One simple, specific act that would should have been done by Microsoft years ago, that should have been forced on them by angry users years ago, and which can be easily implemented today with either real mail servers or third-party Exchange add-ins, would stop SirCam and many other viruses in its tracks.
If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.) "Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.
This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail. It also takes less customer service time than answering mail from irate customers who lost important messages because the virus filled their mailbox, who have lost hours as their system tried to automatically download megabytes of virus-laden mail, etc.
With a Windows release, you get Windows. That's it. It might be enough to get your mother on the internet, but not much more. (Unless your systems come bundled with Office, in which case you're spending closer to $500/system than $100.)
With a Linux distro, you get the OS, editors, compilers, databases, web servers, mail servers, etc., in that base price.
If you're the average business user and only need Office and a single application (e.g., an accounting package), your software costs might be as little as $500/system. Still far more than the cost of CD bought in a store and shared among the systems. The only reason people don't squeal, loudly, at this price is that it's largely made to look like part of the cost of the hardware.
But if you're a developer, the cost of your tools (compilers, database engines, source control programs, libraries, etc.) can easily hit tens of thousands of dollars.
Just why do you think every receipt now includes that legalese?!
BIG HINT: It was because the banks had to take a big hit once because they approved charges even though the customer had signed nothing promising repayment. Because they got unsolicited credit cards and the credit card slips at that time didn't include that contract.
As for the cite, try checking damn near any undergraduate business law book. Audacity magazine also covered it. It all went down when Mastercharge (which later became Mastercard) (iirc) tried to take the relatively limit-use general credit card introduced by Diner's Card in the 50s to the mass market. All of this happened in the late 1960s.
It was a major case because it actually covered *anything* you received without solicitation. Charities used to send you token gifts (e.g. ties), then try to guilt you into donations. No more. Sleazy companies would "accidently" send you stuff, stuff it was cheaper to pay for than ship back. No more - they can demand it back, but they have to pay for shipping.
(BTW, a general cluestick: most of the "new" problems faced by the internet today are little different than those encountered repeatedly during the past 100 years. The only difference is that companies are trying - and often succeeding - to rewrite the rules because so many people have forgotten the hard-earned lessons in the past.)
Many years ago, banks actually sent out unsolicited credit cards.
Not pre-approved credit card offers, actual working credit cards.
Some people used them, charging to the max. Then refused to make any payment, daring the bank to collect. The banks tried, but failed since 1) the consumer never signed any contracts and 2) the bank had no reasonable expectation that every credit card would be properly delivered and not stolen from an unlocked mailbox.
Ironically, it was the people who refused to make any payments who got away with this. Make any payment, even a dollar, and you clearly indicated agreement to repay the charges.
The word he's looking for is NOT 'consideration' or 'quid pro quo'. That's something very different - the idea that all contracts must offer something of value to all parties. It may only be "$1 and other considerations," but there has to be *something*.
As a counterexample, the Microsoft tax arguably violates that since I'm forced to pay for a software license of absolutely zero value to me, a software license that I can't even transfer to another party due to their "OEM license vs. retail license" provisions. I'm out hard cash, and have nothing of value (to me) for it. But it's a large corporation that's able to *ahem* make its own law.
What the original poster was refering to is closer to "informed consent," but even that isn't quite right.
While this is one use (*cough*), anyone storing confidential records on clients/customers should consider storing all of that information on a tray-mounted drive which is locked in a safe overnight.
The problem with passwords is that there are some legitimate uses for SSH even if you're not around.
The classic example is using a SSH tunnel to retrieve mail from an ISP that doesn't support encrypted POP/IMAP sessions. I've also seen it used to implement a secure alternative to NIS.
While you could, theoretically, specify a different "identity" file for automated scripts, it offers little benefit since SSH doesn't provide a way of restricting rights based on the public key.
Who is NetSol complaining to? I'm sure the ISP that's about to lose my business because NetSol has refused to transfer my domain for 2- or 3- MONTHS will want to contact them as well.
NetSol has ignored approvals from me, from my existing ISP, ignored customer service queries about why they're failing to live up to their contract. I'm sure they also wrote the contract so they don't have to do a damn thing.
But the ISP that's going to have to cut a refund check because they can't set up www.mydomain.com isn't a party to that contract, and they're understandably pissed but they also understand you don't purchase a commercial web hosting contract to get email and web space under their domain name.
Check with the military. I shared a lot of upper-division/graduate physics and math classes with officers at the Orlando Naval Training Center (now closed, iirc). I can't remember if they were on the nuclear officer track, or already certified and in Orlando to train recruits.
Anyway, they knew how something about naval propulsion with nuclear-fired steam turbines. I made the mistake of making some comment about the "steam" coming from the tea kettle one time, and got a quick lecture on what happens when superheated steam hits human flesh. It's not pretty.
So how would you convert the energy produced into electricity?
Steam turbines might seem archaic, but they're still used for the simple reasons that they're a well-proven technology and high pressure steam contains a *lot* more energy per unit volume than pretty much anything else in routine use. (After whatever heats the water in the first place, of course!)
Remember, the plume of vapor over your tea kettle on the stove is not steam. It's water vapor condensed from a very small amount of steam. Steam is invisible, and tends to do things like fling heavy fighter aircraft off of flight decks or instantly cut people in half if they walk in front of a pinhole leak.
A disclaimer can shield you from honest oversights and engineering tradeoffs. But no contractual term can shield you from "negligence."
What's something in negligence in software? That's for the courts to decide, and I don't know if there's case law here yet. But it would be hard to justify crap like explicit backdoors, calling system() with user-supplied data without checking for subshells, etc.
Sure you can copy it. It's a hassle, but it's legal.
What you can't legally do is provide that copy to others for profit. However you can lend the original to third party. You can sell the original to a third party. This is true for books, music, movies, magazines, everything except software. That's why I'm not convinced that the "non-transferable" clauses, e.g., what MS is using to attack the used computer stores, would withstand a court challenge, esp. since the older software (which is often required for these older systems) is no longer for sale at any price.
I haven't worked in this field for 5 years, but even then the computer models were fast enough to run the models several times with slightly different inputs. This is a standard technique to determine the sensitivity of the model to small errors in the initial values - classic chaos theory stuff.
What happens is you find the vast bulk of the model output is essentially the same. The variability is in the exact location of fronts, exactly the type of stuff that has always been difficult to predict.
Given a long enough time frame, everyone will fall under this uncertainty. So you still can't make long-term forecasts, but you *can* give decent 7-10 day forecasts if you have the flexibility to occasionally say that it's impossible to forecast the weather on some of those days. In the vast majority of cases that's good enough - it allows people to avoid scheduling activities when the weather is likely to be nasty.
Don't confuse the way it's misused by ill-informed sysadmins with its real potential.
The current IDENTD information is useless for the 'remote' site, but it can be invaluable to the 'local' site if a complaint is received. Not everyone is a single-user PC - if you're running a host with multiple users this can give you valuable information about who could be responsible. (Or at the least, who might have had their account cracked.)
There's also some proposals floating around to extend the IDENTD payload to include real authentication information. Having IDENTD pass something like an X.509 digital certificate that you can check might actually be stronger than using SSL/TLS-enhanced FTP that only uses anonymous connections.
My rule of thumb on this is simple - if it only affects one program (or a related suite of programs), it should go into a config file.
Environment variables should only be used for things that are interesting to multiple, unrelated applications. Things like PAGER, EDITOR or VISUAL.
If you want to have the ability to override the values compiled into the executable or in the config file, use "-Dname=value" and "-Uname" on the command line. Only check the environment variables for this if there's a compelling reason to do so. (E.g., "CFLAGS" has been supported for so long that no C compiler or preprocessor can reasonably ignore it.)
Config files aren't quite as convenient as environment variables for some types of coding, but the flip side is that you don't have to worry about name collisions in the environment variable namespace, platforms that impose limits on the number of environment variables, etc.
Yeah, read the contract. It promised timely, 24-hour support. Not hours on hold, only to finally reach a clerkoid with no answers or authority.
Besides, taken to its logical extreme (something many cable providers attempt), that clause would make it perfectly legal for them to provide *no* service whatsoever. That flies in the face of common sense - contracts are supposed to be mutual guarantees of exchanges of value. Paying $40/month while the cable company does absolutely nothing doesn't make sense, and any court would throw it out.
That's all the judge is asking in this case - a determination that the company can't routinely drop that connection without reaching the point where no reasonable person would consider it worth the hassle. There has to be *some* limit, and since it's not stated in the contract that's something that can (and will be) determined by a judge or jury.
There's also issues regarding business and collection practices. From what the article said, I agree with the judge that the company's behavior crossed the line of acceptable behavior. Promising a future credit, for an unknown amount at an unknown time, is nothing but a clear "fuck off" to the customer.
"Acts of God" usually refers to specific events beyond a company's control. In the words of my DB professor, it's "Fire, Floods and Insurrection." (And Tornados, Hurricanes, heavy unseasonable snowfalls, war, et al.)
It does NOT include something a company could reasonable foresee. E.g., building a switch in a flood plain.
Very few people aren't willing to cut a company some slack after a bona fide Act of God. But many companies try to use this to justify Acts of Gomer. (Think Gomer Pyle, Cable Guy, and you know what I mean.) It's Gomer Pyle, CEO, who didn't staff the help line and caused hour-long waits on help-calls, not God. It's Gomer Pyle, CEO, who made some decisions that caused the network connection to be routinely dropped.
I think you were responding to more than just me... but to answer the on-point issues
1) I'm not urging frivilous rejections, but a lot of companies are leaving consumers no other option and the courts, CC issues, and other agencies know this. Besides my CC war stories, I can give you a good example in the local cable TV franchise. I told them, repeatedly, I had changed banks and they were to cease auto-debits.
They kept agreeing, then tried to charge the account anyway. Since the bank refused it, I got hit with a $25 NSF fee.
My former bank also charged me initially, until I explained the situation. They could not legally refuse the bank drafts, due to some insane federal regulation. But I could sign a document that the charges were fradulent - and they were, since the company had been informed, repeatedly, that they were to cease such withdrawals.
For close to a year they kept trying to debit the closed account. It is undoubtably a coincidence, nothing more, that it stopped shortly after I became so frustrated at their continuing debits and refusal to identify the appropriate franchise agency that I wrote the state's Attorney General to inquire whether this constituted criminal fraud. I sure as hell would be facing a criminal prosecution if I floated bad checks for a year, and here was a company doing the same thing then demanding I pay them $25/shot for their failure to update their own records.
I'm NOT painting your company with the same brush, just pointing out that these complaints may carry a lot more weight than you would expect since many companies are clearly attempting to intimidate the poor and ill-informed into paying outrageous bogus charges. If the CC issuer is presented a bill for an after-the-fact-charge-with-no-appeal, they might not be quick to assume the customer is at fault, even if the contract would seem to support the claim.
It's worth noting that it appears ACME is *not* informing customers of this bill when they return the car, something that should be trivial to do by reading the GPS data as part of the check-in process. They didn't even bother calling him. They just yanked the money out of the account without his knowledge, much less consent, and then said "sorry, no appeals." THAT is unnecessary and incredibly abusive - the charges should either be made when the customer signs the final paperwork, or after he's been given reasonable notice. Not this "two days later" (or whatever it was) crap.
2) Of course the number and type of violations matter. Three separate incidents over 500 miles, say, is serious. I exceeded 80 MPH only twice over an 8000 mile trip, and both were for unusual circumstances. (The near collision near Seattle, and heavy Friday evening traffic out of Los Angeles where there was literally no alternative road through the dessert.)
3) Keep all the records you want. As I said, I have a clean driving record. (Well, I was just in a 2-mph accident at a poorly constructed intersection, but that was the first accident in almost 20 years, and the first non-PR ticket in nearly as long.) If somebody really is a dangerous driver I don't want you renting to him either!
I would amplify this statement. Anyone who claims that "speeding" is dangerous, but going under the speed limit isn't, has obviously not spent much time driving in the real world.
When someone is going 10 MPH over the traffic flow, they are no threat to me as long as they don't tailgate or swerve around traffic. Both of which are serious traffic violations in their own right and not directly related to speeding.
But someone going 10 MPH *under* the traffic flow causes traffic to back up behind them. This makes it much more difficult for vehicles to merge in or out of traffic since there's a solid wall of vehicles. The 'patience-impaired' will try to change lanes to avoid the bottleneck, often with insufficient regard to the possibility of high speed traffic coming up behind them.
If it's a $50 dollar ticket to go 10 MPH over traffic flow, I think it should be a $200 ticket to be going 10 MPH under the traffic flow without a good reason. (Bad weather, high glare, etc., are all good reasons. Just cause it's "safer" isn't.)
Even on surface streets, you can easily see problems with below-speed traffic. I live at the end of a dead-end street, and occasionally encounter drivers who think 15 MPH is "safer" than the standard 25 MPH.
That sounds great... if you're near the entrance. If you're at the end of a half-mile road, though, you're bored out of your skull and pay a lot *less* attention to the road. After all, this is about half of the regular (and customary) speed.
You say that the contract doesn't need any way to appeal a charge, since it's not a court of law?
Guess what? YOU WILL END UP IN A COURT OF LAW with that attitude. All the vict... customer has to do is sign an document claiming that the $150 "surcharge" was fradulent and very few (read: no) bank won't take it seriously. The charge will be reversed and it will be up to YOU to prove to a court, not the bank, that the charge is valid and enforceable under the contract.
Once you're in a real court you'll have to deal with real issues. E.g., the last time I hit 90 on an interstate it was because some asshole in a SUV was busy chewing out his children... and his foot pressed down on the accelerator as he twisted around in his seat. I was in front of him, and blocked by traffic and the K-bar from changing lanes. I had floored the accelerator, and was literally bracing for impact, when the wife (I believe) finally let the driver know that he was about to kill them all.
To this day I think I made a mistake by not immediately calling the *DUI on my celphone. Maybe he wasn't drunk, but he was just as dangerous as he drive down I-5 in heavy traffic with no attention to what was in front of him.
Let's say this gets to court. On the one hand is ACME saying that the contract requires a $150 fine for excessive speed. No exceptions. Technologie uber alles.
On the other hand is a breathing human being with a clean driving record. He testisfies that he felt the choice was simple: speed, or be rear-ended on a busy interstate at 65+ MPH. At best, the rental car would be totalled. (And it would NOT be chargeable against the vehicle renter since he was rear-ended while driving in a safe and legal manner.) But there was enough traffic that this would probably trigger a chain reaction and many people would be seriously injured or killed.
That's an absolute no-brainer, and if ACME's lawyers were stupid enough to actually take the case to court a judge might decide that the ENTIRE contract is unenforceable because it shocks the sensibility. You can't claim that the fine is "for safety" while simultaneously refusing to acknowledge that in rare conditions (this was the first time I've experienced this in over 20 years of driving) it's critical to avoid a deadly collision.
The author of a contract might try to ignore this, but a court of law deciding enforceability of a contract will not. And if the contract is invalidated, the company has much more to lose. (E.g., do all current renters suddenly become de facto owners of their cars? They paid money for the car, after all...)
While I don't want to dismiss this line of reasoning too casually, I think it overlooks a far more important form of trust.
The reason I trust that my neighbor will not murder me in my sleep is that I trust society at large to enact retribution (prison time) on my behalf. The state has absolutely no obligation to protect me (despite what the "we must think of the children!" crowd thinks), but it does have an obligation to enforce its laws. One of those laws requires a reasonable effort to find my killer, and that is what keeps me safe.
But this trust is semi-optional - if I am fearful for my safety, I can take actions on my own. I can obtain a guard dog, or study a martial art. In many parts of the US I can even keep a gun in the nightstand.
What does this have to do with software?
UCITA. To a lesser extent, the DMCA. The apparent inability or unwillingless of the government to deal with a proven predatory monopolist.
In social terms, software (and other media) rights are arguably closer to a feudal model than a democratic one. We are asked to trust that Lord Bill, who can literally do no wrong, will not harm us. If he does, we have no rights.
This trust is mandatory - we must trust our software providers, and are legally unable to act to reduce our perceived risk.
For instance, we have to trust that UCITA, the DMCA, and a mandatory subscription model won't result in a situation where our critical data is held in a proprietary format that we can no longer access because the product was discontinued (and technical self-help caused the software to self-destruct), and no tools are available to extract the data in other forms because of the DMCA and anti-reverse-engineering provisions.
In contrast, the open licenses make this trust optional again. I can trust that 'gcc' will always be available... or I can keep backup copies of the source, and the source for everything needed to compile it, on hand.
I think most people will be concerned with this form of trust, not the "gift culture" that motivates developers.
At the risk of showing my age, "first world" was the developed democracies, "second world" was the presumably developed former Soviet bloc, "third world" was everyone else.
Over time, "third world" came to be used to mean developing countries, and "fourth world" was introduced to describe the economic and political basket cases.
Before someone jumps on my "presumably developed" description, at the time these terms were first used you couldn't travel anywhere in the Soviet bloc without an Intourist "guide." Some of the descriptions of vacations in the Breznev-era Soviet Union are as hilarious as they are sad. The spies got outside of the Potemkin villages, but they weren't talking.
If you don't want your school invading, uh, your "privacy", then don't use your equipment on their network."... It's not your network, and you have no "rights" with regard to it."
In the US, there's this little thing known as the ECPA. You *do* have rights, some hefty ones, online. The only reason employers can monitor employee's (work) email is because it's legally addressed to the company but delivered to the person who is acting on behalf of the company. That argument might work with university employees, but not students.
To answer the obvious question, the ECPA allows filtering for technical reasons, if it's something that can be done without exposing the content of the mail to any person. The classic example is rejecting mail that's larger than some acceptable limit, or in an unsupported format. Automatically identifying and stripping blocks of executable code would seem to fall in the same category. Forwarding messages containing "prohibited words" to a human censor is not.
(IANAL, but this has been the law for many years.)
Slashdot Mirror
One simple, specific act that would should have been done by Microsoft years ago, that should have been forced on them by angry users years ago, and which can be easily implemented today with either real mail servers or third-party Exchange add-ins, would stop SirCam and many other viruses in its tracks.
If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.) "Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.
This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail. It also takes less customer service time than answering mail from irate customers who lost important messages because the virus filled their mailbox, who have lost hours as their system tried to automatically download megabytes of virus-laden mail, etc.
This question is straight out of Bizarro World.
With a Windows release, you get Windows. That's it. It might be enough to get your mother on the internet, but not much more. (Unless your systems come bundled with Office, in which case you're spending closer to $500/system than $100.)
With a Linux distro, you get the OS, editors, compilers, databases, web servers, mail servers, etc., in that base price.
If you're the average business user and only need Office and a single application (e.g., an accounting package), your software costs might be as little as $500/system. Still far more than the cost of CD bought in a store and shared among the systems. The only reason people don't squeal, loudly, at this price is that it's largely made to look like part of the cost of the hardware.
But if you're a developer, the cost of your tools (compilers, database engines, source control programs, libraries, etc.) can easily hit tens of thousands of dollars.
Just why do you think every receipt now includes that legalese?!
BIG HINT: It was because the banks had to take a big hit once because they approved charges even though the customer had signed nothing promising repayment. Because they got unsolicited credit cards and the credit card slips at that time didn't include that contract.
As for the cite, try checking damn near any undergraduate business law book. Audacity magazine also covered it. It all went down when Mastercharge (which later became Mastercard) (iirc) tried to take the relatively limit-use general credit card introduced by Diner's Card in the 50s to the mass market. All of this happened in the late 1960s.
It was a major case because it actually covered *anything* you received without solicitation. Charities used to send you token gifts (e.g. ties), then try to guilt you into donations. No more. Sleazy companies would "accidently" send you stuff, stuff it was cheaper to pay for than ship back. No more - they can demand it back, but they have to pay for shipping.
(BTW, a general cluestick: most of the "new" problems faced by the internet today are little different than those encountered repeatedly during the past 100 years. The only difference is that companies are trying - and often succeeding - to rewrite the rules because so many people have forgotten the hard-earned lessons in the past.)
Many years ago, banks actually sent out unsolicited credit cards.
Not pre-approved credit card offers, actual working credit cards.
Some people used them, charging to the max. Then refused to make any payment, daring the bank to collect. The banks tried, but failed since 1) the consumer never signed any contracts and 2) the bank had no reasonable expectation that every credit card would be properly delivered and not stolen from an unlocked mailbox.
Ironically, it was the people who refused to make any payments who got away with this. Make any payment, even a dollar, and you clearly indicated agreement to repay the charges.
The word he's looking for is NOT 'consideration' or 'quid pro quo'. That's something very different - the idea that all contracts must offer something of value to all parties. It may only be "$1 and other considerations," but there has to be *something*.
As a counterexample, the Microsoft tax arguably violates that since I'm forced to pay for a software license of absolutely zero value to me, a software license that I can't even transfer to another party due to their "OEM license vs. retail license" provisions. I'm out hard cash, and have nothing of value (to me) for it. But it's a large corporation that's able to *ahem* make its own law.
What the original poster was refering to is closer to "informed consent," but even that isn't quite right.
While this is one use (*cough*), anyone storing confidential records on clients/customers should consider storing all of that information on a tray-mounted drive which is locked in a safe overnight.
The problem with passwords is that there are some legitimate uses for SSH even if you're not around.
The classic example is using a SSH tunnel to retrieve mail from an ISP that doesn't support encrypted POP/IMAP sessions. I've also seen it used to implement a secure alternative to NIS.
While you could, theoretically, specify a different "identity" file for automated scripts, it offers little benefit since SSH doesn't provide a way of restricting rights based on the public key.
Who is NetSol complaining to? I'm sure the ISP that's about to lose my business because NetSol has refused to transfer my domain for 2- or 3- MONTHS will want to contact them as well.
NetSol has ignored approvals from me, from my existing ISP, ignored customer service queries about why they're failing to live up to their contract. I'm sure they also wrote the contract so they don't have to do a damn thing.
But the ISP that's going to have to cut a refund check because they can't set up www.mydomain.com isn't a party to that contract, and they're understandably pissed but they also understand you don't purchase a commercial web hosting contract to get email and web space under their domain name.
Check with the military. I shared a lot of upper-division/graduate physics and math classes with officers at the Orlando Naval Training Center (now closed, iirc). I can't remember if they were on the nuclear officer track, or already certified and in Orlando to train recruits.
Anyway, they knew how something about naval propulsion with nuclear-fired steam turbines. I made the mistake of making some comment about the "steam" coming from the tea kettle one time, and got a quick lecture on what happens when superheated steam hits human flesh. It's not pretty.
So how would you convert the energy produced into electricity?
Steam turbines might seem archaic, but they're still used for the simple reasons that they're a well-proven technology and high pressure steam contains a *lot* more energy per unit volume than pretty much anything else in routine use. (After whatever heats the water in the first place, of course!)
Remember, the plume of vapor over your tea kettle on the stove is not steam. It's water vapor condensed from a very small amount of steam. Steam is invisible, and tends to do things like fling heavy fighter aircraft off of flight decks or instantly cut people in half if they walk in front of a pinhole leak.
Depending on the agent, all you need is access to a few aircraft in foreign cities. Or the airport concourse.
We need to show the publishers that we won't tolerate them trying to roll back the clock 200 years!
Let's burn their product! Yeah, that's always a good way to draw attention the cause!
It worked with bra-burning in the 60's.
It worked with draft card burning during the Vietnam War!
Let's all assemble in front of the library and burn a big pile of the publishers' books! They'll get the message!
...no wait, something seems off with this analogy...
You're mixing two distinct items here.
A disclaimer can shield you from honest oversights and engineering tradeoffs. But no contractual term can shield you from "negligence."
What's something in negligence in software? That's for the courts to decide, and I don't know if there's case law here yet. But it would be hard to justify crap like explicit backdoors, calling system() with user-supplied data without checking for subshells, etc.
Sure you can copy it. It's a hassle, but it's legal.
What you can't legally do is provide that copy to others for profit. However you can lend the original to third party. You can sell the original to a third party. This is true for books, music, movies, magazines, everything except software. That's why I'm not convinced that the "non-transferable" clauses, e.g., what MS is using to attack the used computer stores, would withstand a court challenge, esp. since the older software (which is often required for these older systems) is no longer for sale at any price.
I haven't worked in this field for 5 years, but even then the computer models were fast enough to run the models several times with slightly different inputs. This is a standard technique to determine the sensitivity of the model to small errors in the initial values - classic chaos theory stuff.
What happens is you find the vast bulk of the model output is essentially the same. The variability is in the exact location of fronts, exactly the type of stuff that has always been difficult to predict.
Given a long enough time frame, everyone will fall under this uncertainty. So you still can't make long-term forecasts, but you *can* give decent 7-10 day forecasts if you have the flexibility to occasionally say that it's impossible to forecast the weather on some of those days. In the vast majority of cases that's good enough - it allows people to avoid scheduling activities when the weather is likely to be nasty.
Don't confuse the way it's misused by ill-informed sysadmins with its real potential.
The current IDENTD information is useless for the 'remote' site, but it can be invaluable to the 'local' site if a complaint is received. Not everyone is a single-user PC - if you're running a host with multiple users this can give you valuable information about who could be responsible. (Or at the least, who might have had their account cracked.)
There's also some proposals floating around to extend the IDENTD payload to include real authentication information. Having IDENTD pass something like an X.509 digital certificate that you can check might actually be stronger than using SSL/TLS-enhanced FTP that only uses anonymous connections.
My rule of thumb on this is simple - if it only affects one program (or a related suite of programs), it should go into a config file.
Environment variables should only be used for things that are interesting to multiple, unrelated applications. Things like PAGER, EDITOR or VISUAL.
If you want to have the ability to override the values compiled into the executable or in the config file, use "-Dname=value" and "-Uname" on the command line. Only check the environment variables for this if there's a compelling reason to do so. (E.g., "CFLAGS" has been supported for so long that no C compiler or preprocessor can reasonably ignore it.)
Config files aren't quite as convenient as environment variables for some types of coding, but the flip side is that you don't have to worry about name collisions in the environment variable namespace, platforms that impose limits on the number of environment variables, etc.
Yeah, read the contract. It promised timely, 24-hour support. Not hours on hold, only to finally reach a clerkoid with no answers or authority.
Besides, taken to its logical extreme (something many cable providers attempt), that clause would make it perfectly legal for them to provide *no* service whatsoever. That flies in the face of common sense - contracts are supposed to be mutual guarantees of exchanges of value. Paying $40/month while the cable company does absolutely nothing doesn't make sense, and any court would throw it out.
That's all the judge is asking in this case - a determination that the company can't routinely drop that connection without reaching the point where no reasonable person would consider it worth the hassle. There has to be *some* limit, and since it's not stated in the contract that's something that can (and will be) determined by a judge or jury.
There's also issues regarding business and collection practices. From what the article said, I agree with the judge that the company's behavior crossed the line of acceptable behavior. Promising a future credit, for an unknown amount at an unknown time, is nothing but a clear "fuck off" to the customer.
(IANAL, but can read.)
"Acts of God" usually refers to specific events beyond a company's control. In the words of my DB professor, it's "Fire, Floods and Insurrection." (And Tornados, Hurricanes, heavy unseasonable snowfalls, war, et al.)
It does NOT include something a company could reasonable foresee. E.g., building a switch in a flood plain.
Very few people aren't willing to cut a company some slack after a bona fide Act of God. But many companies try to use this to justify Acts of Gomer. (Think Gomer Pyle, Cable Guy, and you know what I mean.) It's Gomer Pyle, CEO, who didn't staff the help line and caused hour-long waits on help-calls, not God. It's Gomer Pyle, CEO, who made some decisions that caused the network connection to be routinely dropped.
I think you were responding to more than just me... but to answer the on-point issues
1) I'm not urging frivilous rejections, but a lot of companies are leaving consumers no other option and the courts, CC issues, and other agencies know this. Besides my CC war stories, I can give you a good example in the local cable TV franchise. I told them, repeatedly, I had changed banks and they were to cease auto-debits.
They kept agreeing, then tried to charge the account anyway. Since the bank refused it, I got hit with a $25 NSF fee.
My former bank also charged me initially, until I explained the situation. They could not legally refuse the bank drafts, due to some insane federal regulation. But I could sign a document that the charges were fradulent - and they were, since the company had been informed, repeatedly, that they were to cease such withdrawals.
For close to a year they kept trying to debit the closed account. It is undoubtably a coincidence, nothing more, that it stopped shortly after I became so frustrated at their continuing debits and refusal to identify the appropriate franchise agency that I wrote the state's Attorney General to inquire whether this constituted criminal fraud. I sure as hell would be facing a criminal prosecution if I floated bad checks for a year, and here was a company doing the same thing then demanding I pay them $25/shot for their failure to update their own records.
I'm NOT painting your company with the same brush, just pointing out that these complaints may carry a lot more weight than you would expect since many companies are clearly attempting to intimidate the poor and ill-informed into paying outrageous bogus charges. If the CC issuer is presented a bill for an after-the-fact-charge-with-no-appeal, they might not be quick to assume the customer is at fault, even if the contract would seem to support the claim.
It's worth noting that it appears ACME is *not* informing customers of this bill when they return the car, something that should be trivial to do by reading the GPS data as part of the check-in process. They didn't even bother calling him. They just yanked the money out of the account without his knowledge, much less consent, and then said "sorry, no appeals." THAT is unnecessary and incredibly abusive - the charges should either be made when the customer signs the final paperwork, or after he's been given reasonable notice. Not this "two days later" (or whatever it was) crap.
2) Of course the number and type of violations matter. Three separate incidents over 500 miles, say, is serious. I exceeded 80 MPH only twice over an 8000 mile trip, and both were for unusual circumstances. (The near collision near Seattle, and heavy Friday evening traffic out of Los Angeles where there was literally no alternative road through the dessert.)
3) Keep all the records you want. As I said, I have a clean driving record. (Well, I was just in a 2-mph accident at a poorly constructed intersection, but that was the first accident in almost 20 years, and the first non-PR ticket in nearly as long.) If somebody really is a dangerous driver I don't want you renting to him either!
I would amplify this statement. Anyone who claims that "speeding" is dangerous, but going under the speed limit isn't, has obviously not spent much time driving in the real world.
When someone is going 10 MPH over the traffic flow, they are no threat to me as long as they don't tailgate or swerve around traffic. Both of which are serious traffic violations in their own right and not directly related to speeding.
But someone going 10 MPH *under* the traffic flow causes traffic to back up behind them. This makes it much more difficult for vehicles to merge in or out of traffic since there's a solid wall of vehicles. The 'patience-impaired' will try to change lanes to avoid the bottleneck, often with insufficient regard to the possibility of high speed traffic coming up behind them.
If it's a $50 dollar ticket to go 10 MPH over traffic flow, I think it should be a $200 ticket to be going 10 MPH under the traffic flow without a good reason. (Bad weather, high glare, etc., are all good reasons. Just cause it's "safer" isn't.)
Even on surface streets, you can easily see problems with below-speed traffic. I live at the end of a dead-end street, and occasionally encounter drivers who think 15 MPH is "safer" than the standard 25 MPH.
That sounds great... if you're near the entrance. If you're at the end of a half-mile road, though, you're bored out of your skull and pay a lot *less* attention to the road. After all, this is about half of the regular (and customary) speed.
You say that the contract doesn't need any way to appeal a charge, since it's not a court of law?
Guess what? YOU WILL END UP IN A COURT OF LAW with that attitude. All the vict... customer has to do is sign an document claiming that the $150 "surcharge" was fradulent and very few (read: no) bank won't take it seriously. The charge will be reversed and it will be up to YOU to prove to a court, not the bank, that the charge is valid and enforceable under the contract.
Once you're in a real court you'll have to deal with real issues. E.g., the last time I hit 90 on an interstate it was because some asshole in a SUV was busy chewing out his children... and his foot pressed down on the accelerator as he twisted around in his seat. I was in front of him, and blocked by traffic and the K-bar from changing lanes. I had floored the accelerator, and was literally bracing for impact, when the wife (I believe) finally let the driver know that he was about to kill them all.
To this day I think I made a mistake by not immediately calling the *DUI on my celphone. Maybe he wasn't drunk, but he was just as dangerous as he drive down I-5 in heavy traffic with no attention to what was in front of him.
Let's say this gets to court. On the one hand is ACME saying that the contract requires a $150 fine for excessive speed. No exceptions. Technologie uber alles.
On the other hand is a breathing human being with a clean driving record. He testisfies that he felt the choice was simple: speed, or be rear-ended on a busy interstate at 65+ MPH. At best, the rental car would be totalled. (And it would NOT be chargeable against the vehicle renter since he was rear-ended while driving in a safe and legal manner.) But there was enough traffic that this would probably trigger a chain reaction and many people would be seriously injured or killed.
That's an absolute no-brainer, and if ACME's lawyers were stupid enough to actually take the case to court a judge might decide that the ENTIRE contract is unenforceable because it shocks the sensibility. You can't claim that the fine is "for safety" while simultaneously refusing to acknowledge that in rare conditions (this was the first time I've experienced this in over 20 years of driving) it's critical to avoid a deadly collision.
The author of a contract might try to ignore this, but a court of law deciding enforceability of a contract will not. And if the contract is invalidated, the company has much more to lose. (E.g., do all current renters suddenly become de facto owners of their cars? They paid money for the car, after all...)
While I don't want to dismiss this line of reasoning too casually, I think it overlooks a far more important form of trust.
The reason I trust that my neighbor will not murder me in my sleep is that I trust society at large to enact retribution (prison time) on my behalf. The state has absolutely no obligation to protect me (despite what the "we must think of the children!" crowd thinks), but it does have an obligation to enforce its laws. One of those laws requires a reasonable effort to find my killer, and that is what keeps me safe.
But this trust is semi-optional - if I am fearful for my safety, I can take actions on my own. I can obtain a guard dog, or study a martial art. In many parts of the US I can even keep a gun in the nightstand.
What does this have to do with software?
UCITA. To a lesser extent, the DMCA. The apparent inability or unwillingless of the government to deal with a proven predatory monopolist.
In social terms, software (and other media) rights are arguably closer to a feudal model than a democratic one. We are asked to trust that Lord Bill, who can literally do no wrong, will not harm us. If he does, we have no rights.
This trust is mandatory - we must trust our software providers, and are legally unable to act to reduce our perceived risk.
For instance, we have to trust that UCITA, the DMCA, and a mandatory subscription model won't result in a situation where our critical data is held in a proprietary format that we can no longer access because the product was discontinued (and technical self-help caused the software to self-destruct), and no tools are available to extract the data in other forms because of the DMCA and anti-reverse-engineering provisions.
In contrast, the open licenses make this trust optional again. I can trust that 'gcc' will always be available... or I can keep backup copies of the source, and the source for everything needed to compile it, on hand.
I think most people will be concerned with this form of trust, not the "gift culture" that motivates developers.
At the risk of showing my age, "first world" was the developed democracies, "second world" was the presumably developed former Soviet bloc, "third world" was everyone else.
Over time, "third world" came to be used to mean developing countries, and "fourth world" was introduced to describe the economic and political basket cases.
Before someone jumps on my "presumably developed" description, at the time these terms were first used you couldn't travel anywhere in the Soviet bloc without an Intourist "guide." Some of the descriptions of vacations in the Breznev-era Soviet Union are as hilarious as they are sad. The spies got outside of the Potemkin villages, but they weren't talking.
If you don't want your school invading, uh, your "privacy", then don't use your equipment on their network."... It's not your network, and you have no "rights" with regard to it."
In the US, there's this little thing known as the ECPA. You *do* have rights, some hefty ones, online. The only reason employers can monitor employee's (work) email is because it's legally addressed to the company but delivered to the person who is acting on behalf of the company. That argument might work with university employees, but not students.
To answer the obvious question, the ECPA allows filtering for technical reasons, if it's something that can be done without exposing the content of the mail to any person. The classic example is rejecting mail that's larger than some acceptable limit, or in an unsupported format. Automatically identifying and stripping blocks of executable code would seem to fall in the same category. Forwarding messages containing "prohibited words" to a human censor is not.
(IANAL, but this has been the law for many years.)