Why should taxpayer-projects be GPL'd? Because a private company should not be free to take software that was developed using public funds, gain the benefit of that software as a starting point for their own work and still be allowed to cut the public out of benefiting from the public's portion of the work. You already see these companies arguing exactly this when it comes to their IP: nobody else should be allowed to use it as a starting point without cutting the original developer in for a royalty or some other form of payment. Why, then, should our IP be co-optable by a company without compensation? And sharing back of enhancements is a lot easier than trying to figure out royalty rates.
Is it right to damage a companies profits and endanger jobs for people ? people with families to feed?
The automobile damaged the profits of all the companies who made horse-drawn buggies and raised the horses to draw them, and damaged all the companies who made horseshoes and buggy-whips and all the other things you need if you're going to have a horse-drawn carriage. The automobile basically put the horse-drawn carriage out of business. Should Henry Ford, then, have been enjoined to not start up the Ford Motor Company and produce his cars, because it would damage existing companies and existing jobs?
Of course not. Just damage isn't the issue. Just because Blizzard started battle.net doesn't give them any legal or moral right to shut down competition. Their rights are limited to:
Preventing anyone from copying their server software (developing your own compatible software without copying theirs is perfectly OK).
Preventing anyone from distributing copies of their game software, modified or not (modifying a copy of a game you own falls under fair use, just like making notes in a copy of a book you own).
I can't see where bnetd has done anything that falls under those two. I can see where Blizzard may be annoyed that people are sidestepping their attempts to time-limit the beta, but it's not bnetd's responsibility to enforce Blizzard's rules. I hope Blizzard gets smacked on this one when it goes to court.
Maybe this is a good thing. First, it provides a graphic rebuttal to the people who say "Why worry about spam, just hit the Delete key and it's not a problem anymore.". A slowdown like this is a big problem, and hitting the Delete key won't solve it because the servers are still bogged down delivering it so you can delete it.
Second, if the majors like AT&T start getting affected like this, maybe they'll start taking it seriously as a "this is going to cost us customers" problem. The spamhauses have hidden behing the fact that it doesn't cost their providers much to keep them around and they do pay their bills. If this kind of realization sinks in, the majors may start looking for the ultimate source of the spam (not just the relay they used, but the person/company actually responsible for the spam) and punting them from their networks completely to avoid ticking off the other major players. If I call UUnet and complain about a paying customer they're not likely to listen. If AT&T calls UUnet, they've a slightly bigger club to wave.
Yep, but the RIAA may have done themselves on this one. They've prosecuted so many people for not taking down copyrighted material when the copyright owner asks that no court could dismiss the precedent. And with the court ruling that electronic rights don't automatically go along with publishing rights, there's a good precedent that absent explicit contract language the artist, not the label, owns the electronic rights to the songs. It'd be fun to watch the RIAA trying to counter the same arguments they've been using to go after Napster.
I'm running the latest nightly build on a 400MHz K6-3 bought some 3 years ago when 450-500MHz chips were the fastest thing on the market. It runs fine, doesn't crash (usually) and isn't what I'd consider slow (biggest problem is network delays, not software speed). Are you sure you aren't looking at Netscape instead?
I can understand the problems caused by unmaintained blacklists, or ones that operate on the roach-motel principle. All you can do is communicate directly with the blacklist maintainers, or communicate with the sites blocking you (mail to postmaster shouldn't be blocked) and see if you can convince them the blacklist is unreasonable. If sites start getting lots of reports about a blacklist refusing to delist open relays after they've been fixed, site operators may stop using those blacklists.
On the other hand, you admit to having had an open relay in your network. Back before 1995 or so this might have been excusable. If we're talking in the last 6 years, though, there's no excuse. The problems have been well-known, the solutions equally well-known and easily implemented. If you shoot yourself in the foot, even unintentionally, whose fault is the resulting pain?
In the very big companies, you'd be right. But volume licenses for MS OSes go down to 20-30 seats. That was one of the things that nearly caused a customer revolt, when MS tried eliminating the low-volume corporate licenses. And in a company in the sub-100-employee range, they likely manually install the OSes. I worked for one of the bigger commercial truck-stop companies, and I had CDs for most of the software on my desktop computer in my desk drawer (which I considered a mixed blessing). Under those circumstances I'd be suprised if copies of the no-activation CDs didn't wander from time to time. You won't see those keys circulated, though, because the people who're using them aren't comfortable handing them out to the world. There may be no difference, but they consider what they're doing different from handing the keys out to all and sundry. And the company may be liable, but what would MS do? Without activation there's no way for them to detect the illegitimate copies easily, and if they came down too hard on the small companies then those companies would switch to Macs because they can't afford the liability, and MS isn't going to write off that large a chunk of their customer base, sabre-rattling to the contrary.
Nice theory. Too bad it runs afoul of one inconvenient fact: the copies of WinXP in use in most companies do not have WPA in them at all. Only the retail versions get the activation, OEM and Enterprise-license copies are essentially pre-activated or don't require activation.
Now think about the admin with 400 XP servers on his network. Once a week, he doesn't have to install patches on each and every one.
I'll think about the home user. You know, the one who, unlike the corporate admin, doesn't have clue 1 about backing out a bad patch. You outlined the problems corporate admins have had with bad Windows updates. What's a clueless home user going to do when things start breaking and he really didn't do anything to the system?
Yeah, its really hip to have that one guy come in at work at 2pm and work until 9 at night, because he's so damn elite, until you realize that he's unable to interact with all of the _adults_ who have children and real-life responsibilities.
How often do programmers need to interact with the "rest of the team"? Especially in this day and age of economizing and minimal team sizes, it's fairly common for the programmer to be the only one working on a particular project or large part of it. Most of the interaction I need in my job could be done as easily (more easily really) through e-mail. Face-to-face is good when dealing with some things, but I just schedule that on an as-needed basis and it isn't a day-to-day thing. It'd be more important on a large-team project, but who these days is hiring 4 programmers to do what 1 can do?
Ooh, and lets pamper the programmers with soda and candy and teddy bears and futuristic chairs.
Talk to the trucking industry. They thought those fancy comfortable captain's chairs were useless too, right up until the 4th study that proved that those fancy chairs let the drivers stay on the road longer before needing a break. The trucking companies did the simple math "more time on road + less break time needed = more runs per month = more profit for company" and guess what's standard in big rigs now. Same with those chairs for programmers. A chair doesn't seem important until you'll be spending 11-12 hours at a stretch in it. With an uncomfortable chair I'll be getting up every hour, and 5 minutes every half hour because my butt's aching from the chair adds up to 6+ hours a week dead time. For a $65K/year programmer, a thousand dollar chair pays for itself in increased work time in 5 weeks. And the chair will last a lot longer than 5 weeks, in fact it'll probably be there long after the programmer isn't.
Lets not forget a dress code. Yeah, lets not enforce that, you don't need to look good to program, man. Until that one programmer wearing the 2 sizes too small phantom menace t-shirt with the body odor turns off a potential client.
Comfortable clothes don't mean unwashed messes. I like dress shirts and jeans. Some guys like knit short-sleeve shirts and shorts (makes emminent sense in the summer in southern California). I've worn a tie and it's damned distracting, which is a Bad Thing when I'm trying to concentrate on the intricate bit of code that absolutely has to be finished today if you want your project on schedule. My tossing the tie won't cost the company money, my missing the deadline on the project probably will. As a professional I know which should take priority, the dress code or the work.
Lets have a nerf gun fight! Woopie! Two guys want to fuck around, so the entire floor can't get anything done because two guys are running around screaming.
Again, it comes down to productivity. It's not possible to work hard for long stretches without taking a break and relaxing at some point. If you try, you wind up staring at the screen wondering what all those squiggles mean, or worse yet getting stupid and writing major design bugs into the code that'll take ten times as long to fix after you're resting and thinking again. If the noise is interfering with the other programmers, they'll let the guys involved know. Or maybe they'll take a break and join in now, then go back to working, instead of taking a break in 20 minutes. Either way, they probably won't have a problem and they're the ones doing the work. If you have a problem, just shut your door and go back to what you were doing. If the horsing around is causing missed deadlines, harp about the missed deadlines and the programmers will get the message without being insulted. Remember that your project won't get done if all your programmers have left for somewhere with not-so-sharp hair (and even in this economy a good programmer will usually find work, usually replacing a not-so-good programmer in an IBM uniform).
If they're looking, they'll be back. Maybe not in 2 seconds, but the next day trying a new vulnerability. The guy who typo'd an IP address won't be. That's what I did when I was watching Code Red scans: built a history of IP addresses and the number of times they'd probed me per day. The random hits sank to the bottom of the list, a couple-three hits on one day and nothing the rest of the time. The infected machines rose to the top, a dozen or so hits a day every day for a week. Easy to track, easy to spot, all done with a little program I hacked up in about 2 hours to parse the logs and record the data.
Simple: you don't report everyone. You look at the logs for patterns: people who try the same port several hundred times, people who send suspicious data repeatedly to the same port, people who hit a large range of ports in a short time. You report them, and ignore the guys who make 3 attempts at the FTP port and go away. Any decent log analysis tool should make this easy.
As far as not caring, that's why nobody answered you. They know that, if they ignore you, you'll give up and go away. The only solution is to not go away. If every admin who got scanned for real reported it every single time, and didn't quit, and escalated it to the upstreams if the scans continued without abating, then the sources of the scans couldn't just ignore the mail anymore. Yes it eats more of your time than just ignoring the problem, until of course your ISP calls you telling you you've been cut off because that DDoS you've been ignoring is eating up too much of their bandwidth.
Right, but those are all the problems it should cover. If a car maker does a recall to fix a problem and gives the owner sufficient notice of the problem and the owner doesn't take his car in to get it fixed, the car maker isn't liable for things that happen after the recall was issued. Same with software, if a fix was made and publicized sufficiently well and the user didn't apply it, it's not the software vendor's problem anymore.
Like I said, we treat software the way we treat cars in this regard. We don't hold car makers liable for the modifications their customers make after they've bought the car, or if their customers abuse the car ( eg. taking a Corvette on a cross-country off-road race ). But we hold them liable for the way they design and make the cars ( eg. designing a car where the fuel tank is placed so it ruptures on any rear-end impact, or manufacturing tires without doing any quality control to make sure they won't explode while driving normally ).
I'd say the proper analogy to security problems would be you lock the check in the glovebox of the car and lock the doors, but due to a defect in the design or manufacturing process ( not just a random defective part, but either the design causes this or all parts made are defective ) the locks all spring open if someone hits the passenger-side door hard, letting a thief steal everything in the car. In that case the car maker probably would be held liable for the defects because they should've caught them and, quite simply, the locks aren't performing as locks are expected to perform.
We have laws that tell auto manufacturers how they can build cars. Not in detail, no, but they have to meet certain standards or they just aren't legal to make. Note that business concerns don't enter into it. Making the Ford Pinto the way they did originally was a good business decision. It really did cost Ford less to pay out the death claims than to improve the car. It even arguably benefitted the consumers, because lower costs to Ford meant a lower price on the car and consumers were still buying them even after the problem became public so people obviously wanted them. The courts still held Ford criminally liable for building a car that blew up and killed people when they could easily have built one that didn't.
I think you're forgetting one thing. We've already swapped out everything we can, physical RAM is full, the swap space is full, and something still wants more memory. So, we suspend something. OK, what do we do with it? We can't swap it out, no swap space to put it in. If we can't swap it out, how do we free up any of it's pages? And if we can't free up any pages, how do we satisfy the process that wants more memory?
I don't like the OOM killer, but when you're in that tight a bind there's not a lot of better options.
Make the point of "Why are we spending large amounts of money on licenses and opening outselves to spending even more defending ourselves against charges that we haven't bought enough, when there's software available that does the job and which doesn't require a license per seat?". Point out the state and municipal governments that've gotten audited by companies like Microsoft and had to spend large amounts of the taxpayer's money to prove they really did have all the licenses they needed. Ask whether this is really a prudent way to spend tax money, when there's an alternative available.
A USB floppy might be OK, but I don't want an external box cluttering up the shelves any more than they already are. Floppies are internal devices in tower/desktop boxes. And digital cameras tend to use Compact Flash or Memory Sticks or Smart Media, which won't work in a bog-standard floppy drive obviously, so you need a real USB floppy drive.
As for USB->serial dongles, that's fine for a modem, maybe, but you don't do sub-microsecond latencies over USB. For a clock you need a serial port right on the computer's main bus, be it ISA or PCI or the main chipset to keep the delay down to where it needs to be for accurate clock signals.
Serial ports and keyboard go? How? Sure I can lose the parallel port, USB's better for printers and SCSI for scanners. The RTC isn't on the ISA bus, it's part of the CPU chipset. Floppy I don't want to lose, they're too convenient for small things that don't merit burning an entire CD-R for. Serial ports, if I don't have one where am I going to connect the GPS unit for the clock? Or the modem for FAX and fallback if the cable/DSL goes out ( and before you mention PCI internal modems, outline how to power-cycle it without power-cycling the entire computer )? Keyboard and mouse could conveniently go on USB, as long as the BIOS knows how to talk to them during boot, but you probably need a seperate USB bus for them so that stupid USB devices like scanners and Webcams that send lots of data don't lock the keyboard out ( annoying to have a broken scanner hosing the system and you need to kill the process reading from it but you can't because the keyboard can't get bus time because the scanner's hogging it ).
I wouldn't mind losing the ISA bus, as long as I don't lose the devices in the process.
That helps avoiding recovery from the disk itself, but it doesn't do anything about the most effective recovery source: the backups. When I was doing VAX operator work, if your file was on the computer more than 24 hours it was guaranteed to be on the backup tapes for at least 2 weeks. If you left it in existence through Friday night, it'd take 3 months to roll off of backups. Unless of course it happened to be on the one full backup every month we pulled for archiving, in which case it might be anywhere from a year to 5 years until it got destroyed.
Conundrum: the whole point of backups is to make recovering deleted data easier, which directly conflicts with the need to make deleted data unrecoverable.
IMHO if I subscribe to a business or purchase a product, the only e-mail I should receive is information specifically about what I subscribed to or bought. Eg., if I sign up for eBay I should by default only get information about changes to my eBay account. Anything beyond, eg. information about eBay services I didn't sign up for, is unsolicited commercial e-mail. Until the company takes over paying for my access to my e-mail, the burden's on them and it's not my responsibility to track down and decline everything they'd like to send me.
I've installed XP, both Home and Professional. By default the user they create for you has Administrator privileges. You can downgrade it, but you have to know exactly what you're doing. And by default you can't log in to the Administrator account, it doesn't show as an option, so if you screw up you have to wipe the machine and reinstall.
Actually you could write an e-mail client for Linux that would automatically execute attachments. It's not even that hard. But even if such a client became popular viruses still wouldn't spread on Linux like they do on Windows. The big difference is that, unlike Windows, Linux doesn't grant users unlimited power by default. You normally use an ordinary user account, not root, for reading your mail. If a virus runs, it can only infect your own files, not the system files. That generally contains the infection, since most of the programs on the system aren't owned by the user you regularly use, and makes clean-up simple since you can still trust the clean-up tools owned by root. At least, as long as you don't make a habit of running as root. If Windows had this, it'd be as resistant to viruses as Unix is. But Windows will never have this, because it "wouldn't be convenient for the users".
Slashdot Mirror
Why should taxpayer-projects be GPL'd? Because a private company should not be free to take software that was developed using public funds, gain the benefit of that software as a starting point for their own work and still be allowed to cut the public out of benefiting from the public's portion of the work. You already see these companies arguing exactly this when it comes to their IP: nobody else should be allowed to use it as a starting point without cutting the original developer in for a royalty or some other form of payment. Why, then, should our IP be co-optable by a company without compensation? And sharing back of enhancements is a lot easier than trying to figure out royalty rates.
Is it right to damage a companies profits and endanger jobs for people ? people with families to feed?
The automobile damaged the profits of all the companies who made horse-drawn buggies and raised the horses to draw them, and damaged all the companies who made horseshoes and buggy-whips and all the other things you need if you're going to have a horse-drawn carriage. The automobile basically put the horse-drawn carriage out of business. Should Henry Ford, then, have been enjoined to not start up the Ford Motor Company and produce his cars, because it would damage existing companies and existing jobs?
Of course not. Just damage isn't the issue. Just because Blizzard started battle.net doesn't give them any legal or moral right to shut down competition. Their rights are limited to:
- Preventing anyone from copying their server software (developing your own compatible software without copying theirs is perfectly OK).
- Preventing anyone from distributing copies of their game software, modified or not (modifying a copy of a game you own falls under fair use, just like making notes in a copy of a book you own).
I can't see where bnetd has done anything that falls under those two. I can see where Blizzard may be annoyed that people are sidestepping their attempts to time-limit the beta, but it's not bnetd's responsibility to enforce Blizzard's rules. I hope Blizzard gets smacked on this one when it goes to court.Maybe this is a good thing. First, it provides a graphic rebuttal to the people who say "Why worry about spam, just hit the Delete key and it's not a problem anymore.". A slowdown like this is a big problem, and hitting the Delete key won't solve it because the servers are still bogged down delivering it so you can delete it.
Second, if the majors like AT&T start getting affected like this, maybe they'll start taking it seriously as a "this is going to cost us customers" problem. The spamhauses have hidden behing the fact that it doesn't cost their providers much to keep them around and they do pay their bills. If this kind of realization sinks in, the majors may start looking for the ultimate source of the spam (not just the relay they used, but the person/company actually responsible for the spam) and punting them from their networks completely to avoid ticking off the other major players. If I call UUnet and complain about a paying customer they're not likely to listen. If AT&T calls UUnet, they've a slightly bigger club to wave.
Yep, but the RIAA may have done themselves on this one. They've prosecuted so many people for not taking down copyrighted material when the copyright owner asks that no court could dismiss the precedent. And with the court ruling that electronic rights don't automatically go along with publishing rights, there's a good precedent that absent explicit contract language the artist, not the label, owns the electronic rights to the songs. It'd be fun to watch the RIAA trying to counter the same arguments they've been using to go after Napster.
I'm running the latest nightly build on a 400MHz K6-3 bought some 3 years ago when 450-500MHz chips were the fastest thing on the market. It runs fine, doesn't crash (usually) and isn't what I'd consider slow (biggest problem is network delays, not software speed). Are you sure you aren't looking at Netscape instead?
I can understand the problems caused by unmaintained blacklists, or ones that operate on the roach-motel principle. All you can do is communicate directly with the blacklist maintainers, or communicate with the sites blocking you (mail to postmaster shouldn't be blocked) and see if you can convince them the blacklist is unreasonable. If sites start getting lots of reports about a blacklist refusing to delist open relays after they've been fixed, site operators may stop using those blacklists.
On the other hand, you admit to having had an open relay in your network. Back before 1995 or so this might have been excusable. If we're talking in the last 6 years, though, there's no excuse. The problems have been well-known, the solutions equally well-known and easily implemented. If you shoot yourself in the foot, even unintentionally, whose fault is the resulting pain?
In the very big companies, you'd be right. But volume licenses for MS OSes go down to 20-30 seats. That was one of the things that nearly caused a customer revolt, when MS tried eliminating the low-volume corporate licenses. And in a company in the sub-100-employee range, they likely manually install the OSes. I worked for one of the bigger commercial truck-stop companies, and I had CDs for most of the software on my desktop computer in my desk drawer (which I considered a mixed blessing). Under those circumstances I'd be suprised if copies of the no-activation CDs didn't wander from time to time. You won't see those keys circulated, though, because the people who're using them aren't comfortable handing them out to the world. There may be no difference, but they consider what they're doing different from handing the keys out to all and sundry. And the company may be liable, but what would MS do? Without activation there's no way for them to detect the illegitimate copies easily, and if they came down too hard on the small companies then those companies would switch to Macs because they can't afford the liability, and MS isn't going to write off that large a chunk of their customer base, sabre-rattling to the contrary.
Nice theory. Too bad it runs afoul of one inconvenient fact: the copies of WinXP in use in most companies do not have WPA in them at all. Only the retail versions get the activation, OEM and Enterprise-license copies are essentially pre-activated or don't require activation.
Yup. And guess what gets reinstalled as soon as he hooks up his network connection. And around and around we go...
Now think about the admin with 400 XP servers on his network. Once a week, he doesn't have to install patches on each and every one.
I'll think about the home user. You know, the one who, unlike the corporate admin, doesn't have clue 1 about backing out a bad patch. You outlined the problems corporate admins have had with bad Windows updates. What's a clueless home user going to do when things start breaking and he really didn't do anything to the system?
Yeah, its really hip to have that one guy come in at work at 2pm and work until 9 at night, because he's so damn elite, until you realize that he's unable to interact with all of the _adults_ who have children and real-life responsibilities.
How often do programmers need to interact with the "rest of the team"? Especially in this day and age of economizing and minimal team sizes, it's fairly common for the programmer to be the only one working on a particular project or large part of it. Most of the interaction I need in my job could be done as easily (more easily really) through e-mail. Face-to-face is good when dealing with some things, but I just schedule that on an as-needed basis and it isn't a day-to-day thing. It'd be more important on a large-team project, but who these days is hiring 4 programmers to do what 1 can do?
Ooh, and lets pamper the programmers with soda and candy and teddy bears and futuristic chairs.
Talk to the trucking industry. They thought those fancy comfortable captain's chairs were useless too, right up until the 4th study that proved that those fancy chairs let the drivers stay on the road longer before needing a break. The trucking companies did the simple math "more time on road + less break time needed = more runs per month = more profit for company" and guess what's standard in big rigs now. Same with those chairs for programmers. A chair doesn't seem important until you'll be spending 11-12 hours at a stretch in it. With an uncomfortable chair I'll be getting up every hour, and 5 minutes every half hour because my butt's aching from the chair adds up to 6+ hours a week dead time. For a $65K/year programmer, a thousand dollar chair pays for itself in increased work time in 5 weeks. And the chair will last a lot longer than 5 weeks, in fact it'll probably be there long after the programmer isn't.
Lets not forget a dress code. Yeah, lets not enforce that, you don't need to look good to program, man. Until that one programmer wearing the 2 sizes too small phantom menace t-shirt with the body odor turns off a potential client.
Comfortable clothes don't mean unwashed messes. I like dress shirts and jeans. Some guys like knit short-sleeve shirts and shorts (makes emminent sense in the summer in southern California). I've worn a tie and it's damned distracting, which is a Bad Thing when I'm trying to concentrate on the intricate bit of code that absolutely has to be finished today if you want your project on schedule. My tossing the tie won't cost the company money, my missing the deadline on the project probably will. As a professional I know which should take priority, the dress code or the work.
Lets have a nerf gun fight! Woopie! Two guys want to fuck around, so the entire floor can't get anything done because two guys are running around screaming.
Again, it comes down to productivity. It's not possible to work hard for long stretches without taking a break and relaxing at some point. If you try, you wind up staring at the screen wondering what all those squiggles mean, or worse yet getting stupid and writing major design bugs into the code that'll take ten times as long to fix after you're resting and thinking again. If the noise is interfering with the other programmers, they'll let the guys involved know. Or maybe they'll take a break and join in now, then go back to working, instead of taking a break in 20 minutes. Either way, they probably won't have a problem and they're the ones doing the work. If you have a problem, just shut your door and go back to what you were doing. If the horsing around is causing missed deadlines, harp about the missed deadlines and the programmers will get the message without being insulted. Remember that your project won't get done if all your programmers have left for somewhere with not-so-sharp hair (and even in this economy a good programmer will usually find work, usually replacing a not-so-good programmer in an IBM uniform).
If they're looking, they'll be back. Maybe not in 2 seconds, but the next day trying a new vulnerability. The guy who typo'd an IP address won't be. That's what I did when I was watching Code Red scans: built a history of IP addresses and the number of times they'd probed me per day. The random hits sank to the bottom of the list, a couple-three hits on one day and nothing the rest of the time. The infected machines rose to the top, a dozen or so hits a day every day for a week. Easy to track, easy to spot, all done with a little program I hacked up in about 2 hours to parse the logs and record the data.
Simple: you don't report everyone. You look at the logs for patterns: people who try the same port several hundred times, people who send suspicious data repeatedly to the same port, people who hit a large range of ports in a short time. You report them, and ignore the guys who make 3 attempts at the FTP port and go away. Any decent log analysis tool should make this easy.
As far as not caring, that's why nobody answered you. They know that, if they ignore you, you'll give up and go away. The only solution is to not go away. If every admin who got scanned for real reported it every single time, and didn't quit, and escalated it to the upstreams if the scans continued without abating, then the sources of the scans couldn't just ignore the mail anymore. Yes it eats more of your time than just ignoring the problem, until of course your ISP calls you telling you you've been cut off because that DDoS you've been ignoring is eating up too much of their bandwidth.
Right, but those are all the problems it should cover. If a car maker does a recall to fix a problem and gives the owner sufficient notice of the problem and the owner doesn't take his car in to get it fixed, the car maker isn't liable for things that happen after the recall was issued. Same with software, if a fix was made and publicized sufficiently well and the user didn't apply it, it's not the software vendor's problem anymore.
Like I said, we treat software the way we treat cars in this regard. We don't hold car makers liable for the modifications their customers make after they've bought the car, or if their customers abuse the car ( eg. taking a Corvette on a cross-country off-road race ). But we hold them liable for the way they design and make the cars ( eg. designing a car where the fuel tank is placed so it ruptures on any rear-end impact, or manufacturing tires without doing any quality control to make sure they won't explode while driving normally ).
I'd say the proper analogy to security problems would be you lock the check in the glovebox of the car and lock the doors, but due to a defect in the design or manufacturing process ( not just a random defective part, but either the design causes this or all parts made are defective ) the locks all spring open if someone hits the passenger-side door hard, letting a thief steal everything in the car. In that case the car maker probably would be held liable for the defects because they should've caught them and, quite simply, the locks aren't performing as locks are expected to perform.
The Ford Pinto.
We have laws that tell auto manufacturers how they can build cars. Not in detail, no, but they have to meet certain standards or they just aren't legal to make. Note that business concerns don't enter into it. Making the Ford Pinto the way they did originally was a good business decision. It really did cost Ford less to pay out the death claims than to improve the car. It even arguably benefitted the consumers, because lower costs to Ford meant a lower price on the car and consumers were still buying them even after the problem became public so people obviously wanted them. The courts still held Ford criminally liable for building a car that blew up and killed people when they could easily have built one that didn't.
So why should we treat software any differently?
I think you're forgetting one thing. We've already swapped out everything we can, physical RAM is full, the swap space is full, and something still wants more memory. So, we suspend something. OK, what do we do with it? We can't swap it out, no swap space to put it in. If we can't swap it out, how do we free up any of it's pages? And if we can't free up any pages, how do we satisfy the process that wants more memory?
I don't like the OOM killer, but when you're in that tight a bind there's not a lot of better options.
Make the point of "Why are we spending large amounts of money on licenses and opening outselves to spending even more defending ourselves against charges that we haven't bought enough, when there's software available that does the job and which doesn't require a license per seat?". Point out the state and municipal governments that've gotten audited by companies like Microsoft and had to spend large amounts of the taxpayer's money to prove they really did have all the licenses they needed. Ask whether this is really a prudent way to spend tax money, when there's an alternative available.
A USB floppy might be OK, but I don't want an external box cluttering up the shelves any more than they already are. Floppies are internal devices in tower/desktop boxes. And digital cameras tend to use Compact Flash or Memory Sticks or Smart Media, which won't work in a bog-standard floppy drive obviously, so you need a real USB floppy drive.
As for USB->serial dongles, that's fine for a modem, maybe, but you don't do sub-microsecond latencies over USB. For a clock you need a serial port right on the computer's main bus, be it ISA or PCI or the main chipset to keep the delay down to where it needs to be for accurate clock signals.
Serial ports and keyboard go? How? Sure I can lose the parallel port, USB's better for printers and SCSI for scanners. The RTC isn't on the ISA bus, it's part of the CPU chipset. Floppy I don't want to lose, they're too convenient for small things that don't merit burning an entire CD-R for. Serial ports, if I don't have one where am I going to connect the GPS unit for the clock? Or the modem for FAX and fallback if the cable/DSL goes out ( and before you mention PCI internal modems, outline how to power-cycle it without power-cycling the entire computer )? Keyboard and mouse could conveniently go on USB, as long as the BIOS knows how to talk to them during boot, but you probably need a seperate USB bus for them so that stupid USB devices like scanners and Webcams that send lots of data don't lock the keyboard out ( annoying to have a broken scanner hosing the system and you need to kill the process reading from it but you can't because the keyboard can't get bus time because the scanner's hogging it ).
I wouldn't mind losing the ISA bus, as long as I don't lose the devices in the process.
That helps avoiding recovery from the disk itself, but it doesn't do anything about the most effective recovery source: the backups. When I was doing VAX operator work, if your file was on the computer more than 24 hours it was guaranteed to be on the backup tapes for at least 2 weeks. If you left it in existence through Friday night, it'd take 3 months to roll off of backups. Unless of course it happened to be on the one full backup every month we pulled for archiving, in which case it might be anywhere from a year to 5 years until it got destroyed.
Conundrum: the whole point of backups is to make recovering deleted data easier, which directly conflicts with the need to make deleted data unrecoverable.
IMHO if I subscribe to a business or purchase a product, the only e-mail I should receive is information specifically about what I subscribed to or bought. Eg., if I sign up for eBay I should by default only get information about changes to my eBay account. Anything beyond, eg. information about eBay services I didn't sign up for, is unsolicited commercial e-mail. Until the company takes over paying for my access to my e-mail, the burden's on them and it's not my responsibility to track down and decline everything they'd like to send me.
I've installed XP, both Home and Professional. By default the user they create for you has Administrator privileges. You can downgrade it, but you have to know exactly what you're doing. And by default you can't log in to the Administrator account, it doesn't show as an option, so if you screw up you have to wipe the machine and reinstall.
Actually you could write an e-mail client for Linux that would automatically execute attachments. It's not even that hard. But even if such a client became popular viruses still wouldn't spread on Linux like they do on Windows. The big difference is that, unlike Windows, Linux doesn't grant users unlimited power by default. You normally use an ordinary user account, not root, for reading your mail. If a virus runs, it can only infect your own files, not the system files. That generally contains the infection, since most of the programs on the system aren't owned by the user you regularly use, and makes clean-up simple since you can still trust the clean-up tools owned by root. At least, as long as you don't make a habit of running as root. If Windows had this, it'd be as resistant to viruses as Unix is. But Windows will never have this, because it "wouldn't be convenient for the users".