In MANY networked windows environments, the network admins do not allow end users to have administrator right on the machines on their desk. The network admins, typically MCSE's, perform a variety of admin tasks using automated tasks (either login or chron based) at an elevated permission.
I've often thought that the ISP should play a role similar to this for users on its network. They should be actively scanning for known vulnerabilities and upon finding one, they should block connections on that port and contact the user. Insurance companies should get involved and force ISP's to implement active defense mechanisms. It's pathetic that friendly machines don't scan each other for the purposes of mutual defense.
So I wonder if AOL will do a focus group to figure out if cooking their books creates investor dissatisfaction.
I recently read an article that described AOL's concern for the customer experience as "Soviet". I think that bashing the Reds this way is kind of unfair.
FYI, Democrats _and_ Republicans are both beholding to media interests (put simply, they're terrified of crossing the people who run television, radio and newspapers), although I think the Repubs are worse on the balance it barely matters who your rep is.
Republicans worse in supporting big media? Not even... Unlike most industries which support the GOP more, the Entertainment industry gives 2/3 of their money to democrats and 1/3 (half as much) to republicans. The GOP beats them up for being the "sex and violence" industry and for Hollywood's "lack of family values" pretty regularly. If you've noticed, the Hollings bill (formerly the SCCCA) has been sidelined by republicans, while all the democrats, like Sen. Feinstein, just love it.
You should stop coding and force them to get their hands dirty. Do code review with each of them on a daily basis - use that to teach them how to write good code.
You should also set task deadlines and adopt a "no surprises" approach -- it's ok to change a deadline, but to do so they need to give you advanced warning of the obstacle and ask you for help up front. You should set the deadline based on how long you think it *should* take. Give them lots of feedback on how they are doing, which means not putting up with any crap. Challenge them.
Communicate to your boss that the others are struggling and that you are going to have to spend serious time mentoring. Managing up is very important, so spend a lot of time communicating to your boss on the tasks and progress of the others.
Sure. I think that there has been some really bad errors in several of the cases.
For example, one egregious error was the 2nd Circuit thinking that the act of installation and running the program is not important in determining whether publishing source code is "non-speech conduct" that results in the harms Congress was trying to prevent. They sort of said it doesn't really matter who does what.
The Austrailian law in question in this case their version of the DMCA, and it is quite similar.
The Australian Court could not agree that the use control measures where "Technological Protection Measures" that protect the copyrighted work. The relevent part of the decision is:
118 It follows that the protective devices relied on by the applicants cannot be regarded as technological protection measures if the only way in which they inhibit infringement of copyright in PlayStation games is by discouraging people from copying these games as a prelude to playing them on PlayStation consoles. It is necessary for the applicants to demonstrate that the protective devices are designed to function, by their own processes or mechanisms, to prevent or hinder acts that might otherwise constitute an infringement of copyright.
He's basically saying that when you bought the game, you bought the right to play the game, and that technological measures that inhibit this protect something other than the copyright. Said differently, (my words), the technological measures that were circumvented in the Playstation were only the "use controls" and not any of the "access controls".
This is a very well reasoned argument that I hope US courts will adopt. If a control is a mix of use control and access control, then you may legally circumvent the use control if you don't circumvent the access control.
Under this reasoning, a "non-licenced" DVD player that didn't expose the decrypted movie for copying would be legal, because the part of the CSS scheme that attempts to assure you use a licenced player only is not a TPM under the definition in the DMCA, since it doesn't protect the work, but rather the way the work is used.
I'm sure that there were many forms of open disobedience during the Vietnam protests (sit-ins at Berkely come to mind). Abortion protesters who block access to clinics fall in this category, as do some nuclear power protesters and Greenpeace on occasion.
There are two forms of civil disobedience: open and subversive. The kind you describe is open. The difference is that with open disobedience you attempt to attract the attention of authorities, challenging them to enforce the law to maximize the cost of enforcement. Subversive disobedience attempts to maximize non-compliance with the law.
Open disobedience was used, for example during the civil rights movement, to protest the British Tea Tax, and during Indian independence from Britain. Bruce Perens is doing this kind of civil disobediance tomorrow.
Subversive civil disobedience requires breaking the law in an ongoing and continual manner without calling government attention to it. This method has been used to combat 1920's prohibition, the war on drugs, anti-gay laws like sodomy laws and gays in the military, the 55-mph speed limit, and the "in god we trust" pledge ruling.
While I can't give a standard that explains which method works best in all circumstances, I think on this issue, the copyright cartel is best combatted by a combination of subversive disobedience against the cartels combined with economic reward to artists who attempt to explore alternatives.
Folks, it is clear to me that the legislative process is so corrupted by the Copyright special interests that the laws that it produces are not legitimate representations of the will of the people.
I believe that the only moral response in such a case is to violate those laws. Screw the MPAA. Screw the RIAA. Screw Congress. It is time for freedom loving people to declare openly that they will not recognize copyrights held by the MPAA and RIAA.
Assume that the MPAA and RIAA will be able to block packets from any P2P network that they identify as containing their works. I'm not sure how they'll do it, but it probably involves paying off the backbone owners and/or ISPs.
It seems to me that the obvious counter-measure is to use encryption and "trusted peer" techniques to preclude their ability to join the P2P network and/or identify who is trading what.
The bill requires you to notify the DOJ before you hack. The DOJ will serve an oversight role (translation: the DOJ will decide which criminal activity has donated sufficiently to the powers that be).
In practice the DOJ will say no to the little guy by stating some procedural BS reason. You may then sue the DOJ to have their decision reversed, but that will take forever and all that will result is that the law "as applied" might be struck down.
Unfortunately for me, my rep is Lamar Smith (R-TX) who is one of the bill's sponsors.
I wrote him yesterday (before I knew he was a sponsor) and made several objectsions to the bill: 1) It's vigilante justice. False positives -- the MPAA and RIAA have a strong market pressure to ignore false positives, because alternative methods of distribution challenge their business model 2) The "digital piracy" problem is not a problem 3) The MPAA and RIAA have subverted the democratic process and the will of the people regarding copyright law 4) Trying to stop file-trading is futile. Free Speech and "Total Control" Copyright are fundamentally incompatible. The People would rather have Free Speech than the MPAA and RIAA.
I wrote him today and told him I would vote against him.
Don't incorporate patches that you don't understand or don't think fit the vision. That part is easy: just state your vision clearly up front and then stand by it. People will respect you if you apply it consistently, but you have to communicate and elucidate.
What is sometimes hard for people is to get by the "Not Invented Here" psychological problem and to loosen up and accept good patches that weren't expected.
If you are afraid of forking, you shouldn't release with an open source licence. Forking is what gives other people the confidence that you go loopy and start acting like a jerk that the work they put into your project won't be lost. If you want your project's code to be of the highest quality you have to be good enough to lead even though people might want the project to head a different way. Generally, if you are fair and do a good job of accepting good patches, forks will always merge back.
IANAL, but I can read a lawyer's writing (ICRALW):
The U.S. Supreme Court has long held the laches defense applicable to patent infringement cases. The defense contains two elements: # The patent holder delayed bringing suit and that delay was unreasonable and inexcusable; and # The alleged infringer suffered materially prejudicial harm from the delay.
A.C. Auckerman Company v. R.L. Chaides Construction Co., 960 F.2d 1020 (Fed. Cir. 1992), citing Lane & Bodley Co. v. Locke, 150 U.S. 193 (1893).
However: Patentees against whom the laches defense has been successfully invoked are barred from collecting only those damages that accrued prior to filing suit. (same citation)
Thus these guys can file suit, and if successful force royalties until their patent expires in a couple of years.
So if the ISO experts group wrote the standard, how come it could be patented by this company?
Patents protect "novelty" not "originality", meaning they protect the first creation, not independent creation. If the JPEG group duplicated previous patented work, even unknowingly, then they would theoretically need a patent licence to do so.
I suspect Forgent is simply making a highly dubious claim that their technology is the same as JPEG in the hopes that they can extract settlements from big players who don't want to litigate.
This seems like a good case to (re)raise the legal challenge to the patenting of software algorithms. Especially since there are a large number of recentent cases that assert that software is speech. It is the Constitutional duty of copyright, not patents to protect speech.
A 3-D graphics algorithm is pretty close to the kind of pure mathematics that the Supreme Court has already said can't be patented.
It seems to me that most spam leverages flaws in the email protocol. The ability to spoof an email address and the lack of built-in and automatic digital signing both enable spam to flourish.
Perhaps its time to write a completely new email protocol that supports these features.
I don't think it's so much to ask that when an email header says its from joe_blow@yahoo.com that it really is from that address. I understand that this would cause anonymous email to be impossible, but it should be the recipient's choice as to whether they want to use an email protocol that allows spam and anonymous mail or not.
"First they laugh at you, then they ignore you, then they fight you, then you win." -- Ghandi
We're coming to the climax of phase three.
This whole thing just points out the absolute urgency to get "Desktop Linux" to a point where your mother would use it.
It will take MS a long time to implement Palladium because it is so ambitious. Minimum of three years: 1 for hardware to be available, another for MS to have shippable software, another for large scale deployment. In the time that it takes for them to get to that level, Linux MUST achieve at least 25% market share of new desktop OS sales. If this can be achieved, then Palladium won't matter because the monopoly will be broken enough to assure that other solutions survive.
I believe this is an achievable goal in an achievable timeframe. Some of the key gaps that have to be close to get there are: 1) OpenOffice has to improve and offer comparable MS Office compatibility to what Microsoft offers when they upgrade. (current progress: B+) 2) There has to be a robust set of games available on Linux (current progress: D) 3) Mozilla has to be clearly superiour to IE (current progress: B) 4) The LSB standard has to be widely and uniformly implemented so that software installations are turnkey for compelte boneheads (current progress: B) 5) MS Outlook has to have an equal among open source competitors (current progress: C) 6) More vendors need to offer Linux pre-installed machines. (current progress: C-)
Another thing that would help is that proprietary software vendors have to steer towards cross platform languages (java, delphi, etc) so that their niche market products run on Linux as soon as they run on windows.
Copyrights: you can't copyright an idea only a particular expression of it. Unless you literally copy source code, you are fine.
Patents: it doesn't matter WHO uses it -- if it's patented you need a licence if you use the exact design that is patented. Use the same precautions for this employee as any other, and if you find something patented in the design you'd like to use, modify your own design until it isn't equivalent.
Trade Secrets: The employee should know specifically what information of his old employer was proprietary. His NDA with them does not bind you unless you knowingly attempt to participate in his misappropriation. He is a big boy, he can keep himself on the ethical side. You have absolutely no duty to help his former company keep their secrets. That's what the CA DeCSS case was all about: even if B misappropriates A's trade secret, if C obtains it from B without knowing it was misappropriated, then C can post it to the internet with impunity.
Non-Compete clauses: Your employee already works for you. If your company competes directly against his last employer, then he (not you) would already be in violation. Since his former employer has not already sued him, this is likely not the case. His participation in a particular project is unlikely to affect this.
There really isn't any reason to worry about this employee any more than any other. The only relevent thing the law prevents your company from doing is infringing a patent, so don't do that, but that is true regardless your employees. If an employee violates an NDA and you aren't aware of it, then that is solely his problem to worry about.
Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required. I think we're already there on the server side (1 out of 4 servers sold today ships with Linux, more if you include the ones they can't count). In another couple of years we'll be there on the desktop as well. But as they say, the price of freedom is eternal vigilance. Let's make sure we get heard.
Unfortuanately, its the desktop where this matters. I actually think that the key to defeating this is going to come from other governments like Peru, Germany, etc... It is rather sad that I, as a US citizen, don't trust the US Congress *at all* to preserve my freedom, but instead it is foreign governments distrust of US corporations that I have to rely on.
The other difficulty is that computers with DRM are competing against the installed base of computers without it. Hopefully companies and consumers will balk at conversion costs. The big corps pushing DRM have already realized that they must have Congress on their side in order to pull this off. In order for DRM to be successful, ISPs will have to be required to restrict desktop internet service only to DRM compliant machines so that the masses are "encouraged" to buy new, compliant machines.
Why would that be a better model? Do you have any evidence to support such a theory? Or did you just pluck a reasonable-sounding hypothesis out of the air and state it as fact?
I wish I could claim to have plucked it "out of the air", but hazard rate modelling is a very standard technique in reliability engineering. The only other element of the model is that I'm saying that programmers create bugs as discrete occurances at a measurable rate. Unless the programmer is just learning to program or his mind is slipping at the end of his career, there is really little reason to belief the hazard isn't flat on mid-range timescales. It might drift down slightly from year to year as experience grows, but over the lifespan of an individual project modelling it as flat is the approach that nearly any reliability engineer would take.
It is actually rather preposterous for anyone to claim that if more people engage in debugging per original unit of programming, that the number of surviving bugs will not be less. It is very clear that this ratio is greater with open source development models than proprietary.
Slashdot Mirror
In MANY networked windows environments, the network admins do not allow end users to have administrator right on the machines on their desk. The network admins, typically MCSE's, perform a variety of admin tasks using automated tasks (either login or chron based) at an elevated permission.
I've often thought that the ISP should play a role similar to this for users on its network. They should be actively scanning for known vulnerabilities and upon finding one, they should block connections on that port and contact the user. Insurance companies should get involved and force ISP's to implement active defense mechanisms. It's pathetic that friendly machines don't scan each other for the purposes of mutual defense.
So I wonder if AOL will do a focus group to figure out if cooking their books creates investor dissatisfaction.
I recently read an article that described AOL's concern for the customer experience as "Soviet". I think that bashing the Reds this way is kind of unfair.
FYI, Democrats _and_ Republicans are both beholding to media interests (put simply, they're terrified of crossing the people who run television, radio and newspapers), although I think the Repubs are worse on the balance it barely matters who your rep is.
Republicans worse in supporting big media? Not even... Unlike most industries which support the GOP more, the Entertainment industry gives 2/3 of their money to democrats and 1/3 (half as much) to republicans. The GOP beats them up for being the "sex and violence" industry and for Hollywood's "lack of family values" pretty regularly. If you've noticed, the Hollings bill (formerly the SCCCA) has been sidelined by republicans, while all the democrats, like Sen. Feinstein, just love it.
You should stop coding and force them to get their hands dirty. Do code review with each of them on a daily basis - use that to teach them how to write good code.
You should also set task deadlines and adopt a "no surprises" approach -- it's ok to change a deadline, but to do so they need to give you advanced warning of the obstacle and ask you for help up front. You should set the deadline based on how long you think it *should* take. Give them lots of feedback on how they are doing, which means not putting up with any crap. Challenge them.
Communicate to your boss that the others are struggling and that you are going to have to spend serious time mentoring. Managing up is very important, so spend a lot of time communicating to your boss on the tasks and progress of the others.
Sure. I think that there has been some really bad errors in several of the cases.
For example, one egregious error was the 2nd Circuit thinking that the act of installation and running the program is not important in determining whether publishing source code is "non-speech conduct" that results in the harms Congress was trying to prevent. They sort of said it doesn't really matter who does what.
The Australian Court could not agree that the use control measures where "Technological Protection Measures" that protect the copyrighted work. The relevent part of the decision is: He's basically saying that when you bought the game, you bought the right to play the game, and that technological measures that inhibit this protect something other than the copyright. Said differently, (my words), the technological measures that were circumvented in the Playstation were only the "use controls" and not any of the "access controls".
This is a very well reasoned argument that I hope US courts will adopt. If a control is a mix of use control and access control, then you may legally circumvent the use control if you don't circumvent the access control.
Under this reasoning, a "non-licenced" DVD player that didn't expose the decrypted movie for copying would be legal, because the part of the CSS scheme that attempts to assure you use a licenced player only is not a TPM under the definition in the DMCA, since it doesn't protect the work, but rather the way the work is used.
OK, that was a bad example.
I'm sure that there were many forms of open disobedience during the Vietnam protests (sit-ins at Berkely come to mind). Abortion protesters who block access to clinics fall in this category, as do some nuclear power protesters and Greenpeace on occasion.
There are two forms of civil disobedience: open and subversive. The kind you describe is open. The difference is that with open disobedience you attempt to attract the attention of authorities, challenging them to enforce the law to maximize the cost of enforcement. Subversive disobedience attempts to maximize non-compliance with the law.
Open disobedience was used, for example during the civil rights movement, to protest the British Tea Tax, and during Indian independence from Britain. Bruce Perens is doing this kind of civil disobediance tomorrow.
Subversive civil disobedience requires breaking the law in an ongoing and continual manner without calling government attention to it. This method has been used to combat 1920's prohibition, the war on drugs, anti-gay laws like sodomy laws and gays in the military, the 55-mph speed limit, and the "in god we trust" pledge ruling.
While I can't give a standard that explains which method works best in all circumstances, I think on this issue, the copyright cartel is best combatted by a combination of subversive disobedience against the cartels combined with economic reward to artists who attempt to explore alternatives.
Folks, it is clear to me that the legislative process is so corrupted by the Copyright special interests that the laws that it produces are not legitimate representations of the will of the people.
I believe that the only moral response in such a case is to violate those laws. Screw the MPAA. Screw the RIAA. Screw Congress. It is time for freedom loving people to declare openly that they will not recognize copyrights held by the MPAA and RIAA.
Assume that the MPAA and RIAA will be able to block packets from any P2P network that they identify as containing their works. I'm not sure how they'll do it, but it probably involves paying off the backbone owners and/or ISPs.
It seems to me that the obvious counter-measure is to use encryption and "trusted peer" techniques to preclude their ability to join the P2P network and/or identify who is trading what.
It doesn't have one yet, but the text of the bill as introduced, is posted (in pdf format) on Declan McCullagh's site.
"Notwithstanding" means that the other statutes are preempted and literally will not withstand conflict with the present statute.
The bill requires you to notify the DOJ before you hack. The DOJ will serve an oversight role (translation: the DOJ will decide which criminal activity has donated sufficiently to the powers that be).
In practice the DOJ will say no to the little guy by stating some procedural BS reason. You may then sue the DOJ to have their decision reversed, but that will take forever and all that will result is that the law "as applied" might be struck down.
Write your representative online here
Unfortunately for me, my rep is Lamar Smith (R-TX) who is one of the bill's sponsors.
I wrote him yesterday (before I knew he was a sponsor) and made several objectsions to the bill:
1) It's vigilante justice. False positives -- the MPAA and RIAA have a strong market pressure to ignore false positives, because alternative methods of distribution challenge their business model
2) The "digital piracy" problem is not a problem
3) The MPAA and RIAA have subverted the democratic process and the will of the people regarding copyright law
4) Trying to stop file-trading is futile. Free Speech and "Total Control" Copyright are fundamentally incompatible. The People would rather have Free Speech than the MPAA and RIAA.
I wrote him today and told him I would vote against him.
Don't incorporate patches that you don't understand or don't think fit the vision. That part is easy: just state your vision clearly up front and then stand by it. People will respect you if you apply it consistently, but you have to communicate and elucidate.
What is sometimes hard for people is to get by the "Not Invented Here" psychological problem and to loosen up and accept good patches that weren't expected.
If you are afraid of forking, you shouldn't release with an open source licence. Forking is what gives other people the confidence that you go loopy and start acting like a jerk that the work they put into your project won't be lost. If you want your project's code to be of the highest quality you have to be good enough to lead even though people might want the project to head a different way. Generally, if you are fair and do a good job of accepting good patches, forks will always merge back.
Looks like some Italian cops found someones password and shut things down. It's not like they forced the U.S. based ISP's to pull the content.
Is this not a crime under US law? After all, unauthorized access was used to alter the site's contents.
IANAL, but I can read a lawyer's writing (ICRALW):
The U.S. Supreme Court has long held the laches defense applicable to patent infringement cases. The defense contains two elements:
# The patent holder delayed bringing suit and that delay was unreasonable and inexcusable; and
# The alleged infringer suffered materially prejudicial harm from the delay.
A.C. Auckerman Company v. R.L. Chaides Construction Co., 960 F.2d 1020 (Fed. Cir. 1992), citing Lane & Bodley Co. v. Locke, 150 U.S. 193 (1893).
However: Patentees against whom the laches defense has been successfully invoked are barred from collecting only those damages that accrued prior to filing suit. (same citation)
Thus these guys can file suit, and if successful force royalties until their patent expires in a couple of years.
So if the ISO experts group wrote the standard, how come it could be patented by this company?
Patents protect "novelty" not "originality", meaning they protect the first creation, not independent creation. If the JPEG group duplicated previous patented work, even unknowingly, then they would theoretically need a patent licence to do so.
I suspect Forgent is simply making a highly dubious claim that their technology is the same as JPEG in the hopes that they can extract settlements from big players who don't want to litigate.
This seems like a good case to (re)raise the legal challenge to the patenting of software algorithms. Especially since there are a large number of recentent cases that assert that software is speech. It is the Constitutional duty of copyright, not patents to protect speech.
A 3-D graphics algorithm is pretty close to the kind of pure mathematics that the Supreme Court has already said can't be patented.
It seems to me that most spam leverages flaws in the email protocol. The ability to spoof an email address and the lack of built-in and automatic digital signing both enable spam to flourish.
Perhaps its time to write a completely new email protocol that supports these features.
I don't think it's so much to ask that when an email header says its from joe_blow@yahoo.com that it really is from that address. I understand that this would cause anonymous email to be impossible, but it should be the recipient's choice as to whether they want to use an email protocol that allows spam and anonymous mail or not.
"First they laugh at you, then they ignore you, then they fight you, then you win." -- Ghandi
We're coming to the climax of phase three.
This whole thing just points out the absolute urgency to get "Desktop Linux" to a point where your mother would use it.
It will take MS a long time to implement Palladium because it is so ambitious. Minimum of three years: 1 for hardware to be available, another for MS to have shippable software, another for large scale deployment. In the time that it takes for them to get to that level, Linux MUST achieve at least 25% market share of new desktop OS sales. If this can be achieved, then Palladium won't matter because the monopoly will be broken enough to assure that other solutions survive.
I believe this is an achievable goal in an achievable timeframe. Some of the key gaps that have to be close to get there are:
1) OpenOffice has to improve and offer comparable MS Office compatibility to what Microsoft offers when they upgrade. (current progress: B+)
2) There has to be a robust set of games available on Linux (current progress: D)
3) Mozilla has to be clearly superiour to IE (current progress: B)
4) The LSB standard has to be widely and uniformly implemented so that software installations are turnkey for compelte boneheads (current progress: B)
5) MS Outlook has to have an equal among open source competitors (current progress: C)
6) More vendors need to offer Linux pre-installed machines. (current progress: C-)
Another thing that would help is that proprietary software vendors have to steer towards cross platform languages (java, delphi, etc) so that their niche market products run on Linux as soon as they run on windows.
Copyrights: you can't copyright an idea only a particular expression of it. Unless you literally copy source code, you are fine.
Patents: it doesn't matter WHO uses it -- if it's patented you need a licence if you use the exact design that is patented. Use the same precautions for this employee as any other, and if you find something patented in the design you'd like to use, modify your own design until it isn't equivalent.
Trade Secrets: The employee should know specifically what information of his old employer was proprietary. His NDA with them does not bind you unless you knowingly attempt to participate in his misappropriation. He is a big boy, he can keep himself on the ethical side. You have absolutely no duty to help his former company keep their secrets. That's what the CA DeCSS case was all about: even if B misappropriates A's trade secret, if C obtains it from B without knowing it was misappropriated, then C can post it to the internet with impunity.
Non-Compete clauses: Your employee already works for you. If your company competes directly against his last employer, then he (not you) would already be in violation. Since his former employer has not already sued him, this is likely not the case. His participation in a particular project is unlikely to affect this.
There really isn't any reason to worry about this employee any more than any other. The only relevent thing the law prevents your company from doing is infringing a patent, so don't do that, but that is true regardless your employees. If an employee violates an NDA and you aren't aware of it, then that is solely his problem to worry about.
Hopefully, by the time this thing hits critical mass (if ever), Linux will be too firmly entrenched for the industry to allow it to be required. I think we're already there on the server side (1 out of 4 servers sold today ships with Linux, more if you include the ones they can't count). In another couple of years we'll be there on the desktop as well. But as they say, the price of freedom is eternal vigilance. Let's make sure we get heard.
Unfortuanately, its the desktop where this matters. I actually think that the key to defeating this is going to come from other governments like Peru, Germany, etc... It is rather sad that I, as a US citizen, don't trust the US Congress *at all* to preserve my freedom, but instead it is foreign governments distrust of US corporations that I have to rely on.
The other difficulty is that computers with DRM are competing against the installed base of computers without it. Hopefully companies and consumers will balk at conversion costs. The big corps pushing DRM have already realized that they must have Congress on their side in order to pull this off. In order for DRM to be successful, ISPs will have to be required to restrict desktop internet service only to DRM compliant machines so that the masses are "encouraged" to buy new, compliant machines.
Why would that be a better model? Do you have any evidence to support such a theory? Or did you just pluck a reasonable-sounding hypothesis out of the air and state it as fact?
I wish I could claim to have plucked it "out of the air", but hazard rate modelling is a very standard technique in reliability engineering. The only other element of the model is that I'm saying that programmers create bugs as discrete occurances at a measurable rate. Unless the programmer is just learning to program or his mind is slipping at the end of his career, there is really little reason to belief the hazard isn't flat on mid-range timescales. It might drift down slightly from year to year as experience grows, but over the lifespan of an individual project modelling it as flat is the approach that nearly any reliability engineer would take.
It is actually rather preposterous for anyone to claim that if more people engage in debugging per original unit of programming, that the number of surviving bugs will not be less. It is very clear that this ratio is greater with open source development models than proprietary.