Do you pay for business liability insurance coverage? Of course you do. Local and state licensing requirements force you to, but even if you didn't anyone who's been in business for a while would tell you that you need it. What does this insurance cost you per $1,000 of coverage?
However, because I cannot afford to have a business site with several geeks investigating into network security, I have some sensitive data on my Windows box at home which need to be safe from malicious marketers/kiddies having fun/etc.
OK, now how much are your business data worth if you lose them, both in direct losses and future lost business? How much would it cost to hire a local consultant to come in and work over your systems to lock them down? What is your time worth per hour, and how many hours would it take per year to sort through all of the cr*p you get off of/., figure stuff out, lock down, and maintain your systems? Compare these. You're running a business, make a business decision.
90% of the time that people go through this calculation they discover that given the potential losses and the amount of time that they would need to do it themselves, it's a lot cheaper to hire someone to take care of this for them.
Or better yet, switch to a different OS that doesn't have so many problems.
OpenBSD has support for limiting classes of bandwidth for quality of service as a part of the pf(4) firewall. See the part of the pf user's guide that covers how to do it.
FreeBSD also has built-in support via the altq facility that is a part of the ipfw firewall.
My druthers would be to use OpenBSD for this as it's not a CPU-bound problem and security on your router should be very high on your list of priorities.
The two BIG problems with this approach to security are:
1) BAD: What happens when there's an ordinary, garden variety software bug that drops votes on the floor, or worse yet flips them from one candidate to another? No need to hack anything -- your votes are gone.
2) WORSE: What happens if you have a corrupt programmer at the manufacturer who is introducing backdoored code? No need to hack the system at the polling place -- it's arrives at the door pre-hacked.
The Campaign for Verified Voting in Maryland has a website at www.truevotemd.org. If you're a Maryland voter or just want to show your support, go there and sign up. If you're going to vote on Tuesday in Maryland's primary, we're organizing a protest to demand paper ballots.
The problem in Maryland is that the officials at the State Board of Elections are in Diebold's pocket. Realize that San Diego and other California counties are getting voter-verified paper trail equipment from Diebold for free, despite paying only 60% as much for the machines as Maryland. Maryland also bought a much larger order. However, since the SBE officials won't go to bat Diebold is trying to charge big bucks for the VVPT. Diebold is also spending heavily in lobbying and contributing to the Maryland Delegates and State Senators who could pass legislation that would force a VVPT.
Some other good sites if you're interested in this topic:
Take a look at ReportMill. I've used it in several projects to generate PDF reports and it's always come through like a champ. Not cheap, but worth every penny.
Forget using "ldd" to figure out how to resolve the situation. It just doesn't exist (unless something changed since the original MacOS X release,...
Mac OS X has otool(1), specifically otool -L, and it's been in Mac OS X since the beginning. See the man page for more details. This is no more security by obscurity than a Windows developer not knowing about ldd.
otool is a bit more flexible than ldd, since ldd requires that you actually execute the code in question and watches what gets loaded. otool looks at the binary directly and determines what libraries are needed without executing anything. This makes it usable on shared libraries that depend on other shared libraries, without having to create a separate test executable for use with ldd.
The way that censorware works is that it blocks IP's, not domains. As a result, other sites hosted on the same IP as a site with undesirable content as defined by some censorware's black list are also blocked. This obviously has many serious problems -- the best writeup on the myriad issues with censorware is at Peacefire.
The details of this one are not up yet, but should be soon. Give the guys a break -- they're only human and stuff takes a while to work its way through the system.
For those folks interested in learning more in depth about Mac OS X and Mac OS X Server, you might want to look into Apple's technical training courses. There are a variety of hands-on courses and certifications covering all of the OS in great detail, some of it written by yours truly.:-)
</Blatant Plug>
--Paul Trainer/Curriculum Developer Apple Computer
I think that most folks will agree that Apple is a first-rank company when it comes to both creativity and developing code. At Infinite Loop in Cupertino (the center of R&D), all of the engineers are in offices no cubicles, and their productivity is *very* high. I think they're onto something there.
Not to minimize your difficulties, but Apple runs NetInfo internally at a very large scale. In the NeXT days NetInfo was used for large-scale deployments and was quite stable.
Any Mac OS X or X Server machine has a local NetInfo database, stored in/var/db/netinfo/local.nidb/. It serves as the local directory services store for user and configuration information for that machine only. In addition, a Mac OS X Server that is acting as a NetInfo master or LDAP server will contain at least one other NetInfo database usually named "network". This is stored at/var/db/netinfo/network.nidb/. It is used to provide user and service information for a larger network of machines.
Clients can connect via the native NetInfo protocol which is based on the SunRPC portmapper, or via LDAP. In either case the data are taken from the network.nidb data store.
The fact that you were "locked out" of four of your servers is very unusual. To properly diagnose this, more information is required. Which one (if any) of these four servers was a directory service server for the group. Was that one acting as an Open Directory password server? What measures did you undertake to re-gain access once the problem was detected?
By the way, Panther still uses NetInfo as a local directory services store. Passwords are no longer stored as crypt hashes -- they are instead stored as shadowed MD5 hashes in a separate location.
--Paul Technical Training and Certification Apple Computer psuh at apple dot com
How about making network file access be via WebDAV, and place a caching HTTP proxy server set to work with only the specified domain at each end. This caches a local copy of the data for quick reads, has good properties for wide-area networking, is cross-platform compatible, and can be configured with variable timeouts for different people. Writes may take a while, but for data consistency reasons going directly back to the home storage facility is probably a good thing. You can also easily limit the proxy cache to some fraction of the total space, e.g. 120 GB out of 180 GB in lab 2.
For instance, user A normally works at lab 1 but sometimes works at lab 2 for a day or so. She can connect to a file server via webdav_fs using the URL http://lab1server.example.com/~A. The machines at lab 2 are configured so that access to domain lab1server.example.com is via the proxy, and is set to cache her data for 12 hours. The machines in lab 1 are set so that access to the domain lab1server.example.com does not go through the proxy, and thus get direct access.
Users can still use scp/sftp for out of band access if they need to have data that persists longer than their normal caching period, or is going to be subject to lots of writes so that they want to manually control the writing process.
The problem is not in controlling the engine -- it's in reading the diagnostic codes from the controllers memory.
Twenty five years ago it was possible to tune an engine without reference to a computer. All you needed was an RPM meter, a timing light, and spark plug gap gauge to do a basic tune-up. No longer.
These days it's both easier and harder. You plug in a diagnostic computer and it tells you what needs to be adjusted and/or replaced, based on the codes it receives from the engine sensors. On the other hand, you need the diagnostic readouts or you can't really adjust anything properly.
In fact, there was as serious controversy over this a year or two ago whose outcome I don't recall. Manufacturers would not release the meanings of the full set of diagnostic codes to independent service stations, even if the service station had the correct computer to hook up to a car. (E.g., if the diagnostic code output is "ABC123", it means, "Replace the PCV valve.") Only a dealer would receive the full set of codes. As a result, indepenent garages were threatened with being put out of business, which the FTC and/or DOJ viewed as a possible anti-trust violation.
I'd like to second this comment strongly. Teaching the system to someone else (or better yet several someone elses) and using their notes is definitely a good way to generate documentation.
Using a wiki, I have found, is a great way to generate a collaborative set of docs. Like another poster suggested you want to use hyperlinks very liberally, something which is easy to do on a wiki. In addition, everyone can write stuff down and edit each others' writings to add clarifications, extensions, improvements, etc.
If you have enough people to make it worthwhile, you can also establish access levels on most wikis. The guru(s) and the tech leads can all write to the wiki, while first-line help desk folks get read-only access.
(3) Any weapon of a caliber greater than 0.60 caliber which fires
fixed ammunition, or any ammunition therefor, other than a shotgun (smooth or rifled bore)
"Fixed ammunition" is ammunition that contains both the propellant charge and the projectile in a single unit, like a rifle cartridge. The mortar in this article uses separate-loading ammunition, with the propellant charge and the projectile loaded separately, and is not covered by this clause. (That's not to say that it might not be covered under some other clause, like 12302 which is not quoted. But it doesn't appear to be covered by 12301.)
the term "antique cannon" means any cannon manufactured before January 1, 1899, which has been
rendered incapable of firing or for which ammunition is no longer manufactured in the United States and is not readily available in the ordinary channels of commercial trade.
This subclause makes me really question the truth of the whole post. Why on earth would a cannon that is "rendered incapable of firing" be considered a destructive device? I suppose you could use it as a battering ram, but then it's functionally no different from a big steel I-beam.
apparently NIS, NFS, etc., as required to integrate into a wider infrastructure, are beginning to be usable just now (even though OSX is years old and BSD-based);
NFS has been usable and in the kernel since the the NextStep days. I've mounted and exported file systems via NFS on Mac OS X to and from OpenBSD, Linux, and Solaris. Although it's not a common configuration, user home directories can be mounted via NFS as well as AFP, modulo the gaping security issues inherent in NFS.
remote management isn't as straightforward as conventional UNIX, and the tools and conventions aren't standard;
Remote management is easier than in the old days. Attaching to a modern directory service system rather than NIS makes it a lot more usable and manageable. If all you know and are used to is NIS, then NetInfo and LDAP may seem difficult and odd. But once you get to know the power of such systems, you will realize what you are missing. By attaching to a directory service network, remote administration happens via changes to the centralized directory, not by adding users, etc. to each machine. BTW, NIS is a standard directory service option in Mac OS X, added in a recent system update (10.2.4 or 5). It took so long to get in there because the older NIS system provides only a subset of the information available via NetInfo or LDAP, and it took some serious work to adapt an OS that is accustomed to more detailed DS information to the relatively sparse set available from NIS.
OpenSSH is a part of the standard install, and a full set of shells are available, including sh, csh, tcsh, and bash. Software updates can be done via the command line. What more do you want?
too many applications seem to set umask to 000 (suited to a home system, not a workstation).
Where did you get this information? It's just plain wrong. The standard umask of 022 is established at the WindowServer level, all GUI user processes are children of WindowServer, and they all have a umask of 022 unless it is explicitly set otherwise.
You might want to look into Mac OS X Server. It ships with Samba 2.x right now, and the new version (MOSXS 10.3) will ship RSN with Samba 3.0. It does active/passive clustering out of the box, and comes with a very nice toolset beyond just Samba. Apple's XServe Raid unit just about owns the storage market in terms of price/performance/capacity.
--Paul
You really didn't understand the article
on
No Americans Need Apply
·
· Score: 4, Interesting
You really didn't understand the article from the SBA website, did you? IAAE (I Am An Economist), and it boils down to this -- what can a foreigner do with a US dollar? The only thing that he or she can do is buy US-produced goods and services. When he or she does that, it increases demand for US production which stimulates the US economy and causes the GDP to rise.
Foreigners putting their dollars into dollar-denominated investments only puts off the problem. At some point, the foreigner must use the dollars to buy US-produced goods and services. Doing anything else means that US consumers have gotten a whole lot of real goods and services for the price of printing a bunch of green paper or transferring a few electrons.
A trade imbalance is not like your PERSONAL debt. It doesn't mean the same thing, so don't try to apply your intuition about personal debts to a trade deficit.
Therefore, he misses the key point in his analysis.
PRICES WILL ADJUST TO ACCOMODATE THE NEWLY AVAILABLE LABOR
Since everyone is both a worker and a consumer, losses in income from decreases in the wage are offset by gains from the fact that when labor costs fall then other prices that depend on labor fall as well. What counts is how much in the way of real goods and services you are able to consume in the end, not the monetary income that you earn.
Try a thought experiment. Assume that right now an unskilled laborer can earn a wage of $5 per hour in a service job, say flipping burgers. In equilibiruim, the worker must have chosen the $5 per hour job over some other job that pays less, say washing cars for $4.50 per hour.
A new robot comes along that can perform the job for $4 per hour. The worker is forced to either (1) accept a pay cut to $4 per hour for flipping burgers or (2) find another job at $4.50 per hour in an industry where robots cannot substitute for him or her, such as washing cars.
The worker may be better off. Counter-intuitive? Yes. The worker is making $0.50 less per hour, and he or she can be better off? Yes.
Why? The overall price level must fall, as the cost of burgers has fallen. Working 2,000 hours per year (unrealistic, but makes the math easier) the worker was making $10,000 per year but is now making $9,000 per year. However, the Consumer Price Index will also fall in such a situation -- from a level of 100 to a level of 85 (for example). The worker's new income level is equivalent to $9,000 *100/85 = $10,588.24.
This is admittedly a simplistic and optimistic example. There may be distributional changes as the change in the CPI will depend upon whether the fall in the cost of flipping burger represents a large or small part of consumption. Furthermore, there are second order effects involved because the cost of hamburgers factors into the production of other goods and services -- for instance, if a business traveller can now purchase meals at a lower price, then the eventual cost of a computer might go down as well.
The point is that the introduction of a new technology that displaces workers may or may not end up benefitting them in the end. You can't simply say that because a robot comes along and displaces a person from their job that the worker is definitively worse off. In fact, it is a proven theorem that if you allow transfers from people who don't lose their jobs to people who do, then the net impact of the introduction of labor-saving technology is unambiguously positive for all members of an economy. This is essentially unemployment insurance.
How does this work? In the worst case, all of the people who were flipping burgers are now unemployed and are earning zero. However, the output of goods and services is exactly the same as before. The people who still have jobs are now unambiguously better off by an amount that is equal to the total of what the buger flippers used to consume. That amount can be taxed and transferred to the now unemployed burger flippers, and everyone is at the same level of consumption as before. Everyone is at least as well off as before the introduction of the new technology, and the burger flippers are better off since they now have 2000 hours of extra leisure time per year. If even one of the burger flippers finds new productive work, then the economy as a whole is producing (and thus consuming) more goods and services than before, and the transfers can be adjusted so that everyone is able to consume more than before.
In fact, it has been shown that in actual situations it costs us more to save an obsolete job than it does to pay the worker to sit on his or her hands. Case in point, the U.S. steel industry. It has been estimated that for every steelworker's job saved through the imposition of tariffs and quotas, it cost consumers in the U.S. $110,000 per year. Since the average steelworker only made $50,000 per year, it would have been much cheaper to simply pay t
One point in favor of the iPod is the iTunes Music Store. Intuitive interface, non-intrusive DRM, great selection and getting better all the time. And it will soon be available for Windows. Do you really want to use BuyMusic.com instead?
Mr. Daconta has chosen a very contrived example to support his argument. A tree-structured taxonomy fits very nicely into a DOM-style response, but fits poorly into a Hashmap. Ergo, since his document-style request returns a DOM and his RPC-style request returns a Hashmap, the Document-style request is always superior. This is complete bullshit. Either way could be easier to implement and result in a more natural response, depending on the situation.
A Hashmap is a lousy and unnatural way of representing a tree structure in the first place. Why would sending it over a wire in response to a SOAP call result in any less awkwardness at the other end? What if the taxonomy was represented as vectors and sub-vectors? This would allow a much more natural representation, and would result in a much clearer output in response to a SOAP call.
What if the underlying structure was not hierarchical, but was instead a bi-directional circular linked list? Expressing this in a DOM object is possible, but it's ugly and does not flow naturally.
Another thing to notice is how much code was written for the two examples. The RPC-style code is a mere 45 lines total. The Document-style code is shows 130 lines, but notes that many more lines were omitted. At 7 lines per omitted item from class7 to class21, that's another 105 lines, for a total of 235 lines. If you're going to put 5 times as much effort into the result, it's not surprising that you get back a much cleaner response.
Daconta's article should be moderated as "-1 Troll" IMNSHO.
Slashdot Mirror
OK, now how much are your business data worth if you lose them, both in direct losses and future lost business? How much would it cost to hire a local consultant to come in and work over your systems to lock them down? What is your time worth per hour, and how many hours would it take per year to sort through all of the cr*p you get off of
90% of the time that people go through this calculation they discover that given the potential losses and the amount of time that they would need to do it themselves, it's a lot cheaper to hire someone to take care of this for them.
Or better yet, switch to a different OS that doesn't have so many problems.
--Paul
OpenBSD has support for limiting classes of bandwidth for quality of service as a part of the pf(4) firewall. See the part of the pf user's guide that covers how to do it.
FreeBSD also has built-in support via the altq facility that is a part of the ipfw firewall.
My druthers would be to use OpenBSD for this as it's not a CPU-bound problem and security on your router should be very high on your list of priorities.
--Paul
The two BIG problems with this approach to security are:
1) BAD: What happens when there's an ordinary, garden variety software bug that drops votes on the floor, or worse yet flips them from one candidate to another? No need to hack anything -- your votes are gone.
2) WORSE: What happens if you have a corrupt programmer at the manufacturer who is introducing backdoored code? No need to hack the system at the polling place -- it's arrives at the door pre-hacked.
--Paul
The Campaign for Verified Voting in Maryland has a website at www.truevotemd.org. If you're a Maryland voter or just want to show your support, go there and sign up. If you're going to vote on Tuesday in Maryland's primary, we're organizing a protest to demand paper ballots.
The problem in Maryland is that the officials at the State Board of Elections are in Diebold's pocket. Realize that San Diego and other California counties are getting voter-verified paper trail equipment from Diebold for free, despite paying only 60% as much for the machines as Maryland. Maryland also bought a much larger order. However, since the SBE officials won't go to bat Diebold is trying to charge big bucks for the VVPT. Diebold is also spending heavily in lobbying and contributing to the Maryland Delegates and State Senators who could pass legislation that would force a VVPT.
Some other good sites if you're interested in this topic:
www.verifiedvoting.org
www.blackboxvoting.org
--Paul
Take a look at ReportMill. I've used it in several projects to generate PDF reports and it's always come through like a champ. Not cheap, but worth every penny.
--Paul
Mac OS X has otool(1), specifically otool -L, and it's been in Mac OS X since the beginning. See the man page for more details. This is no more security by obscurity than a Windows developer not knowing about ldd.
otool is a bit more flexible than ldd, since ldd requires that you actually execute the code in question and watches what gets loaded. otool looks at the binary directly and determines what libraries are needed without executing anything. This makes it usable on shared libraries that depend on other shared libraries, without having to create a separate test executable for use with ldd.
--Paul
The way that censorware works is that it blocks IP's, not domains. As a result, other sites hosted on the same IP as a site with undesirable content as defined by some censorware's black list are also blocked. This obviously has many serious problems -- the best writeup on the myriad issues with censorware is at Peacefire.
--Paul
Apple normally posts details of security updates on it's Knowledge base at:
7 98
http://docs.info.apple.com/article.html?artnum=61
The details of this one are not up yet, but should be soon. Give the guys a break -- they're only human and stuff takes a while to work its way through the system.
--Paul
</Blatant Plug>
--Paul
Trainer/Curriculum Developer
Apple Computer
I think that most folks will agree that Apple is a first-rank company when it comes to both creativity and developing code. At Infinite Loop in Cupertino (the center of R&D), all of the engineers are in offices no cubicles, and their productivity is *very* high. I think they're onto something there.
--Paul
Not to minimize your difficulties, but Apple runs NetInfo internally at a very large scale. In the NeXT days NetInfo was used for large-scale deployments and was quite stable.
/var/db/netinfo/local.nidb/. It serves as the local directory services store for user and configuration information for that machine only. In addition, a Mac OS X Server that is acting as a NetInfo master or LDAP server will contain at least one other NetInfo database usually named "network". This is stored at /var/db/netinfo/network.nidb/. It is used to provide user and service information for a larger network of machines.
Any Mac OS X or X Server machine has a local NetInfo database, stored in
Clients can connect via the native NetInfo protocol which is based on the SunRPC portmapper, or via LDAP. In either case the data are taken from the network.nidb data store.
The fact that you were "locked out" of four of your servers is very unusual. To properly diagnose this, more information is required. Which one (if any) of these four servers was a directory service server for the group. Was that one acting as an Open Directory password server? What measures did you undertake to re-gain access once the problem was detected?
By the way, Panther still uses NetInfo as a local directory services store. Passwords are no longer stored as crypt hashes -- they are instead stored as shadowed MD5 hashes in a separate location.
--Paul
Technical Training and Certification
Apple Computer
psuh at apple dot com
How about making network file access be via WebDAV, and place a caching HTTP proxy server set to work with only the specified domain at each end. This caches a local copy of the data for quick reads, has good properties for wide-area networking, is cross-platform compatible, and can be configured with variable timeouts for different people. Writes may take a while, but for data consistency reasons going directly back to the home storage facility is probably a good thing. You can also easily limit the proxy cache to some fraction of the total space, e.g. 120 GB out of 180 GB in lab 2.
For instance, user A normally works at lab 1 but sometimes works at lab 2 for a day or so. She can connect to a file server via webdav_fs using the URL http://lab1server.example.com/~A. The machines at lab 2 are configured so that access to domain lab1server.example.com is via the proxy, and is set to cache her data for 12 hours. The machines in lab 1 are set so that access to the domain lab1server.example.com does not go through the proxy, and thus get direct access.
Users can still use scp/sftp for out of band access if they need to have data that persists longer than their normal caching period, or is going to be subject to lots of writes so that they want to manually control the writing process.
--Paul
The problem is not in controlling the engine -- it's in reading the diagnostic codes from the controllers memory.
Twenty five years ago it was possible to tune an engine without reference to a computer. All you needed was an RPM meter, a timing light, and spark plug gap gauge to do a basic tune-up. No longer.
These days it's both easier and harder. You plug in a diagnostic computer and it tells you what needs to be adjusted and/or replaced, based on the codes it receives from the engine sensors. On the other hand, you need the diagnostic readouts or you can't really adjust anything properly.
In fact, there was as serious controversy over this a year or two ago whose outcome I don't recall. Manufacturers would not release the meanings of the full set of diagnostic codes to independent service stations, even if the service station had the correct computer to hook up to a car. (E.g., if the diagnostic code output is "ABC123", it means, "Replace the PCV valve.") Only a dealer would receive the full set of codes. As a result, indepenent garages were threatened with being put out of business, which the FTC and/or DOJ viewed as a possible anti-trust violation.
--Paul
http://train.apple.com/
</Blatant plug>
--Paul
And what happens to the legitimate user when a new scratch happens over the fake scratch data, altering the pattern?
--Paul
I'd like to second this comment strongly. Teaching the system to someone else (or better yet several someone elses) and using their notes is definitely a good way to generate documentation.
Using a wiki, I have found, is a great way to generate a collaborative set of docs. Like another poster suggested you want to use hyperlinks very liberally, something which is easy to do on a wiki. In addition, everyone can write stuff down and edit each others' writings to add clarifications, extensions, improvements, etc.
If you have enough people to make it worthwhile, you can also establish access levels on most wikis. The guru(s) and the tech leads can all write to the wiki, while first-line help desk folks get read-only access.
--Paul
This subclause makes me really question the truth of the whole post. Why on earth would a cannon that is "rendered incapable of firing" be considered a destructive device? I suppose you could use it as a battering ram, but then it's functionally no different from a big steel I-beam.
--Paul
Try here:
c =1 439096&Act=5
i /i ndex.html
http://www.oracle.com/start/apple/intro.html?sr
or here (near the bottom):
http://otn.oracle.com/software/products/oracle9
--Paul
NFS has been usable and in the kernel since the the NextStep days. I've mounted and exported file systems via NFS on Mac OS X to and from OpenBSD, Linux, and Solaris. Although it's not a common configuration, user home directories can be mounted via NFS as well as AFP, modulo the gaping security issues inherent in NFS. Remote management is easier than in the old days. Attaching to a modern directory service system rather than NIS makes it a lot more usable and manageable. If all you know and are used to is NIS, then NetInfo and LDAP may seem difficult and odd. But once you get to know the power of such systems, you will realize what you are missing. By attaching to a directory service network, remote administration happens via changes to the centralized directory, not by adding users, etc. to each machine. BTW, NIS is a standard directory service option in Mac OS X, added in a recent system update (10.2.4 or 5). It took so long to get in there because the older NIS system provides only a subset of the information available via NetInfo or LDAP, and it took some serious work to adapt an OS that is accustomed to more detailed DS information to the relatively sparse set available from NIS.
OpenSSH is a part of the standard install, and a full set of shells are available, including sh, csh, tcsh, and bash. Software updates can be done via the command line. What more do you want?Where did you get this information? It's just plain wrong. The standard umask of 022 is established at the WindowServer level, all GUI user processes are children of WindowServer, and they all have a umask of 022 unless it is explicitly set otherwise.
Please double-check your facts.
--Paul
Apple's prices for higher education are quite reasonable, especially compared to low end Sun-Solaris-Sparc. What say you?
--Paul
You might want to look into Mac OS X Server. It ships with Samba 2.x right now, and the new version (MOSXS 10.3) will ship RSN with Samba 3.0. It does active/passive clustering out of the box, and comes with a very nice toolset beyond just Samba. Apple's XServe Raid unit just about owns the storage market in terms of price/performance/capacity.
--Paul
You really didn't understand the article from the SBA website, did you? IAAE (I Am An Economist), and it boils down to this -- what can a foreigner do with a US dollar? The only thing that he or she can do is buy US-produced goods and services. When he or she does that, it increases demand for US production which stimulates the US economy and causes the GDP to rise.
Foreigners putting their dollars into dollar-denominated investments only puts off the problem. At some point, the foreigner must use the dollars to buy US-produced goods and services. Doing anything else means that US consumers have gotten a whole lot of real goods and services for the price of printing a bunch of green paper or transferring a few electrons.
A trade imbalance is not like your PERSONAL debt. It doesn't mean the same thing, so don't try to apply your intuition about personal debts to a trade deficit.
--Paul
Therefore, he misses the key point in his analysis.
PRICES WILL ADJUST TO ACCOMODATE THE NEWLY AVAILABLE LABOR
Since everyone is both a worker and a consumer, losses in income from decreases in the wage are offset by gains from the fact that when labor costs fall then other prices that depend on labor fall as well. What counts is how much in the way of real goods and services you are able to consume in the end, not the monetary income that you earn.
Try a thought experiment. Assume that right now an unskilled laborer can earn a wage of $5 per hour in a service job, say flipping burgers. In equilibiruim, the worker must have chosen the $5 per hour job over some other job that pays less, say washing cars for $4.50 per hour.
A new robot comes along that can perform the job for $4 per hour. The worker is forced to either (1) accept a pay cut to $4 per hour for flipping burgers or (2) find another job at $4.50 per hour in an industry where robots cannot substitute for him or her, such as washing cars.
The worker may be better off. Counter-intuitive? Yes. The worker is making $0.50 less per hour, and he or she can be better off? Yes.
Why? The overall price level must fall, as the cost of burgers has fallen. Working 2,000 hours per year (unrealistic, but makes the math easier) the worker was making $10,000 per year but is now making $9,000 per year. However, the Consumer Price Index will also fall in such a situation -- from a level of 100 to a level of 85 (for example). The worker's new income level is equivalent to $9,000 *100/85 = $10,588.24.
This is admittedly a simplistic and optimistic example. There may be distributional changes as the change in the CPI will depend upon whether the fall in the cost of flipping burger represents a large or small part of consumption. Furthermore, there are second order effects involved because the cost of hamburgers factors into the production of other goods and services -- for instance, if a business traveller can now purchase meals at a lower price, then the eventual cost of a computer might go down as well.
The point is that the introduction of a new technology that displaces workers may or may not end up benefitting them in the end. You can't simply say that because a robot comes along and displaces a person from their job that the worker is definitively worse off. In fact, it is a proven theorem that if you allow transfers from people who don't lose their jobs to people who do, then the net impact of the introduction of labor-saving technology is unambiguously positive for all members of an economy. This is essentially unemployment insurance.
How does this work? In the worst case, all of the people who were flipping burgers are now unemployed and are earning zero. However, the output of goods and services is exactly the same as before. The people who still have jobs are now unambiguously better off by an amount that is equal to the total of what the buger flippers used to consume. That amount can be taxed and transferred to the now unemployed burger flippers, and everyone is at the same level of consumption as before. Everyone is at least as well off as before the introduction of the new technology, and the burger flippers are better off since they now have 2000 hours of extra leisure time per year. If even one of the burger flippers finds new productive work, then the economy as a whole is producing (and thus consuming) more goods and services than before, and the transfers can be adjusted so that everyone is able to consume more than before.
In fact, it has been shown that in actual situations it costs us more to save an obsolete job than it does to pay the worker to sit on his or her hands. Case in point, the U.S. steel industry. It has been estimated that for every steelworker's job saved through the imposition of tariffs and quotas, it cost consumers in the U.S. $110,000 per year. Since the average steelworker only made $50,000 per year, it would have been much cheaper to simply pay t
One point in favor of the iPod is the iTunes Music Store. Intuitive interface, non-intrusive DRM, great selection and getting better all the time. And it will soon be available for Windows. Do you really want to use BuyMusic.com instead?
--Paul
Mr. Daconta has chosen a very contrived example to support his argument. A tree-structured taxonomy fits very nicely into a DOM-style response, but fits poorly into a Hashmap. Ergo, since his document-style request returns a DOM and his RPC-style request returns a Hashmap, the Document-style request is always superior. This is complete bullshit. Either way could be easier to implement and result in a more natural response, depending on the situation.
A Hashmap is a lousy and unnatural way of representing a tree structure in the first place. Why would sending it over a wire in response to a SOAP call result in any less awkwardness at the other end? What if the taxonomy was represented as vectors and sub-vectors? This would allow a much more natural representation, and would result in a much clearer output in response to a SOAP call.
What if the underlying structure was not hierarchical, but was instead a bi-directional circular linked list? Expressing this in a DOM object is possible, but it's ugly and does not flow naturally.
Another thing to notice is how much code was written for the two examples. The RPC-style code is a mere 45 lines total. The Document-style code is shows 130 lines, but notes that many more lines were omitted. At 7 lines per omitted item from class7 to class21, that's another 105 lines, for a total of 235 lines. If you're going to put 5 times as much effort into the result, it's not surprising that you get back a much cleaner response.
Daconta's article should be moderated as "-1 Troll" IMNSHO.
--Paul