When Microsoft moved to integrate IE with Windows, people scoffed, including me. Clearly there could be no benefit to blurring the boundary between the internet and the desktop, so we maligned it as a political move, a business move, a marketing move, everything but a sound technical decision. I distinctly remember one commentator on Usenet suggesting that the speed difference between accessing a local file and a hosted one was so immense that users would protest Microsoft's attempt to conflate the two. Of course that was in the days of ubiquitous 28.8 connections...
Now, you cannot find a window manager that doesn't imitate the principle of web integration. It's simply too *intelligent* to treat resources all in the same manner. And as bandwidth increases among the general population, the glitch of time between accessing files on my hard drive and on, say, infidel.org, will diminish to amounts humans find negligeable.
So my question is, when will Microsoft get the credit due to it for this groundbeaking innovation? Or are we going to resort to that old game, exhuming some dusty old prototypes from Xerox PARC and Digital in an effort to discredit MS?
I've just spent far too many hours securing the network settings on a test harness... and I can tell you right now, I would never allow this sort of access to any topology unless I had very clear and fixed signatures for all these "bots".
One principle behind securing a network is to disallow unnecessary access between machines. The fewer legitimate channels, and the more predictable the dataflow, the easier it is to monitor for anomalies. There are certain machines in the test harness I'm working on, for example, that *never* talk to one another. If I didn't segregate machines this way, we could lose essential data if a weak front-end box were taken.
Opening the network to roving spiders and allowing them discretionary control over monitoring and transmitting would be difficult to secure. How could I tell the difference between a scan from a bot and a scan from an attacker? How could I identify what is an "dangerous" data transmission when the bots are semi-autonomous and unpredictable?
I don't want to dismiss the idea, because eventually we will have to develop "immune systems" for our machines. But right now, it seems difficult to integrate these two models. When I run my own scans, I know that I'm doing it and I can pick out my work from the logs. This would add a new layer of complexity - something that already exists in abundance in the security field! -konstant Yes! We are all individuals! I'm not!
Put simply, he believes that Microsoft lost the trial on purpose: in order to be illegal, a monopoly must be harmful to its consumers, and the DoJ failed to dig up enough evidence to that
He isn't living in reality. Losing this trial has caused enormous damage to Microsoft, whether or not it is overturned on appeal.
It is not easy being told by your friends, by your enemies, and by the media that you are an evil lawbreaker, even if you don't buy it yourself. It's not easy to wear a smile to work when a large part of your compensation (salary is fairly low) is in the toilet. It is *definitely* not easy to recruit smart people to work for a company that, in their minds, might not exist in a year.
Productivity is down, morale is down, the only thing that isn't hurt is the fact that (in our opinions) we are still making the best software and are well-positioned to advance the state of computing in the next few years. But even that is somewhat galling - imagine how you would feel if Red Hat or VA were trading at 53 cents and the press constantly dissed it despite the fact that you believe it makes the best software and will dominate the future of the industry.
No, the prevailing opinion (or excuse, depending upon how you look at it) among my immediate friends at Microsoft is that we lost the trial because the judge wasn't following the law. You disagree. We will discover who is correct at the appeals level.
When I first became addicted to slashdot, it must have been a lull period, because there didn't seem to be many discussions about Linux or quite so many vindictive articles attacking MS (my employer). The reason I started browsing, and the reason I keep coming back, is that I love to talk and argue about ethics and science, and we get those thing aplenty here.
It seems inevitable to me that some day Linux will no longer be the cool topic it is today. There will be another OS, maybe Hurd, maybe something else, that will be the focus of the adulation and the ecstasy so many of you pour out. But while tastes in operating systems will evolve, we now know that slashdot will not. It's owned by a Linux company. It will be about Linux until it goes off the air.
As long as I get my fix of straight talk and tech, I'll be happy to type slashdot.org in my browser, but I do mourn a little bit the passing of true independence from the site. The slashdot editors may be right that they have editorial independence when it comes to each individual story, but they have yet to flex their purported muscles when it comes to a major topic shift on the site. I wonder how receptive VA would be if CmdrTaco suddenly became infatuated with FreeBSD!
The next processing step shown in FIG. 2 is to set a cookie corresponding to the unique identification value and return a page of the requested information (step 82). In general, the setting of a cookie (persistent client-side state information) is a known process. However, in accordance with the invention, the returned page includes instructions to convey the unique identification information to additional server computers that are observing the same protocol.
The purpose of this patent is to work around the necessity of hosting banner ads on a central server and then passing those banners out to member servers. Instead, you host the banner on your own site, and then using this method people who browse the ads are forced to report themselves back to the central server.
Advantages: 1) ad company doesn't have to host banner GIFs - less expense for them 2) faster response times for the user due to fewer connections 3) works around junkbuster-type filters that forbid ads from certain domains or that do not render images from off-site
This is clearly not the double-click method at all. I wish that the slashdot editors would actually read the patent before posting it, let alone trashing it publicly to tens of thousands of people who hang on their every word.
A friend of mine purchased this book for me, swearing it was the most mind-expanding read he had enjoyed for a long while. Unfortunately, I was disappointed.
I have some familiarity with relativistic phsyics, having read Einstein's own attempt at popular science, "Relativity", and quantum physics from "The Dancing Wu Li Masters" Contrasting these works with "The Elegant Universe", I found that Greene never hit the right stride for a book that purports to make complex scientific topics clear.
Crucial issues that lead to the birth of quantum physics like the ultraviolet catastrophe and the photoelectric effect are given a shallow treatment that barely suffices to convey why turn-of-the-century was in such turmoil. Greene even manages to make the famous double slit experiment seem irrelevant and confusing. I felt that if I had studied these topics in college, I would not have comprehende why Greene chose these topics for inclusion in his book.
On the relativistic front, well, Greene completely eschews equations in that section, which was a mistake. Without the dilation equations, the reader gets no sense of *why* things stretch and slow down as they approach the speed of light. You only have to take Einstein's word on it.
Having seen how his coverage of these two topics was lacking, I am suspicious that the discussion of string theory (the reason the book was written) is probably equally weak. Having read the book, I doubt I could speak intelligently about those topics, as I sometimes can do with quantum physics and relativity, having had only the minimum of study described above.
If you enjoy reading about science rather than actually understanding science, this book may be for you. All others I advise to pick up a college freshmen physics text - you'll find it far more gratifying.
The description of "service and flow" sounds remarkable like the model of software licensing that currently is sold by proprietary IT companies. Rather than owning the software/carpet itself, you are sold the experience of using the software/carpet.
This model is appealing to companies in the tech industry simply due to the low cost of replicating their product. I fail to see the incentive in a material goods economy such as carpet sales. Why would a company want to shackle itself to the quality of your much-abused rugs? How could they possibly benefit?
Additionally, slashdotters are well aware that the licensing model has its own costs to the consumer in terms of freedom. The book's theory sounds a bit like armchair philosophy to me.
I cringe to recommend the service to this hostile group, but Microsoft is attempting to address this very problem with Passport. By authenticating yourself centrally, and storing your essential information such as credit card numbers, on their servers, you are immediately authenticated to any sites that recognize the passport mark.
Of course, this has yet to become popular, and I could understand if you had reservations about handing such important data into a corporation's safekeeping.
Slashdot should be celebrating this news. Apogee is courting just the sort of court case that could destroy UCITA at the supreme court level.
The supreme justices (indeed, even the district courts) would have a hard time reconciling their prior rulings on matters of speech foreclosure with Apogee's foolish attempt at censorship. UCITA is an act of State legislatures. These bodies do not have the power to annul the 1st amendment of the constitution. If I could be forbidden to criticize Apogee based upon their "ownership" of various identifying names and symbols, then what would exist to stop private individuals, social groups, or even politicians from doing the same with their "licensed" speeches and doctrines?
No, this will be struck down. But remember, the courts do not work magically. Many thousands of dollars and hours must be spent by the "good guys" before they can even reach the supreme court. In case you weren't aware, this sort of committment is not purely voluntary. Organizations like the EFF and the ACLU need you help, in terms of contributions and vocal support.
And don't forget - somebody actually has to entice Apogee into sueing them as well...
How many think the following experiment would be interesting:
Set up a fake "benchmark report" on a reputable website (get the owners in on the gag) that purports to prove Windows is marginally better than Linux at doing something.
Next month, set up a very similar benchmark on the same site that proves Linux is marginally better than Windows at the exact same thing.
Then, compare the slashdot comments. My hypothesis is that we'd flush a lot of handwaving and armchair OS design... How many people giving authoritative views here even have a flying **** about the ways 3d games *really* work? Heh. Not me, that's for sure!
I was speaking to a friend of mine about this topic and we covered some interesting ground. I don't much listen to music of any kind, let alone pirated MP3's, so I was trying to understand from him exactly to what extent he was really being honest with himself and me about the ethics of copying.
We all have grasped by now that electronic information (from software to music to books, and so on) differs from physical commodities in that the replication price is virtually nil. Yesterday/. referred to an article by Bertrand Meyer in which he argued (fairly cluelessly I thought) that this was only a difference in degree, not in quality. But he failed to reflect that the reverse of the same argument can be used to examine the ethics of charging for physical commodities. Maybe it is only "just" to charge for an apple or a hard drive because they are so expensive to reproduce. If apples materialized out of thin air at the whim of a hungry man, would it still be true that the original breeder of that particular apple variety could ethically charge a price for the long-past labor of creation?
In the MP3 discussion, my friend commented that he would gladly charge for music if it were valued at something closer to it's "true" value. Leaving aside the confusion of a line of argument that tries to assign some kind of intrinsic value outside of a free marketplace, I asked him what that fair price might be. He said 50 cents per song would be just if that meant he could download the song quickly and hassle-free.
Well, I respect my friend but frankly I thought he was lying. It's easy to say that you would pay 50 cents for something you can currently get for free. I might agree that 50 cents is a reasonable price to get a Camaro delivered to my doorstep if all I had to do otherwise was walk down the street and take the keys out of the glovebox.
So I tried to reverse the situation, to find out what he really thought a song was worth. He thought of a song he liked, and I asked him how much he would require me to pay him in return for a promise that he would never choose to listen to that song again. Of course, he could listen to it if someone else were playing it, or if it happened to be on the radio, but he could never again decide of his own volition to play that tune.
He thought about it for a bit, and then *still* said 50 cents. It may be that the didn't really like the song that much, or it may be that he was still fudging the truth, but I'll take his word for it. You may come to a different answer, and if you do then perhaps you haven't been completely honest with yourself about your motives. It *is* possible to believe you're serving the side of virtue when in fact you're only looking out for your baser desires. I hear it even happens on slashdot:)
So the next time you assign a value to a commodity that you can get for free, ask how much it would be worth to you to go without it. Think of it as an exercise in self-inspection.
This is exciting. It's like watching the future of MS Kerberos unfold before our very eyes. Many of the "questions" (apart from the antitrust references, which I think are kind of weak) are excellent, probing challenges to the MS claim of proprietary rights. I can't wait to see how Microsoft responds.
But I have a question for the legally inclined. How binding are all of these thinly-veiled hostilities? For example, what would have happened if Andover hadn't replied to Microsoft's letter? Were they obligated to under law? And similarly, is Microsoft required to respond in kind?
I'm curious because it seems that, if the conspiracy theories about MS Kerberos were true (not that I would know) then wouldn't Microsoft be reluctant to address these thorny points? Can they drop this all and go home now, or are they formally bound to answer?
So, you honestly think MS is not maintaining it's monopoly through illegal means? Just curious.
Illegal means? I don't think so, but only because I don't believe the laws, as they currently stand, forbid the sort of behavior I've been reading about.
Now if you were to ask me about "unfair means" or "nasty means" or "less than admirable means" then my answers would differ. I'm too ignorant to try to understand the extent to which capitalism *should* be regulated. My post was only an attempt at revealing what I've learned about the way it *is* regulated.
You have a claim that there was a benefit in forcing OEM's to install the `free' IE 3.0 into Win95. Just because it has benefits isn't enough. There are lots of benefits in bundling (say) a free version of Visual Studio,
This is the core of the matter. You would be correct if Microsoft were saying IE is a beneficial *bundle*. They aren't. They're saying that the union of IE and Windows form a third product that didn't exist before. In other words, they say they have been integrated.
The whole lawsuit swirls around trying to decide whether 1) it really is integrated and 2) whether it matters why Microsoft did it. The appellate court has already said Yes and No respectively in a similar context.
I'd think that with recent bad press on outlook you'd change that Bio of your before defending MS, this is a perfect example of why we want to see MS destroyed.
Hey man, I worked on the S/MIME v3 mail module. If you found a security hole in our S/MIME, *then* I'd be the guy to bitch about.
I'm not a lawyer or anything, and I certainly can't know the minds of Microsoft management or the DoJ, but I have been reading the trial docs on my little Handspring - thousands of pages in all - and I sort of am getting the feeling that Microsoft is going to win this on appeal, and handily too.
Naturally I'm biased. I work for MS and I want very much for this to "go away". I wasn't here when the "alleged anticompetitive acts" (they always call them that) took place and so it all seems too bizarre. But I would like to hear what all of you think of my quickie analysis.
There were essentially four dangerous allegations leveled by the government against Microsoft. There were many legal issues involved, but these four seem like central pillars of the case to me.
Firstly, they contended we were a legal monopoly, secondly that we forced purchases of an unrelated product (IE) by tying it to the monopoly product, thirdly that we engaged in illegal exclusive dealing, and finally they said we tried to engage in market division with Netscape.
After deliberating, Judge Jackson threw out the third allegation, not because he didn't find we engaged in exclusive deals that hurt our competitors, but because he acknowledged that "competition for means of distribution" is a recognized pro-competitive act, and one that gets lots of leniency from higher courts. Both Microsoft's proposed CoL and the actual Conclusions explain this in greater legal detail. Basically, we didn't foreclose Netscape from shipping their product, and the law does not have sympathy for the argument that certain forms of distribution are "the best". To anti-trust law, this is a form of legal competition. Go figure.
So, in effect, this leaves us with the monopoly charge, the claim that we illegally tied IE to the monopoly product, and the market collusion. Jackson ruled against us on all of these critical points.
With respect to the second charge, I feel Microsoft stands a good chance of being granted relief by the Appeals Court. In the Consent Decree ruling, the appellate judges essentially concluded that separate demand for two products, and even separate marketing, do not necessarily indicate that those two products cannot be integrated. They remarked upon the DoJ's proposed remedy of "hiding" IE rather than removing it, and suggested that this indicated the DoJ was tacitly admitting IE is an integrated part of Windows - this is an approach the DoJ is taking once more. Of course, if such a thing were true, then the DoJ would have no case. The Appeals Court further commented that it is not the place of the courts to judge the motives for technological tying in those cases where a reasonable person might determine consumer benefit from the tie, and they additionally suggested that they *did* see a benefit in requiring IE 3.0 to ship with Win95. Now, if that is the case, I fail to see how they will rule differently on the issue of Win98, which is clearly more fully integrated with the IE binaries than 95 ever was. My guess is that this will be overturned.
Many Slashdotters seem to feel that the monopoly charge is self-evident and cannot abide controversy, but having read the DoJ complaint and MS's response, I think there is a reasonable chance the Appellate court might decide that the monopoly argument contains internal inconsistencies and overturn it as well.
When determining monopoly power, the law first defines an applicable market. For the purposes of antitrust, "the market" is the arena in which meaningful competition exists between interchangeable goods. The DoJ insists we have a monopoly in PC Operating Systems, and they further claim that we used that monopoly to defeat Netscape, which we felt might be a threat to that monopoly in the future.
This implies that Netscape was a potential competitor for Windows, because it could serve interchangeably as a platform for running applications, which would remove the "applications barrier to entry" upon which Jackson bases so much of his decision. But Netscape is not a PC Operating System. Therefore, the market cannot have been well defined, within the legal bounds above. A better definition of the market would be "application platforms", and I don't think even Slashdot can argue we have a monopoly there. Unless I'm missing something (quite possible) I think the Appeals Court will overthrow this also.
As to the Netscape market-division thing, I can't say I know how it will go. It sounds to be largely based upon the personal interpretation of the judges based upon how the two parties related the meeting. I'll be interested to see the results of this topic.
So, I'm sure you're all bubbling over with objections. Flame away!:-)
All they needed to do was change it so that it would save it out, and then the user would be able to launch it if they needed to after finding it
Microsoft *did* make precisely that change after Melissa. That was also released as a patch. In fact, the complaint in the Outlook group was that nobody had downloaded that patch and consequently had lower security than Outlook actually provided.
When it comes to security patching, you can lead a horse to water, but without "push" or software as a service you can't make him drink.
Ok, that's enough mixing of metaphors for one day.
Simple re-encode your macro viruses into Word, or Excel or Access or whatever macros, then send that document (with the viruses attached) around...
VBA macro viruses cannot function until the user has first enabled scripting for their open session of the Office product they are using. When a script attempts to run in an email, two things happen. Firstly Outlook prompts the user, telling them that the mail contains script and asking whether they want to run it. Secondly, if you have not run any script prior to the email in your open session, Outlook prompts you whether you would like to run macro scripts.
Try it at home. Your idea has been covered by Outlook for a long time, however weakly.
I would appreciate everyone's opinion on another solution I suggested. This might still make it into a product (not outlook) so if you can see a flaw in it, please tell me.
When a file is received as an attachment that matches the "executable" mask (that is, has the extension exe, vbs, bat, etc) the file is renamed by the addition of a ".unsafe" extension, thereby becoming file.exe.unsafe for example. This preserves the integrity of the file but makes it non-executable until the user explicitly renames it back to the executable extension.
Problems I have considered: 1) somebody might predict this and register the ".unsafe" extension to an executable. Could be solved by using a random string. This also implies prior infections, so they're already screwed.
2) most users have "hide extensions" turned on. While they would still see the unregistered ".unsafe", they might not comprehend the significance and require education before they can use their executable attachments. My feeling is that this is a good thing.
Can anyone show me a truly important flaw in this suggestion? I would like to push it internally but I am uncertain of its worth.
We've heard from Slashdot's readers, and we've heard from the press. I want to know how Microsoft's own employees feel about the ongoing Kerberos battle (not just the attack against Slashdot).
Upper management doesn't always reflect my opinions, and legal *absolutely* doesn't. Of course I can speak only for myself, but frankly I don't think your characterization of this Kerberos issue is at all correct.
I know a few people in the Win2k team, but I've never worked there myself. Of course their aim is to become the premier backend server, but honestly they don't think they *have* to fight dirty in order to achieve that. And I agree. Win2k really *is*, in my opinion, a far superior product. Hell, if I didn't think that about most of our products, why would I work here at all?
I know none of you have any trust left when it comes to MS. Sometimes your suspicions are just, but often I find that people's suspicions are based upon a weak foundation of reiterated rumours and second-hand false characterizations. For people who already believe (despite evidence) that NSAKEY is a government plant, that FrontPage Extensions has a "weenies" backdoor (it's actually a bad attempt at encryption), that Win2k has 65000 real bugs, and so on, the slightest hint that MS is up to dirty tricks with Kerberos is enough to convince them.
Personally, when the NT team tells me that their implementation is interoperable with MIT's reference implementation, when they tell me that they have managed to get interoperability in mixed environments, and when they assure me that this was a bad PR move rather than a malicious plot to kill Samba, I believe them. I work on the inside and when I weigh the truthfulness of the people I work with against the eagerness of Slashdot to inflame passions against us, I'm inclined to side with MS.
Now, don't get the impression I always agree with the company. Many times I don't, and I've almost been fired for being a little too rude in expressing my difference of opinion. But in this case, I'm going to side with the people who think the Samba team is paranoid and the slashdot crowd is attacking when it should be pausing for reflection.
Now, as to the legal thing: dumb. Dumb, dumb, dumb. But only because it obviously is terrible PR, not because I think they're wrong. If I could have my way, the proprietary extensions (it wasn't the entire Kerb spec, if you actually read the doc - just the extension struct) would have been published without a legalese watermark and click-thru, but I can't have my way, and the fact is that those comments did infringe MS property rights.
Would you all be happier if MS had never published the extensions at all? Perhaps you would, because then you could reverse engineer without contamination. But while you see this release as a deliberate ploy to kill Samba, I see it as a stupid move by legal, and I, unlike some, am equipped with the capacity to forgive stupid people for their stupidity.
So, basically, my answer is: I don't agree with you. If I did agree, would I be out the door? Maybe. But most likely, I will stay at MS until I am convinced their products are no longer the best. And with our current lineup and the project I am working on, I don't see that happening for a long time.
yours, -konstant Yes! We are all individuals! I'm not!
Ok, first of all, we have Microsoft which takes an open source specification, modifies it in a few near-trivial ways, then claims it's their own copyrighted work. This is pretty classic "Microsoft innovation" for you, but let's put the fact that Microsoft doesn't actually own Kerberos aside.
Look again. Had Microsoft actually attempted to copyright the Kerberos spec, and not only their proprietary changes to the spec, Slashdot could laugh off the threat. You cannot copyright something that was not created by you.
However, if you actually read the spec in question, you'll find that it only covers the format of their extension packets. Microsoft *did* create that, for reasons that I'm not even going to try to argue about. Consequently, they are within their rights to copyright it, although personally you and I both think it was stupid to do so.
Furthermore, if Microsoft did not challenge Slashdot's reuse of the copyrighted material, they would have failed to defend their intellectual property. Unless I misunderstand the law (entirely possible) I believe that means they lose the right to consider it their own and subsequent legal challenges could place it in the public domain. If I'm correct there, then M$ had no choice other than to defend their copyright.
Try logging on to Hotmail, not touching anything for 30 mins and then clicking on 'read mail'. If they have the server set up sensibly, you'll have to enter your user name and password again.
On the other hand, if Microsoft have done something really really dumb, like including the password in a cookie, then there's really no hoe for them.
Hotmail stores your user information in a session cookie, not a persistent (disk) cookie. If you close all your browser windows and access hotmail again, you are required to enter your password again... unlike Slashdot I might note.
I know the session cookie has an expiration period, but I don't remember what it is. Probably something like 20 minutes.
What I find most interesting by far is the composition of the contributions when viewed by project. In nearly every project I viewed, there are two or three elite "key contributors" who provide somthing on the order of 1/3 to 7/10 or more of the code, with the remainder provided in a slew of sub-1% coders.
This relates an interesting story. It appears that, while the real strength of OSS is incremental improvement over time, few projects can exist without a guiding intellect or a handful of ambitious coders on the core team.
Presenting this data to employers who are concerned about losing control of their code may help assuage their fears of open source. Clearly projects that are "owned" by no one are rarities. A corporation *can* have its cake and eat it too.
Slashdot Mirror
When Microsoft moved to integrate IE with Windows, people scoffed, including me. Clearly there could be no benefit to blurring the boundary between the internet and the desktop, so we maligned it as a political move, a business move, a marketing move, everything but a sound technical decision. I distinctly remember one commentator on Usenet suggesting that the speed difference between accessing a local file and a hosted one was so immense that users would protest Microsoft's attempt to conflate the two. Of course that was in the days of ubiquitous 28.8 connections...
:-)
Now, you cannot find a window manager that doesn't imitate the principle of web integration. It's simply too *intelligent* to treat resources all in the same manner. And as bandwidth increases among the general population, the glitch of time between accessing files on my hard drive and on, say, infidel.org, will diminish to amounts humans find negligeable.
So my question is, when will Microsoft get the credit due to it for this groundbeaking innovation? Or are we going to resort to that old game, exhuming some dusty old prototypes from Xerox PARC and Digital in an effort to discredit MS?
Yeah, it's a rant!
-konstant
Yes! We are all individuals! I'm not!
I've just spent far too many hours securing the network settings on a test harness... and I can tell you right now, I would never allow this sort of access to any topology unless I had very clear and fixed signatures for all these "bots".
One principle behind securing a network is to disallow unnecessary access between machines. The fewer legitimate channels, and the more predictable the dataflow, the easier it is to monitor for anomalies. There are certain machines in the test harness I'm working on, for example, that *never* talk to one another. If I didn't segregate machines this way, we could lose essential data if a weak front-end box were taken.
Opening the network to roving spiders and allowing them discretionary control over monitoring and transmitting would be difficult to secure. How could I tell the difference between a scan from a bot and a scan from an attacker? How could I identify what is an "dangerous" data transmission when the bots are semi-autonomous and unpredictable?
I don't want to dismiss the idea, because eventually we will have to develop "immune systems" for our machines. But right now, it seems difficult to integrate these two models. When I run my own scans, I know that I'm doing it and I can pick out my work from the logs. This would add a new layer of complexity - something that already exists in abundance in the security field!
-konstant
Yes! We are all individuals! I'm not!
Put simply, he believes that Microsoft lost the trial on purpose: in order to be illegal, a monopoly must be harmful to its consumers, and the DoJ failed to dig up enough evidence to that
He isn't living in reality. Losing this trial has caused enormous damage to Microsoft, whether or not it is overturned on appeal.
It is not easy being told by your friends, by your enemies, and by the media that you are an evil lawbreaker, even if you don't buy it yourself. It's not easy to wear a smile to work when a large part of your compensation (salary is fairly low) is in the toilet. It is *definitely* not easy to recruit smart people to work for a company that, in their minds, might not exist in a year.
Productivity is down, morale is down, the only thing that isn't hurt is the fact that (in our opinions) we are still making the best software and are well-positioned to advance the state of computing in the next few years. But even that is somewhat galling - imagine how you would feel if Red Hat or VA were trading at 53 cents and the press constantly dissed it despite the fact that you believe it makes the best software and will dominate the future of the industry.
No, the prevailing opinion (or excuse, depending upon how you look at it) among my immediate friends at Microsoft is that we lost the trial because the judge wasn't following the law. You disagree. We will discover who is correct at the appeals level.
-konstant
Yes! We are all individuals! I'm not!
When I first became addicted to slashdot, it must have been a lull period, because there didn't seem to be many discussions about Linux or quite so many vindictive articles attacking MS (my employer). The reason I started browsing, and the reason I keep coming back, is that I love to talk and argue about ethics and science, and we get those thing aplenty here.
It seems inevitable to me that some day Linux will no longer be the cool topic it is today. There will be another OS, maybe Hurd, maybe something else, that will be the focus of the adulation and the ecstasy so many of you pour out. But while tastes in operating systems will evolve, we now know that slashdot will not. It's owned by a Linux company. It will be about Linux until it goes off the air.
As long as I get my fix of straight talk and tech, I'll be happy to type slashdot.org in my browser, but I do mourn a little bit the passing of true independence from the site. The slashdot editors may be right that they have editorial independence when it comes to each individual story, but they have yet to flex their purported muscles when it comes to a major topic shift on the site. I wonder how receptive VA would be if CmdrTaco suddenly became infatuated with FreeBSD!
-konstant
Yes! We are all individuals! I'm not!
From the patent:
The next processing step shown in FIG. 2 is to set a cookie corresponding to the unique identification value and return a page of the requested information (step 82). In general, the setting of a cookie (persistent client-side state information) is a known process. However, in accordance with the invention, the returned page includes instructions to convey the unique identification information to additional server computers that are observing the same protocol.
The purpose of this patent is to work around the necessity of hosting banner ads on a central server and then passing those banners out to member servers. Instead, you host the banner on your own site, and then using this method people who browse the ads are forced to report themselves back to the central server.
Advantages:
1) ad company doesn't have to host banner GIFs - less expense for them
2) faster response times for the user due to fewer connections
3) works around junkbuster-type filters that forbid ads from certain domains or that do not render images from off-site
This is clearly not the double-click method at all. I wish that the slashdot editors would actually read the patent before posting it, let alone trashing it publicly to tens of thousands of people who hang on their every word.
-konstant
Yes! We are all individuals! I'm not!
A friend of mine purchased this book for me, swearing it was the most mind-expanding read he had enjoyed for a long while. Unfortunately, I was disappointed.
I have some familiarity with relativistic phsyics, having read Einstein's own attempt at popular science, "Relativity", and quantum physics from "The Dancing Wu Li Masters" Contrasting these works with "The Elegant Universe", I found that Greene never hit the right stride for a book that purports to make complex scientific topics clear.
Crucial issues that lead to the birth of quantum physics like the ultraviolet catastrophe and the photoelectric effect are given a shallow treatment that barely suffices to convey why turn-of-the-century was in such turmoil. Greene even manages to make the famous double slit experiment seem irrelevant and confusing. I felt that if I had studied these topics in college, I would not have comprehende why Greene chose these topics for inclusion in his book.
On the relativistic front, well, Greene completely eschews equations in that section, which was a mistake. Without the dilation equations, the reader gets no sense of *why* things stretch and slow down as they approach the speed of light. You only have to take Einstein's word on it.
Having seen how his coverage of these two topics was lacking, I am suspicious that the discussion of string theory (the reason the book was written) is probably equally weak. Having read the book, I doubt I could speak intelligently about those topics, as I sometimes can do with quantum physics and relativity, having had only the minimum of study described above.
If you enjoy reading about science rather than actually understanding science, this book may be for you. All others I advise to pick up a college freshmen physics text - you'll find it far more gratifying.
-konstant
Yes! We are all individuals! I'm not!
The description of "service and flow" sounds remarkable like the model of software licensing that currently is sold by proprietary IT companies. Rather than owning the software/carpet itself, you are sold the experience of using the software/carpet.
This model is appealing to companies in the tech industry simply due to the low cost of replicating their product. I fail to see the incentive in a material goods economy such as carpet sales. Why would a company want to shackle itself to the quality of your much-abused rugs? How could they possibly benefit?
Additionally, slashdotters are well aware that the licensing model has its own costs to the consumer in terms of freedom. The book's theory sounds a bit like armchair philosophy to me.
-konstant
Yes! We are all individuals! I'm not!
I cringe to recommend the service to this hostile group, but Microsoft is attempting to address this very problem with Passport. By authenticating yourself centrally, and storing your essential information such as credit card numbers, on their servers, you are immediately authenticated to any sites that recognize the passport mark.
Of course, this has yet to become popular, and I could understand if you had reservations about handing such important data into a corporation's safekeeping.
-konstant
Yes! We are all individuals! I'm not!
Slashdot should be celebrating this news. Apogee is courting just the sort of court case that could destroy UCITA at the supreme court level.
The supreme justices (indeed, even the district courts) would have a hard time reconciling their prior rulings on matters of speech foreclosure with Apogee's foolish attempt at censorship. UCITA is an act of State legislatures. These bodies do not have the power to annul the 1st amendment of the constitution. If I could be forbidden to criticize Apogee based upon their "ownership" of various identifying names and symbols, then what would exist to stop private individuals, social groups, or even politicians from doing the same with their "licensed" speeches and doctrines?
No, this will be struck down. But remember, the courts do not work magically. Many thousands of dollars and hours must be spent by the "good guys" before they can even reach the supreme court. In case you weren't aware, this sort of committment is not purely voluntary. Organizations like the EFF and the ACLU need you help, in terms of contributions and vocal support.
And don't forget - somebody actually has to entice Apogee into sueing them as well...
-konstant
Yes! We are all individuals! I'm not!
How many think the following experiment would be interesting:
Set up a fake "benchmark report" on a reputable website (get the owners in on the gag) that purports to prove Windows is marginally better than Linux at doing something.
Next month, set up a very similar benchmark on the same site that proves Linux is marginally better than Windows at the exact same thing.
Then, compare the slashdot comments. My hypothesis is that we'd flush a lot of handwaving and armchair OS design... How many people giving authoritative views here even have a flying **** about the ways 3d games *really* work? Heh. Not me, that's for sure!
-konstant
Yes! We are all individuals! I'm not!
I was speaking to a friend of mine about this topic and we covered some interesting ground. I don't much listen to music of any kind, let alone pirated MP3's, so I was trying to understand from him exactly to what extent he was really being honest with himself and me about the ethics of copying.
/. referred to an article by Bertrand Meyer in which he argued (fairly cluelessly I thought) that this was only a difference in degree, not in quality. But he failed to reflect that the reverse of the same argument can be used to examine the ethics of charging for physical commodities. Maybe it is only "just" to charge for an apple or a hard drive because they are so expensive to reproduce. If apples materialized out of thin air at the whim of a hungry man, would it still be true that the original breeder of that particular apple variety could ethically charge a price for the long-past labor of creation?
:)
We all have grasped by now that electronic information (from software to music to books, and so on) differs from physical commodities in that the replication price is virtually nil. Yesterday
In the MP3 discussion, my friend commented that he would gladly charge for music if it were valued at something closer to it's "true" value. Leaving aside the confusion of a line of argument that tries to assign some kind of intrinsic value outside of a free marketplace, I asked him what that fair price might be. He said 50 cents per song would be just if that meant he could download the song quickly and hassle-free.
Well, I respect my friend but frankly I thought he was lying. It's easy to say that you would pay 50 cents for something you can currently get for free. I might agree that 50 cents is a reasonable price to get a Camaro delivered to my doorstep if all I had to do otherwise was walk down the street and take the keys out of the glovebox.
So I tried to reverse the situation, to find out what he really thought a song was worth. He thought of a song he liked, and I asked him how much he would require me to pay him in return for a promise that he would never choose to listen to that song again. Of course, he could listen to it if someone else were playing it, or if it happened to be on the radio, but he could never again decide of his own volition to play that tune.
He thought about it for a bit, and then *still* said 50 cents. It may be that the didn't really like the song that much, or it may be that he was still fudging the truth, but I'll take his word for it. You may come to a different answer, and if you do then perhaps you haven't been completely honest with yourself about your motives. It *is* possible to believe you're serving the side of virtue when in fact you're only looking out for your baser desires. I hear it even happens on slashdot
So the next time you assign a value to a commodity that you can get for free, ask how much it would be worth to you to go without it. Think of it as an exercise in self-inspection.
-konstant
Yes! We are all individuals! I'm not!
This is exciting. It's like watching the future of MS Kerberos unfold before our very eyes. Many of the "questions" (apart from the antitrust references, which I think are kind of weak) are excellent, probing challenges to the MS claim of proprietary rights. I can't wait to see how Microsoft responds.
But I have a question for the legally inclined. How binding are all of these thinly-veiled hostilities? For example, what would have happened if Andover hadn't replied to Microsoft's letter? Were they obligated to under law? And similarly, is Microsoft required to respond in kind?
I'm curious because it seems that, if the conspiracy theories about MS Kerberos were true (not that I would know) then wouldn't Microsoft be reluctant to address these thorny points? Can they drop this all and go home now, or are they formally bound to answer?
-konstant
Yes! We are all individuals! I'm not!
So, you honestly think MS is not maintaining it's monopoly through illegal means? Just curious.
Illegal means? I don't think so, but only because I don't believe the laws, as they currently stand, forbid the sort of behavior I've been reading about.
Now if you were to ask me about "unfair means" or "nasty means" or "less than admirable means" then my answers would differ. I'm too ignorant to try to understand the extent to which capitalism *should* be regulated. My post was only an attempt at revealing what I've learned about the way it *is* regulated.
And P.S. I'm a nice guy, really!
-konstant
Yes! We are all individuals! I'm not!
You have a claim that there was a benefit in forcing OEM's to install the `free' IE 3.0 into Win95. Just because it has benefits isn't enough. There are lots of benefits in bundling (say) a free version of Visual Studio,
This is the core of the matter. You would be correct if Microsoft were saying IE is a beneficial *bundle*. They aren't. They're saying that the union of IE and Windows form a third product that didn't exist before. In other words, they say they have been integrated.
The whole lawsuit swirls around trying to decide whether 1) it really is integrated and 2) whether it matters why Microsoft did it. The appellate court has already said Yes and No respectively in a similar context.
So to summarize, bundling != integration.
-konstant
Yes! We are all individuals! I'm not!
I'd think that with recent bad press on outlook you'd change that Bio of your before defending MS, this is a perfect example of why we want to see MS destroyed.
Hey man, I worked on the S/MIME v3 mail module. If you found a security hole in our S/MIME, *then* I'd be the guy to bitch about.
OM was not my area.
-konstant
Yes! We are all individuals! I'm not!
I'm not a lawyer or anything, and I certainly can't know the minds of Microsoft management or the DoJ, but I have been reading the trial docs on my little Handspring - thousands of pages in all - and I sort of am getting the feeling that Microsoft is going to win this on appeal, and handily too.
:-)
Naturally I'm biased. I work for MS and I want very much for this to "go away". I wasn't here when the "alleged anticompetitive acts" (they always call them that) took place and so it all seems too bizarre. But I would like to hear what all of you think of my quickie analysis.
There were essentially four dangerous allegations leveled by the government against Microsoft. There were many legal issues involved, but these four seem like central pillars of the case to me.
Firstly, they contended we were a legal monopoly, secondly that we forced purchases of an unrelated product (IE) by tying it to the monopoly product, thirdly that we engaged in illegal exclusive dealing, and finally they said we tried to engage in market division with Netscape.
After deliberating, Judge Jackson threw out the third allegation, not because he didn't find we engaged in exclusive deals that hurt our competitors, but because he acknowledged that "competition for means of distribution" is a recognized pro-competitive act, and one that gets lots of leniency from higher courts. Both Microsoft's proposed CoL and the actual Conclusions explain this in greater legal detail. Basically, we didn't foreclose Netscape from shipping their product, and the law does not have sympathy for the argument that certain forms of distribution are "the best". To anti-trust law, this is a form of legal competition. Go figure.
So, in effect, this leaves us with the monopoly charge, the claim that we illegally tied IE to the monopoly product, and the market collusion. Jackson ruled against us on all of these critical points.
With respect to the second charge, I feel Microsoft stands a good chance of being granted relief by the Appeals Court. In the Consent Decree ruling, the appellate judges essentially concluded that separate demand for two products, and even separate marketing, do not necessarily indicate that those two products cannot be integrated. They remarked upon the DoJ's proposed remedy of "hiding" IE rather than removing it, and suggested that this indicated the DoJ was tacitly admitting IE is an integrated part of Windows - this is an approach the DoJ is taking once more. Of course, if such a thing were true, then the DoJ would have no case. The Appeals Court further commented that it is not the place of the courts to judge the motives for technological tying in those cases where a reasonable person might determine consumer benefit from the tie, and they additionally suggested that they *did* see a benefit in requiring IE 3.0 to ship with Win95. Now, if that is the case, I fail to see how they will rule differently on the issue of Win98, which is clearly more fully integrated with the IE binaries than 95 ever was. My guess is that this will be overturned.
Many Slashdotters seem to feel that the monopoly charge is self-evident and cannot abide controversy, but having read the DoJ complaint and MS's response, I think there is a reasonable chance the Appellate court might decide that the monopoly argument contains internal inconsistencies and overturn it as well.
When determining monopoly power, the law first defines an applicable market. For the purposes of antitrust, "the market" is the arena in which meaningful competition exists between interchangeable goods. The DoJ insists we have a monopoly in PC Operating Systems, and they further claim that we used that monopoly to defeat Netscape, which we felt might be a threat to that monopoly in the future.
This implies that Netscape was a potential competitor for Windows, because it could serve interchangeably as a platform for running applications, which would remove the "applications barrier to entry" upon which Jackson bases so much of his decision. But Netscape is not a PC Operating System. Therefore, the market cannot have been well defined, within the legal bounds above. A better definition of the market would be "application platforms", and I don't think even Slashdot can argue we have a monopoly there. Unless I'm missing something (quite possible) I think the Appeals Court will overthrow this also.
As to the Netscape market-division thing, I can't say I know how it will go. It sounds to be largely based upon the personal interpretation of the judges based upon how the two parties related the meeting. I'll be interested to see the results of this topic.
So, I'm sure you're all bubbling over with objections. Flame away!
-konstant
Yes! We are all individuals! I'm not!
All they needed to do was change it so that it would save it out, and then the user would be able to launch it if they needed to after finding it
Microsoft *did* make precisely that change after Melissa. That was also released as a patch. In fact, the complaint in the Outlook group was that nobody had downloaded that patch and consequently had lower security than Outlook actually provided.
When it comes to security patching, you can lead a horse to water, but without "push" or software as a service you can't make him drink.
Ok, that's enough mixing of metaphors for one day.
-konstant
Yes! We are all individuals! I'm not!
Simple re-encode your macro viruses into Word, or Excel or Access or whatever macros, then send that document (with the viruses attached) around...
VBA macro viruses cannot function until the user has first enabled scripting for their open session of the Office product they are using. When a script attempts to run in an email, two things happen. Firstly Outlook prompts the user, telling them that the mail contains script and asking whether they want to run it. Secondly, if you have not run any script prior to the email in your open session, Outlook prompts you whether you would like to run macro scripts.
Try it at home. Your idea has been covered by Outlook for a long time, however weakly.
-konstant
Yes! We are all individuals! I'm not!
I would appreciate everyone's opinion on another solution I suggested. This might still make it into a product (not outlook) so if you can see a flaw in it, please tell me.
When a file is received as an attachment that matches the "executable" mask (that is, has the extension exe, vbs, bat, etc) the file is renamed by the addition of a ".unsafe" extension, thereby becoming file.exe.unsafe for example. This preserves the integrity of the file but makes it non-executable until the user explicitly renames it back to the executable extension.
Problems I have considered:
1) somebody might predict this and register the ".unsafe" extension to an executable. Could be solved by using a random string. This also implies prior infections, so they're already screwed.
2) most users have "hide extensions" turned on. While they would still see the unregistered ".unsafe", they might not comprehend the significance and require education before they can use their executable attachments. My feeling is that this is a good thing.
Can anyone show me a truly important flaw in this suggestion? I would like to push it internally but I am uncertain of its worth.
-konstant
Yes! We are all individuals! I'm not!
We've heard from Slashdot's readers, and we've heard from the press. I want to know how Microsoft's own employees feel about the ongoing Kerberos battle (not just the attack against Slashdot).
Upper management doesn't always reflect my opinions, and legal *absolutely* doesn't. Of course I can speak only for myself, but frankly I don't think your characterization of this Kerberos issue is at all correct.
I know a few people in the Win2k team, but I've never worked there myself. Of course their aim is to become the premier backend server, but honestly they don't think they *have* to fight dirty in order to achieve that. And I agree. Win2k really *is*, in my opinion, a far superior product. Hell, if I didn't think that about most of our products, why would I work here at all?
I know none of you have any trust left when it comes to MS. Sometimes your suspicions are just, but often I find that people's suspicions are based upon a weak foundation of reiterated rumours and second-hand false characterizations. For people who already believe (despite evidence) that NSAKEY is a government plant, that FrontPage Extensions has a "weenies" backdoor (it's actually a bad attempt at encryption), that Win2k has 65000 real bugs, and so on, the slightest hint that MS is up to dirty tricks with Kerberos is enough to convince them.
Personally, when the NT team tells me that their implementation is interoperable with MIT's reference implementation, when they tell me that they have managed to get interoperability in mixed environments, and when they assure me that this was a bad PR move rather than a malicious plot to kill Samba, I believe them. I work on the inside and when I weigh the truthfulness of the people I work with against the eagerness of Slashdot to inflame passions against us, I'm inclined to side with MS.
Now, don't get the impression I always agree with the company. Many times I don't, and I've almost been fired for being a little too rude in expressing my difference of opinion. But in this case, I'm going to side with the people who think the Samba team is paranoid and the slashdot crowd is attacking when it should be pausing for reflection.
Now, as to the legal thing: dumb. Dumb, dumb, dumb. But only because it obviously is terrible PR, not because I think they're wrong. If I could have my way, the proprietary extensions (it wasn't the entire Kerb spec, if you actually read the doc - just the extension struct) would have been published without a legalese watermark and click-thru, but I can't have my way, and the fact is that those comments did infringe MS property rights.
Would you all be happier if MS had never published the extensions at all? Perhaps you would, because then you could reverse engineer without contamination. But while you see this release as a deliberate ploy to kill Samba, I see it as a stupid move by legal, and I, unlike some, am equipped with the capacity to forgive stupid people for their stupidity.
So, basically, my answer is: I don't agree with you. If I did agree, would I be out the door? Maybe. But most likely, I will stay at MS until I am convinced their products are no longer the best. And with our current lineup and the project I am working on, I don't see that happening for a long time.
yours,
-konstant
Yes! We are all individuals! I'm not!
Ok, first of all, we have Microsoft which takes an open source specification, modifies it in a few near-trivial ways, then claims it's their own copyrighted work. This is pretty classic "Microsoft innovation" for you, but let's put the fact that Microsoft doesn't actually own Kerberos aside.
Look again. Had Microsoft actually attempted to copyright the Kerberos spec, and not only their proprietary changes to the spec, Slashdot could laugh off the threat. You cannot copyright something that was not created by you.
However, if you actually read the spec in question, you'll find that it only covers the format of their extension packets. Microsoft *did* create that, for reasons that I'm not even going to try to argue about. Consequently, they are within their rights to copyright it, although personally you and I both think it was stupid to do so.
Furthermore, if Microsoft did not challenge Slashdot's reuse of the copyrighted material, they would have failed to defend their intellectual property. Unless I misunderstand the law (entirely possible) I believe that means they lose the right to consider it their own and subsequent legal challenges could place it in the public domain. If I'm correct there, then M$ had no choice other than to defend their copyright.
-konstant
Yes! We are all individuals! I'm not!
I like those power shoes. I might be in better shape if I had to run in order to get refreshes on slashdot.
Signal11 would be a fucking anorexic.
-konstant
Yes! We are all individuals! I'm not!
Try logging on to Hotmail, not touching anything for 30 mins and then clicking on 'read mail'. If they have the server set up sensibly, you'll have to enter your user name and password again.
On the other hand, if Microsoft have done something really really dumb, like including the password in a cookie, then there's really no hoe for them.
Hotmail stores your user information in a session cookie, not a persistent (disk) cookie. If you close all your browser windows and access hotmail again, you are required to enter your password again... unlike Slashdot I might note.
I know the session cookie has an expiration period, but I don't remember what it is. Probably something like 20 minutes.
-konstant
Yes! We are all individuals! I'm not!
I work at MS, and we also contract to Exodus sometimes.
Damn, my code might be running in the same building as Slashdot! The ironies of existence never cease to amaze me.
-konstant
Yes! We are all individuals! I'm not!
What I find most interesting by far is the composition of the contributions when viewed by project. In nearly every project I viewed, there are two or three elite "key contributors" who provide somthing on the order of 1/3 to 7/10 or more of the code, with the remainder provided in a slew of sub-1% coders.
This relates an interesting story. It appears that, while the real strength of OSS is incremental improvement over time, few projects can exist without a guiding intellect or a handful of ambitious coders on the core team.
Presenting this data to employers who are concerned about losing control of their code may help assuage their fears of open source. Clearly projects that are "owned" by no one are rarities. A corporation *can* have its cake and eat it too.
-konstant
Yes! We are all individuals! I'm not!