Not that it has anything to do with the discussion at hand, but the square root of 2 is 1.414 (to three decimals), not 1.67. 1.67 is also known as five thirds (to two decimal points).
You can charge to distribute copies of the software; however, you cannot charge for software that you do not yourself distribute. They are trying to sell the $699 licenses to people who *already* have the software. Further, if there is code in SCO's Linux distro that is not GPLed, then SCO cannot distribute the GPLed code that is linked to it.
This is getting beside the point. SCO has claimed that the GPL is invalid. As such, they cannot distribute GPLed code (one must accept the GPL as valid to distribute GPLed code).
IBM deliberately pulled open source advocates into this fight as part of their retaliation against SCO. All SCO was doing originally was claiming that IBM had violated a contract agreement with IBM. They did not start actually pursuing open source until after their open source market dried up. It was IBM advocates (e.g. Eric S Raymond) who pointed out that SCO's claims could be extended against open source. Until Microsoft paid them, they said that they weren't going to do so (in particular, SCO originally claimed not to know of any copyright infringement by Linux). Without these actions by IBM (and Microsoft), SCO would have never gone after Linux users, AutoZone, or Daimler Chrysler.
Overall, this has been a masterful PR campaign by IBM. Not only did they get open source to do a lot of their dirty work for them, they now have people spinning it that IBM was doing things for open source.
"It's the only thing that permits the end-user to use the software it covers:"
No, posession of the code is what permits you to run it. One does not need anything more. EULAs are not enabling licenses; they are disabling licenses. One accepts the use restrictions in exchange for receiving the software.
Think of it like this: you can steal a book and be prosecuted for stealing; however, you can't be prosecuted for reading the book. It is perfectly legal to read the book (even if stolen).
"The act of running the Program is not restricted..." is purely explanatory. It does not grant any rights but merely informs of those that already exist.
From where were they getting their drinking water previously? My first guess is that this just substitutes water taken from the bottom of the lake for water that would otherwise be taken from the top. Net change in water levels (vs. not doing this) would thus be negligible.
Or the spammer could just use their existing lists of however many emails and look to see if any of those emails are in the list. Virus infected zombie machines would be exceptionally good at this, as it allows them to email not only everyone in your address book but everyone in the address books of those who email you.
Did you run Quicktime *after* you did it? Did you *update* quicktime after disabling qttask? Those are the two times when it would turn itself back on.
If you run regedit and remove the registry key, they won't run anymore. Unfortunately, they come back when the program is run (at least Real's do).
msconfig might avoid this, since the registry key remains (it just isn't used). Of course, then you have the added resources of running msconfig (which is only supposed to be a diagnostic tool) during startup. I'm not sure how much this differs from a normal startup (e.g. does it always do the msconfig checks, or is that added when msconfig is used).
I have also used some software that will add itself again if disabled in msconfig (i.e. you will have enabled and disbled entries in msconfig). I'm not sure about Real -- I avoid using it for exactly that reason.
"You can also select from any of the configured SMTP servers during email composition, the from line should have a pull-down arrow next to it."
That just selects from the from addresses. It still uses the default SMTP server unless one makes the other changes you describe. I had to install an extension to get the ability to select SMTP servers.
It's not just the interface that is the issue, but the documentation. I can follow how that interface works (although it is clunky), but I couldn't find anything in the help explaining how to do it. Further, when I went Googling, I found an extension that allowed me to choose the SMTP server on a per message basis (which works but was not what I wanted).
I ran through the setup you recommended and will see if it works for me.
One router is at the equator. One is in Alaska (i.e. close to the North Pole). They are moving at different speeds. Not sure how much this matters in application, but they are moving relative to each other.
"Fundamentally, I'm not sure what they could do differently."
Use level 3 switches and turn off the file networking ports (e.g. 135 and 500), unless specifically requested to have them on (and even then, only allow them between certain machines: a small LAN inside the overall network). Any university network is going to have some infected machines attached to it. The trick is to keep them isolated from other machines' vulnerabilities.
Microsoft does some crazy things. For example, I have a data partition on my hard drive. Since reinstalling the OS, I would like to access the data partition from the partition on which I installed the new system files. To do that, I had to take ownership of the files, which required turning on lsass.exe (vulnerable to Sasser virus). Now, I have no need for file sharing on my PC; it's the only computer hooked up to my cable modem. Why then do I have to run networking (with its associated vulnerabilities) just to have reasonable access to data on my physical machine?
Another example: IE and Outlook Express both use a different method to determine the mouseover URL than they use to determine the on click URL (the one to which you go when you click). Why? Why go to the extra effort to give incorrect info (in some cases) rather than correct info? Why not just use the same code (frankly, the same *function*) for both? I actually went to the effort to report this as a bug after receiving a phishing email demonstrating it (the URL showed as my actual bank, but clicking would have sent me to an IP based URL).
I agree with the first part of your post. The installer has no need to answer requests on any port; thus, it should not be possible to compromise (aside from DNS poisoning attaching to something other than the real Windows Update site; however, that exploit requires that your DNS server be corrupt).
The only other way that it could be compromised would be if Microsoft did something monumentally stupid, e.g. run the update from their regular OS rather than a stripped down version just for getting patches/updates. Now that I think about it, I guess I agree with your whole post.
"the '...@' section disappears from the URL when it is displayed in the address bar, which ought to give you at least some feedback."
And it takes you to the site *before* the @, rather than the site after the @, right? The way the exploit worked was that stuff before an @ is username/password info, so that www.cnn.com@http://fake.example.com would send you to fake.example.com rather than www.cnn.com (which of course was where you thought that you were going).
IIRC, this vulnerability existed as late as IE6, but has since been fixed with patches (i.e. unpatched IE6 still has this vulnerability).
I recently got a phishing email claiming to be from *my* bank (which is not citibank or another large bank). The mouseover URL (in IE/Outlook Express) was to a URL that represented my bank, but the actual URL to which it would have directed was an IP. I actually called the bank (the email looked like a phishing scam other than the URL) before I figured out how they did it. At first, I thought that a corrupt sysadmin was involved (who set up the phishing site in the bank's web space).
This finally pushed me over to Thunderbird, even though it's not ready for my needs (for the love of Linus, people, make the SMTP server definable per email account, just like the POP server). Thunderbird displays the same URL on mouseover as it will use when one clicks on it (I actually filed a bug report with Microsoft that OE/IE do not).
When I lived in Pennsylvania, I could get DSL from any number of providers over the Verizon lines. Thus, I'm not sure that the FCC (federal) is the correct place to be looking to add competition. It may well be a local (state) issue.
"I'm SURE they are going to pass those cost saving onto you."
Duh. If they don't, find a vendor who will. That's how the free market works. You look around for who will give you the best deal. Since anyone can redistribute and support Linux, someone will do so cheaply.
The grandparent's point was that they will most likely do a mixture of those. I.e. they will take $8 million and create the 55 jobs. The remainder will go to reduced prices, stockholders, and current employees. On *average*, they will create 55 jobs with more money. Further, passing money to people (your other three alternatives) also creates jobs.
I would also point out that your issue relates to Microsoft as well. If we reduce Microsoft's revenue by $10 million, there is no particular reason to think that they will cut *any* jobs. Their whole model is based on having as many customers as possible to amortize their relatively fixed development costs. While their profits fall, they still need the work done. Microsoft doesn't really save any development costs by having fewer customers. In fact, the competition might move them to *hire* (see how they are updating IE earlier than they had planned; further, IE updates will continue to be available separately rather than only with OS upgrades -- their previously announced position).
"This company would be regulated by the government for prices and what upgrades need to be done through contributions by the "Telecommunications Services Companies" and taxpayers."
Actually, that's the way it works now. Phone companies (local, e.g. Verizon or SBC, not long distance, e.g. AT&T or Sprint) prices *are* regulated by the government. In other words, you are arguing in favor of adopting the *current* system.
To expand on the parent's post, there are four types of free market competition: perfect competition, monopoly, oligarchy (monopoly by a group), monopolistic competition (imperfect substitutes). The traditional economic models are perfect competition and monopoly, but these are hard to find in the real world.
The economic ideal is perfect competition, as this results in zero economic profits (note that economic profits subtract out a reasonable rate of return to the investor, so a zero economic profit will coexist with a positive accounting profit) and maximum production. Government run price systems (what is commonly described as communism) are the worst, as they both under- and over-produce goods. Monopoly is next worst, as it underproduces (consistently).
The trick is to push oligarchy and monopolistic competition to act more like perfect competition and less like a monopoly. Open source supports this (by allowing anyone to redistribute, making software into a commodity); closed source does not (redistribution limits make closed source act like a monopoly, e.g. Microsoft).
The weakness of open source is that it makes it difficult for users to exchange money for ease of use. Open source works best for developers, as it makes our job easier. If we need further ease of use, we can develop it. This model does not work for most users, as they don't do development. Thus, open source's high market penetration in servers, which should be administered by technically proficient people, and low penetration in desktops, which are mostly run by those who are not technically proficient.
RAID with proper RAM caching will at least match SSD for write intensive operations. Further, it doesn't necessarily have to match it. If RAID is fast enough such that it is no longer the bottleneck, that is fast enough. There is no benefit to having the storage run significantly faster than the rest of the program. As fast is plenty.
Netscape was different, as they wanted to improve the product at the same time. They chose to start a new code base. We can't really know what would have happened if they had just released the standing code base, as they didn't try it.
SSD tends to be smaller too. You certainly aren't going to get 12 disks worth of space from a single SSD in anything approaching a reasonable price (not that long ago that I worked at a place that paid $20,000 for a single SSD that was smaller than any of our regular drives). If speed is the only issue, two disks in a 0+1 array with RAM caching would be optimal. Since most SSD tend to have a regular disk in them for backup purposes, I suspect that would be at least as efficient in terms of power/cooling. It would certainly be much cheaper.
SSD is like proprietary Unix. It is an expensive technology that is being squeezed out by performance improvements in cheaper technologies.
"The Fed makes short-term loans to individual banks."
The Fed can do this, but it usually doesn't. The discount rate (the rate at which the Fed loans money to banks when it does so) is largely irrelevant. The more important number is the funds rate target. The funds rate is the average rate at which banks loan to each other. When this rate drops below the target, the Fed sells government bonds. This soaks up some of the money that would otherwise be loaned to other banks and causes the rate to increase. When the rate is above the target, the Fed buys bonds to release money into the money supply.
The Fed controls the printed money supply. The fed also controls how much of a reserve the banks need to keep (not loan). If it increases the reserve, the money supply shrinks. The Heinlein argument (which view is what started this thread) is that it would be better to insist upon a reserve of 100% and only create money by printing it (note that "printing" includes creating purely electronic money that is never actually printed).
The Fed is certainly capable of causing inflation. However, it wouldn't profit from it. Instead, it would just end up with a lot of government bonds (remember, it injects money into the economy by purchasing government bonds). Thus, when the Fed pumps money into the economy, it is essentially transferring it to the government (possibly indirectly). The government being the only organization that can issue new government bonds.
Heinlein's next step was for the government to issue that money back to individuals. At the time (the Great Depression), this would have made sense, since the main problem was that the effective money supply was cut in half. Further, at the time, taxes were such a small part of the economy that cancelling them could have been done with a fraction of the money required to double the effective money supply. The surplus would have needed to be distributed in some way. This would no longer be necessary, as the effective money supply increase each year is far smaller than (less than 20% of) government expenditures.
Slashdot Mirror
Not that it has anything to do with the discussion at hand, but the square root of 2 is 1.414 (to three decimals), not 1.67. 1.67 is also known as five thirds (to two decimal points).
You can charge to distribute copies of the software; however, you cannot charge for software that you do not yourself distribute. They are trying to sell the $699 licenses to people who *already* have the software. Further, if there is code in SCO's Linux distro that is not GPLed, then SCO cannot distribute the GPLed code that is linked to it.
This is getting beside the point. SCO has claimed that the GPL is invalid. As such, they cannot distribute GPLed code (one must accept the GPL as valid to distribute GPLed code).
IBM deliberately pulled open source advocates into this fight as part of their retaliation against SCO. All SCO was doing originally was claiming that IBM had violated a contract agreement with IBM. They did not start actually pursuing open source until after their open source market dried up. It was IBM advocates (e.g. Eric S Raymond) who pointed out that SCO's claims could be extended against open source. Until Microsoft paid them, they said that they weren't going to do so (in particular, SCO originally claimed not to know of any copyright infringement by Linux). Without these actions by IBM (and Microsoft), SCO would have never gone after Linux users, AutoZone, or Daimler Chrysler.
Overall, this has been a masterful PR campaign by IBM. Not only did they get open source to do a lot of their dirty work for them, they now have people spinning it that IBM was doing things for open source.
"It's the only thing that permits the end-user to use the software it covers:"
No, posession of the code is what permits you to run it. One does not need anything more. EULAs are not enabling licenses; they are disabling licenses. One accepts the use restrictions in exchange for receiving the software.
Think of it like this: you can steal a book and be prosecuted for stealing; however, you can't be prosecuted for reading the book. It is perfectly legal to read the book (even if stolen).
"The act of running the Program is not restricted..." is purely explanatory. It does not grant any rights but merely informs of those that already exist.
From where were they getting their drinking water previously? My first guess is that this just substitutes water taken from the bottom of the lake for water that would otherwise be taken from the top. Net change in water levels (vs. not doing this) would thus be negligible.
Or the spammer could just use their existing lists of however many emails and look to see if any of those emails are in the list. Virus infected zombie machines would be exceptionally good at this, as it allows them to email not only everyone in your address book but everyone in the address books of those who email you.
Did you run Quicktime *after* you did it? Did you *update* quicktime after disabling qttask? Those are the two times when it would turn itself back on.
If you run regedit and remove the registry key, they won't run anymore. Unfortunately, they come back when the program is run (at least Real's do).
msconfig might avoid this, since the registry key remains (it just isn't used). Of course, then you have the added resources of running msconfig (which is only supposed to be a diagnostic tool) during startup. I'm not sure how much this differs from a normal startup (e.g. does it always do the msconfig checks, or is that added when msconfig is used).
I have also used some software that will add itself again if disabled in msconfig (i.e. you will have enabled and disbled entries in msconfig). I'm not sure about Real -- I avoid using it for exactly that reason.
"You can also select from any of the configured SMTP servers during email composition, the from line should have a pull-down arrow next to it."
That just selects from the from addresses. It still uses the default SMTP server unless one makes the other changes you describe. I had to install an extension to get the ability to select SMTP servers.
It's not just the interface that is the issue, but the documentation. I can follow how that interface works (although it is clunky), but I couldn't find anything in the help explaining how to do it. Further, when I went Googling, I found an extension that allowed me to choose the SMTP server on a per message basis (which works but was not what I wanted).
I ran through the setup you recommended and will see if it works for me.
Thanks for your help,
Matt
One router is at the equator. One is in Alaska (i.e. close to the North Pole). They are moving at different speeds. Not sure how much this matters in application, but they are moving relative to each other.
"Fundamentally, I'm not sure what they could do differently."
Use level 3 switches and turn off the file networking ports (e.g. 135 and 500), unless specifically requested to have them on (and even then, only allow them between certain machines: a small LAN inside the overall network). Any university network is going to have some infected machines attached to it. The trick is to keep them isolated from other machines' vulnerabilities.
Microsoft does some crazy things. For example, I have a data partition on my hard drive. Since reinstalling the OS, I would like to access the data partition from the partition on which I installed the new system files. To do that, I had to take ownership of the files, which required turning on lsass.exe (vulnerable to Sasser virus). Now, I have no need for file sharing on my PC; it's the only computer hooked up to my cable modem. Why then do I have to run networking (with its associated vulnerabilities) just to have reasonable access to data on my physical machine?
Another example: IE and Outlook Express both use a different method to determine the mouseover URL than they use to determine the on click URL (the one to which you go when you click). Why? Why go to the extra effort to give incorrect info (in some cases) rather than correct info? Why not just use the same code (frankly, the same *function*) for both? I actually went to the effort to report this as a bug after receiving a phishing email demonstrating it (the URL showed as my actual bank, but clicking would have sent me to an IP based URL).
I agree with the first part of your post. The installer has no need to answer requests on any port; thus, it should not be possible to compromise (aside from DNS poisoning attaching to something other than the real Windows Update site; however, that exploit requires that your DNS server be corrupt).
The only other way that it could be compromised would be if Microsoft did something monumentally stupid, e.g. run the update from their regular OS rather than a stripped down version just for getting patches/updates. Now that I think about it, I guess I agree with your whole post.
"the '...@' section disappears from the URL when it is displayed in the address bar, which ought to give you at least some feedback."
And it takes you to the site *before* the @, rather than the site after the @, right? The way the exploit worked was that stuff before an @ is username/password info, so that www.cnn.com@http://fake.example.com would send you to fake.example.com rather than www.cnn.com (which of course was where you thought that you were going).
IIRC, this vulnerability existed as late as IE6, but has since been fixed with patches (i.e. unpatched IE6 still has this vulnerability).
I recently got a phishing email claiming to be from *my* bank (which is not citibank or another large bank). The mouseover URL (in IE/Outlook Express) was to a URL that represented my bank, but the actual URL to which it would have directed was an IP. I actually called the bank (the email looked like a phishing scam other than the URL) before I figured out how they did it. At first, I thought that a corrupt sysadmin was involved (who set up the phishing site in the bank's web space).
This finally pushed me over to Thunderbird, even though it's not ready for my needs (for the love of Linus, people, make the SMTP server definable per email account, just like the POP server). Thunderbird displays the same URL on mouseover as it will use when one clicks on it (I actually filed a bug report with Microsoft that OE/IE do not).
When I lived in Pennsylvania, I could get DSL from any number of providers over the Verizon lines. Thus, I'm not sure that the FCC (federal) is the correct place to be looking to add competition. It may well be a local (state) issue.
"I'm SURE they are going to pass those cost saving onto you."
Duh. If they don't, find a vendor who will. That's how the free market works. You look around for who will give you the best deal. Since anyone can redistribute and support Linux, someone will do so cheaply.
The grandparent's point was that they will most likely do a mixture of those. I.e. they will take $8 million and create the 55 jobs. The remainder will go to reduced prices, stockholders, and current employees. On *average*, they will create 55 jobs with more money. Further, passing money to people (your other three alternatives) also creates jobs.
I would also point out that your issue relates to Microsoft as well. If we reduce Microsoft's revenue by $10 million, there is no particular reason to think that they will cut *any* jobs. Their whole model is based on having as many customers as possible to amortize their relatively fixed development costs. While their profits fall, they still need the work done. Microsoft doesn't really save any development costs by having fewer customers. In fact, the competition might move them to *hire* (see how they are updating IE earlier than they had planned; further, IE updates will continue to be available separately rather than only with OS upgrades -- their previously announced position).
"This company would be regulated by the government for prices and what upgrades need to be done through contributions by the "Telecommunications Services Companies" and taxpayers."
Actually, that's the way it works now. Phone companies (local, e.g. Verizon or SBC, not long distance, e.g. AT&T or Sprint) prices *are* regulated by the government. In other words, you are arguing in favor of adopting the *current* system.
To expand on the parent's post, there are four types of free market competition: perfect competition, monopoly, oligarchy (monopoly by a group), monopolistic competition (imperfect substitutes). The traditional economic models are perfect competition and monopoly, but these are hard to find in the real world.
The economic ideal is perfect competition, as this results in zero economic profits (note that economic profits subtract out a reasonable rate of return to the investor, so a zero economic profit will coexist with a positive accounting profit) and maximum production. Government run price systems (what is commonly described as communism) are the worst, as they both under- and over-produce goods. Monopoly is next worst, as it underproduces (consistently).
The trick is to push oligarchy and monopolistic competition to act more like perfect competition and less like a monopoly. Open source supports this (by allowing anyone to redistribute, making software into a commodity); closed source does not (redistribution limits make closed source act like a monopoly, e.g. Microsoft).
The weakness of open source is that it makes it difficult for users to exchange money for ease of use. Open source works best for developers, as it makes our job easier. If we need further ease of use, we can develop it. This model does not work for most users, as they don't do development. Thus, open source's high market penetration in servers, which should be administered by technically proficient people, and low penetration in desktops, which are mostly run by those who are not technically proficient.
RAID with proper RAM caching will at least match SSD for write intensive operations. Further, it doesn't necessarily have to match it. If RAID is fast enough such that it is no longer the bottleneck, that is fast enough. There is no benefit to having the storage run significantly faster than the rest of the program. As fast is plenty.
Netscape was different, as they wanted to improve the product at the same time. They chose to start a new code base. We can't really know what would have happened if they had just released the standing code base, as they didn't try it.
2. Send invoice to clueless users and collect before proceeding: profit! :)
SSD tends to be smaller too. You certainly aren't going to get 12 disks worth of space from a single SSD in anything approaching a reasonable price (not that long ago that I worked at a place that paid $20,000 for a single SSD that was smaller than any of our regular drives). If speed is the only issue, two disks in a 0+1 array with RAM caching would be optimal. Since most SSD tend to have a regular disk in them for backup purposes, I suspect that would be at least as efficient in terms of power/cooling. It would certainly be much cheaper.
SSD is like proprietary Unix. It is an expensive technology that is being squeezed out by performance improvements in cheaper technologies.
"The Fed makes short-term loans to individual banks."
The Fed can do this, but it usually doesn't. The discount rate (the rate at which the Fed loans money to banks when it does so) is largely irrelevant. The more important number is the funds rate target. The funds rate is the average rate at which banks loan to each other. When this rate drops below the target, the Fed sells government bonds. This soaks up some of the money that would otherwise be loaned to other banks and causes the rate to increase. When the rate is above the target, the Fed buys bonds to release money into the money supply.
The Fed controls the printed money supply. The fed also controls how much of a reserve the banks need to keep (not loan). If it increases the reserve, the money supply shrinks. The Heinlein argument (which view is what started this thread) is that it would be better to insist upon a reserve of 100% and only create money by printing it (note that "printing" includes creating purely electronic money that is never actually printed).
The Fed is certainly capable of causing inflation. However, it wouldn't profit from it. Instead, it would just end up with a lot of government bonds (remember, it injects money into the economy by purchasing government bonds). Thus, when the Fed pumps money into the economy, it is essentially transferring it to the government (possibly indirectly). The government being the only organization that can issue new government bonds.
Heinlein's next step was for the government to issue that money back to individuals. At the time (the Great Depression), this would have made sense, since the main problem was that the effective money supply was cut in half. Further, at the time, taxes were such a small part of the economy that cancelling them could have been done with a fraction of the money required to double the effective money supply. The surplus would have needed to be distributed in some way. This would no longer be necessary, as the effective money supply increase each year is far smaller than (less than 20% of) government expenditures.