First, allow me to correct you. Radioactive decay is also a state transition.
But, here's the thing. The law of conservation of energy is derived from the inherent symmetry of the universe. Any system that live in a universe where the laws of physics are the same for left/right/up/down/front/back is doomed to be governed by fixed amount of over all energy.
But these are not absolute laws. If you manage to devise a pair of rings where what goes into one pops out the other with no change in temperature, you CAN create energy out of nothing. In fact, merely placing the rings at different altitudes will cause air pressure to generate a wind from the lower ring to the higher ring. You can easily use this wind to power a turbine, and you WILL get free energy.
Is the law of conservation of energy being broken here? No, it's just being subverted. The rings create asymmetry.
Of course, the opposite is also true. So long as symmetry was not broken, it is not required to delve into the details of the machine in order to conclude that it does not produce energy.
One correction, though, which is fairly relevant. It wasn't Babelfish that was used for the translation, it was Babylon. Babelfish doesn't even support Hebrew.
I think Babelfish is, in fact, smart enough to understand that the same word in different contexts can mean different things. One of the main problems with machine translating (and NLP) Hebrew is that the language is very compact as far as spelling goes. The "the" word is just a letter added to the beginning of the word, which compact similarly spelled words together. In this case, the word , which in this case was supposed to mean "Whether", was misidentified as "", meaning "The", and "", meaning "mother". The only way it could happen was if a word by word translation was done, which is known to be a horrible thing.
In other words, yes, it was a moronic act of blind reliance.
Actually, if the way the story as quoted in the Israeli papers is correct, they were translated from Hebrew to English.
Even worse, about 95% of Israelis speak English well enough to understand, from a cursory glance, just how bad this translation is. Hence - no excuse at all.
There is nothing in the Trademark law that prevents CentOS from truthfully describing where they got the source of the distribution from. Red Hat is attempting to expand Trademark protection to places it was never meant to cover, and in that regard it is as bad as the last of the proprietary vendors.
And you know it.
In fact, just like proprietary vendors, you had some versions where you had to click "I agree" to the preposterous "trademark use agreement". Just like we do for proprietary vendors, I have to ask you: Why do you want to shift the protection from trademark to contract law? Is it because you actually know that trademark law does not allow you to demand what you demand?
Shachar IANAL, but I did consult one about this point in the past.
Actually, at least Israelis tend to tour the globe quite a bit. So, when an Israeli sits at an Internet Cafe in Bangaladesh, Bangkok or Santiago, and wants to check the Israeli news, how are they supposed to type in the site's address?
At least for some of those cities, that's not such a huge problem. Bangaladesh sees so many Israeli tourists that some of the street urchins speak Hebrew. Defining a Hebrew keyboard on the computer in the Cafe doesn't sound like that much of a problem. In general, however, it does lock people out.
As far as I can tell, is to do something like this:/*
* Copyright (c) 1903-2009 Bsd Fan
* Copyright (c) 2007 GPL Zealot
*
*** GPL standard notice goes here
*
* Portions of this file were taken from XXX
* These portions are licensed under the following license:
*** BSD license goes here
*/
This way both licenses are respected, everyone get their copyright, but the work is licensed under the GPL ONLY! If someone can separate the original work (say, by taking it from the original location), then that work is still licensed under the BSD license, but non of the new modifications are licensed under BSD, only under GPL (which is BSD compatible)
as I'm not a US resident (or citizen), but I would like to stress the importance of having SOME health insurance, as well as some loss of income insurance.
I'm a semi-self employed. I own a small consulting company, about four employees myself included, I usually generate most of the income. You will notice that the difference between that and self employment is mostly that I have three other sallaries to take care of besides my own.
On March this year I was diagnosed with a Hodgkin's lymphoma. As far as cancers go, this is nothing going. A bit of chemotherapy, a bit of radiotherapy, and it's usually gone. As far as anyone can tell, I'm already out of it.
BUT
For almost half a year I was not much more than a useless wreck. Chemo once every two weeks does not leave you too much time in which you can work, and it takes over a month to mostly recover from the radiotherapy.
While cancer may seem like an extreme case of "what may go wrong", it is very far from being the only thing that can go wrong. Other things may include a traffic accident, breaking a hand (or even a finger, when computer programming is involved), not to mention things like neocleosis, all of which can take you out of the work cycle for months.
Luckily, the national health insurance in Israel is great, and I paid almost nothing for my treatments (I think less than $100 all told for 2 CTs, a PET CT, a few X-Rays, an ultra-sound, 4 ABVD treatments and 17 radiotherapy sessions). Not less luckily, Lingnu (my company) was managed well enough to be able to function almost without me for those past months. We managed to pull it off without losing customers and without letting any of the employees go.
The thing is, being lucky is nice. Stacking up the odds in your favor is even nicer. Get a good insurance.
Shachar P.s. Yes, I realize that your question was "I want an insurance, which one is good?".
After all, it is not possible to trust ANYONE to hold veto power over democratic elections. That's why the procedures and requirements from electronic voting machines should not trust the machines (read - possibility of voter-verified manual recounts, etc.).
If that is the case, why does it matter who is doing the actual manufacturing?
Reminds me of a Black-Hat Briefing conference I attended some years back, where a chain of encrypted anonymous email servers was introduced. A member of the audience asked whether the presenter would use such a system operated by the NSA. His reply - if Mossad and Hammas both ran such a system, he would be sure to route his messages through both. One truely working machine along the way is enough to assert anonymity, and the chances of Mossad and Hammas cooperating against you are slim. I think voting machines should have protocols in place to make sure such a level of trust can be achieved, and then make the manufacturer irrelevant.
Israel has a high standard of living in the ballpark of European and North American nations.
Same ballpark, not same level. I charge around 60$/hr for FOSS consulting (depending on precise type of job, of course). I'm given to understand that a similarily sized company in the US charges about double that. There is very little doubt that an Indian company will charge a fraction of that.
HOWEVER
While you can get away with outsourcing support centers or IT for cost alone, it would be suicide to think that you can outsource R&D on cost, and I highly doubt that that's what Intel is doing. As much as some white/brown people here would like to think, if Intel is outsourcing this part, it's probably because it found Indian engineers that are capable of doing the job, and doing it well.
But this does begs a different question. Why is outsourcing development to Israel any different than outsourcing it to India?
Don't get me wrong. I live in Israel, and I have nothing against seeing some of this money staying here. It's just that, putting on American goggles, I don't see how it makes any difference where money not spent in the US is spent. Is it that Israel is already a "R&D center", and therefor not a "new threat"?
The first - the design guidelines (10 out of the 12 listed) are focused on appearance rather than on functionality. Making sure your icons look great (#4) comes long before producing a clean interface (#10).
The second is that this document carries a severe undertone of "make sure your app only works on Vista, and looks out of place on anything other than Aero". The entire document keeps saying "use Vista only API whenever you can" and "visually design the application to look out of place when not using the Vista UI" (with a few exceptions).
I guess this is how MS are trying to fight the competition formed by previous OSes being good enough. They try to make sure new applications don't work on them any more.
IDA Pro (a very well known and capable disassembler rev-eng tool) comes with a demo version that won't rev-eng itself. Obviously, the first thing you do when you get the full version is to load IDA Pro in IDA Pro.
About five lines into the startup code IDA jumps into a subroutine that does exactly the above. The result? IDA's automatic initial analysis fails to disassemble most of the rest of the application.
Of course, IDA being the best tool around, if you know what you are doing you can just unmark the rest of the application as code, move one line down, and remark the application as code and you're done.
Shachar P.S. The real reason I was using IDA on IDA was that all of the crazy anti-rev-eng stuff in it was breaking when it ran on Wine with some security enhanced kernel features on. Turned out that it prevented Wine from getting the memory location where programs typically load themselves on Windows, and IDA was not tolerant to that kind of moving.
According to an Iranian friend, the Iranian law does not allow copyright protection to non-Iranians. The answer is that the punishment for piracy may be severe (I don't know), but according to Iranian law, installing a copy of Windows without paying for it is not piracy.
But it's rather long. I posted the detailed reasons in my blog.
In a nutshell: - Intel has put lots of optimizations into the actual CPU. The author did not account for those. - Future proof - C is a simple language, for which it is simple to write complex optimizers.
Since this seems to stand in direct contradiction with everything we (or, at least, I) thought about her in the past, does that mean that Rosen, like any other CEO, will do whatever they think their current employer needs, regardless of personal opinion about it?
Even if the RIAA did start to go down the "sue individuals" after she left, it seems unlikely that this is not a direction she helped point the organization in.
Tehila, an Israeli government unit dedicated to putting the gov. interaction with the public online, filed a criminal complaint against Avi Mizrachi for performing a vulnerability scan against the Mosad public site.
The bottom line is that the judge, in a surprisingly sane verdict, stated that if there was no intention to do damage, and damage was, indeed, not done, then the act was legal. There was some discussion of whether such acts should be universally allowed, and a statement (though I doubt it's an actual precedance) that automatically relying on the administrators to secure their own sites is not a wise thing to do.
I can tell you that the local professional media was up in arms after this was published:-)
You said that they don't want to allocate the resources (men, expertiese) for supporting themselves. This is an economical reason, not a security one.
If the DoD said "ok, let Check Point buy Sourcefire, but we will sieze to buy our support from the new unified company", that is an understandable statement (regarding not letting debug info leaving the country etc.).
Objecting to the actual SELL, however, is not.
I'll even go further. If the DoD said as above, it is not impossible that Check Point would have said "in that case, we won't buy the company". Knowing Check Point, it is much more likely that they wanted to buy SourceFire for their technology, and not their clients, and so that would not have dropped the deal. Still, these are economical pressures that I view as legitimate. Masking a purely economical concern as a security one is hypocracy.
Getting the characters right is the least of your problems. Getting them to display in the right order is.
There is a terminal emulator called "mlterm" that knows how to do that. Never used it, myself (Hebrew writer, but same problem). Whenever I need to handle Hebrew filenames, I either view it backwards or use a graphical environment.
For businesses that make a living from selling support (SugarCRM, RedHat etc.), the path is a different one.
First, you create the project. You keep updating it and improving it, until it forms a community. You keep mentioning that you also offer commercial support for the project, but until it has a community of early adopters, no one will pay you to support it.
If you manage to cross that sea, however, there is good money in FOSS. RedHat make all their money by selling support for the product after they managed to turn it into a standard. MySQL argueably do the same (they also try to sell licenses, which is something I'm not sure I agree with). SugarCRM are doing the same, though they did annoy the "community" enough to create a split. It'll be interesting to see what happens with that.
The thing to understand here is that you have a very long road ahead of you yet, before you can actually quit your day job for this.
Personally, I moved into the "sell services, base them on FOSS" business. Some of the FOSS involved was written by us, but we never sell the actual software, always the service behind it.
As someone who is a former Windows programmer, a Wine hacker and a security expert, I cannot escape the notion that many of Windows security weaknesses are a direct result of a deliberate design decisions made by Microsoft. This is not to say that Microsoft maliciously designed the entire system, starting with the API, going through the security and users system, and ending with the program features, based solely on "usability" and "convenience", with "security" either being discarded as unimportant or not being considered. Either way, it appears to me that many of the design decisions behind the way Windows were poorly made, security wise.
Vulnerabilities such as buffer overruns are implementation oversights. While the receive much hype for being easily exploitable, they are also a matter of issuing a fix and having it away with the problem. Vulnerabilities such as the latest WMF problems stem from lack of security consciousness when performing design, but low use of the relevant feature probably means that a fix is not very difficult to carry out. These are not the sort of problems I'm talking about.
To demonstrate what I am talking about, allow me to give a few isolated examples:
Sending a WM_TIMER message to a program that did not specifically catch it will cause it to run an arbitrary address.
Using the CreateProcess API command using a NULL as the "lpApplicationName" parameter creates ambiguity regarding what is the program to execute when whitespaces exists. Often, the command that the program is trying to execute is not the highest priority in the search, resulting in a user able to inject their own code into the application's context
The problem with such design decisions is that the resulting vulnerabilities may not even be with Microsoft applications. I have seen vulnerabilities for both of the above problems with non-Microsoft anti-virus programs. Microsoft's response under such cases has always been "this is not a vulnerability in our code", despite not mentioning anywhere within its documentation that you are required to catch the "WM_TIMER" event, whether you need it or not, or your application will be vulnerable.
In short, it is my opinion that Microsoft's development environment is hostile to secure programming, simply because of the sheer enormity of the API, and because applications may be affected by areas of the API they did not use. This means that producing secure code for Windows requires a level of expertise far outside the level required for producing code.
One thing that is worse with this type of problems is that they receive little attention. While none of the problems I mentioned above is first published here, you will not find either of them mentioned on BugTraq or Full Disclosure anywhere within the past year. This, I believe, is a direct result of MS's "someone else's problem" approach. This means that Black Hats have an attack vector open that programmers are likely not aware of. I have talked to Black Hats that told me candidly that they get in anywhere they want by exploiting the fact that ActiveX's have no certificate revocation. Once an ActiveX was signed by Macromedia, Symantec or Microsoft, it remains signed, even if a security hole is discovered in it. They just push an old, insecure (but signed) ActiveX to the victim's machine, and then exploit the newly opened hole in order to get in.
Even worse, these problems are not implementation problems. People use both CreateProcess' NULL as application name AND WM_TIMER's callback option, which means that no simple implementation fix will close the hole without breaking applications. Microsoft provides no way to revoke a signature on an ActiveX.
Ehhm. I'm afraid that RAID is no substitution for backup. It only protects against ONE of the problems that backup protects against (again, full details at http://lingnu.com/backup.html - my company).
Trying to analyze what you have described, you have a serious problem if old backup tapes turn out to be bad (as they tend to do, over time). You cannot write data to a tape, and then just put it in a safe and expect it to stay there three years later. Every so often, a full (non-incremental) is necessary.
I do believe that the technology we employ for online backups would handle your case fairly well, though. We use rsync-friendly encryption (we developed it, but we open sourced the actual technology - http://sf.net/projects/rsyncrypto). This means that you don't have to upload the entire 700GB the whole of the time. In fact, for all practical purposes, you only upload the data that you have changed.
Still, with this magnitude of data, I'm not sure that online backup is the right path for you. If you wanted to back up the entire 700GB with our service, I may be able to get you a price as low as ~5$/compressed GB/month. Assuming we believe the industry that compression is 1:2 ratio, that means you need to pay for 350GB, or 1750$/month. Most companies prefer to roll their own at this price point.
Slashdot Mirror
First, allow me to correct you. Radioactive decay is also a state transition.
But, here's the thing. The law of conservation of energy is derived from the inherent symmetry of the universe. Any system that live in a universe where the laws of physics are the same for left/right/up/down/front/back is doomed to be governed by fixed amount of over all energy.
But these are not absolute laws. If you manage to devise a pair of rings where what goes into one pops out the other with no change in temperature, you CAN create energy out of nothing. In fact, merely placing the rings at different altitudes will cause air pressure to generate a wind from the lower ring to the higher ring. You can easily use this wind to power a turbine, and you WILL get free energy.
Is the law of conservation of energy being broken here? No, it's just being subverted. The rings create asymmetry.
Of course, the opposite is also true. So long as symmetry was not broken, it is not required to delve into the details of the machine in order to conclude that it does not produce energy.
Shachar
One correction, though, which is fairly relevant. It wasn't Babelfish that was used for the translation, it was Babylon. Babelfish doesn't even support Hebrew.
I think Babelfish is, in fact, smart enough to understand that the same word in different contexts can mean different things. One of the main problems with machine translating (and NLP) Hebrew is that the language is very compact as far as spelling goes. The "the" word is just a letter added to the beginning of the word, which compact similarly spelled words together. In this case, the word , which in this case was supposed to mean "Whether", was misidentified as "", meaning "The", and "", meaning "mother". The only way it could happen was if a word by word translation was done, which is known to be a horrible thing.
In other words, yes, it was a moronic act of blind reliance.
Shachar
Actually, if the way the story as quoted in the Israeli papers is correct, they were translated from Hebrew to English.
Even worse, about 95% of Israelis speak English well enough to understand, from a cursory glance, just how bad this translation is. Hence - no excuse at all.
Shachar
There is nothing in the Trademark law that prevents CentOS from truthfully describing where they got the source of the distribution from. Red Hat is attempting to expand Trademark protection to places it was never meant to cover, and in that regard it is as bad as the last of the proprietary vendors.
And you know it.
In fact, just like proprietary vendors, you had some versions where you had to click "I agree" to the preposterous "trademark use agreement". Just like we do for proprietary vendors, I have to ask you: Why do you want to shift the protection from trademark to contract law? Is it because you actually know that trademark law does not allow you to demand what you demand?
Shachar
IANAL, but I did consult one about this point in the past.
Actually, at least Israelis tend to tour the globe quite a bit. So, when an Israeli sits at an Internet Cafe in Bangaladesh, Bangkok or Santiago, and wants to check the Israeli news, how are they supposed to type in the site's address?
At least for some of those cities, that's not such a huge problem. Bangaladesh sees so many Israeli tourists that some of the street urchins speak Hebrew. Defining a Hebrew keyboard on the computer in the Cafe doesn't sound like that much of a problem. In general, however, it does lock people out.
Shachar
No, that doesn't seem like it.
If what you suggest were it, then this would be a display only bug. If that were the case, =A1+1 would have been "65536", and not "100001".
Shachar
As far as I can tell, is to do something like this: /*
* Copyright (c) 1903-2009 Bsd Fan
* Copyright (c) 2007 GPL Zealot
*
*** GPL standard notice goes here
*
* Portions of this file were taken from XXX
* These portions are licensed under the following license:
*** BSD license goes here
*/
This way both licenses are respected, everyone get their copyright, but the work is licensed under the GPL ONLY! If someone can separate the original work (say, by taking it from the original location), then that work is still licensed under the BSD license, but non of the new modifications are licensed under BSD, only under GPL (which is BSD compatible)
Shachar
Flew out of Tel Aviv air port a week ago with a bottle of mineral water in my carry-on. No problem.
I've been warned (and I actually saw a sign in the air port in France to that effect) that my return trip will not be so lenient.
Shachar
as I'm not a US resident (or citizen), but I would like to stress the importance of having SOME health insurance, as well as some loss of income insurance.
I'm a semi-self employed. I own a small consulting company, about four employees myself included, I usually generate most of the income. You will notice that the difference between that and self employment is mostly that I have three other sallaries to take care of besides my own.
On March this year I was diagnosed with a Hodgkin's lymphoma. As far as cancers go, this is nothing going. A bit of chemotherapy, a bit of radiotherapy, and it's usually gone. As far as anyone can tell, I'm already out of it.
BUT
For almost half a year I was not much more than a useless wreck. Chemo once every two weeks does not leave you too much time in which you can work, and it takes over a month to mostly recover from the radiotherapy.
While cancer may seem like an extreme case of "what may go wrong", it is very far from being the only thing that can go wrong. Other things may include a traffic accident, breaking a hand (or even a finger, when computer programming is involved), not to mention things like neocleosis, all of which can take you out of the work cycle for months.
Luckily, the national health insurance in Israel is great, and I paid almost nothing for my treatments (I think less than $100 all told for 2 CTs, a PET CT, a few X-Rays, an ultra-sound, 4 ABVD treatments and 17 radiotherapy sessions). Not less luckily, Lingnu (my company) was managed well enough to be able to function almost without me for those past months. We managed to pull it off without losing customers and without letting any of the employees go.
The thing is, being lucky is nice. Stacking up the odds in your favor is even nicer. Get a good insurance.
Shachar
P.s.
Yes, I realize that your question was "I want an insurance, which one is good?".
After all, it is not possible to trust ANYONE to hold veto power over democratic elections. That's why the procedures and requirements from electronic voting machines should not trust the machines (read - possibility of voter-verified manual recounts, etc.).
If that is the case, why does it matter who is doing the actual manufacturing?
Reminds me of a Black-Hat Briefing conference I attended some years back, where a chain of encrypted anonymous email servers was introduced. A member of the audience asked whether the presenter would use such a system operated by the NSA. His reply - if Mossad and Hammas both ran such a system, he would be sure to route his messages through both. One truely working machine along the way is enough to assert anonymity, and the chances of Mossad and Hammas cooperating against you are slim. I think voting machines should have protocols in place to make sure such a level of trust can be achieved, and then make the manufacturer irrelevant.
Shachar
Same ballpark, not same level. I charge around 60$/hr for FOSS consulting (depending on precise type of job, of course). I'm given to understand that a similarily sized company in the US charges about double that. There is very little doubt that an Indian company will charge a fraction of that.
HOWEVER
While you can get away with outsourcing support centers or IT for cost alone, it would be suicide to think that you can outsource R&D on cost, and I highly doubt that that's what Intel is doing. As much as some white/brown people here would like to think, if Intel is outsourcing this part, it's probably because it found Indian engineers that are capable of doing the job, and doing it well.
Shachar
But this does begs a different question. Why is outsourcing development to Israel any different than outsourcing it to India?
Don't get me wrong. I live in Israel, and I have nothing against seeing some of this money staying here. It's just that, putting on American goggles, I don't see how it makes any difference where money not spent in the US is spent. Is it that Israel is already a "R&D center", and therefor not a "new threat"?
Shachar
The first - the design guidelines (10 out of the 12 listed) are focused on appearance rather than on functionality. Making sure your icons look great (#4) comes long before producing a clean interface (#10).
The second is that this document carries a severe undertone of "make sure your app only works on Vista, and looks out of place on anything other than Aero". The entire document keeps saying "use Vista only API whenever you can" and "visually design the application to look out of place when not using the Vista UI" (with a few exceptions).
I guess this is how MS are trying to fight the competition formed by previous OSes being good enough. They try to make sure new applications don't work on them any more.
Shachar
IDA Pro (a very well known and capable disassembler rev-eng tool) comes with a demo version that won't rev-eng itself. Obviously, the first thing you do when you get the full version is to load IDA Pro in IDA Pro.
About five lines into the startup code IDA jumps into a subroutine that does exactly the above. The result? IDA's automatic initial analysis fails to disassemble most of the rest of the application.
Of course, IDA being the best tool around, if you know what you are doing you can just unmark the rest of the application as code, move one line down, and remark the application as code and you're done.
Shachar
P.S.
The real reason I was using IDA on IDA was that all of the crazy anti-rev-eng stuff in it was breaking when it ran on Wine with some security enhanced kernel features on. Turned out that it prevented Wine from getting the memory location where programs typically load themselves on Windows, and IDA was not tolerant to that kind of moving.
Sh.
According to an Iranian friend, the Iranian law does not allow copyright protection to non-Iranians. The answer is that the punishment for piracy may be severe (I don't know), but according to Iranian law, installing a copy of Windows without paying for it is not piracy.
Shachar
But it's rather long. I posted the detailed reasons in my blog.
In a nutshell:
- Intel has put lots of optimizations into the actual CPU. The author did not account for those.
- Future proof - C is a simple language, for which it is simple to write complex optimizers.
Shachar
Isn't that what you expect people you pay to represent to do?
If it's wrong for the company, it's wrong for the company. If it's right for the company, it remains right after you retire.
Plus, it is very non-professional to backtrack on your prvious decision the second your foot touches the outside word.
Shachar
Since this seems to stand in direct contradiction with everything we (or, at least, I) thought about her in the past, does that mean that Rosen, like any other CEO, will do whatever they think their current employer needs, regardless of personal opinion about it?
Even if the RIAA did start to go down the "sue individuals" after she left, it seems unlikely that this is not a direction she helped point the organization in.
Shachar
Tehila, an Israeli government unit dedicated to putting the gov. interaction with the public online, filed a criminal complaint against Avi Mizrachi for performing a vulnerability scan against the Mosad public site.
:-)
The bottom line is that the judge, in a surprisingly sane verdict, stated that if there was no intention to do damage, and damage was, indeed, not done, then the act was legal. There was some discussion of whether such acts should be universally allowed, and a statement (though I doubt it's an actual precedance) that automatically relying on the administrators to secure their own sites is not a wise thing to do.
I can tell you that the local professional media was up in arms after this was published
Shachar
You said that they don't want to allocate the resources (men, expertiese) for supporting themselves. This is an economical reason, not a security one.
If the DoD said "ok, let Check Point buy Sourcefire, but we will sieze to buy our support from the new unified company", that is an understandable statement (regarding not letting debug info leaving the country etc.).
Objecting to the actual SELL, however, is not.
I'll even go further. If the DoD said as above, it is not impossible that Check Point would have said "in that case, we won't buy the company". Knowing Check Point, it is much more likely that they wanted to buy SourceFire for their technology, and not their clients, and so that would not have dropped the deal. Still, these are economical pressures that I view as legitimate. Masking a purely economical concern as a security one is hypocracy.
Shachar
So, basically, you are saying that due to ECONOMICAL concerns, the DoD is citing security concerns as an objection?
Sounds wierd to me. In fact, it sounds like a misuse of objection power to me.
Then again, what do I know. I'm not American, am an Israeli, and a former Check Point employee to boot.
Shachar
Getting the characters right is the least of your problems. Getting them to display in the right order is.
There is a terminal emulator called "mlterm" that knows how to do that. Never used it, myself (Hebrew writer, but same problem). Whenever I need to handle Hebrew filenames, I either view it backwards or use a graphical environment.
Shachar
For businesses that make a living from selling support (SugarCRM, RedHat etc.), the path is a different one.
First, you create the project. You keep updating it and improving it, until it forms a community. You keep mentioning that you also offer commercial support for the project, but until it has a community of early adopters, no one will pay you to support it.
If you manage to cross that sea, however, there is good money in FOSS. RedHat make all their money by selling support for the product after they managed to turn it into a standard. MySQL argueably do the same (they also try to sell licenses, which is something I'm not sure I agree with). SugarCRM are doing the same, though they did annoy the "community" enough to create a split. It'll be interesting to see what happens with that.
The thing to understand here is that you have a very long road ahead of you yet, before you can actually quit your day job for this.
Personally, I moved into the "sell services, base them on FOSS" business. Some of the FOSS involved was written by us, but we never sell the actual software, always the service behind it.
Shachar
As someone who is a former Windows programmer, a Wine hacker and a security expert, I cannot escape the notion that many of Windows security weaknesses are a direct result of a deliberate design decisions made by Microsoft. This is not to say that Microsoft maliciously designed the entire system, starting with the API, going through the security and users system, and ending with the program features, based solely on "usability" and "convenience", with "security" either being discarded as unimportant or not being considered. Either way, it appears to me that many of the design decisions behind the way Windows were poorly made, security wise.
Vulnerabilities such as buffer overruns are implementation oversights. While the receive much hype for being easily exploitable, they are also a matter of issuing a fix and having it away with the problem. Vulnerabilities such as the latest WMF problems stem from lack of security consciousness when performing design, but low use of the relevant feature probably means that a fix is not very difficult to carry out. These are not the sort of problems I'm talking about.
To demonstrate what I am talking about, allow me to give a few isolated examples:
The problem with such design decisions is that the resulting vulnerabilities may not even be with Microsoft applications. I have seen vulnerabilities for both of the above problems with non-Microsoft anti-virus programs. Microsoft's response under such cases has always been "this is not a vulnerability in our code", despite not mentioning anywhere within its documentation that you are required to catch the "WM_TIMER" event, whether you need it or not, or your application will be vulnerable.
In short, it is my opinion that Microsoft's development environment is hostile to secure programming, simply because of the sheer enormity of the API, and because applications may be affected by areas of the API they did not use. This means that producing secure code for Windows requires a level of expertise far outside the level required for producing code.
One thing that is worse with this type of problems is that they receive little attention. While none of the problems I mentioned above is first published here, you will not find either of them mentioned on BugTraq or Full Disclosure anywhere within the past year. This, I believe, is a direct result of MS's "someone else's problem" approach. This means that Black Hats have an attack vector open that programmers are likely not aware of. I have talked to Black Hats that told me candidly that they get in anywhere they want by exploiting the fact that ActiveX's have no certificate revocation. Once an ActiveX was signed by Macromedia, Symantec or Microsoft, it remains signed, even if a security hole is discovered in it. They just push an old, insecure (but signed) ActiveX to the victim's machine, and then exploit the newly opened hole in order to get in.
Even worse, these problems are not implementation problems. People use both CreateProcess' NULL as application name AND WM_TIMER's callback option, which means that no simple implementation fix will close the hole without breaking applications. Microsoft provides no way to revoke a signature on an ActiveX.
My question, then,
Ehhm. I'm afraid that RAID is no substitution for backup. It only protects against ONE of the problems that backup protects against (again, full details at http://lingnu.com/backup.html - my company).
Trying to analyze what you have described, you have a serious problem if old backup tapes turn out to be bad (as they tend to do, over time). You cannot write data to a tape, and then just put it in a safe and expect it to stay there three years later. Every so often, a full (non-incremental) is necessary.
I do believe that the technology we employ for online backups would handle your case fairly well, though. We use rsync-friendly encryption (we developed it, but we open sourced the actual technology - http://sf.net/projects/rsyncrypto). This means that you don't have to upload the entire 700GB the whole of the time. In fact, for all practical purposes, you only upload the data that you have changed.
Still, with this magnitude of data, I'm not sure that online backup is the right path for you. If you wanted to back up the entire 700GB with our service, I may be able to get you a price as low as ~5$/compressed GB/month. Assuming we believe the industry that compression is 1:2 ratio, that means you need to pay for 350GB, or 1750$/month. Most companies prefer to roll their own at this price point.
Shachar