a.) The US is a damn nice place to live because we have a large middle class and labor protections that men fought and died for (the 8 hour day and having weekends off didn't just happen, and they won't stay around if we don't fight for them). Generating an underclass of scab labor slowly destroys what makes this country a great place.
It's ridiculous to call H1B's "scab laborers" and outrageous to accuse them of destroying what makes America great. Entrepreneurship is at least as much of what makes America great (if not more) as labor protection.
b.) Companies which renounce their US citizenships should be treated as such, no government contracts, no tax breaks, no protection military or legal.
Multinational corporations do not have citizenship. Toyota gets government contracts, tax breaks, legal and military protections in the US just as Microsoft does.
Microsoft doesn't want to hire Americans? How about all government agencies (federal to municipal) require ODF XML format and ban submissions in Word for any official business, and require strict conformance with standard WWW formats for web pages, and POSIX compliance for all APIs in use? How about revisiting antitrust?
Sure: because the Unix vendors have a totally different opinion than Bill Gates. They want to keep the damn foreigners out!
if people are created by God (as I believe), then it would make sense for God to give us a innate tendency to believe in Him, but if we are not created by God, then religion can be explained as a side effect of this psychological tendency.
Why would God give us an innate tendency to believe in him without giving us an innate understanding of who he is (Jehovah, Allah, Vishnu, Thor, Zeus) or what his values are?
If a polluting inefficient electric generating coal plant that cost a billion dollars to build faces competition from a cheap clean efficient high-tech competitor - how do they stop them? You guessed it, buy up all the CO2 credits and lock the competitor out.
A single plant is going to buy a a whole country's CO2 credits? That sounds plausible.
God decided to let this course run, to show how humans would fare without his direct involvement. Things got so bad, that he had to bring the deluge upon mankind. He has since allowed humans to try many many different types of self rule. This has clearly shown (at least to me) that humans don't have the ability to govern themselves! Jeremiah 10:23 "Man cannot cannot direct his own step". Despite all the medical and technical advances, have we really made life better? Ask yourself, how many people go to bed hungry, how many people don't know if they can protect their family from the next band of rebels.
Why would an omniscient and omnipotent God need to "show" or "prove" anything to anyone?
Why would a loving father accept as the price of his "proof" his children's suffering?
Why does God compound our suffering with Tsunamis, earthquakes, diseases, etc.? Perhaps if He had provided enough food, nobody would be hungry!
What kind of experiment allows the experimenter to constantly meddle (sending down angels and Jesus)?
Why does God allow Satan to also meddle in the experiment (compounding the suffering of his children?)
Why does God punish us for the failures that he himself predicted from the start.
Why did God tempt Adam and Eve with the apple in the first place? How hard would it have been for him to make a fence?
Did you ever see such a thing ? Specs are never formulated EXACT. To add the the problem: they change during the execution of a project.
Your point is not relevant to my point. Specs are seldom exact. But even when they are exact (as in, formulated by mathematicians, using mathematical terms) it is not typically possible for software to validate other software's adherence to them. This has been proven also using mathematics.
You should research the halting problem. Even given a VERY PRECISE specification of what you want a program to do, i.e. terminate, it is demonstrably impossible to write a program that answers the question "does this program meet the specification...i.e. terminate" in the general casae. Given that termination is a necessary predecessor to getting a useful answer to any question, it is clear why we don't have programs that (in the general case) verify that our programs meet our requirements! One way around this is to use bowdlerized subsets of languages that can be validated, but this hasn't proven very practical so far.
The CMS project failure was the start of the author's interest in the subject. He goes on to read Fred Brooks and watch the Chandler team. Fred Brooks describes problems primarily _in the development (not requirements) domain_. And Chandler certainly has problems in the requirements domain but we cannot blame that on a technology-ignorant product manager unless we define "technology-knowledgeable" to be an impossible standard.
I'm not at all disputing that product managers kill many software projects with ignorance. But that isn't what this book is about. Even software with perfect requirements can be very difficult to right on time and on budget. And even very knowledgeable and experienced product managers can have trouble managing project scope.
If Microsoft is really serious about doing this, then they will be doing the very antithesis of what they have been doing since, well, ever.
I wonder how long it will take Slashdot posters to figure out the difference between Microsoft product groups and Microsoft Research? Every time there is any positive press about Microsoft Research (which is a totally separate division) the little minds come out sputtering...but...but... that's not what their products do! Guys: that's the whole point of having a Research group: to be far ahead of product. You might as well express wonderment that a photocopy company could work on Ethernet. Is Microsoft "really serious" about this? Of course not. If an article about Microsoft mentions a "researcher" then it means that they aren't really serious about it yet. If/when they get serious they will talk about product. They are a product company after all.
I post this because it is really dull to come to an article about Microsoft Research and be inundated with Microsoft bashing. Did you know that Microsoft Research has a world-beating collection of Haskell programmers? If one of them is discussed on Slashdot will I have to hear about how people hate VB and Visual Studio? Or maybe, just once could we talk about the research and leave the bashing to an article about Microsoft products.
So please explain to us how economics is the only science that is not subject to the First Law of Thermodynamics.
First: economics is not a science. Second: I wish people would stop using the law of thermodynamics to talk about phenomena that exist on earth and depend on the input of the sun. The law is: "The increase in the internal energy of a thermodynamic system is equal to the amount of heat energy added to the system minus the work done by the system on the surroundings." Guess what, we're always getting more heat energy added to the system, and learning new techniques for capturing that heat energy, as well as storing it.
I believe that the data to that point (as measured since the 1920s) is too dull to chart. I don't have time to chase this down. Why would I waste my time when there is near universal consensus among scientists, laymen and politicians? I might as well spend my time chasing data to prove that the earth is round.
The main reason that there always was and will be an ozone hole over the Antarctics is that ozone decays in the lack of sunlight, and it's pretty dark half of the year out there.
How could this account for the accelerated growth of the ozone hole that exactly correlates with the period that human beings started using CFCs?
The problem with your little scenario is that there is no legal structure to the Bill Gates "Foundation". Zippo. None. Da nada. Please tell me, I'm interested. I notice that you don't refute this point.
The point is so ridiculous that I didn't think it would require refutation. "The Bill & Melinda Gates Foundation is committed to providing clear, timely information on our finances and grantmaking efforts. Our annual reports from 1998 to present... are available at the links below."
If everything is above board, then I really will call Gates a good man.
You've got the links. The ball is in your court. But anyhow, I didn't ask anyone to call Gates a good man. Please just praise the good things he does and criticize the bad, as opposed to demonizing him unthinkingly. It's the basic consideration that we owe every human being.
Bill Gates and Warren Buffet have given away their life savings to causes that are undeniably wonderful. Every day their money saves thousands of lives. You sit at home and rant at Slashdot. It reminds me of a William Shatner tune (if that isn't a contradiction in terms)
Riding on their armchairs
They dream of wealth and fame
Fear is their companion
Nintendo is their game
They'll laugh at others failings
Though they have not done shit
(slightly edited for context)
I find posts like yours profoundly depressing. You hold the Gates foundation to an impossible standard, far beyond what you would hold the MacArthur foundation, or your favourite charity or yourself. In doing so, you attempt to rob the Gates of any credit for their good works and in doing so, you reduce a major motivation for doing good works. Have you thought through the end result if we all demonzized philanthropists? Do you have any idea how important robber-baron philanthropy has been over the last few centuries?
Reading the Gates Foundation website, it would appear that all is hunky-dory.
Can you point me to a charity or foundation website that does not promote their work as hunky-dory? If they thought that they had problems, don't you think that they would spend more effort fixing them rather than updating their website to list them?
Yet their guiding principles leave a lot to be desired. For example, "philanthropy" is only part of their aim, and they report only those parts of their operation that *are philanthopic.
No, you completely misunderstand. Their goal is entirely philanthropic. Their guiding principles merely state the FACT that philanthropy is necessarily limited in its results. Therefore it is not an alternative to economic development. Give a man a fish, teach a man to fish, etc.
they report only those parts of their operation that *are philanthopic.
Oh really? Do you have evidence that either their annual report or their website misstates how they spend their money?
What have they got to hide?
Please take off your fucking tin-foil hat. What are they hiding? You are acting as if you know of something evil they are doing secretly but not reporting. Go ahead, please tell us what their nefarious other activities are.
Even ENRON gave a better account of their operations than this.
Enron (note the capitalization) needs to be added to Godwin's law.
FWIW. I don't particularly mind investment in big multinationals - my morals aren't that high-minded and occasionally they do good - but don't multinationals receive enough Gubmint aid already? The long list includes Aribus, British Aerospace, ELF, Boeing etc etc etc etc. Each sit at the tax-trough day-in-day-out. The only reason for the Gates Foundation to invest in these big companies *is* profit.
Yes, the reason that the Gates foundation invests in big companies is in order to maximize the profit available for their philanthropic work. Given this fact, why do you mention the fact that "Aribus" gets government money. What does it have to do with the price of tea in China? When you select your own investments are you biased against companies that have got government contracts, customers, loans or bail-outs? Do your mutual funds exclude such organizations?
Currently, it looks like to me that the Foundation is their to make the Gates and Buffet look good. Nothing more.
I'm sorry, I'm boiling over. You're acting like a total asshole.
First, nothing in your post substantiates the claim you make at the end. Don't you think that there are easier ways to buy positive press than to give away your life savings?
Second, Warren Buffet was already widely loved and praised. Giving away his life savings barely moves the needle of his reputation. As far as Bill Gates: I think that if he gave a flying fuck what people like you think of him then he would have
JavaScript S on Domain A needs to access the server side script on Domain B. All S has to do is AJAX to a local bridging script which forwards the request using CURL,LWP, etc to B. The bridge then feeds the response to S. S has no idea that the AJAX request went to another domain.
What you said is illogical. You start out saying that S from Domain A wants access to the script on Domain B. Then you conclude by saying that "S has no idea that its request went to domain B." So that's what S wanted, but somehow it is a surprise? Please give a concrete example.
As far as B knows, A is just a web visitor.
A _is_ just a web visitor. A can only authenticate on B if it is given a password or other authentication token. And the user controlling S would have to willingly give it that token, perhaps because A offers a service that requires access to B. It isn't a bug. It's a feature.
Since AJAX runs on the client side it's not possible to whitelist IPs and Referers can be spoofed.
What??? AJAX in no way interferes with whitelisting IPs.
As with every client/server app the client can never be trusted.
From the server's point of view, the client can only be trusted to do the will of the customer who (presumably) controls it. From the client's point of view, the server can be trusted to do the will of the administrator who (presumably) controls it. This "client cannot be trusted" mantra is an oversimplificaiton. If it were truly impossible to secure a client machine then passwords would be irrelevant and e-commerce impossible, because they would all be vulnerable to client-hacks. But I do send my passwords and credit card over the Internet with reasonable confidence (over SSL) because *I* am confident that my client machine has not been hacked and have a reasonable amount of trust in the security of the organizations I do business with. The client is untrustworth from Amazon's point of view because it works on my behalf or the behalf of whoever has hacked machine, not on Amazon's behalf.
That IN NO WAY implies that the security of the client machine is unimportant. Amazon needs its customers to have confidence that their client machines work on their own behalf and not that of a random hacker. If this paper highlighted a way to truly compromise client security then it would be a serious issue. But I don't believe it says anything new or interesting at all.
The thing which is novel in this paper is the delivery mechanism, specifically by fundamentally replacing parts of javascript to carry attacks in what would otherwise be quite clean and legitimate code.
But how do you replace parts of javascript in a manner that hurt any site other than the site delivering the bad HTML? How would I replace the prototype of the XMLHttpRequest object transmitted from Amazon.com to you? If the attack depends upon me being between you and Amazon (man in the middle) then there is nothing new, because web applications have always been attackable in this way.
The vast majority of Internet advertising is done through a broker in tiny increments of pennies per transaction. The advertiser does not know what site the advertisment will go on and the site does not know in advance which advertisments will appear.
It is trivially easy to prevent the corruption of a "few big advertising contracts". Simply do not accept them. Wikipedia could easily mandate that no advertiser can buy more than 3% of the available space. Alternately, wikipedia could take the straightforward route of buying through intermediaries like Google's AdSense and others. The wikimedia people would not ever talk to an advertiser.
've tried to convince several of the companies I've worked for to operate in this manner, but I can't get anyone to try it. Have 2 different groups: Development - that works on a backlog of tasks and incrementally improves various pieces of the product; and Release - that takes versions of the development pieces, matches them with marketing requirements, makes a cohesive product and releases when the marketing requirements are met.
You can achieve simultaneous development and release without having two different teams. You just need branches. And I dont' see how the system you describe could possibly work. You can't take a bunch of random developments and "match them to marketing requirements". Either the development team was working to marketing requirements and have created the features that marketing wants, or they have not, and will have created other features. Making a "cohesive product" starts at the requirements level, it isn't something you do at the end. Upgrades of Linux distributions tend not to be "cohesive products" in the sense that a new operating-system feature often won't be taken advantage of by apps. If you're trying to drive upgrade (rather than subscription) revenue, you want a better story to tell than: "We've introduced some amazing kernel features that will be taken advantage of in future desktop environments which will then expose them to future applications." That's an argument for upgrading several years from now, not for upgrading right now. Imagine a Windows 95-sized marketing launch for a product that was incrementally released like that. It wouldn't work.
This would be true in a world without brands, without copyright, without geography and without cartels. Do you really think that the price of an airport hamburger is decided by the price of making it? Or if you buy a sandwich on the flight (many sell them now) that the price up there is determined by how much it costs to manufacture?
According to what theory does the price of production need to be reflected in the price of purchase? Is movie popcorn also "completely irrational?" Bottled water? Novels?
Perhaps sports franchises should not charge per seat because after the first seat is sold it costs the same amount to play the player's salaries?
There are many business models out there and Richard Stallman does not define which are rational and which irrational.
Slashdot Mirror
a.) The US is a damn nice place to live because we have a large middle class and labor protections that men fought and died for (the 8 hour day and having weekends off didn't just happen, and they won't stay around if we don't fight for them). Generating an underclass of scab labor slowly destroys what makes this country a great place.
It's ridiculous to call H1B's "scab laborers" and outrageous to accuse them of destroying what makes America great. Entrepreneurship is at least as much of what makes America great (if not more) as labor protection.
b.) Companies which renounce their US citizenships should be treated as such, no government contracts, no tax breaks, no protection military or legal.
Multinational corporations do not have citizenship. Toyota gets government contracts, tax breaks, legal and military protections in the US just as Microsoft does.
Microsoft doesn't want to hire Americans? How about all government agencies (federal to municipal) require ODF XML format and ban submissions in Word for any official business, and require strict conformance with standard WWW formats for web pages, and POSIX compliance for all APIs in use? How about revisiting antitrust?
Sure: because the Unix vendors have a totally different opinion than Bill Gates. They want to keep the damn foreigners out!
Well, speaking as an atheist, it doesn't annoy me in the slightest.
It is annoying because it implies that irrational faith-driven behaviour will be difficult or impossible to irradicate from society.
if people are created by God (as I believe), then it would make sense for God to give us a innate tendency to believe in Him, but if we are not created by God, then religion can be explained as a side effect of this psychological tendency.
Why would God give us an innate tendency to believe in him without giving us an innate understanding of who he is (Jehovah, Allah, Vishnu, Thor, Zeus) or what his values are?
If a polluting inefficient electric generating coal plant that cost a billion dollars to build faces competition from a cheap clean efficient high-tech competitor - how do they stop them? You guessed it, buy up all the CO2 credits and lock the competitor out.
A single plant is going to buy a a whole country's CO2 credits? That sounds plausible.
God decided to let this course run, to show how humans would fare without his direct involvement. Things got so bad, that he had to bring the deluge upon mankind. He has since allowed humans to try many many different types of self rule. This has clearly shown (at least to me) that humans don't have the ability to govern themselves! Jeremiah 10:23 "Man cannot cannot direct his own step". Despite all the medical and technical advances, have we really made life better? Ask yourself, how many people go to bed hungry, how many people don't know if they can protect their family from the next band of rebels.
It seems you are the poster child for the phenomenon described here.
You've defined OpenId's "task" differently than they do. I'd suggest you read this comment.
Did you ever see such a thing ? Specs are never formulated EXACT. To add the the problem: they change during the execution of a project.
Your point is not relevant to my point. Specs are seldom exact. But even when they are exact (as in, formulated by mathematicians, using mathematical terms) it is not typically possible for software to validate other software's adherence to them. This has been proven also using mathematics.
You should research the halting problem. Even given a VERY PRECISE specification of what you want a program to do, i.e. terminate, it is demonstrably impossible to write a program that answers the question "does this program meet the specification...i.e. terminate" in the general casae. Given that termination is a necessary predecessor to getting a useful answer to any question, it is clear why we don't have programs that (in the general case) verify that our programs meet our requirements! One way around this is to use bowdlerized subsets of languages that can be validated, but this hasn't proven very practical so far.
The CMS project failure was the start of the author's interest in the subject. He goes on to read Fred Brooks and watch the Chandler team. Fred Brooks describes problems primarily _in the development (not requirements) domain_. And Chandler certainly has problems in the requirements domain but we cannot blame that on a technology-ignorant product manager unless we define "technology-knowledgeable" to be an impossible standard. I'm not at all disputing that product managers kill many software projects with ignorance. But that isn't what this book is about. Even software with perfect requirements can be very difficult to right on time and on budget. And even very knowledgeable and experienced product managers can have trouble managing project scope.
If Microsoft is really serious about doing this, then they will be doing the very antithesis of what they have been doing since, well, ever.
I wonder how long it will take Slashdot posters to figure out the difference between Microsoft product groups and Microsoft Research? Every time there is any positive press about Microsoft Research (which is a totally separate division) the little minds come out sputtering...but...but... that's not what their products do! Guys: that's the whole point of having a Research group: to be far ahead of product. You might as well express wonderment that a photocopy company could work on Ethernet. Is Microsoft "really serious" about this? Of course not. If an article about Microsoft mentions a "researcher" then it means that they aren't really serious about it yet. If/when they get serious they will talk about product. They are a product company after all.
I post this because it is really dull to come to an article about Microsoft Research and be inundated with Microsoft bashing. Did you know that Microsoft Research has a world-beating collection of Haskell programmers? If one of them is discussed on Slashdot will I have to hear about how people hate VB and Visual Studio? Or maybe, just once could we talk about the research and leave the bashing to an article about Microsoft products.
Herein lies the rub: You're never going to get everyone to agree on a set of appropriate tags.
Yeah. That's not what TFA is about. You should read it.
So please explain to us how economics is the only science that is not subject to the First Law of Thermodynamics.
First: economics is not a science. Second: I wish people would stop using the law of thermodynamics to talk about phenomena that exist on earth and depend on the input of the sun. The law is: "The increase in the internal energy of a thermodynamic system is equal to the amount of heat energy added to the system minus the work done by the system on the surroundings." Guess what, we're always getting more heat energy added to the system, and learning new techniques for capturing that heat energy, as well as storing it.
I believe that the data to that point (as measured since the 1920s) is too dull to chart. I don't have time to chase this down. Why would I waste my time when there is near universal consensus among scientists, laymen and politicians? I might as well spend my time chasing data to prove that the earth is round.
The main reason that there always was and will be an ozone hole over the Antarctics is that ozone decays in the lack of sunlight, and it's pretty dark half of the year out there.
How could this account for the accelerated growth of the ozone hole that exactly correlates with the period that human beings started using CFCs?
The problem with your little scenario is that there is no legal structure to the Bill Gates "Foundation". Zippo. None. Da nada. Please tell me, I'm interested. I notice that you don't refute this point.
The point is so ridiculous that I didn't think it would require refutation. "The Bill & Melinda Gates Foundation is committed to providing clear, timely information on our finances and grantmaking efforts. Our annual reports from 1998 to present ... are available at the links below."
If everything is above board, then I really will call Gates a good man.
You've got the links. The ball is in your court. But anyhow, I didn't ask anyone to call Gates a good man. Please just praise the good things he does and criticize the bad, as opposed to demonizing him unthinkingly. It's the basic consideration that we owe every human being.
Bill Gates and Warren Buffet have given away their life savings to causes that are undeniably wonderful. Every day their money saves thousands of lives. You sit at home and rant at Slashdot. It reminds me of a William Shatner tune (if that isn't a contradiction in terms)
(slightly edited for context)
I find posts like yours profoundly depressing. You hold the Gates foundation to an impossible standard, far beyond what you would hold the MacArthur foundation, or your favourite charity or yourself. In doing so, you attempt to rob the Gates of any credit for their good works and in doing so, you reduce a major motivation for doing good works. Have you thought through the end result if we all demonzized philanthropists? Do you have any idea how important robber-baron philanthropy has been over the last few centuries?
Reading the Gates Foundation website, it would appear that all is hunky-dory.
Can you point me to a charity or foundation website that does not promote their work as hunky-dory? If they thought that they had problems, don't you think that they would spend more effort fixing them rather than updating their website to list them?
Yet their guiding principles leave a lot to be desired. For example, "philanthropy" is only part of their aim, and they report only those parts of their operation that *are philanthopic.
No, you completely misunderstand. Their goal is entirely philanthropic. Their guiding principles merely state the FACT that philanthropy is necessarily limited in its results. Therefore it is not an alternative to economic development. Give a man a fish, teach a man to fish, etc.
they report only those parts of their operation that *are philanthopic.
Oh really? Do you have evidence that either their annual report or their website misstates how they spend their money?
What have they got to hide?
Please take off your fucking tin-foil hat. What are they hiding? You are acting as if you know of something evil they are doing secretly but not reporting. Go ahead, please tell us what their nefarious other activities are.
Even ENRON gave a better account of their operations than this.
Enron (note the capitalization) needs to be added to Godwin's law.
FWIW. I don't particularly mind investment in big multinationals - my morals aren't that high-minded and occasionally they do good - but don't multinationals receive enough Gubmint aid already? The long list includes Aribus, British Aerospace, ELF, Boeing etc etc etc etc. Each sit at the tax-trough day-in-day-out. The only reason for the Gates Foundation to invest in these big companies *is* profit.
Yes, the reason that the Gates foundation invests in big companies is in order to maximize the profit available for their philanthropic work. Given this fact, why do you mention the fact that "Aribus" gets government money. What does it have to do with the price of tea in China? When you select your own investments are you biased against companies that have got government contracts, customers, loans or bail-outs? Do your mutual funds exclude such organizations?
Currently, it looks like to me that the Foundation is their to make the Gates and Buffet look good. Nothing more.
I'm sorry, I'm boiling over. You're acting like a total asshole.
First, nothing in your post substantiates the claim you make at the end. Don't you think that there are easier ways to buy positive press than to give away your life savings?
Second, Warren Buffet was already widely loved and praised. Giving away his life savings barely moves the needle of his reputation. As far as Bill Gates: I think that if he gave a flying fuck what people like you think of him then he would have
JavaScript S on Domain A needs to access the server side script on Domain B. All S has to do is AJAX to a local bridging script which forwards the request using CURL,LWP, etc to B. The bridge then feeds the response to S. S has no idea that the AJAX request went to another domain.
What you said is illogical. You start out saying that S from Domain A wants access to the script on Domain B. Then you conclude by saying that "S has no idea that its request went to domain B." So that's what S wanted, but somehow it is a surprise? Please give a concrete example.
As far as B knows, A is just a web visitor.
A _is_ just a web visitor. A can only authenticate on B if it is given a password or other authentication token. And the user controlling S would have to willingly give it that token, perhaps because A offers a service that requires access to B. It isn't a bug. It's a feature.
Since AJAX runs on the client side it's not possible to whitelist IPs and Referers can be spoofed.
What??? AJAX in no way interferes with whitelisting IPs.
As with every client/server app the client can never be trusted.
From the server's point of view, the client can only be trusted to do the will of the customer who (presumably) controls it. From the client's point of view, the server can be trusted to do the will of the administrator who (presumably) controls it. This "client cannot be trusted" mantra is an oversimplificaiton. If it were truly impossible to secure a client machine then passwords would be irrelevant and e-commerce impossible, because they would all be vulnerable to client-hacks. But I do send my passwords and credit card over the Internet with reasonable confidence (over SSL) because *I* am confident that my client machine has not been hacked and have a reasonable amount of trust in the security of the organizations I do business with. The client is untrustworth from Amazon's point of view because it works on my behalf or the behalf of whoever has hacked machine, not on Amazon's behalf.
That IN NO WAY implies that the security of the client machine is unimportant. Amazon needs its customers to have confidence that their client machines work on their own behalf and not that of a random hacker. If this paper highlighted a way to truly compromise client security then it would be a serious issue. But I don't believe it says anything new or interesting at all.
The thing which is novel in this paper is the delivery mechanism, specifically by fundamentally replacing parts of javascript to carry attacks in what would otherwise be quite clean and legitimate code.
But how do you replace parts of javascript in a manner that hurt any site other than the site delivering the bad HTML? How would I replace the prototype of the XMLHttpRequest object transmitted from Amazon.com to you? If the attack depends upon me being between you and Amazon (man in the middle) then there is nothing new, because web applications have always been attackable in this way.
The vast majority of Internet advertising is done through a broker in tiny increments of pennies per transaction. The advertiser does not know what site the advertisment will go on and the site does not know in advance which advertisments will appear.
It is trivially easy to prevent the corruption of a "few big advertising contracts". Simply do not accept them. Wikipedia could easily mandate that no advertiser can buy more than 3% of the available space. Alternately, wikipedia could take the straightforward route of buying through intermediaries like Google's AdSense and others. The wikimedia people would not ever talk to an advertiser.
've tried to convince several of the companies I've worked for to operate in this manner, but I can't get anyone to try it. Have 2 different groups: Development - that works on a backlog of tasks and incrementally improves various pieces of the product; and Release - that takes versions of the development pieces, matches them with marketing requirements, makes a cohesive product and releases when the marketing requirements are met.
You can achieve simultaneous development and release without having two different teams. You just need branches. And I dont' see how the system you describe could possibly work. You can't take a bunch of random developments and "match them to marketing requirements". Either the development team was working to marketing requirements and have created the features that marketing wants, or they have not, and will have created other features. Making a "cohesive product" starts at the requirements level, it isn't something you do at the end. Upgrades of Linux distributions tend not to be "cohesive products" in the sense that a new operating-system feature often won't be taken advantage of by apps. If you're trying to drive upgrade (rather than subscription) revenue, you want a better story to tell than: "We've introduced some amazing kernel features that will be taken advantage of in future desktop environments which will then expose them to future applications." That's an argument for upgrading several years from now, not for upgrading right now. Imagine a Windows 95-sized marketing launch for a product that was incrementally released like that. It wouldn't work.
This would be true in a world without brands, without copyright, without geography and without cartels. Do you really think that the price of an airport hamburger is decided by the price of making it? Or if you buy a sandwich on the flight (many sell them now) that the price up there is determined by how much it costs to manufacture?
What does "equitable" mean? Does everyone have to get exactly the same cut? Or is John Gruber in charge of deciding who makes what?
According to what theory does the price of production need to be reflected in the price of purchase? Is movie popcorn also "completely irrational?" Bottled water? Novels? Perhaps sports franchises should not charge per seat because after the first seat is sold it costs the same amount to play the player's salaries? There are many business models out there and Richard Stallman does not define which are rational and which irrational.