In my opinion, whether to stay with GPLv2 or move to GPLv3 boils down to the same thing as the question of whether to stay with a BSD license or move to the GPL: what things do you care about?
Do you have a problem with a company taking your code, adding their patented methods to it, and using patent enforcement to block anybody from modifying and redistributing the patent-containing version, while they distribute it and make money off it?
Do you care whether a hardware manufacturer takes your code, uses it in the firmware of their device, then prevents anyone else from modifying the firmware and using it in the device (think the Linksys Linux-based routers and the enhanced firmware for them)?
Are you making a Web-delivered application, including "get the source code" functionality and want to prevent anyone from removing that functionality while still keeping your program under the GPL?
Do you want to add any of the restrictions the GPLv3 talks about, without making your program non-GPL?
If you answered "yes" to any of those questions, then you probably want to look at the GPLv3 because it may suit your needs better than GPLv2. If you answered "no" to all of them, GPLv2 will probably suit you just fine.
In the end it boils down to a question of what exactly you want to do with your program, and what things you want to allow or prevent. Once you know that, you look for the license that most closely matches those.
Note that this applies only to code you wrote yourself, when dealing with modifications to code somebody else wrote there's always the added constraint of what license terms they applied to their code. If they put it under GPLv3, you don't have a choice but to put your modified version under GPLv3 (or any later version, if they included that language). Similarly if they put their code under GPLv2 without the "or any later version" language.
The article specifically mentioned an OEM copy of Windows XP. Volume licensing customers aren't getting OEM copies, they've got their own VLKs and media that come with the contract and they won't be out buying OEM media. And if he's talking about 3 seats, he's not big enough for volume or probably even small-business licensing.
You say you want official support. Then you proceed to compare an officially-supported copy of RedHat Enterprise Linux to an OEM copy of Windows XP. Well, I hate to break it to you, but that OEM copy of XP comes with no support. If you read the agreement, it says you as the system builder are responsible for supporting that copy once installed. You don't even get the installation support that comes with the $300 retail XP box. All you get is Windows Update, and the opportunity to hear the Microsoft rep tell you to call the company you bought your computer from. The same with Visual Studio. The commercial software isn't cheaper as far as support goes, they just aren't quoting you the real price until after you're committed.
It's neutral in the same way UPS is neutral about delivering packages. UPS cares about how big and heavy your package is and how far it has to go. They could care less about who's sending it, who's receiving it or what's in it (modulo whether it contains any hazardous materials). For a 12-inch cube box weight 1lb going from Los Angeles to New York via standard ground, UPS charges exactly the same price to everyone. They're going to charge more for a 5lb package than a 1lb package, but they don't charge more because you're Wal-Mart sending the package vs. K-Mart.
Network neutrality is the same thing, the principle that your ISP should charge based only on the amount of traffic, not on where it's coming from. That is, if you download 1 gigabyte of data then what you're billed depends only on that, not on who you downloaded it from.
Retaining search data is both an asset and a liability to a company. The question isn't which is it, but whether it's value as an asset outweighs it's cost as a liability or not. If it doesn't, then it doesn't matter how much of an asset it is you get rid of it.
First, I think the question should be, how did parents ever think they shouldn't be monitoring young childrens' IM? It's in the same league as knowing what house the kid's going to be staying over at and who'll be there. And the rules change as the kid grows up for exactly the same reasons.
But would monitoring have helped in the Foley case? The kid reported it, his parents knew about it, and still every party involved downplayed the incident to the greatest extent possible and took the first opportunity they had to drop the matter. What, exactly, would monitoring have changed?
I'm presuming that sponsored communities won't have the same TOS as paid individual users. And as far as I can tell, if you're logged in as a paid user you do not get the sponsored-community promo on the main page or search results. Those are strictly shown to free users.
And what's the problem with free users seeing ads on Sponsored+ journals? From a practical standpoint, that's the only way to make Sponsored+ work. From a principles perspective, it's reasonable. A free user (Sponsored+ or not) isn't paying for their access in money. Having to see ads in journals of people who've opted to allow them doesn't seem unreasonable to me, it's the trade-off you make for having a journal without having to pay money. If you don't want to see those ads, write LJ a check for a paid account. Otherwise, you'll have to live with what other people have decided to allow on their journals.
Now, you could make an argument that Sponsored+ accounts shouldn't see ads. That's got a stronger basis, since Sponsored+ accounts are already providing revenue to LJ by the ads hosted in their journals. But again, that'd make the whole Sponsored+ thing useless to LJ since everyone'd just get a Sponsored+ account and not have to watch ads.
I see two parts to the ads: sponsored communities and sponsored features.
The sponsored community part I don't see a problem with the ads in. Those would be communities created by a company, and the company gets to put their ads in the community. The company can already do that by an ad in a floating entry at the top of the community, all this is doing is making it official and giving LJ a cut. And it's their community in a sense, if they want ads in it it's them paying the bills. If users find the ads too obtrusive they'll avoid that community and that company and the company'll drop the community as a waste of money.
The sponsored features part I'll reserve judgement on for the moment. The statement seems to imply the ads will be on pages related to features not currently part of LJ's feature set and that'd be too expensive to offer at all without the ads. I want to see how they actually intend to implement it, because it could vary from quite acceptable to quite annoying depending on implementation.
Nowhere in LJ's announcement do I see any plans for ads popping up in ordinary user journals for paying subscribers.
People don't care about what their car's doing or what all those road signs mean or why they should be looking ahead of them while driving, all they want to do is go places in their cars. But we still force them to prove they do know all those things they don't care about, on pain of not being allowed to drive, because their not knowing would endanger others. I fail to see why the same shouldn't hold for computers.
You could set up a server that way, but it wouldn't work in browsers that expect to receive and parse the entire page before requesting any child content. Your server would go "I'm not sending you the rest of the page until you request some of the IMG links." and the browser would be going "I can't request anything from the page until I've parsed the entire page to know what's in it.".
Actually dismissal is also appropriate when the complaintant states a claim upon which relief can be granted but that claim isn't against the defendant. For example, if a store sues me for breaking in after hours and claims they've got video of a car in the parking lot so I must've been the perp, I can note that DMV records show I don't own a car matching that in the video and request a dismissal and I'll likely get it.
Know why gas went to $3/gal in the US?? Because PEOPLE WERE WILLING TO PAY IT. They griped, they whined, they complained, but everyone still went down to the gas station once or twice a week and filled up.
Yes, however to repeat what a Senator said on the matter, people sort of have to go to work regardless of the price of gas. If I don't go to work I lose everything, and public transit doesn't serve the places I've worked. Food still has to be delivered to grocery stores. Electricity still has to be generated. Supply and demand breaks down when either side of the equation becomes inelastic.
Probably this is a matter of the code. *BSD and Linux have the code to most drivers available, so when (not if, when) a suitably-skilled developer gets bit by a driver bug they're not only motivated to fix it (to get rid of their own problem) but they're able to fix it. The exceptions are the closed-source drivers, eg. the ATI and nVidia drivers, which are notably less stable than the bulk of the drivers in the kernel tree.
Contrast this with XP. Very few of the people who're bit by the problem, and thus would be motivated to fix it, are MS developers in a position to fix the bug. MS itself isn't motivated to fix driver problems, because assigning resources to the job would cost and leaving the bugs unfixed doesn't seem to affect revenue. Ditto for third-party hardware vendors, plus they may not have enough access to figure out why their driver has problems with the kernel. Why should we expect bugs to get fixed, when fixing them doesn't directly benefit the people who could fix them?
Yes, the MS security center can be turned off manually. But I'm installing a third-party security package because I don't want to use MS's stuff. If I install Norton and it includes a security center, ease of use says I should get Norton's security center instead of MS's after I've installed it without having to mess around with an MS app to get Norton to work. This is, after all, the argument Microsoft themselves use to justify integrating all their stuff, isn't it? If it's valid for MS, why isn't it equally valid for Norton, Symantec et. al.?
I'd say, if the user wants to install it and knows they're installing it, it doesn't matter whether it's malware or not. If I want to install software that'll route my Web browser through an advertising server, I should be able to do that. If I want to install spamming software, I should be able to do that. The system should be protecting me against unwittingly installing stuff. And if I have to enter an administrative password to install something, that should be proof enough. Users may have to learn that "Just press OK." is not the correct attitude, but then they should've learned that years ago anyway.
Analogy to a car: we don't make cars that'll prevent the driver from deciding to drive up on the sidewalk and mow down pedestrians. We try to set things up so that won't happen just on it's own, and if the car's design was faulty and the steering broke because of that we put the manufacturer on the hook, but if the driver decides to do something like that we let the police and the courts deal with it when as as it happens. Same thing should apply to computers: if you decide to do something dumb, you bear the consequences including being sued, jailed and/or having your Internet access terminated until you wise up. I'd note that's a big difference between cars and computers: if you do something stupid in a car, saying "But I didn't realize driving 95mph on the wrong side of the road was dangerous!" or "But I didn't know I needed to replace my tires when they got worn out!" won't cut it with the cops or the judge. Why should computers be different?
And as I noted, it's completely ignoring the user and what he wants. If I want to completely remove those features, I should be able to. And no malware should be able to. It's not that hard: any program wishing to do that needs a password entered to do this. That's how my Linux box works: if I fire up the program to install new software or the one to modify start-up services, the first thing I get is a dialog "This program requires root privileges. Please enter the root password." and if I don't enter the right password the program isn't run. And as for malware popping up that dialog to steal the password, there's a simple counter: since it should only occur when I'm expecting it, any unexpected appearance is invalid and I should hit the Cancel button. If Linux and Gnome can do it, I'm sure Windows can prompt for the administrative password before allowing modification of core components.
Securing a system does not require dictating to the user whose software they're allowed to run.
That depends. If the user wants to modify those files (eg. to install a third-party firewall because the build-in Windows firewall lacks functionality they need, or to install a custom boot screen because I hate watching the Windows XP logo), then preventing that modification is not a good thing. I'd note that Microsoft's chosen path is typical of them: given several ways to achieve a result, they will inevitably choose the one that gives them the most control over the user's system.
True, but in this case only one card had ever been issued and the bank knows that. And the other two red flags remain. My credit-card companies routinely refuse to authorize charges that fall too far outside an expected pattern (eg. a sudden charge from a country half-way 'round the world when I've never used my card outside the US in the last 10 years) until they've contacted me to verify identity (usually by telling the merchant to have me contact the issuer's CS department).
Well, I can think of some. For example, a friend of mine got his debit card copied. He couldn't have prevented it, Arco got their computer systems compromised and all the debit-card numbers and PINs used at their at-the-pump readers stolen, and he happened to have used his card at an affected Arco station. But the bank could've easily stopped his account from being emptied. He'd made a card-present, ID-presented, signature-obtained transaction in San Jose, CA. 4 hours later, his card was used at an ATM in Thailand and his account emptied in $100-200 increments, it took quite a few transactions to completely drain his account. Now, any basic security profiling should've raised red flags: he's never used his card outside the US, these are cash withdrawals in a country that's known as a source of financial fraud, and it's physically not possible for a person to have gotten from San Jose to Thailand in 4 hours. All the bank would've had to do is refuse that first ATM withdrawal with a message to contact his bank and that would've been the end of the theft before it began. But they allowed all those transactions without questioning them. That's definitely not reasonable care on the part of the bank.
If David had kept his old DOS disks, he could've extracted the QBASIC interpreter from them and used that. I just checked my DOS 6.22 disks and it's there. I believe it'll run in the DOS window on current Windows, and it probably runs under DOSEMU on Linux. Or he could introduce the kid to basic Java using something like Eclipse, if he wants to give the kid an introduction to modern IDEs without too much pain.
From a study reported on in the WSJ back in January, and elaborated on later, Microsoft's time to patch vulnerabilities they classify as "critical" has risen 25% since 2003, to 134 days. Except, however, in the case of full-disclosure vulnerabilities, where details and almost always proof-of-concept code were released to the general public. For those vulnerabilities, the time to fix fell from 71 days in 2003 to 46 days in 2005. Based on the data, full disclosure does in fact accelerate the fix and the problems aren't being addressed in a reasonable timeframe without it (4 months for a self-classified critical vulnerability isn't particularly timely).
The first question I'd ask is, do you need this for distributing passwords to the people who need to use them, or for escrowing passwords so you can get access to them in an emergency when the people who normally use them and know them aren't available?
There's a fundamental difference in the basis of trust/distrust. We trust the power grid because the power company's a financially-stable entity that's not going to close it's doors tomorrow, and because we have a contractual relationship with them (that bill we pay every month). They're going to suffer financial and legal consequences if they just stop providing power for any length of time. And even at that, those of us who depend on having power don't put all our trust in the power company. Three words: uninterruptible power supply.
We distrust network services (Google, Amazon, etc.) because most of them aren't financially very stable (How many Web companies have never turned a profit?) and because we typically don't have a contractual relationship with them to provide their services to us (When was the last time you paid your Google bill?). The companies behind these services don't make much money from actually providing the service, they get their income (if any) from selling ads and such. This means it might well suddenly become more profitable for them to stop providing that service and do something else with their infrastructure. Or they may simply exhaust the supply of cash in the bank and not be able to get any more. And if this happens, we don't have any recourse. The service won't suffer any legal penalty for just shutting down. Worse, we can lose the service even if they don't have a problem. There's a plethora of entities between my computer and the service, starting with my ISP and working through all the backbone and transit providers until we hit the service's data center. There's a lot more places network services can fail, and again we don't have a contractual relationship with any of the entities involved and can't put any hurt on them if connectivity goes away.
Well, if MS were building things in a modular way, there would be zero problem complying with the EU request. The only reason I can think of for MS to have any problems is if they're continuing to design Vista to exclude competitors in those areas.
Slashdot Mirror
In my opinion, whether to stay with GPLv2 or move to GPLv3 boils down to the same thing as the question of whether to stay with a BSD license or move to the GPL: what things do you care about?
- Do you have a problem with a company taking your code, adding their patented methods to it, and using patent enforcement to block anybody from modifying and redistributing the patent-containing version, while they distribute it and make money off it?
- Do you care whether a hardware manufacturer takes your code, uses it in the firmware of their device, then prevents anyone else from modifying the firmware and using it in the device (think the Linksys Linux-based routers and the enhanced firmware for them)?
- Are you making a Web-delivered application, including "get the source code" functionality and want to prevent anyone from removing that functionality while still keeping your program under the GPL?
- Do you want to add any of the restrictions the GPLv3 talks about, without making your program non-GPL?
If you answered "yes" to any of those questions, then you probably want to look at the GPLv3 because it may suit your needs better than GPLv2. If you answered "no" to all of them, GPLv2 will probably suit you just fine.In the end it boils down to a question of what exactly you want to do with your program, and what things you want to allow or prevent. Once you know that, you look for the license that most closely matches those.
Note that this applies only to code you wrote yourself, when dealing with modifications to code somebody else wrote there's always the added constraint of what license terms they applied to their code. If they put it under GPLv3, you don't have a choice but to put your modified version under GPLv3 (or any later version, if they included that language). Similarly if they put their code under GPLv2 without the "or any later version" language.
The article specifically mentioned an OEM copy of Windows XP. Volume licensing customers aren't getting OEM copies, they've got their own VLKs and media that come with the contract and they won't be out buying OEM media. And if he's talking about 3 seats, he's not big enough for volume or probably even small-business licensing.
You say you want official support. Then you proceed to compare an officially-supported copy of RedHat Enterprise Linux to an OEM copy of Windows XP. Well, I hate to break it to you, but that OEM copy of XP comes with no support. If you read the agreement, it says you as the system builder are responsible for supporting that copy once installed. You don't even get the installation support that comes with the $300 retail XP box. All you get is Windows Update, and the opportunity to hear the Microsoft rep tell you to call the company you bought your computer from. The same with Visual Studio. The commercial software isn't cheaper as far as support goes, they just aren't quoting you the real price until after you're committed.
It's neutral in the same way UPS is neutral about delivering packages. UPS cares about how big and heavy your package is and how far it has to go. They could care less about who's sending it, who's receiving it or what's in it (modulo whether it contains any hazardous materials). For a 12-inch cube box weight 1lb going from Los Angeles to New York via standard ground, UPS charges exactly the same price to everyone. They're going to charge more for a 5lb package than a 1lb package, but they don't charge more because you're Wal-Mart sending the package vs. K-Mart.
Network neutrality is the same thing, the principle that your ISP should charge based only on the amount of traffic, not on where it's coming from. That is, if you download 1 gigabyte of data then what you're billed depends only on that, not on who you downloaded it from.
Retaining search data is both an asset and a liability to a company. The question isn't which is it, but whether it's value as an asset outweighs it's cost as a liability or not. If it doesn't, then it doesn't matter how much of an asset it is you get rid of it.
First, I think the question should be, how did parents ever think they shouldn't be monitoring young childrens' IM? It's in the same league as knowing what house the kid's going to be staying over at and who'll be there. And the rules change as the kid grows up for exactly the same reasons.
But would monitoring have helped in the Foley case? The kid reported it, his parents knew about it, and still every party involved downplayed the incident to the greatest extent possible and took the first opportunity they had to drop the matter. What, exactly, would monitoring have changed?
I'm presuming that sponsored communities won't have the same TOS as paid individual users. And as far as I can tell, if you're logged in as a paid user you do not get the sponsored-community promo on the main page or search results. Those are strictly shown to free users.
And what's the problem with free users seeing ads on Sponsored+ journals? From a practical standpoint, that's the only way to make Sponsored+ work. From a principles perspective, it's reasonable. A free user (Sponsored+ or not) isn't paying for their access in money. Having to see ads in journals of people who've opted to allow them doesn't seem unreasonable to me, it's the trade-off you make for having a journal without having to pay money. If you don't want to see those ads, write LJ a check for a paid account. Otherwise, you'll have to live with what other people have decided to allow on their journals.
Now, you could make an argument that Sponsored+ accounts shouldn't see ads. That's got a stronger basis, since Sponsored+ accounts are already providing revenue to LJ by the ads hosted in their journals. But again, that'd make the whole Sponsored+ thing useless to LJ since everyone'd just get a Sponsored+ account and not have to watch ads.
I see two parts to the ads: sponsored communities and sponsored features.
The sponsored community part I don't see a problem with the ads in. Those would be communities created by a company, and the company gets to put their ads in the community. The company can already do that by an ad in a floating entry at the top of the community, all this is doing is making it official and giving LJ a cut. And it's their community in a sense, if they want ads in it it's them paying the bills. If users find the ads too obtrusive they'll avoid that community and that company and the company'll drop the community as a waste of money.
The sponsored features part I'll reserve judgement on for the moment. The statement seems to imply the ads will be on pages related to features not currently part of LJ's feature set and that'd be too expensive to offer at all without the ads. I want to see how they actually intend to implement it, because it could vary from quite acceptable to quite annoying depending on implementation.
Nowhere in LJ's announcement do I see any plans for ads popping up in ordinary user journals for paying subscribers.
People don't care about what their car's doing or what all those road signs mean or why they should be looking ahead of them while driving, all they want to do is go places in their cars. But we still force them to prove they do know all those things they don't care about, on pain of not being allowed to drive, because their not knowing would endanger others. I fail to see why the same shouldn't hold for computers.
You could set up a server that way, but it wouldn't work in browsers that expect to receive and parse the entire page before requesting any child content. Your server would go "I'm not sending you the rest of the page until you request some of the IMG links." and the browser would be going "I can't request anything from the page until I've parsed the entire page to know what's in it.".
Actually dismissal is also appropriate when the complaintant states a claim upon which relief can be granted but that claim isn't against the defendant. For example, if a store sues me for breaking in after hours and claims they've got video of a car in the parking lot so I must've been the perp, I can note that DMV records show I don't own a car matching that in the video and request a dismissal and I'll likely get it.
Know why gas went to $3/gal in the US?? Because PEOPLE WERE WILLING TO PAY IT. They griped, they whined, they complained, but everyone still went down to the gas station once or twice a week and filled up.
Yes, however to repeat what a Senator said on the matter, people sort of have to go to work regardless of the price of gas. If I don't go to work I lose everything, and public transit doesn't serve the places I've worked. Food still has to be delivered to grocery stores. Electricity still has to be generated. Supply and demand breaks down when either side of the equation becomes inelastic.
Because it shows up most often in XP.
Probably this is a matter of the code. *BSD and Linux have the code to most drivers available, so when (not if, when) a suitably-skilled developer gets bit by a driver bug they're not only motivated to fix it (to get rid of their own problem) but they're able to fix it. The exceptions are the closed-source drivers, eg. the ATI and nVidia drivers, which are notably less stable than the bulk of the drivers in the kernel tree.
Contrast this with XP. Very few of the people who're bit by the problem, and thus would be motivated to fix it, are MS developers in a position to fix the bug. MS itself isn't motivated to fix driver problems, because assigning resources to the job would cost and leaving the bugs unfixed doesn't seem to affect revenue. Ditto for third-party hardware vendors, plus they may not have enough access to figure out why their driver has problems with the kernel. Why should we expect bugs to get fixed, when fixing them doesn't directly benefit the people who could fix them?
Yes, the MS security center can be turned off manually. But I'm installing a third-party security package because I don't want to use MS's stuff. If I install Norton and it includes a security center, ease of use says I should get Norton's security center instead of MS's after I've installed it without having to mess around with an MS app to get Norton to work. This is, after all, the argument Microsoft themselves use to justify integrating all their stuff, isn't it? If it's valid for MS, why isn't it equally valid for Norton, Symantec et. al.?
I'd say, if the user wants to install it and knows they're installing it, it doesn't matter whether it's malware or not. If I want to install software that'll route my Web browser through an advertising server, I should be able to do that. If I want to install spamming software, I should be able to do that. The system should be protecting me against unwittingly installing stuff. And if I have to enter an administrative password to install something, that should be proof enough. Users may have to learn that "Just press OK." is not the correct attitude, but then they should've learned that years ago anyway.
Analogy to a car: we don't make cars that'll prevent the driver from deciding to drive up on the sidewalk and mow down pedestrians. We try to set things up so that won't happen just on it's own, and if the car's design was faulty and the steering broke because of that we put the manufacturer on the hook, but if the driver decides to do something like that we let the police and the courts deal with it when as as it happens. Same thing should apply to computers: if you decide to do something dumb, you bear the consequences including being sued, jailed and/or having your Internet access terminated until you wise up. I'd note that's a big difference between cars and computers: if you do something stupid in a car, saying "But I didn't realize driving 95mph on the wrong side of the road was dangerous!" or "But I didn't know I needed to replace my tires when they got worn out!" won't cut it with the cops or the judge. Why should computers be different?
And as I noted, it's completely ignoring the user and what he wants. If I want to completely remove those features, I should be able to. And no malware should be able to. It's not that hard: any program wishing to do that needs a password entered to do this. That's how my Linux box works: if I fire up the program to install new software or the one to modify start-up services, the first thing I get is a dialog "This program requires root privileges. Please enter the root password." and if I don't enter the right password the program isn't run. And as for malware popping up that dialog to steal the password, there's a simple counter: since it should only occur when I'm expecting it, any unexpected appearance is invalid and I should hit the Cancel button. If Linux and Gnome can do it, I'm sure Windows can prompt for the administrative password before allowing modification of core components.
Securing a system does not require dictating to the user whose software they're allowed to run.
That depends. If the user wants to modify those files (eg. to install a third-party firewall because the build-in Windows firewall lacks functionality they need, or to install a custom boot screen because I hate watching the Windows XP logo), then preventing that modification is not a good thing. I'd note that Microsoft's chosen path is typical of them: given several ways to achieve a result, they will inevitably choose the one that gives them the most control over the user's system.
True, but in this case only one card had ever been issued and the bank knows that. And the other two red flags remain. My credit-card companies routinely refuse to authorize charges that fall too far outside an expected pattern (eg. a sudden charge from a country half-way 'round the world when I've never used my card outside the US in the last 10 years) until they've contacted me to verify identity (usually by telling the merchant to have me contact the issuer's CS department).
Well, I can think of some. For example, a friend of mine got his debit card copied. He couldn't have prevented it, Arco got their computer systems compromised and all the debit-card numbers and PINs used at their at-the-pump readers stolen, and he happened to have used his card at an affected Arco station. But the bank could've easily stopped his account from being emptied. He'd made a card-present, ID-presented, signature-obtained transaction in San Jose, CA. 4 hours later, his card was used at an ATM in Thailand and his account emptied in $100-200 increments, it took quite a few transactions to completely drain his account. Now, any basic security profiling should've raised red flags: he's never used his card outside the US, these are cash withdrawals in a country that's known as a source of financial fraud, and it's physically not possible for a person to have gotten from San Jose to Thailand in 4 hours. All the bank would've had to do is refuse that first ATM withdrawal with a message to contact his bank and that would've been the end of the theft before it began. But they allowed all those transactions without questioning them. That's definitely not reasonable care on the part of the bank.
If David had kept his old DOS disks, he could've extracted the QBASIC interpreter from them and used that. I just checked my DOS 6.22 disks and it's there. I believe it'll run in the DOS window on current Windows, and it probably runs under DOSEMU on Linux. Or he could introduce the kid to basic Java using something like Eclipse, if he wants to give the kid an introduction to modern IDEs without too much pain.
From a study reported on in the WSJ back in January, and elaborated on later, Microsoft's time to patch vulnerabilities they classify as "critical" has risen 25% since 2003, to 134 days. Except, however, in the case of full-disclosure vulnerabilities, where details and almost always proof-of-concept code were released to the general public. For those vulnerabilities, the time to fix fell from 71 days in 2003 to 46 days in 2005. Based on the data, full disclosure does in fact accelerate the fix and the problems aren't being addressed in a reasonable timeframe without it (4 months for a self-classified critical vulnerability isn't particularly timely).
The first question I'd ask is, do you need this for distributing passwords to the people who need to use them, or for escrowing passwords so you can get access to them in an emergency when the people who normally use them and know them aren't available?
There's a fundamental difference in the basis of trust/distrust. We trust the power grid because the power company's a financially-stable entity that's not going to close it's doors tomorrow, and because we have a contractual relationship with them (that bill we pay every month). They're going to suffer financial and legal consequences if they just stop providing power for any length of time. And even at that, those of us who depend on having power don't put all our trust in the power company. Three words: uninterruptible power supply.
We distrust network services (Google, Amazon, etc.) because most of them aren't financially very stable (How many Web companies have never turned a profit?) and because we typically don't have a contractual relationship with them to provide their services to us (When was the last time you paid your Google bill?). The companies behind these services don't make much money from actually providing the service, they get their income (if any) from selling ads and such. This means it might well suddenly become more profitable for them to stop providing that service and do something else with their infrastructure. Or they may simply exhaust the supply of cash in the bank and not be able to get any more. And if this happens, we don't have any recourse. The service won't suffer any legal penalty for just shutting down. Worse, we can lose the service even if they don't have a problem. There's a plethora of entities between my computer and the service, starting with my ISP and working through all the backbone and transit providers until we hit the service's data center. There's a lot more places network services can fail, and again we don't have a contractual relationship with any of the entities involved and can't put any hurt on them if connectivity goes away.
Well, if MS were building things in a modular way, there would be zero problem complying with the EU request. The only reason I can think of for MS to have any problems is if they're continuing to design Vista to exclude competitors in those areas.