I think you're a little confused. First, I was speaking hypothetically. Second, unless you are Spanish, your opinions about the preconditions for Spain enacting a law are irrelevant. I am simply attempting to illustrate, with a plausible example, that another country might pass laws that would make criminals of some Americans. If our response to spammers, drug lords, whatever, is "go get 'em", shouldn't that be the rule for other countries dealing with Americans that are violating their laws? I gather you are not so enthusiastic about this change of viewpoint.
From the point of view of prosecuting spammers, Russia might object to us sending hit squads to knock off their citizens,
especially seeing as how we have other alternatives. We could do a better job of isolating zombies; we could do a better job of isolating defective DNS servers (the modern equivalent of the old open relay); we could do a better job of filtering spam -- for example, we could combine whitelists, verified (signed) senders, certified mail servers, and hashcash. The other reason that we should care about getting our own house in order is that if we depend on the good will of the Russians (or Chinese, or North Koreans) to leave our increasingly valuable internet infrastructure alone, what happens if they change their mind? SoftWar, here we come.
What's a crime, depends on where you are. Alcohol was illegal once in this country, and tobacco's plenty addictive (and cold-turkey from caffeine is no fun either).
Suppose that Spain passed a law against anti-personnel land mines; you got any problem with extraditing the CEOs of US companies that produce these abominations to Spain for trial?
I am NOT a DBA, nor do I want to become one. Doing a tiny scrap of self-taught database programming (i.e., learning SQL from a book and Google), and trying all three databases (free and trial versions), I ended up using Postgres. Oracle was the loser; with a database that "dumped" into a couple of megabytes of SQL that would recreate it, on a machine with 1.5 GiB of memory, Oracle decided to fail some of my transactions because (it's claim) it could not find 4 MiB for some table or another. A friend of mine who knew more about databases said, "well sure, if you use Oracle, you need a DBA. You need MSSQLServer." (why am I not surprised that DBAs like Oracle?)
That was great, till the demo timed out, and the development was not done yet. So then I learned about Postgres. So far, so good. Yes, I need to edit those stupid scripts. I am a notably grumpy and impatient person, and this was not hard.
MSSQLServer also doesn't run very well on my Mac.
I consider MySQL, but back when I was considering, MySQL did not do subqueries, and it turned out that the SQL I was writing (not knowing any "better", just reading the book and believing it) used subqueries. So no dice there, either. That failing, together with all the hype, as since led me to pretty much ignore MySQL -- why should I believe today's hype, when yesterday's hype was so wrong?
So, in my book, postgres wins. It hasn't done me wrong yet, and the other guys have.
That's with no car in front to block the wind. The drafting bicycle speed record is upwards of 130 mph (Al Abbott, Bonneville Salt Flats). It doesn't show up well in Google, but it do recall reading about it. It's hard to imagine the road rash you could get.
I've never come across perfect software, but at this point (using a Mac) my time is better spent worrying about failing hardware than it is about Mac viruses and worms. I've had failed power supplies, memory gone bad, disks crashed, and three chips smoked into nonfunctioning lumps. I worry that the flight attendent will dump a drink into my laptop on the airplane, or that one of my kids will use my laptop for something Horribly Inappropriate; those are the more likely failures.
It is also worth noting that "if Macs were as popular as Windows" is one of those hypotheses contrary-to-fact; perhaps, if that were the case, OS X would contain further safeguards. Perhaps Apple would bundle their own antivirus software, and perhaps it would work, and perhaps it would not pester me for yet another year's subscription to continue my protection. Perhaps they would release that information on an RSS feed, and perhaps they would propagate it via a peer-to-peer network. If I can assume that pigs fly (that a false thing is true), there's no limit to the possibilities. We can argue endlessly about what might be; what is, is an OS that is more secure by design (never had ActiveX, root privileges require a password for each activation, ports kept shut by default), that has not been host to anything like all the vermin that infest and attack Windows boxes.
Re:Buffer overflows a non-issue.
on
GCC 4.1 Released
·
· Score: 2, Insightful
Your claims assume that we are infinitely smart and work infinitely fast. Lacking infinite resources, working in a language where half my vulnerability is taken care of lets me double the attention I direct towards the others. If there are three sorts of vulnerabilitity, and buffer overflow accounts for about half, then it is also the most common problem, though not the majority problem. Any well-informed security-conscious programmer would be aware of these numbers, and my "attitude" will not change their focus in the least (which is to say, your claim is crap, please back it up with numbers). We have known about the danger posed by buffer overflow since 1988 when the Morris Worm hit; all buffer overflows that have occurred in software written since then demonstrate the inherent stupidity of sufficiently many programmers to make networked life over-interesting.
Or, put another way, if half the security holes are a non-issue, then the other half cannot be more of an issue, hence we have no security problem at all (check my math, please).
Perhaps you can see why I prefer to use programs written in safe languages.
I don't know the exact incantation, but yes, you can use the Boehm-Weiser GC (perhaps with entrypoints renamed) as a drop-in replacement for malloc and free. People (including me) have been doing this since the late 1980s (long ago, I added the macro definitions for 68030-based Sun workstations; their stack was located somewhere different). The one place where it makes a difference to not be completely oblivious is if you know you are allocating arrays/structures that contain no pointers at all; there's an interface for telling the GC this important information, and it speeds up GC, sometimes a lot.
For code that deals with the net, you're still better off working in a safe language because of the buffer overflows, but otherwise it is pretty much don't-worry-be-happy. I'd worry a little on a 32-bit machine that was completely stuffed with memory, but now you can take your pick of 64-bit architectures, this is not such a problem.
Your general statement isn't true for me. I run Azureus for weeks at a time on a 400Mhz G4, first running 1.4, now running 1.5. I also run speed-scheduler and keep track of its performance, so I'd notice if it had problems. I'm pretty sure gcj uses the Boehm-Weiser collector; it's proven (tested) to be less leaky than most programs written by C programmers (the tools that find leaks in C programs use the same technology (conservative GC) as BW GC, but instead of collecting the garbage, you're expected to fix your program). By-the-way, 64-bit address spaces are expected to be a win for conservative GC, since they tend to make pointers overlap a smaller set of integers.
And even if did leak -- it's vastly easier to restart a program, than it is to decontaminate a wormy box that's been jacked into by buffer overflows.
But anyhow -- if it's open source, and you have leaks, you can see about fixing them yourself. In many ways the Boehm-Weiser collector is a good deal more approachable than the ones that you find in many Java VMs (I've worked on both); ordinary programmers have a prayer of understanding its behavior (a multithreaded generational collector with finalizers and weak/soft/phantom/JNI-weak references is a truly astonishing piece of software).
[This has not too much to do with gcc, but...] You could do something about that. I use Azureus, and according to its accounting I have downloaded 14.5GB of stuff, and shared 371.9 of that back. All legal, some of it even the time it took to suck it down. For all the kvetching about the RIAA, you'd thing people would do more to raise the proportion of legal file sharing.
[Ah, I CAN bring this back on topic.] The reason I use Azureus, and the reason that free software purists should be happy about this, is that Java is a safe language. Look at all the buffer-overflow-based holes in software written in C and C++; Java prevents those by design. Good Free Java support means that a person can be a paranoid/prudent peer-to-peer platform provenance purist.
It suffices to use an aluminized mylar film bag, for instance, a Fritos bag. Bag it, fold the top, and clamp it shut, and the phone cannot pick up enough signal to answer, and my proximity-detecting page (active, I think powered from an inductive pickup) fails to detect. Interestingly, an anti-static chip bag (as opposed to a corn-chip bag) does not work as well.
A small-sized Frito bag also folds up very compactly; you could keep one in your wallet -- an RFID condom, if you will.
Or, work as a company (corp, llc, s-e, whatever) and get a tax professional to help you do business in such as way as to circumvent such rules.
You will DEFINITELY need that tax professional. I worked in an LLC that later converted to subchapter S, we have a heck of a time with schedule K and suspended losses. Later, after you leave the LLC and it actually makes some money, you have to find a way to offset passive gains with non-passive losses. I couldn't make head nor tail of it, neither could TurboTax. As long as we were only losing money, I could do my own taxes. If that doofus company ever makes enough money, I could conceivably owe taxes in Massachusetts, New York, New Jersey, Delaware, Louisiana, Colorado, and California -- every state in which we had a "business presence", which apparently can be as little as an employee. Outside of my home state, only NY has shown much interest, and so far we have not met their threshold for needing to file.
On the other hand, I have no sympathy for these flat-earth tax simplification morons. The economy was working a heck of a lot better back before I got my tax cut. Let's try a flat tax on lab rats first, till it pans out there, let's go back to a system that's already been demonstrated to work.
But hard disk bandwidth is growing more slowly; density arguments alone suggest doubling only once every 12 months (reading/writing is linear; density is quadratic). Another way to look at that is that every two years, it will take twice as long to read your entire disk (twice as long to backup, twice as long to bring online after a hot-swap, whatever.
Schmidt also referred to a recent survey from Microsoft which found that 64 percent of software developers were not confident they could write secure applications. For him, better training is the way forward.
I think, not sure, that I am above the 64% programming skill/security awareness line, and I'm not confident I could write a secure application. What this says to me is that up to 36% of software developers are dangerously overconfident.
A second Azureus datapoint -- I run it for weeks at a time on MacOS. I've got 512M, I think, and it's a 400Mhz G4. Seems to run ok for me. It works ok under both 10.3.9 and under Tiger, and under various flavors of Java 1.4
Ditto. For bug reporting purposes:
Tiger.latest, Java 1.4.2_07-215.
I suppose I shouldn't be surprised at all the Java-bashing,
but was anyone thinks that C or C++ is a viable option for
handling email is beyond me. We've pretty well proven that
if we write code in C, it WILL have buffer overflows, no matter
how pretty the windows.
Been there, done that. Check out Lempel-Ziv-Welch and Miller-Wegman. Two patents, both approved, big overlap (and this dates back about 20 years). It was not done intentionally; two sets of smart people had similar ideas at about the same time.
My suspicion is that the examiners are overworked, underpaid, and badly managed. Consider also that if you see apparently outlandish things getting patented, you can either protest, which is useless and earns you nothing, or push the envelope, which might, if you are lucky, get you a patent. In the world of business, given that your competitor might be pushing the envelope, you have no choice but to do so yourself. Given this, I am sure that filed patents are making increasingly outlandish claims.
I think that's just the way they work; I've interviewed there a couple of times, and nearly accepted once. They're a big company, and if it's their habit to pose puzzles, that's what they'll do. (I've seen much stupider from other big companies.)
Besides which, if you've got a PhD, you should at least be able to bullshit your way through a puzzle -- remember all those damnable qualifying exams?
For me, the two big points are that they also asked other
interesting, relevant, difficult questions, and they also treat their employees pretty well (at least, that's what I hear from everyone who works there).
And if it matters, I've also got a PhD in CS, and I must say that some of attitudes expressed here on PhDs are, umm, unusual. I happen to be one of those people who's pretty good with bit twiddling. Not everyone is, but bit fiddling is not exactly the only thing that matters in CS, and I've worked with some very intelligent and productive people who are startlingly unable to fiddle bits.
(1) busy dying in Iraq (2)new security policies after 9/11 (3) They get to America [ to plan their assault, but they come to like it here. ]
I'd put most of my money on #2. It's pretty clear that we are casting a pretty wide net looking for (Islamic) terrorists in the US, because we seem to be snagging a non-trivial number who are (probably) not real threats. That has got to be plenty disruptive. The 9/11 terrorists lived here and it did not change their minds, and the WTC bombers were not dissuaded either. In the blinding light of 20-20 hindsight, it's clear that Saddam Hussein had neither WMDs nor ties to Al-Qaeda, the rest of the world has not been free of terrorism, and the Taliban is not yet been run out of Afghanistan.
So I pick door #2. I also hope it is not door #1, because if you look at the rate of coalition casualties (http://icasualties.org/oif/), we don't seem to be making an appreciable dent in the supply of potential terrorists. If that's the only way to stop terrorism, then it's 2 soldiers/day and a billion dollars per week, with no end in sight.
Pretty much ditto to what the other guys say. Be sure you have a strong signal where you are before you commit.
I had it for a while, but didn't use it much, so I turned it off. But when I did use it in high-signal areas, I got "good dial-up" throughput. This was with a Motorola v.66, which I would not recommend, because the USB cable is flaky and non-standard. The Internet you get was "the net"; everything worked, and I even managed to VPN into work once from the airport to do some last minute arrangements.
I have a shiny new v188 now, it takes a standard miniUSB cable so you don't need to buy a special one. I bought it, obviously I would recommend it. Can't tell if it has Edge support or not; that might be limited to the v186.
The other thing you get with T-mobile is the option to buy HotSpot for $19.99 instead of $29.99. Not sure that does much for you; when I travel, it is handy, because even when I can expense the hotel internet, it is often non-standard and sucky, and there's always a Starbucks nearby. Only problem I've had with HotSpot is that they jump on port 25, which interferes with.Mac mail (they do SSL over port 25, don't ask me why).
First, the whore-rape comparison is utterly vile. It treats the woman as if she existed for no purpose other than being a whore. Perhaps, say, she would like to take a minute to scratch her nose? Perhaps she might like to get to sleep early if business is slow. And so on. There are opportunity costs, never mind the risks.
The Ferrari does in fact only exist to be driven, but who is to say that the owner will not need to drive it while you are using it? Perhaps a potential customer will wish to drive it. Perhaps you will run it into a tree (major damage to automobiles is highly correlated with actually being driven). Wear and tear on the engine, brakes, transmission and exhaust, etc.
Viewing a stolen movie does deprive the creator of the revenues that he otherwise would have received, but it does not keep the movie from anyone else (even a potential anyone else) nor does it wear the movie out.
And, the economic argument being either $100 or zero is completely wrong. The pirate chooses to steal because stealing is cheaper. It is not actually free; it assumes time spent getting the software to steal, configuring it, paying for enough bandwidth to steal, finding the illegal copy, and running the risk of getting caught. The *AA's high-dollar lawsuits make perfect sense, because they raise the cost of that last risk.
You should also not discount the cost of "search". I've been downloading legal P2P for a couple of weeks now, and it's a sad fact that a lot of it is not worth the time to listen to it, no matter how wonderful the licensing terms. Someone's got to sort through that junk, edit it, and promote it. Unfortunately, this works against the mega-hits; it is highly likely that someone will enjoy watching them, and in a P2P network, there will be many peers able to boost the bandwidth. P2P networks are amusingly invulnerable to/.ing. The problem with the *AA business models is that they rely on those very same mega-hits that are so friendly to P2P-exploiting piracy.
... every detail is required.... These companies make money by doing the least amount of work for the defined contact.
Why should I spend a second's more time on a project than is contractually specified? If you write a sloppy contract, expect to get screwed. Remember, this is businessmen doing this to save money; are you surprised that the businessmen on the other side are not equally attuned to the bottom line?
At least one of the people designing Fortress (me) did in fact buy a Matias Tactile Pro keyboard, partly because I like the keys, but more partly to get the special characters on all the key caps (the newer Matias OS X keyboard would be cheaper). One problem now (but not in the future, I hope) is buggy Unicode fonts; I've found problems with mathematical symbols in three different fonts.
OS X also allows menu selection of Unicode characters if you turn on the "Input Menu" in the International control panel, but that is vastly less convenient.
Slashdot Mirror
From the point of view of prosecuting spammers, Russia might object to us sending hit squads to knock off their citizens, especially seeing as how we have other alternatives. We could do a better job of isolating zombies; we could do a better job of isolating defective DNS servers (the modern equivalent of the old open relay); we could do a better job of filtering spam -- for example, we could combine whitelists, verified (signed) senders, certified mail servers, and hashcash. The other reason that we should care about getting our own house in order is that if we depend on the good will of the Russians (or Chinese, or North Koreans) to leave our increasingly valuable internet infrastructure alone, what happens if they change their mind? SoftWar, here we come.
What's a crime, depends on where you are. Alcohol was illegal once in this country, and tobacco's plenty addictive (and cold-turkey from caffeine is no fun either). Suppose that Spain passed a law against anti-personnel land mines; you got any problem with extraditing the CEOs of US companies that produce these abominations to Spain for trial?
The facts have a liberal bias.
That was great, till the demo timed out, and the development was not done yet. So then I learned about Postgres. So far, so good. Yes, I need to edit those stupid scripts. I am a notably grumpy and impatient person, and this was not hard. MSSQLServer also doesn't run very well on my Mac.
I consider MySQL, but back when I was considering, MySQL did not do subqueries, and it turned out that the SQL I was writing (not knowing any "better", just reading the book and believing it) used subqueries. So no dice there, either. That failing, together with all the hype, as since led me to pretty much ignore MySQL -- why should I believe today's hype, when yesterday's hype was so wrong?
So, in my book, postgres wins. It hasn't done me wrong yet, and the other guys have.
I made it mine.
That's with no car in front to block the wind. The drafting bicycle speed record is upwards of 130 mph (Al Abbott, Bonneville Salt Flats). It doesn't show up well in Google, but it do recall reading about it. It's hard to imagine the road rash you could get.
It is also worth noting that "if Macs were as popular as Windows" is one of those hypotheses contrary-to-fact; perhaps, if that were the case, OS X would contain further safeguards. Perhaps Apple would bundle their own antivirus software, and perhaps it would work, and perhaps it would not pester me for yet another year's subscription to continue my protection. Perhaps they would release that information on an RSS feed, and perhaps they would propagate it via a peer-to-peer network. If I can assume that pigs fly (that a false thing is true), there's no limit to the possibilities. We can argue endlessly about what might be; what is, is an OS that is more secure by design (never had ActiveX, root privileges require a password for each activation, ports kept shut by default), that has not been host to anything like all the vermin that infest and attack Windows boxes.
Or, put another way, if half the security holes are a non-issue, then the other half cannot be more of an issue, hence we have no security problem at all (check my math, please).
Perhaps you can see why I prefer to use programs written in safe languages.
For code that deals with the net, you're still better off working in a safe language because of the buffer overflows, but otherwise it is pretty much don't-worry-be-happy. I'd worry a little on a 32-bit machine that was completely stuffed with memory, but now you can take your pick of 64-bit architectures, this is not such a problem.
And even if did leak -- it's vastly easier to restart a program, than it is to decontaminate a wormy box that's been jacked into by buffer overflows.
But anyhow -- if it's open source, and you have leaks, you can see about fixing them yourself. In many ways the Boehm-Weiser collector is a good deal more approachable than the ones that you find in many Java VMs (I've worked on both); ordinary programmers have a prayer of understanding its behavior (a multithreaded generational collector with finalizers and weak/soft/phantom/JNI-weak references is a truly astonishing piece of software).
[Ah, I CAN bring this back on topic.] The reason I use Azureus, and the reason that free software purists should be happy about this, is that Java is a safe language. Look at all the buffer-overflow-based holes in software written in C and C++; Java prevents those by design. Good Free Java support means that a person can be a paranoid/prudent peer-to-peer platform provenance purist.
It suffices to use an aluminized mylar film bag, for instance, a Fritos bag. Bag it, fold the top, and clamp it shut, and the phone cannot pick up enough signal to answer, and my proximity-detecting page (active, I think powered from an inductive pickup) fails to detect. Interestingly, an anti-static chip bag (as opposed to a corn-chip bag) does not work as well. A small-sized Frito bag also folds up very compactly; you could keep one in your wallet -- an RFID condom, if you will.
Allow me to apologize for more ignorant fellow American. Some of us (at times, over half) are idiots.
You will DEFINITELY need that tax professional. I worked in an LLC that later converted to subchapter S, we have a heck of a time with schedule K and suspended losses. Later, after you leave the LLC and it actually makes some money, you have to find a way to offset passive gains with non-passive losses. I couldn't make head nor tail of it, neither could TurboTax. As long as we were only losing money, I could do my own taxes. If that doofus company ever makes enough money, I could conceivably owe taxes in Massachusetts, New York, New Jersey, Delaware, Louisiana, Colorado, and California -- every state in which we had a "business presence", which apparently can be as little as an employee. Outside of my home state, only NY has shown much interest, and so far we have not met their threshold for needing to file.
On the other hand, I have no sympathy for these flat-earth tax simplification morons. The economy was working a heck of a lot better back before I got my tax cut. Let's try a flat tax on lab rats first, till it pans out there, let's go back to a system that's already been demonstrated to work.
But hard disk bandwidth is growing more slowly; density arguments alone suggest doubling only once every 12 months (reading/writing is linear; density is quadratic). Another way to look at that is that every two years, it will take twice as long to read your entire disk (twice as long to backup, twice as long to bring online after a hot-swap, whatever.
I think, not sure, that I am above the 64% programming skill/security awareness line, and I'm not confident I could write a secure application. What this says to me is that up to 36% of software developers are dangerously overconfident.
A second Azureus datapoint -- I run it for weeks at a time on MacOS. I've got 512M, I think, and it's a 400Mhz G4. Seems to run ok for me. It works ok under both 10.3.9 and under Tiger, and under various flavors of Java 1.4
Ditto. For bug reporting purposes: Tiger.latest, Java 1.4.2_07-215. I suppose I shouldn't be surprised at all the Java-bashing, but was anyone thinks that C or C++ is a viable option for handling email is beyond me. We've pretty well proven that if we write code in C, it WILL have buffer overflows, no matter how pretty the windows.
My suspicion is that the examiners are overworked, underpaid, and badly managed. Consider also that if you see apparently outlandish things getting patented, you can either protest, which is useless and earns you nothing, or push the envelope, which might, if you are lucky, get you a patent. In the world of business, given that your competitor might be pushing the envelope, you have no choice but to do so yourself. Given this, I am sure that filed patents are making increasingly outlandish claims.
For me, the two big points are that they also asked other interesting, relevant, difficult questions, and they also treat their employees pretty well (at least, that's what I hear from everyone who works there).
And if it matters, I've also got a PhD in CS, and I must say that some of attitudes expressed here on PhDs are, umm, unusual. I happen to be one of those people who's pretty good with bit twiddling. Not everyone is, but bit fiddling is not exactly the only thing that matters in CS, and I've worked with some very intelligent and productive people who are startlingly unable to fiddle bits.
I'd put most of my money on #2. It's pretty clear that we are casting a pretty wide net looking for (Islamic) terrorists in the US, because we seem to be snagging a non-trivial number who are (probably) not real threats. That has got to be plenty disruptive. The 9/11 terrorists lived here and it did not change their minds, and the WTC bombers were not dissuaded either. In the blinding light of 20-20 hindsight, it's clear that Saddam Hussein had neither WMDs nor ties to Al-Qaeda, the rest of the world has not been free of terrorism, and the Taliban is not yet been run out of Afghanistan.
So I pick door #2. I also hope it is not door #1, because if you look at the rate of coalition casualties (http://icasualties.org/oif/), we don't seem to be making an appreciable dent in the supply of potential terrorists. If that's the only way to stop terrorism, then it's 2 soldiers/day and a billion dollars per week, with no end in sight.
I had it for a while, but didn't use it much, so I turned it off. But when I did use it in high-signal areas, I got "good dial-up" throughput. This was with a Motorola v.66, which I would not recommend, because the USB cable is flaky and non-standard. The Internet you get was "the net"; everything worked, and I even managed to VPN into work once from the airport to do some last minute arrangements.
I have a shiny new v188 now, it takes a standard miniUSB cable so you don't need to buy a special one. I bought it, obviously I would recommend it. Can't tell if it has Edge support or not; that might be limited to the v186.
The other thing you get with T-mobile is the option to buy HotSpot for $19.99 instead of $29.99. Not sure that does much for you; when I travel, it is handy, because even when I can expense the hotel internet, it is often non-standard and sucky, and there's always a Starbucks nearby. Only problem I've had with HotSpot is that they jump on port 25, which interferes with .Mac mail (they do SSL over port 25, don't ask me why).
First, the whore-rape comparison is utterly vile. It treats the woman as if she existed for no purpose other than being a whore. Perhaps, say, she would like to take a minute to scratch her nose? Perhaps she might like to get to sleep early if business is slow. And so on. There are opportunity costs, never mind the risks.
The Ferrari does in fact only exist to be driven, but who is to say that the owner will not need to drive it while you are using it? Perhaps a potential customer will wish to drive it. Perhaps you will run it into a tree (major damage to automobiles is highly correlated with actually being driven). Wear and tear on the engine, brakes, transmission and exhaust, etc.
Viewing a stolen movie does deprive the creator of the revenues that he otherwise would have received, but it does not keep the movie from anyone else (even a potential anyone else) nor does it wear the movie out.
And, the economic argument being either $100 or zero is completely wrong. The pirate chooses to steal because stealing is cheaper. It is not actually free; it assumes time spent getting the software to steal, configuring it, paying for enough bandwidth to steal, finding the illegal copy, and running the risk of getting caught. The *AA's high-dollar lawsuits make perfect sense, because they raise the cost of that last risk.
You should also not discount the cost of "search". I've been downloading legal P2P for a couple of weeks now, and it's a sad fact that a lot of it is not worth the time to listen to it, no matter how wonderful the licensing terms. Someone's got to sort through that junk, edit it, and promote it. Unfortunately, this works against the mega-hits; it is highly likely that someone will enjoy watching them, and in a P2P network, there will be many peers able to boost the bandwidth. P2P networks are amusingly invulnerable to /.ing. The problem with the *AA business models is that they rely on those very same mega-hits that are so friendly to P2P-exploiting piracy.
Why should I spend a second's more time on a project than is contractually specified? If you write a sloppy contract, expect to get screwed. Remember, this is businessmen doing this to save money; are you surprised that the businessmen on the other side are not equally attuned to the bottom line?
At least one of the people designing Fortress (me) did in fact buy a Matias Tactile Pro keyboard, partly because I like the keys, but more partly to get the special characters on all the key caps (the newer Matias OS X keyboard would be cheaper). One problem now (but not in the future, I hope) is buggy Unicode fonts; I've found problems with mathematical symbols in three different fonts. OS X also allows menu selection of Unicode characters if you turn on the "Input Menu" in the International control panel, but that is vastly less convenient.