Look at what certain other companies pay and 9.8% seems quite high (the example that springs to mind is Vodafone who pay close to 0% in the UK despite taking in a fair amount of income over here, though I'm not sure what their global aggregate tax rate is).
High paid individuals too. The best known example there being Bono who is now essentially Dutch, at least for tax purposes. I suggest he take the next step like Hotblack Desiato and be dead for tax purposes! (I can't promise it'll be quick and painless, but I've got a perfectly serviceable bat I'd be willing to help him out with)
This really isn't "news". It happens all the time, it has done for as long as there has been corporate tax, and you could no doubt find far better (or worse) examples than Apple with little effort.
That is why I stuck with 10.04. I consider the interim releases to be more like Debian/Testing (generally stable and usable, but expect problems as the kinks haven't all been worked out yet) and the LTS releases to be more like Debian/Stable (which I tend to use for server installs).
If you don't get on with Unity, you could always use one of the many Ubuntu based variants. Mint is a popular choice and I gather it is well maintained, though there may be lag between Ubuntu promoting a new release to "stable" and others doing so.
I've not tried Unity much yet, my only "desktop" Ubuntu install being my netbook that still runs 10.04 at the moment. I did try 11.04 in a VM that didn't irritate me too much so I plan to give 12.04 a try when I have time to take a full backup and install it.
But other countries may have agencies in the same position following similar guidelines. He wasn't asking if the TSA specifically is a global thing, but if this level of paranoia generally is.
Shouldn't the criminal phisher be responsible? So I leave my car unlocked and someone steals it. You could say "you idiot you deserve that". Does the thief gain legal rights to my car now?
Who pays for your replacement car (or repairs to it if it is found damaged)? The owner of the car park you left it unlocked in? No, you pay either directly or via your insurance. So what happens in the case of you leaving your car door unlocked is exactly the same as the situation here - the owner pays one way or another, the cost of fixing the situation doesn't rest with some other entity. The only difference is that I'm not aware of companies selling "phishing insurance".
Banks could require (or recommend) security awareness training for anyone who uses their sites, but afaik, they do not.
They could. And it would be commercial suicide. If phishing insurance was a real thing, partaking in such an awareness course could be a way to reduce your premiums though, as you would be moving yourself into a lower risk group.
I'm surprises it doesn't already happen with web based adverts. OK so even with modern JS engines you'll not get much mining done per minute per user, but if your ads are spread widely enough you could potentially make a bit on it.
The other option I've not heard happen (which is considerably more practical) is for a miner to be included in malware. Given malware tends to disable task manager and related things that could report the extra CPU use, and many users would not think to look anyway, this could pull in some cash for the botnet runner. Unlike the browser based option this could run native code on the CPUs (and GPUs where appropriate). To avoid detection a little more by not slowing down other CPU intensive tasks, just check to see if your process has less than (plucking a number from thin air) 80% CPU time over a few seconds and assume that means something else is trying to be CPU-busy and pause for a while.
Of course it could be that the malware authors have considered this and decided it simply isn't worth the time. If so then that does not bode well for other projects (like the one that has just been invested in) because if the crooks can't make enough money out of it to make their time worth spending then it can't exactly be an easy win.
Because otherwise they're just taking money from me and having my electric utility do the billing for them.
Exactly. That, and your GPU will be running at 100% potentially for long periods of time when it would otherwise be near idle - so you might need to replace it sooner. You'll certainly have extra noise from the fans if your card is not passively cooled.
There is mention of warranty issues in some HP documentation and/or licences - people have mentioned them elsewhere in the discussion. I doubt HP would void a warranty for any such reason, but the text is presumably there for arse-covering purposes should some OS somewhere do something very odd with some hardware.
They have certified other distros for support purposes for quite some time, I know.
They are not saying it would not run without causing problems before, they just offered no assurance that it would be OK.
If they certify that kit running bare-metal VMWare, then yes it would be fine if only the hypervisor was touching the hardware. That is the case most of the time, but features that allow direct(ish) hardware access from within VMs such as VMDirectPath in VMWare and Xen's ability to offer direct access to GPUs muddy the waters quite a bit.
Because certifying an OS for their hardware has significant implications regarding reliability and support expectations by commercial clients. Even though they already certified Debian (of which Ubuntu is a very close relation) for use on the same kit they still presumably needed to invest some time testing whether they were comfortable no gotchas existed that would mean their support infrastructure could not cope with this efficiently. Note that they have certified Debian Stable, not the Testing nor Unstable/Experimental branches - and Ubuntu at release point is usually closer (in terms of core package versions) to Debian's "Testing" than "Stable".
They are not saying it wouldn't run without causing problems before now, they just weren't making any guarantees that it would.
Yes and no. They may have thoroughly tested the hardware with everything the "certified" OSs are likely to throw at it, so feel relatively confident that they can offer a full replacement warranty under those circumstances.
I don't have a problem with such restrictions because it is possible to actually break some hardware using software. I remember way back when you could make CRT monitors die with the wring signals, and not so long ago there were a buggy network card that work fine with the official drivers but could be bricked (permanently put beyond use) by the driver in an alternative OS.
Of course hardware that breaks in such a way is faulty IMO, but legally speaking (in the UK at least, and by my understanding but don't take it as absolute truth as I'm no lawyer) they are covered as regulations stating that products should be of merchantable quality and fit for purpose do allow "reasonable" restrictions like this. There was a similar case a while back (sorry, can't find a link at the moment) of a car manufacturer refusing to repair/replace an engine because they found that the driver has tried some petrol additive and the warranty explicitly did not cover that sort of thing - I would consider this the same issue.
The standard (and correct IMO) defence against accusations that F/OSS licenses are in some way damaging could also be used as an analogy here: "if you don't like the license don't use the code and if you use the code without checking the licensing issues that is your due diligence failure not a problem with the license". In this case that would become "if you don't like the warranty terms don't buy the product and if you buy the product without checking the terms that is your due diligence failure not a problem with the terms".
And in the example of HP it isn't like this is a forced software vendor lock-in issue, which would have anti-compeittion law implications. They have certified some Linux variants not just some Windows ones.
Having said that I understand their position, I must say that if I were ever refuse warranty care because I ran the wrong distribution, or discovered pre-purchase that a company would not support Linux users in that way at all, then that would carefully considered as part of my decision making process regarding who to buy kit from than and in the future.
There are two large, very real problems with Google Drive. For starters Google has a long history of abandoning projects after they fail to gain users on them. This would be a huge problem with cloud storage like Google Drive.
That is a potential problem with all "cloud" based services, not just storage. In fact it is the same protential problem that exists for non-cloud stuff: things can fail.
The trick is to avoid single points of failure. Google presumably have sufficient redundancy, correctly configured, such that everything should survive all but a catastrophic problem - but if high availalability is important to you they are a single point of failure (what do you do if their service is down for a couple of hours, or a full working day?). If you use something like this, just use two or more. Drop box down? Find the files in Google's service, or restore from your local backups if you have sufficient bandwidth.
Using multipe services also protects you from "shutdown surprise". This is less important for storage as it is simpler (Google would give good notice prior to service shutdown, and moving files from one provider to another is going to be relatively painless). But for more complex services (from backups beyond simply "keeping a copy of your files out there" to full app hosting) a shutdown might be a lot more hassle. Using two services, or at least keeping a second in mind so your code is easy to refactor should you need to move, forces you to think in a way that reduces your level of lock-in with a particular service. You don't have to host a full app active on two services simultaneously (this may be a waste of resource unlike with simple storage where keeping two active copies is easy), just make sure you have a migration plan and review (or better: test) that plan after any significant change to the app.
If the story were about Jerry Seinfeld, would you still expect an explanation of who he was?
Expect, no. It would be nice, but I've grown out of expecting people to make a little token effort to help those not already in their circle.
There wouldn't be any need for an explanation, at least the poster wouldn't have to think of something and type it. The web has a wonderful concept called hypertext - all that needs to be done is make his name a link to a relevant page (his own if he has one, or perhaps a wikipedia page if the trolls in those parts consider him notable enough to grant such a page).
Like the link to more information about Jonathan Coulton. OK so that is an inward link but it at least has some more reference to the man's work (the linked interview could have benefited from a link to more about who he his though, I know who he is as do most people here, but many will not).
It takes a little effort to add such a link, but you are saving a lot of people some effort (doing a search, finding several possible relevant links, hoping they picked the right ones rather than something about someone unrelated with the same name or a page made by some fool who thinks they know but knows nothing).
For that though, I and many others already use screen similar. Though mosh sounds interesting enough a collection of features to warrant me having a play.
Tons of websites, including those with advanced features work perfectly with updated versions of firefox.
So what's wrong with this particular feature? And why is it that FF is getting the blame?
Tons of browsers, including many previous versions of Firefox, work perfectly with the features in this library. So what's wrong with this particular browser version? And why is it that TinyMCE is getting the blame?
Flippancy aside, it has been confirmed as a bug in Firefox. It probably affects other client-side libraries too, but this one is very very common so the problem got noticed there quickly. These things happen unfortunately, a browser is a complex system these days and accidental regressions can not be 100% avoided in an efficient manner. If an update for Firefox that addresses the problem is released in a very short time, I'll be filing this incident under "no harm, no fowl" (though I'm increasingly using Chrome rather then Firefox of late due to the large number of minor annoyances I've experienced recently, I'll gravitate back when Chrome next does something I don't like).
Perhaps the problem could have been caught earlier if the TinyMCE people had been testing against pre-release versions of Firefox as well as those officially "in the wild". The jQuery team certainly do that, though they are bigger and better funded so it is probably unfair to expect TinyMCE to do so too.
Aye. That family of sites are also of the sort that store passwords and other credentials in plain text and get hacked, and only repeat information that is repeated in many other places anyway so not visiting them is no hardship at all.
Last time I checked they didn't have a "delete/close account" feature either, and that was many many months after they promised to implement one after said hack incident that revealed their poor security practice.
Administration is used strategically in the UK too. 7Global, a DC/hosting provider did it while we were using their services but didn't tell us. I'm not sure how it was arranged (I think it was a management buyout while in administration) but they were in administration for 24 hours meaning they could walk away from certain contracts and debts. This also nulled our contracts with them, which our clients could have been very unhappy about because that meant we were in breach of our contracts with them by not being able to guarantee things (that were previously guaranteed by proxy via our contract with 7Global). They also moved their entire operation (which went very badly leaving us with no service for days) without letting anyone know the plan (there was a planned maintenance period that night which was down as "working on the server racks") but that is another bitter story.
lt;dr: "strategic administration" happens in the UK too, and quite often in fact but it is usually not widely reported.
It isn't just the legal implications. They would have to setup a system (infrastructure, allotted person time, and so forth) to implement and manage the relevant filters, to deal with appeals, and other complications. All that before anyone had started taking legal action. They are not going to volunteer for that sort of hassle.
As RDP used full encryption and secure authentication procedures, it is seen as a safe protocol to leave open without a VPN - it is no less safe than most VPN solutions in that regard (aside from this recent bug, of course, but even VPNs have authentication bugs from time to time).
Just setting up a VPN in order to use RDC through it may make you more vulnerable, not less, unless you review your firewall and routing setups accordingly. If you do not ensure that only RDP traffic is permitted over the VPN then you might be opening up other internal services to what-ever the VPN user might be infected with.
A properly configured VPN with suitable routing/firewall rules will make you more secure, yes. But a badly configured VPN could have exactly the opposite effect, and I'd wager that a lot of machines with RDP available to the 'net at large are hosted servers run by amateur admins who are more likely than you or I to get a VPN setup wrong through naivety so just RDP is the safer default for them.
Typical of the Chinese manufacturing industry: they saw other parts of the world making relatively intelligent hairless primates, and decided to make their own knock-off version!
If you genuinely want them out of your way (not sure from your post if so or if you are making a comment on it not being completely dead until the copies that are out there are gone) then I suggest contacting local libraries or schools - someone will be able to make use of them so you don't have to feel bad about that much dead tree going to waste. They'll probably arrange to pick them up too so you don't have lift a finger much.
Slashdot Mirror
Look at what certain other companies pay and 9.8% seems quite high (the example that springs to mind is Vodafone who pay close to 0% in the UK despite taking in a fair amount of income over here, though I'm not sure what their global aggregate tax rate is).
High paid individuals too. The best known example there being Bono who is now essentially Dutch, at least for tax purposes. I suggest he take the next step like Hotblack Desiato and be dead for tax purposes! (I can't promise it'll be quick and painless, but I've got a perfectly serviceable bat I'd be willing to help him out with)
This really isn't "news". It happens all the time, it has done for as long as there has been corporate tax, and you could no doubt find far better (or worse) examples than Apple with little effort.
Linux fights with you FROM DAY ONE
Maybe it is just that you are the sort of person it is easy to want to pick a fight with?
(sorry, couldn't resist...)
You're actually suggesting I ditch an nvidia gtx 470... for an intel integrated chip?
No. He is using the fact that Intel GPUs work just fine as evidence that the problems you experienced are in Nvidia's court not Ubuntu's.
unfinished product
That is why I stuck with 10.04. I consider the interim releases to be more like Debian/Testing (generally stable and usable, but expect problems as the kinks haven't all been worked out yet) and the LTS releases to be more like Debian/Stable (which I tend to use for server installs).
If you don't get on with Unity, you could always use one of the many Ubuntu based variants. Mint is a popular choice and I gather it is well maintained, though there may be lag between Ubuntu promoting a new release to "stable" and others doing so.
I've not tried Unity much yet, my only "desktop" Ubuntu install being my netbook that still runs 10.04 at the moment. I did try 11.04 in a VM that didn't irritate me too much so I plan to give 12.04 a try when I have time to take a full backup and install it.
But other countries may have agencies in the same position following similar guidelines. He wasn't asking if the TSA specifically is a global thing, but if this level of paranoia generally is.
Shouldn't the criminal phisher be responsible? So I leave my car unlocked and someone steals it. You could say "you idiot you deserve that". Does the thief gain legal rights to my car now?
Who pays for your replacement car (or repairs to it if it is found damaged)? The owner of the car park you left it unlocked in? No, you pay either directly or via your insurance. So what happens in the case of you leaving your car door unlocked is exactly the same as the situation here - the owner pays one way or another, the cost of fixing the situation doesn't rest with some other entity. The only difference is that I'm not aware of companies selling "phishing insurance".
Banks could require (or recommend) security awareness training for anyone who uses their sites, but afaik, they do not.
They could. And it would be commercial suicide. If phishing insurance was a real thing, partaking in such an awareness course could be a way to reduce your premiums though, as you would be moving yourself into a lower risk group.
I'm surprises it doesn't already happen with web based adverts. OK so even with modern JS engines you'll not get much mining done per minute per user, but if your ads are spread widely enough you could potentially make a bit on it.
The other option I've not heard happen (which is considerably more practical) is for a miner to be included in malware. Given malware tends to disable task manager and related things that could report the extra CPU use, and many users would not think to look anyway, this could pull in some cash for the botnet runner. Unlike the browser based option this could run native code on the CPUs (and GPUs where appropriate). To avoid detection a little more by not slowing down other CPU intensive tasks, just check to see if your process has less than (plucking a number from thin air) 80% CPU time over a few seconds and assume that means something else is trying to be CPU-busy and pause for a while.
Of course it could be that the malware authors have considered this and decided it simply isn't worth the time. If so then that does not bode well for other projects (like the one that has just been invested in) because if the crooks can't make enough money out of it to make their time worth spending then it can't exactly be an easy win.
Because otherwise they're just taking money from me and having my electric utility do the billing for them.
Exactly. That, and your GPU will be running at 100% potentially for long periods of time when it would otherwise be near idle - so you might need to replace it sooner. You'll certainly have extra noise from the fans if your card is not passively cooled.
There is mention of warranty issues in some HP documentation and/or licences - people have mentioned them elsewhere in the discussion. I doubt HP would void a warranty for any such reason, but the text is presumably there for arse-covering purposes should some OS somewhere do something very odd with some hardware.
They have certified other distros for support purposes for quite some time, I know.
They are not saying it would not run without causing problems before, they just offered no assurance that it would be OK.
If they certify that kit running bare-metal VMWare, then yes it would be fine if only the hypervisor was touching the hardware. That is the case most of the time, but features that allow direct(ish) hardware access from within VMs such as VMDirectPath in VMWare and Xen's ability to offer direct access to GPUs muddy the waters quite a bit.
Because certifying an OS for their hardware has significant implications regarding reliability and support expectations by commercial clients. Even though they already certified Debian (of which Ubuntu is a very close relation) for use on the same kit they still presumably needed to invest some time testing whether they were comfortable no gotchas existed that would mean their support infrastructure could not cope with this efficiently. Note that they have certified Debian Stable, not the Testing nor Unstable/Experimental branches - and Ubuntu at release point is usually closer (in terms of core package versions) to Debian's "Testing" than "Stable".
They are not saying it wouldn't run without causing problems before now, they just weren't making any guarantees that it would.
Yes and no. They may have thoroughly tested the hardware with everything the "certified" OSs are likely to throw at it, so feel relatively confident that they can offer a full replacement warranty under those circumstances.
I don't have a problem with such restrictions because it is possible to actually break some hardware using software. I remember way back when you could make CRT monitors die with the wring signals, and not so long ago there were a buggy network card that work fine with the official drivers but could be bricked (permanently put beyond use) by the driver in an alternative OS.
Of course hardware that breaks in such a way is faulty IMO, but legally speaking (in the UK at least, and by my understanding but don't take it as absolute truth as I'm no lawyer) they are covered as regulations stating that products should be of merchantable quality and fit for purpose do allow "reasonable" restrictions like this. There was a similar case a while back (sorry, can't find a link at the moment) of a car manufacturer refusing to repair/replace an engine because they found that the driver has tried some petrol additive and the warranty explicitly did not cover that sort of thing - I would consider this the same issue.
The standard (and correct IMO) defence against accusations that F/OSS licenses are in some way damaging could also be used as an analogy here: "if you don't like the license don't use the code and if you use the code without checking the licensing issues that is your due diligence failure not a problem with the license". In this case that would become "if you don't like the warranty terms don't buy the product and if you buy the product without checking the terms that is your due diligence failure not a problem with the terms".
And in the example of HP it isn't like this is a forced software vendor lock-in issue, which would have anti-compeittion law implications. They have certified some Linux variants not just some Windows ones.
Having said that I understand their position, I must say that if I were ever refuse warranty care because I ran the wrong distribution, or discovered pre-purchase that a company would not support Linux users in that way at all, then that would carefully considered as part of my decision making process regarding who to buy kit from than and in the future.
That is a potential problem with all "cloud" based services, not just storage. In fact it is the same protential problem that exists for non-cloud stuff: things can fail.
The trick is to avoid single points of failure. Google presumably have sufficient redundancy, correctly configured, such that everything should survive all but a catastrophic problem - but if high availalability is important to you they are a single point of failure (what do you do if their service is down for a couple of hours, or a full working day?). If you use something like this, just use two or more. Drop box down? Find the files in Google's service, or restore from your local backups if you have sufficient bandwidth.
Using multipe services also protects you from "shutdown surprise". This is less important for storage as it is simpler (Google would give good notice prior to service shutdown, and moving files from one provider to another is going to be relatively painless). But for more complex services (from backups beyond simply "keeping a copy of your files out there" to full app hosting) a shutdown might be a lot more hassle. Using two services, or at least keeping a second in mind so your code is easy to refactor should you need to move, forces you to think in a way that reduces your level of lock-in with a particular service. You don't have to host a full app active on two services simultaneously (this may be a waste of resource unlike with simple storage where keeping two active copies is easy), just make sure you have a migration plan and review (or better: test) that plan after any significant change to the app.
Expect, no. It would be nice, but I've grown out of expecting people to make a little token effort to help those not already in their circle.
There wouldn't be any need for an explanation, at least the poster wouldn't have to think of something and type it. The web has a wonderful concept called hypertext - all that needs to be done is make his name a link to a relevant page (his own if he has one, or perhaps a wikipedia page if the trolls in those parts consider him notable enough to grant such a page).
Like the link to more information about Jonathan Coulton. OK so that is an inward link but it at least has some more reference to the man's work (the linked interview could have benefited from a link to more about who he his though, I know who he is as do most people here, but many will not).
It takes a little effort to add such a link, but you are saving a lot of people some effort (doing a search, finding several possible relevant links, hoping they picked the right ones rather than something about someone unrelated with the same name or a page made by some fool who thinks they know but knows nothing).
You can easily automate reattaching or restarting screen/byobu (and presumably tmux too using similar incantations) using something like this sample: http://fransdejonge.com/2011/06/more-fun-with-screen-and-ssh-with-byobu-automatic-reattaching/
For that though, I and many others already use screen similar. Though mosh sounds interesting enough a collection of features to warrant me having a play.
While we are sharing mantras: if it isn't tested it isn't a backup, its an aspiration.
Tons of websites, including those with advanced features work perfectly with updated versions of firefox.
So what's wrong with this particular feature? And why is it that FF is getting the blame?
Tons of browsers, including many previous versions of Firefox, work perfectly with the features in this library.
So what's wrong with this particular browser version? And why is it that TinyMCE is getting the blame?
Flippancy aside, it has been confirmed as a bug in Firefox. It probably affects other client-side libraries too, but this one is very very common so the problem got noticed there quickly. These things happen unfortunately, a browser is a complex system these days and accidental regressions can not be 100% avoided in an efficient manner. If an update for Firefox that addresses the problem is released in a very short time, I'll be filing this incident under "no harm, no fowl" (though I'm increasingly using Chrome rather then Firefox of late due to the large number of minor annoyances I've experienced recently, I'll gravitate back when Chrome next does something I don't like).
Perhaps the problem could have been caught earlier if the TinyMCE people had been testing against pre-release versions of Firefox as well as those officially "in the wild". The jQuery team certainly do that, though they are bigger and better funded so it is probably unfair to expect TinyMCE to do so too.
Aye. That family of sites are also of the sort that store passwords and other credentials in plain text and get hacked, and only repeat information that is repeated in many other places anyway so not visiting them is no hardship at all.
Last time I checked they didn't have a "delete/close account" feature either, and that was many many months after they promised to implement one after said hack incident that revealed their poor security practice.
In the US, CH11 is used strategically
Administration is used strategically in the UK too. 7Global, a DC/hosting provider did it while we were using their services but didn't tell us. I'm not sure how it was arranged (I think it was a management buyout while in administration) but they were in administration for 24 hours meaning they could walk away from certain contracts and debts. This also nulled our contracts with them, which our clients could have been very unhappy about because that meant we were in breach of our contracts with them by not being able to guarantee things (that were previously guaranteed by proxy via our contract with 7Global). They also moved their entire operation (which went very badly leaving us with no service for days) without letting anyone know the plan (there was a planned maintenance period that night which was down as "working on the server racks") but that is another bitter story.
lt;dr: "strategic administration" happens in the UK too, and quite often in fact but it is usually not widely reported.
It isn't just the legal implications. They would have to setup a system (infrastructure, allotted person time, and so forth) to implement and manage the relevant filters, to deal with appeals, and other complications. All that before anyone had started taking legal action. They are not going to volunteer for that sort of hassle.
As RDP used full encryption and secure authentication procedures, it is seen as a safe protocol to leave open without a VPN - it is no less safe than most VPN solutions in that regard (aside from this recent bug, of course, but even VPNs have authentication bugs from time to time).
Just setting up a VPN in order to use RDC through it may make you more vulnerable, not less, unless you review your firewall and routing setups accordingly. If you do not ensure that only RDP traffic is permitted over the VPN then you might be opening up other internal services to what-ever the VPN user might be infected with.
A properly configured VPN with suitable routing/firewall rules will make you more secure, yes. But a badly configured VPN could have exactly the opposite effect, and I'd wager that a lot of machines with RDP available to the 'net at large are hosted servers run by amateur admins who are more likely than you or I to get a VPN setup wrong through naivety so just RDP is the safer default for them.
Typical of the Chinese manufacturing industry: they saw other parts of the world making relatively intelligent hairless primates, and decided to make their own knock-off version!
If you genuinely want them out of your way (not sure from your post if so or if you are making a comment on it not being completely dead until the copies that are out there are gone) then I suggest contacting local libraries or schools - someone will be able to make use of them so you don't have to feel bad about that much dead tree going to waste. They'll probably arrange to pick them up too so you don't have lift a finger much.