For those who complain that ISPs end up footing the bill because the spammers don't pay, well, I guess they'll need to be more careful about vetting their customers next time.
You do realize that includes you, doesn't it? Your activism costs your ISP money which they pass on to their customers. Given the competative market, chances are they can't raise rates very much, so instead they cut the quality or support or add bandwidth limits to the customers (another thing/. loves to complain about).
Plugging other machines that are non-Windows is not likely to create near as many problems.
Plugging in anything without a compentent admin can create problems. The hordes of owned Linux machines banging away on ssh is proof of that. The theory is that the company hires competent people to keep the work machines secure and bans all other machines because they have no way to guarantee that the desktop jockey who wants to run his/her own machine can and will do so. It also helps with software licensing issues and means that JeFF!!1! over in accounting doesn't get overly enthusiastic with security, put company documents on an encrypted OpenBSD system, and then get hit by a bus the next day, taking the password with him.
It's the untrusted employee that is trying to subvert your networks that you have to worry about more than anything.
And company policy will not stop that anyway.
It can make it a whole lot easier to get rid of them if they try something, particularly in government jobs where dismissing someone can take an act of god. If there's no stated policy against putting your ethernet card in promiscuous mode and sniffing traffic, an employee has much more wiggle room if you call them on it.
The figures mentioneed by the hosting company seem to indicate that the discussion is focused on Windows security on the server side, where it is fairly true that Windows can be about as secure as Linux when both are competently managed. In both cases, there will be someone who knows about the systems taking care of them and ensuring that they're properly patched, firewalled, etc. I personally find managing Linux boxes easier, but Windows can be kept secure as a server.
Where Windows still falls down security-wise is on the desktop, where the combination of a vulnerable browser/Office Suite along with the fact that the de facto standard way for desktop users to set up their accounts is with administrator priviledges. That turns what would be a non-existant threat on the server (you shouldn't be doing general surfing or office work on a server) into a major issue. Microsoft has made feeble attempts to encourage users and developers to use limited accounts, but the fact remains that reconfiguring poorly written software to work in a limited account is a major headache that the average desktop user is not willing to put up with.
Microsoft also falls behind [most] Linux systems in that the majority of the software on a Linux box can typically be updated from a single tool (apt-get, yast, urpmi et al) while Windows Update only covers the core OS. Microsoft does have a better system in the works, but that will still only cover MS software.
With multiple boxes, having an external facing firewall only helps so much. If one of the "protected" boxes gets infected by student activity, it'll run all over the LAN. That's part of why so many places got hit hard by the last couple Windows worms - they had firewalls and let down their internal guard and got pounded by infected internal machines, particularly when users brought in laptops that had gotten infected at home.
There's a few things to do to limit the problem:
1. As you said, have an external facing firewall. 2. Have firewalls on each individual computer. 3. Configure services to only connect to systems they actually need to talk to. (And obviously, turn off unneeded services) 4. If feasible, you can have switch level security that prevents unauthorized machines from making connections. (IE block port 135 TCP from desktop to desktop if they're only ever supposed to connect to a server.)
One of these kids is not like the other. Arthur Anderson's conviction was overturned by the Supreme Court.
Finding that the prosecution violated rules does not mean that they're innocent. If they weren't essentially destroyed already, they'd likely be tried again. The best writeup of the decision I read was on the Motley Fool - Registration free google cache
I think it's indicative of that persons level of judgement.
OK, what about people who have speeding tickets? Smoke? Drink? Are overweight or have poor fitness? Are in bad relationships? Don't stretch properly before exercising? Interupt people when they speak? Have "religious" biases when it comes to operating systems or languages? What do you bet that you do things that other people would consider a negative indicator of good judgement? Personally I'd rather have an employee with an ear ring than one who's in a bad relationship - one is far more likely to interfere with work than the other.
The new corporate office demanded a firewall, so they could watch what we visited.
I spent a short period of time contracting in an office of a big corporation. They had some really bizarre web filters where most of the anti-blackhat/informational sites were blocked, but 2600 was completely open. The paranoid part of me says that they could have left some nasty sites open to monitor who was going to them, except I was never called into the office for a discussion about inappropriate sites or the like. (And yes, I left voluntarily on my own timetable.)
And of course, they left outgoing telnet wide open so anyone who wanted to get outside information could.
Sure, you can watch what I visit on the web, but it may only *seem* innocuous.
Or vice versa. I work with digital video and a many Linux digital video resources are located at bytesex.com
Your rote suggestion that I use a "full" character set only doubles the entropy of my password.
Rote? Knowing industry best-practices is rote these days?
Check your math. The complexity grows exponentially. Your statement suggested that randomness makes a secure password, which is not true. A secure password requires a combination of length and (at least pseudo-)randomness or extreme length.
A randomly generated 8 character password from the character set {ab} has 256 possibilities. Increasing the set to {abc} increases it to 6561, and {abcd} to 65536. That's far beyond doubling.
The difference in the average time to force an 8 characted {a-z0-9} set like you suggested (which can be brute forced in about a day (at most) on a standard desktop computer) and an 8 character 95 character set is *4703. That means that a standard computer could brute force it (on average) in a dozen years or so. Which for most people's standards is a big enough number.
(Note that "good enough" doesn't apply to people who aren't bright enough to properly salt their hashes, leading the possibility of just generating rainbow tables.)
Non-Latin characters would increase the strength, but at the cost of backwards compatability and usability on systems that didn't support them. A properly designed hash system can accomidate an inifintely long password, meaning that in practical terms you can just add a few characters when you need additional strength. My main online banking password is a 13 character pseudo-random string (it's derived from something, but only in a way that makes sense to me) that draws from the extended character set. It's prolly more memorable to me than your 8 character random one yet provides much, much stronger protection.
If you're that paranoid about password protected access, you shouldn't use it at all.
Most things don't offer a practical alternative. I use practical but relatively strong passwords, whereas you made the statement that a simple random password was secure. Simply adding a mix of capital letters to yours would increase the time to brute force by over *72, while not being much less memorable than the original.
A strong password would involve capital and lower case letters, numbers, and characters. That password would take (36^8)/2 attempts on average to bruteforce. That's a small number to today's high-end computers.
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
Jury nullification may mean that the accused doesn't go to jail/prison or face fines, but that doesn't mean that life is easy. Simply being arrested (regardless of conviction) can be devastating to many people in high tech professions. It will show up on background checks, it will keep you from getting security clearances...
I'm not commenting either way on the vigilantes, I'm just pointing out that jury nullification doesn't make something legal, it just means that the government doesn't punish you directly.
Picking a password by splitting the words of items on your desk and adding them back together is not smart. Comp05HP is not a good password.
But B&m:7599-BtBr} would be, and was just generated from an item on my desk. Easily rememberable to me.
Something like k8iWq3xy.
All alphanumeric eight character password? A bruteforce check would crack that on average in ~4.9e+55 attempts. That's a very small number to today's computers. A high end home computer will chew through that in a very short period of time.
Set up a policy that only allows 2 attempts to log in, and after 2 failed attempts, it locks out that IP and MAC address for 30 minutes.
So all I have do to DOS your system is do two failed logins remotely so that your switch's MAC gets locked out?
And get ready for all of your passwords to get harvested as your insane policy causes everyone to write their password down on post-its.
Never, ever log in root from a remote location.
Never, ever allow remote root logins. Period. SSH is easily configured for this.
Expect this account to get cracked.
Log in wisely and you shouldn't get cracked unless there's a really good reason you're being targeted. [hint: you aren't]
Well, he's complaining about something quite minor
It's not just a minor thing, it's symptomatic of what's wrong with Apple. You will use your computer the way Steve says you'll use your computer. You will use your iPod the way Steve says you will. Alt(Flower)-Tab will work the way Steve says it will (they intentionally broke the ability for third party software to change its functionality to match Windows/[many] Linux style window switching).
When I say I don't want a package installed on my system, that's final. Any company with that attitude is not ready for the enterprise IMO.
By comparison, in the Linux world Novell forces you to purchase Red Carpet update service for the same feature, and I believe Red Hat does the same with RHEL.
Access to the Red Hat Network is included with every RHEL subscription. I've not used any of the Novell branded Linuxes, but in SuSE (owned by Novell) all I do is fire up YAST and point it at a mirror and download away. No separate purchase or Red Carpet involved. All of which is irrelevent to my point.
I wouldn't know, having not used WK3. Trying to update the media player that frequently has security holes is different than trying to stuff your iPod firmware updater onto every system possible though. And I've never seen an instance of XP/W2K (which I use quite a bit) adding an update you told it not to apply back to the list of patches to download and install, except for the notable exception of things like SP2 for XP.
Not iTunes, iPod updater. The thing that tries to put new firmware onto [my non-existant] iPod when you plug it in. And no, I do not have iTunes installed on my productions servers.
And to answer Guido's question, it's not a matter of fixing dependencies for iTunes - on desktop systems [which do have iTunes installed] you can upgrade iTunes just fine if you tell it not to install the iPod Updater, but it will keep trying to install it again and again and again.
To those who say Apple isn't targeting the enterprise, look no further.
Let me know when they stop trying to force their iPod updater (you know, the one that breaks Real's compatability DRM software) onto my servers. No matter how many times you put that update in the "Never update this" category, it shows back up the next time you run Software Update. Until they stop trying to play childish games on my production servers, I'll not consider them ready for the enterprise.
As a note to mods with overly trigger friendly "flamebait" fingers, my servers are 90% Linux...
So microsoft says windows is cheaper to patch, whereas Novell (who own Suse) say linux is cheaper to patch.
Part of it is that it's subjective depending on what you place value on. From an enterprise standpoint where you're rolling out patches to hundreds or thousands of systems, Microsoft has put a lot of effort into making it easy to manage remote updates. Active Directory has a lot of really nice features that are either missing from Linux or a proprietary add-on (ie Novell's Zen). That carries a lot of value to many people.
To other people the lack of constant rebooting creates great value. As does the fact that distribution upgrades tend to allow you to update the entire system from a single program, compared to the many different ways that Windows software can and has to be updated from.
It's still not news, but Microsoft has a very valid point in saying that from the enterprise management standpoint for CORE SYSTEM updates, Linux is not as easy and accessable to use. All software has problems. Choose the one that you can handle best and get on with life.
OS X is worse than [most - assume that the word most proceeds Linux in the following statement] Linuxes to patch in the following ways:
1. Linux distributions cover the commonly used server tools as part of the distribution. OS X does not include all of the same things, such as MySQL. 2. Linux distributions can be configured to download and install patches automatically - add the appropriate line to your cron (or your patch management software if it supports it) and it'll pull in and install updates as needed. With OS X, you're required to click-through licensing in some cases, so it can't be done in the same way. 3. Linux makes separate updates separate patches - I can pick and choose if I want to update package $FOO but leave package $BAR as it is. OS X frequently bundles them together with no way to separate them. And $FOO may be your mission critical application while $BAR is never used and the patch happens to break OS X. This has happened several times.
Well, there's nothing on the Kool Aid label that says it doesn't contain Drano...
You mean besides the ingredient label?
Please cite a law [in.us] stating that there's any regulation on what can and can't be said on a box, so long as it's not false. If I really wanted to, I could hire the same actors to be in two movies with the same name and put one version out on film and one version out of DVD. It would be a really stupid idea as consumers would return it and stores would refuse to stock it. But it wouldn't be fraud.
I expect they did a market analysis. The DVD rental business will fail in not too many years when internet delivery of movies becomes the preferred way of viewing them. Rather than building their own expensive internal business that will only last a short amount of time, they can ride on someone else's coattails, reaping a reasonable profit without having to take much of a risk or invest in infrastructure. All without the cost that an advertising was with Netflicks would have.
By your reasoning (and mine apparently), Pyramid and Ponzi schemes are legal too.
Specific laws were passed against them in order to protect people. By their very nature, Pyramid and Ponzi schemes are due to failure because they are inherently unsustainable. I'll not that not all Pyramid schemes are banned - for example, there are various sales organizations that have pyramid-like aspects that are legal.
It would be very hard to ban what SCO did because there's nothing unsustainable about it and it's a process that gets used legitimately all the time.
There's a line that has to be walked when creating the balance between rewarding smart people, protecting dumb people, and serving the general public. Allowing people to be fleeced for being dumb hurts society in general because it creates a burden on the public supporting the bankrupt (assuming your culture says that it's immoral to let people starve to death) and has a tendency to increase violent crime. Protecting people too much stiffles innovation.
Someone (a shareholder) is going to get hurt eventually.
Hence SCAM.
If someone getting hurt eventually was the only criteria for a stock scam, companies could not do anything - by its very nature, someone will get hurt with the stock market, pretty much no matter what. Buy low, sell high. It's up to the individual investors or their financial group/investors to judge the merit of the companies and the relative worth of their stock. Caviat emptor and all that. People who bought Enron stock got scammed. People that bought $BIOTECH that had promise but never delivered and went under made a poor choice. But both parties got hurt financially.
As grandparent said, there's prolly nothing illegal about SCO suing IBM et al. They claim that a contract was violated, hire a very respectable lawyer, and attempted to protect what they believed was theirs. Various of their statements have been rediculous and inflamatory, but there's no law against being stupid or making poor judgement. There's also no law against well timed press releases - all big companies do it all the time.
What *could* be illegal is if the powers that be can show that they purjured themselves, that they violated SEC rules, or that they engaged in insider trading. All of which can be difficult to prove.
Guess what. There's no real way to tell, because your multiple downloads show up but my running around installing it off a USB drive or a local mirror (that doesn't report stats back to Moz.org) doesn't. I happen to use the products based on their merits and don't worry about how many other people are using it. It's vaguely interesting to see how many people might be doing so and so people try to make a guess based on what information they have, which in the case of open source software doesn't necessarily reflect the numbers accurately.
Some spam is indeed like that. But if you look at the records/discussions of anti-spam groups, you'll see that a very large portion of the spam sent from people in.us comes from a relatively small number of individuals.
Slashdot Mirror
For those who complain that ISPs end up footing the bill because the spammers don't pay, well, I guess they'll need to be more careful about vetting their customers next time.
/. loves to complain about).
You do realize that includes you, doesn't it? Your activism costs your ISP money which they pass on to their customers. Given the competative market, chances are they can't raise rates very much, so instead they cut the quality or support or add bandwidth limits to the customers (another thing
Plugging other machines that are non-Windows is not likely to create near as many problems.
Plugging in anything without a compentent admin can create problems. The hordes of owned Linux machines banging away on ssh is proof of that. The theory is that the company hires competent people to keep the work machines secure and bans all other machines because they have no way to guarantee that the desktop jockey who wants to run his/her own machine can and will do so. It also helps with software licensing issues and means that JeFF!!1! over in accounting doesn't get overly enthusiastic with security, put company documents on an encrypted OpenBSD system, and then get hit by a bus the next day, taking the password with him.
It's the untrusted employee that is trying to subvert your networks that you have to worry about more than anything.
And company policy will not stop that anyway.
It can make it a whole lot easier to get rid of them if they try something, particularly in government jobs where dismissing someone can take an act of god. If there's no stated policy against putting your ethernet card in promiscuous mode and sniffing traffic, an employee has much more wiggle room if you call them on it.
The figures mentioneed by the hosting company seem to indicate that the discussion is focused on Windows security on the server side, where it is fairly true that Windows can be about as secure as Linux when both are competently managed. In both cases, there will be someone who knows about the systems taking care of them and ensuring that they're properly patched, firewalled, etc. I personally find managing Linux boxes easier, but Windows can be kept secure as a server.
Where Windows still falls down security-wise is on the desktop, where the combination of a vulnerable browser/Office Suite along with the fact that the de facto standard way for desktop users to set up their accounts is with administrator priviledges. That turns what would be a non-existant threat on the server (you shouldn't be doing general surfing or office work on a server) into a major issue. Microsoft has made feeble attempts to encourage users and developers to use limited accounts, but the fact remains that reconfiguring poorly written software to work in a limited account is a major headache that the average desktop user is not willing to put up with.
Microsoft also falls behind [most] Linux systems in that the majority of the software on a Linux box can typically be updated from a single tool (apt-get, yast, urpmi et al) while Windows Update only covers the core OS. Microsoft does have a better system in the works, but that will still only cover MS software.
With multiple boxes, having an external facing firewall only helps so much. If one of the "protected" boxes gets infected by student activity, it'll run all over the LAN. That's part of why so many places got hit hard by the last couple Windows worms - they had firewalls and let down their internal guard and got pounded by infected internal machines, particularly when users brought in laptops that had gotten infected at home.
There's a few things to do to limit the problem:
1. As you said, have an external facing firewall.
2. Have firewalls on each individual computer.
3. Configure services to only connect to systems they actually need to talk to. (And obviously, turn off unneeded services)
4. If feasible, you can have switch level security that prevents unauthorized machines from making connections. (IE block port 135 TCP from desktop to desktop if they're only ever supposed to connect to a server.)
One of these kids is not like the other. Arthur Anderson's conviction was overturned by the Supreme Court.
Finding that the prosecution violated rules does not mean that they're innocent. If they weren't essentially destroyed already, they'd likely be tried again. The best writeup of the decision I read was on the Motley Fool - Registration free google cache
I think it's indicative of that persons level of judgement.
OK, what about people who have speeding tickets? Smoke? Drink? Are overweight or have poor fitness? Are in bad relationships? Don't stretch properly before exercising? Interupt people when they speak? Have "religious" biases when it comes to operating systems or languages? What do you bet that you do things that other people would consider a negative indicator of good judgement? Personally I'd rather have an employee with an ear ring than one who's in a bad relationship - one is far more likely to interfere with work than the other.
The new corporate office demanded a firewall, so they could watch what we visited.
I spent a short period of time contracting in an office of a big corporation. They had some really bizarre web filters where most of the anti-blackhat/informational sites were blocked, but 2600 was completely open. The paranoid part of me says that they could have left some nasty sites open to monitor who was going to them, except I was never called into the office for a discussion about inappropriate sites or the like. (And yes, I left voluntarily on my own timetable.)
And of course, they left outgoing telnet wide open so anyone who wanted to get outside information could.
Sure, you can watch what I visit on the web, but it may only *seem* innocuous.
Or vice versa. I work with digital video and a many Linux digital video resources are located at bytesex.com
Your rote suggestion that I use a "full" character set only doubles the entropy of my password.
Rote? Knowing industry best-practices is rote these days?
Check your math. The complexity grows exponentially. Your statement suggested that randomness makes a secure password, which is not true. A secure password requires a combination of length and (at least pseudo-)randomness or extreme length.
A randomly generated 8 character password from the character set {ab} has 256 possibilities. Increasing the set to {abc} increases it to 6561, and {abcd} to 65536. That's far beyond doubling.
The difference in the average time to force an 8 characted {a-z0-9} set like you suggested (which can be brute forced in about a day (at most) on a standard desktop computer) and an 8 character 95 character set is *4703. That means that a standard computer could brute force it (on average) in a dozen years or so. Which for most people's standards is a big enough number.
(Note that "good enough" doesn't apply to people who aren't bright enough to properly salt their hashes, leading the possibility of just generating rainbow tables.)
Non-Latin characters would increase the strength, but at the cost of backwards compatability and usability on systems that didn't support them. A properly designed hash system can accomidate an inifintely long password, meaning that in practical terms you can just add a few characters when you need additional strength. My main online banking password is a 13 character pseudo-random string (it's derived from something, but only in a way that makes sense to me) that draws from the extended character set. It's prolly more memorable to me than your 8 character random one yet provides much, much stronger protection.
If you're that paranoid about password protected access, you shouldn't use it at all.
Most things don't offer a practical alternative. I use practical but relatively strong passwords, whereas you made the statement that a simple random password was secure. Simply adding a mix of capital letters to yours would increase the time to brute force by over *72, while not being much less memorable than the original.
A strong password is something like "vtu1vjkn"
A strong password would involve capital and lower case letters, numbers, and characters. That password would take (36^8)/2 attempts on average to bruteforce. That's a small number to today's high-end computers.
If it's common sense, regardless of the law, the people (in the form of a jury) can make it legal.
Jury nullification may mean that the accused doesn't go to jail/prison or face fines, but that doesn't mean that life is easy. Simply being arrested (regardless of conviction) can be devastating to many people in high tech professions. It will show up on background checks, it will keep you from getting security clearances...
I'm not commenting either way on the vigilantes, I'm just pointing out that jury nullification doesn't make something legal, it just means that the government doesn't punish you directly.
Picking a password by splitting the words of items on your desk and adding them back together is not smart. Comp05HP is not a good password.
But B&m:7599-BtBr} would be, and was just generated from an item on my desk. Easily rememberable to me.
Something like k8iWq3xy.
All alphanumeric eight character password? A bruteforce check would crack that on average in ~4.9e+55 attempts. That's a very small number to today's computers. A high end home computer will chew through that in a very short period of time.
Set up a policy that only allows 2 attempts to log in, and after 2 failed attempts, it locks out that IP and MAC address for 30 minutes.
So all I have do to DOS your system is do two failed logins remotely so that your switch's MAC gets locked out?
And get ready for all of your passwords to get harvested as your insane policy causes everyone to write their password down on post-its.
Never, ever log in root from a remote location.
Never, ever allow remote root logins. Period. SSH is easily configured for this.
Expect this account to get cracked.
Log in wisely and you shouldn't get cracked unless there's a really good reason you're being targeted. [hint: you aren't]
I need more tinfoil
There's a family in CA that would prolly be willing to make you a great deal on some tin foil, only slightly used. How big's your house?
Well, he's complaining about something quite minor
It's not just a minor thing, it's symptomatic of what's wrong with Apple. You will use your computer the way Steve says you'll use your computer. You will use your iPod the way Steve says you will. Alt(Flower)-Tab will work the way Steve says it will (they intentionally broke the ability for third party software to change its functionality to match Windows/[many] Linux style window switching).
When I say I don't want a package installed on my system, that's final. Any company with that attitude is not ready for the enterprise IMO.
By comparison, in the Linux world Novell forces you to purchase Red Carpet update service for the same feature, and I believe Red Hat does the same with RHEL.
Access to the Red Hat Network is included with every RHEL subscription. I've not used any of the Novell branded Linuxes, but in SuSE (owned by Novell) all I do is fire up YAST and point it at a mirror and download away. No separate purchase or Red Carpet involved. All of which is irrelevent to my point.
I wouldn't know, having not used WK3. Trying to update the media player that frequently has security holes is different than trying to stuff your iPod firmware updater onto every system possible though. And I've never seen an instance of XP/W2K (which I use quite a bit) adding an update you told it not to apply back to the list of patches to download and install, except for the notable exception of things like SP2 for XP.
Not iTunes, iPod updater. The thing that tries to put new firmware onto [my non-existant] iPod when you plug it in. And no, I do not have iTunes installed on my productions servers.
And to answer Guido's question, it's not a matter of fixing dependencies for iTunes - on desktop systems [which do have iTunes installed] you can upgrade iTunes just fine if you tell it not to install the iPod Updater, but it will keep trying to install it again and again and again.
To those who say Apple isn't targeting the enterprise, look no further.
Let me know when they stop trying to force their iPod updater (you know, the one that breaks Real's compatability DRM software) onto my servers. No matter how many times you put that update in the "Never update this" category, it shows back up the next time you run Software Update. Until they stop trying to play childish games on my production servers, I'll not consider them ready for the enterprise.
As a note to mods with overly trigger friendly "flamebait" fingers, my servers are 90% Linux...
So microsoft says windows is cheaper to patch, whereas Novell (who own Suse) say linux is cheaper to patch.
Part of it is that it's subjective depending on what you place value on. From an enterprise standpoint where you're rolling out patches to hundreds or thousands of systems, Microsoft has put a lot of effort into making it easy to manage remote updates. Active Directory has a lot of really nice features that are either missing from Linux or a proprietary add-on (ie Novell's Zen). That carries a lot of value to many people.
To other people the lack of constant rebooting creates great value. As does the fact that distribution upgrades tend to allow you to update the entire system from a single program, compared to the many different ways that Windows software can and has to be updated from.
It's still not news, but Microsoft has a very valid point in saying that from the enterprise management standpoint for CORE SYSTEM updates, Linux is not as easy and accessable to use. All software has problems. Choose the one that you can handle best and get on with life.
Ah, as ever, the Mac fanboys have to show up.
OS X is worse than [most - assume that the word most proceeds Linux in the following statement] Linuxes to patch in the following ways:
1. Linux distributions cover the commonly used server tools as part of the distribution. OS X does not include all of the same things, such as MySQL.
2. Linux distributions can be configured to download and install patches automatically - add the appropriate line to your cron (or your patch management software if it supports it) and it'll pull in and install updates as needed. With OS X, you're required to click-through licensing in some cases, so it can't be done in the same way.
3. Linux makes separate updates separate patches - I can pick and choose if I want to update package $FOO but leave package $BAR as it is. OS X frequently bundles them together with no way to separate them. And $FOO may be your mission critical application while $BAR is never used and the patch happens to break OS X. This has happened several times.
Well, there's nothing on the Kool Aid label that says it doesn't contain Drano...
.us] stating that there's any regulation on what can and can't be said on a box, so long as it's not false. If I really wanted to, I could hire the same actors to be in two movies with the same name and put one version out on film and one version out of DVD. It would be a really stupid idea as consumers would return it and stores would refuse to stock it. But it wouldn't be fraud.
You mean besides the ingredient label?
Please cite a law [in
P.S. Don't drink the Kool Aid.
Usually it's the other way around with Wal-Mart.
I expect they did a market analysis. The DVD rental business will fail in not too many years when internet delivery of movies becomes the preferred way of viewing them. Rather than building their own expensive internal business that will only last a short amount of time, they can ride on someone else's coattails, reaping a reasonable profit without having to take much of a risk or invest in infrastructure. All without the cost that an advertising was with Netflicks would have.
Plus they can use the word synergy.
if they weren't marked as edited, start a lawsuit against them, they are committing fraud.
Have fun with that one in court. If there's nothing indicating that it's the complete, uncut version, there's no fraud.
By your reasoning (and mine apparently), Pyramid and Ponzi schemes are legal too.
Specific laws were passed against them in order to protect people. By their very nature, Pyramid and Ponzi schemes are due to failure because they are inherently unsustainable. I'll not that not all Pyramid schemes are banned - for example, there are various sales organizations that have pyramid-like aspects that are legal.
It would be very hard to ban what SCO did because there's nothing unsustainable about it and it's a process that gets used legitimately all the time.
There's a line that has to be walked when creating the balance between rewarding smart people, protecting dumb people, and serving the general public. Allowing people to be fleeced for being dumb hurts society in general because it creates a burden on the public supporting the bankrupt (assuming your culture says that it's immoral to let people starve to death) and has a tendency to increase violent crime. Protecting people too much stiffles innovation.
Someone (a shareholder) is going to get hurt eventually.
Hence SCAM.
If someone getting hurt eventually was the only criteria for a stock scam, companies could not do anything - by its very nature, someone will get hurt with the stock market, pretty much no matter what. Buy low, sell high. It's up to the individual investors or their financial group/investors to judge the merit of the companies and the relative worth of their stock. Caviat emptor and all that. People who bought Enron stock got scammed. People that bought $BIOTECH that had promise but never delivered and went under made a poor choice. But both parties got hurt financially.
As grandparent said, there's prolly nothing illegal about SCO suing IBM et al. They claim that a contract was violated, hire a very respectable lawyer, and attempted to protect what they believed was theirs. Various of their statements have been rediculous and inflamatory, but there's no law against being stupid or making poor judgement. There's also no law against well timed press releases - all big companies do it all the time.
What *could* be illegal is if the powers that be can show that they purjured themselves, that they violated SEC rules, or that they engaged in insider trading. All of which can be difficult to prove.
Guess what. There's no real way to tell, because your multiple downloads show up but my running around installing it off a USB drive or a local mirror (that doesn't report stats back to Moz.org) doesn't. I happen to use the products based on their merits and don't worry about how many other people are using it. It's vaguely interesting to see how many people might be doing so and so people try to make a guess based on what information they have, which in the case of open source software doesn't necessarily reflect the numbers accurately.
Some spam is indeed like that. But if you look at the records/discussions of anti-spam groups, you'll see that a very large portion of the spam sent from people in .us comes from a relatively small number of individuals.