Credit risk profiling is part of my job and these models do indeed wok. Unfortunately, they need large sample sizes to be effective. Unless the UKBA has intercepted more than 1,000 terrorists about to jump on a plane, I'd be very sceptical indeed.
Another big concern is that these models all assume that the future is the same as the past. Feeding the model data on Islamic terrorists isn't likely to help you detect extreme right nationalist groups, for example. As conflict moves around the world, there's a risk that the model will find last year's terrorist-turned-nobel-peace-prize-winner and completely ignore the perpetrator of next year's atrocity.
In the UK, the Information Commissioner has for many years routinely fined any company that loses an unencrypted laptop - even, in one famous case, where the laptop was stolen in a burglary at an employee's own home. It's unheard of for any large organisation over here to _not_ have encryption on all portable devices.
I'm gobsmacked that NASA has been so slack.
Excel is a case in point. Used by tens of millions of non-technical users, and at the heart of almost every business in the western world. And it's a graphically presented array of command lines.
No-one is forcing you to travel there. No-one has an intrinsic right to visit the States in any case. As EU citizens, when you or I travel to the USA, we're effectively guests of that country. The USA extends very wide-ranging freedoms to its guests - unlike many governments that don't believe in freedom at all - including the right to travel freely and anonymously, the right to speak freely and to criticise the government, and the right to go about your life without government interference. Unfortunately, those rights can be and have been abused by some visitors to engage in activities that threaten the lives and freedom of American citizens. There should therefore be no surprise that the US government wants to take steps to ensure that it only extends those freedoms to visitors that are not intent on harm. You might argue that their methodologies are ineffective, but I'd like to hear the alternatioves that you would suggest yourself.
I hope my own British government also takes the strongest practicable steps to protect our own borders from undesirable aliens. I would certainly prefer some innocent foreigners to be accidentally barred from the UK than see genuine enemies of our state being unintentially admitted. Given the level of international travel that is a wonderful feature of our age, an intelligence-led solution is the only workable approach. It's not nice, but it's the lesser of the available evils.
I have absolutely no qualms about continuing to visit the USA. I'm much more concerned about the freedoms that the American government continually seeks to take away from me while I'm still in Europe, usually in defence of its commercial interests rather than the safety of its population - I'm thinking of American pressure on European intellectual property law, extradition treaties and legislation like Sarbanes-Oxley, for example.
It's not about preconceived notions: most scientific examinations of GM don't ask the right questions. Few people doubt that the current generation of GM foods are probably safe to eat and probably don't cause massive environmental harm. But some rather more relevant questions are:
- Can we rely on the integrity of the people who will test the next generation of crops and do we have sufficient controls in place to prevent biased testing
- Are the risks of GM food - however small they may be - borne by the people who profit from the technology? If not, how do we address this fundamental disconnect?
- What are the long term risks of reducing genetic diversity amongst our food crops? Does it make us more vulnerable to unexpected, intercontinental crop failures or reduce our ability to cope with climate change?
- What are the social, economic and geopolitical consequences of making third world farmers dependendend on multinational companies?
- What are the social, economic and geopolitical consequences of the planet's primary food sources being subject to patent controls?
I'm not comfortable that any of these questions have been properly addressed.
No one has access except you because you keep your phone and PC confidential? Maybe... except your partner. Except your partner's hi-tech friends. Except your practical-joking mates. Except your kids. Except your stepkids. Except your fosterkids who plan to file a false report with their social worker. Except your kids' friends when you're down the pub. Except the chap who nicked your phone when you were in the pub. Except your housekeeper, if you have one. Except your employer, if it's a corporate phone. Except the guys at the Genius bar when it breaks. Except the police, when you're stop-and-searched. Except the Al Quaeda cell that have been targeting you as a member of the police / military / government and nicked your phone. Except the unscrupulous private detective hired by a journalist writing a story about your private life if you're a public figure. Except US immigration, and UK immigration, and everywhere else's immigration. Except the guy who put a Trojan on your PC. Relax! What could possibly go wrong?
But if you fly fairly often (say, 50,000 miles a year or more) for work etc., then the traditional carriers start making a lot more sense - mainly because they do have multiple classes, perks programs etc.
All the frequent flier perks that you describe - priority boarding, advance seat booking, etc - are basically queue jumping. That's great for the jumper, but it makes service worse for evereyone else, and that's why the traditional airlines are so bad for most leisure travellers. With the low-cost model, everyone is equal, so I'm not a second class citizen waiting to be pushed aside to make room for the favoured few.
Under the DPA, there's an arcane difference between data controllers and data processors. ACS:Law would almost certainly have beome a controller of this data, so Sky's responsibility would have ended once it was securely transferred.
A particular problem for ACS:Law is that the DPA places additional safeguards around sensitive data, which includes sexual orientation and practice. Data that allegedly describes individuals' pornography viewing habits almost certainly falls within that definition, and deserves particular security measures. The ICO is right to be incandescent with rage.
I just finished reading a book to my son that originally belonged to my great-great grandfather. Apart from it being a great story, it was humbling to join in a family tradition that has survived 6 generations.
What's the chance of a DRM'd Kindle ebook still being readable in 150 years?
No report that I've read suggests that 7-Eleven will be punished for this, even though they were self-evidently negligent with their customers' data - SQL injection vulnerabilities would by uncovered by any perfunctory peer review, security review or penetration test. In the UK, they'd be looking at a huge fine from the Office of the Information Commissionerfor this.
It also throws the whole PCI/DSS scheme into question. If PCI means anything, a company that demonstrates an attitude to security that's this relaxed should immediately have their right to process cards payments withdrawn by their sponsoring bank.
Two factors that need to be taken into account in country comparisons are the average circulation life of a note and the highest value coin in common circulation; both factors have a major effect on the number of times each note will be handled. My experience of travelling to the US is that elderly, scruffy notes are much more common than here in the UK, probably because we have only three values of note in wide circulation, two of which are distributed by all cash dispensers. Worn out currency is therefore quickly replaced. Also, our largest coin - £2 or $3.20 - is big enough to ensure that a huge number of day-to-day transactions (newspapers, sandwiches, public transport fares, etc) are made entirely with coins. Once a transaction is big enough to need paper money, it's often large enough for a credit card to be preferred. Our notes are therefore handled by far fewer people than dollar bills.
I'm not sure if you're citing PCI rule to say that the requirements are too strict or because you think most people ignore them, but I'll bite anyway. You might be right that PCI is commonly ignored (it's a contractual requirement, not a regulatory one, so the risk of non-compliance is much lower than with other data protection rules), but IMV, the requirements are pretty sensible.
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Err.. quite tricky when your machine is a virtual host that you're accessing over the Internet. Whatever firewall you set up, _you_ need to have a way around it. Very few people bother with VPNs or the like; most virtual hosting packages I've seen have FTP and other services open to all. This seriously compromises its security.
If your hosting package doesn't allow you decent control over the firewall, it has no place in an ecommerce platform.
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Most web development companies I've worked with always want to transfer data around over unencrypted FTP, often including database backup files. The chances are, if you have a subcontractor handling your e-commerce web site, they're violating this requirement on a regular basis.
Use a different web development company. I'd be unlikely to want to deal with any developer who ever suggested FTP for the transfer of important data.
Requirement 5: Use and regularly update anti-virus software
Oh, yeah. Everyone has antivirus installed on their web servers. Wait... you mean they don't? What's this Linux thing?
If Linux and Windows boxes share the same network, you should run anti-virus software everywhere.
Requirement 6: Develop and maintain secure systems and applications
Ha!
Yup. Have coding standards, peer review of code, formal test and release cycles, segregation of duties between ops and dev staff, a viciously strict regression test cycle and systematic testing for SQL injection, cross-site scripting, etc. It's not rocket science.
Requirement 9: Restrict physical access to cardholder data
Somewhat difficult when you're not hosting the system yourself, so this requirement can only be met by less than 1% of e-commerce retailers out there.
Your contract with your hosting prvider should address these security issues - in fact, they should be able to confirm that they're PCI compliant themselves. If they can't demonstrate that physical access to data, including backup tapes, is properly controlled, you need another hosting company.
Requirement 11: Regularly test security systems and processes
When was the last time you performed a penetration test on your network?
We schedule frequent (but deliberately irregular so that our ops guys don't know what's coming) internal and external penetration tests. I'm appalled that anyone one should consider building an ecommerce platform with commissioning pen testing.
We're not required to be PCI compliant, but I know we'd pass a PCI audit with very little difficulty. The standards simply reflect good practice, and we aren't interested in being second rate.
I can't give a legal answer for US companies, but its my job to consider questions like this for a UK based financial services business. Google's applications are essentially the same as any other outsourced services, and UK law is based on the premise that you can outsource activity but you can't outsource responsibility.
What this essentially means is that a UK business is expected both to have a legally enforceable set of data protection contract terms and to have conducted a risk assessment supported, where appropriate, by a detailed appraisal of the outsourcer's policies, procedures and practices. FWIW, the conclusion that I've drawn is that Google apps are completely unuitable for any UK business that processes customer data, as there is no guarantee that the data will remain in the EEA (European Economic Area) or another country that has equivalent data protection principles enshrined in law. UK business are not allowed to process personal data in the USA without express customer consent because its data protection laws fall short of ours.
Or do you get the refund and the option to continue to use the OS? Surely Amazon isn't tied all the way back through ASUS to Microsoft's licensing servers.
That's fine if you have no personal integrity. The rest of us might have a problem.
So... you'd rather your developers be 10x less productive (without quick google searches)? I say the key to security is to -trust- your employees. Yes, once in a while you get jerks stealing stuff, but, eh, paranoid security can cripple your company quicker than a crooked employee.
Speaking as a senior manager in financial services, I would: in my industry, the cost of a developer's time is small compared with the value of the systems and data that he works on. But I'd be very suspicious about an employee who told me that he'd be 10x less productive because his internet access was sandboxed.
i'd respectfully suggest that the kind of quant that refuses to play nicely with security policies is the kind of quant that I'd rather not employ. And as I'm the kind of guy who gets to decide who works in parts of a financial services company, I'd also respectfully suggest that the kind of quant who refuses to play nicely with that kind of policy will find his career and earnings opportunities somewhat constrained compared with the kind of quant who's prepared to fit in with company policy.
You don't need internet access that is in any way shared with your development work. Completely sandboxed internet access in a totally locked down thin client session might be OK, but you certainly don't need to be able to upload data to remote servers. If you think you do, you need to go and read up about segregation of duties.
But I don't expect you to agree. Your signature displays more about your attitude to the world than you perhaps realise.
I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?
Vendors never actually mean what they say. Here are the real reasons:
Apple won't support a codec that's incompatible with its huge installed base of ipods and iphones. They don't care about royalty fees because most Safari users pay for an OS X licence, and they want the free browsers to look sub-par compared with theirs.
Microsoft won't support a codec that makes the web more reliable for non-Windows users - especially Linux users. They don't care about royalty fees because all IE users pay for a WIndows licence, and they want the free browsers to look sub-par compared with theirs.
Google, Opera and Mozilla won't support anything that puts them at risk of needing to pay royalties on the huge number of free downloads they give away.
Nobody actually cares about end users or developers. If you think they do, you're kidding yourself.
Most consumers (not nerds) care about convenience, price and quality - in that order. DVD scored massively over VHS on convenience, the price premium was small and the quality improvement was a bonus. So DVD was a massive success.
Blu-ray is less convenient than DVD. Most blu-ray users have only one blu-ray player but several DVD players. If the kids want to watch a blu-ray movie, the parents get relegated to the small screen in the kitchen; result: unhappiness and no more blu-ray sales.
The massive price premium is a second problem: why would I pay so much more for something that's less convenient?
And, in the UK, the quality uplift isn't so important. PAL DVDs are higher quality than North American ones, so Blu-ray offers less of an improvement. Also, we have smaller houses and smaller TV sets - almost all of my friends have bought LCD or plasma sets in the past few years, but very few have gone above 32" as that's the largest size that fits comfortably in the fireside alcove of a traditional UK propety.
I can't see blu-ray ever reaching a mass market. It'll be obsolete before it reaches critical mass.
So you're saying that following the directions displayed when you open the.dmg and dragging the application icon to the applications folder is too hard to figure out? (Shakes head)
Remind me never to ask you for advice! "You stupid idiot. Why didn't you know how to do it before you asked me!" As it happens, I couldn't find any instructions in the.dmg file. And it never occured to me to drag it to the Applications folder until I'd done a pile of googling - why would I want to do that?
I do use OS X, and there are two reasons that Linux is easier.
First, you don't have to find and download or, usually, purchase the application. Personally, I hate installing code from a random site when I have no way of knowing that the site owner is trustworthy or competent.
Second, OS X's approach is far from intuitive. When I first used OS X, it took me a LONG time to work out how to turn my downloaded Firefox disk image into a normall application that appeared in Finder and the dock but not the desktop. Call me stupid if you want, but I'm sure my Dad wouldn't have sussed it out either.
One problem with estimating Linux desktop market share is there's no one definition of market share. Is that worldwide share, English-speaking world share or USA share? Is it a share of operating system licence revenues, support revenues, the cost of hardware on which Linux is installed or is revenue irrelevant? If it's usage-based, do you count physical machines or virtual machines? Does it matter how much a machine is used; if so, do powered-up unattended desktops count? Or is web usage the best metric? If so, should you include non-PC web usage: phones, games consoles and the like?
There's no one answer because there's no one question. So, as with many statistics, you need to choose a proxy measure with some care and pay more attention to trends than to absolute numbers. Like the original article, I incline to the view that Net Applications' data presents a measure (hits to websites that are usually commercial and US based) that provides an unusually low estimate of Linux usage. However, Net Applications has provided consistently measured data for some years, so its analysis is extremely valuable. And the trend is clear - Linux is consistently growing in popularity and, in percentage terms, it's growing dramatically quickly.
It's obviously been a while since you used Linux. Pretty much any software can be installed with a few mouse clicks unless you're using a specialised distro - in which case you presumably know what you're doing.
I'll use ubuntu as an example. Nine times out of ten, you simply choose 'Add/remove programs' from the Applications menu, select your software and watch it install. If, perchance, the software isn't distributed by Canonical, you simply click on the.deb package in Firefox and it'll install automatically. Finally, some software - particularly browser plug ins and codecs - will install themselves automatically on demand
This is all very much easier than software installation under Windows or OSX.
Slashdot Mirror
Credit risk profiling is part of my job and these models do indeed wok. Unfortunately, they need large sample sizes to be effective. Unless the UKBA has intercepted more than 1,000 terrorists about to jump on a plane, I'd be very sceptical indeed.
Another big concern is that these models all assume that the future is the same as the past. Feeding the model data on Islamic terrorists isn't likely to help you detect extreme right nationalist groups, for example. As conflict moves around the world, there's a risk that the model will find last year's terrorist-turned-nobel-peace-prize-winner and completely ignore the perpetrator of next year's atrocity.
In the UK, the Information Commissioner has for many years routinely fined any company that loses an unencrypted laptop - even, in one famous case, where the laptop was stolen in a burglary at an employee's own home. It's unheard of for any large organisation over here to _not_ have encryption on all portable devices. I'm gobsmacked that NASA has been so slack.
Excel is a case in point. Used by tens of millions of non-technical users, and at the heart of almost every business in the western world. And it's a graphically presented array of command lines.
No-one is forcing you to travel there. No-one has an intrinsic right to visit the States in any case. As EU citizens, when you or I travel to the USA, we're effectively guests of that country. The USA extends very wide-ranging freedoms to its guests - unlike many governments that don't believe in freedom at all - including the right to travel freely and anonymously, the right to speak freely and to criticise the government, and the right to go about your life without government interference. Unfortunately, those rights can be and have been abused by some visitors to engage in activities that threaten the lives and freedom of American citizens. There should therefore be no surprise that the US government wants to take steps to ensure that it only extends those freedoms to visitors that are not intent on harm. You might argue that their methodologies are ineffective, but I'd like to hear the alternatioves that you would suggest yourself.
I hope my own British government also takes the strongest practicable steps to protect our own borders from undesirable aliens. I would certainly prefer some innocent foreigners to be accidentally barred from the UK than see genuine enemies of our state being unintentially admitted. Given the level of international travel that is a wonderful feature of our age, an intelligence-led solution is the only workable approach. It's not nice, but it's the lesser of the available evils.
I have absolutely no qualms about continuing to visit the USA. I'm much more concerned about the freedoms that the American government continually seeks to take away from me while I'm still in Europe, usually in defence of its commercial interests rather than the safety of its population - I'm thinking of American pressure on European intellectual property law, extradition treaties and legislation like Sarbanes-Oxley, for example.
It's not about preconceived notions: most scientific examinations of GM don't ask the right questions. Few people doubt that the current generation of GM foods are probably safe to eat and probably don't cause massive environmental harm. But some rather more relevant questions are:
- Can we rely on the integrity of the people who will test the next generation of crops and do we have sufficient controls in place to prevent biased testing
- Are the risks of GM food - however small they may be - borne by the people who profit from the technology? If not, how do we address this fundamental disconnect?
- What are the long term risks of reducing genetic diversity amongst our food crops? Does it make us more vulnerable to unexpected, intercontinental crop failures or reduce our ability to cope with climate change?
- What are the social, economic and geopolitical consequences of making third world farmers dependendend on multinational companies?
- What are the social, economic and geopolitical consequences of the planet's primary food sources being subject to patent controls?
I'm not comfortable that any of these questions have been properly addressed.
No one has access except you because you keep your phone and PC confidential? Maybe... except your partner. Except your partner's hi-tech friends. Except your practical-joking mates. Except your kids. Except your stepkids. Except your fosterkids who plan to file a false report with their social worker. Except your kids' friends when you're down the pub. Except the chap who nicked your phone when you were in the pub. Except your housekeeper, if you have one. Except your employer, if it's a corporate phone. Except the guys at the Genius bar when it breaks. Except the police, when you're stop-and-searched. Except the Al Quaeda cell that have been targeting you as a member of the police / military / government and nicked your phone. Except the unscrupulous private detective hired by a journalist writing a story about your private life if you're a public figure. Except US immigration, and UK immigration, and everywhere else's immigration. Except the guy who put a Trojan on your PC. Relax! What could possibly go wrong?
But if you fly fairly often (say, 50,000 miles a year or more) for work etc., then the traditional carriers start making a lot more sense - mainly because they do have multiple classes, perks programs etc.
All the frequent flier perks that you describe - priority boarding, advance seat booking, etc - are basically queue jumping. That's great for the jumper, but it makes service worse for evereyone else, and that's why the traditional airlines are so bad for most leisure travellers. With the low-cost model, everyone is equal, so I'm not a second class citizen waiting to be pushed aside to make room for the favoured few.
Under the DPA, there's an arcane difference between data controllers and data processors. ACS:Law would almost certainly have beome a controller of this data, so Sky's responsibility would have ended once it was securely transferred. A particular problem for ACS:Law is that the DPA places additional safeguards around sensitive data, which includes sexual orientation and practice. Data that allegedly describes individuals' pornography viewing habits almost certainly falls within that definition, and deserves particular security measures. The ICO is right to be incandescent with rage.
I just finished reading a book to my son that originally belonged to my great-great grandfather. Apart from it being a great story, it was humbling to join in a family tradition that has survived 6 generations.
What's the chance of a DRM'd Kindle ebook still being readable in 150 years?
...why I no longer buy and am never likely again to buy any products made by Apple.
No report that I've read suggests that 7-Eleven will be punished for this, even though they were self-evidently negligent with their customers' data - SQL injection vulnerabilities would by uncovered by any perfunctory peer review, security review or penetration test. In the UK, they'd be looking at a huge fine from the Office of the Information Commissionerfor this.
It also throws the whole PCI/DSS scheme into question. If PCI means anything, a company that demonstrates an attitude to security that's this relaxed should immediately have their right to process cards payments withdrawn by their sponsoring bank.
Two factors that need to be taken into account in country comparisons are the average circulation life of a note and the highest value coin in common circulation; both factors have a major effect on the number of times each note will be handled. My experience of travelling to the US is that elderly, scruffy notes are much more common than here in the UK, probably because we have only three values of note in wide circulation, two of which are distributed by all cash dispensers. Worn out currency is therefore quickly replaced. Also, our largest coin - £2 or $3.20 - is big enough to ensure that a huge number of day-to-day transactions (newspapers, sandwiches, public transport fares, etc) are made entirely with coins. Once a transaction is big enough to need paper money, it's often large enough for a credit card to be preferred. Our notes are therefore handled by far fewer people than dollar bills.
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Err.. quite tricky when your machine is a virtual host that you're accessing over the Internet. Whatever firewall you set up, _you_ need to have a way around it. Very few people bother with VPNs or the like; most virtual hosting packages I've seen have FTP and other services open to all. This seriously compromises its security.
If your hosting package doesn't allow you decent control over the firewall, it has no place in an ecommerce platform.
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Most web development companies I've worked with always want to transfer data around over unencrypted FTP, often including database backup files. The chances are, if you have a subcontractor handling your e-commerce web site, they're violating this requirement on a regular basis.
Use a different web development company. I'd be unlikely to want to deal with any developer who ever suggested FTP for the transfer of important data.
Requirement 5: Use and regularly update anti-virus software
Oh, yeah. Everyone has antivirus installed on their web servers. Wait... you mean they don't? What's this Linux thing?
If Linux and Windows boxes share the same network, you should run anti-virus software everywhere.
Requirement 6: Develop and maintain secure systems and applications
Ha!
Yup. Have coding standards, peer review of code, formal test and release cycles, segregation of duties between ops and dev staff, a viciously strict regression test cycle and systematic testing for SQL injection, cross-site scripting, etc. It's not rocket science.
Requirement 9: Restrict physical access to cardholder data
Somewhat difficult when you're not hosting the system yourself, so this requirement can only be met by less than 1% of e-commerce retailers out there.
Your contract with your hosting prvider should address these security issues - in fact, they should be able to confirm that they're PCI compliant themselves. If they can't demonstrate that physical access to data, including backup tapes, is properly controlled, you need another hosting company.
Requirement 11: Regularly test security systems and processes
When was the last time you performed a penetration test on your network?
We schedule frequent (but deliberately irregular so that our ops guys don't know what's coming) internal and external penetration tests. I'm appalled that anyone one should consider building an ecommerce platform with commissioning pen testing.
We're not required to be PCI compliant, but I know we'd pass a PCI audit with very little difficulty. The standards simply reflect good practice, and we aren't interested in being second rate.
I can't give a legal answer for US companies, but its my job to consider questions like this for a UK based financial services business. Google's applications are essentially the same as any other outsourced services, and UK law is based on the premise that you can outsource activity but you can't outsource responsibility.
What this essentially means is that a UK business is expected both to have a legally enforceable set of data protection contract terms and to have conducted a risk assessment supported, where appropriate, by a detailed appraisal of the outsourcer's policies, procedures and practices. FWIW, the conclusion that I've drawn is that Google apps are completely unuitable for any UK business that processes customer data, as there is no guarantee that the data will remain in the EEA (European Economic Area) or another country that has equivalent data protection principles enshrined in law. UK business are not allowed to process personal data in the USA without express customer consent because its data protection laws fall short of ours.
Or do you get the refund and the option to continue to use the OS? Surely Amazon isn't tied all the way back through ASUS to Microsoft's licensing servers.
That's fine if you have no personal integrity. The rest of us might have a problem.
So... you'd rather your developers be 10x less productive (without quick google searches)? I say the key to security is to -trust- your employees. Yes, once in a while you get jerks stealing stuff, but, eh, paranoid security can cripple your company quicker than a crooked employee.
Speaking as a senior manager in financial services, I would: in my industry, the cost of a developer's time is small compared with the value of the systems and data that he works on. But I'd be very suspicious about an employee who told me that he'd be 10x less productive because his internet access was sandboxed.
i'd respectfully suggest that the kind of quant that refuses to play nicely with security policies is the kind of quant that I'd rather not employ. And as I'm the kind of guy who gets to decide who works in parts of a financial services company, I'd also respectfully suggest that the kind of quant who refuses to play nicely with that kind of policy will find his career and earnings opportunities somewhat constrained compared with the kind of quant who's prepared to fit in with company policy.
You don't need internet access that is in any way shared with your development work. Completely sandboxed internet access in a totally locked down thin client session might be OK, but you certainly don't need to be able to upload data to remote servers. If you think you do, you need to go and read up about segregation of duties.
But I don't expect you to agree. Your signature displays more about your attitude to the world than you perhaps realise.
I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?
Vendors never actually mean what they say. Here are the real reasons:
Apple won't support a codec that's incompatible with its huge installed base of ipods and iphones. They don't care about royalty fees because most Safari users pay for an OS X licence, and they want the free browsers to look sub-par compared with theirs.
Microsoft won't support a codec that makes the web more reliable for non-Windows users - especially Linux users. They don't care about royalty fees because all IE users pay for a WIndows licence, and they want the free browsers to look sub-par compared with theirs.
Google, Opera and Mozilla won't support anything that puts them at risk of needing to pay royalties on the huge number of free downloads they give away.
Nobody actually cares about end users or developers. If you think they do, you're kidding yourself.
Most consumers (not nerds) care about convenience, price and quality - in that order. DVD scored massively over VHS on convenience, the price premium was small and the quality improvement was a bonus. So DVD was a massive success.
Blu-ray is less convenient than DVD. Most blu-ray users have only one blu-ray player but several DVD players. If the kids want to watch a blu-ray movie, the parents get relegated to the small screen in the kitchen; result: unhappiness and no more blu-ray sales.
The massive price premium is a second problem: why would I pay so much more for something that's less convenient?
And, in the UK, the quality uplift isn't so important. PAL DVDs are higher quality than North American ones, so Blu-ray offers less of an improvement. Also, we have smaller houses and smaller TV sets - almost all of my friends have bought LCD or plasma sets in the past few years, but very few have gone above 32" as that's the largest size that fits comfortably in the fireside alcove of a traditional UK propety.
I can't see blu-ray ever reaching a mass market. It'll be obsolete before it reaches critical mass.
So you're saying that following the directions displayed when you open the .dmg and dragging the application icon to the applications folder is too hard to figure out? (Shakes head)
Remind me never to ask you for advice! "You stupid idiot. Why didn't you know how to do it before you asked me!" As it happens, I couldn't find any instructions in the .dmg file. And it never occured to me to drag it to the Applications folder until I'd done a pile of googling - why would I want to do that?
I do use OS X, and there are two reasons that Linux is easier.
First, you don't have to find and download or, usually, purchase the application. Personally, I hate installing code from a random site when I have no way of knowing that the site owner is trustworthy or competent.
Second, OS X's approach is far from intuitive. When I first used OS X, it took me a LONG time to work out how to turn my downloaded Firefox disk image into a normall application that appeared in Finder and the dock but not the desktop. Call me stupid if you want, but I'm sure my Dad wouldn't have sussed it out either.
One problem with estimating Linux desktop market share is there's no one definition of market share. Is that worldwide share, English-speaking world share or USA share? Is it a share of operating system licence revenues, support revenues, the cost of hardware on which Linux is installed or is revenue irrelevant? If it's usage-based, do you count physical machines or virtual machines? Does it matter how much a machine is used; if so, do powered-up unattended desktops count? Or is web usage the best metric? If so, should you include non-PC web usage: phones, games consoles and the like?
There's no one answer because there's no one question. So, as with many statistics, you need to choose a proxy measure with some care and pay more attention to trends than to absolute numbers. Like the original article, I incline to the view that Net Applications' data presents a measure (hits to websites that are usually commercial and US based) that provides an unusually low estimate of Linux usage. However, Net Applications has provided consistently measured data for some years, so its analysis is extremely valuable. And the trend is clear - Linux is consistently growing in popularity and, in percentage terms, it's growing dramatically quickly.
It's obviously been a while since you used Linux. Pretty much any software can be installed with a few mouse clicks unless you're using a specialised distro - in which case you presumably know what you're doing.
I'll use ubuntu as an example. Nine times out of ten, you simply choose 'Add/remove programs' from the Applications menu, select your software and watch it install. If, perchance, the software isn't distributed by Canonical, you simply click on the .deb package in Firefox and it'll install automatically. Finally, some software - particularly browser plug ins and codecs - will install themselves automatically on demand
This is all very much easier than software installation under Windows or OSX.