Brute force, however, will always work, no matter what algorithm you use. The only way to make a more secure password, is to use a better password, a better hash algo won't help a damn.
Let's consider a system that remembers how many times I have logged on. When I want to log on again, I submit my password combined with the login number. I am in effect submitting two passwords; the hash of the actual password and the hash combined with the current login number. And I'm submitting a hash, not the actual password over the wire. The system keeps the hash of the password and that hash combined with the number that is itself hashed, and that's all that's transmitted. You get the password file and brute-force crack the passwords. Your attempt to break my account doesn't work because it lacks the additional identifier. You don't know which identifier it is because you need to know which login number I have made.
Now think your brute-force system works every time?
Now all I need to do is send two MD5 values; the original password and the hash plus the login number, itself hashed. The first verifies that it's the correct password, the second verifies it's the correct use. The login system only needs to verify the second identifier is a match, it never needs to store it. All you'll ever have is the first half of the solution, because it will always change. No amount of brute force can break a one-time pad especially where the pad isn't stored. All that is stored is the login number, presuming you can figure out where it is. And if you don't know whether the login number goes first, or goes after the password, you're likely to get caught long before you can gain access.
Or even easier, when I log on, my system sends me the time and date, I (on my computer that connects to it) send back the hash of my password, plus send that hash concatenated with the date and time it sends me, MD5-encrypt, and send that hash back to it. It knows when it sent me the time and date, so it splits it into two pieces, checks the first to make sure it's a valid hash of my password, then takes that and concatenates it with the date and time it sent me and checks it against the second hash.
Also, since you don't know that what I'm sending is actually, in effect, two passwords, you're trying to break a 256-bit cypher instead of trying to break two 128-bit ones; I'm not sure but it might mean you're looking in the wrong place and will never get the correct answer.
This does four things: (1) The attacker would also have to tap the transmission between me and the host computer; (2) they would have to know the context of the transmission since they wouldn't know that the hash was actually two hashes; (3) even if they crack the hash, all they get is a password that isn't even useful any more because it was a one-time pad; and (4) it prevents use of man-in-the-middle replay attacks since the identifier, either the time of day or the login number would be wrong.
I think S/Key did something like this, but went even further because it used a series of words to encapsulate the numbers, so you not only needed to know the password, you had to know which access number it was, and you had to know what word translates to which number.
I think maybe I'll write this up, it sounds like it might just be a really good idea.
I think the answer is probably to go with some sort of one-time pad system like S/Key, combined with some permissions based service, perhaps something like Kerberos. Kerberized S/Key might be an interesting concept...
They have this out already, check out S/Key. Since the password is never reused, and is never sent over the network in the clear, it's theoretically uncrackable by software methods. Would require social engineering, which raises the cost and hassle to try and steal.
Aww, c'mon... a 128 MB upgrade and your kids will have the best of nightmares for years to come! =)
I find it very interesting when a brand-new, off-the-shelf machine that is at the high end of price for its product class, is inadequate for recent common publicly issued software. Says something about either the type of consumer it is targeted at (ones who don't know specs) or the company issuing it (charge a lot more for inferior goods) or both.
This PC is selling for $599, which is about $250 more than I paid for an HP Pavilion with the exact same specifications (except the Pavilion was a 2.8ghz (2.799 to be precise) and theirs is a 2.6. My HP came with a CDRW drive, the spec doesn't say if the Disney one comes with CDRW or just CD.
I note that my sister has a Disney tv and DVD player set, the TV is a bright red 13" set with Mickey Mouse ears on it, and the DVD player acts as the base to set the TV on. A DVD player and a 13" TV should probably together be less than $200 and I know she paid considerably more than that.
In effect, Disney expects to get a premium on this computer of close to $200 for what in effect is at most a $50 pair of speakers (and probably closer to $20) shaped as Mickey Mouse ears.
She had this domain name before their book came out. They decided, in effect, to hijack her domain name because she's one person and doesn't have the resources to fight back. She should probably find a lawyer in the U.S. and sue them for reverse cybersquatting and possibly mail fraud.
Since she lives in the U.K. she might be able to sue the parent company there as this might constitute defamation or libel there and it would be serious damages if so. Only problem is they don't allow people to sue on contingency in the U.K.
IANAL, but it would seem that there's absolutely no protection against what Penguin did at all. They might as well have used her address or phone number.
I'm not a lawyer either, but as far as the domain name, you are correct; I think domain names are public items. But she is a private citizen, and thus publishing her phone number or address would be invasion of privacy and actionable with big-time damages.
the free world and all; you know that. Dog eat dog is what it's all about, the right of the strongest and all that. If you find something and like it, you take it, and if nobody is able to resist you, you get to keep it and call it 'your right'
What you just described is not Capitalism, but lawless anarchy or (if it uses the government to do so) is legalized theft and has no relation to Capitalism whatsoever.
No, what this case involves is out-and-out extortion. It has nothing to do with Capitalism or they would have offered to buy the domain. Their lawyer is using threats in an attempt to steal it. Taking someone's property without paying for it is stealing.
This is on the order of someone building a house at 63045 North 63045 Street, and then Channel 63,045 starts up and decides they want the property you live on for the address to their studios, so they tell you to sign over the deed to them for free.
They had no right to this name, she had it first, and it is legitimately her name. This is a clear and obvious attempt at reverse cybersquatting, and nothing less. Don't smear Capitalism over something it is not.
So, long story short, I hate those fnck!ng robot phone callers and that's why I disconnected my phone. And I have found out
some of the reason why they do it. The robots call every few days to make sure you are still there.
Well, if you want a valid number, "for a good time call 202-762-1401". Or 936-1212 in a lot of areas; weather they recognize the number is another thing.
In reading the actual appellate decision, at least half of the issues raised on appeal were not raised at the trial level. With extremely limited exceptions, an appeals court will not hear issues raised for the first time in the appellate proceeding and will dismiss them out of hand. And that's what happened to what might have been some of the strongest claims in his case: he lost them by default because of failure to raise at trial. This is the "you snooze, you lose" rule. And I'm not even a lawyer and I know this.
To: GrandChallenge@darpa.mil From: Paul Robinson <Postmaster@paul.washington.dc.us> Subject: Rules Clarification - 3.6.4 Manual Emergency Stop Unit
With respect to the following section:
3.6.4 Manual Emergency Stop Unit
Each vehicle must be additionally equipped with an externally actuated manual emergency stop capability. Activating the manual emergency stop must promptly bring the vehicle to a complete halt in the DISABLE mode. At least one actuator and its labeling must be easily visible and accessible by an average human standing anywhere around the vehicle. The manual emergency stop
must be easy to identify and activate safely, even if the vehicle is moving at a walking pace. The operation instructions for manual emergency stop actuators must be clearly labeled in English and Spanish. The instructions must not be interfered with by any other labeling or advertising. A demonstration of the manual emergency stop capability will be required as part of the NQE.
I ask the following:
Is the above provision complied with by a standard power brake such as is usally and customarily activated by a common, ordinary brake pedal on a standard automobile that is operated by the driver of a manned vehicle, or does it require some additional piece of equipment such as a button, lever or other control?
Is this complied with by, for example, a vehicle having ordinary controls such as a common brake pedal on the drivers' side of the passenger compartment of a passenger vehicle, but modified, say, so the doors are removed, allowing someone to simply jump into an operating, unmanned vehicle while it is moving and thus stop the vehicle simply by stepping on the brake?
The above says "externally actuated." Does this mean that the emergency stop must simply be accessible by someone on or in the vehicle (such as a person who gets into, say, a passenger compartment) as opposed to being inside of a control area, or does it require the emergency stop to be accessible from outside of the vehicle?
If an acceptable method for manual stop includes a standard, ordinary brake pedal as stated in question (1), obviously visible and accessible from a drivers' seat such that an ordinary person able to operate an automobile could use it, does it require labeling?
If the method for manual stop requires something separate from or in addition to a common, ordinary brake pedal as stated
in question (1), is the manual stop method complied with by use of, for example, a lever which pushes or pulls directly or
indirectly by other rods, wires or other devices on a common brake pedal?
Where an additional method is used for the method of manual stop either because it is chosen or required is something in addition to a common brake pedal, such as a lever or button, is the labeling requirement complied with by a sign saying something such as "Emergency Stop - Pull orange lever" or "Emergency Stop - Push orange lever" or "Emergency Stop - Push green button", (where, obviously,.the device used for this purpose is a lever colored orange or a green-colored button), or must the object itself be marked with something like "Emergency Stop"? (The above indicates that it is required to be labelled in English and Spanish so presume the labelling includes both languages.)
One advantage a stored procedure has over a direct SQL statement is that an SP has the priveleges of its' owner. (Or at least it did with MS-SQL; YMMV.) This means you can connect to a database without most priveleges and can only access the database by way of the SPs. In theory this should provide more security because even if you can hack the website or the application, the only functions you can perform are to pass arguments to stored procedures, you don't have the priveleges to perform other (more dangerous, or protected) actions on the database.
This also caused a problem because there was one instance where they wanted a stored procedure to be able to dynamically create an SQL statement to do certain things the user wasn't authorized to do, and while a stored procedure could create dynamic statements, the SP would only run with the priveleges of the user calling it, even though it was saved by a user that had admin priveleges. This was a safety and security factor and I thought was a good idea.
1980-1989 study... - Sexually exploited Child (SEC) Unit, Los Angeles Police Department
First, a police department has a vested interest in making things look bad in order to justify more money and more support. Second, I think the LAPD's credibility ranks somewhere just about even with the Church of Scientology. Based on what I've heard about them, I wouldn't believe them either. Or either of them.
86% of rapists admitted to regular use of pornography
And do we have any evidence that if they had not had exposure to pornography those rapes would not have occurred? If not then their posession of pornography has no more significance than their posession of condoms or beer or chocolate. A lot of perfectly normal people watch pornography, or Deep Throat wouldn't have been shown 3 times a day, every day for 15 years at a theatre in Hollywood. You don't have enough "perverts" to keep the porno industry in business, there must be a lot of ordinary, normal people around who are interested in this stuff. I have no idea why, myself but that's their business. Unless you can show a causal connection between lack of posession of pornography and reduced sexual offenses the presence of the same in any context is meaningless.
I'd like also to note that in Japan the stuff that is routinely sold in public is much more brutal and violent toward women than what is shown here, and we don't see anywhere near any serious level of crimes against women there.
Pornography was involved...
in what way? What evidence and from whom?
In a study of six hundred American males and females of junior high school age and above
and this has to do with the sexual abuse and mistreatment of women, how?
All it tells me is teenagers are interested in sexual experimentation.
Back in the 1970s, Digital Equipment Corporation (DEC) sold mainframes, minicomputers and various components to go with them. One of which was a 100 MB disk drive, which was about the size of a washing machine. It also cost (then) $27,000. It was also possible to purchase disk drives that would work the same as DEC's from the company that was considered the best disk drive maker in the world, Control Data Corporation (CDC), for about $7,000, plus you had to spend about $700 for a controller card (DEC's drives had the controller built in.)
It was commonly said about DEC equipment was that it was good stuff, high reliability and well built, but expensive. One oft-repeated comment was "We'd love to be an all-DEC shop but we can't afford it."
Apparently someone who owned both the expensive DEC drives and the less expensive - but still extremely reliable - CDC drives decided to take a look and see why the DEC drives were so much more expensive. They had to do some preventative maintenance on one anyway so they decided to look at both of them. So they disassembled both and checked them out.
Apparently what it was, was that DEC put together a high quality drive, added some electronics to it, and built their own from that. And what did DEC use for the high quality drive that they sold for $27,000? The very same $7,000 drive from Control Data!
What kind of a person designs a website to show gray text on a black background? Is it his intent to make it as difficult as possible to read what he has to write?
I have additional comments about the above article which appear in my journal here on Slashdot, but here are a few of them.
I sent Neil Gunston some comments in response to his article. I have amplified some of those comments and expanded upon them here.
Title: "I liked your comments about open source"
And I happen to agree with the points that you have made. But I don't necessarily believe that things are as bleak for the small developer as you make them. You have just as much risk that if you develop something successful that some larger company may develop something similar as well as someone else developing an open-source product that might also compete.
But you take that risk when you enter any business. The buggy-whip manufacturers and horse carriage makers were in a great line of work until the automobile killed them. Some of those companies switched over to building parts for automobiles. They adapted to the environment.
Certainly it would be nice to be someone who wants to make money writing programs and not "spend all his time on the phone doing support." But unless you are working for some large company that can hire the people who they need to do that stuff, you're going to have to do some support yourself of your product. I do it with the software I write.
I think what you're complaining about is that the "low hanging fruit" and the "easy" stuff that was very lucrative without a lot of effort has already been taken. Whether that's true or not, I don't know. But I do know this: trying to get by in a market by going after the "easy" and "simple" stuff is a sure way to be marginalized by others who have the same idea (or, as in your examples, to be usurped by some open source application.)
But let me push your own words against you: If it's not something that will "scratch the itch" of some open-source developer, you're not going to see an open-source application come out in competition to it. Some kid in a garage is unlikely to develop an open source payroll application to compete against some commercial one, or we should have seen open-source payroll packages by now. It should not be that hard to do, there are even plenty of source code modules in existence going back to the 1970s. So it's not like someone even has to do this from scratch, a lot of the work has already been done.
Now, looking at, for example, financial applications, while there is a development of GNUCash, a clone for Quicken (which basically is a system for managing personal finance, something an individual as a programmer might be interested in), I have yet to see any interest in developing complicated financial software for businesses such as the complete package (payroll, Accounts Payable, General Ledger, Trial Balance, Accounts Receivable) even though it's been done - with source code publicly available - in other areas, as I noted above.
That's just one example.
Just think of other applications that programmers have no need for, and you're unlikely to find someone else coming along and writing an application in competition to it at the free-software level.
Also, most of these people involved in stuff in that environment tend to migrate to Linux; very little of it filters back to Windows. So if you hang around Windows applications it's unlikely to filter over.
Another thing: push for and strive for better interfaces, easier to use and more intuitive development for the non-programmers who might use such applications, and this will also raise the bar to the open-source movement in developing competing alternatives to what you might create. They are extremely weak in developing good quality software that is easy for the average person to use. Their usability factors are often very weak. If you target the parts they are weak on and market to those, you can often stay in areas where unpaid labor is not going to try to compete.
Just think of other applications that programmers have no need for,
they're still used all the time by track crews today - usually a pickup truck... I'm not sure what rand has to do with it other than trying to date it in the past
Atlas Shrugged was a fictional book in which the background story was primarily about a woman running a railroad, and was published in 1957. I don't know of very many stories written on or before that date about the internal operation of a railroad ala Arthur Hailey's Airport, Hotel and Wheels back in the 1960s and 1970s discussed the internal operations of airports, hotels and automobile manufacturers, respectively.
That's the only purpose of the reference I used, to show that more than 45 years ago this type of device was well known even that far back. If I knew of an earlier book about railroading that mentioned the use of a track motor car or other road vehicle having a rail bogie or other rail track wheel mechanism, I would have used it as an example.
You don't know anything about railroads, do you?
on
By Road and Rail?
·
· Score: 5, Informative
Think about it.
you have a dual purpose buss rolling along a rail route at, ummm, what, 80kmph? It weighs, what? 10 tons? 20 tons? Then right behind it is a kilometer long train full of, oh, I dunno - NAPTHA - that's roaring along at what?140kmph? ANd it weighs how many hundreds of tons? And takes how long to stop?
A good rule of thumb for stopping distance is roughly 1 meter per kph in daytime, about 1 1/4 at night; I've heard that at 80kph (which is exactly 50mph for those of us in the States) the distance is about 81 meters (about 245 feet) and at night it's about 95m (about 300 feet).
And then Brer Rabbit pulls the STOP AT NEXT CORNER pull tab in the dual purpose bus, and while he's getting his geriatric bones off the bus, everyone is sighing and wondering WHEN THE HELL HE'S GOING TO GET THE HELL OFF THE BUS. And as he ever so slowly mosies off the bus BLAMMO! Hit from behind by a train full of naptha.
Not a chance. You don't know anything about railroads, do you? They already thought of this.
Every railroad operates on a "block" system. This is an interlock designed so that only one rail vehicle may enter an area of track at a time. At the start of each block is a red / green signal and either a speed limit sign or an automated transponder to tell the operator the maximum speed limit for the block they are about to enter. The area of a signal block is something large enough for a train to come to a complete stop, or if necessary, when a train enters a track the signal for the block it is in and the block before it (to allow for any train following it) become red. The faster trains run in an area the larger the block is (or the more preceding blocks are also interlocked). Once a train enters a block, the signal behind it at the entrance to that block turns red and stays red until they enter a new block or change to a different track. It may also cause the transponder in the block behind it to order approaching trains to reduce speed in case they get to their block before they are clear so that they won't have trouble slowing down if necessary. Only once it is completely clear of a block will the signal for that block turn green again. A train operator who sees a red signal will stop their train and not enter the block until it turns green, same as you will stop at a red light when operating a motor vehicle on a street.
An automated train will warn the operator that the next block is occupied and if he fails to bring the train to a stop and crosses the red signal anyway, it will trip the emergency brakes and the train slams to a stop. This is why it's said when a rail engineer runs a red signal he "tripped a signal." If the engineer enters a block at a speed faster than the transponder it will either apply braking or give a warning then trip. The rail system is designed to prevent this sort of thing from happening. This system is also in place in the event of rail fissures, there is a small electrical current running along the rail, if any rail comes loose, it breaks the connection and turns the block red so a train can't enter it, or possibly opens an earlier switch so trains can be routed around the block, I'm not exactly sure.
I do know that rail systems are specifically designed to prevent this sort of thing in the absence of negligence or intentional misconduct. If a train operator ignores signals in some cases they may be able to run red lights (on non-automated trains) but the scenario you describe can't happen except by intentional misconduct or flagrant negligence. Besides that
if the bus was routinely stopping for passengers, obviously they'd pull off the track for that exact reason, so as not to disrupt the flow of trains not stopping there.
a transport line - bus, trolley or train - runs on a schedule, and the stop times are accounted for in operating the line.
the train usually has fixed amounts of time it waits at a stop in order to account for
In the 1957 book, "Atlas Shrugged," Dagny Taggart, vice president of the railroad, is on a track-side phone trying to get a dispatcher to send a crew out to her where the previous train crew simply shut down the train she was on and walked off the job en masse. She asks the dispatcher if they have a diesel, a coal burning engine, a switch engine or anything at all. Nothing. Then she asks if they have a track motor car. Which they do, so the crew can come out on that.
A track motor car is an automobile that has an additional set of wheels to allow it to drive on train tracks. This technology was commonly known in the rail industry in 1957, so there's nothing new about it.
As long as Windows continues to be preloaded on a majority of machines, Windows will continue to sell (duh) and some of their apps will continue to sell.
Correction to your post, it should read:
As long as Windows continues to be preloaded on a majority of machines, Windows will continue to
suck and all of their apps will continue to suck.
The 'Left Behind' series as a game
on
Game with God
·
· Score: 1
Might be very interesting indeed.
For those of you who have never heard of it, the book (and later series) of books under the title Left Behind describes the effects upon the world after all the Christians are Raptured (when God kills off all the Christians and takes them to heaven, leaving everyone else to face Satan when he takes over). Its biggest focus is on a group of people that engage in robbery, fraud, deceit and murder, and that's just what the good guys on the side of God are doing! The bad guys are even worse.
I suspect that series might make a really interesting computer game! Especially if you got to either play one of the main characters as a good guy , as a bad guy, as Satan, or as God.
Slashdot Mirror
Now think your brute-force system works every time?
Now all I need to do is send two MD5 values; the original password and the hash plus the login number, itself hashed. The first verifies that it's the correct password, the second verifies it's the correct use. The login system only needs to verify the second identifier is a match, it never needs to store it. All you'll ever have is the first half of the solution, because it will always change. No amount of brute force can break a one-time pad especially where the pad isn't stored. All that is stored is the login number, presuming you can figure out where it is. And if you don't know whether the login number goes first, or goes after the password, you're likely to get caught long before you can gain access.
Or even easier, when I log on, my system sends me the time and date, I (on my computer that connects to it) send back the hash of my password, plus send that hash concatenated with the date and time it sends me, MD5-encrypt, and send that hash back to it. It knows when it sent me the time and date, so it splits it into two pieces, checks the first to make sure it's a valid hash of my password, then takes that and concatenates it with the date and time it sent me and checks it against the second hash.
Also, since you don't know that what I'm sending is actually, in effect, two passwords, you're trying to break a 256-bit cypher instead of trying to break two 128-bit ones; I'm not sure but it might mean you're looking in the wrong place and will never get the correct answer.
This does four things: (1) The attacker would also have to tap the transmission between me and the host computer; (2) they would have to know the context of the transmission since they wouldn't know that the hash was actually two hashes; (3) even if they crack the hash, all they get is a password that isn't even useful any more because it was a one-time pad; and (4) it prevents use of man-in-the-middle replay attacks since the identifier, either the time of day or the login number would be wrong.
I think S/Key did something like this, but went even further because it used a series of words to encapsulate the numbers, so you not only needed to know the password, you had to know which access number it was, and you had to know what word translates to which number.
I think maybe I'll write this up, it sounds like it might just be a really good idea.
Paul Robinson <Postmaster@paul.washington.dc.us>
I think the answer is probably to go with some sort of one-time pad system like S/Key, combined with some permissions based service, perhaps something like Kerberos. Kerberized S/Key might be an interesting concept...
They have this out already, check out S/Key. Since the password is never reused, and is never sent over the network in the clear, it's theoretically uncrackable by software methods. Would require social engineering, which raises the cost and hassle to try and steal.
Actually it doesn't because the minimum memory for DOOM 3 is 384M and this one only has 256.
I note that my sister has a Disney tv and DVD player set, the TV is a bright red 13" set with Mickey Mouse ears on it, and the DVD player acts as the base to set the TV on. A DVD player and a 13" TV should probably together be less than $200 and I know she paid considerably more than that.
In effect, Disney expects to get a premium on this computer of close to $200 for what in effect is at most a $50 pair of speakers (and probably closer to $20) shaped as Mickey Mouse ears.
Paul Robinson <Postmaster@paul.washington.dc.us
Since she lives in the U.K. she might be able to sue the parent company there as this might constitute defamation or libel there and it would be serious damages if so. Only problem is they don't allow people to sue on contingency in the U.K.
No, what this case involves is out-and-out extortion. It has nothing to do with Capitalism or they would have offered to buy the domain. Their lawyer is using threats in an attempt to steal it. Taking someone's property without paying for it is stealing.
This is on the order of someone building a house at 63045 North 63045 Street, and then Channel 63,045 starts up and decides they want the property you live on for the address to their studios, so they tell you to sign over the deed to them for free.
They had no right to this name, she had it first, and it is legitimately her name. This is a clear and obvious attempt at reverse cybersquatting, and nothing less. Don't smear Capitalism over something it is not.
Vote for the candidate shown on this pop-up window and win a $50 gift certificate fron Target!
In reading the actual appellate decision, at least half of the issues raised on appeal were not raised at the trial level. With extremely limited exceptions, an appeals court will not hear issues raised for the first time in the appellate proceeding and will dismiss them out of hand. And that's what happened to what might have been some of the strongest claims in his case: he lost them by default because of failure to raise at trial. This is the "you snooze, you lose" rule. And I'm not even a lawyer and I know this.
From: Paul Robinson <Postmaster@paul.washington.dc.us>
Subject: Rules Clarification - 3.6.4 Manual Emergency Stop Unit
With respect to the following section:
I ask the following:
Respectfully Submitted
Paul Robinson <postmaster@paul.washington.dc.us>
This also caused a problem because there was one instance where they wanted a stored procedure to be able to dynamically create an SQL statement to do certain things the user wasn't authorized to do, and while a stored procedure could create dynamic statements, the SP would only run with the priveleges of the user calling it, even though it was saved by a user that had admin priveleges. This was a safety and security factor and I thought was a good idea.
I'd like also to note that in Japan the stuff that is routinely sold in public is much more brutal and violent toward women than what is shown here, and we don't see anywhere near any serious level of crimes against women there.
in what way? What evidence and from whom? and this has to do with the sexual abuse and mistreatment of women, how? All it tells me is teenagers are interested in sexual experimentation.It was commonly said about DEC equipment was that it was good stuff, high reliability and well built, but expensive. One oft-repeated comment was "We'd love to be an all-DEC shop but we can't afford it."
Apparently someone who owned both the expensive DEC drives and the less expensive - but still extremely reliable - CDC drives decided to take a look and see why the DEC drives were so much more expensive. They had to do some preventative maintenance on one anyway so they decided to look at both of them. So they disassembled both and checked them out.
Apparently what it was, was that DEC put together a high quality drive, added some electronics to it, and built their own from that. And what did DEC use for the high quality drive that they sold for $27,000? The very same $7,000 drive from Control Data!
What kind of a person designs a website to show gray text on a black background? Is it his intent to make it as difficult as possible to read what he has to write?
I sent Neil Gunston some comments in response to his article. I have amplified some of those comments and expanded upon them here.
Title: "I liked your comments about open source"
And I happen to agree with the points that you have made. But I don't necessarily believe that things are as bleak for the small developer as you make them. You have just as much risk that if you develop something successful that some larger company may develop something similar as well as someone else developing an open-source product that might also compete.
But you take that risk when you enter any business. The buggy-whip manufacturers and horse carriage makers were in a great line of work until the automobile killed them. Some of those companies switched over to building parts for automobiles. They adapted to the environment.
Certainly it would be nice to be someone who wants to make money writing programs and not "spend all his time on the phone doing support." But unless you are working for some large company that can hire the people who they need to do that stuff, you're going to have to do some support yourself of your product. I do it with the software I write.
I think what you're complaining about is that the "low hanging fruit" and the "easy" stuff that was very lucrative without a lot of effort has already been taken. Whether that's true or not, I don't know. But I do know this: trying to get by in a market by going after the "easy" and "simple" stuff is a sure way to be marginalized by others who have the same idea (or, as in your examples, to be usurped by some open source application.)
But let me push your own words against you: If it's not something that will "scratch the itch" of some open-source developer, you're not going to see an open-source application come out in competition to it. Some kid in a garage is unlikely to develop an open source payroll application to compete against some commercial one, or we should have seen open-source payroll packages by now. It should not be that hard to do, there are even plenty of source code modules in existence going back to the 1970s. So it's not like someone even has to do this from scratch, a lot of the work has already been done.
Now, looking at, for example, financial applications, while there is a development of GNUCash, a clone for Quicken (which basically is a system for managing personal finance, something an individual as a programmer might be interested in), I have yet to see any interest in developing complicated financial software for businesses such as the complete package (payroll, Accounts Payable, General Ledger, Trial Balance, Accounts Receivable) even though it's been done - with source code publicly available - in other areas, as I noted above.
That's just one example.
Just think of other applications that programmers have no need for, and you're unlikely to find someone else coming along and writing an application in competition to it at the free-software level.
Also, most of these people involved in stuff in that environment tend to migrate to Linux; very little of it filters back to Windows. So if you hang around Windows applications it's unlikely to filter over.
Another thing: push for and strive for better interfaces, easier to use and more intuitive development for the non-programmers who might use such applications, and this will also raise the bar to the open-source movement in developing competing alternatives to what you might create. They are extremely weak in developing good quality software that is easy for the average person to use. Their usability factors are often very weak. If you target the parts they are weak on and market to those, you can often stay in areas where unpaid labor is not going to try to compete.
Just think of other applications that programmers have no need for,
That's the only purpose of the reference I used, to show that more than 45 years ago this type of device was well known even that far back. If I knew of an earlier book about railroading that mentioned the use of a track motor car or other road vehicle having a rail bogie or other rail track wheel mechanism, I would have used it as an example.
A good rule of thumb for stopping distance is roughly 1 meter per kph in daytime, about 1 1/4 at night; I've heard that at 80kph (which is exactly 50mph for those of us in the States) the distance is about 81 meters (about 245 feet) and at night it's about 95m (about 300 feet).
Not a chance. You don't know anything about railroads, do you? They already thought of this.
Every railroad operates on a "block" system. This is an interlock designed so that only one rail vehicle may enter an area of track at a time. At the start of each block is a red / green signal and either a speed limit sign or an automated transponder to tell the operator the maximum speed limit for the block they are about to enter. The area of a signal block is something large enough for a train to come to a complete stop, or if necessary, when a train enters a track the signal for the block it is in and the block before it (to allow for any train following it) become red. The faster trains run in an area the larger the block is (or the more preceding blocks are also interlocked). Once a train enters a block, the signal behind it at the entrance to that block turns red and stays red until they enter a new block or change to a different track. It may also cause the transponder in the block behind it to order approaching trains to reduce speed in case they get to their block before they are clear so that they won't have trouble slowing down if necessary. Only once it is completely clear of a block will the signal for that block turn green again. A train operator who sees a red signal will stop their train and not enter the block until it turns green, same as you will stop at a red light when operating a motor vehicle on a street.
An automated train will warn the operator that the next block is occupied and if he fails to bring the train to a stop and crosses the red signal anyway, it will trip the emergency brakes and the train slams to a stop. This is why it's said when a rail engineer runs a red signal he "tripped a signal." If the engineer enters a block at a speed faster than the transponder it will either apply braking or give a warning then trip. The rail system is designed to prevent this sort of thing from happening. This system is also in place in the event of rail fissures, there is a small electrical current running along the rail, if any rail comes loose, it breaks the connection and turns the block red so a train can't enter it, or possibly opens an earlier switch so trains can be routed around the block, I'm not exactly sure.
I do know that rail systems are specifically designed to prevent this sort of thing in the absence of negligence or intentional misconduct. If a train operator ignores signals in some cases they may be able to run red lights (on non-automated trains) but the scenario you describe can't happen except by intentional misconduct or flagrant negligence. Besides that
A track motor car is an automobile that has an additional set of wheels to allow it to drive on train tracks. This technology was commonly known in the rail industry in 1957, so there's nothing new about it.
For those of you who have never heard of it, the book (and later series) of books under the title Left Behind describes the effects upon the world after all the Christians are Raptured (when God kills off all the Christians and takes them to heaven, leaving everyone else to face Satan when he takes over). Its biggest focus is on a group of people that engage in robbery, fraud, deceit and murder, and that's just what the good guys on the side of God are doing! The bad guys are even worse.
I suspect that series might make a really interesting computer game! Especially if you got to either play one of the main characters as a good guy , as a bad guy, as Satan, or as God.