While you are probably right, what is truly interesting about this is that it's Apple who are doing it.
Microsoft, for all their research, always seem to have a ``me, too'' attitude. Their entire business approach (which is certainly highly successful in many ways) is essentially to jump into every possible market (gaming consoles, consumer electronics, embedded devices, low-end servers, enterprise computing, web application infrastructure, clustering, etc) with the hope of, if not succeeding, at least driving out potential competitors from succeeding instead.
Apple, on the other hand, has seemingly ignored anything but their established market of home users and graphic artists, video editors, and the like for a long, long time. I have never even seen an Xserve in use, neat as they seem to be. They've made no real headway in commercial environments (other than ad agencies and the like), either as workstations or as PCs.
And yet, here we have a product (for which a market may or may not really exist) which falls far outside Apple's traditional domain, but which seems to be clearly innovative. Where Microsoft only seems to promote technologies that it sees other companies already engaged in, Apple pioneers something somewhat more risky. Microsoft's model is probably more successful. But that may not be the point.
My point was that a $300 iPod might be worth it if it's 10GB, but a 2GB for $150 isn't. For that capacity, save $100 and get an MP3-CD player. Oh, and I've never owned an Apple in my life.
You know, just some helpful advice: if you don't understand a post, don't bother to comment on it. I know a phrased that parent post a bit akwardly, so I can understand your confusion, but that's no reason to act like a child.
Point being that an iPod that can hold your entire collection is worth far more than one that can't. The former is superior to an MP3-CD player in that it's not only smaller, but can hold everything, so you don't need to change or carry media, etc. But if it only holds the same amount as a couple of CD's, there's no advantage other than size and a fairly big disadvantage in not being able to change your media. A non-removable-media player that can hold everything trumps a smaller-capacity removable-media player, but the latter also trumps a non-removable one that can only hold a small portion.
I suppose a smaller-capacity iPod still works with iTMS, at least. But that's not a big enough advantage, I don't think.
2.3 I need a write support for NTFS. It exists in kernel-2.4 , but it's not enabled in partimage boot disk. How can I use it ?
NTFS write support, as UFS write support are dangerous and supported only by experimental drivers. It can damage partitions, and corrupt data. That's why it's not enabled in partimage-bootdisk. Users who weren't aware of this problem could lose their data if the support was enabled.
If you need the write support, you will have to use another boot disk. Please , have a look at the question in this FAQ which explains how to build your own boot disk. --Partimage FAQ
Furthermore, both the Old and New drivers listed on Linux-NTFS are read-only (or can only overwrite existing files), which is hardly complete NTFS support. And I can't tell from the documentation if ntfsclone has the ability to resize a partition while imaging. It doesn't sound like it does, since it only copies, and does not alter the partition table.
Thanks for the input, though. And I totally agree with your comment about checking facts.
Yes, I have heard of Partimage. I mentioned it in my original post.
Since it uses the Linux kernel NTFS support, it's NTFS support is presumably as unstable as that in the Linux kernel (which claims to be quite immature). I didn't test it in deployment, but I didn't figure it was worth it. Some previous poster told me it worked for him, though.
And he told it to me without being an ass about it. Learn some respect. Read the post before commenting, please.
Norton ghost does so much more than this. Hate to say it, but I've spent plenty of time looking for Ghost replacements, and found none. There are a few (g4u, for example) which do networked dd-style copying, or partimage, which can actually read a partition table but can't deal with NTFS, but none that have the capabilities Ghost has for copying Windows NT/2K/XP installations (I use Ghost in deploying donated computers to schools and community centers; we don't feel Linux is managable for the target users).
See, if you do DD, it works if all the hard drives are the same size. But if you want to make an image that will last a while, on multiple machines, you have to make it match the smallest drive (since dd simply copies the content and doesn't rewrite the partition table). So if you make it, say, 2GB, you throw away a lot of space on bigger drives. And like I said, partimage can't write NTFS properly.
Not to mention Ghostwalker, which changes the machine's hostname and rewrites the SID's (I think that's what they're called; I rarely use Windows anymore) on the files so that they are unique and secure.
All this comes down to a value judgement, obviously. Some people probably choose to receive no e-mail at all rather than deal with spam.
You still aren't consdering the ramifications of this, though. You think AOL is going to want to give certificates to small regional ISPs? Of course not; they won't share their proprietary IM network now, and if given the option, they wouldn't share SMTP either. Or perhaps you think we could legislate that this not be used in such a manner, but obviously this defeats the purpose of such a measure to begin with.
Sure, you have a right to do this, if you want to. This is perhaps in some ways a natural progression from blacklists. But it's a bad idea for the Internet, and a bad idea for the rest of it.
And to be totally honest, as much as I despise spammers--largely for their more malicious alleged practices like cooperating with worm writers and abusing open gateways (a server I run, prior to my administering it, was hacked by some Russian dude to send millions of porn spam)--I personally have never been effected by it (past the economic aspects which perhaps raise the price of my Internet connection a good bit). I don't receive spam (literally none, not because of my commonplace SpamAssassin setup, but because I'm careful with my e-mail address), my server hasn't (to my knowledge) ever been successfully violated, so I'm happy. The worst thing that I've put up with is spammers attempting to use my server as an open relay and temporarily using some resources. I say this not to boast, but to point out that there are certainly easy ways to avoid getting spam without resorting to this.
While we're on the subject of efficiency, I think we should discuss how likely it is that this would really work. I have doubts. Too many ISPs make money off spammers to implement this; if they refuse, we end up with that situation of Balkanization that is not, as you seem to think, the good on one side and the bad on the other, but rather more just various groups who can't communicate. Ever try to exchange AIM names with a buddy, only to find out he uses MSN? Or ever try to share a file (say, five years ago, since its far easier now) with friend only to find out he uses a Mac? E-mail's power is its standardization. Ruin that and you ruin e-mail.
Actually, you can use Knoppix and a USB-flash stick to do this. Of course, you could set up your installation to do it automatically, off the hard drive. But I don't see most people willing to do this (and in an enterprise environment, NFS home directories make much more sense).
Still, it's a nifty idea. I often carry around a Knoppix, and if I get an iPod, I might give this a shot.
I've read the Constitution, and I don't see "the right to send someone an anonymous message" listed anywhere. You have the right to free speech. This does not guarantee you are free to speak in every medium, and certainly doesn't guarantee your anonymity.
Actually, it does. The US Supreme Court, as well as various state and federal courts, have repeatedly held that anonymity is an essential component of free speech. See here for a nice summary of some of these cases.
But I have to agree with you about the terrorist thing.
First off, I don't want to have to have a credit check run on me when I just want to run a mail server for personal, non-commercial use. Second, I don't want to have to pay money for that same privilege. Obviously not everything on the 'Net can be free; the connections cost money themselves, but past that point, one of the great things about the Internet is that anyone can do anything. Read, say, Lessig's _The Future of Ideas_. End-to-end is what makes the Internet powerful; if we all had to rely on a central content distributer, or even just a central registration authority (admittedly, we do for TLD's, but that's far simpler and doesn't actually restrict access), I think it would all go to shit.
Second, I didn't mean Balkanize in the sense that spammers will be on one network and legitimate--however you decide to define it for the rest of us--users will be on the other. I mean it in the sense that then ISP's might start other regulations. For example, AOL starts enforcing a policy that if you host adult sites, you won't be approved for communication with AOL's private network. Or Chinese ISP's enforce the notion that if you don't filter political sites, you can't connect to their networks. Pretty soon, you've got seperate ISP's enforcing their own policies, and, whatdya know, the Internet is now pretty much worthless, or at least a whole lot less pervasive and powerful.
Third, you face the same risk with ``Joe Jobs'' as you do in any other criminal trial. Perhaps the evidence is a bit more ephemeral, but c'est la vie. In theory, the justice system works. Sometimes.
You've obviously been here far longer than I have, but I'd point out that at least when I metamod, I check the context almost allthe time, especially when I see something odd like that.
That said, it seems I metamod far more than I moderate (I rarely get mod points anymore), so presumably most other metamods aren't so careful.
There arenumerous problems in this system that others have pointed out (and face it, this wasn't your idea). For one, even if there's no central authority, how would I get my mailserver approved? I run my own, for my own domain, which handles e-mail for just me. A number of people do the same thing. So now I have to apply and hope AOL deems me worthy of attention (even though ignoring me wouldn't likely affect anything at all, since I know probably nobody who uses AOL, and even if I did, I'm just one guy)?
Whitelisting makes sense--trusting certain mailservers more and not bothering with intense heuristics on mail coming from them. But blacklisting anyone you don't know makes none. The Internet is too vast to really implement something like this without huge costs and huge losses; I think solutions like this likely do far more to Balkanize the Internet than to protect it.
The solution mentioned in a previous Slashdot article a few days ago of making SMTP servers run a small computation per e-mail makes much more sense. This allows you to impose restrictions on non-whitelisted servers without completly ignoring them, either.
But when you talk about the anonymity preferred by the spammers, you ignore the fact that they are, in fact, selling a product. Forget the spammers. Track down their clients, the ones paying for the ads. Problem solved.
You're right, and I did comment on business plan as a whole, and profitability (duh) being key. My point in focusing on marketing was to epitomize the (often highly successful) alternative to what the parent was discussing, the olde tyme good customer service. Marketing, being so cold and impersonal, makes the point very clearly that good old fashioned caring business isn't the point, profits are. And you can easily have a market failure when someone like Dell or MS can spend less by advertising their good service or security than by improving it and get the same result.
Incidentally, though--and obviously if there were a magic formula someone would've gotten rich fast on it by now--I think you overstate the importance of a good product, as well. Plenty of superior products have faltered, and in all honesty, iMacs and iPods aren't really that impressive. Why do people buy iPods instead of the cheaper Dell knockoffs? Image. Why do people buy Starbucks? Not, as you imply, because they've heard from friends that its good. Starbuck's secret to success is the same as McDonalds's. Put one on every other streetcorner and if people aren't hungry or thirsty, they soon will be. Make a consistent product so that when someone is in a different city, he knows what you've got and goes to the familiar.
McDonalds's food sucks, but people still eat there. Not because of product superiority, but because of aggressive marketing, if not in advertising campaigns than in building new locations, which is just as effective.
Meh, ok. I was probably remembering earnings from a year or two ago. It doesn't really change my point.
Apple is successful now because of their aggressive marketing. They were unsuccessful (relatively) because they has poor marketing, poor economics (Macs are expensive compared to PCs), and poor penetration. They tried to make just another biege box and got their heads handed to them, because they couldn't compete with the manufacturing and distributing efficiency of the likes of Dell.
Now, they've figured out that they can get away with charging more for their products if they distinguish them. Apple laptops have longer battery life, run a cutting-edge OS (in my ever-so-humble opinion, OS9 and prior suck), and perhaps most importantly set the standard for cool. They are the epitome of high-end laptops. And it's that which allows them to get away with charging so much, offering something that isn't particularly compatible with everyone else's machine, etc. It works. I'm about to get one of those PowerBooks, I think:P
I'd say big businesses disagree. You yourself point out your small customer base; for this scale, it's far more efficient to get a few more customers by word of mouth than pay for advertising (in which, budgetwise, you cannot hope to compete). But for the large scale, it's that which really matters.
Advertising is what keeps AOL afloat (at least for the time being). Not word of mouth. Microsoft dominates for any number of reasons, but none of them are customer loyaltyor good community relations (though to his credit, Bill does give plenty to charity).
I'm not saying that you can't make money with your method. Apple managed to stay around during the late '90s, prior to Jobs's return, largely due to fanatical customer loyalty, from all accounts. But Apple is now on the way back up (perhaps, though they aren't exactly profitable yet, if I remember right) because they've managed to expand their customer base by good, expensive advertising.
Consumers aren't exactly rational. It's cheaper for Dell to advertise how good their tech support is than actually improve it. It's cheaper for Apple to advertise how amazing their PowerBooks are than, say, bring the price within range of Intel laptops (not that I don't covet a nice 12" AlBook). You can get business through word of mouth. But you get ahead through sound business practices and aggressive marketing.
Or HTTPS. I'd say it's more the part of the Internet that uses navigation by clicking links rather than typing URIs for a specific server. So if a new protocol were to come out that worked from a browser the same way, that'd also be part of the web.
They planned it this way by deciding that even minus the average cost of a wrongful death suit, they would profit. But the point of the punitive damages was that they would not profit.
I didn't know that they still profited, with the punitive damages.
But he would be right to point out that if I break into a car that has a poorly designed system, it is still my fault, not the manufacturer's (or at least largely my fault).
I think the point we are all beating around is that there is shared liability, and that some examples (namely the breaking into the car one) are fully the fault of the attacker, while others show clear negligence on part of the designer. Ultimately, this is up to a jury to decide.
``The World Health Organization (WHO) and other UN bodies estimate the cost of providing treatment and prevention services in developing countries for tuberculosis, HIV/AIDS and malaria at $12 billion a year '' (The Black Vault).
I happen to agree with you, that we could cut other, far more expensive programs and do a lot more good. Cut corporate welfare, cut fat contracts to Halliburton (who has previously been convicted of embezzling millions in government funds), cut spending on weapons the military say they don't need simply because it gives money to some senator's constituents.
Hell, if we took the billions spent on ousting Saddam and spent them on providing humanitarian aid around the world (see how far it could go), I don't think there would be very many terrorists still out to get us, and I doubt they'd have nearly as much support.
So yeah. I think you're right about priorities. But saying we could cut other programs instead doesn't mean a thing. That money could be doing far more good--in terms of concrete improvements like health care and food as well as abstracts like literacy and education--than it does now.
The rest of us, the ones whose blood runs hot, will go out a blaze new trails for the rest of you to follow.
What new trails have you blazed?
And who are you replying to? It seems like you've just replied to an argument nobody has made.
The common argument--and I don't fully support it, and would certainly jump at the chance to explore space as much as you would--is a bit more valid than you imply. I think you could sum it up pretty easily as, ``why spend billions on pursuing goals that don't do anybody a lot of real good, when we could spend it on helping humanity.'' And all the arguments about spinoff technologies and economic development mean very little.
If the space program inadvertantly develops so many technologies that do help people, or boost the economy indirectly so much, why not just do that directly? Why not spend our money and time on devising sustainable power sources, or providing clean drinking water to the world's populations, or providing inexpensive AIDS treatments for third world countries?
I don't think Bush declared that we should go back to the moon (something that, in all honesty, excites me no end) because he cares about the science or the human spirit or any of that shit. It's all about the global dominence thing. Just like during the Cold War. If it were about the science, he wouldn't cut funding for non-military scientific research at every opportunity.
I didn't argue for statutory negligence here (i.e., legislated guilt rather than decided by a judge and jury). Rather, the common law definition of negligence works fine.
In such an instance, Microsoft would not be liable for simply making a mistake as a ``reasonable person'' is apt to do (or, as you said, humans are error-prone). But they would be liable for spending millions on advertising Trusted Computing without actually doing anything in the way of R&D (I don't actually know if they've done anything or not, but their track record certainly hasn't yet shown signs of improvement). Or put it this way, if a company--or developer of an open source project--could show that he was adequately concerned about security, within the reasonable person standard (in this case, since it would be professional duty, he would have to show that against a reasonable person in his profession with his skills, not just against a man off the street), he would not be liable for the holes that perhaps inevitably will still occur.
The only legislation necessary to make this possible would be something banning the escapes in software licenses (``the seller assumes no liability and makes no warranties of suitability for this product'', etc) that currently allow software companies to avoid liability.
There are, perhaps, large risks that companies would react to this as they do to corporate criminal liability, that is, put on a standard show of moral and legal values (or in this case, software security consideration) so that they can claim to have obeyed the law and that any crimes committed by employees were not committed by the company as a whole (or in this case, so that they can claim that any holes were incidental and that they did obey the reasonable person standard). This is perhaps inevitable. But at the same time, I think negligence liability for those companies who truly ignore security would do a load of good.
For example, shipping something with a default password that allows remote access clearly violates any standard principles of security. That's negligent. Designing a product so that it trusts any machine on the network to provide it with a root password and configuration upon bootup is negligent. Accidentally forgetting a bounds check on some input buffer that allows a buffer overflow, well, that's not.
Perhaps open source and small developers would be hit hard by the risk of having to defend against frivolous suits, but I don't think this risk is as great as you think (if they don't have deep pockets, nobody will bother with them). And I think it would go a long way towards wiping out insecure policies (i.e., it may not do a lot against coding mistakes, but it will convince MS not to ship things with everything turned on and no password enabled).
Your closing point is pretty much what I want to see happening. Class action suits for the very grevious cases of negligence. But you can't do that now about MS for Blaster. Remember the EULA you click through? It absolves them of liability.
Slashdot Mirror
Microsoft, for all their research, always seem to have a ``me, too'' attitude. Their entire business approach (which is certainly highly successful in many ways) is essentially to jump into every possible market (gaming consoles, consumer electronics, embedded devices, low-end servers, enterprise computing, web application infrastructure, clustering, etc) with the hope of, if not succeeding, at least driving out potential competitors from succeeding instead.
Apple, on the other hand, has seemingly ignored anything but their established market of home users and graphic artists, video editors, and the like for a long, long time. I have never even seen an Xserve in use, neat as they seem to be. They've made no real headway in commercial environments (other than ad agencies and the like), either as workstations or as PCs.
And yet, here we have a product (for which a market may or may not really exist) which falls far outside Apple's traditional domain, but which seems to be clearly innovative. Where Microsoft only seems to promote technologies that it sees other companies already engaged in, Apple pioneers something somewhat more risky. Microsoft's model is probably more successful. But that may not be the point.
You know, just some helpful advice: if you don't understand a post, don't bother to comment on it. I know a phrased that parent post a bit akwardly, so I can understand your confusion, but that's no reason to act like a child.
I suppose a smaller-capacity iPod still works with iTMS, at least. But that's not a big enough advantage, I don't think.
2.3 I need a write support for NTFS. It exists in kernel-2.4 , but it's not enabled in partimage boot disk. How can I use it ?
NTFS write support, as UFS write support are dangerous and supported only by experimental drivers. It can damage partitions, and corrupt data. That's why it's not enabled in partimage-bootdisk. Users who weren't aware of this problem could lose their data if the support was enabled.
If you need the write support, you will have to use another boot disk. Please , have a look at the question in this FAQ which explains how to build your own boot disk. --Partimage FAQ
Furthermore, both the Old and New drivers listed on Linux-NTFS are read-only (or can only overwrite existing files), which is hardly complete NTFS support. And I can't tell from the documentation if ntfsclone has the ability to resize a partition while imaging. It doesn't sound like it does, since it only copies, and does not alter the partition table.
Thanks for the input, though. And I totally agree with your comment about checking facts.
Since it uses the Linux kernel NTFS support, it's NTFS support is presumably as unstable as that in the Linux kernel (which claims to be quite immature). I didn't test it in deployment, but I didn't figure it was worth it. Some previous poster told me it worked for him, though.
And he told it to me without being an ass about it. Learn some respect. Read the post before commenting, please.
But if it works, sweet! Thanks again.
See, if you do DD, it works if all the hard drives are the same size. But if you want to make an image that will last a while, on multiple machines, you have to make it match the smallest drive (since dd simply copies the content and doesn't rewrite the partition table). So if you make it, say, 2GB, you throw away a lot of space on bigger drives. And like I said, partimage can't write NTFS properly.
Not to mention Ghostwalker, which changes the machine's hostname and rewrites the SID's (I think that's what they're called; I rarely use Windows anymore) on the files so that they are unique and secure.
You still aren't consdering the ramifications of this, though. You think AOL is going to want to give certificates to small regional ISPs? Of course not; they won't share their proprietary IM network now, and if given the option, they wouldn't share SMTP either. Or perhaps you think we could legislate that this not be used in such a manner, but obviously this defeats the purpose of such a measure to begin with.
Sure, you have a right to do this, if you want to. This is perhaps in some ways a natural progression from blacklists. But it's a bad idea for the Internet, and a bad idea for the rest of it.
And to be totally honest, as much as I despise spammers--largely for their more malicious alleged practices like cooperating with worm writers and abusing open gateways (a server I run, prior to my administering it, was hacked by some Russian dude to send millions of porn spam)--I personally have never been effected by it (past the economic aspects which perhaps raise the price of my Internet connection a good bit). I don't receive spam (literally none, not because of my commonplace SpamAssassin setup, but because I'm careful with my e-mail address), my server hasn't (to my knowledge) ever been successfully violated, so I'm happy. The worst thing that I've put up with is spammers attempting to use my server as an open relay and temporarily using some resources. I say this not to boast, but to point out that there are certainly easy ways to avoid getting spam without resorting to this.
While we're on the subject of efficiency, I think we should discuss how likely it is that this would really work. I have doubts. Too many ISPs make money off spammers to implement this; if they refuse, we end up with that situation of Balkanization that is not, as you seem to think, the good on one side and the bad on the other, but rather more just various groups who can't communicate. Ever try to exchange AIM names with a buddy, only to find out he uses MSN? Or ever try to share a file (say, five years ago, since its far easier now) with friend only to find out he uses a Mac? E-mail's power is its standardization. Ruin that and you ruin e-mail.
Still, it's a nifty idea. I often carry around a Knoppix, and if I get an iPod, I might give this a shot.
Actually, it does. The US Supreme Court, as well as various state and federal courts, have repeatedly held that anonymity is an essential component of free speech. See here for a nice summary of some of these cases.
But I have to agree with you about the terrorist thing.
Second, I didn't mean Balkanize in the sense that spammers will be on one network and legitimate--however you decide to define it for the rest of us--users will be on the other. I mean it in the sense that then ISP's might start other regulations. For example, AOL starts enforcing a policy that if you host adult sites, you won't be approved for communication with AOL's private network. Or Chinese ISP's enforce the notion that if you don't filter political sites, you can't connect to their networks. Pretty soon, you've got seperate ISP's enforcing their own policies, and, whatdya know, the Internet is now pretty much worthless, or at least a whole lot less pervasive and powerful.
Third, you face the same risk with ``Joe Jobs'' as you do in any other criminal trial. Perhaps the evidence is a bit more ephemeral, but c'est la vie. In theory, the justice system works. Sometimes.
That said, it seems I metamod far more than I moderate (I rarely get mod points anymore), so presumably most other metamods aren't so careful.
Who chooses metamods again?
Whitelisting makes sense--trusting certain mailservers more and not bothering with intense heuristics on mail coming from them. But blacklisting anyone you don't know makes none. The Internet is too vast to really implement something like this without huge costs and huge losses; I think solutions like this likely do far more to Balkanize the Internet than to protect it.
The solution mentioned in a previous Slashdot article a few days ago of making SMTP servers run a small computation per e-mail makes much more sense. This allows you to impose restrictions on non-whitelisted servers without completly ignoring them, either.
But when you talk about the anonymity preferred by the spammers, you ignore the fact that they are, in fact, selling a product. Forget the spammers. Track down their clients, the ones paying for the ads. Problem solved.
I think it was a joke. And if anything, it makes fun of e-mail more than it does AOL.
That was exactly my point. :)
Incidentally, though--and obviously if there were a magic formula someone would've gotten rich fast on it by now--I think you overstate the importance of a good product, as well. Plenty of superior products have faltered, and in all honesty, iMacs and iPods aren't really that impressive. Why do people buy iPods instead of the cheaper Dell knockoffs? Image. Why do people buy Starbucks? Not, as you imply, because they've heard from friends that its good. Starbuck's secret to success is the same as McDonalds's. Put one on every other streetcorner and if people aren't hungry or thirsty, they soon will be. Make a consistent product so that when someone is in a different city, he knows what you've got and goes to the familiar.
McDonalds's food sucks, but people still eat there. Not because of product superiority, but because of aggressive marketing, if not in advertising campaigns than in building new locations, which is just as effective.
Apple is successful now because of their aggressive marketing. They were unsuccessful (relatively) because they has poor marketing, poor economics (Macs are expensive compared to PCs), and poor penetration. They tried to make just another biege box and got their heads handed to them, because they couldn't compete with the manufacturing and distributing efficiency of the likes of Dell.
Now, they've figured out that they can get away with charging more for their products if they distinguish them. Apple laptops have longer battery life, run a cutting-edge OS (in my ever-so-humble opinion, OS9 and prior suck), and perhaps most importantly set the standard for cool. They are the epitome of high-end laptops. And it's that which allows them to get away with charging so much, offering something that isn't particularly compatible with everyone else's machine, etc. It works. I'm about to get one of those PowerBooks, I think :P
Advertising is what keeps AOL afloat (at least for the time being). Not word of mouth. Microsoft dominates for any number of reasons, but none of them are customer loyaltyor good community relations (though to his credit, Bill does give plenty to charity).
I'm not saying that you can't make money with your method. Apple managed to stay around during the late '90s, prior to Jobs's return, largely due to fanatical customer loyalty, from all accounts. But Apple is now on the way back up (perhaps, though they aren't exactly profitable yet, if I remember right) because they've managed to expand their customer base by good, expensive advertising.
Consumers aren't exactly rational. It's cheaper for Dell to advertise how good their tech support is than actually improve it. It's cheaper for Apple to advertise how amazing their PowerBooks are than, say, bring the price within range of Intel laptops (not that I don't covet a nice 12" AlBook). You can get business through word of mouth. But you get ahead through sound business practices and aggressive marketing.
Or HTTPS. I'd say it's more the part of the Internet that uses navigation by clicking links rather than typing URIs for a specific server. So if a new protocol were to come out that worked from a browser the same way, that'd also be part of the web.
I didn't know that they still profited, with the punitive damages.
But he would be right to point out that if I break into a car that has a poorly designed system, it is still my fault, not the manufacturer's (or at least largely my fault).
I think the point we are all beating around is that there is shared liability, and that some examples (namely the breaking into the car one) are fully the fault of the attacker, while others show clear negligence on part of the designer. Ultimately, this is up to a jury to decide.
Isn't that the idea behind Methadone?
``The World Health Organization (WHO) and other UN bodies estimate the cost of providing treatment and prevention services in developing countries for tuberculosis, HIV/AIDS and malaria at $12 billion a year '' (The Black Vault).
I happen to agree with you, that we could cut other, far more expensive programs and do a lot more good. Cut corporate welfare, cut fat contracts to Halliburton (who has previously been convicted of embezzling millions in government funds), cut spending on weapons the military say they don't need simply because it gives money to some senator's constituents.
Hell, if we took the billions spent on ousting Saddam and spent them on providing humanitarian aid around the world (see how far it could go), I don't think there would be very many terrorists still out to get us, and I doubt they'd have nearly as much support.
So yeah. I think you're right about priorities. But saying we could cut other programs instead doesn't mean a thing. That money could be doing far more good--in terms of concrete improvements like health care and food as well as abstracts like literacy and education--than it does now.
And despite it all, I do like the space program.
What new trails have you blazed?
And who are you replying to? It seems like you've just replied to an argument nobody has made.
The common argument--and I don't fully support it, and would certainly jump at the chance to explore space as much as you would--is a bit more valid than you imply. I think you could sum it up pretty easily as, ``why spend billions on pursuing goals that don't do anybody a lot of real good, when we could spend it on helping humanity.'' And all the arguments about spinoff technologies and economic development mean very little.
If the space program inadvertantly develops so many technologies that do help people, or boost the economy indirectly so much, why not just do that directly? Why not spend our money and time on devising sustainable power sources, or providing clean drinking water to the world's populations, or providing inexpensive AIDS treatments for third world countries?
I don't think Bush declared that we should go back to the moon (something that, in all honesty, excites me no end) because he cares about the science or the human spirit or any of that shit. It's all about the global dominence thing. Just like during the Cold War. If it were about the science, he wouldn't cut funding for non-military scientific research at every opportunity.
In such an instance, Microsoft would not be liable for simply making a mistake as a ``reasonable person'' is apt to do (or, as you said, humans are error-prone). But they would be liable for spending millions on advertising Trusted Computing without actually doing anything in the way of R&D (I don't actually know if they've done anything or not, but their track record certainly hasn't yet shown signs of improvement). Or put it this way, if a company--or developer of an open source project--could show that he was adequately concerned about security, within the reasonable person standard (in this case, since it would be professional duty, he would have to show that against a reasonable person in his profession with his skills, not just against a man off the street), he would not be liable for the holes that perhaps inevitably will still occur.
The only legislation necessary to make this possible would be something banning the escapes in software licenses (``the seller assumes no liability and makes no warranties of suitability for this product'', etc) that currently allow software companies to avoid liability.
There are, perhaps, large risks that companies would react to this as they do to corporate criminal liability, that is, put on a standard show of moral and legal values (or in this case, software security consideration) so that they can claim to have obeyed the law and that any crimes committed by employees were not committed by the company as a whole (or in this case, so that they can claim that any holes were incidental and that they did obey the reasonable person standard). This is perhaps inevitable. But at the same time, I think negligence liability for those companies who truly ignore security would do a load of good.
For example, shipping something with a default password that allows remote access clearly violates any standard principles of security. That's negligent. Designing a product so that it trusts any machine on the network to provide it with a root password and configuration upon bootup is negligent. Accidentally forgetting a bounds check on some input buffer that allows a buffer overflow, well, that's not.
Perhaps open source and small developers would be hit hard by the risk of having to defend against frivolous suits, but I don't think this risk is as great as you think (if they don't have deep pockets, nobody will bother with them). And I think it would go a long way towards wiping out insecure policies (i.e., it may not do a lot against coding mistakes, but it will convince MS not to ship things with everything turned on and no password enabled).
Your closing point is pretty much what I want to see happening. Class action suits for the very grevious cases of negligence. But you can't do that now about MS for Blaster. Remember the EULA you click through? It absolves them of liability.