equivalent but virtually unreadable to humans.

(Even changing all identifier names to foo1, foo2 would make it difficult enough to figure out what the code does. Of course, far more obfuscatory obfuscations are possible.)Finally, run the code for your app through the code obfuscator and publish the resulting code under the GPL, claiming it to be the original source.

Charge to see the documentation and include a NDA.

Isn't there at least a moral imperative to publish readable source code under the GPL?

Who said they owe you or anyone else anything related to the software they have developed? By what right? They don't even have to release anything at all. You don't like it, don't use it.

Nobody owes anyone else anything with one exception:
"It is what you owe me..."
"I don't owe you anything. You chose to bring me into this world; I had no choice to come here. You owed me the means to live until I became an adult. This was something you owed me as a matter of right. As it will be, when I have them, what I will owe to my children, that I will owe to them as a matter of right. I owe you nothing."
- Sydney Poitier to his father in "Guess Who's Coming to Dinner"

Unless you're their child, they don't owe you anything.

Paul Robinson <Postmaster@paul.washington.dc.us>
http://paul.washington.dc.us

Write some code for your new app. Write a code obfuscator; a program that takes some C code and produces some more C code that's functionally equivalent but virtually unreadable to humans.

(Even changing all identifier names to foo1, foo2 would make it difficult enough to figure out what the code does. Of course, far more obfuscatory obfuscations are possible.)Finally, run the code for your app through the code obfuscator and publish the resulting code under the GPL, claiming it to be the original source.

Charge to see the documentation and include a NDA.

Isn't there at least a moral imperative to publish readable source code under the GPL?

Who said they owe you or anyone else anything related to the software they have developed? By what right? They don't even have to release anything at all. You don't like it, don't use it.

Nobody owes anyone else anything with one exception:
"It is what you owe me..."
"I don't owe you anything. You chose to bring me into this world; I had no choice to come here. You owed me the means to live until I became an adult. This was something you owed me as a matter of right. As it will be, when I have them, what I will owe to my children, that I will owe to them as a matter of right. I owe you nothing."
- Sydney Poitier to his father in "Guess Who's Coming to Dinner"

Unless you're their child, they don't owe you anything.

Paul Robinson <Postmaster@paul.washington.dc.us>
http://paul.washington.dc.us

The problem was the implication that once you'd learned how to solve your problem you couldn't divulge the information to third parties, in other words help others.

Not only is this against the spirit of free software, it can arguably be a violation of the GPL:

Suppose you fork the project, but couldn't have written your mods without reading the documentation. Is this a violation of the NDA?

Or more bluntly, if for all practical matters the license terms forbid you to post a makefile if you've read the documentation before writing it, is this really free software?

"It is more accurate to say that a license is a promise not to sue someone for infringing your rights." - Robert A. Kreiss, University of Dayton School of Law

Paul Robinson < postmaster@paul.washington.dc.us>

The problem was the implication that once you'd learned how to solve your problem you couldn't divulge the information to third parties, in other words help others.

Not only is this against the spirit of free software, it can arguably be a violation of the GPL:

Suppose you fork the project, but couldn't have written your mods without reading the documentation. Is this a violation of the NDA?

Or more bluntly, if for all practical matters the license terms forbid you to post a makefile if you've read the documentation before writing it, is this really free software?

"It is more accurate to say that a license is a promise not to sue someone for infringing your rights." - Robert A. Kreiss, University of Dayton School of Law

Paul Robinson < postmaster@paul.washington.dc.us>

In fact, some people have suggested to the company that they work for, that in view of how i makes the vast percentage of its revenue charging for configuring, setting up and maintaining the software they develop, that it might be worth it to open source the product and give the software away, but charge for everything else. So if you're really broke you can get it for free, or if you want to look at it before putting it on your machines, you can do that. But if you want anything else, even instructions on how to install or use it, you have to pay something.

Why is this such a problem for you? Is it that you think they should give everything away? They have to eat, too. If you don't like it, don't agree to their terms. Since the source code is available without restrictions, take the time and effort to study the code and learn how it works, pay someone else to do that, or pay them and/or agree to their restrictions.

Has anyone noticed there are no open-source tax preparation or payroll software programs? (If I am wrong, someone e-mail me). Because those aren't very sexy for programmers to work with - which means that people aren't volunteering to do them for free - and because they require constant maintenance. (Not [merely] because of bugs, but because the tax laws and payroll processing rules change every year.)

Someone has to pay for the maintenance since this is not something your average programmer either wants to do for free (in the case of a payroll product) or has the resources to do on his own (in the case of a tax preparation program.)

Now, I know that there is GNU Cash as a workalike for Quicken but I know of no open-source software for mundane apps like payroll or tax preparation, and if there were, I can't see how we could expect them to be kept up to date without significant resources to handle the average of 10,000 tax law changes yearly. And that's just the U.S.

Every country has its own rules and thus a tax package to handle the U.S. Internal Revenue Service (IRS) rules would be worthless for Canada Customs and Revenue Agency (CCRA) or for the UK's Inland Revenue (IR). Or the other tax authorities in the other 160+ jurisdictions around the world, almost all collecting some form of income tax. Then there's the 30+ states in the U.S. that also impose taxes on income, provinces in Canada (if they do, I'm not sure) and other subdivisions of governments elsewhere.

Now, some of these agencies are providing on-line tax preparation over their websites, but the method to do this is not open source, and would you expect to pay the lowest possible tax by using, or would you really want to trust, a tax package developed by the taxing authority? :)

Historical note: the typical quote "The power to tax is the power to destroy" was originally written by U.S. Chief Justice John Marshall as "That the power of taxing by the States may be exercised so as to destroy..." McCulloch v. Maryland 4 Wheat. 316 (1819), the first case declaring a statute void for violating the constitution.

Paul Robinson <Postmaster@paul.washington.dc.us>
http://paul.washington.dc.us

In fact, some people have suggested to the company that they work for, that in view of how i makes the vast percentage of its revenue charging for configuring, setting up and maintaining the software they develop, that it might be worth it to open source the product and give the software away, but charge for everything else. So if you're really broke you can get it for free, or if you want to look at it before putting it on your machines, you can do that. But if you want anything else, even instructions on how to install or use it, you have to pay something.

Why is this such a problem for you? Is it that you think they should give everything away? They have to eat, too. If you don't like it, don't agree to their terms. Since the source code is available without restrictions, take the time and effort to study the code and learn how it works, pay someone else to do that, or pay them and/or agree to their restrictions.

Has anyone noticed there are no open-source tax preparation or payroll software programs? (If I am wrong, someone e-mail me). Because those aren't very sexy for programmers to work with - which means that people aren't volunteering to do them for free - and because they require constant maintenance. (Not [merely] because of bugs, but because the tax laws and payroll processing rules change every year.)

Someone has to pay for the maintenance since this is not something your average programmer either wants to do for free (in the case of a payroll product) or has the resources to do on his own (in the case of a tax preparation program.)

Now, I know that there is GNU Cash as a workalike for Quicken but I know of no open-source software for mundane apps like payroll or tax preparation, and if there were, I can't see how we could expect them to be kept up to date without significant resources to handle the average of 10,000 tax law changes yearly. And that's just the U.S.

Every country has its own rules and thus a tax package to handle the U.S. Internal Revenue Service (IRS) rules would be worthless for Canada Customs and Revenue Agency (CCRA) or for the UK's Inland Revenue (IR). Or the other tax authorities in the other 160+ jurisdictions around the world, almost all collecting some form of income tax. Then there's the 30+ states in the U.S. that also impose taxes on income, provinces in Canada (if they do, I'm not sure) and other subdivisions of governments elsewhere.

Now, some of these agencies are providing on-line tax preparation over their websites, but the method to do this is not open source, and would you expect to pay the lowest possible tax by using, or would you really want to trust, a tax package developed by the taxing authority? :)

Historical note: the typical quote "The power to tax is the power to destroy" was originally written by U.S. Chief Justice John Marshall as "That the power of taxing by the States may be exercised so as to destroy..." McCulloch v. Maryland 4 Wheat. 316 (1819), the first case declaring a statute void for violating the constitution.

Paul Robinson <Postmaster@paul.washington.dc.us>
http://paul.washington.dc.us

I think the first thing I remember was the stars on a bottle of soda - cream soda I do believe - these were 4-point stars, I distinctly remember that. I remember them as white paint on a clear glass bottle.

As a programmer I would say that was when I was instantiated. (As a "child" process. Pun intentional!)

As a philosopher I would say that's when I remember coming into existence, because while people tell me about things I did and said before that, I have no recollection of them.

A friend of mine, whom I have never met, who lives about 1,000 miles away, says that she can remember things as an infant. That amazes me.

I thimk I had to be 5 or 6 as far as when my earliest memories occurred (middle 1960s) because some time later, which was long enough for me to have memories of being in the city where that first memory happened for some time, so I would say it was probably at least a year or more later, our family moved from Wisconsin to Miami and I remember living in a trailer park there. At the time I was there I was about 7 so that's how I date the first memory I ever had.

I remember how there was a little kid there in the trailer park, a neighbor at another trailer - little kid meaning he was younger than I was, probably no more than 4 or 5 - and how I would make him laugh by using swear words. The thing was, he knew they were swear words, which is why he would laugh at them, and while I kind of knew that they were classed as such, it would not be until some time later - maybe years, I'm not sure - that I would be able to "feel" that they were and recognize them as such.

So knowing that event happened when I was 7 allows me to date the first memory of my existence at least a year or two before that.

Paul Robinson <postmaster@paul.washington.dc.us>
http://paul.washington.dc.us
Among other things, "A Philosopher, Computer Programmer, and Notary Public in and for the Commonwealth of Virginia."
"Above all else... We shall go on..."
"And continue!"

I think the first thing I remember was the stars on a bottle of soda - cream soda I do believe - these were 4-point stars, I distinctly remember that. I remember them as white paint on a clear glass bottle.

As a programmer I would say that was when I was instantiated. (As a "child" process. Pun intentional!)

As a philosopher I would say that's when I remember coming into existence, because while people tell me about things I did and said before that, I have no recollection of them.

A friend of mine, whom I have never met, who lives about 1,000 miles away, says that she can remember things as an infant. That amazes me.

I thimk I had to be 5 or 6 as far as when my earliest memories occurred (middle 1960s) because some time later, which was long enough for me to have memories of being in the city where that first memory happened for some time, so I would say it was probably at least a year or more later, our family moved from Wisconsin to Miami and I remember living in a trailer park there. At the time I was there I was about 7 so that's how I date the first memory I ever had.

I remember how there was a little kid there in the trailer park, a neighbor at another trailer - little kid meaning he was younger than I was, probably no more than 4 or 5 - and how I would make him laugh by using swear words. The thing was, he knew they were swear words, which is why he would laugh at them, and while I kind of knew that they were classed as such, it would not be until some time later - maybe years, I'm not sure - that I would be able to "feel" that they were and recognize them as such.

So knowing that event happened when I was 7 allows me to date the first memory of my existence at least a year or two before that.

Paul Robinson <postmaster@paul.washington.dc.us>
http://paul.washington.dc.us
Among other things, "A Philosopher, Computer Programmer, and Notary Public in and for the Commonwealth of Virginia."
"Above all else... We shall go on..."
"And continue!"

The flaw in your logic is pretty easy. You don't run a business that is BASED off a database on retail quality IDE drives you buy at bestbuy.

Were talking high speed SCSI drives .. in a type 5 raid at LEAST ! if not redundant raids.

On a professional development platform (the kind you have to pay for .. not MySql) Backups, system admin salaries, DBA salaries etc.

You don't run a game that is expected to get over a million subscribers in the first 3 months, on your brothers old 486 tripped out to run linux with a spare parts from your friends.

If this is supposed to produce a million customers over a three-month period, either it produces something in the neighborhood of $10 million a month if it charges out at $10 a month, or it produces in the neighborhood of $10 million a year if it's $10 a year. All up-front cash since the customer pays when he signs up. For that kind of money, either build the place to support the load or close down, refund the customer's money and stop complaining. You don't underfund the necessary equipment to run an operation then complain how you can't run it successfully on less than was necessary to operate it in the first place. That's whining and that's exactly what he's doing. Do it right, make it right, or admit you can't and close up.

Not when every single MINUTE of downtime costs you money (just in Customer Service costs alone .. let alone lost revenue and PR to counteract the negative experience.)

48,000 customers won't even cover the number of copies shipping to california i bet :P

Of course .. Ralf's point about service size (which is only a SMALL part of this decision) is scaleability. They have to project over a 5-7 year period. and growth in that time .. So .. conservitaly , if they are expecting 1 million accounts in the first year .. they could concievably need space for 4 million accounts over a 7 year life.

If you have ever worked in a professional big business position .. you know how hard it is to get funding 1/2 way through a project - no matter HOW important or sucessful it has been.

Paul Robinson <postmaster@paul.washington.dc.us>

People who always say "well IDE drives are cheap, just buy a cheap computer and stack it with drives" proves they have never put together or been around real servers.

That may be fine for your little box sitting in your apartment that you use for ftp and telnet when you are away or serving the occasional web page, but for real life servers that actual need high performance and long uptime that just won't cut it.

In my example I proposed the idea of running dual mirrored machines as RAID boxes. Are you trying to tell me that two identical machines running on an operating system that, according to the published reports, provides uptime reliability measured in years between reboots other than for planned outages is inadequately reliable for most transactional based systems? Then make it 4 machines, or 6 or 8 or whatever is reasonable.

There are two ways to increase reliability. One is to harden the system to prevent failure by building expensive boxes of extremely high reliability, with redundant components, dual processors, dual power supplies, etc. The other is to reduce the complexity of the system so that any particular failure at any point does not compromise the system.

Maybe I am wrong, but let's consider the cost of setting up a system consisting of 16 cheap computers each on a separate UPS, each containing a single inexpensive 60 billion byte drive and a gigabit network card, so that the system represents 4 of each drive group mirroring all the data sent to that group, doesn't that then provide the equivalent of 4 x 60 billion bytes, or 480 GB of storage, with at least four times the reliability (since you now have to have 4 boxes all simultaneously fail before any one "drive" is out of service, and each one only has to respond to 25% of the read requests for that group) at a fraction of the cost of a more expensive system that it in and of itself supposedly more reliable? Further, I think it's even more reliable since you can conceivably continue to operate, even in degraded mode, until 15 of the boxes fail which I do believe the possibility of failure only grows linearly while reliability grows exponentially as more machines are added.

A specific example of this is in the use of birth control. Any of the usual methods, pills, barriers, or chemicals, might have a 1-3% failure rate, i.e. 3 in 100. So, if a woman uses two forms of contraception, say diaphragm and foam together, the worst failure rate goes from 3 in 100 (3%) to 9 in 10000 (0.009%). If she can talk the guy into also using a condom, the failure rate is now 27 in 1,000,000 (0.000027%). Increase the number of things that have to fail to cause catastrophe and the reliability rate goes up.

I was giving a gross example where you can do the job with inexpensive equipment. So I could be wrong on some of the figures. So maybe it's a bit more expensive. But I do believe you can do this sort of thing successfully with the kind of setup I was talking about for less than $5,000 in any case. And remember, what I talking about here was moving the disk space to inexpensive mirrored servers, I said nothing about the transaction server(s).

So if you wouldn't recommend Linux (or BSD or any of the other similar items) what would you recommend? I would like to learn something here if I am wrong, please explain to me how this isn't going to work. I would like to know because I do want to understand and as I understand, this seems to be the most cost effective way to do this. I could be wrong and I'd like to understand more.

"If it takes as much as 10 megabytes per user (and that's a hell of a lot of space to store character data, and probably isn't anywhere near that much), you can host 48,000 customers with mirrored disk drives for a one-time cost of about $2K."

Again, obviously not understanding how a real life server works. If you want quality and something that will scale really well you need to pay for it, Linux ain't it.

Database tables can get rather large when you add in indexes and linking all the tables together. Its not just a text file list.

I've worked with databases where the base system, with no data, just empty tables and stored procedures, ran in excess of 100 megabytes. I am saying that I think a factor of 10 megabytes average space per user is a lot of space. But maybe I'm wrong so let me see. If you figure a index key per record at being perhaps 16 bytes, and maybe you have 500 tables, and each table perhaps uses an average of 3, no let's say 5 links per record, and lets say the user has, oh, say, 50 records each in the system, that's 500x50x5x16 means you need about 2 megabytes for the indexes for each user. If you use normalized databases you might use maybe 2K per record based on trying not to repeat data except where needed for performance, so you need 5000K or 5 meg for the user's data. Add into that perhaps 3 meg for image data, and you have the 10 megabytes I estimated as a lot of space.

Okay, then, I was wrong on it being a lot of space. Make it 20 meg average per user and cut my estimates in half or double the cost.

If I am wrong on some of these numbers, please enlighten me so that when I make a statement in the future I will have the correct numbers and be able to justify my estimates as I am trying to do now, using my best estimates from my own experience in programming and database management. I know I do not know everything. But I can make educated guesses and perhaps, if someone else knows more than I do they can give me information to allow me to learn where I have made assumptions not backed up by real-life data.

And I wasn't figuring that to be a lifetime cost, I was figuring that based on the estimated 3 year life-span that an IDE disk is expected to have. If you have 48,000 customers each paying $10 a month to use the service - which is what I think many of these are doing - that's $480,000 a month, which is a lot of money. Based on usual cost figures of 50% for labor cost, this gives you $240,000 a month for salaries, $24,000 a month for G&A, (general and administrative ovehead) and perhaps another $48,000 a month for maintenance and equipment, and maybe another $12,000 a month for the Internet connections over multiple . This leaves in the neighborhood of $324,000 in costs which may be high. That means there is, or should be, something in the neighborhood of $100,000 a month to pay back the investors. As there are more people taking the service, it produces more income.

If the service is only being paid $10 a year, then you can run it through automated sign ups and buy managed hosting, and increase the amount of hosting as more people use the service.

The point I am making is that if you want to run a successful business you run it as an investment. You put some money in as initial capital, in the amounts necessary to get it started, according to what is reasonable to make it operational, and you expect it to eventually return cash in order to build up to larger capacities, and if it can't, you either make it pay or you close it. You do not complain that the costs of running the business make it non-economic. Then you're just whining, and as far as I can see that's exactly what he is doing, whining about how much it costs to run the operation instead of working with what you can afford and building it up as it produces an income stream.

To me it sounds suspiciously like it was expected they could just throw some money into this - probably less than it should have had - and expect it to have immediate huge cashflow and huge returns, and when it didn't they were disappointed. It don't work that way. A successful investment means you start it small, and allow the business to grow itself.

I think someone once said that those who become emotional over their investments soon end up losing money over them. And his sort of whine sounds suspiciously like emotionalism.
Paul Robinson <postmaster@paul.washington.dc.us>