This is a REAL virus, not a computer virus. Influenza can actually mutate (very fast because it uses RNA rather than DNA to encode its genome.) It may well be, and we must certainly hope, that this is not going to make the jump to our specie and also become highly contagious, in which case it becomes another pandemic. But, even if the odds are 100:1 against this happening, spending resources addressing this are well spent. In the last century, there have been multiple infuenza outbreaks. The largest of this in 1918 dwarfed the First World War as the leading cause of death in 1918. This is very high stakes.
So forgive me if I am underwhelmed by a web site that quotes ten year old research papers and where the emerging deseases pages don't list (any strain) of influenza and hasn't been updated since April.
If you are thinking about working on an open source project, you have to justify the time you are spending. If you know that organizations like Google are looking at the 'stars' of the open source community for their next hires, you now have additional motivation to work on the open source project. This is certainly delayed (and uncertain) gratification, but it may be enough to add more open source developers. Besides, I don't seen any coersion here, so there really isn't anything to complain about.
Please look at the Florian Reuter interview with Mad Penguin. He is in charge of importing Microsoft Office format, which seems to make him the person you believe to not being 'clued in':
FR: If you have a Word document in.doc or.rtf or Word ML, and you use the current filter, and something goes wrong, even something not very noticeable, please submit the document as a bug document to OpenOffice.org, so that we can get a critical mass of documents that we can look at.
He then goes on to describe how you can help in more detail. So please get yourself clued in and submit all the bug reports you can about document inport/export. Do some good or stop whining.
I agree with point 2. Users should be able to set a 'personal' timezone. As you point out, this is not the same as setting the time, which was my original issue.
Issue 3, 4. I still don't see why users should be doing this all all. The clock is within acceptable accuracy or it is not. Given NTP, there is no reason that a networked computer should have an inaccurate clock. Anytime that the user needs to be an admin, the computer has already failed. Fix the root cause, not the effect.
Finally, I see nothing wrong, and a great deal good, with enforcing the user/admin split. Even if I can do both, I really like to have them seperate. I don't expect to work under the hood of a car at the same time that I am driving. Neither do I expect to admin while I am using a computer. If the computer is working, I leave it alone. It if doesn't work, something broke. I really want to stop it from breaking in the first place. This is almost a textbook case of where a computer is able to avoid the problem in the first place.
I want the computer be on the right time and I want it to stay on the right time. If I have to touch the clock it is only because the clock is wrong. It would be ok to allow users to specify a 'personal' timezone, but this is pretty odd unless you are dealing with something like a terminal server. In this case, I especially don't want users to be be able to muck with system settings. You are right, a plain user should be able to choose a 'personal timezone', but neither Windows nor KDE allow this. (don't have an easy way to test OS/X or Gnome) This is the sort of alternative that I hope doesn't get lost in a usability study where 'its hard if its not like Windows' is take as the norm. I still stand by my claim that prompting a user for the 'su' password (or doing the 'sudo' thing like Ubuntu) before allowing them to touch system settings is the correct solution, even if it isn't like Windows.
My pointis that users shouldn't have to set the clock. They do need to enter some basic information, but that shoudln't be what I condsider 'admin' There should be a 'welcome to your new pc' that looks like a web page. The users can log in to this site (which could be a CherryPy front end to some Python script that write/etc files for all I care.) You fill in a few key values, just like you do with a linksys router. Perhaps you ask for a user name, postal code and some other info. Then you look up the time zone for that postal code and you connect to the pc maker's site and use their NTP server to get the right time. The PC vendor could even allow you to back up your config files on one of their servers. In the event of an error, they could install your config files on their hardware and reproduce your errors. In the even of a hard drive error, they could do a net install of their standard software and all of your configuration files. For a fee, the vendor could even allow you to back up files on the/home directory. Then you could throw in a new hard drive, throw in the emergency CD, call the vendor and they could restore your system (via SSH) over your high speed internet.
It certainly does look like the solutions are 'do it like Windows.' Look at the report on setting the clock. They recommend allowing non-root users to be able to reset the clock and that the process resemple Windows. I say this is all wrong.
First, I don't want users to mess with system settings unless they are allowed to (e.g. unless they are admins in 'wheel'). I'm happy to support regular users, but not regular users that think they should be adminitering a system they don't understand. I'm not trying to be elitist by stating that only 'qualified' users should try to be admins. Its perfectly fine to drive a car, but that doesn't mean you should be that car's mechanic.
More significantly, why should the clock be off in the first place? Even a supposedly 'user hostile' OS like OpenBSD supports NTP. So, rather than have the users fix a broken clock, why don't we have the computer periodically sync its clock to the correct time. I can't set the clock to within 100 ms, but that is trivial to set it within 20 ms with NTP. Forcing users to fix a problem is inferior to preventing the problem.
I can currently buy some standard components and assemble a GENERAL PURPOSE computer that can function as a home entertainment center. With the braodcast flag, this will no longer be possible. I will have to get hardware that enforced the broadcast flag. I loose what has traditionally been viewed as 'fair use'. I cannot copy short segments of a film for education or parody. When I was in college, a friend of mine wanted to make a movie. So we did. It was a silly martial arts movie with ketchup & chocolate sauce for 'blood', it was barely a 'B-movie'. But, it was a start. We could display it on the same projector that was used for commericial movies. Greg went on to work in Hollywood as a writer. Anther friend wanted to write role playing games on an Apple II. He learned how and went on to run Ion Storm (OK, this one wasn't such a happy ending, but that's capitalism). Now, some millionaires in Hollywood want to use technology to make it a pain in the ass for anyone else to do anything with computers unless Hollywood can get a piece of it. If general purpose computers get hamstrung by moronic restrictions for the benefits of a few, it is just another obstical in the way of the next generation of creative Americans (and others). Given that we are already facing global competition, this is not the time to be making it harder for amateurs in the US to be creative.
I'm sick of people confusing capitalism with the supremacy of capital over people. I'm all for capitalism, but I'm for a diverse market with many sellers and buyers. The Broadcast flag is the attempt of a few mega-corporations to make the rest of us a perpetual revenue source. At least the GPL crowd is making tools that people can use in their own creative endevors. So don't rip the open source developers as being anti-capitalist.
I was pleasantly surprised that the TurboGears site not only came up, it came up fast. Quite unusual for a new developer framework appearing for the frist time on Slashdot. Especically since 'Python', 'Ruby on Rails' and 'AJAX' were mentioned, I'll bet they got hammered pretty hard in the last few minutes. So at least we can see that the server scales pretty well with the number of users. This could mean nothing more than the site uses a cached home page and we are seeing the value of (something like) Squid. No matter what the cause, it is encouraging to see thay they didn't get swamped by all of us checking out the new tool.
Hear, Hear! This is actually Microsoft's innovative solution to carpal tunnel syndrom. Who else is working to see that the average worker actually gets a periodic five minute break from typing?
Read your history. The 1918 Spanish Infuenza was particulary deady among 16-34 year olds. It isn't the flu, but the body's overreaction that killed people by filling their lungs with liquid. It was the vigor of their immune systems that killed the victims.
Cold fusion is far from real, at least the Pons and Fleischmann style of fusion in duterium doped palladium. If you are going to produce a meaasureable amount of heat from nuclear fusion, you are going to produce a measureable amount of neutrons. I used to work for the DOE and we spend months carefully trying to reproduce P&F's work. We noted an excess of counts in the neutron detectors only once, and that was during a thunderstorm when the electronics could be expected to be exposed to electrical noise. The BF3 detectors can produce spurious counts and they are very sensitive to changes in the discriminator threshhold, so this wasn't a surprise. We found no excess of neutrons within the limits of our detectors.
Concerning an excess of heat. Don't forget that putting interstitial hydrogen into a metal is an exothermic process. We could generate heat, in fact we scared the h*ll out of ourselves with one of the 'deuterium gas in titanium' experiments. It generated so much heat that we were afraid about the strenght of the container. Pure hydrogen exploding into air could really ruin your day. This also produced counts in a neutron detector, but these were consistent with the known temperature sensitivity of the detectors. So, we did see heat, but only heat that could be understood in terms of basic chemistry.
I will state that I was rather skeptical of the whole topic, but I did work for the DOE and I would have been happy to be proven wrong. Free, clean energy is worth more than my pride. So, even if the odds were a million to one against success, the DOE is justified in studying this topic. There just were not results that could be reproduced. As Fermi noted, 'Anything worth doing once is worth doing twice.' If you can't do it twice, it isn't science.
Please, prove that this works. But extraordinary claims need extraordinary evidence. Finding a way to overcome nuclear forces (potential barriers of millions of electron volts) with electrostatic forces at THERMAL energies (tens of milli electron-Volts)is an extraordinary. Perhaps something like sonoluminescence can produce very high localised temperatures in a jar of water, but this produces light with a few electron volts. The probability of particles tunneling across a barrier varies as exp( -E/kT) as long as E is millions of electron volts and kT is around 60 meV, you have a number like exp(-10^7). These basic considerations make CF an extraordinary claim. Where is the extraordinary evidence?
There are a few solutions to your issues. Javascript can be cached. Checking the HTTP header for a new version every hour or so doesn't cost much, neither does caching a few MB of *.js files. Running out of date software causes all sorts of maintenance nightmares, so using HTTP to keep all app automatically up to date is actually an advantage.
The lack of javascript speed is an issue. This can be addressed by using Java applets, as you point out (correctly). It would be interesting to have something like QT installed on the client so that you can use the Javascript to script together high performance components. If this could be installed with 'one click' over the web, it would be pretty easy (like installing a JRE). This doesn require some general purpose components to be installed on each computer, but both QT and Java are cross-platform. QT's C++ is even faster than Java. It would be pretty cool to see Trolltech 'give away' the client components (under GPL) and license server software for corporate applications.
Does anyone know how much effort has gone into optimizing Javascipt? Do browsers have JIT for Javascript, for example. What is the potential to speed up Javascript, other than the obvious 'wait a few years for 20 GHz quad core with 16 GB of 5 ns RAM'.
uc = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lc = uc.lower()
digits = "0123456789"
funny = "!@#$%^&*-_"
import random
for letter in lc:
if letter in vowels:
print letter + " - " + random.choice(uc) + random.choice(funny)
else:
print letter + " - " + random.choice(lc) + random.choice(digits)
# the indents are lost. Indent if/else by one tab and the print lines by two tabs
# 1 tab = 4 characters (don't flame me about tabs vs. spaces)
# there are lots of elaborations (three characters per line, randomly swapping the order, etc.)
I agree with your general assessments, but don't think that severing thumbs is a likely outcome. A brief kidnapping seems like it could be more issue. The other fundimental isssue is that the biometric output needs to be compared with data that is 'on file'. All you have to do to defeat the system is to be able to mess with the file. Besides, once somebody steals the file, you are really SOL. If somebody steals a file with your credit card number, you can have a new card with a new number issued. Anybody want to get a new thumb each time some idiot at VISA decides to make his next house payment by selling credit card numbers?
Re:Better than post-it notes
on
Too Many Passwords
·
· Score: 2, Interesting
It is certainly true that the vulnerablity of this is that sombody that has your cheat sheet only has to guess 'dictionary' words (and start with common 3-5 letters ones first). The drawback of yours is that a 'bad guy' that convinces you set up a password on his site will be able to look at your password and he might figure out what your rule is. ( e.g., if one were to use C@5tits on a porn site, a shady porn site operator could simply read the password and guess the rule.) He can then do the dictionary attack against anyone else that you have an account with.
There are solutions to your issues. In the perl/python script, map each vowel to an uppercase letter and a funny character. Map each vowel to a lowercase letter and a digit. Restrict your passwords to words with vowels and consonants. You can even have a 'static' card and a 'monthly' card. Then you can use the monthly card to change your cheat sheet and you can keep the same nmenomic.
You don't seem to get it. you have to remember a simple password. You then use the card to map each letter of your simple password into two chacters of Jibberish.
Re:Better than post-it notes
on
Too Many Passwords
·
· Score: 5, Interesting
The whole point is that you can can be using 'hard' passwords that look like Jibberish(TM), but are easy to remember. You can even do things like build a seperate cheat card for each month and then keep the same mnomonic but have the password change. (This has its own drawbacks - you need to keep 'last month's' card around long enough to change all of your passwords.) It isn't hard to remember 'a few' passwords, but it gets pretty hard when dozens of groups want you to have passwords and everybody warns you that is it bad form to use a single password more than once.
One thing that I did find to be a signficant drawback to this is that some companies are demanding an upper case letter, a lower case letter, a number and a funny character. It is quite possible that the transform of an easy to remember work will not happen to have all of these. One solution, that actually makes this less secure, would be to have all vowels contain a lowercase letter and a funny character and have each consonant contain an uppercase letter and a digit. This really reduces the number of potential passwords, but such is the cost of making the 'powers that be' happy.
1) How many women want to show everyone ALL the contents of her purse? Women will wan to carry medications, condoms and hygene products discretely. I wouldn't want to have my ID & credit cards in a tranparent bag in plastic.
2) how does a transparent purse help in the dark? (the solar cells charge batteries that run the light whenever the purse is opened. It helps just like all the little lights in your car that help you find the ignition switch, etc. when you open the car door.
To be fair, these concerns might be addressed with a translucent material.
How is Microsoft going to determine the TCO of Google? Perhaps it will be something like...
"Sure Google searches are are fast and free, but Google is free in the same way that a puppy is free. One you have Google, it will be peeing all over your carpet, so we need to add the cost of carpet cleaning to the TCO of google. Besides, do you really want a fast search? Just think how much easier it is to catch a slow puppy than a fast one. Do you really want to be running down the road catching that free puppy? Think how much money you can save by simply eiminating this task from your task list. As your workforce ages, you simply cannot expect them to catch a fast, free puppy. Add in the cost of a few slippers, andy you would actually have saved money by paying for Microsoft searches."
Remember, all software is like a puppy. But Linux is free as in 'mutt', Microsoft is expensive as in 'highly inbred purebreed'. The cost savings only begin with the purchase cost. Open source is like genetic diversity, it improves robustness and tends to reduce the likelihood and severity of infections.
Is that why TeX is so expensive? Its well over a decade since the bug in TeX was acknowledge by Knuth. Validating may be costly, but that doesn't prevent the software from being inexpensive.
How is Microsoft TOO ambitous. WinFS seems less ambitious than Hans Reiser's file system. How is it it that a very driven individual can out do Bill's Army? It seems that MS doesn't have as much ambition as Reiser, at least when it comes to file systems. Reiser 4 rocks and I'll bet it will be the cornerstone of some mind blowing advances in areas a s diverse as XML storage/quering & Object databases when other start making plug-ins.
Slashdot Mirror
So forgive me if I am underwhelmed by a web site that quotes ten year old research papers and where the emerging deseases pages don't list (any strain) of influenza and hasn't been updated since April.
If you are thinking about working on an open source project, you have to justify the time you are spending. If you know that organizations like Google are looking at the 'stars' of the open source community for their next hires, you now have additional motivation to work on the open source project. This is certainly delayed (and uncertain) gratification, but it may be enough to add more open source developers. Besides, I don't seen any coersion here, so there really isn't anything to complain about.
Dooh!!! there is a 2nd page. thanks
Where did you read this? It isn't in the interview.
I agree with point 2. Users should be able to set a 'personal' timezone. As you point out, this is not the same as setting the time, which was my original issue.
Issue 3, 4. I still don't see why users should be doing this all all. The clock is within acceptable accuracy or it is not. Given NTP, there is no reason that a networked computer should have an inaccurate clock. Anytime that the user needs to be an admin, the computer has already failed. Fix the root cause, not the effect.
Finally, I see nothing wrong, and a great deal good, with enforcing the user/admin split. Even if I can do both, I really like to have them seperate. I don't expect to work under the hood of a car at the same time that I am driving. Neither do I expect to admin while I am using a computer. If the computer is working, I leave it alone. It if doesn't work, something broke. I really want to stop it from breaking in the first place. This is almost a textbook case of where a computer is able to avoid the problem in the first place.
I want the computer be on the right time and I want it to stay on the right time. If I have to touch the clock it is only because the clock is wrong. It would be ok to allow users to specify a 'personal' timezone, but this is pretty odd unless you are dealing with something like a terminal server. In this case, I especially don't want users to be be able to muck with system settings. You are right, a plain user should be able to choose a 'personal timezone', but neither Windows nor KDE allow this. (don't have an easy way to test OS/X or Gnome) This is the sort of alternative that I hope doesn't get lost in a usability study where 'its hard if its not like Windows' is take as the norm. I still stand by my claim that prompting a user for the 'su' password (or doing the 'sudo' thing like Ubuntu) before allowing them to touch system settings is the correct solution, even if it isn't like Windows.
My pointis that users shouldn't have to set the clock. They do need to enter some basic information, but that shoudln't be what I condsider 'admin' There should be a 'welcome to your new pc' that looks like a web page. The users can log in to this site (which could be a CherryPy front end to some Python script that write /etc files for all I care.) You fill in a few key values, just like you do with a linksys router. Perhaps you ask for a user name, postal code and some other info. Then you look up the time zone for that postal code and you connect to the pc maker's site and use their NTP server to get the right time. The PC vendor could even allow you to back up your config files on one of their servers. In the event of an error, they could install your config files on their hardware and reproduce your errors. In the even of a hard drive error, they could do a net install of their standard software and all of your configuration files. For a fee, the vendor could even allow you to back up files on the /home directory. Then you could throw in a new hard drive, throw in the emergency CD, call the vendor and they could restore your system (via SSH) over your high speed internet.
First, I don't want users to mess with system settings unless they are allowed to (e.g. unless they are admins in 'wheel'). I'm happy to support regular users, but not regular users that think they should be adminitering a system they don't understand. I'm not trying to be elitist by stating that only 'qualified' users should try to be admins. Its perfectly fine to drive a car, but that doesn't mean you should be that car's mechanic.
More significantly, why should the clock be off in the first place? Even a supposedly 'user hostile' OS like OpenBSD supports NTP. So, rather than have the users fix a broken clock, why don't we have the computer periodically sync its clock to the correct time. I can't set the clock to within 100 ms, but that is trivial to set it within 20 ms with NTP. Forcing users to fix a problem is inferior to preventing the problem.
I'm sick of people confusing capitalism with the supremacy of capital over people. I'm all for capitalism, but I'm for a diverse market with many sellers and buyers. The Broadcast flag is the attempt of a few mega-corporations to make the rest of us a perpetual revenue source. At least the GPL crowd is making tools that people can use in their own creative endevors. So don't rip the open source developers as being anti-capitalist.
I was pleasantly surprised that the TurboGears site not only came up, it came up fast. Quite unusual for a new developer framework appearing for the frist time on Slashdot. Especically since 'Python', 'Ruby on Rails' and 'AJAX' were mentioned, I'll bet they got hammered pretty hard in the last few minutes. So at least we can see that the server scales pretty well with the number of users. This could mean nothing more than the site uses a cached home page and we are seeing the value of (something like) Squid. No matter what the cause, it is encouraging to see thay they didn't get swamped by all of us checking out the new tool.
Hear, Hear! This is actually Microsoft's innovative solution to carpal tunnel syndrom. Who else is working to see that the average worker actually gets a periodic five minute break from typing?
Read your history. The 1918 Spanish Infuenza was particulary deady among 16-34 year olds. It isn't the flu, but the body's overreaction that killed people by filling their lungs with liquid. It was the vigor of their immune systems that killed the victims.
Concerning an excess of heat. Don't forget that putting interstitial hydrogen into a metal is an exothermic process. We could generate heat, in fact we scared the h*ll out of ourselves with one of the 'deuterium gas in titanium' experiments. It generated so much heat that we were afraid about the strenght of the container. Pure hydrogen exploding into air could really ruin your day. This also produced counts in a neutron detector, but these were consistent with the known temperature sensitivity of the detectors. So, we did see heat, but only heat that could be understood in terms of basic chemistry.
I will state that I was rather skeptical of the whole topic, but I did work for the DOE and I would have been happy to be proven wrong. Free, clean energy is worth more than my pride. So, even if the odds were a million to one against success, the DOE is justified in studying this topic. There just were not results that could be reproduced. As Fermi noted, 'Anything worth doing once is worth doing twice.' If you can't do it twice, it isn't science.
Please, prove that this works. But extraordinary claims need extraordinary evidence. Finding a way to overcome nuclear forces (potential barriers of millions of electron volts) with electrostatic forces at THERMAL energies (tens of milli electron-Volts)is an extraordinary. Perhaps something like sonoluminescence can produce very high localised temperatures in a jar of water, but this produces light with a few electron volts. The probability of particles tunneling across a barrier varies as exp( -E/kT) as long as E is millions of electron volts and kT is around 60 meV, you have a number like exp(-10^7). These basic considerations make CF an extraordinary claim. Where is the extraordinary evidence?
The lack of javascript speed is an issue. This can be addressed by using Java applets, as you point out (correctly). It would be interesting to have something like QT installed on the client so that you can use the Javascript to script together high performance components. If this could be installed with 'one click' over the web, it would be pretty easy (like installing a JRE). This doesn require some general purpose components to be installed on each computer, but both QT and Java are cross-platform. QT's C++ is even faster than Java. It would be pretty cool to see Trolltech 'give away' the client components (under GPL) and license server software for corporate applications.
Does anyone know how much effort has gone into optimizing Javascipt? Do browsers have JIT for Javascript, for example. What is the potential to speed up Javascript, other than the obvious 'wait a few years for 20 GHz quad core with 16 GB of 5 ns RAM'.
uc = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lc = uc.lower()
digits = "0123456789"
funny = "!@#$%^&*-_"
import random
for letter in lc:
if letter in vowels:
print letter + " - " + random.choice(uc) + random.choice(funny)
else:
print letter + " - " + random.choice(lc) + random.choice(digits)
# the indents are lost. Indent if/else by one tab and the print lines by two tabs
# 1 tab = 4 characters (don't flame me about tabs vs. spaces)
# there are lots of elaborations (three characters per line, randomly swapping the order, etc.)
I agree with your general assessments, but don't think that severing thumbs is a likely outcome. A brief kidnapping seems like it could be more issue. The other fundimental isssue is that the biometric output needs to be compared with data that is 'on file'. All you have to do to defeat the system is to be able to mess with the file. Besides, once somebody steals the file, you are really SOL. If somebody steals a file with your credit card number, you can have a new card with a new number issued. Anybody want to get a new thumb each time some idiot at VISA decides to make his next house payment by selling credit card numbers?
It is certainly true that the vulnerablity of this is that sombody that has your cheat sheet only has to guess 'dictionary' words (and start with common 3-5 letters ones first). The drawback of yours is that a 'bad guy' that convinces you set up a password on his site will be able to look at your password and he might figure out what your rule is. ( e.g., if one were to use C@5tits on a porn site, a shady porn site operator could simply read the password and guess the rule.) He can then do the dictionary attack against anyone else that you have an account with.
There are solutions to your issues. In the perl/python script, map each vowel to an uppercase letter and a funny character. Map each vowel to a lowercase letter and a digit. Restrict your passwords to words with vowels and consonants. You can even have a 'static' card and a 'monthly' card. Then you can use the monthly card to change your cheat sheet and you can keep the same nmenomic.
You don't seem to get it. you have to remember a simple password. You then use the card to map each letter of your simple password into two chacters of Jibberish.
One thing that I did find to be a signficant drawback to this is that some companies are demanding an upper case letter, a lower case letter, a number and a funny character. It is quite possible that the transform of an easy to remember work will not happen to have all of these. One solution, that actually makes this less secure, would be to have all vowels contain a lowercase letter and a funny character and have each consonant contain an uppercase letter and a digit. This really reduces the number of potential passwords, but such is the cost of making the 'powers that be' happy.
1) How many women want to show everyone ALL the contents of her purse? Women will wan to carry medications, condoms and hygene products discretely. I wouldn't want to have my ID & credit cards in a tranparent bag in plastic.
2) how does a transparent purse help in the dark? (the solar cells charge batteries that run the light whenever the purse is opened. It helps just like all the little lights in your car that help you find the ignition switch, etc. when you open the car door.
To be fair, these concerns might be addressed with a translucent material.
"Sure Google searches are are fast and free, but Google is free in the same way that a puppy is free. One you have Google, it will be peeing all over your carpet, so we need to add the cost of carpet cleaning to the TCO of google. Besides, do you really want a fast search? Just think how much easier it is to catch a slow puppy than a fast one. Do you really want to be running down the road catching that free puppy? Think how much money you can save by simply eiminating this task from your task list. As your workforce ages, you simply cannot expect them to catch a fast, free puppy. Add in the cost of a few slippers, andy you would actually have saved money by paying for Microsoft searches."
Remember, all software is like a puppy. But Linux is free as in 'mutt', Microsoft is expensive as in 'highly inbred purebreed'. The cost savings only begin with the purchase cost. Open source is like genetic diversity, it improves robustness and tends to reduce the likelihood and severity of infections.
Is that why TeX is so expensive? Its well over a decade since the bug in TeX was acknowledge by Knuth. Validating may be costly, but that doesn't prevent the software from being inexpensive.
How is Microsoft TOO ambitous. WinFS seems less ambitious than Hans Reiser's file system. How is it it that a very driven individual can out do Bill's Army? It seems that MS doesn't have as much ambition as Reiser, at least when it comes to file systems. Reiser 4 rocks and I'll bet it will be the cornerstone of some mind blowing advances in areas a s diverse as XML storage/quering & Object databases when other start making plug-ins.