I'm not trying to start a flame war here. I just think that it's time for me to express my opinion on this matter.
I've been tinkering with gnome and kde since pre kde 1.0 days. I have always preferred gnome to kde. Not because I thought gnome was prettier, but because I could get the functionality that I wanted out of gnome and couldn't get it out of kde.
With the advent of kde3 and gnome2, I will be switching from gnome to kde. Is kde3 slower? It doesn't feel slower to me than gnome1.4. Is kde3 prettier? I think mosfet's liquid is stunning. Can I get kde3 to do what I'm used to doing in gnome1? Not 100% but closer (maybe 90%). Can I get gnome2 to do what I'm used to doing in gnome1? No. I'd say about 50%.
So, from a functionality point of view, gnome1 wins and kde3 is a close 2nd, with gnome2 a distant 3rd. From an aesthetic point of view, kde3 wins, and flip a coin between gnome1/2.
So I'm switching to kde. IMHO, gnome is just not going in a direction that I like.
Remember, this is my opinion. I'm not trying to incite a flame war. I'm just a lone user letting the gnome developers know that they just lost me.
No. They do store something on the mobo. But it's a public key. The fact that you can get to it is irrelevant. So you'll still be able to use your apps offline. You have a public key with you when you're offline. But you still can't crack the verification process. You need access to the private key to do that. And you don't have it.
The key difference between CSS and this thing is that CSS was trying to hide something. This is trying to verify signatures. In CSS, to unhide the thing you need access to something secret. In this, you need access to nothing secret. CSS is insecure because they have to distribute that secret thing to everyone who wants to watch a DVD. Paladium is secure becase the secrets are kept secret.
This is going to be much more difficult to break than CSS.
you have a chip ON THE mobo that tells you if you can run an application. what if you're disconnected from any network? the chip must have some key that, applied to the application, will make it usable. Or will decrypt the application. Or will act as a general key to allow the cpu to run some code.
Ok, but this will be done by installing a certificate (i.e. a signed public key) into the mobo, not a secret key? The certificate will be used to verify that Red Hat (for example) has signed the binary that was distributed. Nothing secret is needed to accomplish this verification. The secret is stored in Red Hat's secret key (stored at red hat) and in the root level secret key (stored, presumably at Microsoft).
So what happens is that Red Hat attaches the cert that they used to sign the app to the app. The mobo cert can verify that it's a red hat cert because the root cert is installed on the mobo. Then the mobo uses the red hat cert to verify that the app has been signed by red hat. No secret keys required. Only publically available knowledge required.
If you're able to break this, then you've broken all public/private key encryption under whatever algorithm was in use.
This is very different from CSS because CSS tries to encrypt (hide) the content. With CSS a huge number of people need to be able to see that content: legitimate customers, none of which have their own private key. So somehow the customer needs to be able to get access to a secret key to see the data. So CSS put a secret key into every DVD player, so that customers could see the data.
But with this, they're not trying to hide anything. They're trying to verify that the data (in this case a computer program) hasn't been altered. Doing that securely does not require wide distribution of a secret key. It requires wide distribution of a certificate (i.e. a public key) but so what? It's a public key. As long as the software provider has a cert signed by microsoft and as long as microsoft keeps their secret key secret, this is going to be very difficult to break.
I think this is very scary, and I think it's quite clever. It basically makes the problem of exercising the GPL the equivalant of cracking public/private key encryption. And that doesn't even mention the amount of power than Microsoft can impose through forced upgrades? Certificates expire. Microsoft can impose that all software providers certificates will expire every year, or 6 months or whatever. At which point, the software will no longer verify correctly. Which means you need to go back to your provider to get an upgrade with a new certificate! You thought forced upgrades were bad before? And what happens if Red Hat decides to divulge their secret key so that the GPL can continue to be exercised? Or if they make it easy to get signed apps? Well then Microsoft simply decides *not* to issue them a new certificate when their current one expires.
This is clever in a very sinister way... unless I'm missing something.
I found that it rejected a lot of legitimate mail until I grepped my "Sent Items" folder, extracted every "To" field and made that my white list. (The assumption being that if I've e-mailed somebody, I don't mind hearing from them.)
I use TMDA to handle people sending me return mail. TMDA lets me create return addresses that will work for a certain amount of time. During that time, when email is sent to that address it will go through. After that time, I can do lots of things. I can bounce the email, silently drop it, or request confirmation. Confirmation is the process that takes place whenever someone unknown to me send me an email. Once confirmed, that person becomes known and will not need to go through confirmation again.
TMDA is like a firewall for my mailbox. If I send an email, replies will automatically work. Otherwise, you are required to authenticate yourself before you get in. I use it in conjunction with spamassassin. I like spamassassin. It works great, but it's not 100%. TMDA, so far, has been 100% effective at blocking spam, while letting legit email through.
And TMDA is a server based system. So it's possible to set it up to work with any email client that send email through the server. So it'll work for your unix clients or your windows clients...
It's standard practise to push a buggy pile of kludges still in need of major debugging out the door to meet overly optimistic deadlines and call it version 1.0.
Right. And if you buck this trend you get crucified as being behind the times, or way slow on delivery. Personally, I'm glad that debian and mozilla work hard not to let the pressure for releases impact the quality of their product.
I disagree; take a look at other industries. Some of the highest-quality products are produced by the tiny, niche-market manufacturers. The best cigars in the world are not from Phillip-Morris. The finest cuisine on your block is not the mega-corporation with the giant yellow 'M'. The most accurate watches don't come from time-giant Timex. The finest literature on the bookshelf isn't necessarily from the biggest publisher.
Doesn't this prove the point? That when there's a large monetary gap between the leader and the also rans, that the leader has no pressure to produce quality? In other words, it's competition that drives quality. If there's no competition, shouldn't we expect lack of quality?
Open Source software is free for some, but for all of the programmers and all of the companies behind the scenes it's very costly.
Yes, but the cost is really widely distributed, so that compensation for any individual is complicated. Let me give you an example.
I run Linux. I also have an HP printer, so I use the hpoj software. I also like the CUPS print spool software. HPOJ and CUPS don't integrate very well. So I wrote, and distribute under GPL, a CUPS backend that allows it to integrate with HPOJ. I contributed about 2-3 hours of time to get this to work. But in return I got hundreds and hundreds of other people's work. I got a working printer and a very flexible print spooler running on a free operating system! And for that I made it so that other people can do that too. I contributed 2-3 hours of work that has value, because it saves time for whoever else uses it (2-3 hours multiplied by the number of users). Thus it contributes back to the economy of opensource/free software, making it all more valuable. I pay small amount of time, and I get back huge amounts of time. Moreover, my contribution makes it so that the next guy will get even more back for his/her contributions. Everyone that contributes a small amount of time, gets paid back much more than they contributed.
What makes opensource/free software different is that it allows large numbers of people to contribute their work to each other, and cumulatively save themselves tons of work. I gladly trade 2-3 hours of work for 2-3 hundred hours of work. It saves me time and money.
I like Joel's article, but it doesn't explain the tradeoff of how people get paid in opensource. It doesn't explain the small amount of effort input for huge amounts of gain returned that opensource/free software allows and encourages. And that's got to be part of the economic equation that explains opensource. It only tries to explain the economics of why IBM, HP, et al, are contributing to opensource. It ignores the fact that IBM, HP, et al, are also trading their small contributions of time for the huge amount of time and money that they save.
If I was a shareholder, I would approve so therefore Microsoft is doing what any good corporation should do, increase shareholder value.
Yes, but the assumption that is made when a company increases shareholder value is that the company is actually doing something that increases the gdp of the entire country. Otherwise you end up with a zero-sum gain.
So for example, if I am a company that produces widgets, and I develop a way to produce more widgets for the same price, I've increased the value of the company, in that I'll be able to lower the price of my widgets while still increasing the profits of my business. Society benefits by getting cheaper widgets and shareholders should reward that kind of thing.
However, if I don't actually do anything but make it look like I'm perpetually increasing the profits of my company, I'm duping society. You end up with one person getting rich by selling high valued stock, while another person (who buys that stock) gets poor. Nothing is produced. Money is simply changed from one hand to another: the zero sum gain.
In the first example, all of society is richer because of the innovative prodution method that allows them to reap profits which is further rewarded in the stock price. In the latter example, nothing actually improves, money just moves from one person to another, without anyone having had to do any actual work.
Which is fine, I suppose. But I would suggest that we as a society demand that people play by the rules. Specifically that companies get to reap the rewards of being profitable when they produce something that benefits society (as determined by the market). If they don't produce anything new, then they shouldn't be rewarded. If they're using accounting practices that allow a company to reap the rewards of producing something new without actually producing something new, I think we should decide to call that fraud or theft, and treat it accordingly.
Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
My ability to redistribute GPL'd code is granted by the original licensor, not the guy who I happened to get it from. They guy who I happened to get it from doesn't have the right to impose any additional restrictions, like per-seat licensing.
Also, section 3 says:
You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above
So this means that I have these rights whether I decide to re-release the binary or the source code form of the program. I just have to make sure that if I re-release the binary form, I also make available the source code. But I'm not restricted from re-releasing a binary. Which means, per-seat licensing restrictions are a violation of the GPL.
But, IANAL, so I may have an overly simplistic interpretation. It seems pretty clear to me, though.
But they can not restrict someone, who gets the source, from re-releasing binaries of the packages, as long as they also include the source. And if they release the binaries, they can not restrict the person who receives those binaries from re-releasing them. This is what the GPL guarantees. That if you get a copy of the code, either in source or binary form, you can give it away. Which means that per-seat licensing of binary GPL'd code is a violation of the GPL since it prevents the receiver of the code from re-releasing that code.
I don't know, but it seems to me that UL are saying that you can't re-release their own code, not the GPL'd code on the system. And if that's the case they're no problem. But if they're restricting the usage of GPL'd software (in either binary or source code form) then that's a violation of the GPL which provides that once you receive code you can give it away.
But, IANAL, so take my opinion as such.
Re:LINUX sucks dogs balls on a hot summer's nite
on
United Linux is Here
·
· Score: 1
Geez, pal. You don't like the "news for nerds"? Feel free to go some where else. No one around here will miss you.
Just like Vladimir and Estragon, I will be waiting (for what I'm sure seems an eternity) for the video/dvd representation of this film. Why? Because I finally saw spider-man. And if AotC is not as good as spider-man, then AotC is not worth my money.
I was really quite disappointed with spider-man. The dialogue was really bad. The FX were fun and the premise was great, but the dialogue was so contrived as to make it impossible for me to suspend my disbelief and enjoy the good parts of the movie. Which is too bad, because for once, this was a movie that didn't lack in story. It lacked in execution. It could have been a really good movie, and after having read the reviews provided here, I expected a pretty good movie. But what I got was ho-hum and it left me really disappointed.
So if THAT is the standard which AotC fails to achieve, then I think I'll wait for it to be released in a form in which I can watch it for only $4 and if I wish to watch it again, I can (until I have to return it to the vid store).
I normally occupy the East Coast, but I'm traveling on businesss, and an earthquake is a strange experience for me. But I definately felt it. Basically, from up here on the 7th floor, in Walnut Creek, it felt like someone took the room and was rocking it back and forth. The amount of motion was very small, and very gentle. But the fact that the entire room was moving was very strange and disquieting.
I've often said, as an east coaster, that I'd like to feel an earthquake. Well now that I have, I have two reactions.
Not nearly as exciting as I'd anticipated it would be.
Not nearly as calm as I'd anticipated I would be.
IOW, I was scared more than was appropriate for the size of this thing. Thank GOD that they make the building able to survive this kind of thing. As I think about it, the fact that an 8 story building was gently rocking back and forth (probably about 1/2 inch in both directions), and didn't fall is pretty amazing.
Want to simulate it? Have someone go up to your wheeled chair and wiggle it back and forth at a rate of about 3-4Hz. Now, imagine that the desk that you're leaning on, and the floor that you have your feet on is also moving.
Software liability is really only an issue for Microsoft software. In other software markets, where there is not a monopoly, the bad PR from a security incident (or a reliability problem) is enough to incent the producer to produce good code.
Yes, obscurity is an accepted security paradigm. However, when people talk about "security through obscurity" they're typically talking about obscurity as the only security model. And that is a very risky model.
Of course, since Microsoft's API's are still hidden, we don't know whether or not they're using obscurity as their only model. However, it seems, from the alarming number of remote root exploits available it seems evident that Microsoft's claims for obscurity of their API's as a security measure is the only measure that they're taking. Which leaves one of two possibilities:
They are intentionally depending entirely on obscurity as a security practice.
They are conveniently coming up with security as the reason for further obscurity of their API's. IOW, the real reason for obscurity is to propagate their biz model (as you say) and not for security purposes.
I tend to believe the latter. But giving them the benefit of the doubt, we can only argue against the former. Which is that trusting your business to Microsoft's security practices is a very risky proposition.
FYI, if you are looking for why I claim you are wrong, why MS is not a monopoly, and why desktop OS's are not monopolized by MS, take a visit on over to my website in about 3-4 days. I've been fighting this fight for too long here, and am colating my thoughts into a cogent article I can routinely point to.
Have you considered the possibility that you've been fighting this for so long because it's wrong? While it may sound like I'm saying your wrong, that's not what I'm saying. I'm just asking if you've considered the possibility? If what you're doing is fighting instead of discussing? In fighting, it doesn't matter what the other person does or says, just so long as they are vanquished. In discussion, though it may appear combative at times, the goal is to learn from one another.
Clearly I don't agree with much of what you're saying, and I look forward to reading and understanding the thoughts that you think will be convincing.
FYI, Dan. I'm still looking forward to reading your cogent argument for why Microsoft is not a monopoly, and how you can simultaneously claim AOL/TW as evil. Not that I disagree with your latter claim. It just seems inconsistant with your stance on Microsoft.
So I'm really looking forward to reading how the two might be melded together into a consistant stance.
Hmmm... I don't agree with this. And the reason I don't is that I think that evil borrows from good in order to succeed. For example, we all know of people and situations and times in our lives when we and others have done good things simply for the sake of doing something good. We don't always do this, but it's not a difficult concept. We can easily imagine/remember a time when we did a good thing just because it was good. We didn't profit from it. Probably no one else even knew. We simply did it because it was good.
On the other hand, imagine doing something evil simply because it's evil. Almost no one does this. It's hard to even imagine such a situation. People are greedy because they want money. People are unfaithful to their spouses because they want sex. People commit crimes because they want security or freedom or whatever. The closest I can come to imagining doing something evil simply because it's evil is cruelty. But even that is done in the pursuit of pleasure or satisfaction.
But in as far as they go, money, sex, freedom, security, pleasure and satisfaction aren't bad things. Most are neutral things, and some are good things. Pursuing those things isn't bad, but raising the pursuit of those things above other more important principles twists those good or neutral things into evil things. For example, raising my pursuit of money above my respect for your property enables me to steal from you. Pursuit of money isn't evil, but raising it above another, higher principle makes it evil.
Which is to say that the evil acts depend on neutral/good things. In fact, if you want to be effectively evil, you need to be smart, patient, charming, logical, etc. Again, none of those things are bad things. They're all good things that have been twisted.
It is this line of thinking that leads me to believe that good and evil are not on equal footing. IMHO, evil is dependant on, and suborinate to good.
while I'd be inclined to agree with your analogy (if you actually said it right, since I hate both Java and country music), it doesn't really work as an analogy.
That depends on whether or not the guy's statement is an objective statement or an expression of his/her opinion. Stick "I think" in front of the analogy and it's much more difficult to argue with. I don't think there's enough content in the guy's post to know either way, whether he was trying to make an objective or subjective statement.
Funny thing is that music is for the most part subjective. Country music is by far the most popular form of music. At any rate, one could not even come close to objectively stating that country music is better than say rock (whereas one may be able to make an argue for classical music being better than either of the two).
I'm having a difficult time understanding how music can be anything but entirely subjective. As opposed to "for the most part" as you say. Music is good or bad based on a scale of how it moves the listener. So it's entirely possible that, for one listener country music is best, classical is second best, and rock is worst. How can you come to the statement that it might be possible to objectively argue that classical is "better" than either rock or country? Objectively judging something that's entirely subjective seems like nonsense to me. So your first statement (that one couldn't objectively state that country music is better than rock) is something that I can easily agree with, but not your parenthetical statement.
No, I'm not trolling. I'm quite serious. I think that RBL's are not as effective at their job of blocking spam as TMDA and spamassassin. If you think that spamassassin is just an rbl, then you've misunderstood it. If you think TMDA's blacklist makes it an rbl, then you've misunderstood it.
Spamassassin is an email heuristic system that takes ordb (and other rbl's) under advisement. But it is not the final say. It also uses vipul's razor as an advisor, but again it's not the final say. Spamassassin has hundreds of different tests that it performs to determine whether or not an email is a spam. Only a few of which are rbl based tests.
TMDA is a system that doesn't depend on any RBL (Realtime Blackhole List). And contrary to your understanding, it's primary mechanism is NOT a blacklist, it's a whitelist. It's a completely different technology than an RBL. Even if you do use it with a blacklist, it's based on email addresses not IP addresses. So if you spam me, and I blacklist you, your brother on the same email server can still send me email.
I stand by my original claim. RBL's are antiquated technology in comparison to TMDA and spamassassin. They paint too broad of a brush stroke, blocking many people who you want to receive email from, while failing to block many others who you don't want to receive email from.
I agree that you're in a difficult situation, but nothing else works.
I disagree with this assessment. There are at least two other things that work, and IMHO work better. The first is spamassassin, and the second is TMDA. I use both of these in series. And I've not received a single spam in my inbox since January (when I started using them). I used to get 20-30 per day. Now I'm down to zero.
I don't know how well SPEWS works. But I've used other RBL type systems and they always, at some point or another failed, and could sometimes fail big - where I suddenly start getting hundreds of spam from a non-listed IP. The two systems above can fail, but on a single instance, single email at a time. When they fail, they fail small.
IMHO, SPEWS, RBL, and any other IP based list systems are antiquated technology in comparison to spamassassin and TMDA. But YMMV.
Also checkout spamassassin. It scans all emails and applies heuristics to the email to decide whether or not it thinks it's a spam. Each heuristic has a score. By default, any total score above 5 marks the email as a spam.
But here's the cool part. Spamassassin doesn't do anything with it. It simply marks it as a spam. Then you can use something like procmail to decide what to do with it. Me, personally, I store it into a folder called SPAM. I then configure my imap server (courier imapd) to treat that mailbox as a trashcan, and automatically delete anything in it older than 14 days.
This allows me to check if there are any stragglers that get through, but also allows me to forget about it for a couple of weeks at a time. Spamassassin has been tuned to avoid false positives. I've been using spamassassin for months. During that time, I've not had a single email that was not a spam get marked as a spam. I've had emails that were spams get marked as non-spam (false negative). Which, if there's going to be an error, that's the kind I want. I'd hate to call a real email spam, have it sent to my SPAM mailbox and automatically deleted before I read it. The good news is that not a single false positive has occurred, although a few false negatives have occurred.
So I've started using another tool to help deal with spam. It's called TMDA. It's somewhat more complex to setup and use than spamassissin. But a brief description is that it acts like an email firewall. Outgoing messages can be replied to, but incoming messages require that a person prove that they are a person. After which they'll be allowed unrestricted access to send me email.
TMDA is much more exact than spamassassin, which is mostly complicated guessing. It successfully blocks every spam that spamassassin lets through. However, TMDA is also much more complex from an end user perspective. So it might not be for everyone. For example, I only use spamassassin on my wife's account - not TMDA because she's made it clear to me that she doesn't want to learn how to use it. I personally use both of them at the same time, and I've been 100% spam free for months. I used to get 20-30/day.
The article wasnt spefically talking about any market, just their desktop software in general. In OS's, yes they are claimed to have a monopoly. But not anything else. Hence the "near".
Re-read the original quote. Provided here for your convenience:
Thanks to its dominant, near-monopolistic position in what may be the best business on the planet -- system software for personal computers -- Microsoft continues to generate huge amounts of free cash flow.
It's talking about "system software". Maybe that's me interpreting it as OS. But it sure seems like OS to me. I would hardly classify MS Money as "system software". And maybe it's just me implying that "personal computer" means non-server. But, again, I don't think you can classify a server as a "personal" computer. So when they say "near-monopoly" in "system software for personal computer" it suggests that MS actually operates in a free market, that is not illegally dominated by one player. And it rationalizes the idea that any legal consequence for MS is over involvement of the government.
Slashdot Mirror
I'm not trying to start a flame war here. I just think that it's time for me to express my opinion on this matter.
I've been tinkering with gnome and kde since pre kde 1.0 days. I have always preferred gnome to kde. Not because I thought gnome was prettier, but because I could get the functionality that I wanted out of gnome and couldn't get it out of kde.
With the advent of kde3 and gnome2, I will be switching from gnome to kde. Is kde3 slower? It doesn't feel slower to me than gnome1.4. Is kde3 prettier? I think mosfet's liquid is stunning. Can I get kde3 to do what I'm used to doing in gnome1? Not 100% but closer (maybe 90%). Can I get gnome2 to do what I'm used to doing in gnome1? No. I'd say about 50%.
So, from a functionality point of view, gnome1 wins and kde3 is a close 2nd, with gnome2 a distant 3rd. From an aesthetic point of view, kde3 wins, and flip a coin between gnome1/2.
So I'm switching to kde. IMHO, gnome is just not going in a direction that I like.
Remember, this is my opinion. I'm not trying to incite a flame war. I'm just a lone user letting the gnome developers know that they just lost me.
No. They do store something on the mobo. But it's a public key. The fact that you can get to it is irrelevant. So you'll still be able to use your apps offline. You have a public key with you when you're offline. But you still can't crack the verification process. You need access to the private key to do that. And you don't have it.
The key difference between CSS and this thing is that CSS was trying to hide something. This is trying to verify signatures. In CSS, to unhide the thing you need access to something secret. In this, you need access to nothing secret. CSS is insecure because they have to distribute that secret thing to everyone who wants to watch a DVD. Paladium is secure becase the secrets are kept secret.
This is going to be much more difficult to break than CSS.
Ok, but this will be done by installing a certificate (i.e. a signed public key) into the mobo, not a secret key? The certificate will be used to verify that Red Hat (for example) has signed the binary that was distributed. Nothing secret is needed to accomplish this verification. The secret is stored in Red Hat's secret key (stored at red hat) and in the root level secret key (stored, presumably at Microsoft).
So what happens is that Red Hat attaches the cert that they used to sign the app to the app. The mobo cert can verify that it's a red hat cert because the root cert is installed on the mobo. Then the mobo uses the red hat cert to verify that the app has been signed by red hat. No secret keys required. Only publically available knowledge required.
If you're able to break this, then you've broken all public/private key encryption under whatever algorithm was in use.
This is very different from CSS because CSS tries to encrypt (hide) the content. With CSS a huge number of people need to be able to see that content: legitimate customers, none of which have their own private key. So somehow the customer needs to be able to get access to a secret key to see the data. So CSS put a secret key into every DVD player, so that customers could see the data.
But with this, they're not trying to hide anything. They're trying to verify that the data (in this case a computer program) hasn't been altered. Doing that securely does not require wide distribution of a secret key. It requires wide distribution of a certificate (i.e. a public key) but so what? It's a public key. As long as the software provider has a cert signed by microsoft and as long as microsoft keeps their secret key secret, this is going to be very difficult to break.
I think this is very scary, and I think it's quite clever. It basically makes the problem of exercising the GPL the equivalant of cracking public/private key encryption. And that doesn't even mention the amount of power than Microsoft can impose through forced upgrades? Certificates expire. Microsoft can impose that all software providers certificates will expire every year, or 6 months or whatever. At which point, the software will no longer verify correctly. Which means you need to go back to your provider to get an upgrade with a new certificate! You thought forced upgrades were bad before? And what happens if Red Hat decides to divulge their secret key so that the GPL can continue to be exercised? Or if they make it easy to get signed apps? Well then Microsoft simply decides *not* to issue them a new certificate when their current one expires.
This is clever in a very sinister way... unless I'm missing something.
Yeah, and if turns out to be too annoying, getting rid of it will be like pulling teeth!
I use TMDA to handle people sending me return mail. TMDA lets me create return addresses that will work for a certain amount of time. During that time, when email is sent to that address it will go through. After that time, I can do lots of things. I can bounce the email, silently drop it, or request confirmation. Confirmation is the process that takes place whenever someone unknown to me send me an email. Once confirmed, that person becomes known and will not need to go through confirmation again.
TMDA is like a firewall for my mailbox. If I send an email, replies will automatically work. Otherwise, you are required to authenticate yourself before you get in. I use it in conjunction with spamassassin. I like spamassassin. It works great, but it's not 100%. TMDA, so far, has been 100% effective at blocking spam, while letting legit email through.
And TMDA is a server based system. So it's possible to set it up to work with any email client that send email through the server. So it'll work for your unix clients or your windows clients...
Check it out.
Right. And if you buck this trend you get crucified as being behind the times, or way slow on delivery. Personally, I'm glad that debian and mozilla work hard not to let the pressure for releases impact the quality of their product.
Cheers, - Mark
Doesn't this prove the point? That when there's a large monetary gap between the leader and the also rans, that the leader has no pressure to produce quality? In other words, it's competition that drives quality. If there's no competition, shouldn't we expect lack of quality?
Yes, but the cost is really widely distributed, so that compensation for any individual is complicated. Let me give you an example.
I run Linux. I also have an HP printer, so I use the hpoj software. I also like the CUPS print spool software. HPOJ and CUPS don't integrate very well. So I wrote, and distribute under GPL, a CUPS backend that allows it to integrate with HPOJ. I contributed about 2-3 hours of time to get this to work. But in return I got hundreds and hundreds of other people's work. I got a working printer and a very flexible print spooler running on a free operating system! And for that I made it so that other people can do that too. I contributed 2-3 hours of work that has value, because it saves time for whoever else uses it (2-3 hours multiplied by the number of users). Thus it contributes back to the economy of opensource/free software, making it all more valuable. I pay small amount of time, and I get back huge amounts of time. Moreover, my contribution makes it so that the next guy will get even more back for his/her contributions. Everyone that contributes a small amount of time, gets paid back much more than they contributed.
What makes opensource/free software different is that it allows large numbers of people to contribute their work to each other, and cumulatively save themselves tons of work. I gladly trade 2-3 hours of work for 2-3 hundred hours of work. It saves me time and money.
I like Joel's article, but it doesn't explain the tradeoff of how people get paid in opensource. It doesn't explain the small amount of effort input for huge amounts of gain returned that opensource/free software allows and encourages. And that's got to be part of the economic equation that explains opensource. It only tries to explain the economics of why IBM, HP, et al, are contributing to opensource. It ignores the fact that IBM, HP, et al, are also trading their small contributions of time for the huge amount of time and money that they save.
Yes, but the assumption that is made when a company increases shareholder value is that the company is actually doing something that increases the gdp of the entire country. Otherwise you end up with a zero-sum gain.
So for example, if I am a company that produces widgets, and I develop a way to produce more widgets for the same price, I've increased the value of the company, in that I'll be able to lower the price of my widgets while still increasing the profits of my business. Society benefits by getting cheaper widgets and shareholders should reward that kind of thing.
However, if I don't actually do anything but make it look like I'm perpetually increasing the profits of my company, I'm duping society. You end up with one person getting rich by selling high valued stock, while another person (who buys that stock) gets poor. Nothing is produced. Money is simply changed from one hand to another: the zero sum gain.
In the first example, all of society is richer because of the innovative prodution method that allows them to reap profits which is further rewarded in the stock price. In the latter example, nothing actually improves, money just moves from one person to another, without anyone having had to do any actual work.
Which is fine, I suppose. But I would suggest that we as a society demand that people play by the rules. Specifically that companies get to reap the rewards of being profitable when they produce something that benefits society (as determined by the market). If they don't produce anything new, then they shouldn't be rewarded. If they're using accounting practices that allow a company to reap the rewards of producing something new without actually producing something new, I think we should decide to call that fraud or theft, and treat it accordingly.
$.02.
Not true. Section 6 of the GPL states:
My ability to redistribute GPL'd code is granted by the original licensor, not the guy who I happened to get it from. They guy who I happened to get it from doesn't have the right to impose any additional restrictions, like per-seat licensing.
Also, section 3 says:
So this means that I have these rights whether I decide to re-release the binary or the source code form of the program. I just have to make sure that if I re-release the binary form, I also make available the source code. But I'm not restricted from re-releasing a binary. Which means, per-seat licensing restrictions are a violation of the GPL.
But, IANAL, so I may have an overly simplistic interpretation. It seems pretty clear to me, though.
But they can not restrict someone, who gets the source, from re-releasing binaries of the packages, as long as they also include the source. And if they release the binaries, they can not restrict the person who receives those binaries from re-releasing them. This is what the GPL guarantees. That if you get a copy of the code, either in source or binary form, you can give it away. Which means that per-seat licensing of binary GPL'd code is a violation of the GPL since it prevents the receiver of the code from re-releasing that code.
I don't know, but it seems to me that UL are saying that you can't re-release their own code, not the GPL'd code on the system. And if that's the case they're no problem. But if they're restricting the usage of GPL'd software (in either binary or source code form) then that's a violation of the GPL which provides that once you receive code you can give it away.
But, IANAL, so take my opinion as such.
Geez, pal. You don't like the "news for nerds"? Feel free to go some where else. No one around here will miss you.
Right. Which is exactly what they thought in the 70's, too, hence the TV shows.
Just like Vladimir and Estragon, I will be waiting (for what I'm sure seems an eternity) for the video/dvd representation of this film. Why? Because I finally saw spider-man. And if AotC is not as good as spider-man, then AotC is not worth my money.
I was really quite disappointed with spider-man. The dialogue was really bad. The FX were fun and the premise was great, but the dialogue was so contrived as to make it impossible for me to suspend my disbelief and enjoy the good parts of the movie. Which is too bad, because for once, this was a movie that didn't lack in story. It lacked in execution. It could have been a really good movie, and after having read the reviews provided here, I expected a pretty good movie. But what I got was ho-hum and it left me really disappointed.
So if THAT is the standard which AotC fails to achieve, then I think I'll wait for it to be released in a form in which I can watch it for only $4 and if I wish to watch it again, I can (until I have to return it to the vid store).
I've often said, as an east coaster, that I'd like to feel an earthquake. Well now that I have, I have two reactions.
IOW, I was scared more than was appropriate for the size of this thing. Thank GOD that they make the building able to survive this kind of thing. As I think about it, the fact that an 8 story building was gently rocking back and forth (probably about 1/2 inch in both directions), and didn't fall is pretty amazing.
Want to simulate it? Have someone go up to your wheeled chair and wiggle it back and forth at a rate of about 3-4Hz. Now, imagine that the desk that you're leaning on, and the floor that you have your feet on is also moving.
+1,Insightful (virtual moderator point)
Software liability is really only an issue for Microsoft software. In other software markets, where there is not a monopoly, the bad PR from a security incident (or a reliability problem) is enough to incent the producer to produce good code.
Of course, since Microsoft's API's are still hidden, we don't know whether or not they're using obscurity as their only model. However, it seems, from the alarming number of remote root exploits available it seems evident that Microsoft's claims for obscurity of their API's as a security measure is the only measure that they're taking. Which leaves one of two possibilities:
I tend to believe the latter. But giving them the benefit of the doubt, we can only argue against the former. Which is that trusting your business to Microsoft's security practices is a very risky proposition.
Have you considered the possibility that you've been fighting this for so long because it's wrong? While it may sound like I'm saying your wrong, that's not what I'm saying. I'm just asking if you've considered the possibility? If what you're doing is fighting instead of discussing? In fighting, it doesn't matter what the other person does or says, just so long as they are vanquished. In discussion, though it may appear combative at times, the goal is to learn from one another.
Clearly I don't agree with much of what you're saying, and I look forward to reading and understanding the thoughts that you think will be convincing.
FYI, Dan. I'm still looking forward to reading your cogent argument for why Microsoft is not a monopoly, and how you can simultaneously claim AOL/TW as evil. Not that I disagree with your latter claim. It just seems inconsistant with your stance on Microsoft.
So I'm really looking forward to reading how the two might be melded together into a consistant stance.
Hmmm... I don't agree with this. And the reason I don't is that I think that evil borrows from good in order to succeed. For example, we all know of people and situations and times in our lives when we and others have done good things simply for the sake of doing something good. We don't always do this, but it's not a difficult concept. We can easily imagine/remember a time when we did a good thing just because it was good. We didn't profit from it. Probably no one else even knew. We simply did it because it was good.
On the other hand, imagine doing something evil simply because it's evil. Almost no one does this. It's hard to even imagine such a situation. People are greedy because they want money. People are unfaithful to their spouses because they want sex. People commit crimes because they want security or freedom or whatever. The closest I can come to imagining doing something evil simply because it's evil is cruelty. But even that is done in the pursuit of pleasure or satisfaction.
But in as far as they go, money, sex, freedom, security, pleasure and satisfaction aren't bad things. Most are neutral things, and some are good things. Pursuing those things isn't bad, but raising the pursuit of those things above other more important principles twists those good or neutral things into evil things. For example, raising my pursuit of money above my respect for your property enables me to steal from you. Pursuit of money isn't evil, but raising it above another, higher principle makes it evil.
Which is to say that the evil acts depend on neutral/good things. In fact, if you want to be effectively evil, you need to be smart, patient, charming, logical, etc. Again, none of those things are bad things. They're all good things that have been twisted.
It is this line of thinking that leads me to believe that good and evil are not on equal footing. IMHO, evil is dependant on, and suborinate to good.
That depends on whether or not the guy's statement is an objective statement or an expression of his/her opinion. Stick "I think" in front of the analogy and it's much more difficult to argue with. I don't think there's enough content in the guy's post to know either way, whether he was trying to make an objective or subjective statement.
I'm having a difficult time understanding how music can be anything but entirely subjective. As opposed to "for the most part" as you say. Music is good or bad based on a scale of how it moves the listener. So it's entirely possible that, for one listener country music is best, classical is second best, and rock is worst. How can you come to the statement that it might be possible to objectively argue that classical is "better" than either rock or country? Objectively judging something that's entirely subjective seems like nonsense to me. So your first statement (that one couldn't objectively state that country music is better than rock) is something that I can easily agree with, but not your parenthetical statement.
No, I'm not trolling. I'm quite serious. I think that RBL's are not as effective at their job of blocking spam as TMDA and spamassassin. If you think that spamassassin is just an rbl, then you've misunderstood it. If you think TMDA's blacklist makes it an rbl, then you've misunderstood it.
Spamassassin is an email heuristic system that takes ordb (and other rbl's) under advisement. But it is not the final say. It also uses vipul's razor as an advisor, but again it's not the final say. Spamassassin has hundreds of different tests that it performs to determine whether or not an email is a spam. Only a few of which are rbl based tests.
TMDA is a system that doesn't depend on any RBL (Realtime Blackhole List). And contrary to your understanding, it's primary mechanism is NOT a blacklist, it's a whitelist. It's a completely different technology than an RBL. Even if you do use it with a blacklist, it's based on email addresses not IP addresses. So if you spam me, and I blacklist you, your brother on the same email server can still send me email.
I stand by my original claim. RBL's are antiquated technology in comparison to TMDA and spamassassin. They paint too broad of a brush stroke, blocking many people who you want to receive email from, while failing to block many others who you don't want to receive email from.
I disagree with this assessment. There are at least two other things that work, and IMHO work better. The first is spamassassin, and the second is TMDA. I use both of these in series. And I've not received a single spam in my inbox since January (when I started using them). I used to get 20-30 per day. Now I'm down to zero.
I don't know how well SPEWS works. But I've used other RBL type systems and they always, at some point or another failed, and could sometimes fail big - where I suddenly start getting hundreds of spam from a non-listed IP. The two systems above can fail, but on a single instance, single email at a time. When they fail, they fail small.
IMHO, SPEWS, RBL, and any other IP based list systems are antiquated technology in comparison to spamassassin and TMDA. But YMMV.
$.02
But here's the cool part. Spamassassin doesn't do anything with it. It simply marks it as a spam. Then you can use something like procmail to decide what to do with it. Me, personally, I store it into a folder called SPAM. I then configure my imap server (courier imapd) to treat that mailbox as a trashcan, and automatically delete anything in it older than 14 days.
This allows me to check if there are any stragglers that get through, but also allows me to forget about it for a couple of weeks at a time. Spamassassin has been tuned to avoid false positives. I've been using spamassassin for months. During that time, I've not had a single email that was not a spam get marked as a spam. I've had emails that were spams get marked as non-spam (false negative). Which, if there's going to be an error, that's the kind I want. I'd hate to call a real email spam, have it sent to my SPAM mailbox and automatically deleted before I read it. The good news is that not a single false positive has occurred, although a few false negatives have occurred.
So I've started using another tool to help deal with spam. It's called TMDA. It's somewhat more complex to setup and use than spamassissin. But a brief description is that it acts like an email firewall. Outgoing messages can be replied to, but incoming messages require that a person prove that they are a person. After which they'll be allowed unrestricted access to send me email.
TMDA is much more exact than spamassassin, which is mostly complicated guessing. It successfully blocks every spam that spamassassin lets through. However, TMDA is also much more complex from an end user perspective. So it might not be for everyone. For example, I only use spamassassin on my wife's account - not TMDA because she's made it clear to me that she doesn't want to learn how to use it. I personally use both of them at the same time, and I've been 100% spam free for months. I used to get 20-30/day.
$.02
Re-read the original quote. Provided here for your convenience:
It's talking about "system software". Maybe that's me interpreting it as OS. But it sure seems like OS to me. I would hardly classify MS Money as "system software". And maybe it's just me implying that "personal computer" means non-server. But, again, I don't think you can classify a server as a "personal" computer. So when they say "near-monopoly" in "system software for personal computer" it suggests that MS actually operates in a free market, that is not illegally dominated by one player. And it rationalizes the idea that any legal consequence for MS is over involvement of the government.
Which, of course, I disagree with.