Slashdot Mirror


User: jonadab

jonadab's activity in the archive.

Stories
0
Comments
5,933
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,933

  1. Re:spam & mail on How to Become A Spammer · · Score: 1

    They are typically sold, but not for very *much* profit, for two
    reasons. First, they have to compete with non-recycled paper, which
    is at least as cheap to manufacture as recycled paper. (This is
    very different from glass or aluminum, which are cheaper to make
    from the recyclables than from raw materials.) Second, recycled
    paper is not usable for all purposes, so the demand is limited; at
    some times and in some places, the supply has exceeded the demand to
    such an extent that recycled paper *has* been thrown into a landfill.
    Although that isn't what usually happens, it does drive down the
    prices of recycled paper.

    Now, you might think otherwise if you try to buy (say) stationery
    made from recycled paper and find out that it costs more than the
    non-recycled variety, but that's the ecconomy of scale talking
    (same reason a VT510 (dumb terminal) costs more than a cheap PC).

    There's very little money in recycled paper. If your recycle place
    pays you for your recyclable paper, it's probably subsidized. This
    is not true of certain other recyclable materials (notably glass and
    certain metals).

    Finally, this is the situation in the US, but the ecconomics may[1]
    be somewhat different in nations with significantly less land per
    capita (I'm thinking of Japan especially -- lots of people using
    lots of paper, not much land), because of the higher cost of
    maintaining the forests where the pulpwood is grown, if it is
    significantly more expensive to own land. I'm also not sure
    about the ecconomics of importing the pulpwood (or the paper).

    [1] or may not; I don't know for sure.

  2. Re:does this really require a readme.txt?? on How to Become A Spammer · · Score: 2, Insightful

    Defeating naive bayesian filtering is easy: weight the message
    with N random words from a dictionary file, where N is calculated
    to be sufficiently large that it will surely contain at least half
    as many squeaky clean words as the number of "most interesting"
    tokens the filter considers. Further note that these words do
    not have to get in the way of the message: they can be stuck
    anyplace the filter will see them, even if the user will probably
    not see them there. (Think: X-Die-Filter-Die headers, sig blocks,
    MIME separators, HTML comments, to the right of a hundred spaces,
    and so on and so forth.)

    Of course, we can make bayesian filters less naive by having them
    consider context of tokens, but that consumes more system resources,
    and then the spammers can drag out the Markov chains. And we know
    there are miscreants who know how to write Markov chain generators,
    because hipcrime has been using them for years to get past the
    net.admin.net-abuse.* robocancel-moderation and pull assorted
    maladjusted and juvenile stunts. And detecting Markov chains is
    probably AI complete, or at least significantly difficult.

    Regardless of what the spammers do, bayesian filters (if made less
    naive than the current ones) can *probably* continue to work when
    trained on a large bulk of well-sorted mail from a single user's
    account and used to sort that same user's mail, but I don't think
    they will ever be a hassle-free drop-in solution for the masses.
    Without good data on the nature of a specific user's mail (i.e.,
    data the spammers (hopefully) don't have), they're too easy to
    defeat. Markov chains are not even especially new technology, and
    while the idea is clever, much more advanced autogeneration is
    possible... *generating* human language text is *way* easier
    than parsing it, which makes the filtering game ultimately a
    losing battle for mail clients -- unless intelligent user input
    (selection) goes into training the filter for *each* person's mail,
    which gives you a leg up on the spammer who doesn't have your data.

  3. Re:It doesn't seem terribly complicated on How to Become A Spammer · · Score: 5, Insightful

    > Obtaining a valid list of e-mail addresses is not very easy,
    > you either need to invest money or you need to figure out how
    > to harvest e-mails from the web/usenet.

    That part's trivial. You'll get 50% invalid addresses, but so what?

    Step 3 is easier than you think: at this time, you don't have to
    fool the filters of the 0.05% who use even moderately complex
    filters[1]; all you have to do is get past the things that are
    deployed ISP-wide, like psmtp.com's filtering service. (This is
    trivial to get past: write three spams at random, and two of them
    will get past. No cleverness required.)

    If you have to get past word blacklists, then you also need to use
    a thesaurus (or 1337 sp33k), but word blacklists are relatively
    uncommon, because they get too many false positives. Really, all
    you have to do is get past the filters that ISPs deploy, not the
    ones individuals install. Remember, if you have to send twice as
    many messages to get the same response, it doesn't cost you that
    much more. (This is what makes spam so problematic. *Almost*
    makes me want the estamps thing to succeed.)

    The hard part is convincing businesses that have money (and are
    therefore presumably profitable) that they can gain more than
    they lose by investing in your services. I assume you send all
    the businesses in the universe adverts for your services and hope
    0.001% of them bite. I would like to think that more than 99.9%
    of them know better, but... I know better. Fortunately each
    spammer has to compete with all the others for limited business,
    so the number of spammers who can make money spamming is finite.
    Praises be.

    As for point 4, finding a spam-friendly ISP is a real pain; it's
    much easier to run port scans and find open relays, then test
    them to see which ones *don't* do a reverse lookup of your IP.

    Then you send to the open relay from a custom MTA that you run
    on a dynamic IP in such a way that it randomly generates From
    and Received headers and such for each message, thus making it
    a real pain for the recipient to track down where the spam
    *originated*. Finding out where it came from to your ISP is
    easy, but that's an open relay in the APNIC block whose IP is
    not reverse-lookupable (virtually *nothing* in APNIC supplies
    PTR records), and so tracking down the owner of the relay is
    hard, and they don't speak your language, and they don't give
    a rodent's posterior about your spam problem. For extra bonus
    points, get a hosting deal in Asia and run your MTA there, so
    that tracing you back to your ISP in the US is basically
    impossible, and if we *do* figure out who runs the MTA in Asia,
    we'll assume it's an open relay, provided you insert the usual
    forged Received headers. Yes, I've spent way too much time
    looking at mail headers.

    So in conclusion, the main thing preventing a lot of people such
    as myself from becomming spammers is that we hate spam. That, and
    it's so obviously *wrong*.

    [1] e.g., people like me, who trained a naive bayesian mail
    classification system (ifile) on a collection of tens of
    thousands of well-categorised messages in 3 dozen distinct
    categories, including several distinct spam categories.

    But actually, with a modicum of cleverness, a naive bayesian
    system can be easily defeated. As soon as I read how the
    algorithm works, I realised inside ten minutes how they can
    defeat it. Consequently, they can figure it out too; if
    enough people start using such systems they'll do that, and
    we'll have to get more clever with our mail classification
    systems, taking context into account for tokens, at which
    point they'll drag out the Markov chain generators, which
    will be *hell* to try to filter against. At that point it
    might be easiest to hire somebody in the third world (where
    the ecconomy is suc

  4. Re:Heh on GoboLinux Rethinks The Linux Filesystems · · Score: 1

    I prefer odd/even: even numbers to the north and east, odd numbers
    to the south and west. (Or vice versa; as long as you're consistent,
    it doesn't matter which way is which.)

    Extra bonus points if the first digit of a three-digit house number
    tells you which cross street it's near. Thus, 318 Eleventh Avenue
    would be on an Avenue (which means it runs east/west), on the north
    side of the avenue, somewhere between 3rd Street and 5th Street,
    probably closer to 3rd Street. Because Eleven is odd, you'd know
    that the avenue is on the south side of town, and because 3 is odd
    you'd know that the house is on the west side. 387 Eleventh Avenue
    would be on the same block but across the avenue (on the south side
    since 387 is odd) and further west, closer to 5th than to 3rd.

    This would take a small amount of getting used to, but after three
    months you'd be able to go directly to any address, even if you'd
    never heard of or seen the specific street before.

    If you have to put a north-south street in between 3rd Street and
    5th Street, you call it 3rd Ct, and if you have to put in an
    east-west one between Eleventh Avenue and Thirteenth Avenue, you
    call it Eleventh Alley (or somesuch). Notice that the north-south
    ones (3rd St, 3rd Ct, 5th St, 5th Ct) use the ordinal notation
    with digits, and the east-west ones are spelled out, because
    "Avenue" is longer than "St".

    The interesting other option is to use a polar setup, where you
    state the position along the street first and then the street, as
    with conventional addresses. So, "I live at 4172 Yards, 245
    Degrees" means you live 4172 yards from the center of town along
    a street that runs straight out of town at that angle; similarly,
    "I work at 16.8 degrees, 2000 Yards" would mean your job was on
    one of the concentric-circle streets (which happens to be 2000
    Yards from the center of town) and about 16.8 degrees from the
    due-east street (Which you probably call 360 rather than 0 to
    avoid freaking out-of-towners who don't want to see a 0 address).

    </sane>
    Or, we could do away with all this "address" nonsense and just
    use precise latitude and longitude and altitude for everything...
    Picture UPS man with GPS unit, trying to deliver a package:
    "these coordinates must be in the basement of that building.
    Now, where's the door..."

  5. Re:weapons on Build Your Own HERF Gun · · Score: 1

    > the airplanes are designed to withstand a lightning strike

    Hmmm, yes. I don't think I want to see a HERF designed to give
    a stronger jolt than lightning, and I'm *certain* I don't want to
    pay the electric bill.

  6. Re:too bad on Buckminsterfullerene Strikes Again - Nanotube RAM · · Score: 1

    > > But the firm aims to have memories on the market within a year
    > A lot shorter than ten years, hopefully. Though I'm skeptical
    > we'll see them commercially available within a year...

    It goes something like this...

    May 2004: dev team member admits to management that a little
    more tweaking is required, but it should be ready by fall.
    Team member who breaks this news to management may or may
    not be fired, depending on the weather.
    Jun 2004: Slashdot runs a story on the delay.
    Aug 2004: Slashdot runs a story on the delay.
    Feb 2005: dev team proudly announces to management that it
    is now indeed ready for production.
    Mar 2005: Slashdot runs a story and we all get excited.
    Apr 2005: plans are laid for actual production, and an assembly
    line is booked for starting in August. Slashdot runs a
    story on this and we all get excited.
    Oct 2005: first units ship, in theory, but mere mortals do
    not see them. But there's a review, and slashdot posts a
    story that links to it and gets us all excited.
    Nov 2007: first motherboard ships that is compatible with the
    memory units. And it's less than a thousand bucks. (Of
    course, the memory is much more expensive than that...)
    Feb 2008: Software vendors start announcing compatibility.
    Slashdot runs a story for each of them.
    Dec 2009: mere mortals can afford it, if they make good money.
    There's a review on Ars Technica that explains the theory of
    how it works and features benchmark graphs that reveal it
    might improve system performance if memory is your bottleneck,
    but that you definitely have to consider disk I/O also in the
    overall picture.
    Dec 2011: normal people like you and I can maybe get our hand
    on a complete working system for around a thousand bucks.
    Dec 2012: the next big thing hits, and prices drop.
    Jun 2013: you can pick up a used system on ebay for $200.
    May 2015: the stuff's a glut on the market. You try to sell
    a complete system on ebay with no reserve and it doesn't
    even sell. You end up letting it go for the cost of
    shipping so you don't have to worry about recycling it.

  7. Re:rpc blocked too on Preventing the NT Messenger From Use as a Spam Portal? · · Score: 1

    Couple of things to check:

    1. Are you talking about 135 TCP or 135 UDP? I don't happen to
    know which one it should be.

    2. Could the stuff be coming from inside the firewall?

  8. When Yahoo and Google migrate... on What's Your Timeline for IPv6 Migration? · · Score: 1

    When Yahoo and Google switch over to IPv6, we'll know it's time.

  9. Re:think of the gamers man! on The Interplanetary Internet · · Score: 1

    Diplomacy (the Avalon Hill game) would also work really well.
    We play it now with typically three days per turn. See for
    example www.diplom.org

  10. Water on An Affordable Air Purifier For Dusty Computer Labs? · · Score: 2

    Water makes a *great* dust filter. The Rainbow line of vacuum
    cleaners runs their output through a water pan, and the result
    is a *lot* less dust (if you sweep at all regularly). Now, those
    things run a fair penny more than the $500 you were looking at,
    but you can probably take advantage of the same principle for
    well under $500. You need two things: a system for rotating
    the room's air so that any given bit of air makes it to your
    filter system periodically, and a filter system that takes the
    air and forces it down into a bucket of water. You do have to
    change the water, but that's easier and much cheaper than changing
    a traditional filter. (In theory you could rig something up to
    automatically change the water, but probably not inside of your
    $500 budget.) You can tell that stuff is being removed from the
    air because the water turns black.

  11. Re:Latency on Cable Beats DSL For Average Speed · · Score: 1

    40ms is pretty good, actually.

    On the T1 at work I get 40ms ping times to www.yahoo.com (California)
    or about 33 to www.bright.net (which is in Ohio, where I am, but on
    a different network), 18 to Ohio State University. Of course, I get
    7ms ping times to anything on OPLIN's network (i.e., any public
    library in Ohio -- well, the ones that answer pings), but that's
    not fair, because those pings only go through four or five hops.

    The people who claim 5ms ping times are presumably similarly
    connected: they have the same ISP as the server, or something
    along those lines.

    Now, at home I'm lucky to get 200ms ping times to anything, but
    that's dialup.

  12. Re:Population density = cheap internet on Cable Beats DSL For Average Speed · · Score: 2, Insightful

    > the guys in the city may be cheap to wire up, but the guys out in
    > the burbs cost a small fortune(and there's fewer of 'em.)

    No, that's just it: there are not fewer of them, or at least not
    substantially fewer. For every big[1] city, there are several
    hundred[2] small-to-medium communities. The average population
    of these small-to-medium communities is around five or ten thousand
    persons[2] each[3]. Some are larger, some are smaller. Some are
    near the big cities (suburbs) and many are not. None of them have
    the impressive numbers of people like the big cities. But when you
    add them all up, it comes to a lot[2] of people. Then there are
    the people who live five minutes' drive outside the city limits...
    a typical non-suburban small community of ten thousand people has
    a couple thousand[2] more of those people living around it. (This
    is less a factor for suburbs, because they are mostly surrounded by
    other municipalities.) And then there are the twenty-some
    percent[4] of the population who live in rural areas. When we
    get wired broadband to _them_, we'll have set a new standard for
    what it means to be a first-world nation. (Currently, mere phone
    lines to every house will just about satisfy the communications
    infrastructure requirements.)

    Now, some states (California) are more urban, but then some
    (Indiana) are more rural. Anyway, my point is that we tend to
    think of "most" people living in the big cities, but while most
    people do live in a municipality, a great many of them live in
    ones we would not generally consider to be quite urban.

    [1] Say, a million or more. Some people would draw the line
    a bit lower, but I had to pick a size to talk about. Is
    a city of a hundred thousand people really "urban"? Can
    people in cities that size all get cheap broadband?

    [2] Statistics courtesy of Jonadab's Flagrant Guesstimation.

    [3] It depends what you count. If you count every community with
    a name, there are more like a thousand of them per big[1]
    city, but it brings the average population way down. If you
    only count actual municipalities, there are some n in the low
    hundreds per big city, but the population is a bit higher.

    [4] Almost one-third in Ohio, which is about average; it's much
    higher in some states, and much lower in others. However,
    the states with the lower percentages of rural population
    have the higher populations, so the overall percentage is
    somewhat less than what you get if you average the numbers
    from each state.

  13. Re:Root password? on Social Engineering Still Best Way to Crack Security · · Score: 1

    It's probably pretty easy in a lot of cases to social engineer
    root access, but you don't do it by calling up the sysadmin.

    Most sysadmins are sufficiently paranoid that, if you called them on
    the phone and asked them for the root password for the server, they'd
    instantly go on the alert. The extremely paranoid ones would say
    anything ("Umm, I'm sure I have that written down here somewhere...")
    to keep you on the line while they pull your number off of caller
    ID and run it through an online phonebook service (Reference USA
    or the equivalent) for an address. Then they'd change all the
    passwords and log all logins for at least a week.

    The more confident and/or busy sysadmins would tell you that they
    can't give out the root password. Very few sysadmins would just
    give it to you. But there are other ways to get root access...

    1. Social engineer the sysadmin's non-IT boss. I suspect this
    is probably the easiest way. I know my boss (a librarian,
    with roughly no IT background) has all the passwords for
    our main server. I don't know how likely she would be to
    give them out over the phone, but I know _exactly_ how
    likely you would be to get them out of *me* over the phone,
    and so she'd be a better bet. (Fortunately, remote login
    in our case uses a password rotation, so the regular password
    for local access won't work unless you're on-site.)

    2. Slip in at night, use physical access to compromise the
    sysadmin's workstation (e.g., by booting in single-user
    mode), and install a keyboard logger that reports its
    results by obscuring them in a way you can easily reverse
    and posting them to alt.test or serving them out via http
    on some unused port.

    3. Get a user password and use a privilege escalation attack.

  14. Re:I'm obviously retarded on Bitstream/Gnome Release Vera Font Family · · Score: 1

    here is a screenshot showing the three fonts. The mono font looks pretty good as boldface in gnome-terminal. I could live with this as a replacement for Andale Mono. The serif font I basically don't care about, because I normally have very little use for serif fonts, but it's certainly better than Times New Roman, albeit arguably not as nice in some ways as Georgia. Like I said, it's really hard for me to say, because I'm just not a fan of serifs in general. The sans font is not as good IMO as Verdana or Adobe helvetica.

  15. Okay, this is now getting *OLD*. on Firebird Name Debate Enters a New Stage · · Score: 4, Insightful

    First it was Mozilla. Then it was Netscape. Then it was Navigator.
    Then it was Communicator, which contained Navigator and was produced
    by Netscape. Then it was Mozilla again. Then it was SeaMonkey.
    Then it was Mozilla again. Then they decided to split it up into
    Phoenix, Minotaur, and so forth. Then they renamed them to Firebird,
    Thunderbird, and who knows what. Now the name Firebird is in
    dispute... *ENOUGH*. No more name changes. Just call it "the
    Mozilla.org browser", "the Mozilla.org mailreader", and so on, and
    that'll be fine.

  16. Re:Oh great, more network traffic on Translucent Windows for X using OpenGL · · Score: 1

    > Of course a cybercafe may well be a worst-case scenario: all you
    > need is for all ten clients to leave an animated gif pop-up on
    > their screen and you have a serious redraw issue.

    Configure them to only play through looping animations once. In
    Mozilla, that's under Edit->Preferences->Privacy&Security->Images

  17. Re:Another thing that X should have had a long tim on Translucent Windows for X using OpenGL · · Score: 1

    It's not the processor; it's the amount of RAM.

    And yeah, when Win3.1 was current, PCs had approximately no RAM,
    so current versions of KDE would have sucked in the uttermost.

  18. Re:I say publish all the details overseas on Blackboard Campus IDs: Security Thru Cease & Desist · · Score: 5, Insightful

    Indeed. If they'd just thrown the information onto usenet in the
    first place, no lawyer action would have had any effect at all.
    The problem is, people[1] who find security flaws don't generally
    *want* to post them to usenet: they want to work with the vendor
    and the security community to get the problems _fixed_.

    So here's the question: will these sorts of responses from vendors
    force the security community into just giving up on all pretenses
    of working with the vendor and just leaking everything to the
    general public immediately upon discovery? That would be bad for
    all concerned, but it might be better than being lawyered to death.
    It's pretty easy to arrange to get something posted to usenet
    with a reasonable degree of anonymity, and there's absolutely no
    way to suppress anything that has been posted to a big-8 or alt
    group, short of destroying the whole planet. But I don't think
    I trust the security of a product whose vendor is sufficiently
    uncooperative as to motivate a discoverer[1] of a vulnerability
    to do things that way.

    Maybe people who discover such vulnerabilities should discreetly
    communicate everything they know to some third party overseas
    first before doing anything else...? But you still have the
    problem that if you try to work with the vendor they know who
    you are and can laywer you, and you can be held responsible for
    communicating the information to the third party.

    Ah... but what if the original discoverer remained anonymous
    and communicated to someone _else_ who would try to work with
    the vendor, and if that failed the original discoverer or some
    third party he communicates with could release the information
    to the security community (and, in the process, the general
    public)? This would be harder for the discoverer, who would
    have to anonymously contact a trusted third party in the first
    place whom he would have to trust to make a good-faith attempt
    to work with the vendor. But if the vendor tried to laywer
    the non-anonymous person, they'd run into "I just found out
    from this here anonymous email and was trying to work with
    you; this leak must have been perpetrated by the evil person
    who circumvented your effective measure in the first place,
    probably the same dude who sent this email, which seems to
    have come to me from an evil open relay in southeast Asia,
    one of the same ones the spammers use to send me special
    offers for reduced-price copies of your products, which they're
    probably pirating. Gosh, you should really go after those
    open relays, they're all kinds of trouble."

    [1] Security people, I mean. I'm not talking about blackhats.

  19. Re:No current languages will exist.. on The Hundred-Year Language · · Score: 1

    I think he meant qubit, which is pronounced the same as cubit but
    spelled with a qu because that stands for quantum. I'm a little
    fuzzy on some of the quantum stuff, but to the best of my
    understanding a qubit may change its value if you examine it, or
    something like that. Except I'm pretty sure I don't entirely
    understand, because if that were the case they surely would have
    called them heisenbits. So it must be something else. Anyway,
    if you arrange a whole bunch of qubits right you're supposed to
    be able to build a computer that can do in O(1) time what
    currently takes O(n) time.

  20. Re:how long on The Hundred-Year Language · · Score: 2, Interesting

    Morphology? In computer languages? Name an instance. The closest
    thing I've seen to that are the sigils in Perl (where %foo can
    become $foo when you access an individual value and @foo when you
    access a slice), and even that is going away in Perl6. Besides,
    that's not really even morphology so much as inflection. Real
    morphology would be if spellings of words mutated not based
    on meaning but on the adjascent words, or if attaching an affix could
    cause changes in the spelling of the rest of the word. This happens
    quite a bit in natural language, but I don't know of a single case
    of it in any computer language.

    Actually, I'm now trying to imagine what that would be like...
    and I think I'm getting the willies.

  21. Re:English and Grammar... on The Hundred-Year Language · · Score: 1

    > What other languages can use one word to make an entire sentence ?

    Klingon, for one. And I'm not talking about repeating the word;
    one single word can just about literally be the whole sentence.
    Actually, almost any inflected language can do this with simple
    sentences, to a greater or lesser extent. It's way easier to
    say one-word sentences in Hebrew than in English, for example.

    The really unique thing about English is not the grammar so much
    as the expansive vocabulary. There are other word-order languages,
    but no other has a lexicon the size of the OED -- and periodically
    I unearth words that aren't _in_ the OED. (I ought to start
    keeping a list, but to date I haven't bothered.) Real words,
    mind you, not street slang. And they aren't all new words,
    either; occasionally you can find fairly old words (as the age
    of English words go, that is) that were missed out.

  22. Re:how long on The Hundred-Year Language · · Score: 1

    > Forth can be used a little bit like that

    Oh, yes, Forth is *so* much like natural language...

    forth love? if honk then

    Compare this to a language designed by a linguist...

    honk() if $you->love(Perl);

    Okay, too much punctuation. But in Perl6 the stupid arrow
    notation is going away and the parens will become optional
    (I think) depending on the routine's prototype, so maybe
    when Perl6 comes out that could be...

    honk if $you.love Perl;

    Getting better. Maybe in a hundred years we'll have Perl7,
    and then it can look like this:

    Honk if you love Perl.

  23. Re:Motivated Self Interest on Corporations Getting Into The Open Source Spirit · · Score: 3, Interesting

    > The most interesting part of this is the reason Merril Lynch gave
    > as to why they posted patches back. They wanted to have a seat at
    > the development table and did not want to have to maintain a fork
    > of the product forever. Certainly not a RMS view of OSS, but one
    > that makes more sense (and dollars) in the long run.

    RMS, notwitstanding the undebatably significant contributions he
    has made, is full of bologna in regard to this issue. Here's why...

    It's called bitrot, and it's been a known phenomenon for a long time,
    but the speed at which some OSS projects develop (the big ones, e.g.,
    the Linux kernel and Mozilla) makes it a major issue. Keeping just
    a small handful of patches for an active project current (even as
    many as three or four patches in some cases) could just about be a
    full-time job. So you Don't Do That. You create them one at a time
    and get them committed to CVS, and once they're in (and don't break
    the tree) they become to a large extent Somebody Else's Problem.
    Everybody else who was working on their own patches now has to fix
    their patches to work with *your* stuff, because *your* stuff is
    in the tree. Your workload drops off, and you move on to the next
    thing you want to get done. Think of it as a race: two people are
    working on patches that touch the same code. Whoever commits first
    doesn't have to deal with the other guy's changes. They guy who
    gets his stuff in second has to merge the changes. More, the guy
    who gets his stuff in tenth has to merge nine sets of changes, and
    the guy who never commits his stuff has to spend the rest of his
    career merging changes until he gives up in dispair and declares
    that the company must standardise on one version of the software
    for the rest of time. In the long run, the price of not committing
    your changes is that you either never get upgrades, or you have to
    give up your changes.

    Now, this assumes that you make changes in the first place. People
    who are content to use the software in its out-of-the-box state
    derive less benefit from open source (though they still get the
    improvements other people make, they don't get to put in their
    own stuff for their own special needs). But if it's worth your
    time to fix up the software to meet your needs better, then it's
    worth contributing it back.

    So, as I said, RMS is full of it. We don't need the GPL to get
    people to contribute back their changes. If the software is of
    sufficient usefulness that a lot of people are using it and
    making improvements for their own use, bitrot will punish anyone
    who doesn't contribute their changes back. The license lets us
    also sic lawyers on them, but that's not necessary; if they have
    enough resources to maintain a fork, they'll find a way to do
    that anyway, or cruft up something from scratch. Most outfits
    can't afford to maintain a fork of an active project.

    Now, a small and relatively static project is another matter,
    but I would argue that if it's not important to enough people
    to attract very many improvements, then it doesn't matter very
    much whether it's open or not.

    The GPL has had some positive effects, but these can mainly be
    measured in terms of the confidence that its terms give to people
    who otherwise might have been afraid that their code will be
    taken over and made proprietary by some third party. In practice,
    this won't happen to an active project. When Apple based their
    OS on existing components, they kept the open components open,
    even though some of those components are licensed under a BSD
    license which does not require it. Why? Those components are
    actively developed, and Apple doesn't feel like spending ten or
    fifteen full-time developers maintaining a bunch of forks. Duh.
    (Yes, they also like having goodwill, but that additional
    motivation is icing on the cake.) If your code is something
    sufficiently useful to creat

  24. Re:ha! on Google Vs. Yahoo: When We Last Met... · · Score: 1

    > I've setup blue on my PC and thats what I want

    Go to xulplanet and get thyself the Preferences Toolbar. Install
    it, and restart Mozilla/Netscape/Phoenix/whatever. There's now
    a checkbox on your toolbar called "Colors". Uncheck it, and you
    get the colours you chose for any pages you load. Check it again,
    and you get the page colours for any pages you load. (It doesn't
    go back and change the pages that are already displayed, because
    that caused an annoying delay. If you do want to change a page
    you already have up you can reload.)

    If you hit the "Customize" button on the toolbar you can also
    turn on the checkbox for "System Colors", which causes the browser
    to use the colours you chose in your OS control panel, instead of
    the ones you chose in your browser prefs. (Either setting of
    this is overridden by page colours, if you have the Colors
    checkbox turned on and the page specifies its own colours.)

    This should work with any browser that supports XUL 1.0. It's
    known to work with Mozilla, Netscape, Phoenix, Beonix. I don't
    know whether it's been tested with Chameleon/Camino.

    Oh, and you also get checkboxes for other useful things like
    Javascript and Popups, plus a nifty user-agent spoofing facility
    and buttons to clear your cache and stuff. The prefbar rocks.

  25. Re:Ads. on Google Vs. Yahoo: When We Last Met... · · Score: 1

    > Perhaps the browser developers could let you control plugins
    > on a site-by-site basis

    There's a bug filed for this in bugzilla. It'll happen eventually.
    There's also a bug filed to get the stop button to terminate all
    the plugins (and animations).

    In the days of Netscape 4, I disabled Javascript because the web
    was unusable otherwise. These days I have Javascript enabled but
    turn off certain behaviors (unrequested windows, changing the
    browser chrome, moving, raising, or lowering windows). When we
    can do the same thing with plugins, maybe I'll be willing to have
    Flash installed.