Oracle has announced a statement today making commitments concerning MySQL that may (or may not) address some of these concerns -- of both Widenius and the EU.
* Continued Availability of Storage Engine APIs * Commitment to enhance MySQL in the future under the GPL * Support not mandatory * Increase spending on MySQL research and development * Continuing to maintain the MySQL Reference Manual * Preserve Customer Choice for Support
And some other things about preserving the conditions of licenses currently held by storage vendors.
Healthy skepticism is of course always a good idea. On first reading, I can't tell how binding these commitments are (the statement says "Oracle hereby publicly commits to the following", and that's about it), and it doesn't exactly make Widenius' commitment to the timeliness of new releases and patches, except for the commitment to increase spending, which Oracle presumably would like to have result in new revenue.
But Oracle is evidently trying to address the EU's concerns in an effort to get the deal approved, and the EU might get them to make these commitments binding. The EU's initial reaction appears to be positive:
The European Commission said Oracle’s proposal addresses concerns about the acquisition of Sun’s MySQL database product, signaling the EU will approve the acquisition next month. European Competition Commissioner Neelie Kroes said in a statement that she’s “optimistic that the case will have a satisfactory outcome.”
“Neelie Kroes has switched on the green traffic light,” Charles van Sasse van Ysselt, a competition lawyer at NautaDutilh in Brussels, said in a telephone interview today. “She is optimistic and this is a step in the right direction.”
So we had a race condition on database transactions using two-phase commit, your usual mind-fucking WTF situation, drove us up the walls for days, you all know what I mean. We knew it was a race condition because if we put a sleep() statement at the end of one of the transactions, everything ran fine. sleep(10) was always long enough, and since all of this ran asynchronously in the back end, an end user would never notice the difference.
So we went to the customer. We told them that we could continue to bust our brains trying to find a "real" fix, and didn't know how long that would take, or we could just leave the sleep() in. And we could even make the length of the sleep interval configurable, so they could try to make it shorter than 10 seconds, if they really felt like fiddling around with it.
Years ago we had one of those bugs that was driving us around the bend, you all know how those are, so once when we were trying a fix, I started chanting "Praise Allah", for no other reason except for sheer desperation. And I kid you not, the fix worked on that very run.
Ever since then, we always remembered to praise Allah whenever we were struggling with a sticky problem. I live in Germany, so what we were actually saying was "lobet Allah", but over time we found that "Allahu Akhbar" works much better, especially when accompanied by gestures of supplication.
Occasionally we found that a difficult problem persisted for a while, until we realized that we had forgotten to praise Allah. After that, the issue was quickly resolved.
Don't try to give me some kind of egg-headed explanation for all this, this was just simply supernatural forces at work, that's all there is to it.
According to the report, at least some of the phishing was carefully devised with obvious effort made to trick (socially engineer) its specific target into opening an infected Word document.
An example given was an email sent to the office of the Dalai Lama, which was crafted to appear legitimate and relevant, and included an infected attachment whose trojan was detected by only 11 out of 30-odd commercial virus checkers.
Touché. So in addition to the narrowly-targeted phishing, they took advantage of a slight lead in the "arms race" between virus checkers and attackers. And that was enough to get a helluva job done.
Is there any realistic way to prevent something like this in the future? I'm afraid I don't see anything obvious.
As near as I can tell from the Markoff article, the infiltration was made possible by run-of-the-mill phishing attacks. (Markoff says it's called "whaling" when it's directed at specific high-level targets. I've never heard of that, and don't really see any substantive difference.)
If so, then technically speaking there's probably nothing really new here. What seems interesting to me is:
- Obviously, the vast scale, the sensitivity of the targets, and the potential political impact.
- The operation has not been publicly revealed by government agencies (FBI sez "no comment"), but rather by Nart Villeneuve et al. at the University of Toronto.
- Phishing is evidently effective enough to make widespread infiltration like this possible. Sure, there are more sophisticated things that attackers could do, and of course most users should know better than to blindly click links in their email. But here we are, phished to death all over the world. Why should an attacker go to any more trouble?
I wonder how much security improvement would be gained if Thunderbird & Outlook disabled the automatic opening of a browser when you click on a link in email, and made us go back to the old days of copying & pasting links. Would users be more careful if they could more easily see what they're doing?
My friend, you may be a champion in the Understatement of the Century Contest.
Sure, there are many entirely respectable reasons why Hurd never got finished.
But, ah, erm...... you see, I feel an acute sense of embarassment when I'm about to point out something that is obvious. So blindingly obvious that it feels preposterous to have to say it at all. But, here goes.
It's time to give up!
The Hurd project has failed! Blue blazes, tarnation and a monkey, it's been seventeen fucking years!
There are software projects for which a delay of seventeen days is intolerable, although that is usually salvageable. A project that is seventeen weeks too late, on the other hand, is universally recognized as a failure.
And we all know about projects that come in seventeen months too late. We all know that someone, somewhere in a project like that was thoroughly incompetent.
There are simply no words, no satire, no amount of acid-tongued vituperation that could do justice to a software development project that still isn't finished after seventeen years.
While that's strictly true (i.e. it's not the main source),...
You were getting close, but then you said:
... it's certainly one of their main contributors...
Sorry, but the "Hollywood" cash contribution to Democrats is just too small to warrant the phrase "one of the main". It consistently comes in at something like 2.5%.
Main contributor, no, but certainly one of them, and certainly more pro-Democrat than Republican.
All right, this is indeed a true statement, and point well taken. While a couple of million bucks will not necessarily make or break the Democrats, it's certainly nothing for Harry Reid to sneeze at. And the fact that Democrats get a lot more from the entertainment industry than Republicans do is certainly at least part of the politics at play here.
There's also the fact that the entertainment industry has a lot of public influence unrelated to the size of their cash donations, for obvious reasons. If good relations with "Hollywood" will get positive publicity for Democrats that comes "for free", well hey, no wonder they like it.
But I suspect that this issue is not well understood if we overestimate the influence of "Hollywood" on the Democratic leadership; certainly if we let false assertions about the "biggest cash machine" go unanswered. I think there's also the fact that the entire political class in Washington, Democrats and Republicans, is firmly entrenched in the belief that file sharing is criminal and immoral, and damaging to the economy.
I'm sorry, I forgot to mention that those numbers are from the 2006 election cycle; I wanted to look at the donations from the most recent completed cycle, and the 2008 campaigns are still in the midst of raising money (there will be a lot more from now until November of next year). The WSJ article covers the Presidential campaigns for 2008, and we just can't know yet which industries will make the largest contributions by the time it's over.
And incidentally, they're not "my" numbers, they are from Open Secrets, as indicated by about five links in my previous post, so if I haven't got that across to you yet, here's another one.
Here's the thing: "Hollywood is [the Democrats'] biggest cash machine [and hence controls them]" is just like "Liberals control the media" and "There's no global warming" and "There are WMDs in Iraq" and "God said Shazam! and then Adam and Eve were standing there" are all assertions that conservatives assert to one another feverishly nodding their heads, based exclusively on the evidence of It Feels Good To Believe It. And yet, just a cursory look into publicly available evidence will typically show that these things are not true. Nevertheless, these legends permeate the mainstream media and our public debate, in this case the front page of Slashdot. For the sake of a sane future for our democracy, this has got to stop.
For the sake of getting this thread back on topic: despite what I'm saying, there's plenty to criticize what Harry Reid is doing about file sharing, but it doesn't help to base that criticism on assertions that are plainly false. That's precisely my point. For the pushback to be effective, we must cease and desist from mustering arguments that are this easily exposed as nonsense.
"Hollywood is the main source of cash for Democrats" is just another legend in the rich and bizarre mythology of conservatism, and as such it is typically puerile and easily refuted.
Thus the "industry" making the largest contributions to the DNC are retired individuals, contributing over $7 million to a total of about $37 million. The entertainment industry, which is presumably what the myth-entranced poster meant by "Hollywood", comes in 9th place with just about one measly million.
For the DCCC, which is responsible for elections in the House, it breaks down like this:
1. Candidate Committees ($28,987,184)
2. Retired ($6,473,164)
3. Securities & Investment ($5,237,572)
4. Lawyers/Law Firms ($4,730,490)
5. Real Estate ($2,846,870)
6. TV/Movies/Music ($2,299,387)
So the top contributors to the general DCCC funds are, by far, the individual campaign committees (who of course must get their own contributors). "Hollywood" comes in sixth place with about $2 million out of a total of over $80 million.
This time, "Hollywood" comes in 7th place, again with about $2 million out of over $80 million.
However we much we may dislike what Harry Reid is doing, the claim about "Hollywood" and the Democrats is load of peanut butter. We need to get these reality-challenged conservative canards out of our public discussion; they certainly have no business of the front page of Slashdot.
Okay Mr Whitelist Everything, let's ensure that every time I want to run a program on my computer I'm prompted to confirm that's what I want to do. Let's start by actually counting the number of programs I will have to do this for:
$ ls -1/bin/sbin/usr/bin/usr/sbin/usr/X11R6/bin//usr/local/bin |wc -l
5187
Looks like I've got my work cut out for this week.
You mean to tell me that you run all 5000 of the programs in each of those bin directories, every week? And each of them with equal likelihood, I suppose?
I call extreme bullshit. The author said we might need to whitelist about thirty programs. Maybe you run twice as many as that, or three times as many, which would get you up to about a hundred. But there's no way that your whitelist would have to be fifty times as large as that.
And who says you have to confirm the stuff on your whitelist every time? On the contrary, confirmation should be required only when you try to run something that's not on the list; so you'll still get the chance to decide, on a case by case basis, whether it's OK. That won't be necessary very often anyway.
The author is right. The programs on our machines that we need to run regularly are outnumbered many, many times over by the programs that we don't need to run very often, if at all.
They can even make a product out of it, make some money, and feed changes/improvements back into the program.
The second poster said:
You've just described EXACTLY what the GPL is, BSD license with a requirement to feed changes/enhancements back into the program. That is what the license does, period.
Nope, that is not the same. The BSD says you can do that, but you don't have to if you don't want to. The GPL says you must do that. Big difference.
No, browsers do have password-management schemes. I use Firefox's all the time... it recognizes the particular site that is requesting authorization and fills in my account and password for me.
OK, I'll grant that I was missing the point that the original poster was making. But I still think you're missing mine.
Yes, you can allow your browser to memorize your passwords, and for many end-users this is sufficient as a solution for single sign-on. I do that myself, right here on Slashdot, for example. This puts much of the solution on the client side. It does mean that the user has to be conscientious about security; you have to remember not to leave your browser session accessible to others after you're entered your "master password", otherwise anyone else using the session after you has access to all of your passwords. And this only helps you with functions for which you use a browser as the client.
My point is about the systems on the server side that the user authenticates against, which are most commonly LDAP and Active Directory. In a lot of environments, there is more than one system involved using different technologies (those two in particular), and so far there have been no standards that allow them to interoperate. You might very well be interactng with more than one of these when you're using your browser at a web site, although as an end user you don't notice it. What appears to the user as a single action on the client side may involve different systems on the server side, each of which requires a different scheme for authentication. I've run into this problem more than once on the job (which is probably why I was only looking at one side of the issue), and it's always been a costly PITA, because we've had to rig up one-shot solutions every time.
The trouble with Passport was that it really did require centralized authentication at a single location, which would have been under Microsoft's control. If I've understood correctly, what Microsoft and Sun are doing isn't like that; it's a standard to get server-side authentication technologies that had been incompatible to work together. And I can attest that there is a real need for such a thing.
... browsers such as Mozilla already have the capability of storing your login info -- LOCALLY, UNDER YOUR CONTROL, not at some distant and super major coropration.
Browsers such as Mozilla can store cookies, that's all they do. Or maybe some other kind of local state mechanism, but none of these, all by themselves, are a dagburn bit of good if you want to authenticate against common directory servers, which are widely used to store user information and credentials. Common directory servers such as Microsoft's Active Directory, or LDAP, for which Sun markets a product (Sun's most successful server product). Your cookie just sits there, just being a cookie and doing nothing else woth mentioning, and the directory just sits there, wondering what the heck it's supposed to do with a cookie.
The cookie on your browser could be useful if some technology were available that relates it to an authentication token that the directory products recognize. And durnit, wouldn't it be nice if such a technology were standardized, so it would interoperate with the directories of different vendors? Well heck, then you'd have single sign-on in heterogeneous environments! Dagnabbit, don't you just wish the vendors of those directory products would get together and agree on a standard, so you could do all that cool stuff with your Mozilla browser?! Shucks, what's taking them so long? Oh, whoops...
Since no one has seen fit to respond to this so far, let me point out emphatically that this post is making an an outrageous and completely unsubstantiated accusation, and it is a lousy, indecent thing to be doing to Paul Murphy. You may or may not like what he says about SCO, but he most certainly does not deserve an anonymous accusation of attempted rape.
I frankly would like to meet the person who wrote this post, so that I could give him solid kick in the ass. I'm not using a figure of speech here. Far from acknowledging any "obvious reasons", Mr. Anonymous Accuser, I say that you are loathsome coward, and you damn well better come back with something more substantial, or shut your filthy mouth.
As for you moderators who modded the post up to 5 Interesting, I submit that you are among the stupidest morons ever to visit Slashdot. If anything deserves a -1 Troll, this is it.
As for the question of whether or not the accusation is true, in the absence of any verifiable evidence there is no reason at all to consider such a possibility. To make any such assumption about Paul Murphy on the basis of an anonymous accusation is so unfair as to be utterly indecent.
I never thought I would attack someone for an anonymous post, because I'm often irritated by all of the pithy sigs about how anonymous posters cannot be believed. In almost all cases, that's a logical fallacy, because the merit of post in a discussion group lies solely in the strength of the evidence and arguments it presents, which usually has nothing at all to do with the identity of the poster. The only situation in which the anonymity of the poster detracts from his credibility is when his identity is one of the issues addressed in his post.
But this is precisely that kind of situation. Someone here is saying that he knows Paul Murphy personally and is accusing him of a crime, but the accuser won't tell us who he is and how he supposedly knows these things. That kind of crap deserves no credibility until the poster comes back and tells us why we should believe anything he says.
I dunno, I think this review is a very bad sign. Sure, there were some Tolkien fans who would not tolerate any alterations from the original of any kind, but I think these were actually rare. The LOTR films were, for the most part, very well received by Tolkien fans because Jackson managed to capture much of the spirit of the books and translate it into film. A film adaptation must necessarily remove some of the details of the original, and we can all argue about those decisions, but many of us think that Jackson succeeded in preserving what was good about the books.
This review of H2G2 gives the strong impression that this film has failed to do that. Worst of all is when he says that viewed as a comedy film in its own right, ignoring the matter of faithfulness to the book, it fails because it just ain't funny. If so, that is jaw-droppingly bad. A film adaptation of H2G2 has to make some changes, but it should not miss the spirit of Adams' humor, and for God's sake, if it's not funny at all, it's a disaster.
Do you really think Iacocca's salary saved Chrysler Corp. that much money that it made any sort of a difference in the company's bottom line?
As someone above said, this is merely a PR gimmick.
Iacocca's stunt was done to "set the tone" for the thousands and thousands of Chrysler workers.
Good point, what I said about Iacocca implied a cause and effect that I don't actually believe. I agree that his $1 salary was a symbolic move, to show that he was willing to make a personal sacrifice, although it didn't make much difference for Chrysler.
All the more reason why the decision of the Google guys doesn't seem terribly suspicious. Whatever their reasons are, it's not that Google's in danger of bankruptcy, certainly nothing at all like the crisis that Chrysler was in.
... back when Chrysler was in danger going belly up. Saved his company some dough. And they did survive in the end, didn't they?
I think a lot of you are not getting it, the Google guys are indeed paying taxes, namely capital gains taxes, on their equity earnings. Probably a lot more than they ever would have paid as income tax on their salaries.
I think they're just saving their company some money and acknowledging that the real moolah comes from their investments. For most of us, a yearly salary of a couple of hundred G's would completely change our lives, but these guys are billionaires.
Even if things start going very badly for Google and its stock price, they probably have enough safe investments spread around that they are assured of lives of ease no matter what happens. And make no mistake, they pay tax on all those investment earnings, probably more than most of us ever will. I don't see anything particularly evil or unevil about this either way.
... as long as spammers believe that there is money to be made by spamming. And that means that spamming will continue as long as email is so cheap to send and as long as there are sufficiently many dimwits who respond to spam. And there doesn't have to be very many such dimwits. You can sue as many spammers as you like; as long as there is money to be made, new spammers will appear in their place. The only irreplaceable part of the equation is the low cost of email compared to the money to be made even from a very low response rate.
I don't know what the typical response rates for spam are, but even if one in a thousand or ten thousand recipients is an idiot who answers the spam and sends money, or even one in a million, then it's worth it to spam, because the cost of sending a thousand or ten thousand or even a million emails is nearly nothing. At any rate, it can easily be much less than what spammers charge for their product.
One conceivable alternative is to make it more expensive to send email. If there were some way to establish "postage" for email, then even infintesimal costs for sending email, say 1/100th of a cent per email, would probably be effective, because then spammers would lose money by sending a million spams. But I can't see how such a system could be enforced, and I doubt that most people would go along with it, even if the costs for normal email use is very low.
I also doubt that any amount of education or cajoling could reduce that rate of idiots in the general public to less than one in a thousand, certainly not less than one in a million. Putting all these thoughts together, I come to the depressing conclusion that we will never, ever be able to make spam go away, no matter what we do.
Passphrases are the only sensible solution I've ever heard of for divising keys that are both relatively easy to remember and sufficiently random so as to be secure. A random string of characters cannot be reliably memorized. Any word, no matter in what language and no matter how obscure, can be cracked by a dictionary attack. A sequence of words chosen at random can be memorized, and if it's about six or seven words long, is probably beyond the reach of cracker software, even the Secret Service's.
One of the best ways I've seen to construct a secure passphrase is Diceware. Arnold Reinhold constructed a list of about 7500 words of up to six characters in length. Roll five dice to pick out a word in the list; do this a few times to create a passphrase, commit the phrase to memory, and burn anything you might have written down. He calculated that if you choose a passphrase consisting of seven words this way, you have about 90 bits of entropy, which a cracker probably couldn't break in this lifetime. His sample phrase is cleft cam synod lacy yr, which probably takes some practice to memorize, but it can be done.
Wait a minute. Person with a uniform and a role of auhtority says to a citizen, "Show me your ID." Citizen asks, "Why?" Person with authority says, "Because it's the law." Citizen asks, "What law?", and the person with authority doesn't have an answer.
If persons with authority start telling people what to do on the grounds that the law says they can, and then it turns out that they don't know what they are talking about, indeed for all appearances might just be making it up, then there are no limits to what citizens can and will be forced to do. If that's not a grave threat to civil rights, I don't know what is. It no longer matters what the law does and does not allow, the law doesn't make any difference any more if anyone with a badge can claim, "It's the law" and then without any further explanation demand anything they want.
It's never wrong to question authority. Authority can be expected to have an answer.
Obviously you are not a journalist, because for them, the money they get from VG Wort can be the equivalent to one month's pay. For freelancers, this is a very, very important system.
You're right, I'm not a journalist or a free-lance author (not any more), and my assumptions about what professional authors gain from VG Wort were extrapolated from my own experience, where it was very minor. So I'm willing to stand corrected.
Nevertheless, I still think it's very questionable whether adding 12 Euros to the price of every unit of PC hardware will create a benefit for authors that, economically and socially, is worth it on the whole.
Slashdot Mirror
Oracle has announced a statement today making commitments concerning MySQL that may (or may not) address some of these concerns -- of both Widenius and the EU.
http://www.marketwire.com/press-release/Oracle-Corporation-NASDAQ-ORCL-1090000.html
These include:
* Continued Availability of Storage Engine APIs
* Commitment to enhance MySQL in the future under the GPL
* Support not mandatory
* Increase spending on MySQL research and development
* Continuing to maintain the MySQL Reference Manual
* Preserve Customer Choice for Support
And some other things about preserving the conditions of licenses currently held by storage vendors.
Healthy skepticism is of course always a good idea. On first reading, I can't tell how binding these commitments are (the statement says "Oracle hereby publicly commits to the following", and that's about it), and it doesn't exactly make Widenius' commitment to the timeliness of new releases and patches, except for the commitment to increase spending, which Oracle presumably would like to have result in new revenue.
But Oracle is evidently trying to address the EU's concerns in an effort to get the deal approved, and the EU might get them to make these commitments binding. The EU's initial reaction appears to be positive:
http://www.bloomberg.com/apps/news?pid=20601087&sid=a4SRxTHKHzTA&pos=7
So we had a race condition on database transactions using two-phase commit, your usual mind-fucking WTF situation, drove us up the walls for days, you all know what I mean. We knew it was a race condition because if we put a sleep() statement at the end of one of the transactions, everything ran fine. sleep(10) was always long enough, and since all of this ran asynchronously in the back end, an end user would never notice the difference.
So we went to the customer. We told them that we could continue to bust our brains trying to find a "real" fix, and didn't know how long that would take, or we could just leave the sleep() in. And we could even make the length of the sleep interval configurable, so they could try to make it shorter than 10 seconds, if they really felt like fiddling around with it.
The customer went for the configurable sleep().
Years ago we had one of those bugs that was driving us around the bend, you all know how those are, so once when we were trying a fix, I started chanting "Praise Allah", for no other reason except for sheer desperation. And I kid you not, the fix worked on that very run.
Ever since then, we always remembered to praise Allah whenever we were struggling with a sticky problem. I live in Germany, so what we were actually saying was "lobet Allah", but over time we found that "Allahu Akhbar" works much better, especially when accompanied by gestures of supplication.
Occasionally we found that a difficult problem persisted for a while, until we realized that we had forgotten to praise Allah. After that, the issue was quickly resolved.
Don't try to give me some kind of egg-headed explanation for all this, this was just simply supernatural forces at work, that's all there is to it.
Touché. So in addition to the narrowly-targeted phishing, they took advantage of a slight lead in the "arms race" between virus checkers and attackers. And that was enough to get a helluva job done.
Is there any realistic way to prevent something like this in the future? I'm afraid I don't see anything obvious.
As near as I can tell from the Markoff article, the infiltration was made possible by run-of-the-mill phishing attacks. (Markoff says it's called "whaling" when it's directed at specific high-level targets. I've never heard of that, and don't really see any substantive difference.)
If so, then technically speaking there's probably nothing really new here. What seems interesting to me is:
- Obviously, the vast scale, the sensitivity of the targets, and the potential political impact.
- The operation has not been publicly revealed by government agencies (FBI sez "no comment"), but rather by Nart Villeneuve et al. at the University of Toronto.
- Phishing is evidently effective enough to make widespread infiltration like this possible. Sure, there are more sophisticated things that attackers could do, and of course most users should know better than to blindly click links in their email. But here we are, phished to death all over the world. Why should an attacker go to any more trouble?
I wonder how much security improvement would be gained if Thunderbird & Outlook disabled the automatic opening of a browser when you click on a link in email, and made us go back to the old days of copying & pasting links. Would users be more careful if they could more easily see what they're doing?
My friend, you may be a champion in the Understatement of the Century Contest.
Sure, there are many entirely respectable reasons why Hurd never got finished.
But, ah, erm
It's time to give up!
The Hurd project has failed! Blue blazes, tarnation and a monkey, it's been seventeen fucking years!
There are software projects for which a delay of seventeen days is intolerable, although that is usually salvageable. A project that is seventeen weeks too late, on the other hand, is universally recognized as a failure.
And we all know about projects that come in seventeen months too late. We all know that someone, somewhere in a project like that was thoroughly incompetent.
There are simply no words, no satire, no amount of acid-tongued vituperation that could do justice to a software development project that still isn't finished after seventeen years.
It's not finished yet, although they've been working on it for 17 years! .
I'll bet that after 17+ years of development, it's gonna be really, really cool technology!
You were getting close, but then you said:
Sorry, but the "Hollywood" cash contribution to Democrats is just too small to warrant the phrase "one of the main". It consistently comes in at something like 2.5%.
All right, this is indeed a true statement, and point well taken. While a couple of million bucks will not necessarily make or break the Democrats, it's certainly nothing for Harry Reid to sneeze at. And the fact that Democrats get a lot more from the entertainment industry than Republicans do is certainly at least part of the politics at play here.
There's also the fact that the entertainment industry has a lot of public influence unrelated to the size of their cash donations, for obvious reasons. If good relations with "Hollywood" will get positive publicity for Democrats that comes "for free", well hey, no wonder they like it.
But I suspect that this issue is not well understood if we overestimate the influence of "Hollywood" on the Democratic leadership; certainly if we let false assertions about the "biggest cash machine" go unanswered. I think there's also the fact that the entire political class in Washington, Democrats and Republicans, is firmly entrenched in the belief that file sharing is criminal and immoral, and damaging to the economy.
I'm sorry, I forgot to mention that those numbers are from the 2006 election cycle; I wanted to look at the donations from the most recent completed cycle, and the 2008 campaigns are still in the midst of raising money (there will be a lot more from now until November of next year). The WSJ article covers the Presidential campaigns for 2008, and we just can't know yet which industries will make the largest contributions by the time it's over.
And incidentally, they're not "my" numbers, they are from Open Secrets, as indicated by about five links in my previous post, so if I haven't got that across to you yet, here's another one.
Here's the thing: "Hollywood is [the Democrats'] biggest cash machine [and hence controls them]" is just like "Liberals control the media" and "There's no global warming" and "There are WMDs in Iraq" and "God said Shazam! and then Adam and Eve were standing there" are all assertions that conservatives assert to one another feverishly nodding their heads, based exclusively on the evidence of It Feels Good To Believe It. And yet, just a cursory look into publicly available evidence will typically show that these things are not true. Nevertheless, these legends permeate the mainstream media and our public debate, in this case the front page of Slashdot. For the sake of a sane future for our democracy, this has got to stop.
For the sake of getting this thread back on topic: despite what I'm saying, there's plenty to criticize what Harry Reid is doing about file sharing, but it doesn't help to base that criticism on assertions that are plainly false. That's precisely my point. For the pushback to be effective, we must cease and desist from mustering arguments that are this easily exposed as nonsense.
"Hollywood is the main source of cash for Democrats" is just another legend in the rich and bizarre mythology of conservatism, and as such it is typically puerile and easily refuted.
Opensecrets reports that the top industries donating to the DNC, based on contributions from PACs, Levin money donors, and individuals who self-identify their employer, are:
1. Retired ($7,389,597)
2. Lawyers/Law Firms ($3,250,708)
3. Securities & Investment ($2,301,530)
4. Real Estate ($1,570,877)
5. Education ($1,429,546)
6. Misc Finance ($1,176,402)
7. Business Services ($1,108,889)
8. Health Professionals ($1,044,045)
9. TV/Movies/Music ($1,042,810)
Thus the "industry" making the largest contributions to the DNC are retired individuals, contributing over $7 million to a total of about $37 million. The entertainment industry, which is presumably what the myth-entranced poster meant by "Hollywood", comes in 9th place with just about one measly million.
For the DCCC, which is responsible for elections in the House, it breaks down like this:
1. Candidate Committees ($28,987,184)
2. Retired ($6,473,164)
3. Securities & Investment ($5,237,572)
4. Lawyers/Law Firms ($4,730,490)
5. Real Estate ($2,846,870)
6. TV/Movies/Music ($2,299,387)
So the top contributors to the general DCCC funds are, by far, the individual campaign committees (who of course must get their own contributors). "Hollywood" comes in sixth place with about $2 million out of a total of over $80 million.
For the DSCC, responsible for Senate campaigns, the picture is about exactly the same as for the DCCC:
1. Candidate Committees ($10,312,550)
2. Lawyers/Law Firms ($9,989,631)
3. Securities & Investment ($7,938,319)
4. Retired ($6,967,505)
5. Real Estate ($4,864,610)
6. Misc Finance ($2,585,026)
7. TV/Movies/Music ($2,286,687)
This time, "Hollywood" comes in 7th place, again with about $2 million out of over $80 million.
However we much we may dislike what Harry Reid is doing, the claim about "Hollywood" and the Democrats is load of peanut butter. We need to get these reality-challenged conservative canards out of our public discussion; they certainly have no business of the front page of Slashdot.
You mean to tell me that you run all 5000 of the programs in each of those bin directories, every week? And each of them with equal likelihood, I suppose?
I call extreme bullshit. The author said we might need to whitelist about thirty programs. Maybe you run twice as many as that, or three times as many, which would get you up to about a hundred. But there's no way that your whitelist would have to be fifty times as large as that.
And who says you have to confirm the stuff on your whitelist every time? On the contrary, confirmation should be required only when you try to run something that's not on the list; so you'll still get the chance to decide, on a case by case basis, whether it's OK. That won't be necessary very often anyway.
The author is right. The programs on our machines that we need to run regularly are outnumbered many, many times over by the programs that we don't need to run very often, if at all.
Because servers running Linux evidently get Slashdotted pretty easily ...
The second poster said:
Nope, that is not the same. The BSD says you can do that, but you don't have to if you don't want to. The GPL says you must do that. Big difference.
OK, I'll grant that I was missing the point that the original poster was making. But I still think you're missing mine.
Yes, you can allow your browser to memorize your passwords, and for many end-users this is sufficient as a solution for single sign-on. I do that myself, right here on Slashdot, for example. This puts much of the solution on the client side. It does mean that the user has to be conscientious about security; you have to remember not to leave your browser session accessible to others after you're entered your "master password", otherwise anyone else using the session after you has access to all of your passwords. And this only helps you with functions for which you use a browser as the client.
My point is about the systems on the server side that the user authenticates against, which are most commonly LDAP and Active Directory. In a lot of environments, there is more than one system involved using different technologies (those two in particular), and so far there have been no standards that allow them to interoperate. You might very well be interactng with more than one of these when you're using your browser at a web site, although as an end user you don't notice it. What appears to the user as a single action on the client side may involve different systems on the server side, each of which requires a different scheme for authentication. I've run into this problem more than once on the job (which is probably why I was only looking at one side of the issue), and it's always been a costly PITA, because we've had to rig up one-shot solutions every time.
The trouble with Passport was that it really did require centralized authentication at a single location, which would have been under Microsoft's control. If I've understood correctly, what Microsoft and Sun are doing isn't like that; it's a standard to get server-side authentication technologies that had been incompatible to work together. And I can attest that there is a real need for such a thing.
Browsers such as Mozilla can store cookies, that's all they do. Or maybe some other kind of local state mechanism, but none of these, all by themselves, are a dagburn bit of good if you want to authenticate against common directory servers, which are widely used to store user information and credentials. Common directory servers such as Microsoft's Active Directory, or LDAP, for which Sun markets a product (Sun's most successful server product). Your cookie just sits there, just being a cookie and doing nothing else woth mentioning, and the directory just sits there, wondering what the heck it's supposed to do with a cookie.
The cookie on your browser could be useful if some technology were available that relates it to an authentication token that the directory products recognize. And durnit, wouldn't it be nice if such a technology were standardized, so it would interoperate with the directories of different vendors? Well heck, then you'd have single sign-on in heterogeneous environments! Dagnabbit, don't you just wish the vendors of those directory products would get together and agree on a standard, so you could do all that cool stuff with your Mozilla browser?! Shucks, what's taking them so long? Oh, whoops
Have someone tell your boss that you've died.
Since no one has seen fit to respond to this so far, let me point out emphatically that this post is making an an outrageous and completely unsubstantiated accusation, and it is a lousy, indecent thing to be doing to Paul Murphy. You may or may not like what he says about SCO, but he most certainly does not deserve an anonymous accusation of attempted rape.
I frankly would like to meet the person who wrote this post, so that I could give him solid kick in the ass. I'm not using a figure of speech here. Far from acknowledging any "obvious reasons", Mr. Anonymous Accuser, I say that you are loathsome coward, and you damn well better come back with something more substantial, or shut your filthy mouth.
As for you moderators who modded the post up to 5 Interesting, I submit that you are among the stupidest morons ever to visit Slashdot. If anything deserves a -1 Troll, this is it.
As for the question of whether or not the accusation is true, in the absence of any verifiable evidence there is no reason at all to consider such a possibility. To make any such assumption about Paul Murphy on the basis of an anonymous accusation is so unfair as to be utterly indecent.
I never thought I would attack someone for an anonymous post, because I'm often irritated by all of the pithy sigs about how anonymous posters cannot be believed. In almost all cases, that's a logical fallacy, because the merit of post in a discussion group lies solely in the strength of the evidence and arguments it presents, which usually has nothing at all to do with the identity of the poster. The only situation in which the anonymity of the poster detracts from his credibility is when his identity is one of the issues addressed in his post.
But this is precisely that kind of situation. Someone here is saying that he knows Paul Murphy personally and is accusing him of a crime, but the accuser won't tell us who he is and how he supposedly knows these things. That kind of crap deserves no credibility until the poster comes back and tells us why we should believe anything he says.
I dunno, I think this review is a very bad sign. Sure, there were some Tolkien fans who would not tolerate any alterations from the original of any kind, but I think these were actually rare. The LOTR films were, for the most part, very well received by Tolkien fans because Jackson managed to capture much of the spirit of the books and translate it into film. A film adaptation must necessarily remove some of the details of the original, and we can all argue about those decisions, but many of us think that Jackson succeeded in preserving what was good about the books.
This review of H2G2 gives the strong impression that this film has failed to do that. Worst of all is when he says that viewed as a comedy film in its own right, ignoring the matter of faithfulness to the book, it fails because it just ain't funny. If so, that is jaw-droppingly bad. A film adaptation of H2G2 has to make some changes, but it should not miss the spirit of Adams' humor, and for God's sake, if it's not funny at all, it's a disaster.
Good point, what I said about Iacocca implied a cause and effect that I don't actually believe. I agree that his $1 salary was a symbolic move, to show that he was willing to make a personal sacrifice, although it didn't make much difference for Chrysler.
All the more reason why the decision of the Google guys doesn't seem terribly suspicious. Whatever their reasons are, it's not that Google's in danger of bankruptcy, certainly nothing at all like the crisis that Chrysler was in.
... back when Chrysler was in danger going belly up. Saved his company some dough. And they did survive in the end, didn't they?
I think a lot of you are not getting it, the Google guys are indeed paying taxes, namely capital gains taxes, on their equity earnings. Probably a lot more than they ever would have paid as income tax on their salaries.
I think they're just saving their company some money and acknowledging that the real moolah comes from their investments. For most of us, a yearly salary of a couple of hundred G's would completely change our lives, but these guys are billionaires.
Even if things start going very badly for Google and its stock price, they probably have enough safe investments spread around that they are assured of lives of ease no matter what happens. And make no mistake, they pay tax on all those investment earnings, probably more than most of us ever will. I don't see anything particularly evil or unevil about this either way.
... as long as spammers believe that there is money to be made by spamming. And that means that spamming will continue as long as email is so cheap to send and as long as there are sufficiently many dimwits who respond to spam. And there doesn't have to be very many such dimwits. You can sue as many spammers as you like; as long as there is money to be made, new spammers will appear in their place. The only irreplaceable part of the equation is the low cost of email compared to the money to be made even from a very low response rate.
I don't know what the typical response rates for spam are, but even if one in a thousand or ten thousand recipients is an idiot who answers the spam and sends money, or even one in a million, then it's worth it to spam, because the cost of sending a thousand or ten thousand or even a million emails is nearly nothing. At any rate, it can easily be much less than what spammers charge for their product.
One conceivable alternative is to make it more expensive to send email. If there were some way to establish "postage" for email, then even infintesimal costs for sending email, say 1/100th of a cent per email, would probably be effective, because then spammers would lose money by sending a million spams. But I can't see how such a system could be enforced, and I doubt that most people would go along with it, even if the costs for normal email use is very low.
I also doubt that any amount of education or cajoling could reduce that rate of idiots in the general public to less than one in a thousand, certainly not less than one in a million. Putting all these thoughts together, I come to the depressing conclusion that we will never, ever be able to make spam go away, no matter what we do.
Passphrases are the only sensible solution I've ever heard of for divising keys that are both relatively easy to remember and sufficiently random so as to be secure. A random string of characters cannot be reliably memorized. Any word, no matter in what language and no matter how obscure, can be cracked by a dictionary attack. A sequence of words chosen at random can be memorized, and if it's about six or seven words long, is probably beyond the reach of cracker software, even the Secret Service's.
One of the best ways I've seen to construct a secure passphrase is Diceware. Arnold Reinhold constructed a list of about 7500 words of up to six characters in length. Roll five dice to pick out a word in the list; do this a few times to create a passphrase, commit the phrase to memory, and burn anything you might have written down. He calculated that if you choose a passphrase consisting of seven words this way, you have about 90 bits of entropy, which a cracker probably couldn't break in this lifetime. His sample phrase is cleft cam synod lacy yr, which probably takes some practice to memorize, but it can be done.
Just found this: An endless loop of Shatner shouting you-know-what.
Just open it up in a separate window and let it play in the background all day long.
Wait a minute. Person with a uniform and a role of auhtority says to a citizen, "Show me your ID." Citizen asks, "Why?" Person with authority says, "Because it's the law." Citizen asks, "What law?", and the person with authority doesn't have an answer.
If persons with authority start telling people what to do on the grounds that the law says they can, and then it turns out that they don't know what they are talking about, indeed for all appearances might just be making it up, then there are no limits to what citizens can and will be forced to do. If that's not a grave threat to civil rights, I don't know what is. It no longer matters what the law does and does not allow, the law doesn't make any difference any more if anyone with a badge can claim, "It's the law" and then without any further explanation demand anything they want.
It's never wrong to question authority. Authority can be expected to have an answer.
You're right, I'm not a journalist or a free-lance author (not any more), and my assumptions about what professional authors gain from VG Wort were extrapolated from my own experience, where it was very minor. So I'm willing to stand corrected.
Nevertheless, I still think it's very questionable whether adding 12 Euros to the price of every unit of PC hardware will create a benefit for authors that, economically and socially, is worth it on the whole.