Having said that, if as many computers ran Linux as the various Win versions, we would also be seeing more problems that at present - they just would not be as serious.
One very telling fact, IMHO, is that currently Apache holds over 3x the market share for web servers compared to MS's IIS. (Source November Web Server Survey - 67% vs 21%.) Yet look at the number and type of security alerts for each over the past year or two.
Since they are presenting data on the time to a fix, I know that they are ignoring the time that the public doesn't know about an MS exploit and making it seem like they work coding miracles.
Yeah, I keep expecting MS to issue a press release some day expaining how they everage 1.5 hours between security hole discovery and patch release. They'll have the advantage of all those "negative time to patch" when they release a patch and only later tell the public about it because some security firm leaks details.
Heck, maybe they can count the ones they NEVER tell the public about and have an infinately small average time for patch releases!
While we're handing out tips, here is one I learned the hard way. Create your RAID paritions at the lower side of the "specified" drive capacity. In other words if your new 180Gb drives actually have 180.5Gb available, DON'T use the extra.5Gb!
I had to replace a failed 180.4Gb drive on a 1Tb server and the replacement was exactly 180Gb. I had to back up 400+Gb of data, re-create the RAID array with 180Gb partitions and then restore. If you think backing up 60Gb is slow... ha!
Unfortunately, the 3ware utilities don't seem to allow you to specify the partition size.. they just use the whole drive. Mixing one 180Gb drive in with the 180.4Gb drives made it use 180Gb for all of them. Unfortunately that isn't very practical when you are creating a raid array on a batch of brand new drives. (You'd have to find one slightly smaller drive.)
I already pay for broadband Internet access. On top of that, I may pay for a phone-to-IP-to-phone service like Vonage. This does NOT equal paying for phone service. This alone is going to cost me in the neighborhood of $60/mo.
With VoIP, I accept the fact that I don't have a dedicated circuit, but instead share the "line." I accept that I have no gaurantees about Jitter or other sound problems due to congestion. I accept that it's very unlikely to be as reliable. (Even if Internet service is perfect a power outage in my house a failed switch, router or firewall... and there goes the phone!)
In the end I give up a lot of gaurantees and don't really save a ton of $. BUT, I'd have the broadband anyhow. And it works most of the time (nearly all of the time actually.) But, if you rely much on VoIP over the Internet, you know it isn't the same as a phone line and regular phone service.
And how are they going to define and catch VoIP use? If H323 protocol is regulated, how long before VoIP services start using XML via HTTP? Once it is encoded it's just data. What I do with data over a data network like the Internet is really my own business, especially when I'm paying access fees for this network already.
what would Belkin need to do to win your business back?
How about gaurantee the next model they release 6 mo from now won't have the "feature" back on? Or maybe swear that if their products do more than they are supposed to do (in this case route, NAT and FW) they'll put a warning on the box.
This seems like a very dumb thing for them to have done on many levels. Seems like substituting URLs in a request at the wrong time could really fsck up some web apps... or at least make someone miss out on *first post*!
Put months of time into your book, then have the vendor pull support.
Considering that RH announced their new EOL policy many months ago I doubt he was seriously surprised.
I really wonder how this is going to affect RH's RHN service income though. Quite a few non-profs and schools used it to keep servers up to date. The same orgs aren't likely to replace all RH Linux servers with RHE servers... and without that, not much reason to buy RHN subs anymore.
In my 14 years as a Network Administrator I think I've restored backups due to failed hard disks about twice (RAID catches the rest)
But I restore data accidentally deleted or changed by a user at least weekly!
Of course, without some type of redundancy, a failed drive *will* kill your data pretty much 100% of the time. I have to agree with you on the "end user" problem though. Even experienced users can goof. I'm much more likely to blow my data away myself than have a drive go out.
That's why my preferred method for disk redundancy on my work PC is a 2nd drive and a nightly rsync. The "backup" takes about 5 minutes. And since it isn't RAID, when I make a mistake it isn't made on all drives at once. As long as I notice my goof before the backup runs at 5am, no problem.
I had initially planned to do RAID 1 on the drives, but after I thought about it I like the nightly rsync better. I'd much rather lose (at most) one day's work than not have any backup at all if I mess something up.
BTW, an rsync between drives probably averages about three minutse on my system. I also have a multi-user server I rsync accross a 10Mb WAN link and even that is generally only 10-20 minutes.
How many orders of magnitude of punishment beyond the origional damage do you want? Say a spam costs $1 (I'd say it costs about a cent, but for aguments sake I'll give you latitude.) A $1,000 fine is THREE orders of magnitude in punishment. That's insane.
Ok, lets say it costs $.01 instead. And we should only allow a two order of magnatude fine? That's $0.10. Do you really think that is any kind of deterant? And that's the point. The fine isn't to recover damages as much as it is an attempt to offer a deterant to spammers and an incentive for the victims.
To give it any teeth, the fine has to be big enough to make it worth the victim's time and big enough that not every single victim must file suit.
Let's go back to a spam costing the recipient $0.01 again. If a spammer sends 1,000,000 messages then that's $10,000 worth of "damages" they are responsible for. The odds of even one of the 1,000,000 recipients going after the $1,000 is fairly slim... so the spammers get off easy at $1,000 per suit.
When the data can be read remotely while passing a squad car or it records more than the last few seconds before impact... then I'll care. Before that happens it isn't much of a threat.
To be honest, in the event of a crash I wouldn't mind a little black box *proving* that I wasn't speeding when the other idiot pulled out in front of me.
If they want to rent or lease out the item fine.. let them do so and call it a rental or a lease. And let them try to "rent" stuff to their customers. But if they are selling a tangible physical item for a one-time fee they are SOL as far as enforcing that EULA goes.
Hell, courts have even overturned some software EULA restrictions on reselling or giving away software which was originally bundled with a PC. So don't think a judge will be all too keen on enforcing these restrictions. The guy paid for it and if he wants to give it away or sell it I don't think there is a heck of a lot the company can do to stop him.
If he had been dumb enough to sign a rental agreement or lease when he got his jig master.. THEN they would have some say. They know they wouldn't sell any jigs if they required the buyers to sign a rental agreement. This EULA is just an attempt to get the benefits of renting to customers without the damage it would do to their sales.
What we need is an open source jig (OSJ). The Internet woodworking commuinty can get together and design and build a master jig. We can keep it in CVS and allow modifications and downloads for all those poor propietary jig users.
Of course we'll want to license it under the JPL (Jig Public License) so any modified versions of the Jig must be open sourced as well. Unfortunately it will only be a matter of time until Stotts starts suing the larger wood products companies for using and improving the OSJ. Then the lawsuits, licensing schemes for OSJ users and media frenzy will start... pushing Stotts' stock to new hights.
Oh wait... physical things doen't e-mail well do they? Nevermind.
And every version was supposed to be faster than the last one
If you want to see fast... run Win31 on a modern PC. Boots up in seconds. Of course it doesn't have nearly the functionality of current Windows.. but it makes me think that the only reason new versions of Windows are "faster" is that they are typically run on newer higher-end hardware.
No, you're right. We should leave poor MS alone. They're obviously confused. After all, this is the same company who during the antitrust trial, said they couldn't share their source code with anyone due to national security concerns if the code got into the wrong hands.
Then later (2002) they told a federal court that sharing information with competitors could damage national security. And even said the code was so flawed it could not be safely disclosed.
So it seems clear to me that they are confused and just need our sympathy. After all I'm sure they wouldn't intentionally risk our national security nor lie about the risks of sharing their source on the stand in federal court.
This is nothing new. Remember when Windows 2000 came out, and magazines were filled with all those Microsoft ads making fun of the Windows 98 BSOD?
And it's not like it started there. Every version of Windows from Win3.1 on was the most "user friendly, fastest, most reliable OS avialable"... right up until shortly before the next version. Then they instantly became "difficult, too slow and prone to application and OS crashes."
Fortunately the new version had all those problems fixed.
Okay, I know it's a joke, but there are valid reasons for synching with an NTP server - such as making sure all machines run the same time.
Yet it is still pretty irrelevent to Aunt Gertrude... who's VCR has said 12:00 for 5 years. A few minutes accuracy is more than most Windows home users care about. And I'm willing to bet that running a raytrace that takes 2 weeks, 1 day, 4 hours and 38 minutes isn't likely to happen in most homes either.
If they want to make things easier on the surfer they could do away with pop-whatever ads altogether. Then again, I use Mozilla so I really don't have a problem with pop ads. I haven't seen a pop-anything ad in the past 6 months.
How long until AT&T customers start getting fed up with not getting e-mails that "everybody else on the list received"? While I'd love to get 0 spam messages/day, I'd quickly jump ship from a company where I couldn't fairly well trust that I'd receive e-mail sent to me.
We've gone from little over 40 hours on average to 24 hours
I'd like to know what part of the process he is talking about? Is that the time between when the hole is made public and when the patch is released? That would explain things a bit... since MS typicaly can keep the news under wraps until they release the patch simultaneously.
Including a lot of "0 seconds between bug announcement and patch release" is bound to give you a much lower average. So, it would be possible for MS to receive 85 bug reports, surpress all but one for three months, release 85 patches and average just a bit better than 24 hours between public announcement and patch.
all that needs to happen is the spammers need to convince the companies
Exactly right. The big spammers are rarely ever selling anything themselves except spam. All they need to do is tell a company that their ad will reach 24 million potential customers a day.
Then add "if even 1/2 of one percent buy your $29.95 product, that would be millions of dollars worth of sales." The company owner's eyes gloss over while they dream of being rich and sign the check to the spammer.
Besides, I suspect the callback rate on spam is a bit better than the 1 in 1 million cited by the orignal post. I live in an area with roughly 60,000 people. I certainly don't know everyone but of those that I do know I can think of at least one person who might actually buy some "body part enlargment" product. Based on that sample case, I would bet buy rates are much much higher.
It looks like the average US electric rate is around $0.08/kW-hr according to the web sites I could find. So, assuming you pay near the average and run you PC 24x7 at an increased consumption of 50 watts... it would cost you about $35/year extra on your bill.
Now, check the SETI@home statistics page to get total users at 4,710,399. If each user just donated $35, that would be $164 million. Ok, so their active users average closer to 550,000, but that's still almost $20million/yr spent to help SETI.
Slashdot Mirror
Does that mean shortly after Wal Mart puts tags in everything some joker can walk through the store and tell them to all disable themselves?
No. Your probation officer cares about you very deeply. :-P
One very telling fact, IMHO, is that currently Apache holds over 3x the market share for web servers compared to MS's IIS. (Source November Web Server Survey - 67% vs 21%.) Yet look at the number and type of security alerts for each over the past year or two.
Does that mean there are no "air-time" charges, or is it only for outbound calls?
Yeah, I keep expecting MS to issue a press release some day expaining how they everage 1.5 hours between security hole discovery and patch release. They'll have the advantage of all those "negative time to patch" when they release a patch and only later tell the public about it because some security firm leaks details.
Heck, maybe they can count the ones they NEVER tell the public about and have an infinately small average time for patch releases!
I had to replace a failed 180.4Gb drive on a 1Tb server and the replacement was exactly 180Gb. I had to back up 400+Gb of data, re-create the RAID array with 180Gb partitions and then restore. If you think backing up 60Gb is slow... ha!
Unfortunately, the 3ware utilities don't seem to allow you to specify the partition size.. they just use the whole drive. Mixing one 180Gb drive in with the 180.4Gb drives made it use 180Gb for all of them. Unfortunately that isn't very practical when you are creating a raid array on a batch of brand new drives. (You'd have to find one slightly smaller drive.)
Hey, maybe this will give rise to anti-telemarketing laws now... since a call really does cost you $ once that change is made.
With VoIP, I accept the fact that I don't have a dedicated circuit, but instead share the "line." I accept that I have no gaurantees about Jitter or other sound problems due to congestion. I accept that it's very unlikely to be as reliable. (Even if Internet service is perfect a power outage in my house a failed switch, router or firewall... and there goes the phone!)
In the end I give up a lot of gaurantees and don't really save a ton of $. BUT, I'd have the broadband anyhow. And it works most of the time (nearly all of the time actually.) But, if you rely much on VoIP over the Internet, you know it isn't the same as a phone line and regular phone service.
And how are they going to define and catch VoIP use? If H323 protocol is regulated, how long before VoIP services start using XML via HTTP? Once it is encoded it's just data. What I do with data over a data network like the Internet is really my own business, especially when I'm paying access fees for this network already.
How about gaurantee the next model they release 6 mo from now won't have the "feature" back on? Or maybe swear that if their products do more than they are supposed to do (in this case route, NAT and FW) they'll put a warning on the box.
This seems like a very dumb thing for them to have done on many levels. Seems like substituting URLs in a request at the wrong time could really fsck up some web apps... or at least make someone miss out on *first post*!
Considering that RH announced their new EOL policy many months ago I doubt he was seriously surprised.
I really wonder how this is going to affect RH's RHN service income though. Quite a few non-profs and schools used it to keep servers up to date. The same orgs aren't likely to replace all RH Linux servers with RHE servers... and without that, not much reason to buy RHN subs anymore.
That's why my preferred method for disk redundancy on my work PC is a 2nd drive and a nightly rsync. The "backup" takes about 5 minutes. And since it isn't RAID, when I make a mistake it isn't made on all drives at once. As long as I notice my goof before the backup runs at 5am, no problem.
I had initially planned to do RAID 1 on the drives, but after I thought about it I like the nightly rsync better. I'd much rather lose (at most) one day's work than not have any backup at all if I mess something up.
BTW, an rsync between drives probably averages about three minutse on my system. I also have a multi-user server I rsync accross a 10Mb WAN link and even that is generally only 10-20 minutes.
But who is going to know what a reasonable price for penis enlarging cream is?
Ok, lets say it costs $.01 instead. And we should only allow a two order of magnatude fine? That's $0.10. Do you really think that is any kind of deterant? And that's the point. The fine isn't to recover damages as much as it is an attempt to offer a deterant to spammers and an incentive for the victims.
To give it any teeth, the fine has to be big enough to make it worth the victim's time and big enough that not every single victim must file suit.
Let's go back to a spam costing the recipient $0.01 again. If a spammer sends 1,000,000 messages then that's $10,000 worth of "damages" they are responsible for. The odds of even one of the 1,000,000 recipients going after the $1,000 is fairly slim... so the spammers get off easy at $1,000 per suit.
To be honest, in the event of a crash I wouldn't mind a little black box *proving* that I wasn't speeding when the other idiot pulled out in front of me.
If they want to rent or lease out the item fine.. let them do so and call it a rental or a lease. And let them try to "rent" stuff to their customers. But if they are selling a tangible physical item for a one-time fee they are SOL as far as enforcing that EULA goes.
Hell, courts have even overturned some software EULA restrictions on reselling or giving away software which was originally bundled with a PC. So don't think a judge will be all too keen on enforcing these restrictions. The guy paid for it and if he wants to give it away or sell it I don't think there is a heck of a lot the company can do to stop him.
If he had been dumb enough to sign a rental agreement or lease when he got his jig master.. THEN they would have some say. They know they wouldn't sell any jigs if they required the buyers to sign a rental agreement. This EULA is just an attempt to get the benefits of renting to customers without the damage it would do to their sales.
Of course we'll want to license it under the JPL (Jig Public License) so any modified versions of the Jig must be open sourced as well. Unfortunately it will only be a matter of time until Stotts starts suing the larger wood products companies for using and improving the OSJ. Then the lawsuits, licensing schemes for OSJ users and media frenzy will start... pushing Stotts' stock to new hights.
Oh wait... physical things doen't e-mail well do they? Nevermind.
If you want to see fast... run Win31 on a modern PC. Boots up in seconds. Of course it doesn't have nearly the functionality of current Windows.. but it makes me think that the only reason new versions of Windows are "faster" is that they are typically run on newer higher-end hardware.
No, you're right. We should leave poor MS alone. They're obviously confused. After all, this is the same company who during the antitrust trial, said they couldn't share their source code with anyone due to national security concerns if the code got into the wrong hands.
Then later (2002) they told a federal court that sharing information with competitors could damage national security. And even said the code was so flawed it could not be safely disclosed.
Then in early 2003, they agreed to share the source code with China.
So it seems clear to me that they are confused and just need our sympathy. After all I'm sure they wouldn't intentionally risk our national security nor lie about the risks of sharing their source on the stand in federal court.
And it's not like it started there. Every version of Windows from Win3.1 on was the most "user friendly, fastest, most reliable OS avialable"... right up until shortly before the next version. Then they instantly became "difficult, too slow and prone to application and OS crashes."
Fortunately the new version had all those problems fixed.
Yet it is still pretty irrelevent to Aunt Gertrude... who's VCR has said 12:00 for 5 years. A few minutes accuracy is more than most Windows home users care about. And I'm willing to bet that running a raytrace that takes 2 weeks, 1 day, 4 hours and 38 minutes isn't likely to happen in most homes either.
If they want to make things easier on the surfer they could do away with pop-whatever ads altogether. Then again, I use Mozilla so I really don't have a problem with pop ads. I haven't seen a pop-anything ad in the past 6 months.
How long until AT&T customers start getting fed up with not getting e-mails that "everybody else on the list received"? While I'd love to get 0 spam messages/day, I'd quickly jump ship from a company where I couldn't fairly well trust that I'd receive e-mail sent to me.
I'd like to know what part of the process he is talking about? Is that the time between when the hole is made public and when the patch is released? That would explain things a bit... since MS typicaly can keep the news under wraps until they release the patch simultaneously.
Including a lot of "0 seconds between bug announcement and patch release" is bound to give you a much lower average. So, it would be possible for MS to receive 85 bug reports, surpress all but one for three months, release 85 patches and average just a bit better than 24 hours between public announcement and patch.
Exactly right. The big spammers are rarely ever selling anything themselves except spam. All they need to do is tell a company that their ad will reach 24 million potential customers a day.
Then add "if even 1/2 of one percent buy your $29.95 product, that would be millions of dollars worth of sales." The company owner's eyes gloss over while they dream of being rich and sign the check to the spammer.
Besides, I suspect the callback rate on spam is a bit better than the 1 in 1 million cited by the orignal post. I live in an area with roughly 60,000 people. I certainly don't know everyone but of those that I do know I can think of at least one person who might actually buy some "body part enlargment" product. Based on that sample case, I would bet buy rates are much much higher.
Now, check the SETI@home statistics page to get total users at 4,710,399. If each user just donated $35, that would be $164 million. Ok, so their active users average closer to 550,000, but that's still almost $20million/yr spent to help SETI.