Without Carol, apples are worth $1 each. That's what farmers with no marketing overhead (Bob) would ever hope to get. And they like it.
A good point. An oft-overlooked point. An irrelevant point.
Strike the two sentences you quoted from my post and it still stands: Alice has no reasonable claim to ask the flyer maker for a cut of what Bob pays to print flyers. It's not quite as silly as baseball manufacturers asking for a cut of window repair companies, but it's close.
Ah, but it's a false analogy. In your case, Alice and Bob (presumably; I'm inferring here) had independant orchards. In ours, Bob has to buy his apples from Alice; there's no other source for the apples that Alice and Bob are selling. So Bob's increased sales also lead to more revenue for Alice. (Bob might be sell a few bananas too-- they were grown independantly-- but Alice was only advertising the apples.)
But here's another thing: the RIAA doesn't sell anything to consumers. Alice isn't even selling apples to the public. She knowingly and intentionally paid Carol to increase market awareness. Her only reason was to boost Bob's sales (since Bob pays Alice a cut of every apple, no pun intended).
Now let's get to the real issue here. Alice is advertising apples, but doesn't say where to buy them. So Bob also puts out his own flyers with directions to his apple stand. Alice says, well because I paid Carol all this money, I also want you get paid me for each flyer that Bob puts out. To top it off-- and this is actually irrelevant because the rest is so ludicrous-- she's not telling this to Bob; she's telling it to the flyer printer.
So the analogy is quite different. In your example, Alice and Bob (presumably) had independant orchards. Alice sold apples to the public, and that's why she paid Carol. And Alice wanted to benefit from Bob's increased revenues. But in our case, Alice has the only orchard. She doesn't sell apples; she only paid Carol to boost Bob's sales. And Alice wants to get a cut of Bob's flyer printing.
The way I figure, Bob is paying Alice a lot. Alice isn't giving the apple farmers much at all. The reason she justifies this is by saying that she has to pay Carol so much. So why, when Bob pays for marketing out of his own pocket, should Alice demand money? If anything, it would seem that Alice should give money to Bob-- she's the one with the huge advertising budget.
Re:Maybe an OSS future isn't that bright afterall
on
Nessus Closes Source
·
· Score: 1
Let's be serious about this. The GPL provides **no** protection to companies whose business model is built on selling software that doesn't need support contracts or anything like that. If selling software is your business, then the GPL is basically a suicide pact for your company and the same applies to all other open source licenses because your competition can repackage your millions and billions of R&D dollars/Euros/Yet/etc. and you get... precisely what?
Only for your primary product. My entire career as a programmer, I've never written software for my employers to sell, although I've always worked for companies that sell software (sometimes as OSs for hardware). I've written programs to track RMAs, filter logs from the lab, display our website, maintain system reservation data, search for suitable test configurations, browse source code, configure firewalls, etc, etc. None of these are things we sold. This has been not just at large-cap companies, but also at small companies with only three coders.
A large percentage of the software written by a company is for internal use only. Some of them are very company-specific, but some aren't. Some of the ones that are nearly company-specific may be something that the customers would want to use.
I realize that Nessus isn't an internal tool for this company. I'm just pointing out that "open source is bad if you sell software" is a little off-base, and damages people's perceptions of open source.
That protects you against capture and playback attacks, but not man-in-the-middle attacks.
Hmmm... I'm trying to think of MitM attacks against this, and I can't think of any that can't be fairly trivially thwarted. I'm pretty sure there are some, but it's late and I'm tired.
But there are other scenarios that I can see. For instance, you're at the jeweler while your buddy's in the food court. You both have small radios. You pick out a big diamond. Your buddy gets near somebody who looks loaded. The jeweler thinks you're using the RFID card, but really you and your buddy are just relaying it to the guy at the food court. (This is a restatement of an old problem involving grandmaster chess.)
While the cupholder+cig lighter, cassette deck, EZ-bake oven, etc are all cool, I go with some more practical stuff. First, I have a set of fans in one of my bays. The other bay holds dials to change the speed of my other fans.
I'm serious about my cooling, but like to turn down the auxiliary fans when I'm watching a movie.
I meant that it doesn't matter from the point of view of the game mechanics, and hence the protocol I'm discussing: he can choose to show his cards, or not; the protocol doesn't make a difference there.
You are correct that it may matter to the players, but that is beyond the point of the mechanical implementation (other than giving the winner an option to show his cards).
even then it's not ideal, if every one but winner folds, he may not necessarily want his hole cards revealed.
In the event that he's forced everybody out, it doesn't matter what he had in the hole, or whether he got them legitimately or not, so you don't run the confirmation part of the protocol.
Let me put it this way.
The only people who have to reveal their hole cards, are the ones who would reveal their hole cards if you were sitting around the table. Those are the cards you have to verify were dealt in a real game; those are therefore the cards you have to verify were dealt in an online game.
Your algorithm means always revealing the other player's hole cards (using Texas as an example here) which is flawed.
Only if you want to make sure the losers didn't cheat. But in what I'm proposing, only the winner has to reveal his hole cards, and if the losers cheated, I don't really care.
In particular how do you make a client trustworthy without resorting to something Palladium like.
You don't. That's what crypto protocols are about: you don't trust that the software is what you wrote; you engineer the protocol so that the other participants can't hurt you, even if they cheat (ie, violate the protocol).
In this case, it's based on checking up on things. Each deal, you generate a new keypair. At the end of the hand, the winner reveals his private keys. You already know the encrypted cards
he was dealt (they're exposed as part of the deal protocol), and so after he reveals the private key, you know the plaintext of those cards. If that doesn't match his hand, then somebody's got some 'splaining to do.
You could have an open-source, multi-client, unsigned, build-your-own-client system; the protocol's where the security is, not the code.
I can really see no possible way you could tell if the deal was altered as long as they decide to cheat selectively and with some randomness.
There's a pretty straightforward protocol for that, so long as the end user has a trustworthy client. Essentially, everybody ends up dealing one another cards, but the cards are always cryptographically blinded by a public-key algorithm (which, IIRC, must be commutative, but RSA is).
There's a writeup in "Applied Cryptography". I'm not sure if it's practical yet, but it exists.
On a server I needed to remotely manually replace libc with an older version file from another machine. Ofcause you have to remember to do everything in a single command otherwise if you delete the old version you cannot run anything else. (I am sure there must be a simpler solution to that than take the disk out and do it on another machine)
Make a/tmp/lib and set your LD_LIBRARY_PATH to point to it, and copy the old libc in there before you start the whole process.
Regrettably, there are a few niche apps used by recruiters, headhunters, and the like. They require a resume in Word. As in, the "candidate" record has a Word COM object as part of it. It HAS to be Word; send them a PDF or text, and they'll copy/paste it to word, where it looks terrible.
I keep mine as a TeX file that I build to PDF for sending to Unix folks, but also I keep a Word version to send to headhunters and HR folks.
(Please don't start downloading them all at once, those are huge files).
A quick google found a torrent of the DivX versions. 9GB total. There's currently 2 seeds and 3 peers. The files are under the Creative Commons licence.
Frankly, I found that I could do 5 WPM by simply memorizing the dits and dahs and matching them to what I heard.
It's easier than that, even.
I got my Novice and Tech on the same day. I was going to take both writtens, and come back for the code in another couple of weeks-- taking the time to learn the code. But when it came time to take the exams, they didn't even change seating between the written and the CW tests. So I ended up sitting in on the CW test, even though I only knew a little cursory CW (probably just E, T, I, O, and S. No, not M.)
5 WPM is SLOW. I don't see how people who know CW can copy 5 WPM in their heads: by the time you hear the last letter of a word, you've forgotten the first. Me, I just wrote down what I heard, as dits and dahs, on the paper. Then, after the entire transmission, I did good ol' cryptanalysis on it: work out what every character was just by the usual guesswork that you do on any monoalphabetic substitution cypher.
It's EASY to do that. I was able to sail through it in no time, and got perfect marks on the test. (I didn't get 100% copy, since there was a character in a callsign that didn't appear in the text.)
Now, fast forward a few years. I was going to do the same thing for my general: take the written, come back next week for the code. The examiner-- a buddy of mine-- insisted ("Oh, c'mon, it'll be fun!") that I go ahead and take the code test. While I had learned CW since getting my tech, I hadn't used it in a long enough to forget everything I knew. I got maybe 4% copy. The examiner laughed when I showed him my copy sheet.
Now, the test itself is multiple-choice. Or in my case, multiple-guess. But where I did get a little copy, I could make an educated guess: I'd see "OO" in one part of my copy, and the test would ask about equipment, with only one Kenwood answer. That sort of thing. So I gave it my best shot, with my 4% copy.
The examiner graded it, and told me the result: "Two". "I only got two right?" (That's about what I expected.) "You only missed two." I got my general.
I do feel bad about getting through both my code exams by such impractical methods. (To be fair, I could at one point copy 99% at 15 WPM.) But my point is, these tests aren't hard; you can ace the 5 WPM requirement-- isn't that the only morse requirement left?-- without knowing any morse code at all!
I use Emacs's built-in diary system (note to Americans: "diary" is roughly equivalent to "schedule planner" in some parts of the world). I've also added an extension to page me when meetings are coming up.
Further, if I realize that people are sneaking in, I may have to charge 80$ from everyone else to cover the sneakers loss of sales.
No you don't. You don't have to charge an extra penny to cover the lost sales.
You may decide to increase revenues because you aren't covering costs, or because you want a higher profit. You can increase revenues by increasing the unit revenue ($50-$80), or by increasing the number of sales. You can increase the number of sales by increasing demand (better product or marketing), or by convincing the "sneakers" to pay instead (such as by locking the back door and hoping they'll pay $50 to get in).
Now, the idea of "lost sales" assumes that the "sneakers" would pay if they can't get in; that's well discussed in other posts so I'll skip it. The idea of having to "cover" that, however, is a misdirection: you have to cover your costs, or your desired profits, but just losing sales (if you are losing sales) doesn't mean you have to cover that.
As I said, it's a misdirection, like the Missing Dollar Paradox. You don't have to cover the "sneakers"; you have to cover your costs. You don't have to cover more costs because somebody sneaks in, any more than you have to cover more costs because I jump up and down in my living room shouting "Bwibbity-bwippity-bwippity-blech!"
The passenger continued, "You must have been in marketing before you became a pilot."
"Yes, I was, how did you know?" the pilot replied.
"Because you didn't know where you were or what you were doing, but expected the computer tech to be able to help you. After he answered your question, you were in the same situation as before, but then you decided it was his fault."
Sure, the actual damages of the developer might be zero, but 17USC504 provides for not just actual damages, but also profits that the offender made. Also, 17USC504(c) allows the copyright owner to, rather than receive actual damages + profits, elect to receive statutory damages of up to $150k.
Slashdot Mirror
Unfortunately, the article didn't say what compiler he was using. But since we're giving data points:
gcc 3.4.2 3.4.2 [FreeBSD] 20040728, x86, -O3 -march=pentium-m. Generated essentially the same code as the article's.
Array version:
Pointer code:
1.4 GHz Athlon. Array code time: 3.274s. Pointer time: 3.322s. Single (100000x) trial of each.
I'd say that's within noise.
Without Carol, apples are worth $1 each. That's what farmers with no marketing overhead (Bob) would ever hope to get. And they like it.
A good point. An oft-overlooked point. An irrelevant point.
Strike the two sentences you quoted from my post and it still stands: Alice has no reasonable claim to ask the flyer maker for a cut of what Bob pays to print flyers. It's not quite as silly as baseball manufacturers asking for a cut of window repair companies, but it's close.
Ah, but it's a false analogy. In your case, Alice and Bob (presumably; I'm inferring here) had independant orchards. In ours, Bob has to buy his apples from Alice; there's no other source for the apples that Alice and Bob are selling. So Bob's increased sales also lead to more revenue for Alice. (Bob might be sell a few bananas too-- they were grown independantly-- but Alice was only advertising the apples.)
But here's another thing: the RIAA doesn't sell anything to consumers. Alice isn't even selling apples to the public. She knowingly and intentionally paid Carol to increase market awareness. Her only reason was to boost Bob's sales (since Bob pays Alice a cut of every apple, no pun intended).
Now let's get to the real issue here. Alice is advertising apples, but doesn't say where to buy them. So Bob also puts out his own flyers with directions to his apple stand. Alice says, well because I paid Carol all this money, I also want you get paid me for each flyer that Bob puts out. To top it off-- and this is actually irrelevant because the rest is so ludicrous-- she's not telling this to Bob; she's telling it to the flyer printer.
So the analogy is quite different. In your example, Alice and Bob (presumably) had independant orchards. Alice sold apples to the public, and that's why she paid Carol. And Alice wanted to benefit from Bob's increased revenues. But in our case, Alice has the only orchard. She doesn't sell apples; she only paid Carol to boost Bob's sales. And Alice wants to get a cut of Bob's flyer printing.
The way I figure, Bob is paying Alice a lot. Alice isn't giving the apple farmers much at all. The reason she justifies this is by saying that she has to pay Carol so much. So why, when Bob pays for marketing out of his own pocket, should Alice demand money? If anything, it would seem that Alice should give money to Bob-- she's the one with the huge advertising budget.
Let's be serious about this. The GPL provides **no** protection to companies whose business model is built on selling software that doesn't need support contracts or anything like that. If selling software is your business, then the GPL is basically a suicide pact for your company and the same applies to all other open source licenses because your competition can repackage your millions and billions of R&D dollars/Euros/Yet/etc. and you get... precisely what?
Only for your primary product. My entire career as a programmer, I've never written software for my employers to sell, although I've always worked for companies that sell software (sometimes as OSs for hardware). I've written programs to track RMAs, filter logs from the lab, display our website, maintain system reservation data, search for suitable test configurations, browse source code, configure firewalls, etc, etc. None of these are things we sold. This has been not just at large-cap companies, but also at small companies with only three coders.
A large percentage of the software written by a company is for internal use only. Some of them are very company-specific, but some aren't. Some of the ones that are nearly company-specific may be something that the customers would want to use.
I realize that Nessus isn't an internal tool for this company. I'm just pointing out that "open source is bad if you sell software" is a little off-base, and damages people's perceptions of open source.
That protects you against capture and playback attacks, but not man-in-the-middle attacks.
Hmmm... I'm trying to think of MitM attacks against this, and I can't think of any that can't be fairly trivially thwarted. I'm pretty sure there are some, but it's late and I'm tired.
But there are other scenarios that I can see. For instance, you're at the jeweler while your buddy's in the food court. You both have small radios. You pick out a big diamond. Your buddy gets near somebody who looks loaded. The jeweler thinks you're using the RFID card, but really you and your buddy are just relaying it to the guy at the food court. (This is a restatement of an old problem involving grandmaster chess.)
I'm serious about my cooling, but like to turn down the auxiliary fans when I'm watching a movie.
As opposed to today, where they can go into any hardware store and buy a $1 blank and $3 service to dup your key onto another key?
No.
You're right; I chose my words poorly.
I meant that it doesn't matter from the point of view of the game mechanics, and hence the protocol I'm discussing: he can choose to show his cards, or not; the protocol doesn't make a difference there.
You are correct that it may matter to the players, but that is beyond the point of the mechanical implementation (other than giving the winner an option to show his cards).
even then it's not ideal, if every one but winner folds, he may not necessarily want his hole cards revealed.
In the event that he's forced everybody out, it doesn't matter what he had in the hole, or whether he got them legitimately or not, so you don't run the confirmation part of the protocol.
Let me put it this way.
The only people who have to reveal their hole cards, are the ones who would reveal their hole cards if you were sitting around the table. Those are the cards you have to verify were dealt in a real game; those are therefore the cards you have to verify were dealt in an online game.
Your algorithm means always revealing the other player's hole cards (using Texas as an example here) which is flawed.
Only if you want to make sure the losers didn't cheat. But in what I'm proposing, only the winner has to reveal his hole cards, and if the losers cheated, I don't really care.
In particular how do you make a client trustworthy without resorting to something Palladium like.
You don't. That's what crypto protocols are about: you don't trust that the software is what you wrote; you engineer the protocol so that the other participants can't hurt you, even if they cheat (ie, violate the protocol).
In this case, it's based on checking up on things. Each deal, you generate a new keypair. At the end of the hand, the winner reveals his private keys. You already know the encrypted cards he was dealt (they're exposed as part of the deal protocol), and so after he reveals the private key, you know the plaintext of those cards. If that doesn't match his hand, then somebody's got some 'splaining to do.
You could have an open-source, multi-client, unsigned, build-your-own-client system; the protocol's where the security is, not the code.
I can really see no possible way you could tell if the deal was altered as long as they decide to cheat selectively and with some randomness.
There's a pretty straightforward protocol for that, so long as the end user has a trustworthy client. Essentially, everybody ends up dealing one another cards, but the cards are always cryptographically blinded by a public-key algorithm (which, IIRC, must be commutative, but RSA is).
There's a writeup in "Applied Cryptography". I'm not sure if it's practical yet, but it exists.
On a server I needed to remotely manually replace libc with an older version file from another machine. Ofcause you have to remember to do everything in a single command otherwise if you delete the old version you cannot run anything else. (I am sure there must be a simpler solution to that than take the disk out and do it on another machine)
Make a /tmp/lib and set your LD_LIBRARY_PATH to point to it, and copy the old libc in there before you start the whole process.
Regrettably, there are a few niche apps used by recruiters, headhunters, and the like. They require a resume in Word. As in, the "candidate" record has a Word COM object as part of it. It HAS to be Word; send them a PDF or text, and they'll copy/paste it to word, where it looks terrible.
I keep mine as a TeX file that I build to PDF for sending to Unix folks, but also I keep a Word version to send to headhunters and HR folks.
(Please don't start downloading them all at once, those are huge files).
A quick google found a torrent of the DivX versions. 9GB total. There's currently 2 seeds and 3 peers. The files are under the Creative Commons licence.
Frankly, I found that I could do 5 WPM by simply memorizing the dits and dahs and matching them to what I heard.
It's easier than that, even.
I got my Novice and Tech on the same day. I was going to take both writtens, and come back for the code in another couple of weeks-- taking the time to learn the code. But when it came time to take the exams, they didn't even change seating between the written and the CW tests. So I ended up sitting in on the CW test, even though I only knew a little cursory CW (probably just E, T, I, O, and S. No, not M.)
5 WPM is SLOW. I don't see how people who know CW can copy 5 WPM in their heads: by the time you hear the last letter of a word, you've forgotten the first. Me, I just wrote down what I heard, as dits and dahs, on the paper. Then, after the entire transmission, I did good ol' cryptanalysis on it: work out what every character was just by the usual guesswork that you do on any monoalphabetic substitution cypher.
It's EASY to do that. I was able to sail through it in no time, and got perfect marks on the test. (I didn't get 100% copy, since there was a character in a callsign that didn't appear in the text.)
Now, fast forward a few years. I was going to do the same thing for my general: take the written, come back next week for the code. The examiner-- a buddy of mine-- insisted ("Oh, c'mon, it'll be fun!") that I go ahead and take the code test. While I had learned CW since getting my tech, I hadn't used it in a long enough to forget everything I knew. I got maybe 4% copy. The examiner laughed when I showed him my copy sheet.
Now, the test itself is multiple-choice. Or in my case, multiple-guess. But where I did get a little copy, I could make an educated guess: I'd see "OO" in one part of my copy, and the test would ask about equipment, with only one Kenwood answer. That sort of thing. So I gave it my best shot, with my 4% copy.
The examiner graded it, and told me the result: "Two". "I only got two right?" (That's about what I expected.) "You only missed two." I got my general.
I do feel bad about getting through both my code exams by such impractical methods. (To be fair, I could at one point copy 99% at 15 WPM.) But my point is, these tests aren't hard; you can ace the 5 WPM requirement-- isn't that the only morse requirement left?-- without knowing any morse code at all!
And for the other hams who hate dots and dashes, the OP wrote:
dah dah dah / didididit / dah dit / dah dah dah / dit / dididit
Not just that, but I don't want to think about the previous sweaty, naked, ugly, and very possibly flatulent occupant of my seat.
I'm not normally one to gritch about /. articles. But doesn't this essentially say, "This article is no longer newsworthy!"
I use Emacs's built-in diary system (note to Americans: "diary" is roughly equivalent to "schedule planner" in some parts of the world). I've also added an extension to page me when meetings are coming up.
Further, if I realize that people are sneaking in, I may have to charge 80$ from everyone else to cover the sneakers loss of sales.
No you don't. You don't have to charge an extra penny to cover the lost sales.
You may decide to increase revenues because you aren't covering costs, or because you want a higher profit. You can increase revenues by increasing the unit revenue ($50-$80), or by increasing the number of sales. You can increase the number of sales by increasing demand (better product or marketing), or by convincing the "sneakers" to pay instead (such as by locking the back door and hoping they'll pay $50 to get in).
Now, the idea of "lost sales" assumes that the "sneakers" would pay if they can't get in; that's well discussed in other posts so I'll skip it. The idea of having to "cover" that, however, is a misdirection: you have to cover your costs, or your desired profits, but just losing sales (if you are losing sales) doesn't mean you have to cover that.
As I said, it's a misdirection, like the Missing Dollar Paradox. You don't have to cover the "sneakers"; you have to cover your costs. You don't have to cover more costs because somebody sneaks in, any more than you have to cover more costs because I jump up and down in my living room shouting "Bwibbity-bwippity-bwippity-blech!"
Cron job. mbmon. 5 lines of Perl.
The passenger continued, "You must have been in marketing before you became a pilot."
"Yes, I was, how did you know?" the pilot replied.
"Because you didn't know where you were or what you were doing, but expected the computer tech to be able to help you. After he answered your question, you were in the same situation as before, but then you decided it was his fault."
Well, that's your theory. Have you got case law to back it up?
Who needs case law for this? We've got statutory law.
having real trouble quantifying the loss of a wronged GPL developer and calling it zero.
Learn what the GPP meant when he said "(punitive) damages".
Sure, the actual damages of the developer might be zero, but 17USC504 provides for not just actual damages, but also profits that the offender made. Also, 17USC504(c) allows the copyright owner to, rather than receive actual damages + profits, elect to receive statutory damages of up to $150k.
IANAL.