2. Profit is never comaptible with ethics. (It can be close, but that usually doesn't last too long. Take any old enough business and you'll see what I mean.)
Take any old-time financial institution, where the essence of the business is money. Watch what happens to them when their ethics come out in the open as not that good.
1. A Business' sole goal is to maximize profit for its shareholders, and nothing else. Bank presidents should play long shots at the horse races if they are feeling lucky? Further, maximize according to what view of the future? Surely there is more than one possible future to maximize against.
It is actually is a really incompetent idea and really does show the complete lack of intelligence in corporate management now days. PHBs who are supposed to be extremely risk-averse doing stuff that is extremely hazardous in the long term for what can at best be minor short-term gains. You could call it morals or ethics, but seems like most of it is just anti-stupidity.
Any business who is considering using them will also likely choose an alternate because they are basically publically declaring that they can not be trusted with... What really happens is not so much as the individuals get punished as that the entire industry gets a bad reputation and becomes something to be avoided whenever feasible.
{OT} If Google succeeds in maintaining their reputation for integrity, Google is really in the integrity business much more than in the search business. When the stuff gets a lot more complicated and a bunch of "private" stuff gets involved, the relevant factors are really much more Google's attitude toward such. It's really a question of what management thinks would be good or bad ideas rather than what the lawyers put into privacy statements.
if your plane is 'landing' nose first i think you have a problem
I think if your plane's nose hits the ground first you have a very serious problem. Every airline I've been on has landed the passengers who are supported by the heavy tires and such before it lands the nose with those 2 little skinny tires that is under the pilots.
A high price generally makes for a better place in line. What good that better place does, depends. And it is possible to travel faster on standby than on confirmed reservations. Possible, not that likely except during extreme delays and cancellations.
I'm sorry, if an Admin is playing CDs on his Windows 2003 Server, he deserves to have his system hacked.
Arguably doing ANYTHING on his Windows 2003 Server, he deserves to have his system hacked, BUT.
Somewhere around OperatingSystems 101 you learn that the primary objective of an operating system is to keep various users and activities from messing with each other, including messing with the operating system itself. This is BEFORE you even mention that there is such a term as security.
That is something that should be impossible on a system that has no interest in ever being secure. That's not a security failure. That's a failure at a much more fundamental level, and keeping everything currently patched up will do nothing to make the system secure.
Bugs are discovered when there is an unwanted interaction between the program as written and the context in which the program is running. If the developer with the knowledge of C and the setup for regression testing, etc. does NOT have access to the context in which the program fails, Maintenance coding is impossible.
The first thing to do with a bug is to be able to reproduce it.
With enough good eyes, people see more bugs. If the bugs are never seen, they will never be fixed. If the bugs are seen only by people who cannot convince the maintainers and deveoloper, they will never be fixed. Open Source has a distinct advantage of requiring much less skilled resources to uncover the bugs. Further, it allows effective near-solutions when the reality is a scissors/paper/stone thingee.
to explain the industrial revolution, you first have to explain why capitalism took off, which was the catalyst to pursue industrialization.
Rough stab by someone who does NOT really know what he's talking about. Economic balance between urban poor working textile mills in city versus rural poor working textile on spinning wheels etc in countryside. The plight of urban poor gets publicized, of rural poor gets ignored.
This is the opposite end of the spectrum from what the rich get to play with.
The way we are taught in history class makes Western europe seem like the successors of Grecco-Roman culture That's how we want to see ourselves. I suspect that we're more the cultural descendents of the Huns, the Vandals, The Norse, etc.
that the other empires and civilizations of the time didn't need one since they were already doing quite well so they became complacent
A couple of factor I haven't seen mentioned in this thread.
Infrastructure. Something like an Industrial Revolution requires a lot of infrasture that you must be able to take for granted. Probably not coincidence that Newton and Liebnitz invented Calculus contemporaneously. If you have prime movers and assorted uses for same, other stuff will follow. Other stuff is expected to follow.
Climate. "Summertime, and the livin' is easy." North, where surviving winter is actually an accomplishment. Long winter nights to think about what you should have done last summer and maybe should do next summer. The basic idea that planning for an uncertain future is a good idea.
For your mind bender, There are precisely as many fractions as there are primes, since either can be put into 1-1 correspondence with the integers. Between any two different reals, there are infinitely many fractions, however there are strictly more real numbers than there are fractions.
0^0 could be defined as 1 since x^0 = 1 for non-zero x. 0^0 could be defined as 0 since 0^x = 0 for non-zero x. Like the question of whether negative numbers exist or how many lines can be drawn parallel to a given line through a point not on that line. Depending on your choice of definitions, you get rid of some porblems at the expense of causing others.
Seriously though, "catalyzing a chemical reaction" is a terrible definition of 'life'.
With a catalyst you want to go from A to B as quickly and efficiently as possible. With life you want to go from A to B through as many diverse steps as possible.
Excel is superior to Lotus as a word processor or a publishing format, not as a spreadsheet. I suspect that the main problem with 1-2-3 was that the WYSIWYG was maybe aimed in the right direction but didn't do enough right to make the cut.
Assuming the right competence in Google, they can do a nasty to Microsoft, by developing/inventing something of major significance which is compatible with Unix semantics and incompatible with Windows semantics, essentially anything that is a trouble-maker for cygwin. Anything in the core algorithm should be sufficient.
SOP, Unix (assuming requisite brave and daring) 1) Download (patches to) new source. 2) Configure and make the new program. 3) Install the new program. 4) Shut down the old program and start the new program. With a little bit of skuldugery, that can be done with no gap showing.
The above is fundamentally impossible under Windows.
As a vast oversimplification, the PC revolution (DOS, text mode) was essentially something that could run Visicalc, later Lotus 1-2-3. What this does is allow stuff on a computer that would have required programming to be done without doing the programming. (Take a simple spreadsheet and program it in C, Basic, whatever). There was a second revolution, essentially from the old, competent, skilled, text-mode software (where the user expected to need specialized training) to software that the user expected to be able to put out something presentable with a minimal need for any specialized training. Microsoft got lucky with both of the above, although the second stage has put Microsoft into the position that the best they can come up with after a few years of security being a priority is that the market value of compromised computer is about 5 cents each. Direct result of appearance over substance.
Google is somehow or other in the information business. Google gets (a lot of?) money from advertising and advertisers, however I have seen nothing that indicates that Google considers advertising to be their primary business. Assuming that Google keeps their integrity and their reputation for integrity, I suspect that the real money comes from stuff where there are no ads. Google Earth, Google Desktop, etc. Sooner or later something catches, and it's not implausible that Google returns the favor to Linux and makes the "real deal" essentially runnable only on Linux or such.
Parent illustrates WHY OSS is so valuable. That level of support is available with a lot of money and a lot of clout. I doubt that either alone is sufficient. The skill required is not that great. It is entirely reasonable to fix one bug you care about and cause 10 bugs you do not know or care about. The patches go back to RedHat who has the non-trivial task of figuring out if they are worthwhile in general. (If accepted, it's much easier the next time;)
Actually methinks deciding not to take action is precisely the right course. You don't drop support, but nobody is much interested in picking it up either. Better things to do, like watch the grass grow or something.
You always hear about no matter how many times or what technique you use to wipe out a hard-drive, there is always a way to read everything that has ever been written to it since the birth of the drive. Which is why they say the only reliable way to destroy the data on the drive is to physically destroy the drive itself.
What they NEVER mention is at what cost. A junk drive with data intact is somewhere in the $5 range. I don't think you will find data recovery for damaged or overwritten drives at anything like $500 or less. I think a few people would be happy to hear of any such at $50,000 or so. A single shot of dd if=/dev/zero of=/dev/hda, or ANY such, with put it out of the $5 category to easily read everything.
Now if the contents are actually sensitive, there is no point to spending lots of money to make a useable $5 drive, so physical desctuction is in order. Actually, just opening the case an letting a bit of dust settle on the drives is probably enough to make it unproductive trying to get stuff off of them.
The column binary is something like using rows 0 thru 7 (but I suspect they spread it out and do not use some of the inner rows). The entire card is read or punched in column binary mode, no mixing of column types within a single card. There might be some way to use a pair of bytes to read or write all the possibilities of 12 bits, but that's not something I would want to have anything to do with given any alternative. (If so, likely to be some kind of special card reader/punch)
just as any salesman who recognized a regular customer
If that salesman is a single individual, different from all other salesman.
If that salesman is a member of the Borg, and they all know what he knows and he knows what they all know.
most users would probably enjoy the massive improvments in customer expierience
Actually no. Too much of the same old same old, no matter where you go, no matter who you talk to. Impossible to make a fresh start or to try something different just to see if you like it.
Counting exploits is too much like traffic cops with quotas, and no incentive to go over the quota.
With that, the nature of open source is find and fix and become a hero. Closed source would really rather that exploits not be published.
To measure the relative security, imagine how hard it was to find the exploit. If they're finding low-hanging fruit, there has to be plenty left. If it takes heroic effort, then there are not so many left.
OpenBSD publishes a security patch. Do you apply it? Likely not, since it takes some wierd combination that just doesn't apply in your situation.
The biggest problem with security is that you can't guard against things you don't know about.
Sounds reasonable, BUT. The entire purpose of security is to guard against things you don't know about. Otherwise it's too much like Monday morning quarterbacking.
Finding holes is not particularly difficult. Just use it in unexpected ways and look for unexpected results. Closed source is pretty useless as a defence. The attacks are based on what the program actually does. The source shows what the programmer thinks the program does. Any difference and there is potential for bad things to happen, and security holes are far from the worst things that can happen.
Slashdot Mirror
2. Profit is never comaptible with ethics. (It can be close, but that usually doesn't last too long. Take any old enough business and you'll see what I mean.)
Take any old-time financial institution, where the essence of the business is money. Watch what happens to them when their ethics come out in the open as not that good.
1. A Business' sole goal is to maximize profit for its shareholders, and nothing else.
Bank presidents should play long shots at the horse races if they are feeling lucky?
Further, maximize according to what view of the future?
Surely there is more than one possible future to maximize against.
It is actually is a really incompetent idea and really does show the complete lack of intelligence in corporate management now days.
...
PHBs who are supposed to be extremely risk-averse doing stuff that is extremely hazardous in the long term for what can at best be minor short-term gains. You could call it morals or ethics, but seems like most of it is just anti-stupidity.
Any business who is considering using them will also likely choose an alternate because they are basically publically declaring that they can not be trusted with
What really happens is not so much as the individuals get punished as that the entire industry gets a bad reputation and becomes something to be avoided whenever feasible.
{OT} If Google succeeds in maintaining their reputation for integrity, Google is really in the integrity business much more than in the search business. When the stuff gets a lot more complicated and a bunch of "private" stuff gets involved, the relevant factors are really much more Google's attitude toward such. It's really a question of what management thinks would be good or bad ideas rather than what the lawyers put into privacy statements.
Could be as simple as a VCR wired backwards.
Cable is essentially the same as one big party line.
if your plane is 'landing' nose first i think you have a problem
I think if your plane's nose hits the ground first you have a very serious problem.
Every airline I've been on has landed the passengers who are supported by the heavy tires and such before it lands the nose with those 2 little skinny tires that is under the pilots.
Try comparing a first class ticket to standby.
A high price generally makes for a better place in line.
What good that better place does, depends.
And it is possible to travel faster on standby than on confirmed reservations. Possible, not that likely except during extreme delays and cancellations.
I'm sorry, if an Admin is playing CDs on his Windows 2003 Server, he deserves to have his system hacked.
Arguably doing ANYTHING on his Windows 2003 Server, he deserves to have his system hacked, BUT.
Somewhere around OperatingSystems 101 you learn that the primary objective of an operating system is to keep various users and activities from messing with each other, including messing with the operating system itself. This is BEFORE you even mention that there is such a term as security.
That is something that should be impossible on a system that has no interest in ever being secure. That's not a security failure. That's a failure at a much more fundamental level, and keeping everything currently patched up will do nothing to make the system secure.
Maintenance coding is NOT simple.
Bugs are discovered when there is an unwanted interaction between the program as written and the context in which the program is running.
If the developer with the knowledge of C and the setup for regression testing, etc. does NOT have access to the context in which the program fails, Maintenance coding is impossible.
The first thing to do with a bug is to be able to reproduce it.
With enough good eyes, people see more bugs.
If the bugs are never seen, they will never be fixed.
If the bugs are seen only by people who cannot convince the maintainers and deveoloper, they will never be fixed.
Open Source has a distinct advantage of requiring much less skilled resources to uncover the bugs. Further, it allows effective near-solutions when the reality is a scissors/paper/stone thingee.
MySQL tries too hard to do *something* and fails only after having tried things that it should not try.
It would be very interesting to see a language where the only things expressible were things that were representable without information loss.
to explain the industrial revolution, you first have to explain why capitalism took off, which was the catalyst to pursue industrialization.
Rough stab by someone who does NOT really know what he's talking about.
Economic balance between urban poor working textile mills in city versus rural poor working textile on spinning wheels etc in countryside.
The plight of urban poor gets publicized, of rural poor gets ignored.
This is the opposite end of the spectrum from what the rich get to play with.
The way we are taught in history class makes Western europe seem like the successors of Grecco-Roman culture
That's how we want to see ourselves. I suspect that we're more the cultural descendents of the Huns, the Vandals, The Norse, etc.
that the other empires and civilizations of the time didn't need one since they were already doing quite well so they became complacent
A couple of factor I haven't seen mentioned in this thread.
Infrastructure. Something like an Industrial Revolution requires a lot of infrasture that you must be able to take for granted. Probably not coincidence that Newton and Liebnitz invented Calculus contemporaneously. If you have prime movers and assorted uses for same, other stuff will follow. Other stuff is expected to follow.
Climate. "Summertime, and the livin' is easy." North, where surviving winter is actually an accomplishment. Long winter nights to think about what you should have done last summer and maybe should do next summer. The basic idea that planning for an uncertain future is a good idea.
For your mind bender,
There are precisely as many fractions as there are primes, since either can be put into 1-1 correspondence with the integers.
Between any two different reals, there are infinitely many fractions, however there are strictly more real numbers than there are fractions.
0^0 could be defined as 1 since x^0 = 1 for non-zero x.
0^0 could be defined as 0 since 0^x = 0 for non-zero x.
Like the question of whether negative numbers exist or how many lines can be drawn parallel to a given line through a point not on that line.
Depending on your choice of definitions, you get rid of some porblems at the expense of causing others.
What's wrong with it ?
Plenty.
Five cents being about the going price for compromised machines.
I doubt that mere incompetence would be enough to drive the price that low.
As to the exact makeup of that "plenty", that is Microsoft's problem, not mine. What's hilarious is Microsoft claiming to be more secure than Linux.
Seriously though, "catalyzing a chemical reaction" is a terrible definition of 'life'.
With a catalyst you want to go from A to B as quickly and efficiently as possible.
With life you want to go from A to B through as many diverse steps as possible.
Excel is superior to Lotus as a word processor or a publishing format, not as a spreadsheet.
I suspect that the main problem with 1-2-3 was that the WYSIWYG was maybe aimed in the right direction but didn't do enough right to make the cut.
Assuming the right competence in Google, they can do a nasty to Microsoft, by developing/inventing something of major significance which is compatible with Unix semantics and incompatible with Windows semantics, essentially anything that is a trouble-maker for cygwin. Anything in the core algorithm should be sufficient.
SOP, Unix (assuming requisite brave and daring)
1) Download (patches to) new source.
2) Configure and make the new program.
3) Install the new program.
4) Shut down the old program and start the new program.
With a little bit of skuldugery, that can be done with no gap showing.
The above is fundamentally impossible under Windows.
As a vast oversimplification, the PC revolution (DOS, text mode) was essentially something that could run Visicalc, later Lotus 1-2-3. What this does is allow stuff on a computer that would have required programming to be done without doing the programming. (Take a simple spreadsheet and program it in C, Basic, whatever).
There was a second revolution, essentially from the old, competent, skilled, text-mode software (where the user expected to need specialized training) to software that the user expected to be able to put out something presentable with a minimal need for any specialized training.
Microsoft got lucky with both of the above, although the second stage has put Microsoft into the position that the best they can come up with after a few years of security being a priority is that the market value of compromised computer is about 5 cents each. Direct result of appearance over substance.
Google is somehow or other in the information business.
Google gets (a lot of?) money from advertising and advertisers, however I have seen nothing that indicates that Google considers advertising to be their primary business. Assuming that Google keeps their integrity and their reputation for integrity, I suspect that the real money comes from stuff where there are no ads. Google Earth, Google Desktop, etc. Sooner or later something catches, and it's not implausible that Google returns the favor to Linux and makes the "real deal" essentially runnable only on Linux or such.
but it's stupid crap like not being able to log into a cached non-local account that keeps Unix and friends off the enterprise desktops
So much nicer to unplug from network and login to cached copy and then replug into network. Especially if the account has been terminated.
Most likely you are not the only one on your work ip.
Parent illustrates WHY OSS is so valuable.
That level of support is available with a lot of money and a lot of clout. I doubt that either alone is sufficient.
The skill required is not that great. It is entirely reasonable to fix one bug you care about and cause 10 bugs you do not know or care about. The patches go back to RedHat who has the non-trivial task of figuring out if they are worthwhile in general. (If accepted, it's much easier the next time;)
Actually methinks deciding not to take action is precisely the right course.
You don't drop support, but nobody is much interested in picking it up either. Better things to do, like watch the grass grow or something.
You always hear about no matter how many times or what technique you use to wipe out a hard-drive, there is always a way to read everything that has ever been written to it since the birth of the drive. Which is why they say the only reliable way to destroy the data on the drive is to physically destroy the drive itself.
What they NEVER mention is at what cost.
A junk drive with data intact is somewhere in the $5 range.
I don't think you will find data recovery for damaged or overwritten drives at anything like $500 or less. I think a few people would be happy to hear of any such at $50,000 or so.
A single shot of dd if=/dev/zero of=/dev/hda, or ANY such, with put it out of the $5 category to easily read everything.
Now if the contents are actually sensitive, there is no point to spending lots of money to make a useable $5 drive, so physical desctuction is in order.
Actually, just opening the case an letting a bit of dust settle on the drives is probably enough to make it unproductive trying to get stuff off of them.
WHY is important. In fact it is by far the most important.
BUT, if you cannot get the names, dates, and places right, there is no chance that the WHY is anything but creative propaganda.
but I also hope that a portion of each band is reserved only for those who do pass a code test
Best idea I've seen in a long time, and I'm neither a ham nor do I read morse.
5 WPM is something like 3 bits per second. Very slow compared to what we are accustomed to, but it is an enormous gain over no connectivity whatever.
The column binary is something like using rows 0 thru 7 (but I suspect they spread it out and do not use some of the inner rows).
The entire card is read or punched in column binary mode, no mixing of column types within a single card. There might be some way to use a pair of bytes to read or write all the possibilities of 12 bits, but that's not something I would want to have anything to do with given any alternative. (If so, likely to be some kind of special card reader/punch)
just as any salesman who recognized a regular customer
If that salesman is a single individual, different from all other salesman.
If that salesman is a member of the Borg, and they all know what he knows and he knows what they all know.
most users would probably enjoy the massive improvments in customer expierience
Actually no. Too much of the same old same old, no matter where you go, no matter who you talk to. Impossible to make a fresh start or to try something different just to see if you like it.
Counting exploits is too much like traffic cops with quotas, and no incentive to go over the quota.
With that, the nature of open source is find and fix and become a hero.
Closed source would really rather that exploits not be published.
To measure the relative security, imagine how hard it was to find the exploit. If they're finding low-hanging fruit, there has to be plenty left. If it takes heroic effort, then there are not so many left.
OpenBSD publishes a security patch. Do you apply it? Likely not, since it takes some wierd combination that just doesn't apply in your situation.
The biggest problem with security is that you can't guard against things you don't know about.
Sounds reasonable, BUT.
The entire purpose of security is to guard against things you don't know about. Otherwise it's too much like Monday morning quarterbacking.
Finding holes is not particularly difficult. Just use it in unexpected ways and look for unexpected results. Closed source is pretty useless as a defence. The attacks are based on what the program actually does. The source shows what the programmer thinks the program does. Any difference and there is potential for bad things to happen, and security holes are far from the worst things that can happen.