No, unfortunately it's not just policy, it really is the way the cable network works. DOCSIS 3.0 will help the problem by allowing more than a single channel for upstream on any given head-end, but until then they're stuck with a network that's only got a fraction as much upstream bandwidth as downstream.
Doesn't work that way. For cable Internet the bottleneck is the upstream link from the subscriber's cable modem to the cable head-end. That upstream link's got only a fraction of the bandwidth the downstream link does, and's easy to saturate. And that's exactly the link that'd be hit when a subscriber downloads a file from another subscriber, because the download for the recipient is an upload for the machine hosting the file. And that upstream isn't per-customer, it's shared among all subscribers on a given head-end node.
Basic problem: cable internet companies built their networks on the cable-television model where subscribers receive data but don't generate their own. This... failed to reflect actual usage.
All except the first are system-wide files that don't contain any user-specific information, though. That's because a normal user can't write to those directories. Unless you log in as root and customize those files manually, they're going to remain the same as the original package installed them. So if you need to recover, you can just reinstall that package and get those files back to the exact state they were in before. And once you restore the user's homedir, all of their user-specific customization of those packages is restored and they're back in business.
Windows permits the same system-state restore by just reinstalling the software too. But due to many applications' tendency to put user configuration in non-user areas or in the registry where special software's typically needed to back it up and restore it properly, recovering user-specific configuration after a complete wipe and reinstall of a system can be... nontrivial. Not impossible, but getting the backup right involves a bit more than "tar -C ~username -czf/mnt/backups/user.tar.gz.".
This ought to be a wake-up call to businesses running a site: update your search features to work. Too often I find a site's own search box useless, it either doesn't return good results or tries to route me through what the site operator wants me to see instead of to the pages I want to see. Google's search probably won't. Not even a contest between them, far as I'm concerned. If the site doesn't like that, then they need to fix their search function.
No, he wouldn't have to back up the/usr stuff. That's system-wide, contains no user configuration or data. If you've got the original distribution media, you can just reinstall the app to get all that back. It's the user-specific configuration, all your preferences and settings and extra plug-ins and such that you need to save as part of a backup, and on Unix all of those are stored in dot-files or in dot-directories under your home directory. The only possible exception is/etc, if you've changed system-wide config files to suit you better then you'll have to back up/etc. And yes, the registry hives are in the filesystem, but again not all the parts of an application's setup are in the user registry hive. Just restoring the hive files tends not to produce a working setup.
And Vista is relevant not because he's running it, but because Vista has started to enforce good practices for applications by, for example, not allowing applications to write user-specific configuration to system-wide areas and blocking applications from dropping stuff in the Windows system folders. Any app that has heartburn with that under Vista will, under XP, leave critical bits in places you wouldn't normally save if you were backing your stuff up and if you try reinstalling without those bits things Just Won't Work Right.
Except for the applications that don't store their stuff there, they store it in the "All Users" profile instead. Which they shouldn't, but the number of applications that have problems under Vista is testimony to the number that ignore the rules.
Get over it, Roblimo. Windows does have a/home/ equivalent, namely the My Documents folder. Almost every single application will by default use that directory as the default location for any files you use, so if you do want to back up your data, just backup that directory.
Except that the/home/username directory in Unix stores a lot more than just data. It's also where configuration information, and even the applications themselves, go. In Windows if you back up only your My Documents folder, you get less than half the information you need. Program configuration is often critical, and when in files lives in at least 4 places, none of which are under My Documents. And then there's registry information, which isn't even in the filesystem. And then there's the chunks of the application that don't go into it's Program Files folder or wherever else you installed it, but go into Windows system folders. No, applications aren't supposed to do that. No, that doesn't stop them even in this day and age. Why do you think so many applications get heartburn under Vista (which is pickier about such misbehavior)?
Basically, on a Unix system if I save a copy of my home directory tree I'm pretty much guaranteed to have gotten not only all my data but all the configuration information and other things I need to restore not just my data but my application environment. On Windows, if I save a copy of My Documents I'll lose the majority of my application environment.
MS sees anything but Windows as a threat to their existence. But they can't figure out how to fight a community. They do know how to fight and beat a company, though. So their plan is to reduce Linux to a single company, then deal with that company.
The problem isn't creating a reliable voting machine. That's trivial. What's hard is creating a voting system (of which the machine is only a small part) that can be verified to have been reliable without having to assume anything about the reliability or accuracy of any part. The only feasible way of doing this so far involves keeping a record independent of the machine's counts. That, frankly, is the basis for every method of financial audit ever created. And it works. I dealt with systems in a casino that assumed that everyone, from the cashiers to the auditors themselves, was crooked and it could still identify the exact source of even a single penny of error.
And this, children, is why you should never ever give the password to your account to someone else. Not even someone who claims to want to do something for you. Once you've given it to them, you have no control over what they do with it.
I've found the best way to support Unix distributions is to not support them. Just support the software you need. If you need a particular version of a library, note that dependency. Keep your dependencies as general as you can, eg. never require version 1.4.5 of a library if you can work with any version 1 or 1.4. Config files have a standard location, usually/etc/softwarename and $HOME/.softwarename. Allow overriding this via command-line switches. At that point you won't need to worry much about variations between distributions, beyond "Distribution X only supports version 2 of package $XYZZY, we're coded to version 1 and v2 isn't backwards-compatible.".
The biggest obstacle: DirectX. It's API is only available on Windows, no other platforms, and (especially with DirectX 10 and Vista) Windows seems to go out of it's way to make OpenGL unattractive or non-feasible. That makes it difficult for game companies to target both Windows and non-Windows systems from the same codebase.
I always thought that the question of whether spam was protected speech or not was simply beside the point. Think about it. Political expression is definitely protected speech, but does that give the candidates the right to put their campaign signs up on your front lawn without permission? No. It's your lawn, their right to speak doesn't include a right to use your lawn as their venue. They want a place to speak, they get to hire their own hall or use strictly public spaces.
And no, there's not a parallel with snail-mail. With physical mail, the sender pays. I pay absolutely nothing for my mailbox, nor to receive mail, the sender's the one who has to foot the bill for the postage. With e-mail, though, I'm the one footing the bill for the mailbox it arrives in, and the bandwidth to receive it, and the storage space to hold it until I read it. The sender, by contrast, spends nothing whatsoever on postage sending the message.
Well, yes, it does rely on that. And why shouldn't it? We're the people who use it, after all, and we're professional programmers. We have the skills to maintain it and the perfect reason to do so: it's easier to maintain and extend it than to write something new from scratch. Recognition doesn't enter into it at all, it's sheer self-interest. The theory (which seems to work well in practice) is that there's so many people like me out there that if a F/OSS package is at all useful there will be people with a vested interest in maintaining it doing so.
Software like IIS, SQL Server, Apache, Microsoft Office, Exchange, Lotus Notes, Adobe Photoshop, Xerces, Curl, all those software package names? They're not part of what I do every day. They're tools I use to do my real job. And I get paid for doing that job, not for using those tools. Much like an automotive mechanic doesn't get paid for using a socket set, he gets paid for working on a car. A socket set is just one of the tools he needs to use to do that work. And if Snap-On and Matco and Craftsman and every other maker of socket sets in the world went out of business tomorrow, that mechanic would still be getting paid to work on cars using the socket set he already has. If he needs replacement sockets he may have to go out and find a source for them, but by that point some bright soul's going to have figured out that there's a lot of mechanics needing socket sets and there's a profit to be made in supplying them. That is, after all, how Snap-On, Matco and Craftsman were born in the first place.
Why? My company isn't going to suddenly stop needing my services just because some other commercial software company goes out of business. My monetary incentive is completely independent of what happens regarding the F/OSS libraries software I use. It's even independent of the commercial software I use. If Oracle goes out of business tomorrow, my company will still need the 5 projects in my queue finished and by the time I finish them they'll have found 5 more they need done to keep me busy. And the F/OSS software won't suffer either. If all the programmers being paid to work on say Xerces lose their jobs and stop, I and a lot of people like me will still need an XML parsing library, and we'll still need bugs fixed and features added. And it'll still be cheaper and easier for us to fix the bugs or add the features and release the results back for others to maintain than it will be to switch over to (IME inferior) commercial software or to try maintaining the patches ourselves.
It does help programmers in general. It doesn't help a specific type of programmer, one who creates software for sale as software, but as noted those are actually a minority of programmers. A very vocal minority, but a minority nonetheless. Putting the majority of programmers and companies to the extra costs and hassles to benefit a minority is not a good thing in general, only for particular segments.
Hah. They were saying that back when I was in high school, 30 years ago. It doesn't seem to have happened yet.
The main reason it hasn't is that all the people predicting it focus entirely on the process of writing code. That's the easy part. The hard part is figuring out what code you want to write. That involves hard questions like "What constitutes valid data?" and "What's the proper response when we see this sort of error?". I spend more time cajoling users into thinking about what they want there than actually writing the code to do it. I won't believe programming as a profession is extinct until I start to see users thinking about those things before asking for something to be done.
Actually I can answer it simply: it makes my job as a programmer easier. I'm one of the vast majority of programmers who do not work for a company writing software for others. I write software for internal use at my company. We aren't going to sell it. We aren't going to give it away. It's never going to leave the confines of the company. And F/OSS gives me easy options. I need an HTTP library? Grab Curl. I need a SOAP library? Grab gSOAP. SSL? Grab OpenSSL. Printing? CUPS. XML/XSLT parsing/processing? Xerces and Xalan. And having gotten that utility software out of the way, I can proceed on to the business-specific stuff that my company really wants me to be working on.
Yes, we could buy commercial libraries for all those things. But those commercial libraries come with hefty costs for things we aren't going to use, have license restrictions attached like how many copies we can have installed that have to be managed, and have very poor support when it comes to bug-fixes and support for exotic hardware/OS platforms. F/OSS simply gives us far fewer headaches and costs us fewer dollars to use. When we need it somewhere, we just install another copy and we're good to go. All we have to watch out for is redistribution of our software outside the company, and that's easy since it's not supposed to happen.
Yes, F/OSS is very bad for programmers who make their living selling software commercially to others to use. But that's like saying that the advent of the automobile was very bad for the people who made horse-drawn wagons, carriages and such, and the people who bred and sold horses to pull them: it pretty much meant the end of most of their business. But those people were a small minority compared to the number of people who merely used wagons and carriages, and now trucks and automobiles, to move cargo and people around.
Is this limited to cases where the second-level domain doesn't exist, or do they do it for all NX responses? Ie., if you try "http://www.source-victoria.com/" (a host which doesn't have an A record), does TW return an NX response or the address of their server?
Say you've got a program on an embedded device that automatically downloads updates. It retrieves "http://updates.devicecompany.com/model/latest-firmware.txt" to check what the latest offered version of the firmware is, and if the latest is greater than what's installed it retrieves "http://updates.devicecompany.com/model/firmware-.dat" and installs it. If the company goes out of business or stops providing updates, updates.devicecompany.com won't resolve anymore or will return a 404 error, so the device doesn't need to do a whole lot of error checking. And error checking means more code, which means more memory needed to hold that code, and this device is designed to be as cheap as possible so it omits anything it doesn't need.
Now, suppose the company goes out of business. No problem for the device, the host it's at is supposed to not resolve anymore so it won't try to contact it. But now TW intervenes. Instead of failing to resolve or getting a 404 error, the grab of the latest firmware version returns garbage (an HTML page, not a properly formatted indication of the latest firmware version). Bam, device crashes. Or worse, it misparses the results and tries to download new firmware. Again, garbage (HTML page) instead of a valid firmware image. But since there's no error checking, it tries to load that HTML page into memory as a firmware image. Bam, one insta-brick.
Or suppose the device isn't even using HTTP. The DNS servers don't know what protocol the device intends to talk, it could be logging into an FTP server or querying data via SNMP for all TW knows. The application gets bogus DNS responses anyway, even though it's not using HTTP or the Web at all. Breakage is the least problem here. The application's sending things like passwords up to the server. Even if it uses SSL to protect against eavesdropping, the TW server is an endpoint and SSL won't stop the endpoint from seeing the data. Do you want to have applications handing your vendor-support-site passwords over to TW because of a typo in a hostname? I sure don't.
This isn't a problem when it's a human running a browser looking at pages. But there's a large chunk of traffic that isn't humans, isn't a browser, and isn't using the Web at all. And TW's change breaks everything except that small, select chunk that's humans looking at a browser window. Bad thing, that.
There was. What TW's doing is more pernicious, though. When NetSol was doing it, they were returning the A records directly from their first-level nameservers. BIND's no-delegation option can deal with that, because those first-level nameservers aren't supposed to be returning A records and BIND can translate those response into proper NX responses. With TW, since their DNS servers are supposed to be returning A records, there's no way to tell whether a particular affirmative response is valid or invalid. The only way to fix the problem is to cut TW's servers out of the loop entirely. All well and good, until of course TW either starts blocking all traffic to port 53 that's not to their DNS servers (like they do with outbound to port 25 now) or silently redirecting all DNS queries to their servers. Note that both of these are trivial, my own firewall has (commented-out) rules for both and neither takes more than about 3 lines.
The problem here is that what TW is doing breaks DNS. By the RFCs, when I try to resolve a name that doesn't exist, I'm supposed to get an NX "record does not exist" result. What I get instead is an affirmative A record "name exists at this address" response. What happens at the browser level is irrelevant, TW's DNS system has already lied about the state of the DNS records associated with a given domain. This badly breaks a lot of things that aren't browsers that use HTTP and depend on correct NX responses to tell them when the server they're trying to talk to doesn't exist.
As long as TW doesn't block direct use of non-TW DNS servers this can be worked around. If they start blocking that access, or redirecting all DNS traffic to their servers, then we've got a major problem on our hands.
Yes, the prosecutors messed up. They charged him with insider trading, which has a very specific definition under the law. In this case the guy doesn't meet any of the requirements to be an insider under the rules. What got him off is probably that he had no help from anyone who was an insider. That's actually a deliberate "loophole" in the law so that, for example, if the CFO is dumb and leaves a copy of his company's next quarterly report on the table at a restaurant a week before it's due to be published, the regular joe who picks it up, notices that the company's earnings have tanked and sells his stock before the rest of the market finds out can't be prosecuted as an insider (unless the regulators can prove some collusion between him and the CFO).
Of course, that aside, the guy's breaking into the computers is a crime, and he can and should be prosecuted for that. But if the prosecutors charged him with something he didn't do, then the charges should properly be thrown out.
And yes, the legal system should be picky about definitions like that. It serves nobody's interests for the courts to begin going "Well, you didn't actually do what you were charged with. But that's OK, since you did something else illegal we'll convict you of what you didn't do anyway.".
You still don't get it! If people can just download it, in full fidelity ( musically ) then why would they buy it?
I don't know why. Perhaps you should ask Baen Books? Or any of the authors who've allowed Baen to put some of their books in the Baen Free Library in vanilla unrestricted HTML format?
It's you who don't get it: even when Baen does that, people do buy those books. And more of them buy them after they're freely available than were buying them before. And they buy them both in electronic form (the same form they could get for free) and in hardcopy. "Why?" is an interesting philosophical question, but at the end of the day the only thing that matters to an author's pocketbook is that it happens.
For me, I buy for two reasons. One, by buying directly from the publisher I don't have to worry about the source of the material or what's happened to it along the way. I don't have to worry that someone's edited the material, or re-encoded it and messed it up, or otherwise mucked with it. And two, if I don't buy it the authors aren't going to be able to make any money and they'll stop publishing material. And then where will I be? Sacrificing long-term interests on the altar of next quarter's profits is something Dilbert's boss would do.
Slashdot Mirror
No, unfortunately it's not just policy, it really is the way the cable network works. DOCSIS 3.0 will help the problem by allowing more than a single channel for upstream on any given head-end, but until then they're stuck with a network that's only got a fraction as much upstream bandwidth as downstream.
Doesn't work that way. For cable Internet the bottleneck is the upstream link from the subscriber's cable modem to the cable head-end. That upstream link's got only a fraction of the bandwidth the downstream link does, and's easy to saturate. And that's exactly the link that'd be hit when a subscriber downloads a file from another subscriber, because the download for the recipient is an upload for the machine hosting the file. And that upstream isn't per-customer, it's shared among all subscribers on a given head-end node.
Basic problem: cable internet companies built their networks on the cable-television model where subscribers receive data but don't generate their own. This... failed to reflect actual usage.
All except the first are system-wide files that don't contain any user-specific information, though. That's because a normal user can't write to those directories. Unless you log in as root and customize those files manually, they're going to remain the same as the original package installed them. So if you need to recover, you can just reinstall that package and get those files back to the exact state they were in before. And once you restore the user's homedir, all of their user-specific customization of those packages is restored and they're back in business.
Windows permits the same system-state restore by just reinstalling the software too. But due to many applications' tendency to put user configuration in non-user areas or in the registry where special software's typically needed to back it up and restore it properly, recovering user-specific configuration after a complete wipe and reinstall of a system can be... nontrivial. Not impossible, but getting the backup right involves a bit more than "tar -C ~username -czf /mnt/backups/user.tar.gz .".
This ought to be a wake-up call to businesses running a site: update your search features to work. Too often I find a site's own search box useless, it either doesn't return good results or tries to route me through what the site operator wants me to see instead of to the pages I want to see. Google's search probably won't. Not even a contest between them, far as I'm concerned. If the site doesn't like that, then they need to fix their search function.
No, he wouldn't have to back up the /usr stuff. That's system-wide, contains no user configuration or data. If you've got the original distribution media, you can just reinstall the app to get all that back. It's the user-specific configuration, all your preferences and settings and extra plug-ins and such that you need to save as part of a backup, and on Unix all of those are stored in dot-files or in dot-directories under your home directory. The only possible exception is /etc, if you've changed system-wide config files to suit you better then you'll have to back up /etc. And yes, the registry hives are in the filesystem, but again not all the parts of an application's setup are in the user registry hive. Just restoring the hive files tends not to produce a working setup.
And Vista is relevant not because he's running it, but because Vista has started to enforce good practices for applications by, for example, not allowing applications to write user-specific configuration to system-wide areas and blocking applications from dropping stuff in the Windows system folders. Any app that has heartburn with that under Vista will, under XP, leave critical bits in places you wouldn't normally save if you were backing your stuff up and if you try reinstalling without those bits things Just Won't Work Right.
Except for the applications that don't store their stuff there, they store it in the "All Users" profile instead. Which they shouldn't, but the number of applications that have problems under Vista is testimony to the number that ignore the rules.
Get over it, Roblimo. Windows does have a /home/ equivalent, namely the My Documents folder. Almost every single application will by default use that directory as the default location for any files you use, so if you do want to back up your data, just backup that directory.
Except that the /home/username directory in Unix stores a lot more than just data. It's also where configuration information, and even the applications themselves, go. In Windows if you back up only your My Documents folder, you get less than half the information you need. Program configuration is often critical, and when in files lives in at least 4 places, none of which are under My Documents. And then there's registry information, which isn't even in the filesystem. And then there's the chunks of the application that don't go into it's Program Files folder or wherever else you installed it, but go into Windows system folders. No, applications aren't supposed to do that. No, that doesn't stop them even in this day and age. Why do you think so many applications get heartburn under Vista (which is pickier about such misbehavior)?
Basically, on a Unix system if I save a copy of my home directory tree I'm pretty much guaranteed to have gotten not only all my data but all the configuration information and other things I need to restore not just my data but my application environment. On Windows, if I save a copy of My Documents I'll lose the majority of my application environment.
MS sees anything but Windows as a threat to their existence. But they can't figure out how to fight a community. They do know how to fight and beat a company, though. So their plan is to reduce Linux to a single company, then deal with that company.
The problem isn't creating a reliable voting machine. That's trivial. What's hard is creating a voting system (of which the machine is only a small part) that can be verified to have been reliable without having to assume anything about the reliability or accuracy of any part. The only feasible way of doing this so far involves keeping a record independent of the machine's counts. That, frankly, is the basis for every method of financial audit ever created. And it works. I dealt with systems in a casino that assumed that everyone, from the cashiers to the auditors themselves, was crooked and it could still identify the exact source of even a single penny of error.
And this, children, is why you should never ever give the password to your account to someone else. Not even someone who claims to want to do something for you. Once you've given it to them, you have no control over what they do with it.
I've found the best way to support Unix distributions is to not support them. Just support the software you need. If you need a particular version of a library, note that dependency. Keep your dependencies as general as you can, eg. never require version 1.4.5 of a library if you can work with any version 1 or 1.4. Config files have a standard location, usually /etc/softwarename and $HOME/.softwarename . Allow overriding this via command-line switches. At that point you won't need to worry much about variations between distributions, beyond "Distribution X only supports version 2 of package $XYZZY, we're coded to version 1 and v2 isn't backwards-compatible.".
The biggest obstacle: DirectX. It's API is only available on Windows, no other platforms, and (especially with DirectX 10 and Vista) Windows seems to go out of it's way to make OpenGL unattractive or non-feasible. That makes it difficult for game companies to target both Windows and non-Windows systems from the same codebase.
I always thought that the question of whether spam was protected speech or not was simply beside the point. Think about it. Political expression is definitely protected speech, but does that give the candidates the right to put their campaign signs up on your front lawn without permission? No. It's your lawn, their right to speak doesn't include a right to use your lawn as their venue. They want a place to speak, they get to hire their own hall or use strictly public spaces.
And no, there's not a parallel with snail-mail. With physical mail, the sender pays. I pay absolutely nothing for my mailbox, nor to receive mail, the sender's the one who has to foot the bill for the postage. With e-mail, though, I'm the one footing the bill for the mailbox it arrives in, and the bandwidth to receive it, and the storage space to hold it until I read it. The sender, by contrast, spends nothing whatsoever on postage sending the message.
Well, yes, it does rely on that. And why shouldn't it? We're the people who use it, after all, and we're professional programmers. We have the skills to maintain it and the perfect reason to do so: it's easier to maintain and extend it than to write something new from scratch. Recognition doesn't enter into it at all, it's sheer self-interest. The theory (which seems to work well in practice) is that there's so many people like me out there that if a F/OSS package is at all useful there will be people with a vested interest in maintaining it doing so.
Software like IIS, SQL Server, Apache, Microsoft Office, Exchange, Lotus Notes, Adobe Photoshop, Xerces, Curl, all those software package names? They're not part of what I do every day. They're tools I use to do my real job. And I get paid for doing that job, not for using those tools. Much like an automotive mechanic doesn't get paid for using a socket set, he gets paid for working on a car. A socket set is just one of the tools he needs to use to do that work. And if Snap-On and Matco and Craftsman and every other maker of socket sets in the world went out of business tomorrow, that mechanic would still be getting paid to work on cars using the socket set he already has. If he needs replacement sockets he may have to go out and find a source for them, but by that point some bright soul's going to have figured out that there's a lot of mechanics needing socket sets and there's a profit to be made in supplying them. That is, after all, how Snap-On, Matco and Craftsman were born in the first place.
Why? My company isn't going to suddenly stop needing my services just because some other commercial software company goes out of business. My monetary incentive is completely independent of what happens regarding the F/OSS libraries software I use. It's even independent of the commercial software I use. If Oracle goes out of business tomorrow, my company will still need the 5 projects in my queue finished and by the time I finish them they'll have found 5 more they need done to keep me busy. And the F/OSS software won't suffer either. If all the programmers being paid to work on say Xerces lose their jobs and stop, I and a lot of people like me will still need an XML parsing library, and we'll still need bugs fixed and features added. And it'll still be cheaper and easier for us to fix the bugs or add the features and release the results back for others to maintain than it will be to switch over to (IME inferior) commercial software or to try maintaining the patches ourselves.
It does help programmers in general. It doesn't help a specific type of programmer, one who creates software for sale as software, but as noted those are actually a minority of programmers. A very vocal minority, but a minority nonetheless. Putting the majority of programmers and companies to the extra costs and hassles to benefit a minority is not a good thing in general, only for particular segments.
Hah. They were saying that back when I was in high school, 30 years ago. It doesn't seem to have happened yet.
The main reason it hasn't is that all the people predicting it focus entirely on the process of writing code. That's the easy part. The hard part is figuring out what code you want to write. That involves hard questions like "What constitutes valid data?" and "What's the proper response when we see this sort of error?". I spend more time cajoling users into thinking about what they want there than actually writing the code to do it. I won't believe programming as a profession is extinct until I start to see users thinking about those things before asking for something to be done.
Actually I can answer it simply: it makes my job as a programmer easier. I'm one of the vast majority of programmers who do not work for a company writing software for others. I write software for internal use at my company. We aren't going to sell it. We aren't going to give it away. It's never going to leave the confines of the company. And F/OSS gives me easy options. I need an HTTP library? Grab Curl. I need a SOAP library? Grab gSOAP. SSL? Grab OpenSSL. Printing? CUPS. XML/XSLT parsing/processing? Xerces and Xalan. And having gotten that utility software out of the way, I can proceed on to the business-specific stuff that my company really wants me to be working on.
Yes, we could buy commercial libraries for all those things. But those commercial libraries come with hefty costs for things we aren't going to use, have license restrictions attached like how many copies we can have installed that have to be managed, and have very poor support when it comes to bug-fixes and support for exotic hardware/OS platforms. F/OSS simply gives us far fewer headaches and costs us fewer dollars to use. When we need it somewhere, we just install another copy and we're good to go. All we have to watch out for is redistribution of our software outside the company, and that's easy since it's not supposed to happen.
Yes, F/OSS is very bad for programmers who make their living selling software commercially to others to use. But that's like saying that the advent of the automobile was very bad for the people who made horse-drawn wagons, carriages and such, and the people who bred and sold horses to pull them: it pretty much meant the end of most of their business. But those people were a small minority compared to the number of people who merely used wagons and carriages, and now trucks and automobiles, to move cargo and people around.
Is this limited to cases where the second-level domain doesn't exist, or do they do it for all NX responses? Ie., if you try "http://www.source-victoria.com/" (a host which doesn't have an A record), does TW return an NX response or the address of their server?
Say you've got a program on an embedded device that automatically downloads updates. It retrieves "http://updates.devicecompany.com/model/latest-firmware.txt" to check what the latest offered version of the firmware is, and if the latest is greater than what's installed it retrieves "http://updates.devicecompany.com/model/firmware-.dat" and installs it. If the company goes out of business or stops providing updates, updates.devicecompany.com won't resolve anymore or will return a 404 error, so the device doesn't need to do a whole lot of error checking. And error checking means more code, which means more memory needed to hold that code, and this device is designed to be as cheap as possible so it omits anything it doesn't need.
Now, suppose the company goes out of business. No problem for the device, the host it's at is supposed to not resolve anymore so it won't try to contact it. But now TW intervenes. Instead of failing to resolve or getting a 404 error, the grab of the latest firmware version returns garbage (an HTML page, not a properly formatted indication of the latest firmware version). Bam, device crashes. Or worse, it misparses the results and tries to download new firmware. Again, garbage (HTML page) instead of a valid firmware image. But since there's no error checking, it tries to load that HTML page into memory as a firmware image. Bam, one insta-brick.
Or suppose the device isn't even using HTTP. The DNS servers don't know what protocol the device intends to talk, it could be logging into an FTP server or querying data via SNMP for all TW knows. The application gets bogus DNS responses anyway, even though it's not using HTTP or the Web at all. Breakage is the least problem here. The application's sending things like passwords up to the server. Even if it uses SSL to protect against eavesdropping, the TW server is an endpoint and SSL won't stop the endpoint from seeing the data. Do you want to have applications handing your vendor-support-site passwords over to TW because of a typo in a hostname? I sure don't.
This isn't a problem when it's a human running a browser looking at pages. But there's a large chunk of traffic that isn't humans, isn't a browser, and isn't using the Web at all. And TW's change breaks everything except that small, select chunk that's humans looking at a browser window. Bad thing, that.
There was. What TW's doing is more pernicious, though. When NetSol was doing it, they were returning the A records directly from their first-level nameservers. BIND's no-delegation option can deal with that, because those first-level nameservers aren't supposed to be returning A records and BIND can translate those response into proper NX responses. With TW, since their DNS servers are supposed to be returning A records, there's no way to tell whether a particular affirmative response is valid or invalid. The only way to fix the problem is to cut TW's servers out of the loop entirely. All well and good, until of course TW either starts blocking all traffic to port 53 that's not to their DNS servers (like they do with outbound to port 25 now) or silently redirecting all DNS queries to their servers. Note that both of these are trivial, my own firewall has (commented-out) rules for both and neither takes more than about 3 lines.
The problem here is that what TW is doing breaks DNS. By the RFCs, when I try to resolve a name that doesn't exist, I'm supposed to get an NX "record does not exist" result. What I get instead is an affirmative A record "name exists at this address" response. What happens at the browser level is irrelevant, TW's DNS system has already lied about the state of the DNS records associated with a given domain. This badly breaks a lot of things that aren't browsers that use HTTP and depend on correct NX responses to tell them when the server they're trying to talk to doesn't exist.
As long as TW doesn't block direct use of non-TW DNS servers this can be worked around. If they start blocking that access, or redirecting all DNS traffic to their servers, then we've got a major problem on our hands.
To which I'd respond with USC Title 17 section 1 paragraph 117(a)(1) which pretty explicitly cover the matter.
Yes, the prosecutors messed up. They charged him with insider trading, which has a very specific definition under the law. In this case the guy doesn't meet any of the requirements to be an insider under the rules. What got him off is probably that he had no help from anyone who was an insider. That's actually a deliberate "loophole" in the law so that, for example, if the CFO is dumb and leaves a copy of his company's next quarterly report on the table at a restaurant a week before it's due to be published, the regular joe who picks it up, notices that the company's earnings have tanked and sells his stock before the rest of the market finds out can't be prosecuted as an insider (unless the regulators can prove some collusion between him and the CFO).
Of course, that aside, the guy's breaking into the computers is a crime, and he can and should be prosecuted for that. But if the prosecutors charged him with something he didn't do, then the charges should properly be thrown out.
And yes, the legal system should be picky about definitions like that. It serves nobody's interests for the courts to begin going "Well, you didn't actually do what you were charged with. But that's OK, since you did something else illegal we'll convict you of what you didn't do anyway.".
You still don't get it! If people can just download it, in full fidelity ( musically ) then why would they buy it?
I don't know why. Perhaps you should ask Baen Books? Or any of the authors who've allowed Baen to put some of their books in the Baen Free Library in vanilla unrestricted HTML format?
It's you who don't get it: even when Baen does that, people do buy those books. And more of them buy them after they're freely available than were buying them before. And they buy them both in electronic form (the same form they could get for free) and in hardcopy. "Why?" is an interesting philosophical question, but at the end of the day the only thing that matters to an author's pocketbook is that it happens.
For me, I buy for two reasons. One, by buying directly from the publisher I don't have to worry about the source of the material or what's happened to it along the way. I don't have to worry that someone's edited the material, or re-encoded it and messed it up, or otherwise mucked with it. And two, if I don't buy it the authors aren't going to be able to make any money and they'll stop publishing material. And then where will I be? Sacrificing long-term interests on the altar of next quarter's profits is something Dilbert's boss would do.