Libertarians don't want the Fed to exist at all. The market can set interest rates just fine on its own. In fact, that's what it's been doing for the past several weeks. Had that been allowed to continue, you would have gotten your wish: most companies on Wall Street would have failed, because no one can afford to pay a paltry 4% any longer. They're too highly leveraged and every asset on the market yields too little. That's the legacy of two decades worth of artificially low interest rates, courtesy of the central banking cartel. Had the market been allowed to set its own interest rates along the way, we would never have gotten here. For that matter, without the Fed and its paper money we'd still have circulating gold and silver, and the "dollar" would simply be another name for 1/20.67 ounce of gold. You could buy a house with a small purse full of coins, and the money in your savings account would never lose value. That's the libertarian way. Any claim to the contrary is a damned lie.
You can blame the Republicans if you want (I do!) but don't forget to blame the Democrats as well. FNM and FDE are well-known homes for aged Democrats and their lobbyist friends seeking sinecures, and they like anyone else benefited from the easy profits to be had when money was free to all comers. And while we're there, don't forget the political imperative to push home ownership rates as high as possible and then much higher still: that was a Democrat-led, Republican-approved move. Again, artificially low interest rates made that possible.
Blame all the politicians in office, blame the career bureaucrats, and blame the greedy bankers. But never forget, either, that every transaction has two sides. So blame the borrowers, too, and the shareholders who collected their dividends - several times what bank deposits paid, by the way - without asking questions about the assets that provided them. And blame yourself, if you're anything like the typical American: indebted up to his eyeballs, with a comfy McMansion in the 'burbs, a brace of SUVs in the garage, and a plasma TV in every room. You can't afford that crap, but you bought it anyway - maybe you believed you could pay back all that debt, maybe you believed the boom would never end, maybe you just wanted to keep up with the Joneses or feel special. But you had to know you couldn't afford it, yet you borrowed and spent anyway. Now I hope you die in the fire you set while trying to collect an insurance payout. It's people like you - and all the others I just mentioned - who make this world a shitty place to live. So please, FOADIAF already. And in the meantime, take some goddamned responsibility for yourself.
is to require that any patent or copyright holder be actively developing and/or selling related products. In other words, the economy must be able to obtain the "benefits" of the "innovation" in order to justify the government grant of monopoly. Remember that these "rights" are actually privileges granted by the government on behalf of the people for their greater benefit. Limitation or revocation of these privileges is not confiscation and should not be viewed in the same way as a taking of land or other tangible property; it is appropriate in cases in which the public interest is clearly not being served by their continuation.
For copyright, this approach is fairly easy because the work subject to protection already exists; if a work subject to copyright protection has not been newly licensed by or performed for an end user (i.e., not a reseller) in the past 3 years on terms generally available to other end users, that copyright expires. This definition prevents the holder from offering a work for sale at an absurd price, transferring it among subsidiaries, or giving away one copy a year to a "lucky winner" to avoid losing protection. Perpetually out-of-print books, obsolete software, and music owned by defunct record companies would all be freed from copyright protection.
Patents are harder because the patent may exist before commercially viable products do. One possible first-order approximation might be that patents may not be owned by holding companies; only individuals and operating companies may possess them. This requirement would make it difficult for patent trolls to execute their business model. Another strategy might be to require holders to notify the patent office when they first manufacture a product they believe is subject to protection under a specific patent; the patent office could then allow double-blind challenges (to protect trade secrets associated with ongoing R&D) to patents that are not apparently in use and are at least 3 years old. An inspector would then attempt to obtain evidence from the holder that product development is actively occurring; if it is not, the patent is invalidated. There are plenty of pitfalls here; I challenge everyone to try writing a definition that actually solves the problem. The principle is sound, but it's harder than it looks.
If Warren Buffet were to die tomorrow, Berkshire Hathaway's stock would suffer.
Then I would buy it, because Charlie Munger is just as good and their entire business model has been to buy great businesses with great managers. One or several of those managers will do a fine job of running the place when Warren and Charlie finally kick the bucket.
Now, if you don't want to invest in companies that depend on a key man or group, that's you're prerogative. No risk, no reward. But there are people that do (and from the list above you can see it does pay off), and to them knowing Steve Job's health is an important concern.
Sure, I won't deny that - for whatever reason - Steve Jobs has made investors believe that Apple is worth more that it would be without him. It is even plausible (certainly true at some companies, so Apple may be one of them) that his presence or management abilities or other traits have increased Apple's earnings. As an investor, I'm definitely interested in managers coming and going and prefer companies with sound management culture and good succession plans to those with neither. That's just common sense. And if a company, however strong its business, is largely dependent on one senior official for its performance, but there is no culture of managerial development or the manager's ability to improve performance is based largely on a cult of personality, I will be hesitant to buy it no matter that individual's medical history. Those circumstances increase risk, and the function of the market is to price risk: the higher the risk, the lower the multiple. Given that Apple is trading at higher multiples (P/E, P/S, PEG, you name it) than other companies in similar markets, I believe it is safe to say that the market is underpricing the risk associated with Apple's managerial structure. Even if Apple is more profitable and/or growing faster and/or has stronger brands, those attributes should be reflected in its price and its multiples should remain comparable. Clearly, they are not. Whether Mr. Jobs has cancer or not is immaterial, because sooner or later he will retire or die regardless. And what then for Apple?
Let the man exercise his right to privacy. You don't need to know whether he has cancer to price AAPL. If you're a wise investor, you will simply assume that he does, and that a number of other managers at other companies will likewise die or retire unexpectedly at some point. Strong companies with strong businesses and strong managerial talent do not depend on any one individual for their performance and certainly do not rely on that individual's cult of personality to develop a slavish customer base of fanboys. The companies you want to own make products people need, have strong brands based on their products' historical and present qualities, and control costs effectively. They have solid management teams that know the business, can execute, and manage risk properly. They hire good people and develop their talents. They have succession plans. Those are the qualities you should be looking for as an investor (as a trader or speculator, you're looking for something else entirely).
If you find yourself obsessing over a CEO's health, that's not the company you want to own. The truth is, Apple is a financially strong company ($15b in cash, no debt) that sells a luxury consumer product. It has an awesome but fragile brand and a history of good to excellent execution. But cost controls are poor and margins are dependent entirely on brand cachet and the ability of its customers to pay premium prices for luxury goods. Employee morale is mediocre, the management team is shallow, and future growth will be limited by macroeconomic factors. The inevitable loss of Mr. Jobs will devastate this company, and I expect investors will be left with nothing. In some ways, the company looks a lot like MSFT did a few years ago - huge cash position, strong current growth but limited future potential, and strong but fragile brands (in MSFT's case,
Well, in order to understand what will happen with this sort of thing, one first needs to understand why so many banks are headquartered in Bermuda, Macao, Jersey, and Guernsey and why shipping companies are so often headquartered in the Marshall Islands. Once you understand that, you'll know the outcome of US policy on private space travel.
Dunno about him but I'm happy to bear the cost. Figure out the cheapest way to recycle or dispose of these things properly, then add that to the price and let me put it in the bin with the rest of my rubbish (or a separate one as with other recyclables). That system is simple and convenient and it provides the correct incentives. What we have now is a system in which it is often illegal to dispose of something but no alternative is available and, where one is, I have no pricing information to determine whether I'm getting jobbed. Meanwhile most people keep throwing the stuff into landfills and polluting everyone's water supplies. This is a no-brainer.
Yeah, this makes no sense. The original film was excellent. While clearly a Cold War film, it's still absolutely relevant today. And though it was obviously a morality play, it left plenty of room for the viewer to interpret the ideas it contained. Even if it were to be done well, I would question the necessity of a remake, especially with such a lame and overdone theme. But more than anything why does anyone cast Keanu Reeves these days? He's just plain awful - your comparison is unkind to aspiring cinder blocks holding up buildings in Hollywood and dreaming of big things. If they had to use him, his and Cleese's roles ought to have been reversed.
In America, it's typical (even for high-tech workers) to only get 5 to 7 vacation days each year. So losing out on a week is actually pretty significant.
I guess you must be talking about somewhere in Central or South America. In the United States most legal employees receive 2 weeks of vacation or more. At my large private tech employer, 11 days a year is the minimum for ALL new employees; it rises with seniority and does not depend on your classification or title. California state employees get more, as do most unionised workers. It's not Europe, but 5 days would be pretty stingy for any job that doesn't involve asking about fries with that.
Anyway, the value of 5 days of vacation is probably less than $1000 after taxes (a US worker who takes home $52000 a year has a gross salary of over $75000). I don't consider that much of a penalty for a $3m mistake. At minimum, if he were really to blame for it, he should have been fired and a bit set in his personnel file precluding any state agency from hiring him ever again. A civil lawsuit wouldn't be unreasonable, either. All this, as I said, assumes he was actually responsible for the error. I'm not sold on that.
I figure $100m is the magic number. I would immediately leave the country and temporarily put all the money in gold (the universal currency). That would be enough money to buy a large chunk of land and the right to sovereignty over it from some country that needs money, acquire some military hardware on the global arms market, and live freely for the rest of my life. Under those circumstances, the right to vote in my current country of residence is pretty much irrelevant, and in fact my vote in my new home would be worth far more as it would be the only one. It's a no-brainer.
Of course, if I had to value my vote as a rational economic actor, I'd probably give it up forever for about $1k. The probability that my vote will affect who wins any office is zero (I have never voted for a major-party candidate for any office and, at the rate things are going, never will). So all that's left is my vote on ballot questions; even at the local level there are often 100k votes cast, so the likelihood that my vote will be decisive is very low. And the actual difference to me (in taxes, services, whatever) of any single question is probably no more than a few hundred thousand dollars. So even $1k per lifetime is probably too high. I wonder what Lloyd's would charge me for "political insurance" - a policy that would protect me against loss of income, wealth, or material liberty due to political change or unlawful act of government - seems that it ought to be the number of voters times the present value of my vote divided by 2. This is sufficiently interesting to justify a trip to the library. Surely some economist has written a paper on it.
You can go by rail across all of Europe and travel a comparable distance. The difference is that you'll be traveling at an average speed somewhere between 100 and 250 km/h instead of 40-50 km/h (you NEC bastards can STFU please). Fortunately Amtrak, rail advocates, and the states (but not Congress, sadly) seem to be wising up and investing in more regional corridors that connect with one another. These offer higher speeds (typically 120km/h top speeds and 70-100km/h overall average) and more frequent and reliable service. The nationwide connections need to stay for the plan to work, though, and there are too many Congressmen who keep trying to kill them directly or by failing to invest (as Europe has) in making them competitive. But there's no reason we couldn't have a nationwide rail network that could take you from California to New York in 20-30 hours, in comfort and at a reasonable price *and* offer you the kind of regional services that would replace most of the low-fare flights at comparable prices and speeds with a dramatically lower environmental footprint. Air travel exists in Europe, after all - and it's used by people who are traveling longer distances in a bigger hurry than the rail network can accomodate. There's always going to be a place for that here, too, but right now air travel is overutilised because of public and private underinvestment in rail, poor urban planning, a giant mess of distorting subsidies (of all travel modes), and an unfathomably enormous implicit subsidy in the form of environmental damage. The actual economics of rail are much better than most Americans have been led to believe, though not quite the panacea some of us might wish. 75% market share for regional travel and 40% for transcon travel are achievable goals for a US rail network with the proper investment and an eventual elimination of all highway/rail/airport/tax/carbon/ethanol/etc. subsidies. 100% isn't.
Yes, I've seen this as well, and I'd agree that it should be done more often. On the flip side, though, (if I were ever to fly again, which implies that the pseudosecurity BS has gone away) I would prefer to fly smaller planes. Why? No jetways and planeside checked baggage. I'm not afraid that they'll lose my bag if I hand it to a guy and watch him toss it into the hold. Then they hand it to me outside the plane when we land. No different from traveling by bus, really. If my bag goes through 43 people and 18 conveyor belts in a giant facility that also handles bags for 28 other flights to 60 other cities, I figure I'd be better off just burning the bag and its contents at home - that's a less annoying way to ensure that I never see my belongings again. So my rule was always if it won't fit in a carry-on, it doesn't go with me. Most people seem smart enough to understand this but not smart enough to evaluate the first part of the rule correctly.
I'm happy to declare. Fuck Darfur. Ask yourself what interests we have there. What's it buy us? Nations aren't global charities; their purpose is to protect, defend, and enhance opportunity for their own citizens. No one in Darfur is any threat to American or global security, so the risk associated with NOT going is zero. Sending an expeditionary force abroad to keep the peace has to be looked at as an investment, just like building a dam or endowing a public university. The opportunity is usually to build a good relationship with people who are suffering - that yields cultural and economic benefits as those people rebuild their nation after the peacekeepers leave. Unfortunately, that opportunity doesn't exist in Darfur - this is not a region likely to govern itself successfully at any time in the forseeable future, it has no economy to speak of, no infrastructure, no quality institutions. When the peacekeepers leave, chaos of some kind will return; any relationships we've built will be with people who are promptly killed or repressed by the next tribal militia/warlord/dictator. Even if they're not, by the time they're in any position to offer us value they'll have forgotten us or revised us into imperialist monsters. Winning in Darfur requires a 50-year nation-building commitment to get any kind of payout, and we all know what that's called: colonialism. No thanks.
If the government wanted all services to be user-pays, they could make them that way and abolish taxes. But in civilised democracies, it is considered better for society as a whole to provide some services universally...
Really? How would user-pays work for national defense, for instance? Or general law enforcement? The reason governments are allowed to tax is that there is no efficient or equitable way to assign portions of certain costs to specific individuals. So the first part of your second statement is correct, but the essence of your retort is not: taxation exists because virtually all constitutionally permissible government activities are of the unassignable-cost variety. If the government limited its activities to those, it would be entirely reasonable, as the Framers provided for, to impose a head tax on all residents and/or citizens. If the benefits are universal - as indeed they are in most of those cases - then so too should be the sharing of costs. Are a poor man's life and liberty less valuable than a wealthy man's? If not, why should he pay less for their preservation?
You pay no income tax only if you don't have income. TA/RA stipend is income and taxed. On campus work is taxed.
The first statement is false. For tax year 2007, the personal exemption is $3400 and the standard deduction is $5350 for single filers. Thus, at least the first $8750 of income is effectively exempt from taxation. Your other two statements are correct, but in my personal experience it's unusual for TA/RA stipends to approach that amount.
The stipend is same for everyone and is advertised on the department website.
Yes, and if we're talking about universities that were anything like the one I attended, they're much less than $8750 a year - for everyone.
Since for the most part they can't legally work, they generally pay no income taxes. If they are allowed to work, they usually receive only a token wage as a research or teaching assistant; anyone who's ever TA'd knows you don't make enough to incur any tax liability. Such jobs are normally exempt from payroll taxes as well, though in some states they may be subject to unemployment taxes. In the rare cases in which these students do incur income tax liability, they are required to pay at the same rates as anyone else (and their earnings may or may not also be taxed by their own governments). Foreign students do, of course, pay sales taxes and those who rent property pay property taxes indirectly. Your question, if nothing else, highlights a grievous flaw in our system of taxation: it implies that one's use of government services and public resources has a strong positive correlation with one's income. In many cases, the tax structure is designed not to equitably raise revenue to cover the cost of government but rather to redistribute wealth according to some abstract ideal or to penalise, subsidise, or encourage various behaviours, most of which have nothing to do with the cost of government. So asking this question about foreign students seems a bit pointless; one could make the same set of observations about any group of people unable to work or prohibited from doing so (a group which includes foreign tourists - nearly always considered a boon). A better question might be how much public universities make (or lose) on these students' education. Hopefully they're recovering at least what it actually costs to provide education. I know when I was going to school that my state university's fee structure was something like 80% subsidised by the state; foreign students had to pay the out of state fees as well as some additional charges, but I doubt it equalled the full cost altogether. Of course, these students also brought money into the city and the university which might not otherwise have been available.
Figuring long-term net gain or loss is almost impossible. Some of these students stay and obtain permanent visas; they would be expected to pay taxes on substantial earnings for a long time. Others, more today than ever, go home, where their new credentials enable them to take jobs that used to be done by Americans, but at large discounts due to local prices (thus putting Americans out of work or forcing them to skill up in response but also lowering the cost of Americans' insatiable consumption fetish). And some, too many, overstay, taking illegal jobs (often at or below minimum wage) and paying no income or payroll taxes. There are gains and losses for every US citizen in all three cases, and I don't pretend I could compute the overall balance. If it concerns you, you should think about the more fundamental issues in the tax code rather than singling out foreign students for a cost/benefit analysis.
A block watch is a great idea too. Neighbors are a security mechanism.
Well, yes; humans are the only really important security mechanism. No one seriously considers unattended locks of any kind secure; locks are for peace of mind, insurance paperwork, and discouragement of drunks, prostitutes, and squatters, not theft prevention. Just as barricades and minefields can't keep a military foe out unless they're backed by men with guns, locks and reinforced strike plates can't keep criminals out of your home if no one is around. The difference between a well-secured home and one with no security is a matter of minutes' delay for criminals; if no one with at least a sword, gun, large dog, or Mr. T-sized fists is going to wander by in that time, your security gadgets are useless. Even if you have a comprehensive and high-tech "impenetrable" system, if your home is not visible to anyone who cares about crime, all a criminal has to do is wait for you to go away for a few days and then show up with construction gear and literally take the place apart. While this can be done even in plain view, that requires a lot more work - one needs to at least make it look like a legitimate construction site, which means permits or forgeries, and there's always the risk that someone will remember what you looked like. A block watch is helpful for preventing this sort of thing, but in the United States today most people have spread themselves too thinly for this to be really useful. In a traditional city, there will be dozens of people every hour passing by your home while you're away; in today's suburbs and exurbs, it's entirely possible that the front of your property is visible to only one or two neighbours, no one will ever walk by, and the back is completely invisible to everyone. Even if those neighbours are around most of the time and reasonably vigilant, it's still dumb luck if they happen to catch someone breaking into your home. Unless your property is known to contain something of very high value, simply living in a traditional city with foot traffic is the only protection from burglary you'll ever need; effectively protecting unoccupied suburban and exurban homes from theft is more or less impossible.
My own data is kept at home, where my windows are left open all day and the locks can be picked by amateur locksmiths in a few minutes. It's basically there for the taking, but as it happens there's really very little of value - I don't keep identifying information like social security numbers electronically, and I don't happen to own any intrinsically valuable data.
The reason I protect my computers is to avoid seeing them used by others to launch attacks; between the legal concerns and a simple moral obligation to the rest of humanity, I don't want that happening. The actual data that needs protecting is stored elsewhere - in a bank vault, perhaps. The real concerns are around all the corporations and government agencies which insist that they need all this information but then do nothing to protect it - physically or electronically. Given their lax electronic safeguards, I don't really see much point in improving physical security: right now my data can be obtained more easily and with less risk of detection by electronic means than by physically breaking into a data centre.
It's not whining, it's a demand for accountability. If I were as bad at my job as these people are at theirs, I would be fired, and rightly so. Those of you who like to bend over and take it are welcome to keep doing so. I won't.
So what? My anger comes not from the loss of any particular service but from the fundamentals - accountability, passion for a job well done, and a sound infrastructural basis for economic prosperity. Why don't you actually spend 3 seconds thinking about the problem before you assume my anger arises from angst over a social networking site? I realise this is Slashdot, but we're not ALL 13-year-old living in our parents' basements. Some of us have even, GASP, managed data centers and planned our companies' geographic redundancy strategies. Perhaps that's just a peril of posting here - even if you know what you're talking about, everyone assumes by default that you don't. So how about you STFU and think, eh?
Anyone caught out by this was negligent to his company's shareholders and should be in civil court tomorrow morning facing lawsuits as well as automatic termination for cause. Either the people running the data center are outright liars (likely) or the people who bought their services are criminally incompetent (all but certain) or both. These problems are easily prevented; indeed, they are solved problems. There is absolutely no reason for PG&E to fail, no reason at all for a data center to go black, and no excuse whatsoever for a service provider to fail. Every single individual responsible for this should have his assets taken by his customers, be immediately terminated, and then put on trial for reckless endangerment, criminal negligence, breach of contract, and grand theft. If they're lucky we'll agree to put them away in San Quentin for the rest of their lives. If I were in charge, their dead bodies would already be hanging in front of the Ferry Building as an example to others. This is unacceptable and inexcusable, and I strongly encourage everyone affected to demand accountability from top to bottom. If you do not, problems of this type will increase in frequency and severity as people realise they can get away with more.
Re:Old-skool ergonomics of line width
on
Are 80 Columns Enough?
·
· Score: 3, Interesting
You make an assumption that one reads the code like a newspaper. If you do, then you're doing it wrong.
And you make an assumption that you should name every variable and function as if it were a sentence. If you do, then you're doing it wrong. Names in the 10 to 20 character range are reasonable; names in the 40 character range are not. Many locals can and should be given names like i, j, k, p, and q, and in any case don't need to be prefixed. And under those circumstances, it should be possible to get 3, possibly 4 levels of indentation into a single function without excessive line breaks or other loss of readability. If you need more than that, you need to refactor or rephrase the function. If you can't find unique names that are both comprehensible and short enough not to demand more columns, you need to reevaluate both your architecture (you're probably not managing namespaces and/or symbol visibility well) and your naming conventions (consider prefixes of 2 or 3 characters instead of 8 or 10, for example). And don't even get me started on languages like C++ that force you to type SomeLongThing::SomeOtherLongThing::SomeEvenLongerT hingWithATailAndFourteenLegs.
It's completely possible to write readable, maintainable, well-architected code within 80 columns. And before you say "sure, as long as it's nothing more useful than Hello World," know that it's possible for such code to solve large, difficult, and complex problems without violating any of those constraints. Countless examples abound; look at the OpenSolaris kernel code for some good ones. It is, admittedly, very difficult to write egregiously verbose, needlessly complex, badly architected code in 80 columns, especially in languages designed primarily to increase complexity. So go ahead, use more than 80 columns. That's fine with me, actually; that way I'll know immediately that your code is a pile of shit without having to spend even 30 seconds actually reading it. Think I'm joking? In fact this is a real and widely-used litmus test for bad code and bad engineers. Unless it's an intern candidate who doesn't know any better, no one who sends me a code sample with long lines would ever get an interview, because I won't even read it.
While I understand the desire (and business need) to offer your employees perks and benefits in a competitive marketplace, Google could do a lot more for the world without hurting themselves at all by instead encouraging the development of self-funding and self-sustaining public transit. Every Google shuttle adds unnecessary pollution and congestion; its employees ought to be on Caltrain instead. If that's not meeting their needs, Google should be pressing for improvements, not building its own less efficient system instead. And let's not forget that the quest for cheap real estate that has so many companies on bay-adjacent fill instead of in city centers has made existing transit networks that much less efficient (and thus raised other costs for those same real-estate savers and clogged hwy 101 with their employees' cars). It's certainly better for everyone that Google offers buses instead of insisting that everyone drive a car, but the real answer is denser cities and superior public transit. Anything that delays achievement of those objectives by papering over the problem will only make the eventual adjustments that much more painful.
I've read the code and the history in question and I probably understand the problem far better than you do. Assumption of ignorance on the part of those with whom you disagree is the very kind of "knee-jerk reaction" you assert I've had.
Did you even bother to do a "man login" to see what parms it takes? You expect login to not check for such things?
The man pages document those interfaces which are Public; that is, those which are intended for use by users and developers and for which certain guarantees of compatibility are made (or not made, depending on what the attributes(5) section has to say for the interfaces in question). They are not guaranteed to define every possible parameter accepted by every program, function, or other interface if those aspects of the interface are not Public. The existence of such interfaces is not generally a security issue; they may (and do) have perfectly legitimate consumers elsewhere in the system.
If you were getting bugtraq notices you would know that telnet worked EXACTLY as designed.
I'm sorry, but that's simply not true. In fact, the telnet(1) -l option *is* Public and is documented, and nowhere does the documentation indicate that the purpose of this option (nor of the USER environment variable) is to pass arbitrary options to/bin/login. Its purpose is to set the username, no more and no less. By incorrectly interpreting the value of this environment variable, telnetd(1M) is guilty of failing to correctly validate and interpret untrusted user-supplied information in a privileged context. A classic (and embarrassing) security bug. In telnetd.
Before telling me I'm wrong again, tell SUN they are wrong because that is what they said and they are the ones that fixed it.
Since you're not quoting an individual, I can't verify your assertion. If in fact someone said this, regardless of whether he or she works for Sun, that individual is wrong. I've inspected the changes to the code (you can do the same at src.opensolaris.org), which were entirely contained within the source to telnetd, not login, and act solely to preclude the interpretation of untrusted text as passed via -l as options to login. Neither the change nor the actual bug suggests that login is defective.
Of course if you are smart you would see that there is another way to attack the machine.
There are many ways to attack a machine, the vast majority of which don't work. I don't claim to have thought of every possible one (nor every possible successful one), and it won't surprise me when other serious security bugs are found in the future. I will assert, however, that the mere existence of login's -f option, however, is neither by itself nor by virtue of its undocumented nature a vulnerability.
No, that's not correct. login(1) is just fine; telnetd fails to correctly validate user input, passing arguments to login that it should not.
Also, "Free software to the rescue" is rather misleading as well; the telnetd shipping in Solaris has been open source for almost 2 years. In any case, the bug has already been fixed and patches are available.
Anyone who conflates "Unix" and "large, expensive custom/proprietary hardware" in 2007 isn't worth reading. While there are indeed some Unix operating systems that only run on custom hardware produced by the same vendor, that's by no means universally true. Note especially Solaris, which runs just as well on the very same cheap and ubiquitous x86 (whether from a tier-1 vendor or homebrew) systems used by some to run Windows or GNU/Linux as it does on the big, expensive SPARC hardware that Sun and Fujitsu offer. Anyone who wants to have a meaningful conversation about the IT industry needs to start by separating the hardware options (driven mainly by economics) from the software discussion (driven mainly by technical and business factors). While there are business problems that can only be solved on high-end hardware that's often limited to a single choice of OS, those are the minority of deployments and form a distinct market from the volume space. Talking about competition between high-end and low-end solutions is pointless; either you need high-end performance, capacity, and features or you don't. If you do, you're simply not in the market for a low-end hardware platform and the OS you run will depend largely on the hardware vendor you choose. If you don't, it would be silly to spend money on high-end gear, and you'll be able to choose from among several operating systems - including those named here - based on your individual business needs and the features offered by each product. But it's a sure mark of ignorance to discuss the two as if it's all one market in which a choice of Windows/GNU/Linux/Solaris/BSD on a uniprocessor PC competes directly with HPUX on Himalaya and Solaris on Starcat. One can see why commentators are always talking about Unix's imminent demise; they fail to recognise two key aspects of the market: Unix's strong and capable presence on both low-end and high-end hardware, and the segmented nature of the server market. Not much to see here, I shouldn't think.
Slashdot Mirror
Libertarians don't want the Fed to exist at all. The market can set interest rates just fine on its own. In fact, that's what it's been doing for the past several weeks. Had that been allowed to continue, you would have gotten your wish: most companies on Wall Street would have failed, because no one can afford to pay a paltry 4% any longer. They're too highly leveraged and every asset on the market yields too little. That's the legacy of two decades worth of artificially low interest rates, courtesy of the central banking cartel. Had the market been allowed to set its own interest rates along the way, we would never have gotten here. For that matter, without the Fed and its paper money we'd still have circulating gold and silver, and the "dollar" would simply be another name for 1/20.67 ounce of gold. You could buy a house with a small purse full of coins, and the money in your savings account would never lose value. That's the libertarian way. Any claim to the contrary is a damned lie.
You can blame the Republicans if you want (I do!) but don't forget to blame the Democrats as well. FNM and FDE are well-known homes for aged Democrats and their lobbyist friends seeking sinecures, and they like anyone else benefited from the easy profits to be had when money was free to all comers. And while we're there, don't forget the political imperative to push home ownership rates as high as possible and then much higher still: that was a Democrat-led, Republican-approved move. Again, artificially low interest rates made that possible.
Blame all the politicians in office, blame the career bureaucrats, and blame the greedy bankers. But never forget, either, that every transaction has two sides. So blame the borrowers, too, and the shareholders who collected their dividends - several times what bank deposits paid, by the way - without asking questions about the assets that provided them. And blame yourself, if you're anything like the typical American: indebted up to his eyeballs, with a comfy McMansion in the 'burbs, a brace of SUVs in the garage, and a plasma TV in every room. You can't afford that crap, but you bought it anyway - maybe you believed you could pay back all that debt, maybe you believed the boom would never end, maybe you just wanted to keep up with the Joneses or feel special. But you had to know you couldn't afford it, yet you borrowed and spent anyway. Now I hope you die in the fire you set while trying to collect an insurance payout. It's people like you - and all the others I just mentioned - who make this world a shitty place to live. So please, FOADIAF already. And in the meantime, take some goddamned responsibility for yourself.
is to require that any patent or copyright holder be actively developing and/or selling related products. In other words, the economy must be able to obtain the "benefits" of the "innovation" in order to justify the government grant of monopoly. Remember that these "rights" are actually privileges granted by the government on behalf of the people for their greater benefit. Limitation or revocation of these privileges is not confiscation and should not be viewed in the same way as a taking of land or other tangible property; it is appropriate in cases in which the public interest is clearly not being served by their continuation.
For copyright, this approach is fairly easy because the work subject to protection already exists; if a work subject to copyright protection has not been newly licensed by or performed for an end user (i.e., not a reseller) in the past 3 years on terms generally available to other end users, that copyright expires. This definition prevents the holder from offering a work for sale at an absurd price, transferring it among subsidiaries, or giving away one copy a year to a "lucky winner" to avoid losing protection. Perpetually out-of-print books, obsolete software, and music owned by defunct record companies would all be freed from copyright protection.
Patents are harder because the patent may exist before commercially viable products do. One possible first-order approximation might be that patents may not be owned by holding companies; only individuals and operating companies may possess them. This requirement would make it difficult for patent trolls to execute their business model. Another strategy might be to require holders to notify the patent office when they first manufacture a product they believe is subject to protection under a specific patent; the patent office could then allow double-blind challenges (to protect trade secrets associated with ongoing R&D) to patents that are not apparently in use and are at least 3 years old. An inspector would then attempt to obtain evidence from the holder that product development is actively occurring; if it is not, the patent is invalidated. There are plenty of pitfalls here; I challenge everyone to try writing a definition that actually solves the problem. The principle is sound, but it's harder than it looks.
Then I would buy it, because Charlie Munger is just as good and their entire business model has been to buy great businesses with great managers. One or several of those managers will do a fine job of running the place when Warren and Charlie finally kick the bucket.
Now, if you don't want to invest in companies that depend on a key man or group, that's you're prerogative. No risk, no reward. But there are people that do (and from the list above you can see it does pay off), and to them knowing Steve Job's health is an important concern.
Sure, I won't deny that - for whatever reason - Steve Jobs has made investors believe that Apple is worth more that it would be without him. It is even plausible (certainly true at some companies, so Apple may be one of them) that his presence or management abilities or other traits have increased Apple's earnings. As an investor, I'm definitely interested in managers coming and going and prefer companies with sound management culture and good succession plans to those with neither. That's just common sense. And if a company, however strong its business, is largely dependent on one senior official for its performance, but there is no culture of managerial development or the manager's ability to improve performance is based largely on a cult of personality, I will be hesitant to buy it no matter that individual's medical history. Those circumstances increase risk, and the function of the market is to price risk: the higher the risk, the lower the multiple. Given that Apple is trading at higher multiples (P/E, P/S, PEG, you name it) than other companies in similar markets, I believe it is safe to say that the market is underpricing the risk associated with Apple's managerial structure. Even if Apple is more profitable and/or growing faster and/or has stronger brands, those attributes should be reflected in its price and its multiples should remain comparable. Clearly, they are not. Whether Mr. Jobs has cancer or not is immaterial, because sooner or later he will retire or die regardless. And what then for Apple?
Let the man exercise his right to privacy. You don't need to know whether he has cancer to price AAPL. If you're a wise investor, you will simply assume that he does, and that a number of other managers at other companies will likewise die or retire unexpectedly at some point. Strong companies with strong businesses and strong managerial talent do not depend on any one individual for their performance and certainly do not rely on that individual's cult of personality to develop a slavish customer base of fanboys. The companies you want to own make products people need, have strong brands based on their products' historical and present qualities, and control costs effectively. They have solid management teams that know the business, can execute, and manage risk properly. They hire good people and develop their talents. They have succession plans. Those are the qualities you should be looking for as an investor (as a trader or speculator, you're looking for something else entirely).
If you find yourself obsessing over a CEO's health, that's not the company you want to own. The truth is, Apple is a financially strong company ($15b in cash, no debt) that sells a luxury consumer product. It has an awesome but fragile brand and a history of good to excellent execution. But cost controls are poor and margins are dependent entirely on brand cachet and the ability of its customers to pay premium prices for luxury goods. Employee morale is mediocre, the management team is shallow, and future growth will be limited by macroeconomic factors. The inevitable loss of Mr. Jobs will devastate this company, and I expect investors will be left with nothing. In some ways, the company looks a lot like MSFT did a few years ago - huge cash position, strong current growth but limited future potential, and strong but fragile brands (in MSFT's case,
Well, in order to understand what will happen with this sort of thing, one first needs to understand why so many banks are headquartered in Bermuda, Macao, Jersey, and Guernsey and why shipping companies are so often headquartered in the Marshall Islands. Once you understand that, you'll know the outcome of US policy on private space travel.
Dunno about him but I'm happy to bear the cost. Figure out the cheapest way to recycle or dispose of these things properly, then add that to the price and let me put it in the bin with the rest of my rubbish (or a separate one as with other recyclables). That system is simple and convenient and it provides the correct incentives. What we have now is a system in which it is often illegal to dispose of something but no alternative is available and, where one is, I have no pricing information to determine whether I'm getting jobbed. Meanwhile most people keep throwing the stuff into landfills and polluting everyone's water supplies. This is a no-brainer.
Yeah, this makes no sense. The original film was excellent. While clearly a Cold War film, it's still absolutely relevant today. And though it was obviously a morality play, it left plenty of room for the viewer to interpret the ideas it contained. Even if it were to be done well, I would question the necessity of a remake, especially with such a lame and overdone theme. But more than anything why does anyone cast Keanu Reeves these days? He's just plain awful - your comparison is unkind to aspiring cinder blocks holding up buildings in Hollywood and dreaming of big things. If they had to use him, his and Cleese's roles ought to have been reversed.
I guess you must be talking about somewhere in Central or South America. In the United States most legal employees receive 2 weeks of vacation or more. At my large private tech employer, 11 days a year is the minimum for ALL new employees; it rises with seniority and does not depend on your classification or title. California state employees get more, as do most unionised workers. It's not Europe, but 5 days would be pretty stingy for any job that doesn't involve asking about fries with that.
Anyway, the value of 5 days of vacation is probably less than $1000 after taxes (a US worker who takes home $52000 a year has a gross salary of over $75000). I don't consider that much of a penalty for a $3m mistake. At minimum, if he were really to blame for it, he should have been fired and a bit set in his personnel file precluding any state agency from hiring him ever again. A civil lawsuit wouldn't be unreasonable, either. All this, as I said, assumes he was actually responsible for the error. I'm not sold on that.
I figure $100m is the magic number. I would immediately leave the country and temporarily put all the money in gold (the universal currency). That would be enough money to buy a large chunk of land and the right to sovereignty over it from some country that needs money, acquire some military hardware on the global arms market, and live freely for the rest of my life. Under those circumstances, the right to vote in my current country of residence is pretty much irrelevant, and in fact my vote in my new home would be worth far more as it would be the only one. It's a no-brainer.
Of course, if I had to value my vote as a rational economic actor, I'd probably give it up forever for about $1k. The probability that my vote will affect who wins any office is zero (I have never voted for a major-party candidate for any office and, at the rate things are going, never will). So all that's left is my vote on ballot questions; even at the local level there are often 100k votes cast, so the likelihood that my vote will be decisive is very low. And the actual difference to me (in taxes, services, whatever) of any single question is probably no more than a few hundred thousand dollars. So even $1k per lifetime is probably too high. I wonder what Lloyd's would charge me for "political insurance" - a policy that would protect me against loss of income, wealth, or material liberty due to political change or unlawful act of government - seems that it ought to be the number of voters times the present value of my vote divided by 2. This is sufficiently interesting to justify a trip to the library. Surely some economist has written a paper on it.
You can go by rail across all of Europe and travel a comparable distance. The difference is that you'll be traveling at an average speed somewhere between 100 and 250 km/h instead of 40-50 km/h (you NEC bastards can STFU please). Fortunately Amtrak, rail advocates, and the states (but not Congress, sadly) seem to be wising up and investing in more regional corridors that connect with one another. These offer higher speeds (typically 120km/h top speeds and 70-100km/h overall average) and more frequent and reliable service. The nationwide connections need to stay for the plan to work, though, and there are too many Congressmen who keep trying to kill them directly or by failing to invest (as Europe has) in making them competitive. But there's no reason we couldn't have a nationwide rail network that could take you from California to New York in 20-30 hours, in comfort and at a reasonable price *and* offer you the kind of regional services that would replace most of the low-fare flights at comparable prices and speeds with a dramatically lower environmental footprint. Air travel exists in Europe, after all - and it's used by people who are traveling longer distances in a bigger hurry than the rail network can accomodate. There's always going to be a place for that here, too, but right now air travel is overutilised because of public and private underinvestment in rail, poor urban planning, a giant mess of distorting subsidies (of all travel modes), and an unfathomably enormous implicit subsidy in the form of environmental damage. The actual economics of rail are much better than most Americans have been led to believe, though not quite the panacea some of us might wish. 75% market share for regional travel and 40% for transcon travel are achievable goals for a US rail network with the proper investment and an eventual elimination of all highway/rail/airport/tax/carbon/ethanol/etc. subsidies. 100% isn't.
Yes, I've seen this as well, and I'd agree that it should be done more often. On the flip side, though, (if I were ever to fly again, which implies that the pseudosecurity BS has gone away) I would prefer to fly smaller planes. Why? No jetways and planeside checked baggage. I'm not afraid that they'll lose my bag if I hand it to a guy and watch him toss it into the hold. Then they hand it to me outside the plane when we land. No different from traveling by bus, really. If my bag goes through 43 people and 18 conveyor belts in a giant facility that also handles bags for 28 other flights to 60 other cities, I figure I'd be better off just burning the bag and its contents at home - that's a less annoying way to ensure that I never see my belongings again. So my rule was always if it won't fit in a carry-on, it doesn't go with me. Most people seem smart enough to understand this but not smart enough to evaluate the first part of the rule correctly.
Man, I was dead before you were even born!
I'm happy to declare. Fuck Darfur. Ask yourself what interests we have there. What's it buy us? Nations aren't global charities; their purpose is to protect, defend, and enhance opportunity for their own citizens. No one in Darfur is any threat to American or global security, so the risk associated with NOT going is zero. Sending an expeditionary force abroad to keep the peace has to be looked at as an investment, just like building a dam or endowing a public university. The opportunity is usually to build a good relationship with people who are suffering - that yields cultural and economic benefits as those people rebuild their nation after the peacekeepers leave. Unfortunately, that opportunity doesn't exist in Darfur - this is not a region likely to govern itself successfully at any time in the forseeable future, it has no economy to speak of, no infrastructure, no quality institutions. When the peacekeepers leave, chaos of some kind will return; any relationships we've built will be with people who are promptly killed or repressed by the next tribal militia/warlord/dictator. Even if they're not, by the time they're in any position to offer us value they'll have forgotten us or revised us into imperialist monsters. Winning in Darfur requires a 50-year nation-building commitment to get any kind of payout, and we all know what that's called: colonialism. No thanks.
Really? How would user-pays work for national defense, for instance? Or general law enforcement? The reason governments are allowed to tax is that there is no efficient or equitable way to assign portions of certain costs to specific individuals. So the first part of your second statement is correct, but the essence of your retort is not: taxation exists because virtually all constitutionally permissible government activities are of the unassignable-cost variety. If the government limited its activities to those, it would be entirely reasonable, as the Framers provided for, to impose a head tax on all residents and/or citizens. If the benefits are universal - as indeed they are in most of those cases - then so too should be the sharing of costs. Are a poor man's life and liberty less valuable than a wealthy man's? If not, why should he pay less for their preservation?
The first statement is false. For tax year 2007, the personal exemption is $3400 and the standard deduction is $5350 for single filers. Thus, at least the first $8750 of income is effectively exempt from taxation. Your other two statements are correct, but in my personal experience it's unusual for TA/RA stipends to approach that amount.
The stipend is same for everyone and is advertised on the department website.
Yes, and if we're talking about universities that were anything like the one I attended, they're much less than $8750 a year - for everyone.
No they are not exempt!
In fact, stipends *are* exempt from Social Security taxes, provided that one works fewer than 20 hours a week, and only while regular classes are in session. See, for example, http://www.housing.wisc.edu/jobs/PDF/payroll_information.pdf. And for a canonical reference that applies specifically to nonresident aliens on student visas, see http://www.irs.gov/businesses/small/international/article/0,,id=131635,00.html.
Figuring long-term net gain or loss is almost impossible. Some of these students stay and obtain permanent visas; they would be expected to pay taxes on substantial earnings for a long time. Others, more today than ever, go home, where their new credentials enable them to take jobs that used to be done by Americans, but at large discounts due to local prices (thus putting Americans out of work or forcing them to skill up in response but also lowering the cost of Americans' insatiable consumption fetish). And some, too many, overstay, taking illegal jobs (often at or below minimum wage) and paying no income or payroll taxes. There are gains and losses for every US citizen in all three cases, and I don't pretend I could compute the overall balance. If it concerns you, you should think about the more fundamental issues in the tax code rather than singling out foreign students for a cost/benefit analysis.
And yes, I'm a native-born US citizen.
Well, yes; humans are the only really important security mechanism. No one seriously considers unattended locks of any kind secure; locks are for peace of mind, insurance paperwork, and discouragement of drunks, prostitutes, and squatters, not theft prevention. Just as barricades and minefields can't keep a military foe out unless they're backed by men with guns, locks and reinforced strike plates can't keep criminals out of your home if no one is around. The difference between a well-secured home and one with no security is a matter of minutes' delay for criminals; if no one with at least a sword, gun, large dog, or Mr. T-sized fists is going to wander by in that time, your security gadgets are useless. Even if you have a comprehensive and high-tech "impenetrable" system, if your home is not visible to anyone who cares about crime, all a criminal has to do is wait for you to go away for a few days and then show up with construction gear and literally take the place apart. While this can be done even in plain view, that requires a lot more work - one needs to at least make it look like a legitimate construction site, which means permits or forgeries, and there's always the risk that someone will remember what you looked like. A block watch is helpful for preventing this sort of thing, but in the United States today most people have spread themselves too thinly for this to be really useful. In a traditional city, there will be dozens of people every hour passing by your home while you're away; in today's suburbs and exurbs, it's entirely possible that the front of your property is visible to only one or two neighbours, no one will ever walk by, and the back is completely invisible to everyone. Even if those neighbours are around most of the time and reasonably vigilant, it's still dumb luck if they happen to catch someone breaking into your home. Unless your property is known to contain something of very high value, simply living in a traditional city with foot traffic is the only protection from burglary you'll ever need; effectively protecting unoccupied suburban and exurban homes from theft is more or less impossible.
My own data is kept at home, where my windows are left open all day and the locks can be picked by amateur locksmiths in a few minutes. It's basically there for the taking, but as it happens there's really very little of value - I don't keep identifying information like social security numbers electronically, and I don't happen to own any intrinsically valuable data. The reason I protect my computers is to avoid seeing them used by others to launch attacks; between the legal concerns and a simple moral obligation to the rest of humanity, I don't want that happening. The actual data that needs protecting is stored elsewhere - in a bank vault, perhaps. The real concerns are around all the corporations and government agencies which insist that they need all this information but then do nothing to protect it - physically or electronically. Given their lax electronic safeguards, I don't really see much point in improving physical security: right now my data can be obtained more easily and with less risk of detection by electronic means than by physically breaking into a data centre.
It's not whining, it's a demand for accountability. If I were as bad at my job as these people are at theirs, I would be fired, and rightly so. Those of you who like to bend over and take it are welcome to keep doing so. I won't.
So what? My anger comes not from the loss of any particular service but from the fundamentals - accountability, passion for a job well done, and a sound infrastructural basis for economic prosperity. Why don't you actually spend 3 seconds thinking about the problem before you assume my anger arises from angst over a social networking site? I realise this is Slashdot, but we're not ALL 13-year-old living in our parents' basements. Some of us have even, GASP, managed data centers and planned our companies' geographic redundancy strategies. Perhaps that's just a peril of posting here - even if you know what you're talking about, everyone assumes by default that you don't. So how about you STFU and think, eh?
Anyone caught out by this was negligent to his company's shareholders and should be in civil court tomorrow morning facing lawsuits as well as automatic termination for cause. Either the people running the data center are outright liars (likely) or the people who bought their services are criminally incompetent (all but certain) or both. These problems are easily prevented; indeed, they are solved problems. There is absolutely no reason for PG&E to fail, no reason at all for a data center to go black, and no excuse whatsoever for a service provider to fail. Every single individual responsible for this should have his assets taken by his customers, be immediately terminated, and then put on trial for reckless endangerment, criminal negligence, breach of contract, and grand theft. If they're lucky we'll agree to put them away in San Quentin for the rest of their lives. If I were in charge, their dead bodies would already be hanging in front of the Ferry Building as an example to others. This is unacceptable and inexcusable, and I strongly encourage everyone affected to demand accountability from top to bottom. If you do not, problems of this type will increase in frequency and severity as people realise they can get away with more.
And you make an assumption that you should name every variable and function as if it were a sentence. If you do, then you're doing it wrong. Names in the 10 to 20 character range are reasonable; names in the 40 character range are not. Many locals can and should be given names like i, j, k, p, and q, and in any case don't need to be prefixed. And under those circumstances, it should be possible to get 3, possibly 4 levels of indentation into a single function without excessive line breaks or other loss of readability. If you need more than that, you need to refactor or rephrase the function. If you can't find unique names that are both comprehensible and short enough not to demand more columns, you need to reevaluate both your architecture (you're probably not managing namespaces and/or symbol visibility well) and your naming conventions (consider prefixes of 2 or 3 characters instead of 8 or 10, for example). And don't even get me started on languages like C++ that force you to type SomeLongThing::SomeOtherLongThing::SomeEvenLongerT hingWithATailAndFourteenLegs.
It's completely possible to write readable, maintainable, well-architected code within 80 columns. And before you say "sure, as long as it's nothing more useful than Hello World," know that it's possible for such code to solve large, difficult, and complex problems without violating any of those constraints. Countless examples abound; look at the OpenSolaris kernel code for some good ones. It is, admittedly, very difficult to write egregiously verbose, needlessly complex, badly architected code in 80 columns, especially in languages designed primarily to increase complexity. So go ahead, use more than 80 columns. That's fine with me, actually; that way I'll know immediately that your code is a pile of shit without having to spend even 30 seconds actually reading it. Think I'm joking? In fact this is a real and widely-used litmus test for bad code and bad engineers. Unless it's an intern candidate who doesn't know any better, no one who sends me a code sample with long lines would ever get an interview, because I won't even read it.
While I understand the desire (and business need) to offer your employees perks and benefits in a competitive marketplace, Google could do a lot more for the world without hurting themselves at all by instead encouraging the development of self-funding and self-sustaining public transit. Every Google shuttle adds unnecessary pollution and congestion; its employees ought to be on Caltrain instead. If that's not meeting their needs, Google should be pressing for improvements, not building its own less efficient system instead. And let's not forget that the quest for cheap real estate that has so many companies on bay-adjacent fill instead of in city centers has made existing transit networks that much less efficient (and thus raised other costs for those same real-estate savers and clogged hwy 101 with their employees' cars). It's certainly better for everyone that Google offers buses instead of insisting that everyone drive a car, but the real answer is denser cities and superior public transit. Anything that delays achievement of those objectives by papering over the problem will only make the eventual adjustments that much more painful.
I've read the code and the history in question and I probably understand the problem far better than you do. Assumption of ignorance on the part of those with whom you disagree is the very kind of "knee-jerk reaction" you assert I've had.
Did you even bother to do a "man login" to see what parms it takes? You expect login to not check for such things?
The man pages document those interfaces which are Public; that is, those which are intended for use by users and developers and for which certain guarantees of compatibility are made (or not made, depending on what the attributes(5) section has to say for the interfaces in question). They are not guaranteed to define every possible parameter accepted by every program, function, or other interface if those aspects of the interface are not Public. The existence of such interfaces is not generally a security issue; they may (and do) have perfectly legitimate consumers elsewhere in the system.
If you were getting bugtraq notices you would know that telnet worked EXACTLY as designed.
I'm sorry, but that's simply not true. In fact, the telnet(1) -l option *is* Public and is documented, and nowhere does the documentation indicate that the purpose of this option (nor of the USER environment variable) is to pass arbitrary options to /bin/login. Its purpose is to set the username, no more and no less. By incorrectly interpreting the value of this environment variable, telnetd(1M) is guilty of failing to correctly validate and interpret untrusted user-supplied information in a privileged context. A classic (and embarrassing) security bug. In telnetd.
Before telling me I'm wrong again, tell SUN they are wrong because that is what they said and they are the ones that fixed it.
Since you're not quoting an individual, I can't verify your assertion. If in fact someone said this, regardless of whether he or she works for Sun, that individual is wrong. I've inspected the changes to the code (you can do the same at src.opensolaris.org), which were entirely contained within the source to telnetd, not login, and act solely to preclude the interpretation of untrusted text as passed via -l as options to login. Neither the change nor the actual bug suggests that login is defective.
Of course if you are smart you would see that there is another way to attack the machine.
There are many ways to attack a machine, the vast majority of which don't work. I don't claim to have thought of every possible one (nor every possible successful one), and it won't surprise me when other serious security bugs are found in the future. I will assert, however, that the mere existence of login's -f option, however, is neither by itself nor by virtue of its undocumented nature a vulnerability.
No, that's not correct. login(1) is just fine; telnetd fails to correctly validate user input, passing arguments to login that it should not.
Also, "Free software to the rescue" is rather misleading as well; the telnetd shipping in Solaris has been open source for almost 2 years. In any case, the bug has already been fixed and patches are available.
Anyone who conflates "Unix" and "large, expensive custom/proprietary hardware" in 2007 isn't worth reading. While there are indeed some Unix operating systems that only run on custom hardware produced by the same vendor, that's by no means universally true. Note especially Solaris, which runs just as well on the very same cheap and ubiquitous x86 (whether from a tier-1 vendor or homebrew) systems used by some to run Windows or GNU/Linux as it does on the big, expensive SPARC hardware that Sun and Fujitsu offer. Anyone who wants to have a meaningful conversation about the IT industry needs to start by separating the hardware options (driven mainly by economics) from the software discussion (driven mainly by technical and business factors). While there are business problems that can only be solved on high-end hardware that's often limited to a single choice of OS, those are the minority of deployments and form a distinct market from the volume space. Talking about competition between high-end and low-end solutions is pointless; either you need high-end performance, capacity, and features or you don't. If you do, you're simply not in the market for a low-end hardware platform and the OS you run will depend largely on the hardware vendor you choose. If you don't, it would be silly to spend money on high-end gear, and you'll be able to choose from among several operating systems - including those named here - based on your individual business needs and the features offered by each product. But it's a sure mark of ignorance to discuss the two as if it's all one market in which a choice of Windows/GNU/Linux/Solaris/BSD on a uniprocessor PC competes directly with HPUX on Himalaya and Solaris on Starcat. One can see why commentators are always talking about Unix's imminent demise; they fail to recognise two key aspects of the market: Unix's strong and capable presence on both low-end and high-end hardware, and the segmented nature of the server market. Not much to see here, I shouldn't think.