Obfuscation seems to be useful only for client-side Java applications that contains super-secret valuable algorithms. I mean, who cares if somebody decompiles your code to see how you did sortable JTables or whatever?
There are plenty of good reasons to use an obfuscator on code targeted at the client-side. Retroguard will strip out unnecessary information from your class files and will rewrite variable, class, and method names, usually to a substantially shorter size. This can save enough space in the deployment size to make obfuscation worthwhile for the space savings alone in environments where every byte counts (particularly, J2ME/MIDP).
Obfuscation does also provide a speed bump to those attempting to disassemble your code. Without obfuscation, anybody with a casual interest could just glance at your code using javap, etc. Retroguard fits saemlessly enough into the build process that adding a simple level of protection to the code is usually simple and transparent.
So there's exactly zero risk of filtering out legitimate domains.
I like your idea, but nothing is ever zero risk. What about Joe-jobs? If everybody used your system, then businesses would start sending out spam advertising their competitors so that you end up penalizing sites that don't deserve it and perhaps lose future, legitimate email about those sites.
With that said, your idea is a good one. I would wonder about taking it a step further. Once you have a list of spam domains, you could have a script periodically check which ones are still available, compile a list of registrars for each domain, and then add extra SpamAssassin points to future spam at domains registered at the same registrar. Some parasite has been forging email from one of my domains and I've discovered that the spammers generally limit their registrars to those which appear to be totally out to lunch. For example, the spam domain TOUCHD4D.COM is registered at BIZCN.COM, INC., but the BIZCN whois server and web server have been down every time I have tried contacting them in the last week.
Charging for email without securing the email infrastructure is a bad idea.
Spammers don't send mail from their computers, they send from your computer.
Hmmm... maybe that's not so bad. People would then have a financial incentive to keep their machines secure. A lot of people are either blissfully unaware that their computers are hijacked or they don't really care so long as they can still use their computer to surf the web and check their own email. If ISPs started billing the senders for spam, it might be a good wakeup call for people to be more vigilant about security when they get a nice hefty bill in mail.
Sounds like you might want to implement spf as well (spf.pobox.com)
Definitely. Once EasyDNS supports it I'm all over that, so long as it doesn't break the Everyone.net hosting.
Again, if the spammers are accepting credit cards, it should be fairly easy to track them down.
I think they are spamming on behalf of others, since the individual pieces of spam seem a bit disconnected. Sure, I could go ofter the people selling the services, but there's a large supply of them and only one spammer that's been abusing my system. It would be nice to take out the head.
I have been letting people set up free email accounts at kmfms.com for awhile, and there has been an abnormally large surge in new accounts recently (and the sign-up process does use the distorted letters). These have been junk accounts too. I had a huge number of sign-ups just last night and only 1 person actually came through my site first (the email service is provided by everyone.net, so somebody was evidently going straight there without hitting my site first). Once these junk accounts are created, spammers then send email from their own servers, but with the return address of the junk account. I don't know why they are doing this - I seriously doubt they are checking the accounts, and they aren't actually sending anything from the accounts, but they are doing it nonetheless and I have been getting a lot of complaints recently about spam even though all of the headers inidicate that my network and everyone.net's network wasn't involved.
I have given up that this point and as of today I am switching the email system so that all new users must be paid users. These spammers are like a swarm of locust consuming everything in their path, and now they have destroyed the free service I had been offering for years. I wish they were in the US so I could pursue legal action.
Personally if the pro Open Source lawyer is making statements like the above the document's credibility comes into question.
The lawyer didn't make that statement. The closest he comes to addressing the quality of volunteer versus professional work is where he lists specific examples to dispel the myth that Open Source does not produce innovation. The boat analogy was not related to the paper, the AC was just making a joke - the paper is actually very well reasoned.
It looks like Bugzilla has disabled links from Slashdot. So, you can cut and paste
http://bugzilla.mozilla.org/show_bug.cgi?id=217686 (remove any spaces that Slashdot's lameness filter adds) or you can search for bug number 217686.
I too have a large stack of bills that I sort through about once or twice a year and for that and many other reasons I have been wanting to switch to paying my bills online for quite some time now. The problem is that with online bills I would procrastinate just as much which is a serious problem because a lot of companies that I use only keep invoice records for the past X number of months (usually around 3 - 6). Most of my bills are business expenses and I consequently need to keep records of them, so I have chosen the lesser of two evils and continue with snail mail invoices so that I'll have everything kept around for my records even if I don't have time to load, save, and verify several dozen different web pages each month.
What I would absolutely love to have is a "recording mode" in Mozilla so that I could ditch the snail mail invoices forever. The way it would work is that you would click a "record" button on Mozilla to enter recording mode and then every page that you look at would be permanently archived for later user, including all page prerequisites (images, etc.), and all form data. Then, merely by paying my bills online, I would automatically get a permanent, electronic record without having to manually save the pages (which doesn't always work right anyway because some sites force cache expiration). Even better, Mozilla could detect that I normally record my visits to American Express, for example, and automatically ask me if I want to start recording the next time I visit, so that I don't even have to remember to click the "record" button.
I submitted this as a feature request to Bugzilla, but it could use some more people to vote for it. I would probably even pay a nominal bounty for this feature, though I don't have time to write up exactly what I want at the moment, so I'm just hoping that somebody else has the same itch.
How exactly do they expect people who have never read anything by Asimov to catch on that this is a movie?
When I saw it, they showed the standard green "The following preview has been rated G" screen before the trailer, so that tipped me off. Although, once it started playing I was a bit confused and wondering whether they messed up an ad by showing that screen first. I finally decided that it was probably just a weird preview since there is actually a company called iRobot down the street from me, and while their Roomba units are extremely cool, I thought it would be a bit of a leap for them (or anybody) to be releasing a humanoid robotic assistant in the near future.
How do you attack a settlement, exactly? Get one of the parties to the agreement to reneg?
I think that it was Chris Sontag who alluded before that SCO was going to be examining whether BSD had upheld it's end of the settlement agreement. I would assume that if a party fails to adhere to the terms of a settlement agreement, the other party would be entitled to some sort of legal relief which could possibly lead to the dissolution of the settlement (though I am not a lawyer, so I could be wrong - this just seems like a logical necessity to make settlements worthwhile). I could definitely see SCO using their tried and tested strategy of using a plausible legal argument combined with heaps of FUD to make it appear that they might have a case to the point that they can drag BSD through the courts and extend their extortion racket even further.
Well, you have to admit that it is a little bit unfair since it is not a company on the free market developing a competing product, but it is the governments of those nations doing it.
The thing is, these governments are customers of Microsoft. If it is cheaper for them to build an operating system for their own use than to pay for Windows, then it is the free market deciding because this is a purchasing decision for them. That's not to say that they don't have other motives as well, but so long as they are going for the most cost effective option it does not matter how biased their choice is because the "free market" choice would be the same. The US Army recently signed a deal to pay half a billion dollars for Windows. That's the US Army all by itself. Multiply that half billion by the number of other large governmental organizations that use Windows, then multiply that by three for the three Asian countries that will be collaborating, then multiply that by the number of times that they will need to pay for a Windows "upgrade", and you have massively more than the $1 billion that they intend to spend on their own OS. Linux is obviously the more cost effective choice. I wish the US Army would have clued into this.
Re:their SE course sucks
on
MIT Everyware
·
· Score: 1
Well put. I'd like to add that 6.170 was easily one of the best courses I took at MIT and it helped my programming ability tremendously. While in school, I had jobs on the side and that was more than enough to give me the grounding in reality that the original poster argued should be taught in an SE class. 6.170 covered how to properly design and write software. As you pointed out, how to manage client expectations is definitely an important skill to have, but not something that is fundamentally related to software engineering. If you consider that sort of thing important (and it is), just get a job while you're in school - you can't get any closer to real world experience than that.
You can't say that unless you know for a fact that not one line of Linux code was lifted from SCO source. If any of it was, then SCO IS fighting for IP rights.
Please re-read my post - you missed the entire point. I said that SCO is flagrantly violating the IP rights of others and I said nothing about whether or not SCO's own IP was being violated. They are distributing the copyrighted work of thousands of developers without permission (i.e., the Linux kernel). Regardless of whether or not they have rights to the fraction of code that is under dispute with IBM, there is certainly a very large portion of the kernel which they don't have the rights to, and yet they continue to distribute it in violation of the license. They are also seeking to destroy the right of authors to control how their works are distributed (i.e., they are attempting to outlaw free distribution in general, not just with their alleged code). They can hardly claim the high ground where they say that they are fighting for IP rights in general when they violate others' rights like this.
It's very ironic that SCO claims to be fighting for intellectual property rights when they are seeking to destroy the right of authors to control how their work is distributed. There is no reason that they should be attacking the legitimacy of open source licenses like this when their dispute with IBM is supposedly contractual. McBride actually admitted today that their attack is about destroying free software which is just disgusting considering that one of the core principals of IP law is that the author should be able to disseminate his work as he wishes - SCO apparently wants to destroy this choice.
I was disturbed enough by Darl McBride's statement last Friday (which he repeated again today in Vegas) that the "silent majority" of companies in the IT industry support SCO's recent actions that I had my company release a public statement of opposition to SCO. It would seem that the latest thing SCO is trying to claim ownership of is the opinion of companies that have been silent on the issue, so I am calling on companies to break the silence. If you have control over such things in your company, please get them to either copy the statement of opposition to SCO that I wrote to your company's website or write and post your own statement of opposition. Let the world know that SCO is strongly opposed within the industry and that they are truly fighting to destroy the intellectual property rights that they claim to be championing.
While I have your undivided attention due to interest in the story, dare I ask why slashdot breaks links like that? Anyone know?
Some people used to engage in the practice of "page widening". They would post comments that would intentionally take up more than the normal page width so as to force horizontal scrolling. Because all of the comments are in one big HTML table (I think), widening one comment had the effect of widening the entire page. It was most annoying to have to scroll back and forth to read each line of a comment. I suspect that's why any word over a certain length is split now.
I'm sure Slashdot will insert a space in that visible version of that one as well, so if you're using Mozilla, right-click on the link and select "Copy link location" to get the URL on your clipboard.
Great post. Maybe somebody should start a web page with links to references that best demonstrate the most important points that would qualify the executives for jail time and SCO for the corporate death penalty. I'd definitely like to write my attorney general, but I know it's going to take awhile to do all the research for this and I can't help thinking that hundreds of other people will be doing the same research and it would be more efficient to pool it instead. I'm not looking to send out a cookie-cutter letter because I think those are generaly ignored, but I don't think sharing references would have the same negative effect since the write-up will vary greatly from person to person.
Also, one particular thing that I think is worth researching and compiling some hard numbers for is how much money Linux is saving US companies. Politicians are particularly concerned about the economy right now and I think it would be very helpful to point out that Linux is helping US companies substantially cut costs and be more efficient without laying people off. I vaguely remember an article about how Amazon saved millions by switching to Linux. Other such testimonials could probably be compiled as well.
I was thinking about this yesterday. What about a pledge drive run through a trusted organization like the FSF? People could pledge what they wanted and wouldn't be obligated to give the money unless the total pledges reached a certain amount. This would avoid the problem of collecting less than the amount of money needed to do this the right way. Also, having the FSF (or a similar organization) handle it would also cover the problem of what to do if money is left over at the end - the FSF could just put it towards further development, which is what they already do. I'd certainly donate some money if the goals were clearly stated and were a reasonable legal offensive against SCO.
Ownership is something that our society has created (and other societies), it was created so we don't go around bashing people to get things that we want. Since ownership is totally a societal convention, then society decides what can be owned and what can't, and what ownership entails. It does not have to be tangible, such as a car, a spot on the moon or a computer. It can be a thought, a word, a piece of air or a volume of empty space.
The difference is that with tangible objects, your use of the object generally deprives others from using it as well. With ideas, however, the fact that you use my idea has no impact on my own ability to continue using that idea - you have not "stolen" the idea from me because I still have full use of the idea. Tangible objects which can only be used by a limitted number of people at once lead quite naturally to the concept of ownernship, whereas ideas which can be used by an unlimitted number of people would contribute far more to the course of human evolution when freely shared. The original purpose of the copyright and patent systems was to encourage the creation of ideas which would be freely shared, the reasoning being that time limitted ownership would provide the necessary encouragement. The ownership was not meant as an ends unto itself.
They aren't a business. They can't afford to code up every little thing when they need it and they need to know that they can depend on somebody else to fix any problems that might come up.
Wait a minute... they just agreed to purchase half a billion dollars worth of software and you're saying they can't afford to hire people to oversee the customization and support they might need with something like Linux? For probably a lot less than half a billion dollars they could hire Linus himself and probably have more than enough left over to hire Alan Cox, RMS, and pretty much whomever else they please.
It's a variant of the "Who do you sue" problem. Microsoft's stuff is easily usable and ultimately gets the job done, which lets them focus on what's important.
If you have your own IT department custom rolling Linux distributions for you, you are going to get things that just work and are easy to use. The iRobots that debuted in Afghanistan ran Linux and I don't think anybody complained about needing to anti-alias fonts or that they were too hard to use. In fact, the soldiers had a very easy time learning to use them and found them to be invaluable. The point is, the military has successfully used Linux, they did get excellent support from a vendor, and they certainly didn't pay half a billion dollars for it.
Sure, it appears that they either don't understand or believe the GPL, but I doubt they are that dumb. I think what's going on is that they realize that they can't stop others from distributing Linux because they are still distributing it themselves (despite their claims otherwise), but they want to keep people from distributing it anyway, and spreading FUD like this is how they do it. Why do they want to keep people from using Linux if they would have a hard time legally enforcing it? They want to drive people from Linux to Unix because they believe that they can exert control over Unix. I believe that is their plan. They want to drive people away from what they can't control into the arms of the closest alternative, which they do plan to control.
I think letting "I hate Microsoft" or "I hate open source" sway your decision is unprofessional
Many of the reasons that people hate Microsoft are very relevant to what is the best tool for a job. Microsoft has a very long history of screwing over people, including their own customers, they have a long history of insecure products, a long history of bugs, a long history of thwarting interoperability, and many other things which really should be considered. People who hate Microsoft and apply this to their choice of tools to use for a job may have just internalized the knowledge of the risks that generally come with using Microsoft products. It doesn't just matter how well the product works, it also matters whether the company that makes the product is going to knock on your door a year later demanding that you prove that you paid for all of your software, it matters whether your software will suddenly stop working because you can't re-register it when it decides to demand it, it matters if the product plays nice now but down the line breaks interopability with standards such that it only works with other products from the same company. Just because.NET may work fine now doesn't mean that it is a good business decision - Microsoft's sordid history should be a consideration and it is not unprofessional to factor in a company's past business practices into whether using its current products is a good idea.
There used to be an excellent description of vaporware and why it is so damaging on Caldera's (aka, SCO's) website. It was also very damning of Microsoft and it seemed to have dropped off the net in 2001 (draw your own conclusions on how related those two points are to each other and to the the recent "licensing" done by Microsoft of "SCO's" Unix rights). Thankfully, you can still grab a copy from the Wayback Machine. The write-up is still good even if Caldera isn't.
Note: the link points to an old copy of drdos.com. Dr-Dos was recently sold to some other company, but the vaporware paper was taken down long before that.
As for revoking the license, it would merely deny the right of SCO to distribute Linux kernel, including security fixes. I don't think it's a good idea.
That's not the point. The point is to force their hand now. Those 1,300 (or was it 1,500?) threatening letters that they sent to Linux companies could very much be construed as SCO saying that those companies may not redistribute Linux, even though the letters may not have said exactly that. If somebody sues them for attempting to add restrictions to the GPL they will either be forced to say that redistribution of at least the source that SCO itself is distributing is OK or they will need to screw over their current customers by ceasing to issue security fixes, as you pointed out. In my opinion, the sooner somebody counter-sues them to force their hand the better because their is way too much FUD flying around.
Slashdot Mirror
Obfuscation does also provide a speed bump to those attempting to disassemble your code. Without obfuscation, anybody with a casual interest could just glance at your code using javap, etc. Retroguard fits saemlessly enough into the build process that adding a simple level of protection to the code is usually simple and transparent.
With that said, your idea is a good one. I would wonder about taking it a step further. Once you have a list of spam domains, you could have a script periodically check which ones are still available, compile a list of registrars for each domain, and then add extra SpamAssassin points to future spam at domains registered at the same registrar. Some parasite has been forging email from one of my domains and I've discovered that the spammers generally limit their registrars to those which appear to be totally out to lunch. For example, the spam domain TOUCHD4D.COM is registered at BIZCN.COM, INC., but the BIZCN whois server and web server have been down every time I have tried contacting them in the last week.
I have given up that this point and as of today I am switching the email system so that all new users must be paid users. These spammers are like a swarm of locust consuming everything in their path, and now they have destroyed the free service I had been offering for years. I wish they were in the US so I could pursue legal action.
It looks like Bugzilla has disabled links from Slashdot. So, you can cut and paste http://bugzilla.mozilla.org/show_bug.cgi?id=217686 (remove any spaces that Slashdot's lameness filter adds) or you can search for bug number 217686.
What I would absolutely love to have is a "recording mode" in Mozilla so that I could ditch the snail mail invoices forever. The way it would work is that you would click a "record" button on Mozilla to enter recording mode and then every page that you look at would be permanently archived for later user, including all page prerequisites (images, etc.), and all form data. Then, merely by paying my bills online, I would automatically get a permanent, electronic record without having to manually save the pages (which doesn't always work right anyway because some sites force cache expiration). Even better, Mozilla could detect that I normally record my visits to American Express, for example, and automatically ask me if I want to start recording the next time I visit, so that I don't even have to remember to click the "record" button.
I submitted this as a feature request to Bugzilla, but it could use some more people to vote for it. I would probably even pay a nominal bounty for this feature, though I don't have time to write up exactly what I want at the moment, so I'm just hoping that somebody else has the same itch.
Well put. I'd like to add that 6.170 was easily one of the best courses I took at MIT and it helped my programming ability tremendously. While in school, I had jobs on the side and that was more than enough to give me the grounding in reality that the original poster argued should be taught in an SE class. 6.170 covered how to properly design and write software. As you pointed out, how to manage client expectations is definitely an important skill to have, but not something that is fundamentally related to software engineering. If you consider that sort of thing important (and it is), just get a job while you're in school - you can't get any closer to real world experience than that.
I was disturbed enough by Darl McBride's statement last Friday (which he repeated again today in Vegas) that the "silent majority" of companies in the IT industry support SCO's recent actions that I had my company release a public statement of opposition to SCO. It would seem that the latest thing SCO is trying to claim ownership of is the opinion of companies that have been silent on the issue, so I am calling on companies to break the silence. If you have control over such things in your company, please get them to either copy the statement of opposition to SCO that I wrote to your company's website or write and post your own statement of opposition. Let the world know that SCO is strongly opposed within the industry and that they are truly fighting to destroy the intellectual property rights that they claim to be championing.
Also, one particular thing that I think is worth researching and compiling some hard numbers for is how much money Linux is saving US companies. Politicians are particularly concerned about the economy right now and I think it would be very helpful to point out that Linux is helping US companies substantially cut costs and be more efficient without laying people off. I vaguely remember an article about how Amazon saved millions by switching to Linux. Other such testimonials could probably be compiled as well.
I was thinking about this yesterday. What about a pledge drive run through a trusted organization like the FSF? People could pledge what they wanted and wouldn't be obligated to give the money unless the total pledges reached a certain amount. This would avoid the problem of collecting less than the amount of money needed to do this the right way. Also, having the FSF (or a similar organization) handle it would also cover the problem of what to do if money is left over at the end - the FSF could just put it towards further development, which is what they already do. I'd certainly donate some money if the goals were clearly stated and were a reasonable legal offensive against SCO.
Sure, it appears that they either don't understand or believe the GPL, but I doubt they are that dumb. I think what's going on is that they realize that they can't stop others from distributing Linux because they are still distributing it themselves (despite their claims otherwise), but they want to keep people from distributing it anyway, and spreading FUD like this is how they do it. Why do they want to keep people from using Linux if they would have a hard time legally enforcing it? They want to drive people from Linux to Unix because they believe that they can exert control over Unix. I believe that is their plan. They want to drive people away from what they can't control into the arms of the closest alternative, which they do plan to control.
Note: the link points to an old copy of drdos.com. Dr-Dos was recently sold to some other company, but the vaporware paper was taken down long before that.