"And if you don't like the terms, suck it up. MS has a monopoly on the desktop, especially in terms of business software. They can put any damned thing they want into their licenses, because most businesses have nowhere else to go."
That's absurd. Microsoft cannot put just anything they like in the license agreements. They have to keep it nearly reasonable or companies will stop paying for software licenses.
For example, they cannot expect to place a clause in the software license that says something like "Company agrees to pay Microsoft 1% of gross revenue each year." no matter how much they might like to have people agree to such terms. Only companies without revenue would be willing to agree to such terms, which wouldn't do Microsoft much good, so they won't bother to try it.
Microsoft didn't have a monopoly, they just had an overwhelming share of the market, and that's already changing, without the government taking any useful action at all.
Yeah, Microsoft licenses are nasty. Sure, they contain lots of ugly terms. That isn't the same as being able to dictate whatever contract they want.
Buyer beware. If you don't like the details, don't buy it.
"This story simply helps to illustrate the difference between having a monopoly and abusing one."
Alternatives exist. There has never been a moment when there were no alternatives to Microsoft.
You might not have liked those alternatives as much as dealing with Microsoft.
You might not currently like the alternatives as much as dealing with Microsoft.
You might never like the alternatives as much as dealing with Microsoft.
None of that matters to the people who have liked the alternatives, do like the alternatives, and will like the alternatives.
This "monopoly" nonsense is just a mask for the fact that some people can't be bothered to see the world beyond what Microsoft shows them.
I've been happy with daily rsync backups to a second local harddrive with the same
partition setup (one rsync command per partiion, with the -a -x --delete flags).
This makes rebuilding the system fairly trivial if the first hard drive fails.
It also means I can recover from mistakes if I notice them the same day.
"HTTPS uses more network traffic versus HTTP, and it uses more processor time on your web server(s), at least for those of us without the luxury of hardware crypto-accelerators. I'm all for heightened security, but the last thing any of us needs is a slower, more congested Web."
While that might be relevent for the general web, it doesn't really apply to low volume traffic on an internal network. We're not likely to be constrained by network bandwidth, latency, or CPU when we use PeopleSoft on an internal network, but we have a duty to keep our sensitive data from traveling over that network in plain text because the internal network is not secured.
"And finally, knowing Nathan as well as I do, I can say with certainty that part of the issue is that he hates watching people be willfully incompetent."
I don't think that's happening here. I do think there are some people who appear to have severly underestimated the potential impact and/or the likelihood of that impact. I also worry about the possibility that the successful implementation of the project may be placed before the quality of the implementation, especially if doing it right takes more time. But I'm not in a position to say anyone is being willfully incompetent.
"Since you brought up the word "battle," that naturally puts one in mind of that old saw, "Choose your battles." Weigh the benefits against the effort required."
Yeah, it was with that in mind that I picked the word. I've considered the implications, and I really do think this is currently the low hanging fruit from the security perspective. At least it ought to be. If PeopleSoft cannot make their software work with HTTPS, we certainly want to know about it now. If this only requires a certificate and a few changes to href tags, this is certainly worth doing.
"If you either (1) drop PeopleSoft for another solution, or (b) screw with the vendor's supported configuration, you're making significant work for yourself. Is it worth it? Isn't it possible that your time could be better invested elsewhere?"
We're not going to drop PeopleSoft. There is way too much political momentium at this point. As for my time and effort, when I consider how long PeopleSoft is likely to be in use here, how many people will use it, and how much data is exposed, I believe this is an appropriate use of my time.
"One has to keep a sense of perspective about these things, otherwise one ends up tilting at windmills."
I'd have advised Don to to use a torch instead of a lance. If anyone has advice that would be similarly appropriate for my situation, let me know. I'm open to suggestions. That's why I'm here.
"If they don't do it at least protect yourself. Write a risk assessment stating why you recommend it and the risks associated with not doing it. Then get your manager (preferably a VP) to sign it. If something happens later you are covered and have the paperwork to back it up."
I already submitted a risk assessment, three weeks ago, containing those details, and the strongest arguements I could come up with. That assessment has already become part of the project documentation, so I think I'm covered there, but it looks like we may try to implement https and give up the first time we hit a snag.
This risk hasn't yet been recognized by management as REALLY SERIOUS, and I was hoping for some insight on how to get that message out in a way that management will hear. I figured examples of other companies who suffered serious problems after making a similar mistake would be useful, if I could find anyone willing to admit they had seen something similar.
"We run peoplesoft over https. Not sure why anybody would suggest it doesn't work. As far as I know it was simply a matter of setting up apache correctly (although i have heard rumors that there are certain hardcoded urls buried in the app that won't get correctly rerouted...)."
Great, that's helpful information. I'd love to be able to verify it, and learn more about your setup. Please consider contating me privately with more details, if you can.
"If you want to waste your time implementing security measures that won't help and ignoring those that will, that's your business. But if you do, don't make the mistake of thinking that you're doing a good job."
I'll certainly agree that this isn't the only area where security could be improved (I've already suggested other changes, some of which have been adopted). I'm attempting to address this particular concern at this time because the system is being implemented now, so the cost of change is relatively low. If we cannot even get security correct on new systems as they go into place, it will be much more difficult to talk people into going back and fixing other systems. It will also be more difficult of convince people to do the next project correctly, because security was skipped for this project.
Security is an on-going process of setting standards and following them. The standards are being actively trampled here, so this is the right battle at this moment.
"Nathan Wallwork doesn't think that telling every blackhat cracker that reads slashdot about these insecurities will be career-limiting. I wanted what is boss will think? I think he would have been better off with the regulating agencies."
As I said, the system is being implemented. There will be more data accessable in the future than there is now. The exposure and cost of change are constantly increasing. Better to fix it now than to wait. Besides, security through obscurity wouldn't help, it would only allow people to think they were safe.
"Face it, Open Source and Microsoft are enemies. They may be competitors, alternatives, etc. second, but their basic nature makes them enemies because they have absolutely incompatible goals."
No. Open Source and Microsoft are NOT enemies.
The goal of the Open Source community is something roughly like "Provide high quality software while expanding awareness of the value of open collaboration.", while the goal of Microsoft is something roughly like "Sell lots of software and consulting services while insuring stock prices keep going up."
These don't conflict.
Neither Open Source or Microsoft must fail for the other to be successful. The success of either one may have implications for the other, but this isn't an XOR situtation.
"However the conference that is specifically about Open Source has absolutely no need to have a representative of the worst enemy of it."
Humor and irony also have value. It may (or may not) currently be true that Microsoft is fundamentally opposed to Open Source, but so what? Assuming we can keep Microsoft from manipulating legislative powers to harm Open Source, what can they do that they haven't already been doing all this time? Does Shared Source really scare us so much?
Open Source is great because we can work together for our mutual benefit. If some companies are fooled into accepting the freedoms promised with Shared Source, they will need to realize their mistake before they get to be part of our collaborative effort, but that doesn't reduce our ability to work together.
Aside from perhaps taking up some time that might have been better filled with a different speaker, what harm is Microsoft really capible of doing at this event?
"If I go to a conference about Open Source, I'm looking for useful information about Open Source. No-one representing Microsoft's corporate policy can possibly have anything to say that qualifies - it's impossible by definiton."
No, that's simply wrong.
There is nothing about the definition of Open Source that in any way excludes Microsoft. Any day now Microsoft could release any number of their products using any collection of OSI certified licenses that they happen to like.
We may all think this isn't likely to happen in the near future, but who really knows.
Microsoft may not have anything particularly relevent to add to a conversation that is strictly about Open Source, but they are a fairly large software vendor, and it could be quite useful to hear what they have to say about Open Source.
The key is to get them to talk about Open Source, instead of twisting the conversation back to Closed Source or Shared Source, both of which are quite different.
Here's a suggestion: If someone from Microsoft is speaking at an event where Open Source is a ligitimate topic, avoid taunting them or anything, and wait until they ask for questions. Spend that time listening to what they say so you can ask more meaningful questions.
If they don't allow time for questions, loudly call out something like "Hey, who here has questions they'd like to ask Microsoft? Raise your hand if you have a question for Microsoft." before they leave the podium.
I'm guessing they won't want to leave the podium with half the audience raising their hand to ask a question.
Once they ask for questions, ask meaningful questions and give them space to provide meaningful responses.
If you are arranging an event where Open Source is a legitimate topic, consider asking people from Microsoft to speak at the end of the day, so there can be an extended period of time for questions.
Of course, if you are speaking at such an event, try not to be placed in a slot right after Microsoft, because the room might be full of people with questions for the previous speaker.
"I like the idea, but I don't think this method would work. Law enforcement would have to trust spammers to not munge the headers in order to give investigators the ability to track down and prosecute violators."
It would help, in that the behaviour would now be clearly illegal, and there would now be a risk involved, so spammers would need to choose to either comply with the law or take special efforts to be sure they got all the forging details right and hid their tracks, which would be quite difficult if people wanted to set up traps.
Gleick said:
"2) Unsolicited bulk mail should carry a mandatory tag"
Erpo replied with:
"If part 2 were implemented, all internet users would get (in addition to the forged headers we receive now) would be a bunch of emails without the UCE flag claiming that we signed up to get the email when we clicked "I Agree" at i-dont-remember-visiting-this-site-but-it-could-ha ve-been-a-long-time-ago.com."
The most obvious trait of spam is that it is sent to a great deal of people. This is the detail that we should require be included in the header, so we can filter on it. This is also true of mailing lists, but we'll know which mailing lists we've subscribed to and want to whitelist.
I think the header for part 2 should be "Precedence: bulk", which is already standard. This header should be required when sending out N messages that are substantially similar (to get around just adding a few random characters at the end). N should be set to something like 50. This would allow people to set up simple filters that whitelist the mailing lists they've subscribed to, and discard all other email with the "Precedence: bulk" header.
Someone could be demonstrated to have violated this requirement if N different people complain about a message which is substantially similar. This addresses concerns about a single person claiming that they've received an email which violates the requirement.
Suppose we pass a law that make forging Received or From headers illegal, and makes it illegal to send a message that is substantially similar to 50 or more people, but requires that at least 50 people receiving the message complain to the FCC in order for any prosecution to occur. With such a law in place, it would actually help to have people forward spam to the FCC. They could collect those messages and work to prosecute people who send spam.
People would still be able to forge Received and From headers for testing, as long as they weren't going to annoy so many people that 50 of them sent a complaint to the FCC.
When some ligitimate new mailing list operator forgets to add the "Precedence: bulk" header they can be reminded to configure their listserv correctly, and very few of their subscribers are likely to forward the message to the FCC because it won't be considered spam.
If spammers had to construct substantially different messages for every 49 people they want to reach, they wouldn't be sending nearly as many messages each day.
This is a remarkably simple law that is easy to understand and easy to comply with. It would help provide information that could optionally be used to improve existing filtering, and it provides for a mechanism to assist in prosecution of those who spam without exposing those who admin to liability.
Additionally, this doesn't suffer from some unrealistic precondition like changing the email client everyone uses, or replacing the email infrastructure worldwide.
If you see a downside (other than simply disagreeing about what N should be set to), let me know.
"If I'm a sysadmin of Yahoo! And my service is interupted, I want every means possible to shut down an attacking system. Most the time ISP's ignore pleas about DoS attacks (just ask anyone on IRC!)"
You are arguing two very different situations at once. If you admin Yahoo!, your ISP already recognizes your voice and knows to jump when you tell them to.
Part of playing on the internet is dealing with loosers. One of the risks you take is that other systems will attempt to attack your system. If you can't handle this, go live in a cave without the internet or string cable from your house to your friends' houses.
If you don't think it is fair for your ISP to charge you for traffic that you actively don't want, negotiate with your ISP so you don't pay for that traffic. That would give the ISP a direct incentive to block the traffic at an earlier point, as they should have.
If your ISP ignores you, get their other customers to join you in your complaints, or take your business somewhere else, or work to make it clear that there is a market for service providers able to block attack traffic, and support that market when it arrives.
"The point he is trying to make, in my case, is that companies may, under the current policy, use the said clause to specifically sabotage a GPLed piece of software that is trying to implement a standard."
I understand your concern, and agree with it, but that isn't the battle being fought here.
Here's the abstract for the "Royalty-Free Patent Policy" (note the name change from simply "Patent Policy"):
"Abstract:
The W3C Royalty-Free Patent Policy governs the handling of patents in the process of producing Web standards. The goal of this policy is to assure that Recommendations produced under this policy can be implemented on a royalty-free basis."
The policy manages what it sets out to do. Specifically allowing GPL or allowing the use of a patented technique outside in something other than a web application (both worth striving for) are not within the scope of this document.
There is certainly room to urge the W3C Patent Policy Working Group to draft a policy that says web standards should not be contrained by potentially restrictive patents. Such a draft would effectively obsolete this policy, but in the meantime, this policy is useful for what it does.
Consider this a mark along the way toward a more difficult goal. This represents progress. We can agree it is not enough progress, that there is still another important mark to reach, but it is still worth having.
I'm writing to comment on the W3C Royalty-Free Patent Policy, and the contentious issues surrounding patent restictions as they relate to the GPL.
I understand that a great number of people are probably writing to express that this draft should be rejected because they disagree with software patents in general. I completely agree that software patents are a bad thing, but the very name of the W3C Royalty-Free Patent Policy places it quiet squarely in the realm covering software patent of dealing with the fact that software patents exist.
I'd suggest that arguements focusing on the fact that software patents are bad should be heard as a voice crying out for the need for a W3C Patent-Free Policy, but those voices are not relevant to a discussion as to Royalty-Free status.
I urge the W3C to request public imput regarding patent constraints as they relate to standards. There exists a widely held belief that web standards should not be contrained by potentially restrictive patents.
"HID is the Human ID at a Distance program that DARPA is working on. Their goal is to develop technology to be able to positively ID individuals from a camera at a distance of 150 feet.
"Depending on how you account for the cost of shuttle launches, the number is well over $40 billion in the U.S. alone. It begs the question of what else could have been done with the same money and far superior management."
Wait, $40 billion? That's what we spend each year on the War on Drugs.
You mean we could get all that done every year if we'd just end the War on Drugs and give the money to NASA instead? And we'd stop killing innocent people and reduce the crime rate too?!?
"I'm not a corporation, I'm a human
being, so no, you can't compel ME to do anything directly."
But when you compel a corporation you are compeling all the humans in that corporation, or forcing them to leave, or the corporation to fire them if you place too heavy a burden on the corporation. Corporations aren't entirely seperate types of things. They are effectively composed of humans.
""We The People" can compel corporations to do whatever we want."
I disagree. We cannot force a corporation to give food to the hungry, no matter how many people thing such a law would be a good idea. Corporations are no more a source of food than they are a source of all evil.
"you certainly can compel me to NOT do things, but that's different. You have rights, and I can't tred on them." [...] "Are you a corporation? If so, then I can compel you to:... {/i>"
The things you list are mostly prohibitions on the actions of corporations. They may not discriminate, they may not use monopoly power, they may not knowingly peddle broken products. This fails to show your point. I contend that we typically cannot simply force corporations to do things simply because we want them to. First, that usually wouldn't work because they can jsut shut down and stop doing business if we make things too difficult. Second, forcing someone or some group of people to do something for you is wrong.
The law isn't going to make the distinctions you want. If it is okay to force a large corporation to do something, it will be okay to force a business with three people to do the same thing.
Your ethics are scary, because you would force people to comply with your wishes if you had the guns, if it met with your criteria, which are some sort of flimsy 'serve the greater good' that might change at a moments notice. Collectively, a bunch of people with your ethics is really scary, because things can turn ugly with a single bad choice.
I'd rather live in a country where the rights of all participants are respected, not some place where some categories of people and groups can be forced to do what they don't want.
We don't need to be SWA to be upset by the posibility that SWA might be damaged by an unjust aplication of the law.
"You are probably not even a business proprietor."
If you really think that's somehow a requirement to be upset by something that harms a business, you've really missed the point. The fact that we live in the affected society is more than sufficent cause to be speak out when we see something wrong. It is not just "us versus them", and anyone who thinks people shouldn't stand up for business interests unless they have a business is really ignorant of how politics, property rights, government expansion and countless other things really work.
"You're problably just some spoiled rich snot that's still living in his parent's garage."
Bad guess. Property rights are important to everyone, even if they are too stupid to realize it. In fact, property rights are more important to the poor than they are to the wealthy, but I'm guessing I'd be unable to help you understand that point.
"YOUR rights aren't being violated. The rights of no non-corporation are being violated here."
Again,you appear to assume that individuals shouldn't care as long as they are not personally impacted. If people only stood up to tyrany when it came knocking on their own door, tyrany would always win. It is important that we object when we see injustice, even if it is unjustice against those we don't like.
I'm guessing you'd be fine with injustice as long as you got to pick the target each time. I wouldn't.
"When it becomes unreasonable to expect it. "Bumper car lanes" on interstate highways qualify as unreasonable. Widening the aisles in a grocery store and/or adding a ramp to the curb in front of the entryway do not. Yes, making those changes cost money, but it's not so excessive as to be unreasonable."
Any requirement will be more reasonable if it is made before the design phase begins. If you tried to tell every supermarket to widen their aisles another inch every month, you'd quickly find it was viewed as completely unreasonable.
Asking for strict HTML compliance of existing web pages would not be reasonable, because that was never the expectation.
A lot of people are taking about features designed into HTML, but missing an important point. HTML is sloppy. HTML browsers accept slop. You can close tags out of order and expect things to look 'right' on nearly all browsers. These facts cannot be reconciled with a claim that simply following the HTML format would fix everything.
If we'd wanted to insure that the web be accessable to all from the beginning, we'd have made the formats strict. Changing that now would cause undue burdens on many. If you can't see that, you are blind to logic.
"If I don't even try, and I ignore complaings, then I'm probably breaking the law."
If I tell you to wash my dishes and mop my kitchen floor, you get to ignore me, even if I complain.
You would be well within your rights to completely ignore my demands and my complaints, as they would have no basis or foundation under the law, as you are not my slave, and slavery is not legal anyway.
Re:I'm sorry to say I agree with the court ruling
on
ADA Doesn't Apply to Web
·
· Score: 3, Insightful
"People should be doing this stuff anyway!"
First, I completely agree with you. People should be doing this, it is painfully stupid for them not to take more care with their web site, and it is inexcusable for people to use javascript that requires particular browsers.
However, the question at hand is if a company should be COMPELLED to do a good job with their web design.
Step away from the particulars of web design for a moment and forget about how simple it should be for them to fix this, assuming they have some competant web person on staff.
The generic form of the question is "Can we compel someone to do some small thing they already ought to do just because it also benefits some other person or group?" and if we boil it down another step, it's really "Can we compel someone to do some small thing for another person or group?".
If we say "Yes, it is acceptable to compel one person to do some small thing for the benifit of another person.", doesn't it follow that we can also say "Yes, it is acceptable to compel Marick to do some particular thing for some particular person."?
In case you don't recognize it yet, this is the slippery slope of slavery. Tred carefully.
Slashdot Mirror
That's absurd. Microsoft cannot put just anything they like in the license agreements. They have to keep it nearly reasonable or companies will stop paying for software licenses.
For example, they cannot expect to place a clause in the software license that says something like "Company agrees to pay Microsoft 1% of gross revenue each year." no matter how much they might like to have people agree to such terms. Only companies without revenue would be willing to agree to such terms, which wouldn't do Microsoft much good, so they won't bother to try it.
Microsoft didn't have a monopoly, they just had an overwhelming share of the market, and that's already changing, without the government taking any useful action at all.
Yeah, Microsoft licenses are nasty. Sure, they contain lots of ugly terms. That isn't the same as being able to dictate whatever contract they want.
Buyer beware. If you don't like the details, don't buy it.
"This story simply helps to illustrate the difference between having a monopoly and abusing one."
Alternatives exist. There has never been a moment when there were no alternatives to Microsoft.
You might not have liked those alternatives as much as dealing with Microsoft. You might not currently like the alternatives as much as dealing with Microsoft. You might never like the alternatives as much as dealing with Microsoft. None of that matters to the people who have liked the alternatives, do like the alternatives, and will like the alternatives.
This "monopoly" nonsense is just a mask for the fact that some people can't be bothered to see the world beyond what Microsoft shows them.
Get out, live a little, try something new.
This makes rebuilding the system fairly trivial if the first hard drive fails.
It also means I can recover from mistakes if I notice them the same day.
While that might be relevent for the general web, it doesn't really apply to low volume traffic on an internal network. We're not likely to be constrained by network bandwidth, latency, or CPU when we use PeopleSoft on an internal network, but we have a duty to keep our sensitive data from traveling over that network in plain text because the internal network is not secured.
I don't think that's happening here. I do think there are some people who appear to have severly underestimated the potential impact and/or the likelihood of that impact. I also worry about the possibility that the successful implementation of the project may be placed before the quality of the implementation, especially if doing it right takes more time. But I'm not in a position to say anyone is being willfully incompetent.
Yeah, it was with that in mind that I picked the word. I've considered the implications, and I really do think this is currently the low hanging fruit from the security perspective. At least it ought to be. If PeopleSoft cannot make their software work with HTTPS, we certainly want to know about it now. If this only requires a certificate and a few changes to href tags, this is certainly worth doing.
"If you either (1) drop PeopleSoft for another solution, or (b) screw with the vendor's supported configuration, you're making significant work for yourself. Is it worth it? Isn't it possible that your time could be better invested elsewhere?"
We're not going to drop PeopleSoft. There is way too much political momentium at this point. As for my time and effort, when I consider how long PeopleSoft is likely to be in use here, how many people will use it, and how much data is exposed, I believe this is an appropriate use of my time.
"One has to keep a sense of perspective about these things, otherwise one ends up tilting at windmills."
I'd have advised Don to to use a torch instead of a lance. If anyone has advice that would be similarly appropriate for my situation, let me know. I'm open to suggestions. That's why I'm here.
I already submitted a risk assessment, three weeks ago, containing those details, and the strongest arguements I could come up with. That assessment has already become part of the project documentation, so I think I'm covered there, but it looks like we may try to implement https and give up the first time we hit a snag.
This risk hasn't yet been recognized by management as REALLY SERIOUS, and I was hoping for some insight on how to get that message out in a way that management will hear. I figured examples of other companies who suffered serious problems after making a similar mistake would be useful, if I could find anyone willing to admit they had seen something similar.
Great, that's helpful information. I'd love to be able to verify it, and learn more about your setup. Please consider contating me privately with more details, if you can.
Thanks.
I'll certainly agree that this isn't the only area where security could be improved (I've already suggested other changes, some of which have been adopted). I'm attempting to address this particular concern at this time because the system is being implemented now, so the cost of change is relatively low. If we cannot even get security correct on new systems as they go into place, it will be much more difficult to talk people into going back and fixing other systems. It will also be more difficult of convince people to do the next project correctly, because security was skipped for this project.
Security is an on-going process of setting standards and following them. The standards are being actively trampled here, so this is the right battle at this moment.
As I said, the system is being implemented. There will be more data accessable in the future than there is now. The exposure and cost of change are constantly increasing. Better to fix it now than to wait. Besides, security through obscurity wouldn't help, it would only allow people to think they were safe.
Yeah, I already said those things. How do I get the right people to hear me?
No. Open Source and Microsoft are NOT enemies.
The goal of the Open Source community is something roughly like "Provide high quality software while expanding awareness of the value of open collaboration.", while the goal of Microsoft is something roughly like "Sell lots of software and consulting services while insuring stock prices keep going up."
These don't conflict.
Neither Open Source or Microsoft must fail for the other to be successful. The success of either one may have implications for the other, but this isn't an XOR situtation.
"However the conference that is specifically about Open Source has absolutely no need to have a representative of the worst enemy of it."
Humor and irony also have value. It may (or may not) currently be true that Microsoft is fundamentally opposed to Open Source, but so what? Assuming we can keep Microsoft from manipulating legislative powers to harm Open Source, what can they do that they haven't already been doing all this time? Does Shared Source really scare us so much?
Open Source is great because we can work together for our mutual benefit. If some companies are fooled into accepting the freedoms promised with Shared Source, they will need to realize their mistake before they get to be part of our collaborative effort, but that doesn't reduce our ability to work together.
Aside from perhaps taking up some time that might have been better filled with a different speaker, what harm is Microsoft really capible of doing at this event?
No, that's simply wrong.
There is nothing about the definition of Open Source that in any way excludes Microsoft. Any day now Microsoft could release any number of their products using any collection of OSI certified licenses that they happen to like.
We may all think this isn't likely to happen in the near future, but who really knows.
Microsoft may not have anything particularly relevent to add to a conversation that is strictly about Open Source, but they are a fairly large software vendor, and it could be quite useful to hear what they have to say about Open Source.
The key is to get them to talk about Open Source, instead of twisting the conversation back to Closed Source or Shared Source, both of which are quite different.
Here's a suggestion: If someone from Microsoft is speaking at an event where Open Source is a ligitimate topic, avoid taunting them or anything, and wait until they ask for questions. Spend that time listening to what they say so you can ask more meaningful questions.
If they don't allow time for questions, loudly call out something like "Hey, who here has questions they'd like to ask Microsoft? Raise your hand if you have a question for Microsoft." before they leave the podium.
I'm guessing they won't want to leave the podium with half the audience raising their hand to ask a question.
Once they ask for questions, ask meaningful questions and give them space to provide meaningful responses.
If you are arranging an event where Open Source is a legitimate topic, consider asking people from Microsoft to speak at the end of the day, so there can be an extended period of time for questions.
Of course, if you are speaking at such an event, try not to be placed in a slot right after Microsoft, because the room might be full of people with questions for the previous speaker.
It would help, in that the behaviour would now be clearly illegal, and there would now be a risk involved, so spammers would need to choose to either comply with the law or take special efforts to be sure they got all the forging details right and hid their tracks, which would be quite difficult if people wanted to set up traps.
Oops, Obviously I should have said 'FTC', not 'FCC'.
"2) Unsolicited bulk mail should carry a mandatory tag"
Erpo replied with:a ve-been-a-long-time-ago.com."
"If part 2 were implemented, all internet users would get (in addition to the forged headers we receive now) would be a bunch of emails without the UCE flag claiming that we signed up to get the email when we clicked "I Agree" at i-dont-remember-visiting-this-site-but-it-could-h
The most obvious trait of spam is that it is sent to a great deal of people. This is the detail that we should require be included in the header, so we can filter on it. This is also true of mailing lists, but we'll know which mailing lists we've subscribed to and want to whitelist.
I think the header for part 2 should be "Precedence: bulk", which is already standard. This header should be required when sending out N messages that are substantially similar (to get around just adding a few random characters at the end). N should be set to something like 50. This would allow people to set up simple filters that whitelist the mailing lists they've subscribed to, and discard all other email with the "Precedence: bulk" header.
Someone could be demonstrated to have violated this requirement if N different people complain about a message which is substantially similar. This addresses concerns about a single person claiming that they've received an email which violates the requirement.
Suppose we pass a law that make forging Received or From headers illegal, and makes it illegal to send a message that is substantially similar to 50 or more people, but requires that at least 50 people receiving the message complain to the FCC in order for any prosecution to occur. With such a law in place, it would actually help to have people forward spam to the FCC. They could collect those messages and work to prosecute people who send spam.
People would still be able to forge Received and From headers for testing, as long as they weren't going to annoy so many people that 50 of them sent a complaint to the FCC.
When some ligitimate new mailing list operator forgets to add the "Precedence: bulk" header they can be reminded to configure their listserv correctly, and very few of their subscribers are likely to forward the message to the FCC because it won't be considered spam.
If spammers had to construct substantially different messages for every 49 people they want to reach, they wouldn't be sending nearly as many messages each day.
This is a remarkably simple law that is easy to understand and easy to comply with. It would help provide information that could optionally be used to improve existing filtering, and it provides for a mechanism to assist in prosecution of those who spam without exposing those who admin to liability.
Additionally, this doesn't suffer from some unrealistic precondition like changing the email client everyone uses, or replacing the email infrastructure worldwide.
If you see a downside (other than simply disagreeing about what N should be set to), let me know.
You are arguing two very different situations at once. If you admin Yahoo!, your ISP already recognizes your voice and knows to jump when you tell them to.
Part of playing on the internet is dealing with loosers. One of the risks you take is that other systems will attempt to attack your system. If you can't handle this, go live in a cave without the internet or string cable from your house to your friends' houses.
If you don't think it is fair for your ISP to charge you for traffic that you actively don't want, negotiate with your ISP so you don't pay for that traffic. That would give the ISP a direct incentive to block the traffic at an earlier point, as they should have.
If your ISP ignores you, get their other customers to join you in your complaints, or take your business somewhere else, or work to make it clear that there is a market for service providers able to block attack traffic, and support that market when it arrives.
I understand your concern, and agree with it, but that isn't the battle being fought here.
Here's the abstract for the "Royalty-Free Patent Policy" (note the name change from simply "Patent Policy"):
"Abstract:
The W3C Royalty-Free Patent Policy governs the handling of patents in the process of producing Web standards. The goal of this policy is to assure that Recommendations produced under this policy can be implemented on a royalty-free basis."
The policy manages what it sets out to do. Specifically allowing GPL or allowing the use of a patented technique outside in something other than a web application (both worth striving for) are not within the scope of this document.
There is certainly room to urge the W3C Patent Policy Working Group to draft a policy that says web standards should not be contrained by potentially restrictive patents. Such a draft would effectively obsolete this policy, but in the meantime, this policy is useful for what it does.
Consider this a mark along the way toward a more difficult goal. This represents progress. We can agree it is not enough progress, that there is still another important mark to reach, but it is still worth having.
Here's the comment I'm sending:
- - - - -
I'm writing to comment on the W3C Royalty-Free Patent Policy,
and the contentious issues surrounding patent restictions as
they relate to the GPL.
I understand that a great number of people are probably writing
to express that this draft should be rejected because they
disagree with software patents in general. I completely agree
that software patents are a bad thing, but the very name of the
W3C Royalty-Free Patent Policy places it quiet squarely in the
realm covering software patent of dealing with the fact that
software patents exist.
I'd suggest that arguements focusing on the fact that software
patents are bad should be heard as a voice crying out for the
need for a W3C Patent-Free Policy, but those voices are not
relevant to a discussion as to Royalty-Free status.
I urge the W3C to request public imput regarding patent constraints
as they relate to standards. There exists a widely held belief
that web standards should not be contrained by potentially
restrictive patents.
That said, I favor the ACCEPTANCE of this policy.
You can check it out here"
That's 150 meters, not 150 feet.
Wait, $40 billion? That's what we spend each year on the War on Drugs.
You mean we could get all that done every year if we'd just end the War on Drugs and give the money to NASA instead? And we'd stop killing innocent people and reduce the crime rate too?!?
Well, what are we waiting for?
But when you compel a corporation you are compeling all the humans in that corporation, or forcing them to leave, or the corporation to fire them if you place too heavy a burden on the corporation. Corporations aren't entirely seperate types of things. They are effectively composed of humans.
""We The People" can compel corporations to do whatever we want."
I disagree. We cannot force a corporation to give food to the hungry, no matter how many people thing such a law would be a good idea. Corporations are no more a source of food than they are a source of all evil.
"you certainly can compel me to NOT do things, but that's different. You have rights, and I can't tred on them." [...] "Are you a corporation? If so, then I can compel you to: ... {/i>"
The things you list are mostly prohibitions on the actions of corporations. They may not discriminate, they may not use monopoly power, they may not knowingly peddle broken products. This fails to show your point. I contend that we typically cannot simply force corporations to do things simply because we want them to. First, that usually wouldn't work because they can jsut shut down and stop doing business if we make things too difficult. Second, forcing someone or some group of people to do something for you is wrong.
The law isn't going to make the distinctions you want. If it is okay to force a large corporation to do something, it will be okay to force a business with three people to do the same thing.
Your ethics are scary, because you would force people to comply with your wishes if you had the guns, if it met with your criteria, which are some sort of flimsy 'serve the greater good' that might change at a moments notice. Collectively, a bunch of people with your ethics is really scary, because things can turn ugly with a single bad choice.
I'd rather live in a country where the rights of all participants are respected, not some place where some categories of people and groups can be forced to do what they don't want.
We don't need to be SWA to be upset by the posibility that SWA might be damaged by an unjust aplication of the law.
"You are probably not even a business proprietor."
If you really think that's somehow a requirement to be upset by something that harms a business, you've really missed the point. The fact that we live in the affected society is more than sufficent cause to be speak out when we see something wrong. It is not just "us versus them", and anyone who thinks people shouldn't stand up for business interests unless they have a business is really ignorant of how politics, property rights, government expansion and countless other things really work.
"You're problably just some spoiled rich snot that's still living in his parent's garage."
Bad guess. Property rights are important to everyone, even if they are too stupid to realize it. In fact, property rights are more important to the poor than they are to the wealthy, but I'm guessing I'd be unable to help you understand that point.
"YOUR rights aren't being violated. The rights of no non-corporation are being violated here."
Again,you appear to assume that individuals shouldn't care as long as they are not personally impacted. If people only stood up to tyrany when it came knocking on their own door, tyrany would always win. It is important that we object when we see injustice, even if it is unjustice against those we don't like.
I'm guessing you'd be fine with injustice as long as you got to pick the target each time. I wouldn't.
Any requirement will be more reasonable if it is made before the design phase begins. If you tried to tell every supermarket to widen their aisles another inch every month, you'd quickly find it was viewed as completely unreasonable.
Asking for strict HTML compliance of existing web pages would not be reasonable, because that was never the expectation.
A lot of people are taking about features designed into HTML, but missing an important point. HTML is sloppy. HTML browsers accept slop. You can close tags out of order and expect things to look 'right' on nearly all browsers. These facts cannot be reconciled with a claim that simply following the HTML format would fix everything.
If we'd wanted to insure that the web be accessable to all from the beginning, we'd have made the formats strict. Changing that now would cause undue burdens on many. If you can't see that, you are blind to logic.
If I tell you to wash my dishes and mop my kitchen floor, you get to ignore me, even if I complain.
You would be well within your rights to completely ignore my demands and my complaints, as they would have no basis or foundation under the law, as you are not my slave, and slavery is not legal anyway.
First, I completely agree with you. People should be doing this, it is painfully stupid for them not to take more care with their web site, and it is inexcusable for people to use javascript that requires particular browsers.
However, the question at hand is if a company should be COMPELLED to do a good job with their web design.
Step away from the particulars of web design for a moment and forget about how simple it should be for them to fix this, assuming they have some competant web person on staff.
The generic form of the question is "Can we compel someone to do some small thing they already ought to do just because it also benefits some other person or group?" and if we boil it down another step, it's really "Can we compel someone to do some small thing for another person or group?".
If we say "Yes, it is acceptable to compel one person to do some small thing for the benifit of another person.", doesn't it follow that we can also say "Yes, it is acceptable to compel Marick to do some particular thing for some particular person."?
In case you don't recognize it yet, this is the slippery slope of slavery. Tred carefully.