Arch hawk Richard Perle has admitted that the invasion was illegal under international law.
Perle : "I think in this case international law stood in the way of doing the right thing."
And on this (and this alone!) I agree with him - the invasion was illegal. The question is whether it was the right thing to do, and it is still far from clear what the answer to that question is.
There's nothing wrong with your reasoning above, it's just that "(6)...offer a solution" belies the true complexity of the problem. Seriously, turn this around and ask yourself "Why hasn't there been a solution brought forward yet?" - it's not like vast numbers of highly intelligent people haven't been working on this for years without solving it.
In my experience, people whose response to the spam problem starts with "We should simply change SMTP..." do not understand the problem.
OF course they will continue to spam people not using such a client e-mail program.
If they're continuing to send spam, how is that "solving the problem"? The "problem" is not the annoyance of individuals having to view spam; the problem is that spam wastes bandwidth and other resources, resources that cost money. If the spammers don't stop sending, the problem isn't solved. Indeed, solutions which merely take away a fraction of the spammers' audience are likely to increase the problem, since the incentive is then for the spammers to send even more messages to maintain the same number of returns. Some would argue we're already seeing such an effect - there's certainly no doubting the massive increase in spamming in the last year. As I started out by saying, this is not a trivial problem and many highly intelligent people have wrestled with it for years without coming up with a workable solution. When people write "we should simply [change protocol or whatever]" it's because they don't fully understand the nature of the problem.
How come the idea of e-stamps is not getting any traction?...I dont see what the technical... barriers are.
No offence, but many people more technically gifted than you or I have been wrestling with these issues for years and still haven't created a solution because the problem is a hard one to solve.
On a simple level, consider this - in order to migrate from the SMTP protocol to "something better", we would either have to (a) have the entire world convert simultaneously to the new standard or (b) allow backward compatibility with SMTP. (a) seems highly unlikely, and (b) means that you don't solve the problem. And before you point out that in the case of (b) we'd only need a limited transition time before we'd all be on the new protocol, I'd offer the example of IPv6. How many years has IPv6 been in the works? How many million man-hours of committee time has it already been through? How close are we all to deploying IPv6?
I have received... quite a few mails with requests to confirm my e-mail address...The funny thing about it was that the "I" in question was neither someone I sent mail to nor someone I know at all.
Interesting twist that I haven't come across before. Are you certain that it didn't arise from (eg) posting to a distribution list?
Spammers regularly compromise other systems and install sophisticated software to allow easier spamming.
I could have sworn that this was illegal.
It is illegal, but then again, many of the products and services the spammers are pimping are also illegal. The legality (or not) has very little to do with it.
Nicely dodging my point that it's specious to argue that pharmcos need special protection because of the R&D costs, when in fact they are not risking huge amounts of money upfront. In fact they are trifling amounts, compared to other spending. See, for example, the figures in the report produced by Families USA which shows that Merck spent 6% of revenues on R&D, but spent 15% on marketing. The figures for Pfizer are 15% and 39%. The fact is that the pharmcos are one of the most powerful lobby groups in Washington and get lots of, ahem, "special consideration" that I don't think they deserve.
The newer practice of advertising direct to consumers may also benefit consumers by advising them of choices their doctors may not be paying attention to.
Are you for real?!? I guess, given your comments, you or your dad must work for a pharmco, but even so, pretending that dtca benefits consumers is simply risible.
You're obviously not a betting man. I would love to put down some serious money at that price (not least 'cos I know I could lay off the bet with a real bookie).
[For the click-impaired : current odds on 2004 election with William Hill - Democrats 6 to 4, Republicans 2 to one on]
it is not the proper place of the US government to build power infrastructure
I disagree. There are some aspects of a country's infrastructure which cannot be allowed to fail (which is what the free market is ultimately about - good businesses thrive, poor ones go bankrupt). Would you use the same reasoning about, for example, the interstate highways? The military?
Absolutely, and it's interesting to note that planned US spending on electrical infrastructure to 2005 is 71 cents per American per year. Meanwhile, the US gov. plans to spend $255 per citizen in Iraq! (Health spending plans are also illuminating : $38 per capita on hospitals in Iraq versus $3.30 in the US).
If I was a US citizen, I would be furious about this failure to invest my tax dollars in my own country's infrastructure.
Oh, there's still plenty of theatrics and schoolyard idiocy (and the inevitable group that complains about same, launching interminable threads about what to do about it, introduce moderation, yadda yadda), BUT, that's what you inevitably get when you sign up for unmoderated full disclosure. I don't mind (and have filters to help) sifting the pearls from the shit; I recognise that others like yourself don't want to do this. I wouldn't suggest FD as a person's *only* source of security information and I would never claim that FD was the be-all end-all supreme list, just that I find it more useful than Bugtraq these days.
You're certainly right that potential subscribers should be aware that FD is high volume with less than outstanding signal-to-noise ratio.
It is telling, if not surprising, that in all of the media coverage, I have yet to hear the bar owners address the issue of privacy legislation. BC's forthcoming private sector privacy law, Bill 38, due to come into effect Jan 1st 2004, imposes very specific requirements upon organisations handling personally identifiable information, including collection, use, consent and access, among others. I'd be interested to hear BC's Information and Privacy Commissioner's view on this proposed scheme - as far as I can tell, the bar owners have not made any consideration of the legal duties this legislation will impose upon them.
The fact that it is a "mistake" precludes it from being 100% preventable.
So you think buffer overflows, for example, can never be 100% avoided? That we shouldn't be surprised that such "mistakes" are appearing in 2003 and.net products? Once the "mistake" is understood, isn't it reasonable that steps should be made to avoid it in future? Especially when the manufacturer concerned made a big public show over doing exactly that? Buffer overflows have been well understood for decades now. It may be unreasonable to expect fully 100%, but I don't see a level of diligence any where near approaching that.
I'll agree, there are flaws in any approach. We're all human. But I don't think it's acceptable for a manufacturer to simply wash their hands of any responsibility; we don't accept that in other walks of life and I still don't see a good reason that the same principle shouldn't apply to software. *Principle* that is; the details will no doubt be lawyer-fodder.
I'll also retract what I said in my first post - your reasoning is lucid, it just isn't convincing (to me, at least;)
I would think that a prudent person would fix their software
And I would think a prudent person would not then make exactly the same mistakes again in newly developed software (though this may not be exactly what this particular lawsuit is about). As you said earlier, there is no black and white here; this will inevitably get into what is "reasonable" and "prudent". We just differ on whether we think MS has been as diligent as a reasonable person can expect.
Incidentally, I also think there's a huge difference between binaries and source, primarily that the user is unable to rectify a problem binary and is utterly dependent on the manufacturer. It's that dependence that ought to create some liability on the part of the manufacturer.
The advantage isn't acheived through the use of small modules...The difference is the design of the software itself.
We seem to have got into a circular argument - I say use of small separate modules is fundamental to design. I still maintain that there is a big difference between "functions" within a monolithic program, and completely separate modules.
I challenge you to look through the [Sendmail] code and tell me it isn't [crappy]
Challenge declined:) Note also that there has been considerably more than 2 seconds thought put into the development of sendmail, and there have even been re-writes. Yet it's still crappy
I certainly agree that the key question is how do we prevent, catch and fix the errors. The main thrust of the lawsuit is that MS has not performed the due diligence that could reasonably be expected. Or, in slashdot-speak - their design sucks, they know it sucks, others suffer because it sucks, but they won't do anything to fix it. How bad does it have to be before it's negligence?
Slashdot Mirror
Done. [Smug satisfaction]
Arch hawk Richard Perle has admitted that the invasion was illegal under international law.
Perle : "I think in this case international law stood in the way of doing the right thing."
And on this (and this alone!) I agree with him - the invasion was illegal. The question is whether it was the right thing to do, and it is still far from clear what the answer to that question is.
Unlike ICANN, who of course, have members of the internet at large on their board. Oh, wait a minute...
True enough, but Kermit saved my bacon this way on many occasions
Maybe, but you could get Kermit on just about every platform under the sun.
There's nothing wrong with your reasoning above, it's just that "(6)...offer a solution" belies the true complexity of the problem. Seriously, turn this around and ask yourself "Why hasn't there been a solution brought forward yet?" - it's not like vast numbers of highly intelligent people haven't been working on this for years without solving it.
In my experience, people whose response to the spam problem starts with "We should simply change SMTP..." do not understand the problem.
If they're continuing to send spam, how is that "solving the problem"? The "problem" is not the annoyance of individuals having to view spam; the problem is that spam wastes bandwidth and other resources, resources that cost money. If the spammers don't stop sending, the problem isn't solved. Indeed, solutions which merely take away a fraction of the spammers' audience are likely to increase the problem, since the incentive is then for the spammers to send even more messages to maintain the same number of returns. Some would argue we're already seeing such an effect - there's certainly no doubting the massive increase in spamming in the last year. As I started out by saying, this is not a trivial problem and many highly intelligent people have wrestled with it for years without coming up with a workable solution. When people write "we should simply [change protocol or whatever]" it's because they don't fully understand the nature of the problem.
Perhaps you can tell me where my organisation can get a fat pipe for fractions of a penny?
On a simple level, consider this - in order to migrate from the SMTP protocol to "something better", we would either have to (a) have the entire world convert simultaneously to the new standard or (b) allow backward compatibility with SMTP. (a) seems highly unlikely, and (b) means that you don't solve the problem. And before you point out that in the case of (b) we'd only need a limited transition time before we'd all be on the new protocol, I'd offer the example of IPv6. How many years has IPv6 been in the works? How many million man-hours of committee time has it already been through? How close are we all to deploying IPv6?
Interesting twist that I haven't come across before. Are you certain that it didn't arise from (eg) posting to a distribution list?
It is illegal, but then again, many of the products and services the spammers are pimping are also illegal. The legality (or not) has very little to do with it.
That's why it's called the "CAN-SPAM" act. No trickery with naming there, nosir.
I am surprised the list did not contain the quote from Linus "I allege that SCO is full of it"
Nicely dodging my point that it's specious to argue that pharmcos need special protection because of the R&D costs, when in fact they are not risking huge amounts of money upfront. In fact they are trifling amounts, compared to other spending. See, for example, the figures in the report produced by Families USA which shows that Merck spent 6% of revenues on R&D, but spent 15% on marketing. The figures for Pfizer are 15% and 39%. The fact is that the pharmcos are one of the most powerful lobby groups in Washington and get lots of, ahem, "special consideration" that I don't think they deserve.
Are you for real?!? I guess, given your comments, you or your dad must work for a pharmco, but even so, pretending that dtca benefits consumers is simply risible.
I might have more sympathy for this view were it not for the fact that pharmcos spend twice as much on advertising as they do on R&D
You're obviously not a betting man. I would love to put down some serious money at that price (not least 'cos I know I could lay off the bet with a real bookie).
[For the click-impaired : current odds on 2004 election with William Hill - Democrats 6 to 4, Republicans 2 to one on]
I disagree. There are some aspects of a country's infrastructure which cannot be allowed to fail (which is what the free market is ultimately about - good businesses thrive, poor ones go bankrupt). Would you use the same reasoning about, for example, the interstate highways? The military?
Absolutely, and it's interesting to note that planned US spending on electrical infrastructure to 2005 is 71 cents per American per year. Meanwhile, the US gov. plans to spend $255 per citizen in Iraq! (Health spending plans are also illuminating : $38 per capita on hospitals in Iraq versus $3.30 in the US).
If I was a US citizen, I would be furious about this failure to invest my tax dollars in my own country's infrastructure.
Oh, there's still plenty of theatrics and schoolyard idiocy (and the inevitable group that complains about same, launching interminable threads about what to do about it, introduce moderation, yadda yadda), BUT, that's what you inevitably get when you sign up for unmoderated full disclosure. I don't mind (and have filters to help) sifting the pearls from the shit; I recognise that others like yourself don't want to do this. I wouldn't suggest FD as a person's *only* source of security information and I would never claim that FD was the be-all end-all supreme list, just that I find it more useful than Bugtraq these days.
You're certainly right that potential subscribers should be aware that FD is high volume with less than outstanding signal-to-noise ratio.
In recent months, I have found Bugtraq to be much less useful than the Full Disclosure mailing list.
It is telling, if not surprising, that in all of the media coverage, I have yet to hear the bar owners address the issue of privacy legislation. BC's forthcoming private sector privacy law, Bill 38, due to come into effect Jan 1st 2004, imposes very specific requirements upon organisations handling personally identifiable information, including collection, use, consent and access, among others. I'd be interested to hear BC's Information and Privacy Commissioner's view on this proposed scheme - as far as I can tell, the bar owners have not made any consideration of the legal duties this legislation will impose upon them.
So you think buffer overflows, for example, can never be 100% avoided? That we shouldn't be surprised that such "mistakes" are appearing in 2003 and .net products? Once the "mistake" is understood, isn't it reasonable that steps should be made to avoid it in future? Especially when the manufacturer concerned made a big public show over doing exactly that? Buffer overflows have been well understood for decades now. It may be unreasonable to expect fully 100%, but I don't see a level of diligence any where near approaching that.
I'll agree, there are flaws in any approach. We're all human. But I don't think it's acceptable for a manufacturer to simply wash their hands of any responsibility; we don't accept that in other walks of life and I still don't see a good reason that the same principle shouldn't apply to software. *Principle* that is; the details will no doubt be lawyer-fodder.
I'll also retract what I said in my first post - your reasoning is lucid, it just isn't convincing (to me, at least ;)
please explain what is so special about software that it should be treated differently from ordinary objects
Um, check out my first post in this thread. That's exactly the question I asked.
And I would think a prudent person would not then make exactly the same mistakes again in newly developed software (though this may not be exactly what this particular lawsuit is about). As you said earlier, there is no black and white here; this will inevitably get into what is "reasonable" and "prudent". We just differ on whether we think MS has been as diligent as a reasonable person can expect.
Incidentally, I also think there's a huge difference between binaries and source, primarily that the user is unable to rectify a problem binary and is utterly dependent on the manufacturer. It's that dependence that ought to create some liability on the part of the manufacturer.
We seem to have got into a circular argument - I say use of small separate modules is fundamental to design. I still maintain that there is a big difference between "functions" within a monolithic program, and completely separate modules.
I challenge you to look through the [Sendmail] code and tell me it isn't [crappy]
Challenge declined :) Note also that there has been considerably more than 2 seconds thought put into the development of sendmail, and there have even been re-writes. Yet it's still crappy
I certainly agree that the key question is how do we prevent, catch and fix the errors. The main thrust of the lawsuit is that MS has not performed the due diligence that could reasonably be expected. Or, in slashdot-speak - their design sucks, they know it sucks, others suffer because it sucks, but they won't do anything to fix it. How bad does it have to be before it's negligence?