On "embedded device" systems, I think quality becomes more critical and more obvious to the end user. The calculator on my Nokia phone has a little bug in it... appears to be related to negative numbers... possibly around 32,000, but I haven't sat down and worked it out.
While consumers tolerate their desktops crashing, I don't think they'll tolerate it in their cell phones. Dropped calls are bad enough.
Of course, as folks have mentioned, virii are also a problem.
Perhaps what could actually happen is that this could cause MS to take a harder look at software quality.
So, as I understand it, a working group (WG) member creates a standard and then says, "Oh, hey, great standard guys, but now you're all going to have to pay me for it".
The problem is... if you look at the patents that are applicable in this case... no xml signature standard would EVER not violate them.
I'll go a long way towards talking about W3C patent reform... but this one happens to be a case of needing USPTO reform.
our saying that if I get sued and settle for a million dollars, in which I was basically blackmailed, because I knew that taking it to court could cause my buisness to go under.
While there are cases brought that are totally bogus, most cases have a pretty heavy grain of truth in them [that is often absent in the news accounts of the stories]. Those that don't have any truth to them can be thrown out very early in the case with very little expense... before people even start settling cases.
Reporting lawsuits fully and accurately is no different than trying to report fully and accurately the new features in the latest kernel. The facts and the media report are often going to end up a little ways apart. These *totally worthless* cases don't happen as often as you might think, and when they do, the plaintiff rarely gets million dollar settlements.
I'm curious how many of these settlements happen between lawyers while playing golf and charging the client $300/hr.
most corporate techies I know work in cramped cubicles while most corporate lawyers (the real ones not the aides and assistants) I know have large offices swimming in mahogony and plush leather chairs.
Welcome to the market economy.
Oh, and while you continue blaming lawyers... remember... if juries [your piers] were 100% consistent... trial would be a good option. And if companies didn't pay lawyers... they wouldn't "open source".
Amazon.com's decision to license a patent simply means that they did a little bit of math to determine whether the cost to litigate the patent suit, combined with the odds of winning were greater or less than the cost of licensing the patent. Clearly, they determined that it was simply cheaper to license the patent than to litigate it.
The legal system in the United States is (unfortunately) often used by unscrupulous companies that know that settling their lawsuit will be cheaper than litigation... regardless of the merits of the case.
That said, settling lawsuits (also known as ADR, Alternative Dispute Resolution) is a *good thing*. This gets the decision making out of the hands of judges and juries and into the hands of the parties. It allows folks that are at odds to come together on something where they both have *some shot* of going home happy. At the end of a lawsuit, often everyone loses because of the high cost of litigation.
-jbn
Please note: Part of the cost of litigation is lawyers. They are just doing their job. Part of the cost of technology is hiring techies. Don't fault lawyers for getting paid any more than you fault yourself for getting paid.
Washington, DC-- In a move likely prompted by the SEC's recent creation of fake investment scam sites, the FTC began a campaign today to send out masses of electronic mail (known as "spam") to millions of unsuspecting internet users. Apparently, the messages, with subjects such as "Get Rich Quick", "Work From Home", and "Hi, Joe" have quickly filled user's mailboxes. When a user clicks on the link, they are taken to a web site that, upon further inspection, attempts to educate the user about the fake get rich schemes.
When a user clicks on the "unsubscribe" option, their email address is logged by the FTC. The FTC sends an autoreply indicating that using the "unsubscribe" option on spams is dangerous.
Open source tomato, maybe... but open source CORN? No way. Many, many farmers now use "Roundup ready corn" that is patented by Monsanto. They are not allowed to save any of it for seed... and both they and the grain elevator that cleans it can be sued if they do. So, much of the country's corn is closed source.
Unfortunately, the (C) symbol is used because of specifications in the US Copyright law. (And possibly International?) "Copyleft" authors want the same protections of the copyright laws as copyright authors...
Copyleft authors just choose to openly license their work. If you give up the copyright, you can't keep others from taking your work, stealing it, and making it "closed source".
Actually, I didn't provide any commentary on my question, simply some numbers. Personally, I think that if 40% of my car is gone, it's a little more than a dent.:-)
7 go to the internet looking. (3 go to a commercial source)
Of those 7...
2 find what they need the first time. Their money is *poof* gone. They've made the move. They'll do this again.
2 find what they need, but it doesn't work quite right. They want free so badly, they'll screw with it till it works.
1 finds something close, but it doesn't quite work. This one hires a consultant to tell them how to do it... they'd rather pay a human than buy software.
I don't quite understand your problem here. When you build an ActiveX DLL in VB, you are creating a COM DLL that can be used by anything that supports COM. I've even called ActiveX DLLs created by VB from _PERL_!
ActiveX DLLs created in VB look no different to programs than any other DLL created by any other language that creates COM-compatible DLLs.
In March, just 14 companies controlled 60 percent of users' online time
Hmmm... is VA Linux one of these??? Afterall... we geeks spend _lots_ of time online...:-)
I'm wondering if this is a bit biased, too... who tracks this crap?? I never get asked! I know that 14 companies _don't_ control much of a percentage of my online time!
While I don't really believe there are a bunch of US Govt backdoors in M$ products (there are enough generally known backdoors...), wouldn't it make sense for the US Government to support the use of Microsoft products, including internally, if there were backdoors?
Conspiracy theorists, where are you? I think that the perfect way to get backdoors into everyone's computers would be to allow an operating system (that you have backdoors into) to become prolific!
Ahhhh, my old HP 3000. I admin'd a 3000 for many years, and still get nostalgic thinking about it. My bookshelf today contains a small piece of the MPE docs, and I keep the CD handy even though I've left that job. (Once in a while, someone calls & asks oddball questions...)
I'm shedding real tears over this.
Today, MPE has web services, ethernet support, and all the other modern trappings... except instability.
My MPE system maintained uptime in the YEARS... regularly... the OS never failed. Once in a long while (every couple of years) a 10 year old drive would fail & we'd have to deal with it. Because we never bothered to upgrade from the HPIB drives to SCSI, hot swap wasn't an option. But... I will note... it is said that you could upgrade the kernel on these w/o ever rebooting.
If vendors made systems as stable as this today, the world would not know what to do with itself.
-jbn
(Anyone in DC interested in doing a wake / memorial service?)
WINE can't properly run most of the popular Windows applications
I beg to differ. Perhaps your experience with Wine is a few versions old, or maybe you were trying to run something fancy.
For the last several months, I have run, without difficulty, Quicken and Pegasus Mail. I also have successfully installed (but don't run regularly) Quickbooks. Reports of installations of MS Office are regular.
Programs like Office, Quicken, et. al. are the programs that really keep users tied to Windows. I know, I know... Star Office, GnuCash, whatever. These alternatives miss the point for the masses. The masses of users want to be utilizing the same program as the "guy down the hall". They want to be using the same thing they used last week... and want it to have all the same functions and work the same way. Moving a function from one drop down to another is a big deal for a lot of users.
I firmly believe that Wine has come a long, long way in the last few months, and that it holds one of the big keys to getting "the masses" on linux, if that's ever to happen. (The other, incidentally, is ease of installation, to the point where it's easier than a Windoze install.)
Still, the identifying-business seems like something government is reasonably good at doing
Yes, and no. Passports? Drivers licenses? Forged.
Private industry takes liability for their Identification and Authentication process. Government just shrugs and says, "Oops, we messed up." While private industry issuing certs and not taking liability is no better than government (and, as you indicated, probably worse because of cost), private industry with liability is a good thing.
OTOH, if someone is willing to stand behind their code (code sign it), and we know who they are (code signing cert issued by trusted CA), then, if their code does malicious things, the likelyhood of being able to hunt them down and clobber them with a baseball bat is increased.
Thawte, and others, pay a tremendous amount of money to M$ to get their root-certs installed with the OS
This is no longer the case. Microsoft has changed their policy on this for the time being. CAs pay nothing...
On the other hand, CAs must pass a WebTrust CA audit in order to get on the list. WebTrust audits are extremely expensive. Of course, they serve a useful purpose. They serve to give the end user some sense of confidence that the CA does due dilligence in determining that "you are who you say you are" before issuing a certificate. There is a very small group of companies that have passed WebTrust Audits... (according to WebTrust press releases, Verisign, Entrust, Digital Signature Trust).
Setting up a non-profit to issue certs sounds like a nice idea, but isn't a realistic option when one must spend lots of money to audit ones practices to assure the public. The commercial CAs are even having troubles making money...
Determining that "I am who I claim to be" really is a difficult task.
A few months ago, I studied the feasability of putting together a colocation cooperative in the northern virginia / washington dc area. Unfortunately, the amount of money that most folks are willing to pay ($100 / box, or there abouts) just isn't enough to pay for space in a rack anywhere with descent bandwidth. Companies are able to offer it if they own the whole facility... but even then colo doesn't have a lot of margin or markup.
I've thought quite a bit recently about putting together some cooperative stuff for all kinds of computer parts and services... but I'm afraid that no one will buy. Do we _really_ like local providers? If so, why do we all go to pricewatch first, and not the local computer store? It's these small local providers that are most apt to meet these low-end colo needs, etc... not the big guys.
Don't automanufacturers have to recall their product when it fails? I know there are safety recalls there which (may not) apply here... but aren't there also recalls when a given part is failing across the board on things? Also... don't some states have lemon laws? Do these just apply to autos? Should they maybe apply to computers?
Which is why Microsoft won't sue to stop this. This is competition for them. Direct competition... something that runs the same software (in theory) and works a different way. It lets Linux compete in the mainstream (it already does in some folk's minds). The biggest threat we have here is that it will convince the courts and the Justice Dept. that there is real competition for Windows. (Of course, that's only if it succeeds. In which case, Linux will have won the war.)
I propose that it is conceivable to build a login system where no one server receives an entire piece of a login.
A system with the same end result exists. It's known as dual-authentication SSL or client-authentication SSL or simply "cert based access control". In this type of an environment, the way it would work would be this:
a user, when creating their account, instead of a password [or in addition to a password] would say, "Here's my digital certificate."
The site would cache the user's public key.
Then, when the user attempted to access the site, an SSL connection would be created that would authenticate not only that the user was really talking to SourceForge (or whatever site) (which is what we all tend to think of SSL as doing) but also would authenticate that the user is in possession of the private key associated with the certificate.
Since a private key cannot be derived from the public key [within a reasonable period of time, given an adequate key length], the public key would be worthless to anyone compromising the server. [As well, by doing this, you put the burden of security on the client. If a SourceForge patron does not adequately secure his/her private key, (or chooses not to participate... it could be an optional feature) then he/she takes the risk of having his/her password compromised, in the case of a server compromise.]
Slashdot Mirror
While consumers tolerate their desktops crashing, I don't think they'll tolerate it in their cell phones. Dropped calls are bad enough.
Of course, as folks have mentioned, virii are also a problem.
Perhaps what could actually happen is that this could cause MS to take a harder look at software quality.
-jbn
The problem is... if you look at the patents that are applicable in this case... no xml signature standard would EVER not violate them.
I'll go a long way towards talking about W3C patent reform... but this one happens to be a case of needing USPTO reform.
-jbn
While there are cases brought that are totally bogus, most cases have a pretty heavy grain of truth in them [that is often absent in the news accounts of the stories]. Those that don't have any truth to them can be thrown out very early in the case with very little expense... before people even start settling cases.
Reporting lawsuits fully and accurately is no different than trying to report fully and accurately the new features in the latest kernel. The facts and the media report are often going to end up a little ways apart. These *totally worthless* cases don't happen as often as you might think, and when they do, the plaintiff rarely gets million dollar settlements.
-jbn
I say rarely, because I rarely say never.
I'm curious how many of these settlements happen between lawyers while playing golf and charging the client $300/hr.
most corporate techies I know work in cramped cubicles while most corporate lawyers (the real ones not the aides and assistants) I know have large offices swimming in mahogony and plush leather chairs.
Welcome to the market economy.
Oh, and while you continue blaming lawyers... remember... if juries [your piers] were 100% consistent... trial would be a good option. And if companies didn't pay lawyers... they wouldn't "open source".
-jbn
The legal system in the United States is (unfortunately) often used by unscrupulous companies that know that settling their lawsuit will be cheaper than litigation... regardless of the merits of the case.
That said, settling lawsuits (also known as ADR, Alternative Dispute Resolution) is a *good thing*. This gets the decision making out of the hands of judges and juries and into the hands of the parties. It allows folks that are at odds to come together on something where they both have *some shot* of going home happy. At the end of a lawsuit, often everyone loses because of the high cost of litigation.
-jbn
Please note: Part of the cost of litigation is lawyers. They are just doing their job. Part of the cost of technology is hiring techies. Don't fault lawyers for getting paid any more than you fault yourself for getting paid.
-jbn
When a user clicks on the "unsubscribe" option, their email address is logged by the FTC. The FTC sends an autoreply indicating that using the "unsubscribe" option on spams is dangerous.
-jbn
-jbn
Copyleft authors just choose to openly license their work. If you give up the copyright, you can't keep others from taking your work, stealing it, and making it "closed source".
-jbn
Actually, I didn't provide any commentary on my question, simply some numbers. Personally, I think that if 40% of my car is gone, it's a little more than a dent. :-)
-jbn
What about a public CVS?
I don't quite understand your problem here. When you build an ActiveX DLL in VB, you are creating a COM DLL that can be used by anything that supports COM. I've even called ActiveX DLLs created by VB from _PERL_!
ActiveX DLLs created in VB look no different to programs than any other DLL created by any other language that creates COM-compatible DLLs.
What _doesn't_ work?
-jbn
Hmmm... is VA Linux one of these??? Afterall... we geeks spend _lots_ of time online... :-)
I'm wondering if this is a bit biased, too... who tracks this crap?? I never get asked! I know that 14 companies _don't_ control much of a percentage of my online time!
-jbn
Conspiracy theorists, where are you? I think that the perfect way to get backdoors into everyone's computers would be to allow an operating system (that you have backdoors into) to become prolific!
I'm shedding real tears over this.
Today, MPE has web services, ethernet support, and all the other modern trappings... except instability.
My MPE system maintained uptime in the YEARS... regularly... the OS never failed. Once in a long while (every couple of years) a 10 year old drive would fail & we'd have to deal with it. Because we never bothered to upgrade from the HPIB drives to SCSI, hot swap wasn't an option. But... I will note... it is said that you could upgrade the kernel on these w/o ever rebooting.
If vendors made systems as stable as this today, the world would not know what to do with itself.
-jbn
(Anyone in DC interested in doing a wake / memorial service?)
I beg to differ. Perhaps your experience with Wine is a few versions old, or maybe you were trying to run something fancy.
For the last several months, I have run, without difficulty, Quicken and Pegasus Mail. I also have successfully installed (but don't run regularly) Quickbooks. Reports of installations of MS Office are regular.
Programs like Office, Quicken, et. al. are the programs that really keep users tied to Windows. I know, I know... Star Office, GnuCash, whatever. These alternatives miss the point for the masses. The masses of users want to be utilizing the same program as the "guy down the hall". They want to be using the same thing they used last week... and want it to have all the same functions and work the same way. Moving a function from one drop down to another is a big deal for a lot of users.
I firmly believe that Wine has come a long, long way in the last few months, and that it holds one of the big keys to getting "the masses" on linux, if that's ever to happen. (The other, incidentally, is ease of installation, to the point where it's easier than a Windoze install.)
Yes, and no. Passports? Drivers licenses? Forged.
Private industry takes liability for their Identification and Authentication process. Government just shrugs and says, "Oops, we messed up." While private industry issuing certs and not taking liability is no better than government (and, as you indicated, probably worse because of cost), private industry with liability is a good thing.
Unsigned code gives you none of this.
This is no longer the case. Microsoft has changed their policy on this for the time being. CAs pay nothing...
On the other hand, CAs must pass a WebTrust CA audit in order to get on the list. WebTrust audits are extremely expensive. Of course, they serve a useful purpose. They serve to give the end user some sense of confidence that the CA does due dilligence in determining that "you are who you say you are" before issuing a certificate. There is a very small group of companies that have passed WebTrust Audits... (according to WebTrust press releases, Verisign, Entrust, Digital Signature Trust).
Setting up a non-profit to issue certs sounds like a nice idea, but isn't a realistic option when one must spend lots of money to audit ones practices to assure the public. The commercial CAs are even having troubles making money...
Determining that "I am who I claim to be" really is a difficult task.
A few months ago, I studied the feasability of putting together a colocation cooperative in the northern virginia / washington dc area. Unfortunately, the amount of money that most folks are willing to pay ($100 / box, or there abouts) just isn't enough to pay for space in a rack anywhere with descent bandwidth. Companies are able to offer it if they own the whole facility... but even then colo doesn't have a lot of margin or markup.
I've thought quite a bit recently about putting together some cooperative stuff for all kinds of computer parts and services... but I'm afraid that no one will buy. Do we _really_ like local providers? If so, why do we all go to pricewatch first, and not the local computer store? It's these small local providers that are most apt to meet these low-end colo needs, etc... not the big guys.
-jbn
Don't automanufacturers have to recall their product when it fails? I know there are safety recalls there which (may not) apply here... but aren't there also recalls when a given part is failing across the board on things? Also... don't some states have lemon laws? Do these just apply to autos? Should they maybe apply to computers?
-jbn
Which is why Microsoft won't sue to stop this. This is competition for them. Direct competition... something that runs the same software (in theory) and works a different way. It lets Linux compete in the mainstream (it already does in some folk's minds). The biggest threat we have here is that it will convince the courts and the Justice Dept. that there is real competition for Windows. (Of course, that's only if it succeeds. In which case, Linux will have won the war.)
-jbn
Here is the MSNBC post.
-jbn
Since a private key cannot be derived from the public key [within a reasonable period of time, given an adequate key length], the public key would be worthless to anyone compromising the server. [As well, by doing this, you put the burden of security on the client. If a SourceForge patron does not adequately secure his/her private key, (or chooses not to participate... it could be an optional feature) then he/she takes the risk of having his/her password compromised, in the case of a server compromise.]
-jbn