Re:Education instead of cushioning.
on
E-Mail Size Limits?
·
· Score: 3, Insightful
You have the misconception that email is for small transfers, while FTP/HTTP is for large transfers. That is like saying that post is for small letters and shopping malls are for parcels.
The fact is, these protocols fulfil distinctly different roles; they don't just cater for different sizes. Email is for unidirectional interpersonal communication, period. IM (ICQ, AIM, IRC) is for one-on-one or group bidirectional interpersonal communication. FTP is for distribution and receipt of arbitrary data of a non-personal nature. HTTP is primarily intended for distribution of data in a content-sensitive fashion.
FTP is a lousy way to send a spreadsheet to someone. First I have to put it on an FTP site, set the permissions to allow access to the correct people (only), and then mail them with the address/path/document name and login/password. I can't do this unless I have a FTP server which I can configure AND is only 24/7 (i.e. not possible from a normal dial-up account).
SMTP is, in fact, meant to assist in dealing with transfers of this nature. I send the mail to my ISP's SMTP server, a transfer which can proceed at the full bandwidth of my dial-up line. That SMTP server transfers the data to the recipient's SMTP server as load and bandwidth allows. The recipient can then download the information, again at his/her full bandwidth. As opposed to a bandwidth constrained intercontinental transfer of a 10Mb file at 1k/sec. Which is a bitch.
The real problem here is not the users, but the infrastructure. Quite simply we need a parcel service to augment the postal service, which can't handle large parcels really well. In Internet terms that means some facility to add connection retraining / resume between clients and servers, and between servers and servers, in the SMTP network. It would also be beneficial to allocate a "small" and "large" mailbox to every user (and parcels cause a collection note in the small mail box).
First, please realise that I did note in my original post that PCI already has ID numbers of this sort; but that all new devices on new busses need it AND it needs to be more controlled / standardised. i.e. A PCI card manufacturer can use the same ID for all revisions of their card if they want, even when some use different drivers. Its stupid, but they do it.
Second, no, 64 bits isn't overkill. There've been problems in MAC addressing for some time becuase 48 bits was supposed to be enough. Now you're throwing in a whole lot of new manufacturers, a whole lot of new devices, and hopefully mandating better control over the numbering by saying that every revision (hardware/firmware combo) must have a unique number.
While large swarthes of the ID space may be unused, don't underestimate the importance of having enough to LET it be unused. Let's not go into the shortsightedness of having 32 bits for IP addressing, 2 digits for a year, etc.
64 bits would probably be fine if you exclude a serial number; but even then 128 bits would be compatible with current software standards (GUID/UUID), which would be convenient.
As many people have pointed out, this is sadly not possible for reasons of cost and maintainability. On the other hand drivers will always be around until all devices get smart and use only standard APIs. As a developer I can tell you that that is going to happen in the near future. In terms of the age of the universe, "not by the year 3000" is the near future.
An alternative solution would be a more controlled process for device identification. PCI goes a long way to do this, and most new devices have some sort of identification. Basically every model of every device from every manufacturer needs a unique ModelID which is easily retrievable according to the basic protocols of the bus in question.
The ModelID could easily be a 128 bit number (64 bits assigned to the manufacturer, 64 assigned by the manufacturer; they control that range).
Then we need some sort of industry level agreement (or non-profit organisation with lots of clout) to maintain a database of ModelID = Device name + driver (or at least where to find the driver).
My sentiments exactly:) Promote the system from using a hash to using a MAC, and gain flexibility and simplicity.
There is also the possibility of increased security: if an attacker finds a way to modify the hash list in the kernel, they could put in a trojan binary, or add a new verified binary. With a asymmetric key MAC system, then can't change the key without invalidation ALL of the verified binaries, which means also changing the MACs stored in/with this binaries. That's quite a bit of effort.
First, your scenario is different depending on whether you are an employee or unaffiliated to the company and all of its directors/managers. Second, a court would have to decide whether you overhearing constituted receiving a tip.
The US SEC definition of insider trading includes: Illegal insider trading refers generally to buying or selling a security... while in possession of material, nonpublic information about the security.
To start at the beginning: if you are an employee, you are automatically an insider. ANY securities transaction you do is insider trading, but it may be LEGAL insider trading. Because of your access to privlidged information, whether because of your job or proximity to company officials, you may be called on to explain and justify your trades as being legal.
If you "overheard" a conversation, you have gained access to nonpublic information which affects the security. By trading, you are acting on that information. In the strictest sense, that is illegal insider trading.
[Aside] At the bottom of the US SEC page you'll find a link to a speech on insider trading. It references case law, including some interesting rulings such as an influencial columnist who tipped a broker about the content of his upcoming columns, and was found guilty of insider trading.
You are also incorrect in saying that Reuters made the information public. Securities Exchanges have extremely strict policies on what constitutes "public" when it comes to information on listed companies. There are certain channels which MUST be notified (e.g. the bourse itself, which streams such news to brokers), and typically the announcement must be in at least one national newspaper in that country.
Therefore Reuters, in publishing the information, did not necessarily make it "public" as contemplated under the bourse rules, and despite its widespread distribution it is treated as nonpublic information.
This is like saying that you have made 100,000 copied of your financial statements, so they are publically available. They aren't if you have them sitting in your store room.
Stock exchanges have very stringent rules about what does and does not constitute public disclosure. I've already seen mention that in Sweden those rules involve release to the bourse (which will provide the information on its official news stream, which is what serious traders and brokers ultimately react on), plus publication in two national newspapers.
The concept of "publically available" goes hand-in-hand with accessibility. This information was not highly accessible. As such it was not publically available. Reuters asked some clever questions and got what they were looking for.
An author of a copyrighted work has the following exclusive rights conferred by 17 USC 106:
- to reproduce the work (e.g., to make copies)
- to prepare derivative works (e.g., translation, abridgment, condensation, adaptation)
- to distribute copies to the public (e.g., publish, sell, rental, lease, or lending)
- to perform the work publicly
- to display the work publicly
You are correct in saying that you cannot copyright facts, only the expression of facts. But there are limitations.
Where the fact is not widely known, you risk plagurism unless you adequately reflect the source.
Where the fact is of a private/personal nature, you risk invasion or privacy or breaking relevant privacy laws
Where the fact is not, in fact, a fact, or is in dispute, you risk libel and various other damages.
(2) and (3) apply in this case. (2) because financial statements are private until published by the person (company); and (3) because until published financial statements are NOT fact. Anyone who acted on Reuter's information is potentially at risk of being accused of insider trading (yes! even though the details were published in a newspaper, they had NOT been published by/to the burse).
And summerising a movie is adaption and abridgement, and a violation of copyright.
Actually there are several laws which apply to this.
The first is copyright, which covers not only exact works, but derived works. Copyright is also always subsistent in a work, under the Berne Convention - you don't even have to have a copyright notice! When information or concepts are available from a single source only, they are almost certainly covered by copyright law.
For this reason, you can't write a book featuring characters that another author has developed, and even a thorough dissertation on the characters and plot is questionable. Similarly you can't republish parts of an academic paper either claiming them to be yours (plagurism) or otherwise, without adding substantial "value". This comes down to the basics of fair use: you may use non-substantial parts of a copyright work, and then only as part of a greater work of your own.
So in publishing company financial information without permission, Reuters almost certainly used a substantial part of the information, and therefore required permission. You should be aware that newspapers in general need copyright permission to publish information of this nature; which is usually granted automatically by the news releases on the local burse (since for most burses this is considered public information).
Other applicable laws include privacy law. Companies are people in the eyes of the law, and have rights to privacy, just like the rest of us. Must as someone who sneaks into your house and takes a copy of your accounts can't legally publish them, you can't obtain a company's financial statements and publish them without its permission (until it makes them publically available).
While this case just sounds wrong, there are deeper legal issues (as there often are). This case tells us that there is a fine line between a valid request, a shot-in-the-dark request, and hacking. And most of the comments on Slashdot so far bear that out. Sometimes crashing a machine or accessing password-protected information is as simple as adding a character or to to a URL - exactly the same procedure as accessing an unlisted page. How do you objectively distinguish between the two?
There are a couple of points being argued in these threads. You make a good one: it is a request, but it has undesirable side effects.
I would say that, legally, this situation could be viewed as some sort of cold caller. You may be offered a free holiday, or you may be offered an investment. Here, "you" is the web server. You get asked for your name, some information about you (content pages), etc, which you're happy to give.
Now you get asked if you want a free holiday. That's okay. You get the holiday, subject to terms and conditions you don't like, but there was no criminal misrepresentation. But what if you get offered an investment, which happens to be a pyramid scheme? Its offered as a sound investment, but its not -- that is fraud.
I would liken your example to fraud: it is a deliberate and malicious attempt to use a request/offer in a damaging way.
The original example (Reuters), however, is a more difficult case. In some ways its like asking someone what they earn, or what their social security number is, or their credit card number. Asking is not illegal, and if they give you the information you have obtained it legally. However, the manner in which you USE that information may be illegal! Having been given information does NOT give you the right to (re)publish it.
As such I would argue that what Reuters did is not hacking. They did not bypass any protection mechanism, they just asked intelligent questions. On the other hand, using such information may have been illegal (I don't know how they made use of it).
This is very true. To teach a strong theoretical grounding there is little time to study multiple implementations of the theory. Instead, you concentrate on one implementation as an example of the theory.
In languages for example, you will study the concepts, but pick one (say C++) for practical work. You will look at what C++ has and doesn't have relative to the theoretical model, and (as text book study) relative to other languages such as Java and Smalltalk.
In my experience, students who have a good theoretical grounding and some practical experience with a single product can easily learn to apply the theory to other products. This is especially true for languages and common office products (word processors, spreadsheets, etc); but conversion becomes more difficult when dealing with specific applications (even IIS vs Apache configuration).
Specialisation during learning is a good thing. Leave it to on-the-job experience for the development of diversification. Having said that, I think there should be some teaching dedicated to knowing ABOUT the alternatives (but not necessarily how to use them): you are hamstrung if you only know one language, and can't made a knowledgable and objective choice of languages and deployment environments. A comparitive study of languages, operating systems, and common software products, drawing attention to strong cases for use, would be beneficial.
Wrong. The directors have to act in the best interests of the company. Another fine line they have to tread: the best interests of the company don't always enrich the stockholders, which in turn could see the directors dismissed or not have their contracts renegotiated.
But a company is, in the eyes of the law, an individual. And an individual is expected to act in its own best interests (with some social responsiblity). So directors are obliged to act in the best interests of the company.
An analogy: You are an individual (I assume;) ), but other people have an interest in you (e.g. your coworkers, your employer, his/her employer, etc). This in no way means that you should act in their interests in perference to your own.
Most countries have company law which includes the notion of Fiduciary duty. This means that the directors have to walk the fine conflict of interest between enriching themselves, and acting in the best interests of the company.
A director who does not act in the best interests of the company, even if it is not in his/her best interests, is failing in their Fiduciary duty, and can be legally challanged.
The problem is that most shareholders are not aware of this fact, and that without cooperating from the company it is very difficult to track down other shareholders (for the purpose of bringing a class action suit against the directors).
A secondary problem is the lack of direct involvement by shareholders. Directorships are often negotiated by company management (so the company managers pay the directors for their services); in turn the directors are responsible for determining management remuneration and working conditions. Its a simple you pay my back and I'll pat yours scenario. More direct shareholder involvement would see the shareholders appoint the directors, avoiding the spiral of self-indulgance.
Of course this is all assuming that Microsoft didn't have oodles of money and hundreds of dedicated developers to throw at the problem with the specific intent of crushing the competition.
Actually, the license did exactly what was intended. It allowed someone to take the source code and extend it to create new and innovative functionality, adding to the range of what computers could do. Internet Explorer, not Netscape/Mosaic/Mozilla, drove us to the current model of the Internet.
If Mosaic had been GPL licensed, this may never have happened. While this may put 6 million geeks up in arms, there abour 250+ million people who have found that the Internet (and its information) is now more accessible.
The interesting thing about O(nlogn) versus O(n) or O(whatever-you-want) is that an "operation" is not often the same between algorithms.
So an O(nlogn) implementation is still faster than an O(n) implementation when the input set is less than 1,000,000 items and the latter implementation requires 6 times the time per operation compares to the former.
So while it is unlikely that someone without a vast theoretical background will discover a better algorithm for all cases (or even the extreme cases), as you point out; there is a significantly greater liklihood that he could have discovered an algorithm which provides improvement for data sets which are commonly used in certain - even many - fields. Without having multiple doctorates.
Sorting in general is a well-studied field; but as the application of computers grows, the need for less general sorting grows as well. Many data structures and algorithms are not considered "sorted" because they are partitioned, or implicitly ordered, yet they make use of sorting theory.
In print you should be looking for "Introduction to Algorithms, 2nd edition". It is the bible of the field. Other excellent candidates are "Data Structures and Algorithms" ( / in Java / in C).
Google will also tell you to look here, here and here.
But why do you want a web based application (with or without Java applets) to begin with? The Web provided a common platform, ease of delivery to remote clients (and by extension ease of maintenance), and an easy display language for simple presentations.
The value proposition of the Web is now significantly reduced in light of alternative technologies. Java, Tcl, Python, Perl and numerous others provide a common platform. Most either provide or easily permit a stub architecture for downloading the application from the server on the fly, negating the traditional remote maintenance problems of C/S software. Visual "builder" IDEs are commonplace.
These languages offer a powerful set of GUI widgets which beat DHTML on interactive use, and have proper RPC mechanisms (with several standards to choose from) rather than the submit-and-retrieve model that limits web applications.
Where a web application can use DHTML and XML to transfer a table, a Java application can address the remote table object as if it were local, or transfer the object to the client implicitly, at no development cost.
But, IMHO, you need to examine your choice of development platform (i.e. "web application") and your methodology. If you have already decided on your platform before determining UI requirements, you have issues.
Quite simply a web application can't deliver the same level of user interaction as a traditional C/S application. HTML (even with JavaScript) does not have a rich widget set for building UIs, which causes most intranet applications to have non-obvious even tedious solutions to common UI problems.
One of the few places where HTML excels is in displaying reports and non-interactive tables. By contrast, it is poorest at interactive tables and dynamic filtering.
Some examples: many applications with long lists have a facility to search-as-you-type, either focused on the list or in a text field adjacent to the list; applications with filter or present options based on another selection draw their data on demand in a C/S model, but in a web application must use submit-and-update or multidimensional JavaScript arrays and transfer ALL values to the client on the first request. Simple elements like menus and toolbars are difficult to get right and keep consistent in a web application.
You're right, its not the same. The cost of sale to reproduce a software product is significantly less than that to produce a motor car; although it is very comparable to that of a music CD.
"IP" companies put no less R&D resources into an "IP" product than other companies put into physical products; they just shift the cost point from the reproduction to the development.
Theft from a provider is no different whether it is IP or physical stock - you are materially affected by the value of the cost of sale. You can still produce more stock at a similar cost to sell and profit.
Theft from a consumer, however, is different. Unless you steal the physical medium, IP theft does not deprive the original consumer of their property.
No, one of the major complaints about Java is that it continues to get more bloated. There are a few vocal OSS advocates who can't bear to have freely available software being though of as "free", because as everyone knows its more important to know how to make beer than to have some given to you.
Unfortunately, IMHO, Sun hasn't kept a tight enough leash on Java. It started with an excellent vision, but then let the "community" get in on the act and push for every more standards, without really considering the benefit.
Its very much like the SourceForge effect. Start a project, put some ideas on a web page, and wait for someone to do the work. The JCP has provided a lot of solutions by providing APIs to develop against, but there is no implementation.
Worse, the APIs are often poor and bloated as a result of a lack of proper domain understanding, and provision for any conceivable implementation.
Java and its developers would be better served by providing additional libraries where they are warranted - not standards - and leaving the market (or OSS) to fill in the gaps with components. It has done wonders in the Microsoft world.
Some cases in point: Apache's log4j and regexp packages are widely considered the de facto standards, and have been around since well before JDK 1.4 was in development. They are also considered technically superior to the functionality which has appeared in 1.4 as a result of the JCP.
In fact the JSR for regular expressions is reads like a child's christmas list, as it is part of the NIO request, and includes a desire for printf-style formatting.
Sun did an excellent job with the design of Java. Its a pity there are a bunch of wannabees who are too shortsighted to see the value of leaving the control of the language's development in the hands of technical experts, and providing or acquiring what they specifically need in their own back yard as components.
Looks like a classic example of bad syntax to me. I don't know Ruby, or Python... but I do know when I see a language which does not have an intuitive syntax or grammar.
While the "5.times" is rather obvious, if not leaving one wondering why a "." is needed, |n| would be read by your average degreed professional developer as "the absolute value of n", given its visual similarity to the well known and standard mathematical notation for this operation. Which of course makes "|n| puts n" a rather illogical statement, and a best "take the absolute value of n and then print it".
Terse is good only if it is understandable... not if it is readable.
Unfortunately the visual builders for wxWindows have never matured much (IMHO) -- certainly they don't have the professional finish of VB or C++ Builder (which is far superior to VB for form design).
(3) A cryptography service or cryptography product is regarded as being provided in the Republic if it is provided-- (a) from premises in the Republic; (b) to a person who is present in the Republic when that person makes use of the service or product; or (c) to a person who uses the service or product for the purposes of a business carried on in the Republic or from premises in the Republic.
I would not dismiss that so easily. The intent of the law is the basis for the ruling of a judge (in SA). Unless a lawyer can convincingly argue that only local providers of crypto were intended to be registered, it will be read as "any provider with a presence in the SA market providing crypto". This may limit the applicability to providers with some sort of physical presence / outlet / support in SA, and not extend to pure virtual trade. But I wouldn't count on it.
Slashdot Mirror
You have the misconception that email is for small transfers, while FTP/HTTP is for large transfers. That is like saying that post is for small letters and shopping malls are for parcels.
The fact is, these protocols fulfil distinctly different roles; they don't just cater for different sizes. Email is for unidirectional interpersonal communication, period. IM (ICQ, AIM, IRC) is for one-on-one or group bidirectional interpersonal communication. FTP is for distribution and receipt of arbitrary data of a non-personal nature. HTTP is primarily intended for distribution of data in a content-sensitive fashion.
FTP is a lousy way to send a spreadsheet to someone. First I have to put it on an FTP site, set the permissions to allow access to the correct people (only), and then mail them with the address/path/document name and login/password. I can't do this unless I have a FTP server which I can configure AND is only 24/7 (i.e. not possible from a normal dial-up account).
SMTP is, in fact, meant to assist in dealing with transfers of this nature. I send the mail to my ISP's SMTP server, a transfer which can proceed at the full bandwidth of my dial-up line. That SMTP server transfers the data to the recipient's SMTP server as load and bandwidth allows. The recipient can then download the information, again at his/her full bandwidth. As opposed to a bandwidth constrained intercontinental transfer of a 10Mb file at 1k/sec. Which is a bitch.
The real problem here is not the users, but the infrastructure. Quite simply we need a parcel service to augment the postal service, which can't handle large parcels really well. In Internet terms that means some facility to add connection retraining / resume between clients and servers, and between servers and servers, in the SMTP network. It would also be beneficial to allocate a "small" and "large" mailbox to every user (and parcels cause a collection note in the small mail box).
First, please realise that I did note in my original post that PCI already has ID numbers of this sort; but that all new devices on new busses need it AND it needs to be more controlled / standardised. i.e. A PCI card manufacturer can use the same ID for all revisions of their card if they want, even when some use different drivers. Its stupid, but they do it.
Second, no, 64 bits isn't overkill. There've been problems in MAC addressing for some time becuase 48 bits was supposed to be enough. Now you're throwing in a whole lot of new manufacturers, a whole lot of new devices, and hopefully mandating better control over the numbering by saying that every revision (hardware/firmware combo) must have a unique number.
While large swarthes of the ID space may be unused, don't underestimate the importance of having enough to LET it be unused. Let's not go into the shortsightedness of having 32 bits for IP addressing, 2 digits for a year, etc.
64 bits would probably be fine if you exclude a serial number; but even then 128 bits would be compatible with current software standards (GUID/UUID), which would be convenient.
As many people have pointed out, this is sadly not possible for reasons of cost and maintainability. On the other hand drivers will always be around until all devices get smart and use only standard APIs. As a developer I can tell you that that is going to happen in the near future. In terms of the age of the universe, "not by the year 3000" is the near future.
An alternative solution would be a more controlled process for device identification. PCI goes a long way to do this, and most new devices have some sort of identification. Basically every model of every device from every manufacturer needs a unique ModelID which is easily retrievable according to the basic protocols of the bus in question.
The ModelID could easily be a 128 bit number (64 bits assigned to the manufacturer, 64 assigned by the manufacturer; they control that range).
Then we need some sort of industry level agreement (or non-profit organisation with lots of clout) to maintain a database of ModelID = Device name + driver (or at least where to find the driver).
We can dream ...
Quick addition: this also allows you to introduce new verified binaries into the system without rebooting ...
My sentiments exactly :) Promote the system from using a hash to using a MAC, and gain flexibility and simplicity.
There is also the possibility of increased security: if an attacker finds a way to modify the hash list in the kernel, they could put in a trojan binary, or add a new verified binary. With a asymmetric key MAC system, then can't change the key without invalidation ALL of the verified binaries, which means also changing the MACs stored in/with this binaries. That's quite a bit of effort.
But this is a great step forward.
First, your scenario is different depending on whether you are an employee or unaffiliated to the company and all of its directors/managers. Second, a court would have to decide whether you overhearing constituted receiving a tip.
The US SEC definition of insider trading includes: Illegal insider trading refers generally to buying or selling a security ... while in possession of material, nonpublic information about the security.
To start at the beginning: if you are an employee, you are automatically an insider. ANY securities transaction you do is insider trading, but it may be LEGAL insider trading. Because of your access to privlidged information, whether because of your job or proximity to company officials, you may be called on to explain and justify your trades as being legal.
If you "overheard" a conversation, you have gained access to nonpublic information which affects the security. By trading, you are acting on that information. In the strictest sense, that is illegal insider trading.
[Aside] At the bottom of the US SEC page you'll find a link to a speech on insider trading. It references case law, including some interesting rulings such as an influencial columnist who tipped a broker about the content of his upcoming columns, and was found guilty of insider trading.
You are also incorrect in saying that Reuters made the information public. Securities Exchanges have extremely strict policies on what constitutes "public" when it comes to information on listed companies. There are certain channels which MUST be notified (e.g. the bourse itself, which streams such news to brokers), and typically the announcement must be in at least one national newspaper in that country.
Therefore Reuters, in publishing the information, did not necessarily make it "public" as contemplated under the bourse rules, and despite its widespread distribution it is treated as nonpublic information.
This is like saying that you have made 100,000 copied of your financial statements, so they are publically available. They aren't if you have them sitting in your store room.
Stock exchanges have very stringent rules about what does and does not constitute public disclosure. I've already seen mention that in Sweden those rules involve release to the bourse (which will provide the information on its official news stream, which is what serious traders and brokers ultimately react on), plus publication in two national newspapers.
The concept of "publically available" goes hand-in-hand with accessibility. This information was not highly accessible. As such it was not publically available. Reuters asked some clever questions and got what they were looking for.
You can find the full text here.
You are correct in saying that you cannot copyright facts, only the expression of facts. But there are limitations.
(2) and (3) apply in this case. (2) because financial statements are private until published by the person (company); and (3) because until published financial statements are NOT fact. Anyone who acted on Reuter's information is potentially at risk of being accused of insider trading (yes! even though the details were published in a newspaper, they had NOT been published by/to the burse).
And summerising a movie is adaption and abridgement, and a violation of copyright.
Actually there are several laws which apply to this.
The first is copyright, which covers not only exact works, but derived works. Copyright is also always subsistent in a work, under the Berne Convention - you don't even have to have a copyright notice! When information or concepts are available from a single source only, they are almost certainly covered by copyright law.
For this reason, you can't write a book featuring characters that another author has developed, and even a thorough dissertation on the characters and plot is questionable. Similarly you can't republish parts of an academic paper either claiming them to be yours (plagurism) or otherwise, without adding substantial "value". This comes down to the basics of fair use: you may use non-substantial parts of a copyright work, and then only as part of a greater work of your own.
So in publishing company financial information without permission, Reuters almost certainly used a substantial part of the information, and therefore required permission. You should be aware that newspapers in general need copyright permission to publish information of this nature; which is usually granted automatically by the news releases on the local burse (since for most burses this is considered public information).
Other applicable laws include privacy law. Companies are people in the eyes of the law, and have rights to privacy, just like the rest of us. Must as someone who sneaks into your house and takes a copy of your accounts can't legally publish them, you can't obtain a company's financial statements and publish them without its permission (until it makes them publically available).
While this case just sounds wrong, there are deeper legal issues (as there often are). This case tells us that there is a fine line between a valid request, a shot-in-the-dark request, and hacking. And most of the comments on Slashdot so far bear that out. Sometimes crashing a machine or accessing password-protected information is as simple as adding a character or to to a URL - exactly the same procedure as accessing an unlisted page. How do you objectively distinguish between the two?
There are a couple of points being argued in these threads. You make a good one: it is a request, but it has undesirable side effects.
I would say that, legally, this situation could be viewed as some sort of cold caller. You may be offered a free holiday, or you may be offered an investment. Here, "you" is the web server. You get asked for your name, some information about you (content pages), etc, which you're happy to give.
Now you get asked if you want a free holiday. That's okay. You get the holiday, subject to terms and conditions you don't like, but there was no criminal misrepresentation. But what if you get offered an investment, which happens to be a pyramid scheme? Its offered as a sound investment, but its not -- that is fraud.
I would liken your example to fraud: it is a deliberate and malicious attempt to use a request/offer in a damaging way.
The original example (Reuters), however, is a more difficult case. In some ways its like asking someone what they earn, or what their social security number is, or their credit card number. Asking is not illegal, and if they give you the information you have obtained it legally. However, the manner in which you USE that information may be illegal! Having been given information does NOT give you the right to (re)publish it.
As such I would argue that what Reuters did is not hacking. They did not bypass any protection mechanism, they just asked intelligent questions. On the other hand, using such information may have been illegal (I don't know how they made use of it).
This is very true. To teach a strong theoretical grounding there is little time to study multiple implementations of the theory. Instead, you concentrate on one implementation as an example of the theory.
In languages for example, you will study the concepts, but pick one (say C++) for practical work. You will look at what C++ has and doesn't have relative to the theoretical model, and (as text book study) relative to other languages such as Java and Smalltalk.
In my experience, students who have a good theoretical grounding and some practical experience with a single product can easily learn to apply the theory to other products. This is especially true for languages and common office products (word processors, spreadsheets, etc); but conversion becomes more difficult when dealing with specific applications (even IIS vs Apache configuration).
Specialisation during learning is a good thing. Leave it to on-the-job experience for the development of diversification. Having said that, I think there should be some teaching dedicated to knowing ABOUT the alternatives (but not necessarily how to use them): you are hamstrung if you only know one language, and can't made a knowledgable and objective choice of languages and deployment environments. A comparitive study of languages, operating systems, and common software products, drawing attention to strong cases for use, would be beneficial.
Wrong. The directors have to act in the best interests of the company. Another fine line they have to tread: the best interests of the company don't always enrich the stockholders, which in turn could see the directors dismissed or not have their contracts renegotiated.
But a company is, in the eyes of the law, an individual. And an individual is expected to act in its own best interests (with some social responsiblity). So directors are obliged to act in the best interests of the company.
An analogy: You are an individual (I assume ;) ), but other people have an interest in you (e.g. your coworkers, your employer, his/her employer, etc). This in no way means that you should act in their interests in perference to your own.
Most countries have company law which includes the notion of Fiduciary duty. This means that the directors have to walk the fine conflict of interest between enriching themselves, and acting in the best interests of the company.
A director who does not act in the best interests of the company, even if it is not in his/her best interests, is failing in their Fiduciary duty, and can be legally challanged.
The problem is that most shareholders are not aware of this fact, and that without cooperating from the company it is very difficult to track down other shareholders (for the purpose of bringing a class action suit against the directors).
A secondary problem is the lack of direct involvement by shareholders. Directorships are often negotiated by company management (so the company managers pay the directors for their services); in turn the directors are responsible for determining management remuneration and working conditions. Its a simple you pay my back and I'll pat yours scenario. More direct shareholder involvement would see the shareholders appoint the directors, avoiding the spiral of self-indulgance.
Of course this is all assuming that Microsoft didn't have oodles of money and hundreds of dedicated developers to throw at the problem with the specific intent of crushing the competition.
Actually, the license did exactly what was intended. It allowed someone to take the source code and extend it to create new and innovative functionality, adding to the range of what computers could do. Internet Explorer, not Netscape/Mosaic/Mozilla, drove us to the current model of the Internet.
If Mosaic had been GPL licensed, this may never have happened. While this may put 6 million geeks up in arms, there abour 250+ million people who have found that the Internet (and its information) is now more accessible.
Why not just use a multi-time pad? Its more secure than a one-time pad, and reusable.
Accepted moderations: Troll, Funny
The interesting thing about O(nlogn) versus O(n) or O(whatever-you-want) is that an "operation" is not often the same between algorithms.
So an O(nlogn) implementation is still faster than an O(n) implementation when the input set is less than 1,000,000 items and the latter implementation requires 6 times the time per operation compares to the former.
So while it is unlikely that someone without a vast theoretical background will discover a better algorithm for all cases (or even the extreme cases), as you point out; there is a significantly greater liklihood that he could have discovered an algorithm which provides improvement for data sets which are commonly used in certain - even many - fields. Without having multiple doctorates.
Sorting in general is a well-studied field; but as the application of computers grows, the need for less general sorting grows as well. Many data structures and algorithms are not considered "sorted" because they are partitioned, or implicitly ordered, yet they make use of sorting theory.
The definitive online resource for algorithms is NISTS's Dictionary of Algorithms and Data Structures. There is a list of algorithm resources, and you can also find some free e-books using The Assayer.
In print you should be looking for "Introduction to Algorithms, 2nd edition". It is the bible of the field. Other excellent candidates are "Data Structures and Algorithms" ( / in Java / in C).
Google will also tell you to look here, here and here.
But why do you want a web based application (with or without Java applets) to begin with? The Web provided a common platform, ease of delivery to remote clients (and by extension ease of maintenance), and an easy display language for simple presentations.
The value proposition of the Web is now significantly reduced in light of alternative technologies. Java, Tcl, Python, Perl and numerous others provide a common platform. Most either provide or easily permit a stub architecture for downloading the application from the server on the fly, negating the traditional remote maintenance problems of C/S software. Visual "builder" IDEs are commonplace.
These languages offer a powerful set of GUI widgets which beat DHTML on interactive use, and have proper RPC mechanisms (with several standards to choose from) rather than the submit-and-retrieve model that limits web applications.
Where a web application can use DHTML and XML to transfer a table, a Java application can address the remote table object as if it were local, or transfer the object to the client implicitly, at no development cost.
Ask Google about ui design guidelines for web applications. IBM's Ease Of Use site comes up tops.
But, IMHO, you need to examine your choice of development platform (i.e. "web application") and your methodology. If you have already decided on your platform before determining UI requirements, you have issues.
Quite simply a web application can't deliver the same level of user interaction as a traditional C/S application. HTML (even with JavaScript) does not have a rich widget set for building UIs, which causes most intranet applications to have non-obvious even tedious solutions to common UI problems.
One of the few places where HTML excels is in displaying reports and non-interactive tables. By contrast, it is poorest at interactive tables and dynamic filtering.
Some examples: many applications with long lists have a facility to search-as-you-type, either focused on the list or in a text field adjacent to the list; applications with filter or present options based on another selection draw their data on demand in a C/S model, but in a web application must use submit-and-update or multidimensional JavaScript arrays and transfer ALL values to the client on the first request. Simple elements like menus and toolbars are difficult to get right and keep consistent in a web application.
You're right, its not the same. The cost of sale to reproduce a software product is significantly less than that to produce a motor car; although it is very comparable to that of a music CD.
"IP" companies put no less R&D resources into an "IP" product than other companies put into physical products; they just shift the cost point from the reproduction to the development.
Theft from a provider is no different whether it is IP or physical stock - you are materially affected by the value of the cost of sale. You can still produce more stock at a similar cost to sell and profit.
Theft from a consumer, however, is different. Unless you steal the physical medium, IP theft does not deprive the original consumer of their property.
No, one of the major complaints about Java is that it continues to get more bloated. There are a few vocal OSS advocates who can't bear to have freely available software being though of as "free", because as everyone knows its more important to know how to make beer than to have some given to you.
Unfortunately, IMHO, Sun hasn't kept a tight enough leash on Java. It started with an excellent vision, but then let the "community" get in on the act and push for every more standards, without really considering the benefit.
Its very much like the SourceForge effect. Start a project, put some ideas on a web page, and wait for someone to do the work. The JCP has provided a lot of solutions by providing APIs to develop against, but there is no implementation.
Worse, the APIs are often poor and bloated as a result of a lack of proper domain understanding, and provision for any conceivable implementation.
Java and its developers would be better served by providing additional libraries where they are warranted - not standards - and leaving the market (or OSS) to fill in the gaps with components. It has done wonders in the Microsoft world.
Some cases in point: Apache's log4j and regexp packages are widely considered the de facto standards, and have been around since well before JDK 1.4 was in development. They are also considered technically superior to the functionality which has appeared in 1.4 as a result of the JCP.
In fact the JSR for regular expressions is reads like a child's christmas list, as it is part of the NIO request, and includes a desire for printf-style formatting.
Sun did an excellent job with the design of Java. Its a pity there are a bunch of wannabees who are too shortsighted to see the value of leaving the control of the language's development in the hands of technical experts, and providing or acquiring what they specifically need in their own back yard as components.
Looks like a classic example of bad syntax to me. I don't know Ruby, or Python ... but I do know when I see a language which does not have an intuitive syntax or grammar.
While the "5.times" is rather obvious, if not leaving one wondering why a "." is needed, |n| would be read by your average degreed professional developer as "the absolute value of n", given its visual similarity to the well known and standard mathematical notation for this operation. Which of course makes "|n| puts n" a rather illogical statement, and a best "take the absolute value of n and then print it".
Terse is good only if it is understandable ... not if it is readable.
C++ Builder is your friend.
Unfortunately the visual builders for wxWindows have never matured much (IMHO) -- certainly they don't have the professional finish of VB or C++ Builder (which is far superior to VB for form design).
(3) A cryptography service or cryptography product is regarded as being provided in the Republic if it is provided--
(a) from premises in the Republic;
(b) to a person who is present in the Republic when that person makes use of the service or product; or
(c) to a person who uses the service or product for the purposes of a business carried on in the Republic or from premises in the Republic.
I would not dismiss that so easily. The intent of the law is the basis for the ruling of a judge (in SA). Unless a lawyer can convincingly argue that only local providers of crypto were intended to be registered, it will be read as "any provider with a presence in the SA market providing crypto". This may limit the applicability to providers with some sort of physical presence / outlet / support in SA, and not extend to pure virtual trade. But I wouldn't count on it.