Even over the phone, you have no privacy. Even though it's illegal to wiretap without a warrant. There is a difference between privacy and "non-admissable in a court of law."
Imagine you were a spy, and you wanted to communicate with your handler. Would you talk plainly and openly over the phone because wiretapping without a warrant is illegal? No. you'd encrypt the message [codewords, etc]
And while yes, I think the government should require warrants before wiretaping your net connection, I don't see that your queries with Google are specifically private. If google, a party to the communication, decides to divulge the nature of the data, that's their business. More so, I don't think google is leaking the data, I think they use it interally to target the ads better.
Point is, if you don't want people knowing your secrets, don't broadcast them for all to see.
Obviously not all platforms use PCI, nor BAR's directly. That's not a function of C, that's a function of the platform.
Most custom platforms just assume the developer knows the addresses of MMIO. In which case you plomp it into registers.
You're arguing that C doesn't provide a portable hardware layer to the low level devices. Well... um neither does Java. A Java VM on, say a gameboy, has no more access to PCI registers than a C program does. What's your point?
And yes, some platforms have different memory layouts, addressing rules [e.g. dword aligned], but that's all easily addressable in C. If you look at the Linux kernel for instance, most of it is C with VERY little asm. Even MMIO can be controlled via C. Often you only have to drop to ASM when the exact order of operations is required.
As for extending Java, that opens it up to all sorts of problems. For instance, if you munge the address, you could then be writing to process space, or other hardware, etc. It's also very inefficient to create a GC'ed object every time you want to flip at bit in some MMIO register.
I should point out it's legal to be naked in your home, but not infront of a window where others can see.
There is a certain question about whether you can use information eavesdropped off the internet in legal proceedings. But that's a question of law, not privacy. If you're worried about privacy, you must keep your secrets to yourself.
And frankly, you don't have a contract with Google to not log your searches. Add to that your'e doing it over http and it's hard to argue anything else.
i could see if you used google via https and had an agreement that your searches wouldn't be logged. then you could argue you deserve privacy. But that's not what you are doing.
Whoa, step off. I'm not saying you should be denied searching that. All I'm saying is don't think it's private. So if you are worried about your privacy, don't use public search engines.
People seem to infer that I mean to say you should only search for telescreen approved subjects. Hell no. Just don't expect privacy when you're using someone elses server, over the Internet IN CLEARTEXT.
Well PCI hardware [for instance] is not part of the C standard either. But if I read a BAR and get 0x1337BABE as the base address of some register, I can plomp that down into a pointer and use it (well it's obviously not aligned nicely but I just made it up)
You can't do that in Java. At least, not without resorting to JNI hacks. And if you're going to drop down to JNI to do all the nitty-gritty work, you might as well stay there.
Building a desktop on top of Java, that kinda makes sense. A kernel? No way.
This is why it pays to have a modicum of computer knowledge.
Assuming you're not trolling...
When you send a query to google, it goes over the "internet" in the clear. That is, not encrypted. Anyone who can see it can read it. Well who can read it? Turns out a lot of people. Between me and google are probably 10 different boxes. 5 of which are just my ISPs routers. The other five are boxes on other networks, not even related to Google.
There is no inherant requirement for privacy like there is with telephones (maybe their ought to be one). But that said, you're giving your data to Google, willingly no less. That gives them every right to record it. You gave them permission by using their service, I guess you never read their TOS which is your fault, not theirs. Think about the analogy in the real world. This is like you handing your drivers license to every stranger you meet, then getting upset when some of them write it down.
If you don't want your assets [IP, location, name, platform, etc] leaked to Google you should use an anonymous proxy.
Ah, the out of context argument. My house is private by the definition that I have locks on the doors and blinds on the windows. Your analogy may make sense if, say, a public walkway passed through my living room.
I'm not saying people shouldn't have privacy, I'm saying if you export your secrets outside of your domain, you shouldn't expect privacy.
You don't do your personal finances on a city bus do you?
I never said Java was a scripting language (and hint: scripting languages do compile to byte code, I imagine some even to native code).
If you have to drop down to C or ASM via JNI then you're exposing the flow of the program to segments which can have overflows and all that other jazz. You're also making the system more complicated by mixing design tools. Now you need both a C development suite *and* a JDK. Tools only help with security, they don't create it. And what you sacrifice by going to a JVM based OS isn't always made up for in terms of practical security.
In most software that have trivial overflow bugs, they exist because the "programmers" don't verify their code. They test that [say] some JPEG will decompress and that's it. They don't test that their functions are well behaved or in anyway secure. It's not a function of C being insecure, it's a function of a lot of programmers not taking their job seriously [and/or not given the time to test/verify properly].
First, you need pointers. A pointer is basically a value which holds the address of something. While in a scripting language you can pass variables to functions/subroutines it isn't always by reference (e.g. a pointer). Pointers are also used when dealing with hardware which is mapped into the memory space. You need to be able to say "dump this data, exactly here in memory." Something you can't do with most scripting languages. It's also required to build things like page tables (process memory maps).
Second, you want to have the concept of volatile memory. Memory mapped registers, for instance, have to be accessed very explicitly. If I write something like
while (*a == 0) { yield_thread(); }
You can't cache the value of *a, you need to read it every single time the loop passes. C gives you this through the "volatile" modifier. Every time that loop iterates, the value is read from memory.
Third, you need control over how CPU time is spent. While C doesn't give you direct control it's very close. In a scripting language, a routine may need JIT'ing or recompiling, which is a no-no in an interrupt handler (latency == bad).
etc...
The gist of it is that scripting languages don't give you enough control over the machine. C is a decent balance between being one with the machine and being human readable.
Not all bugs are security holes. Bugs could be as simple as formatting errors. Or say not matching test vectors.
Personally though, in professional code, bugs are failures. That we tolerate them as a society is nice and all, but in all honesty they're not really acceptable. Which is generally why it's a smart idea to give your customers test code to toy with before the delivery date. That way hopefully they can spot some bugs to report (it also gives them a chance to ramp up earlier on the software so it's win-win).
In the case of OSS, I can see the guidelines being a bit more lax in certain projects (not OSes though) as resources are limited. If some handy perl script has a typo in the command line parser and I need to specify "--demon" instead of "--daemon" it's a bug, but not the end of the world, etc...
That the OpenBSD team treats the bug reports with such speed is a sign of professionalism. Kudos to them even if I still run Linux (hehehe).
No. Answer? C gives you more control over the hardware which is required for something like an OS. It also has things like "pointers" required for memory mapped I/O.
C++ ? Out of the question. Too many hidden operations make development a nightmare. Java? Are you even kiddin me? (yes, I know there are Java OSes, how those working out for you?) C#?..
ooh ooh I know, Perl!!!
If you want to reduce your bugs [in any language] simple steps
1. Design code that you can verify and test 2. Write modular code 3. Re-use code as much as possible
In this case, it seems the mbuf pointer gets changed before it's accessed later in the function. If they had tracked the life of that variable they would have spotted it. That type of error could have happened in any language.
I have no idea if you're being sincere or not [no offense...] but frankly I don't see it as a loss. I did a s/OSS/music/g on my life and as such found new respect for something I've always loved.
Frankly, if people actually respected what I was doing I wouldn't have had to put up with the joe-jobs, kiddie porn [sent with my parents home address on it], phone calls, death threats, and generally being ignored by the mainstream media/projects by myself. I'm not saying people should bow down and respect me.
I'm just saying if they did respect me or the projects, I wouldn't have had to contemplate suicide in December (which is why I took up piano, to put my mind on something else) or wouldn't have problems socializing with others (well more so than I normally did) as I do now.
Frankly, I respect the idea of OSS, I just don't think that I had a part in it worth talking about, or should try to have a part in it in the future.
I think the larger issue is people treat driving like a right instead of as a privilege, and as such don't give it any respect. I've seen, just like many others have probably, really shitty driving from single occupancy vehicles where no cell phone or other toy was involved.
Most people [including myself from time to time, but I think, perhaps with bias less so] commit driving infractions on a ROUTINE basis. Changing lanes without properly checking, or signalling, speeding, denying right of way, etc... Some are even bad for the car, like accelerating too quickly, braking when a gentle coast could have helped, driving while the car is cold, not waiting to stop before going from reverse to drive, etc.
Then there are those who are astoundingly bad drivers, mostly because they make really poor decisions (speeding in a snow storm for instance). It's these people who will cause the accidents with cell phones and other things because they don't treat driving seriously. They seemingly forget that they are in a 5000lbs cage driving 60mph and how much energy is involved in a collision.
I think they should have more routine traffic checks. On my way home it's dangerous to drive the speed limit, because when you do everyone passes you and cuts you off as they enter the lane [even when you're in the far right lane]. Despite that, I still drive the speed limit because it's the law [and because they setup speed traps from time to time]. I routinely fight for right of way at intersections because everyone does the "rolling" stop. And, just last week I had to pull an emergency stop on the way home [re: hit brakes really hard] because someone decided that pulling in front of me (doing a right turn) when I was going 65km/h was a smart thing to do.
Worse yet, that person probably has their full G license, while I have to monkey around with graduated licensing!!!
I think if more people got $150 fines on a regular basis it might help. People need to smarten the hell up. We keep letting things slide as "fleeting," pretty soon we're just going to be in a big demolition derby. It'd also help if people stopped contesting the fines when they're clearly at fault [e.g. personal responsibility, yeah one can dream!]
Yeah amazon's ranking is fairly useless. As the author of two shitastically non-selling books, I see my ranking jump inbetween 100 and 700k in the span of a day. Usually the result of a SINGLE SALE.
It hit the grace period and someone else (who didn't plan on hosting something called libtomcrypt.org) bought it before we could renew. Legally I guess that's not "stolen" but really if the intention wasn't to host something called "LibTomCrypt" why would you buy it other than to deprive someone else of it?
In this case, a troll from sci.crypt bought it, put porn on the site and left it for a year. Then proceeded to post in usenet with my email address (joe-job) posting links to the porn he was hosting. The idea was to harm my character and the projects by projecting them in the lowest possible light. As a result I no longer read or write usenet postings and have re-dedicated my life to music instead of OSS. Not that I don't miss working on OSS, but it's too depressing to think about anymore. I'd rather play a nice Minuet or something instead.
I only host libtom.org for the legacy users so they have a place to get the code and any updates that may trickle out. I was very close to closing up shop, but I did receive a handful of supportive emails suggesting that I at least host the projects and play it by year.
I don't get the whole "omg I gotta pay off some lo-life for a domain" bidnez. If you have a trademark and someone takes the domain, that's one thing. But if someone has a clever name and you want it, just think of another, or a variation on it [provided they're not trademarked].
For me I went from libtomcrypt.org [stolen] to libtomcrypt.com [too long and retired] to libtom.org [nice and simple]. I also bought it for 10 years. So provided my registar doesn't mess with me I should have it for a good long time.
If I had trademarked LibTomCrypt I would have a claim to get the.org back, but frankly it's not worth the effort. Google indexed libtom.org the same day I put it up. And within a few days you could find it via a search for "tom st denis" or "libtom projects". So the problems caused by it were minimal.
For example, folk who go to "libtomcrypt.org" will be treated with a squatters website. But if you google for "libtomcrypt" the correct domain comes up near the the top (searching for libtom hits the website on the first link).
Whomever bought libtomcrypt.org had to shell out the $10 or whatever it cost to steal it from me. Will they make money from it? I don't know. I'm not going to buy it back though (their website claims no offer under $1000 will be looked at). So unless they make ad revenue it cost them money to steal it from me. And that brings me to the other point. Just because you were tricked to going there and saw the ads, doesn't mean they do [or should] make any money off that. If advertisers smartened up and only paid per lead actually generated, it would pretty much kill these sites overnight.
That is provided that people aren't stupid enough to use squatter domains to search/buy things.
You can *choose* to learn to program and extend your environment.
In Windows you can do that too, for the most part, except where hidden APIs are involved. But more importantly, in OSS world, you can extend existing projects to do what you want better.
But don't think that the benefits of OSS are lost on non-programmers. Eventually some programmer/developer/etc will come along and extend/improve/fix things and non-progammers can benefit from that. As a non-programmer you're pretty much stuck using popular [or highly demanded] OSS software. But you're not legally forced into that situation. For instance, suppose you run a company, use some software [that is OSS] and it needs new functionality. You could hire a developer to add on to the OSS.
You'd save money since the developer has something to start with [as opposed to writing it all from scratch] and the resulting product is also freely licensed meaning you're free to use it sans royalties or upgrade fees [etc.]
If you used proprietary software, and the company went under, you're sunk. Worse, if they use proprietary undocumented data formats [largely the norm] you're doubly sunk.
Nothing you wrote contradicts what I said. If there waws proper POS software in the OSS domain, you would choose it, because it grants you the freedoms to use it how you want (say add feature, or find additions others wrote, etc).
Slashdot Mirror
arrg..
Ok let me explain this to you.
Even over the phone, you have no privacy. Even though it's illegal to wiretap without a warrant. There is a difference between privacy and "non-admissable in a court of law."
Imagine you were a spy, and you wanted to communicate with your handler. Would you talk plainly and openly over the phone because wiretapping without a warrant is illegal? No. you'd encrypt the message [codewords, etc]
And while yes, I think the government should require warrants before wiretaping your net connection, I don't see that your queries with Google are specifically private. If google, a party to the communication, decides to divulge the nature of the data, that's their business. More so, I don't think google is leaking the data, I think they use it interally to target the ads better.
Point is, if you don't want people knowing your secrets, don't broadcast them for all to see.
Tom
Obviously not all platforms use PCI, nor BAR's directly. That's not a function of C, that's a function of the platform.
... um neither does Java. A Java VM on, say a gameboy, has no more access to PCI registers than a C program does. What's your point?
Most custom platforms just assume the developer knows the addresses of MMIO. In which case you plomp it into registers.
You're arguing that C doesn't provide a portable hardware layer to the low level devices. Well
And yes, some platforms have different memory layouts, addressing rules [e.g. dword aligned], but that's all easily addressable in C. If you look at the Linux kernel for instance, most of it is C with VERY little asm. Even MMIO can be controlled via C. Often you only have to drop to ASM when the exact order of operations is required.
As for extending Java, that opens it up to all sorts of problems. For instance, if you munge the address, you could then be writing to process space, or other hardware, etc. It's also very inefficient to create a GC'ed object every time you want to flip at bit in some MMIO register.
Tom
I should point out it's legal to be naked in your home, but not infront of a window where others can see.
There is a certain question about whether you can use information eavesdropped off the internet in legal proceedings. But that's a question of law, not privacy. If you're worried about privacy, you must keep your secrets to yourself.
And frankly, you don't have a contract with Google to not log your searches. Add to that your'e doing it over http and it's hard to argue anything else.
i could see if you used google via https and had an agreement that your searches wouldn't be logged. then you could argue you deserve privacy. But that's not what you are doing.
Tom
Whoa, step off. I'm not saying you should be denied searching that. All I'm saying is don't think it's private. So if you are worried about your privacy, don't use public search engines.
People seem to infer that I mean to say you should only search for telescreen approved subjects. Hell no. Just don't expect privacy when you're using someone elses server, over the Internet IN CLEARTEXT.
Tom
Well PCI hardware [for instance] is not part of the C standard either. But if I read a BAR and get 0x1337BABE as the base address of some register, I can plomp that down into a pointer and use it (well it's obviously not aligned nicely but I just made it up)
You can't do that in Java. At least, not without resorting to JNI hacks. And if you're going to drop down to JNI to do all the nitty-gritty work, you might as well stay there.
Building a desktop on top of Java, that kinda makes sense. A kernel? No way.
Tom
I'm not against google cleaning their logs. I'm against people claiming this is a privacy issue.
Google logging all your queries: Not a privacy problem.
Bank leaking your SSN via stolen laptop: Privacy problem.
AOL knowing that you like midget porn: Not a privacy problem.
Government using sub-standard contractor to manage passport data, later turns up on broken into computer: Privacy problem.
By screaming wolf every time "data" is mentioned you desensitize people to real privacy problems.
This is why it pays to have a modicum of computer knowledge.
Assuming you're not trolling...
When you send a query to google, it goes over the "internet" in the clear. That is, not encrypted. Anyone who can see it can read it. Well who can read it? Turns out a lot of people. Between me and google are probably 10 different boxes. 5 of which are just my ISPs routers. The other five are boxes on other networks, not even related to Google.
There is no inherant requirement for privacy like there is with telephones (maybe their ought to be one). But that said, you're giving your data to Google, willingly no less. That gives them every right to record it. You gave them permission by using their service, I guess you never read their TOS which is your fault, not theirs. Think about the analogy in the real world. This is like you handing your drivers license to every stranger you meet, then getting upset when some of them write it down.
If you don't want your assets [IP, location, name, platform, etc] leaked to Google you should use an anonymous proxy.
Tom
You write an entire competive kernel without pointers, let me know how that works out for ya.
Well you're describing a law enforcement problem not a privacy issue.
Google is within their rights to gather as much information as you feed them (your ip, time of day, host strings, query string, etc).
My point was if you were planning on committing crimes, you shouldn't use google to find tips.
Tom
Ah, the out of context argument. My house is private by the definition that I have locks on the doors and blinds on the windows. Your analogy may make sense if, say, a public walkway passed through my living room.
I'm not saying people shouldn't have privacy, I'm saying if you export your secrets outside of your domain, you shouldn't expect privacy.
You don't do your personal finances on a city bus do you?
I never said Java was a scripting language (and hint: scripting languages do compile to byte code, I imagine some even to native code).
If you have to drop down to C or ASM via JNI then you're exposing the flow of the program to segments which can have overflows and all that other jazz. You're also making the system more complicated by mixing design tools. Now you need both a C development suite *and* a JDK. Tools only help with security, they don't create it. And what you sacrifice by going to a JVM based OS isn't always made up for in terms of practical security.
In most software that have trivial overflow bugs, they exist because the "programmers" don't verify their code. They test that [say] some JPEG will decompress and that's it. They don't test that their functions are well behaved or in anyway secure. It's not a function of C being insecure, it's a function of a lot of programmers not taking their job seriously [and/or not given the time to test/verify properly].
Tom
Stop googling for "jihad death to american president" if you're worried about getting caught.
I should point out that your google query goes over plaintext HTTP so anyone inbetween can eavesdrop on your queries.
Tom
First, you need pointers. A pointer is basically a value which holds the address of something. While in a scripting language you can pass variables to functions/subroutines it isn't always by reference (e.g. a pointer). Pointers are also used when dealing with hardware which is mapped into the memory space. You need to be able to say "dump this data, exactly here in memory." Something you can't do with most scripting languages. It's also required to build things like page tables (process memory maps).
Second, you want to have the concept of volatile memory. Memory mapped registers, for instance, have to be accessed very explicitly. If I write something like
while (*a == 0) { yield_thread(); }
You can't cache the value of *a, you need to read it every single time the loop passes. C gives you this through the "volatile" modifier. Every time that loop iterates, the value is read from memory.
Third, you need control over how CPU time is spent. While C doesn't give you direct control it's very close. In a scripting language, a routine may need JIT'ing or recompiling, which is a no-no in an interrupt handler (latency == bad).
etc...
The gist of it is that scripting languages don't give you enough control over the machine. C is a decent balance between being one with the machine and being human readable.
Tom
Not all bugs are security holes. Bugs could be as simple as formatting errors. Or say not matching test vectors.
Personally though, in professional code, bugs are failures. That we tolerate them as a society is nice and all, but in all honesty they're not really acceptable. Which is generally why it's a smart idea to give your customers test code to toy with before the delivery date. That way hopefully they can spot some bugs to report (it also gives them a chance to ramp up earlier on the software so it's win-win).
In the case of OSS, I can see the guidelines being a bit more lax in certain projects (not OSes though) as resources are limited. If some handy perl script has a typo in the command line parser and I need to specify "--demon" instead of "--daemon" it's a bug, but not the end of the world, etc...
That the OpenBSD team treats the bug reports with such speed is a sign of professionalism. Kudos to them even if I still run Linux (hehehe).
No. Answer? C gives you more control over the hardware which is required for something like an OS. It also has things like "pointers" required for memory mapped I/O.
C++ ? Out of the question. Too many hidden operations make development a nightmare.
Java? Are you even kiddin me? (yes, I know there are Java OSes, how those working out for you?)
C#?..
ooh ooh I know, Perl!!!
If you want to reduce your bugs [in any language] simple steps
1. Design code that you can verify and test
2. Write modular code
3. Re-use code as much as possible
In this case, it seems the mbuf pointer gets changed before it's accessed later in the function. If they had tracked the life of that variable they would have spotted it. That type of error could have happened in any language.
I have no idea if you're being sincere or not [no offense...] but frankly I don't see it as a loss. I did a s/OSS/music/g on my life and as such found new respect for something I've always loved.
Frankly, if people actually respected what I was doing I wouldn't have had to put up with the joe-jobs, kiddie porn [sent with my parents home address on it], phone calls, death threats, and generally being ignored by the mainstream media/projects by myself. I'm not saying people should bow down and respect me.
I'm just saying if they did respect me or the projects, I wouldn't have had to contemplate suicide in December (which is why I took up piano, to put my mind on something else) or wouldn't have problems socializing with others (well more so than I normally did) as I do now.
Frankly, I respect the idea of OSS, I just don't think that I had a part in it worth talking about, or should try to have a part in it in the future.
Tom
I think the larger issue is people treat driving like a right instead of as a privilege, and as such don't give it any respect. I've seen, just like many others have probably, really shitty driving from single occupancy vehicles where no cell phone or other toy was involved.
Most people [including myself from time to time, but I think, perhaps with bias less so] commit driving infractions on a ROUTINE basis. Changing lanes without properly checking, or signalling, speeding, denying right of way, etc... Some are even bad for the car, like accelerating too quickly, braking when a gentle coast could have helped, driving while the car is cold, not waiting to stop before going from reverse to drive, etc.
Then there are those who are astoundingly bad drivers, mostly because they make really poor decisions (speeding in a snow storm for instance). It's these people who will cause the accidents with cell phones and other things because they don't treat driving seriously. They seemingly forget that they are in a 5000lbs cage driving 60mph and how much energy is involved in a collision.
I think they should have more routine traffic checks. On my way home it's dangerous to drive the speed limit, because when you do everyone passes you and cuts you off as they enter the lane [even when you're in the far right lane]. Despite that, I still drive the speed limit because it's the law [and because they setup speed traps from time to time]. I routinely fight for right of way at intersections because everyone does the "rolling" stop. And, just last week I had to pull an emergency stop on the way home [re: hit brakes really hard] because someone decided that pulling in front of me (doing a right turn) when I was going 65km/h was a smart thing to do.
Worse yet, that person probably has their full G license, while I have to monkey around with graduated licensing!!!
I think if more people got $150 fines on a regular basis it might help. People need to smarten the hell up. We keep letting things slide as "fleeting," pretty soon we're just going to be in a big demolition derby. It'd also help if people stopped contesting the fines when they're clearly at fault [e.g. personal responsibility, yeah one can dream!]
Tom
Yeah amazon's ranking is fairly useless. As the author of two shitastically non-selling books, I see my ranking jump inbetween 100 and 700k in the span of a day. Usually the result of a SINGLE SALE.
Google working on a phone? What's next? McDonalds working on the spaceshuttle? Sony designing bridges? Bombardier designing networking gear?
Hey google, stick to your "evil empire of data acquisition" plans and leave the hardware for the rest.
It hit the grace period and someone else (who didn't plan on hosting something called libtomcrypt.org) bought it before we could renew. Legally I guess that's not "stolen" but really if the intention wasn't to host something called "LibTomCrypt" why would you buy it other than to deprive someone else of it?
In this case, a troll from sci.crypt bought it, put porn on the site and left it for a year. Then proceeded to post in usenet with my email address (joe-job) posting links to the porn he was hosting. The idea was to harm my character and the projects by projecting them in the lowest possible light. As a result I no longer read or write usenet postings and have re-dedicated my life to music instead of OSS. Not that I don't miss working on OSS, but it's too depressing to think about anymore. I'd rather play a nice Minuet or something instead.
I only host libtom.org for the legacy users so they have a place to get the code and any updates that may trickle out. I was very close to closing up shop, but I did receive a handful of supportive emails suggesting that I at least host the projects and play it by year.
Tom
There is always FireLouPinellaNow.com :-)
.org back, but frankly it's not worth the effort. Google indexed libtom.org the same day I put it up. And within a few days you could find it via a search for "tom st denis" or "libtom projects". So the problems caused by it were minimal.
I don't get the whole "omg I gotta pay off some lo-life for a domain" bidnez. If you have a trademark and someone takes the domain, that's one thing. But if someone has a clever name and you want it, just think of another, or a variation on it [provided they're not trademarked].
For me I went from libtomcrypt.org [stolen] to libtomcrypt.com [too long and retired] to libtom.org [nice and simple]. I also bought it for 10 years. So provided my registar doesn't mess with me I should have it for a good long time.
If I had trademarked LibTomCrypt I would have a claim to get the
Tom
For example, folk who go to "libtomcrypt.org" will be treated with a squatters website. But if you google for "libtomcrypt" the correct domain comes up near the the top (searching for libtom hits the website on the first link).
Whomever bought libtomcrypt.org had to shell out the $10 or whatever it cost to steal it from me. Will they make money from it? I don't know. I'm not going to buy it back though (their website claims no offer under $1000 will be looked at). So unless they make ad revenue it cost them money to steal it from me. And that brings me to the other point. Just because you were tricked to going there and saw the ads, doesn't mean they do [or should] make any money off that. If advertisers smartened up and only paid per lead actually generated, it would pretty much kill these sites overnight.
That is provided that people aren't stupid enough to use squatter domains to search/buy things.
Tom
You could pay people to work on OSS. Believe it or not but there are consulting shops that specialize in just that.
Bonus, their product usually falls under the same license [especially if it's GPL'ed] so your investment is protected in more than one way.
Tom
You can *choose* to learn to program and extend your environment.
In Windows you can do that too, for the most part, except where hidden APIs are involved. But more importantly, in OSS world, you can extend existing projects to do what you want better.
But don't think that the benefits of OSS are lost on non-programmers. Eventually some programmer/developer/etc will come along and extend/improve/fix things and non-progammers can benefit from that. As a non-programmer you're pretty much stuck using popular [or highly demanded] OSS software. But you're not legally forced into that situation. For instance, suppose you run a company, use some software [that is OSS] and it needs new functionality. You could hire a developer to add on to the OSS.
You'd save money since the developer has something to start with [as opposed to writing it all from scratch] and the resulting product is also freely licensed meaning you're free to use it sans royalties or upgrade fees [etc.]
If you used proprietary software, and the company went under, you're sunk. Worse, if they use proprietary undocumented data formats [largely the norm] you're doubly sunk.
Tom
Nothing you wrote contradicts what I said. If there waws proper POS software in the OSS domain, you would choose it, because it grants you the freedoms to use it how you want (say add feature, or find additions others wrote, etc).
Tom