I would like to point out that I think there should be at least some reward for people who take good care of themselves.
I like the idea of a Health Savings Account in conjunction with a High-Deductible Health Plan. The idea is that you contribute a limited amount annually to a special IRA. Each year, you pay (tax-free) for your medical care out of that IRA until you hit your deductible. Then, everything's free. Next year, you contribute the same limited amount, the deductible resets, wash-rinse-repeat.
The neat thing is that you benefit from leading a healthy lifestyle, but you're still covered in case of some catastrophic health issue.
One secondary effect of using an HSA is that it makes routine healthcare decisions economic decisions. I think that's a good thing. Others might not agree. But I suspect that if everyone used these things, the cost of healthcare would decrease. Just my opinion.
Totally agree - Hell, just exposing people to an explicitly multi-user system that strictly enforces least-privilege is a good thing! I'm sure that the majority of your headaches with security issues are due to the fact that most people (myself included) have developed some bad security habits when using their home PCs.
The scary thing is nowadays, your home PC is basically an alternate vault door to your damn bank account(s). If I didn't know better, didn't have an account password, and just clicked "Remember my Password," all the time because it was convenient, any thief breaking into my house, unattended repair/cleaning person, malicious visitor, asshole uncle, etc. would be able to basically send the contents of my checking account to wherever they wanted. They could sell my entire stock portfolio and make me buy a billion shares of pets.com (or whatever). They could max out my credit cards on Amazon and send themselves (or worse, *me*) a billion copies of "I Know Who Killed Me". I mean, if you think about it, the *best* thing that could happen in the case of someone breaking in to steal your stuff would be if they just *took* your computer (and all your other stuff, of course) to fence!
Crap. I just scared myself.
Anyway, back to the original issue (response to OP): This article is kind of older (2002). Japanese CS-types evaluated the use of a mouse-driven icon-based password for elementary school-aged children. I know it's not a simple answer, but if you're (really) bored some time maybe you could look around for a current implementation of this, or even code it up yourself.
Barring that, I'm a fan of the sentence-mnemonic idea. And if this girl is motivated enough to not want anyone to be able to screw with her computer, I think she'll be able to handle it.
Unfortunately, the summary makes entirely unsupported assertions, which you claim as support for yours. Did the person who wrote the summary actually read Microsoft's Open Specification Promise?
Before jumping up and down gleefully, those working on related open source efforts, such as OpenOffice, might want to take a very close look at Microsoft's Open Specification Promise to see if it seems to cover those working on GPL software; some believe it doesn't.
From MS's own mouth - and mind you that these quotes probably had to be vetted by a billion lawyer-types to ensure that MS wouldn't incur any sort of bizarre liability fifty years down the road by saying them. Based on what is said here, the only other thing that MS reserved is the ability to sue anyone who sues them for violating the patents that they already own, and are releasing to the public. That would be kind of like placing a legal disclaimer on your Halloween candy bowl: "Attention: You can all take as much candy from this bowl as you want, and I legally give up my right to prosecute anyone taking candy from this bowl of Theft, forever. But if any of you accuses me of Theft for eating candy from *my own candy bowl,* then I reserve the right to accuse that person (and *only* that person) of Theft, too." Here's a few pertinent excerpts:
Q: Is the Open Specification Promise intended to apply to open source developers and users of open source developed software?
A: Yes. The OSP applies directly to all persons or entities that make, use, sell, offer for sale, imports and/or distributes an implementation of a Covered Specification. It is intended to enable open source implementations, and in fact several parties in the open source community have specifically stated that the OSP meets their needs. Moreover there are already a significant number of implementations of Covered Specifications that have been created and/or distributed under a variety of open source licenses as well as under proprietary software development models. Because open source software licenses can vary you may want to consult with your legal counsel to understand your particular legal environment.
Q: Is this Promise consistent with open source licensing, namely the GPL? And can anyone implement the specification(s) without any concerns about Microsoft patents?
A: The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specification(s). We leave it to those implementing these technologies to understand the legal environments in which they operate. This includes people operating in a GPL environment. Because the General Public License (GPL) is not universally interpreted the same way by everyone, we can't give anyone a legal opinion about how our language relates to the GPL or other OSS licenses, but based on feedback from the open source community we believe that a broad audience of developers can implement the specification(s).
Q: I am a developer/distributor/user of software that is licensed under the GPL, does the Open Specification Promise apply to me?
A: Absolutely, yes. The OSP applies to developers, distributors, and users of Covered Implementations without regard to the development model that created such implementations, or the type of copyright licenses under which they are distributed, or the business model of distributors/implementers. The OSP provides the assurance that Microsoft will not assert its Necessary Claims against anyone who make, use, sell, offer for sale, import, or distribute any Covered Implementation under any type of development or distribution model, including the GPL. As stated in the OSP, the only time Microsoft can withdraw its promise against a specific person or company for a specific Covered Specif
Maybe MS does now want to move away from their old proprietary formats into new open ones. But the old formats were built over decades without that goal.
No argument there.
The summary also points out with links to why this release might not actually indicate MS is really releasing their formats to break with that past after all.
No. The article doesn't make that claim. That's your own interpretation. The overall intent of the article is simply to convey a few simple points:
1) Why the MS office document format is so crufty (minus conspiracy theories).
2) How to work *with* the Windows OS to use those documents.
3) How to use better, more open, alternatives to creating office documents.
Nothing in the article contradicts anything I said earlier.
I completely agree with your idea, but disagree with your interpretation of MS's intent.
The MS idea of "legacy to preserve" is based on MS marketing goals, which are not the same as actual user requirements.
Now, why would you preserve crufty code and file formats if you didn't have to? The only reason *I* can think of is to preserve backwards compatibility, which is a *major* user requirement!
How about this interpretation of MS's actions? They've offered an open, XML-based format for document storage. They've also just shared with us the old, crufty, proprietary formats they've historically used for document storage. I think they actually *want* to move away from their old proprietary methods and use an open format. They've clearly been reading the tea leaves and realize that a universal office document standard is in the works. All they're trying to do is make sure they're ready for it.
As far as OOXML vs. ODF, my guess is that they're pushing their own open document format because the alternative doesn't offer the functionality that their apps require, and if a universal standard is going to be adopted, they simply want it to be expressive enough to work with their applications.
OK, I see your point. I guess it depends on *what* it is that you've invented and are trying to sell. My experience has been a little different - a family member and I started manufacturing a part used in steel refining based on an innovative, patentable concept that, on paper, would be absolutely superior to the standard version. At the time, we weren't worried about the IP - we were something like $500K deep in startup costs, and we were just trying to sell the damn thing.
Ultimately, it worked out - but not quite how we thought. We weren't able to make the "innovative" concept work in trials, and we switched to manufacturing a product just like what everybody else was making, but a bunch cheaper - the companies we were competing with are *big*, but also not accustomed to actual competition. We were able to undercut them on price at a bunch of mills and eventually end up with enough sales to stay afloat.
I've since moved on to other things, and my family member is happily making these things, and in the black. Someday, he may go back and try the other design... (which *still* isn't patented)
Anyway, I guess my concept of patents was probably colored by my own experience, and also by one other thing: We rented space in a machine shop to make our product, and there was this other guy who rented some space next to ours. He was manufacturing some sort of prosthetic joint piece, and he had a patent, and the capacity to manufacture a buttload of them - in fact, he already *had* made a whole bunch of them. They worked great - I mean, the guy used it himself (he had lost a limb and I guess was sick of the problems with the standard prosthetics out there, and decided to make a better one). But instead of just selling the damn thing, he kept holding out for "the Big Contract," that would make him insanely rich overnight. He was always flying out to demo his product to all these huge companies, hoping they'd buy him out. One day, my partner asked him, "Why don't you just start selling them? I mean, they're clearly superior. Just put the damn things up for sale on eBay, or whatever!"
Anyways, this guy is now selling off his machines to pay his rent and pay off his debt while we're in the black. He still hasn't sold *one* of his product. I guess my feelings on patents are this - Patents are not lottery tickets. Anyone hoping to get-rich-quick off their idea through selling their patent is misusing the system. Good Ideas are free, and gee, everybody sure has them. But you've got to be willing to actually do the work to make your Good Idea a reality. Using patents as a shortcut to the payoff is lazy and reprehensible.
By purchasing patents, these patent trolls provide a market for patents which puts money in the hands of small time inventors, who don't have the resources to commercialize their inventions.
That's an interesting take on patent trolls. But it's kind of like a guitar player selling his guitar to pay for a kick-ass amp... Whoops.
Without a patent market, it would be more difficult for small inventors to get paid.
How about this instead? Just make and sell your damn invention. If it's that good, I should think you'd have no problem. Want to sell out, but just a little? OK, how about selling exclusive licensing rights to a bigger company for royalties? I don't know. It seems to me that there are a *lot* of other ways small inventors can profit from a good idea that *don't* include selling the exclusive rights to create their widget to a company who intends to not make the widget and just sue others who do.
Maybe this is an oversimplification, but if you don't intend to make the damn thing you want to buy the patent to, you shouldn't be allowed to buy it in the first place.
Ahem. Does anyone else see the parallel with the RIAA here? "Please, please, restrict access to the content that I make money providing! It's for The Children!"
Then once major search engines have fallen for the hoodwink, we'll see the rise of "Pornoogle.com" and "Yah-spew.com" porn search engines, which will, of course be "Free" (for a 30-day trial period, $29.95 per month thereafter).
No, the real issue is that the vast majority of art is not outstanding.
I think you missed my point. Outstanding or not, any work of art that is able to be experienced for free can't be used to generate money all by itself. In order to make money making art, you have to provide your customers with something valuable that they're willing to pay for. Unfortunately, simply experiencing your outstanding piece of artwork just doesn't count, unless it's something like a live concert or exhibit. There's also the purely snobbish value of *owning* a piece of tangible art, too.
Like you said, that's all moot unless what you've created is actually good. I'm not disputing that. My point is that, even if it's good, in today's age of freely distributable art, you *still* have to provide some other form of value in order to make money with your art. That, or depend on Government to make it illegal to freely distribute your art.
The same applies to all you "programming is creative" types. Yes, a small proportion of programming is "art".
The Programming-is-Art idea is ridiculous. The purpose of programming is *not* to produce godly-clever, aesthetically-pleasing snippets of code. It's to provide useful things to people. Sure, some piece of code that one writes could be clever and artful, but that's ultimately secondary to its actual purpose. I mean, construction workers do clever, artful things in the construction of a house. But that doesn't make their work *art*.
This whole discussion really points to the question of how do artists make a living? I mean, artists of all genres and media are creators of unique, valuable stuff. But I think the real issue is this:
The actual value of the act of simply creating art has always been exactly zero. (Ever read the book, "Making Money Making Music"? It's all about budgeting, hiring, firing, and performing. Nowhere does it mention, "Write a beautiful song and the world will throw money at you for your creation!") That reality has been recently exposed via technology: Once you make a movie/song/picture/painting and make it available to the world in whatever format, no matter how limited or constrained (i.e., DRM), it can and will be copied and made available to everyone, for free.
The traditional revenue model for artists has never involved the unquantifiable, intrinsic value of their art - The way people have made money making art has historically been to provide the service of seeing/hearing/experiencing their art. But now that the "admission price" to view or hear their creations is essentially free, there are only two rational ways to make money making art:
1) Come up with some other way to provide value to art consumers - Convenience (i.e., iTunes), uniqueness (i.e., live shows, or maybe signed prints), and quality (DVDs with neat box-sets and extra stuff, etc.) are three that come to mind immediately.
2) Make laws that require people to pay your "admission price."
I think that option #2 is kind of like the Little Dutch Boy.
On top of everything else, it's not necessarily even wrong.
Lemme replace the word "necessarily" with the word you meant to say: Possibly.
Anecdotal evidence amounts to "My Very Own Personal Experience, which my feelings tell me is true, and is also generalizable to ALL similar situations!" It doesn't prove anything.
If you're so bent on getting good data, by the way, you should know better than to blindly add up vulnerability announcement totals and call that analysis.
Hey, that's all the article and the supporting pdf had. If they had anything more tangible to work with, I'm sure they would have offered it. I was just using what they offered.
...experience tells me that 80% likely involves IE at 90 percent or better.
How is that a troll? He's stating the observation based on his experience.
It's a Troll because anecdotal evidence boils down to pretty much this: "That's what my personal experience leads me to *feel* is true, and here are some numbers (I made up) that *feel* right to quantify my *feelings*."
I did read the article and can't tell, either.... Funny articles are hesitant to spell out the distribution of vulnerabilities.
The linked pdf showed that Firefox had 36 critical security issues versus IE's 28.
Given that modern OSes protect against low-level access violations, I think you can answer your question by looking at the security fault type: 22 of IE's and 12 of FF's were memory corruption or buffer overrun issues, which I'm guessing ought to be caught by the underlying OS. FF had 11 Security Zone Bypasses, of which IE had none, and FF had 13 "Other" critical security issues, versus IE's 6.
Security Zone Bypass is just one type of an elevation of privilege attack. And "Other" doesn't really tell us much, but let's assume that all "Other" vulnerabilities are Bad.
FF, then, had 24 critical security issues that wouldn't necessarily be caught by modern OS memory protection schemes common to both Windows and Linux, to IE's 6.
Hey, I'm no MS fanboy, but the above is what I managed to take home from the article.
Several consumers are fools. We rarely do all our research before shopping.
I'm guilty of this myself. When I want something badly, I tend to shorten the shopping-around part of my economic decision. In doing so, I choose not to research that particular product further, and if I don't get the absolute lowest optimal price, then so be it! The time I spend looking for the cheapest price is time I've spent that I can't use for anything else.
Just because a given consumer doesn't get the Absolute Best Deal on a given transaction does not mean that they are a fool. Just human.
Getting back on topic, one thing I'm curious about is how Amazon handles doing business in states that don't allow businesses not to honor advertised pricing. I assume there are such laws somewhere. Most states have some form of consumer protection on the books. Getting it enforced, however...
This brings us back to my original point: Once a vendor explains to you that the given item's price is not what you thought it was, a thief would try to invoke a law that would force the vendor to exchange that item for a lower price than at which he or she would voluntarily exchange it. A fool wouldn't realize that what they were trying to do was wrong and fruitless, and keep at it.
Just because it's possible to sue someone for something doesn't necessarily mean you're right. In the spirit of the law, a contract is an agreement between two parties entered into by his or her free choice. A mistake in pricing on the part of the seller isn't a free choice - it's just a mistake.
The problem is that the simplicity of this situation is muddied by the fact that this transaction occurred via internet, where the seller isn't there at the cash register to tell you, "No, that price is wrong. If you choose not to buy it at the price I actually intended to sell it, sorry!"
Legal wrangling aside, look at the core issue here - pretend Amazon isn't a huge internet seller, but just a mom & pop store selling CDs and DVDs and Kindle books (he he). Would you still think it's right to sue Ma & Pa Amazon for a mistake like this?
No argument there. I think you hit on the key point of this issue, though:
But in those 4.99 DVD bins at Wal-Mart you never know what your going to find, since there's no list on the side w/what should and shouldn't be in there. so... yeah, I'd argue if it wasn't obviously the wrong thing or the wrong price.
The example in this article would be like finding, for example, all three seasons of Battlestar Galactica in the $4.99 DVD bin at Walmart. You *know* it doesn't belong there, and you'd have to be a fool or a thief to insist that it did.
Actually, this reminds me more of the people who stand at the register and argue with the manager, "But it was on the 99-cent rack, so you *have* to sell it to me for 99 cents!"
Fortunately, those people don't know about Slashdot yet...
Bottom line is that people in NYC want to feel safe from invisible threats like chemical, biological, and radiological contaminants - totally reasonable. So they buy threat-detection devices. So what? This law would be unnecessary if you managed to explain to the bulk of your population a few simple things, in conjunction with a different law:
1) The threat-detector you choose to buy does no good unless it actually works properly.
2) Here's a few off-the-shelf brands that we tested that work.
3) If you have another kind, bring it to us and we'll test and calibrate it to make sure it works properly.
4) But if you choose to falsely report a threat, or you choose to buy a possibly improperly-functioning detector and it causes a panic that results in harm to others, or causes the cops to expend resources unnecessarily, then we'll punish/fine you.
Different law, provides the same results, but it provides people with more choice.
Building infrastructure is part of the solution, but it's to improve reliability, not to reduce cost.
Well, if you left it up to private industry to do, the ultimate goal *would* be to reduce cost - the construction of new infrastructure, and the resultant reliability improvement would just be an emergent (and ultimately beneficial) side-effect.
Cost reductions come from better utilization of existing resources. You can't build infrastructure without raising cost
More correctly stated, you can't build infrastructure without expending resources. If it's the Government doing it, then, yeah, you'll definitely pay that cost through taxes. But if it's some corporate entity whose goal is profit, that expenditure of resources will be mitigated somehow (maybe dipping into profits or saved capital, maybe taking a loss, maybe borrowing capital), because for-profit companies have to both be mindful of our future needs (and, therefore, expand in ways that best meet those needs), but also be mindful of *today's* bottom line: If they can't provide a given service at a comparable price to their customers, they lose customers.
Even if you decide to spend money and build an entire new infrastructure, there will always be incentives to utilize it as efficiently as possible.
You're confused about the concept of "incentive." Positive Economic Incentive != Negative Government-Created "Incentive." A positive incentive is some reason to do something that's in your best interests, solely for that reason. The free-market creates those automagically through competition and depending on human nature. The kind of "incentive" you're talking about is actually the same incentive we offer for committing a crime - *don't* do this, or we'll penalize you. This type of incentive requires enforcement and administration (which require additional resources) to ensure it's effective.
OK so I think there are really three separate but related pieces to this discussion:
1) The total, over-time cost of using OOXML versus ODF (technology, training, support, and software upgrade costs).
2) The long-term effects on our ability to read and use business documents over long (in the IT scope, so maybe a decade) periods of time.
3) The actual capabilities, and the value they provide to current end users, of OOXML versus ODF.
To be honest, I'm most interested in the last one. Here's an assertion made in the original study:
Overall, ODF addresses only a subset of what most organizations do with productivity applications today.... ODF is insufficient for complex real-world enterprise requirements
TFA doesn't address this at all, and to be honest, this is kind of the most important thing - if ODF really doesn't fulfill the needs of its users, then the other two points are moot, because unless this isn't true, the necessary critical mass of users won't adopt ODF. Point is, the *first* thing that needs to be hashed out is whether or not ODF provides equal or greater capability for businesses to work with electronic documents than OOXML.
Yes, of course we can build more infrastructure, and we may have to, but that's not what TFA is about. TFA is about a solution to high peak loads.
And how is deregulating energy providers which would allow competitors to build infrastructure and provide alternatives to state-run energy providers not going to solve this?
Building more infrastructure (generation and transmission) is an expensive solution ... but only if you expect the government to do it. A private company who chooses to invest in infrastructure in order to improve their ability to deliver power more cheaply will have to be able to provide cheaper (or comparably-priced) energy to established companies, while growing the necessary infrastructure.
It's very unlikely that you'll ever be forced to participate in such a program against your will.
And this is the sort of naive, knee-jerk reaction that makes sense when you don't understand how government works.
By this logic, you shouldn't hire anybody who applies for a job.
Not at all. Plenty of good coders simply choose to not work for themselves, and contribute to a larger groups' effort. I mean, I think I'm a pretty good coder, and I think I have some really great ideas that might let me earn a living working for myself. But I also have no illusions that I'm *soo* good that my success (or even my ability to earn a living) is guaranteed.
My point was that if this person thinks they're really that good that he or she can write inexplicable code (which is next to worthless when working with others) that's so perfect that it never needs to be altered in any way (which is pretty difficult when solving real-world problems), and that's used by lots and lots of people and companies in the real world to generate value (an amazing thing, considering the other problems with this person's code), then why would you choose to apply to work in an environment where you *couldn't* write inexplicable, immutable code?
He he.. Excellent point. Unless your code is either:
1) Not understandable by others, but only because it's so freaking godly and awesome that it exceeds the capacity of Human comprehension, or
2) Understandable by others
How to prevent hiring bad coders when interviewing potential new hires:
He/She says:
I've written some truely amazing code which works quickly, efficiently and is used on hundreds of different high traffic websites.
I have yet to find someone who can understand what it does and how it does it So you ask:
Unfortunately, the code you write *must* be understandable by other coders otherwise you're worthless to a development team. Assuming you're really so "good" that you can write inexplicable code that's also so awesome that it's used in the real world with no problems, then why are you applying for a job?
He/She says:
[I wrote] a 20 line snippet which never needs to be touched. Thats why its perfectly acceptable. So you ask:
Can I see this 20 line snippet and your proof of its correctness?
He/She says:
If your working in a team which doesnt understand each other's styles fluently then you'll be wanting someone with many interests. So you ask:
Why don't you know the difference between "You're," and "Your?"
He/She says:
However get a couple of really great guys who understand each other then you will get superior code in a fraction of the time. So you ask:
So... Given that you "have yet to find someone who can understand" your "truely amazing code," how would you propose we find these other "really great guys who understand each other," (but, apparently, not necessarily each other's code) in order to obtain "superior code in a fraction of the time"?
The problem is that you're arguing against a straw man that I didn't even create.
Yes you did. You implied that if I supported a free market, that I don't believe in the principle of rule of law and regulation. You said:
So you have no problem letting the free market decide? Even if companies choose to hire child laborers, pay below minimum wage, padlock all the doors, pollute to their hearts content,...? Why should a consumer be forced to donate to protect children from companies who would exploit them, eh?
On the contrary, I like the idea of economic freedom, and I also like the idea of rule of law. They're not contradictory.
But isn't forcing restaurants to comply with the current law inefficient and wasteful and against every principle you've stated so far?... You don't seem to realize that by [snip] adding fines or fees we actually give companies and consumers more choices.
You seem to think that there's some fundamental difference between your idea of "adding fines and fees" and the alternative of simply "enforcing laws." There isn't, and here's the blindingly simple reason why:
What happens if a company decides not to pay the required fine or fee?
See, enforcing laws, including ones that protect children, preserve the environment, ensure safe workplaces and enforce a minimum wage, require that we, as a nation, expend tax dollars. But enforcing your solution: fees, taxes, fines, or any other involuntary action onto companies in order to influence them to behave in a certain way is just as costly as enforcing any other law. For example, let's look at your solution of fines and fees:
Who decides what infractions will be fined, or will require a fee? (This requires bureaucracy.) Who decides how much those fines and fees will be? (More bureaucracy.) What will happen to companies who choose not to pay? (More bureaucracy.) How do you enforce the payment of those fines and fees? (aaand now we're back to "Inefficient and wasteful" law enforcement).
See? The solution you're proposing is just another law, that will require ("wasteful and inefficient") enforcing.
What if instead you set a fee for each restaurant (depending on size) to opt out of the law.
So then what happens if I don't provide handicap-accessibility, but I also choose to *not* pay the opt-out fee? Yet again, your own idea is subject to the same "inefficient and wasteful" problems that you claim as evidence against the alternative of simply enforcing the law.
What if instead you set a fee for each restaurant (depending on size) to opt out of the law.
Actually, I have a better idea: What if instead of a fee for non-compliant restaurants, you offered a subsidy for compliant restaurants? That is, if your restaurant is fully handicap-accessible to some measurable standard, that you would receive additional money from the government? Now, here's the key part of my idea - this money wouldn't come from the pool of compulsory taxes we all pay each year. We would, instead, implement a "Gift Tax" option - that is, if you think that handicap-accessibility is a good idea, you simply check a box on your tax return, and write a dollar amount in the box next to it. That amount will be added to what taxes you owe (or deducted from your refund), and it'll all go into a big pool for handicap-subsidies, which will be distributed among all government-certified handicap-accessible businesses.
Slashdot Mirror
I like the idea of a Health Savings Account in conjunction with a High-Deductible Health Plan. The idea is that you contribute a limited amount annually to a special IRA. Each year, you pay (tax-free) for your medical care out of that IRA until you hit your deductible. Then, everything's free. Next year, you contribute the same limited amount, the deductible resets, wash-rinse-repeat.
The neat thing is that you benefit from leading a healthy lifestyle, but you're still covered in case of some catastrophic health issue.
One secondary effect of using an HSA is that it makes routine healthcare decisions economic decisions. I think that's a good thing. Others might not agree. But I suspect that if everyone used these things, the cost of healthcare would decrease. Just my opinion.
Totally agree - Hell, just exposing people to an explicitly multi-user system that strictly enforces least-privilege is a good thing! I'm sure that the majority of your headaches with security issues are due to the fact that most people (myself included) have developed some bad security habits when using their home PCs.
The scary thing is nowadays, your home PC is basically an alternate vault door to your damn bank account(s). If I didn't know better, didn't have an account password, and just clicked "Remember my Password," all the time because it was convenient, any thief breaking into my house, unattended repair/cleaning person, malicious visitor, asshole uncle, etc. would be able to basically send the contents of my checking account to wherever they wanted. They could sell my entire stock portfolio and make me buy a billion shares of pets.com (or whatever). They could max out my credit cards on Amazon and send themselves (or worse, *me*) a billion copies of "I Know Who Killed Me". I mean, if you think about it, the *best* thing that could happen in the case of someone breaking in to steal your stuff would be if they just *took* your computer (and all your other stuff, of course) to fence!
Crap. I just scared myself.
Anyway, back to the original issue (response to OP): This article is kind of older (2002). Japanese CS-types evaluated the use of a mouse-driven icon-based password for elementary school-aged children. I know it's not a simple answer, but if you're (really) bored some time maybe you could look around for a current implementation of this, or even code it up yourself.
Barring that, I'm a fan of the sentence-mnemonic idea. And if this girl is motivated enough to not want anyone to be able to screw with her computer, I think she'll be able to handle it.
Before jumping up and down gleefully, those working on related open source efforts, such as OpenOffice, might want to take a very close look at Microsoft's Open Specification Promise to see if it seems to cover those working on GPL software; some believe it doesn't.
From MS's own mouth - and mind you that these quotes probably had to be vetted by a billion lawyer-types to ensure that MS wouldn't incur any sort of bizarre liability fifty years down the road by saying them. Based on what is said here, the only other thing that MS reserved is the ability to sue anyone who sues them for violating the patents that they already own, and are releasing to the public. That would be kind of like placing a legal disclaimer on your Halloween candy bowl: "Attention: You can all take as much candy from this bowl as you want, and I legally give up my right to prosecute anyone taking candy from this bowl of Theft, forever. But if any of you accuses me of Theft for eating candy from *my own candy bowl,* then I reserve the right to accuse that person (and *only* that person) of Theft, too." Here's a few pertinent excerpts:
Q: Is the Open Specification Promise intended to apply to open source developers and users of open source developed software?
A: Yes. The OSP applies directly to all persons or entities that make, use, sell, offer for sale, imports and/or distributes an implementation of a Covered Specification. It is intended to enable open source implementations, and in fact several parties in the open source community have specifically stated that the OSP meets their needs. Moreover there are already a significant number of implementations of Covered Specifications that have been created and/or distributed under a variety of open source licenses as well as under proprietary software development models. Because open source software licenses can vary you may want to consult with your legal counsel to understand your particular legal environment.
Q: Is this Promise consistent with open source licensing, namely the GPL? And can anyone implement the specification(s) without any concerns about Microsoft patents?
A: The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specification(s). We leave it to those implementing these technologies to understand the legal environments in which they operate. This includes people operating in a GPL environment. Because the General Public License (GPL) is not universally interpreted the same way by everyone, we can't give anyone a legal opinion about how our language relates to the GPL or other OSS licenses, but based on feedback from the open source community we believe that a broad audience of developers can implement the specification(s).
Q: I am a developer/distributor/user of software that is licensed under the GPL, does the Open Specification Promise apply to me?
A: Absolutely, yes. The OSP applies to developers, distributors, and users of Covered Implementations without regard to the development model that created such implementations, or the type of copyright licenses under which they are distributed, or the business model of distributors/implementers. The OSP provides the assurance that Microsoft will not assert its Necessary Claims against anyone who make, use, sell, offer for sale, import, or distribute any Covered Implementation under any type of development or distribution model, including the GPL. As stated in the OSP, the only time Microsoft can withdraw its promise against a specific person or company for a specific Covered Specif
No argument there.
The summary also points out with links to why this release might not actually indicate MS is really releasing their formats to break with that past after all.
No. The article doesn't make that claim. That's your own interpretation. The overall intent of the article is simply to convey a few simple points:
1) Why the MS office document format is so crufty (minus conspiracy theories).
2) How to work *with* the Windows OS to use those documents.
3) How to use better, more open, alternatives to creating office documents.
Nothing in the article contradicts anything I said earlier.
Now, why would you preserve crufty code and file formats if you didn't have to? The only reason *I* can think of is to preserve backwards compatibility, which is a *major* user requirement!
How about this interpretation of MS's actions? They've offered an open, XML-based format for document storage. They've also just shared with us the old, crufty, proprietary formats they've historically used for document storage. I think they actually *want* to move away from their old proprietary methods and use an open format. They've clearly been reading the tea leaves and realize that a universal office document standard is in the works. All they're trying to do is make sure they're ready for it.
As far as OOXML vs. ODF, my guess is that they're pushing their own open document format because the alternative doesn't offer the functionality that their apps require, and if a universal standard is going to be adopted, they simply want it to be expressive enough to work with their applications.
OK, I see your point. I guess it depends on *what* it is that you've invented and are trying to sell. My experience has been a little different - a family member and I started manufacturing a part used in steel refining based on an innovative, patentable concept that, on paper, would be absolutely superior to the standard version. At the time, we weren't worried about the IP - we were something like $500K deep in startup costs, and we were just trying to sell the damn thing.
Ultimately, it worked out - but not quite how we thought. We weren't able to make the "innovative" concept work in trials, and we switched to manufacturing a product just like what everybody else was making, but a bunch cheaper - the companies we were competing with are *big*, but also not accustomed to actual competition. We were able to undercut them on price at a bunch of mills and eventually end up with enough sales to stay afloat.
I've since moved on to other things, and my family member is happily making these things, and in the black. Someday, he may go back and try the other design... (which *still* isn't patented)
Anyway, I guess my concept of patents was probably colored by my own experience, and also by one other thing: We rented space in a machine shop to make our product, and there was this other guy who rented some space next to ours. He was manufacturing some sort of prosthetic joint piece, and he had a patent, and the capacity to manufacture a buttload of them - in fact, he already *had* made a whole bunch of them. They worked great - I mean, the guy used it himself (he had lost a limb and I guess was sick of the problems with the standard prosthetics out there, and decided to make a better one). But instead of just selling the damn thing, he kept holding out for "the Big Contract," that would make him insanely rich overnight. He was always flying out to demo his product to all these huge companies, hoping they'd buy him out. One day, my partner asked him, "Why don't you just start selling them? I mean, they're clearly superior. Just put the damn things up for sale on eBay, or whatever!"
Anyways, this guy is now selling off his machines to pay his rent and pay off his debt while we're in the black. He still hasn't sold *one* of his product. I guess my feelings on patents are this - Patents are not lottery tickets. Anyone hoping to get-rich-quick off their idea through selling their patent is misusing the system. Good Ideas are free, and gee, everybody sure has them. But you've got to be willing to actually do the work to make your Good Idea a reality. Using patents as a shortcut to the payoff is lazy and reprehensible.
That's an interesting take on patent trolls. But it's kind of like a guitar player selling his guitar to pay for a kick-ass amp... Whoops.
Without a patent market, it would be more difficult for small inventors to get paid.
How about this instead? Just make and sell your damn invention. If it's that good, I should think you'd have no problem. Want to sell out, but just a little? OK, how about selling exclusive licensing rights to a bigger company for royalties? I don't know. It seems to me that there are a *lot* of other ways small inventors can profit from a good idea that *don't* include selling the exclusive rights to create their widget to a company who intends to not make the widget and just sue others who do.
Maybe this is an oversimplification, but if you don't intend to make the damn thing you want to buy the patent to, you shouldn't be allowed to buy it in the first place.
Ahem. Does anyone else see the parallel with the RIAA here? "Please, please, restrict access to the content that I make money providing! It's for The Children!"
Then once major search engines have fallen for the hoodwink, we'll see the rise of "Pornoogle.com" and "Yah-spew.com" porn search engines, which will, of course be "Free" (for a 30-day trial period, $29.95 per month thereafter).
I call shenanigans.
I think you missed my point. Outstanding or not, any work of art that is able to be experienced for free can't be used to generate money all by itself. In order to make money making art, you have to provide your customers with something valuable that they're willing to pay for. Unfortunately, simply experiencing your outstanding piece of artwork just doesn't count, unless it's something like a live concert or exhibit. There's also the purely snobbish value of *owning* a piece of tangible art, too.
Like you said, that's all moot unless what you've created is actually good. I'm not disputing that. My point is that, even if it's good, in today's age of freely distributable art, you *still* have to provide some other form of value in order to make money with your art. That, or depend on Government to make it illegal to freely distribute your art.
The same applies to all you "programming is creative" types. Yes, a small proportion of programming is "art".
The Programming-is-Art idea is ridiculous. The purpose of programming is *not* to produce godly-clever, aesthetically-pleasing snippets of code. It's to provide useful things to people. Sure, some piece of code that one writes could be clever and artful, but that's ultimately secondary to its actual purpose. I mean, construction workers do clever, artful things in the construction of a house. But that doesn't make their work *art*.
This whole discussion really points to the question of how do artists make a living? I mean, artists of all genres and media are creators of unique, valuable stuff. But I think the real issue is this:
The actual value of the act of simply creating art has always been exactly zero. (Ever read the book, "Making Money Making Music"? It's all about budgeting, hiring, firing, and performing. Nowhere does it mention, "Write a beautiful song and the world will throw money at you for your creation!") That reality has been recently exposed via technology: Once you make a movie/song/picture/painting and make it available to the world in whatever format, no matter how limited or constrained (i.e., DRM), it can and will be copied and made available to everyone, for free.
The traditional revenue model for artists has never involved the unquantifiable, intrinsic value of their art - The way people have made money making art has historically been to provide the service of seeing/hearing/experiencing their art. But now that the "admission price" to view or hear their creations is essentially free, there are only two rational ways to make money making art:
1) Come up with some other way to provide value to art consumers - Convenience (i.e., iTunes), uniqueness (i.e., live shows, or maybe signed prints), and quality (DVDs with neat box-sets and extra stuff, etc.) are three that come to mind immediately.
2) Make laws that require people to pay your "admission price."
I think that option #2 is kind of like the Little Dutch Boy.
Lemme replace the word "necessarily" with the word you meant to say: Possibly.
Anecdotal evidence amounts to "My Very Own Personal Experience, which my feelings tell me is true, and is also generalizable to ALL similar situations!" It doesn't prove anything.
If you're so bent on getting good data, by the way, you should know better than to blindly add up vulnerability announcement totals and call that analysis.
Hey, that's all the article and the supporting pdf had. If they had anything more tangible to work with, I'm sure they would have offered it. I was just using what they offered.
How is that a troll? He's stating the observation based on his experience.
It's a Troll because anecdotal evidence boils down to pretty much this: "That's what my personal experience leads me to *feel* is true, and here are some numbers (I made up) that *feel* right to quantify my *feelings*."
I did read the article and can't tell, either.
The linked pdf showed that Firefox had 36 critical security issues versus IE's 28.
Given that modern OSes protect against low-level access violations, I think you can answer your question by looking at the security fault type: 22 of IE's and 12 of FF's were memory corruption or buffer overrun issues, which I'm guessing ought to be caught by the underlying OS. FF had 11 Security Zone Bypasses, of which IE had none, and FF had 13 "Other" critical security issues, versus IE's 6.
Security Zone Bypass is just one type of an elevation of privilege attack. And "Other" doesn't really tell us much, but let's assume that all "Other" vulnerabilities are Bad.
FF, then, had 24 critical security issues that wouldn't necessarily be caught by modern OS memory protection schemes common to both Windows and Linux, to IE's 6.
Hey, I'm no MS fanboy, but the above is what I managed to take home from the article.
Another revealing way to look at it is this:
How would you feel if the same laws were applied to your garage sale?
I'm guilty of this myself. When I want something badly, I tend to shorten the shopping-around part of my economic decision. In doing so, I choose not to research that particular product further, and if I don't get the absolute lowest optimal price, then so be it! The time I spend looking for the cheapest price is time I've spent that I can't use for anything else.
Just because a given consumer doesn't get the Absolute Best Deal on a given transaction does not mean that they are a fool. Just human.
Getting back on topic, one thing I'm curious about is how Amazon handles doing business in states that don't allow businesses not to honor advertised pricing. I assume there are such laws somewhere. Most states have some form of consumer protection on the books. Getting it enforced, however...
This brings us back to my original point: Once a vendor explains to you that the given item's price is not what you thought it was, a thief would try to invoke a law that would force the vendor to exchange that item for a lower price than at which he or she would voluntarily exchange it. A fool wouldn't realize that what they were trying to do was wrong and fruitless, and keep at it.
Just because it's possible to sue someone for something doesn't necessarily mean you're right. In the spirit of the law, a contract is an agreement between two parties entered into by his or her free choice. A mistake in pricing on the part of the seller isn't a free choice - it's just a mistake.
The problem is that the simplicity of this situation is muddied by the fact that this transaction occurred via internet, where the seller isn't there at the cash register to tell you, "No, that price is wrong. If you choose not to buy it at the price I actually intended to sell it, sorry!"
Legal wrangling aside, look at the core issue here - pretend Amazon isn't a huge internet seller, but just a mom & pop store selling CDs and DVDs and Kindle books (he he). Would you still think it's right to sue Ma & Pa Amazon for a mistake like this?
But in those 4.99 DVD bins at Wal-Mart you never know what your going to find, since there's no list on the side w/what should and shouldn't be in there. so... yeah, I'd argue if it wasn't obviously the wrong thing or the wrong price.
The example in this article would be like finding, for example, all three seasons of Battlestar Galactica in the $4.99 DVD bin at Walmart. You *know* it doesn't belong there, and you'd have to be a fool or a thief to insist that it did.
Actually, this reminds me more of the people who stand at the register and argue with the manager, "But it was on the 99-cent rack, so you *have* to sell it to me for 99 cents!"
Fortunately, those people don't know about Slashdot yet...
Bottom line is that people in NYC want to feel safe from invisible threats like chemical, biological, and radiological contaminants - totally reasonable. So they buy threat-detection devices. So what? This law would be unnecessary if you managed to explain to the bulk of your population a few simple things, in conjunction with a different law:
1) The threat-detector you choose to buy does no good unless it actually works properly.
2) Here's a few off-the-shelf brands that we tested that work.
3) If you have another kind, bring it to us and we'll test and calibrate it to make sure it works properly.
4) But if you choose to falsely report a threat, or you choose to buy a possibly improperly-functioning detector and it causes a panic that results in harm to others, or causes the cops to expend resources unnecessarily, then we'll punish/fine you.
Different law, provides the same results, but it provides people with more choice.
Well, if you left it up to private industry to do, the ultimate goal *would* be to reduce cost - the construction of new infrastructure, and the resultant reliability improvement would just be an emergent (and ultimately beneficial) side-effect.
Cost reductions come from better utilization of existing resources. You can't build infrastructure without raising cost
More correctly stated, you can't build infrastructure without expending resources. If it's the Government doing it, then, yeah, you'll definitely pay that cost through taxes. But if it's some corporate entity whose goal is profit, that expenditure of resources will be mitigated somehow (maybe dipping into profits or saved capital, maybe taking a loss, maybe borrowing capital), because for-profit companies have to both be mindful of our future needs (and, therefore, expand in ways that best meet those needs), but also be mindful of *today's* bottom line: If they can't provide a given service at a comparable price to their customers, they lose customers.
Even if you decide to spend money and build an entire new infrastructure, there will always be incentives to utilize it as efficiently as possible.
You're confused about the concept of "incentive." Positive Economic Incentive != Negative Government-Created "Incentive." A positive incentive is some reason to do something that's in your best interests, solely for that reason. The free-market creates those automagically through competition and depending on human nature. The kind of "incentive" you're talking about is actually the same incentive we offer for committing a crime - *don't* do this, or we'll penalize you. This type of incentive requires enforcement and administration (which require additional resources) to ensure it's effective.
1) The total, over-time cost of using OOXML versus ODF (technology, training, support, and software upgrade costs).
2) The long-term effects on our ability to read and use business documents over long (in the IT scope, so maybe a decade) periods of time.
3) The actual capabilities, and the value they provide to current end users, of OOXML versus ODF.
To be honest, I'm most interested in the last one. Here's an assertion made in the original study:
Overall, ODF addresses only a subset of what most organizations do with productivity applications today.
TFA doesn't address this at all, and to be honest, this is kind of the most important thing - if ODF really doesn't fulfill the needs of its users, then the other two points are moot, because unless this isn't true, the necessary critical mass of users won't adopt ODF. Point is, the *first* thing that needs to be hashed out is whether or not ODF provides equal or greater capability for businesses to work with electronic documents than OOXML.
And how is deregulating energy providers which would allow competitors to build infrastructure and provide alternatives to state-run energy providers not going to solve this?
Building more infrastructure (generation and transmission) is an expensive solution
It's very unlikely that you'll ever be forced to participate in such a program against your will.
And this is the sort of naive, knee-jerk reaction that makes sense when you don't understand how government works.
Not at all. Plenty of good coders simply choose to not work for themselves, and contribute to a larger groups' effort. I mean, I think I'm a pretty good coder, and I think I have some really great ideas that might let me earn a living working for myself. But I also have no illusions that I'm *soo* good that my success (or even my ability to earn a living) is guaranteed.
My point was that if this person thinks they're really that good that he or she can write inexplicable code (which is next to worthless when working with others) that's so perfect that it never needs to be altered in any way (which is pretty difficult when solving real-world problems), and that's used by lots and lots of people and companies in the real world to generate value (an amazing thing, considering the other problems with this person's code), then why would you choose to apply to work in an environment where you *couldn't* write inexplicable, immutable code?
He he.. Excellent point. Unless your code is either:
1) Not understandable by others, but only because it's so freaking godly and awesome that it exceeds the capacity of Human comprehension, or
2) Understandable by others
then you're not writing good code.
He/She says: I've written some truely amazing code which works quickly, efficiently and is used on hundreds of different high traffic websites. I have yet to find someone who can understand what it does and how it does it So you ask:
Unfortunately, the code you write *must* be understandable by other coders otherwise you're worthless to a development team. Assuming you're really so "good" that you can write inexplicable code that's also so awesome that it's used in the real world with no problems, then why are you applying for a job?
He/She says: [I wrote] a 20 line snippet which never needs to be touched. Thats why its perfectly acceptable. So you ask:
Can I see this 20 line snippet and your proof of its correctness?
He/She says: If your working in a team which doesnt understand each other's styles fluently then you'll be wanting someone with many interests. So you ask:
Why don't you know the difference between "You're," and "Your?"
He/She says: However get a couple of really great guys who understand each other then you will get superior code in a fraction of the time. So you ask:
So... Given that you "have yet to find someone who can understand" your "truely amazing code," how would you propose we find these other "really great guys who understand each other," (but, apparently, not necessarily each other's code) in order to obtain "superior code in a fraction of the time"?
Ow. Your awesomeness hurts my brain. I submit.
Yes you did. You implied that if I supported a free market, that I don't believe in the principle of rule of law and regulation. You said:
So you have no problem letting the free market decide? Even if companies choose to hire child laborers, pay below minimum wage, padlock all the doors, pollute to their hearts content,
On the contrary, I like the idea of economic freedom, and I also like the idea of rule of law. They're not contradictory.
But isn't forcing restaurants to comply with the current law inefficient and wasteful and against every principle you've stated so far?
You seem to think that there's some fundamental difference between your idea of "adding fines and fees" and the alternative of simply "enforcing laws." There isn't, and here's the blindingly simple reason why:
What happens if a company decides not to pay the required fine or fee?
See, enforcing laws, including ones that protect children, preserve the environment, ensure safe workplaces and enforce a minimum wage, require that we, as a nation, expend tax dollars. But enforcing your solution: fees, taxes, fines, or any other involuntary action onto companies in order to influence them to behave in a certain way is just as costly as enforcing any other law. For example, let's look at your solution of fines and fees:
Who decides what infractions will be fined, or will require a fee? (This requires bureaucracy.) Who decides how much those fines and fees will be? (More bureaucracy.) What will happen to companies who choose not to pay? (More bureaucracy.) How do you enforce the payment of those fines and fees? (aaand now we're back to "Inefficient and wasteful" law enforcement).
See? The solution you're proposing is just another law, that will require ("wasteful and inefficient") enforcing.
What if instead you set a fee for each restaurant (depending on size) to opt out of the law.
So then what happens if I don't provide handicap-accessibility, but I also choose to *not* pay the opt-out fee? Yet again, your own idea is subject to the same "inefficient and wasteful" problems that you claim as evidence against the alternative of simply enforcing the law.
What if instead you set a fee for each restaurant (depending on size) to opt out of the law.
Actually, I have a better idea: What if instead of a fee for non-compliant restaurants, you offered a subsidy for compliant restaurants? That is, if your restaurant is fully handicap-accessible to some measurable standard, that you would receive additional money from the government? Now, here's the key part of my idea - this money wouldn't come from the pool of compulsory taxes we all pay each year. We would, instead, implement a "Gift Tax" option - that is, if you think that handicap-accessibility is a good idea, you simply check a box on your tax return, and write a dollar amount in the box next to it. That amount will be added to what taxes you owe (or deducted from your refund), and it'll all go into a big pool for handicap-subsidies, which will be distributed among all government-certified handicap-accessible businesses.
What do you think about that idea?