Suckers come in both varieties, some zealots will gladly use open-source free crap, and others will use cost-effective closed-source proprietary software.
You know of some cost-effective closed-source proprietary software? I've been a sysadmin for a fair while, but I haven't found any yet. All the closed-source proprietary software I've ever encountered has fallen into one of two categories:
Crap
As expensive as it can possibly be and still make the sale
And the latter category is rare. When I talk to the business-oriented guys in the company, they tell me that this is how it must be; the market will sustain nothing else, regardless of what field you're in. Once you're competing in the marketplace, you have to sell to either the upper or lower end - if you try to sell to the middle, you will lose, unless there's something special about the market that forces people to choose you (for real-world shops, physical proximity is one such property). I don't know whether they're right, but they do represent the prevailing opinion of business thinkers, which determines the products you will find in the market.
Nobody sells cost-effective proprietary software. You can have good or cheap; either way the cost is disproportionate to the effectiveness. If you want both, you have to find or create a free software product that doesn't suck.
You might have a point except for one small problem.
What's the best civ game currently in existence? Freeciv. Meier hasn't produced anything really good since civ 2.
So, translation of your message from Slashdot into English:
I like money and Sid should be able to cash in on his idea despite the fact that it's inferior to equivalent games that people have been able to produce for free, without spending all that money on it.
The free market doesn't work like that. If Sid, spending all that money and development time, can't make a game that's better than something people can throw together for free, then he doesn't deserve to make any money off it. If he can make a game that's better then he will make money off it. This is not a regulated market, people are going to play the better game.
Put simply, they implement less. Less features, mostly - usually to the point of anemia. So while the BSDs might be more likely to work, the GNU platforms are more likely to actually do what you want. That's probably got a lot to do with why the GNU platforms have been a qualified success, while the BSDs have mostly been irrelevent in the market. After all, it's easier to fix a bug than it is to implement new features.
Of course, the effect of this is that if something actively bad is happening, you can't do anything to stop it - you can only try to avoid being associated with the inevitable disaster.
It's all very well to say "Be positive", but a lot of the time, the best thing to do is to stop doing whatever it is that you're doing. Inaction is often better than action, because there's normally a large selection of actions that will make things worse, and the handful that will make things better are costly, so you can't do them often because your resources are limited. So the right answer often is "What you are doing is bad. Stop it". And no amount of saying "Be positive" is going to change that.
ATMs simply aren't secure. You can argue all day about how much the bank does or should trust them and how they can absorb financial losses, but eventually it all comes down to this:
The preferred method for stealing cash from an ATM is to attach it to a truck, with a heavy chain, and floor it. Then pick up the cash box when it's forcibly yanked out of the wall and drive off. Or, for those ATMs which are a single unit, to simply tow the whole thing away and apply a cutting torch later. See also http://www.bancinsure.com/pdfs/BGC1296.htm.
What is the point in securing the software? Nobody bothers to steal money that way anyway. It's too easy to steal the whole ATM for any more sophisticated attacks to make sense. And there's too many ATMs in the world to make it financially viable to defend them against people who own small trucks.
The primary line of defence that the banks use is that ATMs don't contain much cash.
And even in our lifetime, we've altered the level of CO2 in the atmosphere. [...] Who, exactly, has been telling you that they know how everything works?
You did, right there.
In our lifetime we have observed a change in the level of CO2 in the atmosphere.
We have absolutely no conclusive evidence what caused it. We have an abundance of plausible theories. People have been working the problem for years and all they've come up with is circumstancial evidence that doesn't really disprove any of them.
What they're going to laugh at in the future is the way people were so arrogant to have believed that they could have done something so huge, on the basis of so little evidence.
It's like the way that medical people used to believe that disease was caused by bad smells. Everybody could see it was true - the people in the bad smelling places were disease-ridden, while the people in the clean hospitals weren't. Obviously the elimination of bad smells prevented disease. So wearing strong perfume would be a good defence.
Oops.
One of the most common themes in the history of science is that people are always mistaking effects for causes. Evidence of correlation is not evidence of causality.
The most likely answer, when confronted with a problem in the physical sciences where you have several answers and can't prove any of them, is that they're all wrong and you haven't thought of the right one yet. Scientists come up with far more wrong ideas than they do right ones.
I'm guessing it's going to be easier to come up with replacements for time/effort/money/angst/blather than it will be to order up some replacement ozone.
You are assuming that both choices are free, or at least have equal cost.
Our resources are very finite. In order to take action against the perceived ozone problem, we must sacrifice something else. It all gets complicated and confused by macro-economics, but that's what it boils down to.
The question is not, "Which is the easier one to fix once it's broken?". The question is, "Given what we know about the relative probabilities of all these things needing to be done, their costs, and potential consequences, which of them are we going to sacrifice?"
And that's a much harder question. Nobody here gets to decide what the answer will be.
Be realistic, this is a EULA for a proprietary, mass-market piece of software. It is intended to prohibit everything it possibly can while maintaining an appearence of fairness. It will then be selectively enforced to maximise revenue.
Nothing will happen until you're a company making millions from selling laptops that ship with flash player installed. Then Macromedia comes along and demands a significant slice of your profits, you evil pirate, because don't they deserve renumeration for all their hard work? (Sound familiar?) That's what this EULA was designed for and that's what it will be used for.
EULAs aren't designed to prevent usage. They're designed to tax it.
Authors rely on sales for their livelyhood. How many of your favorite books would not have been written if the author had to wait tables or work construction to put food on the table and a roof over their head?
Probably about all of them would have been written, given that pretty much every author has to do that. The number of authors who do not have to hold down a day job in order to finance their writing career is infinitesimal, and even the big names take years before they're making enough money to be able to work on nothing else.
Publishers make money. Retailers make money. Construction workers make money. Authors make books. If they wanted money, they'd be publishers or retailers, not authors. Just about everything pays better than being an author.
It's a reality today!? So does that mean when I'm on the way home on the train today I'll be able to watch any movie or any episode of any TV show I can name?
Yes, but you'll need to name the show precisely, including any misspellings that the nerd who keyed in the database made. You will also have to watch adverts from the original screening, because depriving those 1980s companies of their revenue would be PIRACY, and you can't eat while you're watching unless it's from an authorised supplier.
I know this sounds (is?) crazy, but why not open up the architecture of the old mainframes, and base the next generation of PC hardware on those ideas?
The simple answer is because they aren't obsolete. IBM still has a very large business building and selling those mainframes, which they have continued to develop. If you want that kind of hardware, you talk to IBM, and they will sell it to you. If you don't, you buy a PC.
If you just want one instance of linux and one of windows on your desk, you buy two PCs. It's cheaper.
No, it wasn't just the 75GB disks, it was the entire series of disks using 15GB platters.
Closer, but it's even more detailed than that. It was the entire series of platters produced at one particular fabrication plant. Which is why you get such varied reports about them - the same drives were made at (at least) two plants, and only one of them was broken (the cause was a bad retooling when they started that line of disks, or something like that).
My phone line has rarely gone down if ever. I can't come close to saying that about my internet connections, cable or DSL.
Obviously you don't live in the UK. Around here, BT go to great lengths to ensure that telephone service attains the same degree of unreliability as everything else. If necessary they will employ people to come around to your house and put a spade through your telephone line.
I mean, you have issues (DDOS) with VOIP you just don't have with traditional PSTN service.
Uhh, did you just say that phone phreakers never happened?
The key point you're missing is that people are dumb.
The clue you missed is that pretty much everything written in PHP was fairly obviously written by somebody who wasn't very bright. Have you ever seen a well-written PHP application?
Not that java/jsp is the best system ever invented... but PHP is awful, and so it calls out to the legions of bad programmers in the world.
Here is a good article on why PHP is awful, for those who haven't actually used it: http://www.bitstorm.org/edwin/en/php-sucks/. It also links to a number of other articles which also make good points, at the bottom.
If you don't see why encryption can solve this problem, then you don't have a technical mind.
The information supplied by the card is of ZERO value to any criminal. Copying the data sent over the air is completely useless. No secret is ever revealed. Everything transmitted is considered 'public' information, in the sense that it doesn't matter who sees it.
The message from the card in particular is useless, and doesn't even need to be encrypted. It can say "Alice has made a purchase of two pairs of woollen socks from the shop on the corner for £2.67. This is her third purchase on 20/05/2005", and the credit company can maintain a replay database to make sure that she only makes one third purchase on a given day.
Replaying that message to another device accomplishes nothing. It's not a purchase at this device, for this object or amount of money, or which will actually be accepted by the credit company.
We aren't really talking about 'contactless credit cards' here. We're talking about contactless smart cards, which are a well-developed technology. They are nothing like RFID.
Now, there's still plenty of room for the credit companies to screw up security on these cards, particularly since they don't actually care how secure they are. But genre attacks like you describe are not an issue.
No, actually, this is specifically something which freenet is not intended to solve. The "attack" here is where somebody breaks into your house and compromises the terminal you use to access freenet. Obviously this is always going to work. If you had bothered to read the project website you would note that they explained this.
It so happens that they can do something about this specific attack, and they will. But it was never an objective and it won't stop a really determined attacker.
"Your RAM doesn't work? That's okay, send it back and we'll send you more RAM that doesn't work."
No, it's "Your purchase doesn't work? Call the original manufacturer and convince them that it doesn't work, get six forms and send them to various places, call us and convince us that you did all this, send your purchase back to us, and we'll claim we never received it so screw you".
Silly US fools, we'd never stand for this kind of nonsense in the UK. Fortunately as a UK citizen, I'm exempt from all this nonsense; I simply tell the credit card company to cancel the charge. TigerDirect can argue it out with them. You people really should throw out your government.
For current space-ready equipment, we're talking on the order of 6 MFLOPS... aprox 30 MIPS at 20 MHz. You are not going to run Doom or Quake on this stuff.
I dunno, you should be able to run Doom on that. Wouldn't get much of a graphics display out of it, but who cares? Quake might be pushing it, but not by much. It's not like trying to run Half-Life.
Any process that is owned by a given user has all the authority that that user could have
Linux doesn't have this problem.
The most dangerous operations, such as processing network data, require root privileges. I still think that "must be root to bind ports < 1024" is the #1 Unix/Linux security bug and we've been suffering with it for three decades.
Or this...
There is a user (root) which can access everything in the system. There's no way to grant a program the capability to listen to port 80 without also granting it the capability to write raw blocks on the disk, access raw devices, access other users' files, etc. This is an absolute disaster. No ordinary web server needs the ability to write raw disk blocks, so it shouldn't have the capability to do it.
Or even this. Get with the decade. We're using Linux now, not SysV UNIX. There are at least three entirely different ways of doing things. You don't normally see people bothering to deploy this sort of stuff because most of the time it just doesn't matter. The basic unix privilege model is good enough for almost every scenario, and flexible enough to expand upwards on the occasions where you need something more.
Given the importance of the Time Lords to the defence of spacetime against all the morons who have managed to get their hands on time travel technology and other creative ways to bugger the universe over the years, their destruction can only be a collossal fuckup. Fixing it is probably the Doctor's job, either in this series or in a future one.
License plates can't normally be silently and undetectably changed in seconds by flipping a switch. RFID tags pretty much can.
And just imagine the fun you could have with the ability to make the person in the next car over pay for your tolls, fuel, parking, or whatever, just by duplicating their RFID signal. Virtually undetectable petty fraud!
It's called the Road Tax, and pays for the upkeep of the roads. This is different: you have to pay a tax for being a pain and cluttering up some of the busiest streets in the country.
Slashdot Mirror
You know of some cost-effective closed-source proprietary software? I've been a sysadmin for a fair while, but I haven't found any yet. All the closed-source proprietary software I've ever encountered has fallen into one of two categories:
And the latter category is rare. When I talk to the business-oriented guys in the company, they tell me that this is how it must be; the market will sustain nothing else, regardless of what field you're in. Once you're competing in the marketplace, you have to sell to either the upper or lower end - if you try to sell to the middle, you will lose, unless there's something special about the market that forces people to choose you (for real-world shops, physical proximity is one such property). I don't know whether they're right, but they do represent the prevailing opinion of business thinkers, which determines the products you will find in the market.
Nobody sells cost-effective proprietary software. You can have good or cheap; either way the cost is disproportionate to the effectiveness. If you want both, you have to find or create a free software product that doesn't suck.
You might have a point except for one small problem.
What's the best civ game currently in existence? Freeciv. Meier hasn't produced anything really good since civ 2.
So, translation of your message from Slashdot into English:
I like money and Sid should be able to cash in on his idea despite the fact that it's inferior to equivalent games that people have been able to produce for free, without spending all that money on it.
The free market doesn't work like that. If Sid, spending all that money and development time, can't make a game that's better than something people can throw together for free, then he doesn't deserve to make any money off it. If he can make a game that's better then he will make money off it. This is not a regulated market, people are going to play the better game.
Realise that Penny Arcade is a couple of game geeks who had good timing. They don't do this stuff for publicity. They do it for laughs.
Put simply, they implement less. Less features, mostly - usually to the point of anemia. So while the BSDs might be more likely to work, the GNU platforms are more likely to actually do what you want. That's probably got a lot to do with why the GNU platforms have been a qualified success, while the BSDs have mostly been irrelevent in the market. After all, it's easier to fix a bug than it is to implement new features.
Of course, the effect of this is that if something actively bad is happening, you can't do anything to stop it - you can only try to avoid being associated with the inevitable disaster.
It's all very well to say "Be positive", but a lot of the time, the best thing to do is to stop doing whatever it is that you're doing. Inaction is often better than action, because there's normally a large selection of actions that will make things worse, and the handful that will make things better are costly, so you can't do them often because your resources are limited. So the right answer often is "What you are doing is bad. Stop it". And no amount of saying "Be positive" is going to change that.
ATMs simply aren't secure. You can argue all day about how much the bank does or should trust them and how they can absorb financial losses, but eventually it all comes down to this:
The preferred method for stealing cash from an ATM is to attach it to a truck, with a heavy chain, and floor it. Then pick up the cash box when it's forcibly yanked out of the wall and drive off. Or, for those ATMs which are a single unit, to simply tow the whole thing away and apply a cutting torch later. See also http://www.bancinsure.com/pdfs/BGC1296.htm.
What is the point in securing the software? Nobody bothers to steal money that way anyway. It's too easy to steal the whole ATM for any more sophisticated attacks to make sense. And there's too many ATMs in the world to make it financially viable to defend them against people who own small trucks.
The primary line of defence that the banks use is that ATMs don't contain much cash.
And even in our lifetime, we've altered the level of CO2 in the atmosphere.
[...]
Who, exactly, has been telling you that they know how everything works?
You did, right there.
In our lifetime we have observed a change in the level of CO2 in the atmosphere.
We have absolutely no conclusive evidence what caused it. We have an abundance of plausible theories. People have been working the problem for years and all they've come up with is circumstancial evidence that doesn't really disprove any of them.
What they're going to laugh at in the future is the way people were so arrogant to have believed that they could have done something so huge, on the basis of so little evidence.
It's like the way that medical people used to believe that disease was caused by bad smells. Everybody could see it was true - the people in the bad smelling places were disease-ridden, while the people in the clean hospitals weren't. Obviously the elimination of bad smells prevented disease. So wearing strong perfume would be a good defence.
Oops.
One of the most common themes in the history of science is that people are always mistaking effects for causes. Evidence of correlation is not evidence of causality.
The most likely answer, when confronted with a problem in the physical sciences where you have several answers and can't prove any of them, is that they're all wrong and you haven't thought of the right one yet. Scientists come up with far more wrong ideas than they do right ones.
I'm guessing it's going to be easier to come up with replacements for time/effort/money/angst/blather than it will be to order up some replacement ozone.
You are assuming that both choices are free, or at least have equal cost.
Our resources are very finite. In order to take action against the perceived ozone problem, we must sacrifice something else. It all gets complicated and confused by macro-economics, but that's what it boils down to.
The question is not, "Which is the easier one to fix once it's broken?". The question is, "Given what we know about the relative probabilities of all these things needing to be done, their costs, and potential consequences, which of them are we going to sacrifice?"
And that's a much harder question. Nobody here gets to decide what the answer will be.
Be realistic, this is a EULA for a proprietary, mass-market piece of software. It is intended to prohibit everything it possibly can while maintaining an appearence of fairness. It will then be selectively enforced to maximise revenue.
Nothing will happen until you're a company making millions from selling laptops that ship with flash player installed. Then Macromedia comes along and demands a significant slice of your profits, you evil pirate, because don't they deserve renumeration for all their hard work? (Sound familiar?) That's what this EULA was designed for and that's what it will be used for.
EULAs aren't designed to prevent usage. They're designed to tax it.
Authors rely on sales for their livelyhood. How many of your favorite books would not have been written if the author had to wait tables or work construction to put food on the table and a roof over their head?
Probably about all of them would have been written, given that pretty much every author has to do that. The number of authors who do not have to hold down a day job in order to finance their writing career is infinitesimal, and even the big names take years before they're making enough money to be able to work on nothing else.
Publishers make money. Retailers make money. Construction workers make money. Authors make books. If they wanted money, they'd be publishers or retailers, not authors. Just about everything pays better than being an author.
It's a reality today!? So does that mean when I'm on the way home on the train today I'll be able to watch any movie or any episode of any TV show I can name?
Yes, but you'll need to name the show precisely, including any misspellings that the nerd who keyed in the database made. You will also have to watch adverts from the original screening, because depriving those 1980s companies of their revenue would be PIRACY, and you can't eat while you're watching unless it's from an authorised supplier.
I know this sounds (is?) crazy, but why not open up the architecture of the old mainframes, and base the next generation of PC hardware on those ideas?
The simple answer is because they aren't obsolete. IBM still has a very large business building and selling those mainframes, which they have continued to develop. If you want that kind of hardware, you talk to IBM, and they will sell it to you. If you don't, you buy a PC.
If you just want one instance of linux and one of windows on your desk, you buy two PCs. It's cheaper.
No, it wasn't just the 75GB disks, it was the entire series of disks using 15GB platters.
Closer, but it's even more detailed than that. It was the entire series of platters produced at one particular fabrication plant. Which is why you get such varied reports about them - the same drives were made at (at least) two plants, and only one of them was broken (the cause was a bad retooling when they started that line of disks, or something like that).
My phone line has rarely gone down if ever. I can't come close to saying that about my internet connections, cable or DSL.
Obviously you don't live in the UK. Around here, BT go to great lengths to ensure that telephone service attains the same degree of unreliability as everything else. If necessary they will employ people to come around to your house and put a spade through your telephone line.
I mean, you have issues (DDOS) with VOIP you just don't have with traditional PSTN service.
Uhh, did you just say that phone phreakers never happened?
The key point you're missing is that people are dumb.
The clue you missed is that pretty much everything written in PHP was fairly obviously written by somebody who wasn't very bright. Have you ever seen a well-written PHP application?
Not that java/jsp is the best system ever invented... but PHP is awful, and so it calls out to the legions of bad programmers in the world.
Here is a good article on why PHP is awful, for those who haven't actually used it: http://www.bitstorm.org/edwin/en/php-sucks/. It also links to a number of other articles which also make good points, at the bottom.
If you don't see why encryption can solve this problem, then you don't have a technical mind.
The information supplied by the card is of ZERO value to any criminal. Copying the data sent over the air is completely useless. No secret is ever revealed. Everything transmitted is considered 'public' information, in the sense that it doesn't matter who sees it.
The message from the card in particular is useless, and doesn't even need to be encrypted. It can say "Alice has made a purchase of two pairs of woollen socks from the shop on the corner for £2.67. This is her third purchase on 20/05/2005", and the credit company can maintain a replay database to make sure that she only makes one third purchase on a given day.
Replaying that message to another device accomplishes nothing. It's not a purchase at this device, for this object or amount of money, or which will actually be accepted by the credit company.
We aren't really talking about 'contactless credit cards' here. We're talking about contactless smart cards, which are a well-developed technology. They are nothing like RFID.
Now, there's still plenty of room for the credit companies to screw up security on these cards, particularly since they don't actually care how secure they are. But genre attacks like you describe are not an issue.
No, actually, this is specifically something which freenet is not intended to solve. The "attack" here is where somebody breaks into your house and compromises the terminal you use to access freenet. Obviously this is always going to work. If you had bothered to read the project website you would note that they explained this.
It so happens that they can do something about this specific attack, and they will. But it was never an objective and it won't stop a really determined attacker.
I don't believe it is possible to sign those rights away under UK law, ignoring the rules for anonymous publication.
"Your RAM doesn't work? That's okay, send it back and we'll send you more RAM that doesn't work."
No, it's "Your purchase doesn't work? Call the original manufacturer and convince them that it doesn't work, get six forms and send them to various places, call us and convince us that you did all this, send your purchase back to us, and we'll claim we never received it so screw you".
Silly US fools, we'd never stand for this kind of nonsense in the UK. Fortunately as a UK citizen, I'm exempt from all this nonsense; I simply tell the credit card company to cancel the charge. TigerDirect can argue it out with them. You people really should throw out your government.
Why is the Doctor so staunchly opposed to Jackie travelling with them, when he was willing to bring Mickey?
Because she's an idiot. I wouldn't want her travelling with me either.
I also suspect that this Doctor may not be the Doctor.
Every Doctor is unique. All they really share is memory. Regeneration is more than a physical change.
For current space-ready equipment, we're talking on the order of 6 MFLOPS ... aprox 30 MIPS at 20 MHz. You are not going to run Doom or Quake on this stuff.
I dunno, you should be able to run Doom on that. Wouldn't get much of a graphics display out of it, but who cares? Quake might be pushing it, but not by much. It's not like trying to run Half-Life.
Any process that is owned by a given user has all the authority that that user could have
Linux doesn't have this problem.
The most dangerous operations, such as processing network data, require root privileges. I still think that "must be root to bind ports < 1024" is the #1 Unix/Linux security bug and we've been suffering with it for three decades.
Or this...
There is a user (root) which can access everything in the system. There's no way to grant a program the capability to listen to port 80 without also granting it the capability to write raw blocks on the disk, access raw devices, access other users' files, etc. This is an absolute disaster. No ordinary web server needs the ability to write raw disk blocks, so it shouldn't have the capability to do it.
Or even this. Get with the decade. We're using Linux now, not SysV UNIX. There are at least three entirely different ways of doing things. You don't normally see people bothering to deploy this sort of stuff because most of the time it just doesn't matter. The basic unix privilege model is good enough for almost every scenario, and flexible enough to expand upwards on the occasions where you need something more.
Given the importance of the Time Lords to the defence of spacetime against all the morons who have managed to get their hands on time travel technology and other creative ways to bugger the universe over the years, their destruction can only be a collossal fuckup. Fixing it is probably the Doctor's job, either in this series or in a future one.
License plates can't normally be silently and undetectably changed in seconds by flipping a switch. RFID tags pretty much can.
And just imagine the fun you could have with the ability to make the person in the next car over pay for your tolls, fuel, parking, or whatever, just by duplicating their RFID signal. Virtually undetectable petty fraud!
It's called the Road Tax, and pays for the upkeep of the roads. This is different: you have to pay a tax for being a pain and cluttering up some of the busiest streets in the country.