You're talking about a different meaning of the word "stable". In the debian world, "stable" means "software won't change out from under you" not "software won't crash".
"Stable" used to mean only "Done adding features".
As I recall, the change in meaning came at about the time that Windows 95 was being beta tested. It was called "stable". Win95 was much less prone to crash than Windows 3.1, remember (or, can you believe it)? So anyone hearing it called "stable" would assume that meant it was bug-free.
Americans shouldn't trust electronic voting because they cannot trust their own government at all.
We Americans do not trust our government. We are very proud of that. It's an intentional act of will, and we believe in it more strongly than just about any other founding principle of our nation. Our very government is constructed in distrust of itself. We are taught by our parents, by our media, and by our government-run schools that government is a necessary evil and not to trust it.
But in spite of that, no, because of our distrust of our own government, we refuse to yield our national sovereignty to the U.N. or anyone else.
The question of whether we should use electronic voting or more laborious hand-counting also devolves to our basic distrust of government. Will it help or hurt? That's the question.
Saying we should hand-count because we don't trust the government misses the point entirely.
Making money is a fine business goal. If it's your only goal, well, I hope that works out for you.
Making a good product is the best way to make money. Quality sells, and it generates repeat customers, and it's cheaper to support. Selling sucky code to make a buck may be "good business", but it's not for me, nor apparently was it for Netscape.
That was a values-based decision. My beef with Sposky is criticizing a values-based decision as if it were merely one of arithmetic.
I'm not attributing any special powers to Marc Andreesen; he's just the guy who wrote the code in question. People are generally proud of their work, so if a programmer says code he wrote as a student isn't good enough, then I'm not going to argue with him.
Netscape's monumental decision to rewrite their browser instead of improving the old code base cost them several years of Internet time, during which their market share went from around 90% to about 4%, and this was the
programmers' idea. Of course, the nontechnical and inexperienced management of that company had no idea why this was a bad idea. There are still scads of programmers who defend Netscape's ground-up rewrite. "The old code really sucked, Joel!" Yeah, uh-huh. Such programmers should be admired for their love of clean code, but they shouldn't be allowed within 100 feet of any business decisions, since it's obvious that clean code is more important to them than shipping, uh, software.
Hindsight is 20/20. If Marc Andreesen said the code sucked, and needed a rewrite, then it sucked and needed a rewrite. How long would it have taken to add all the latest features to the old code base?
Microsoft had the Mosaic code. They were not going to rewrite it, even though it sucked, because that would not be "good business". They sold the sucky product to win a short-term victory, and they're still doing it today.
Delivering good products should always be the goal. Given the choice between A) competing against Microsoft at repackaging bad code and B) rewriting the code completely, the choice is obvious.
Sposky and Chapman appear to believe that market domination defines correct decisionmaking. Criticize people for not understanding the business they're running, but don't criticize them for having integrity.
In 1989 the Internet was growing at 8% per month. A coworker said that in a few years, home appliances would be on the Internet. I disagreed, saying "Only geeks will use the Internet." Who thought Grandma would ever learn or want to use telnet, ftp, nn, or especially ppp?
Linux use is growing. It's going to keep growing, because using Linux is becoming easier for Grandma and geek alike.
Linux is geeky because its developers and users have thus far been geeks. Linux can be made usable by Grandma, but it can't be done without Grandma's help.
Even if Microsoft, SCO, and Matthew Szulik are right, and Linux is not for the end user, that's OK. Everyone should not run the same OS. But we should reach for the brass ring while our eyes behold it, so that most people do.
In response to the dastardly assault against the twin (mini-)towers, the President of Debian drew a line in the sand and immediately announced the invasion of Slackware.
Responing to the attack, the Debian developers made immediate full disclosure, thanked the attackers for revealing the flaw, restored the compromised systems to fresh hardware, verified the correctness of the new systems, and went back online.
In a related story, SCO sued Debian because it had been over a day since they sued anyone.
> They could easily make loads more money if they focused instead on a model closer to the Open Source model.
Do you really think they would have 90% market share with open source products? Of course not.
That presumes a zero-sum game. Market share, revenue, and profit are not equivalent. Which would you rather have: your profit on 90% of a $100 billion market, or your profit on 10% of a $1 trillion market?
By growing the market an order of magnitude, your share can drop drastically while your overall profit rises.
The closed source development model can't drive radical market growth any more. I'd be willing to argue that it never has, that the truly new products have historically come from people sharing code. The mechanics and logistics of writing software, debugging it, documenting it, and supporting it are slowed to a crawl when the source is kept hidden.
Current anti-spam measures have sought to limit the effect of spam on normal operation. It's sort of a "greedy" algorithm: everyone does the best they can locally, regardless of what the global outcome is. Tools like SpamAssassin, Bayesian spam controllers, and even the god-like powers of the M$ Butterfly are only in an arms race with spammers. Clearly, a different approach is needed.
My goals are to make spamming socially unacceptable, unprofitable, and dangerous.
From a design perspective, spam is an error condition. It should be treated that way. Any system generating the error should be notified about the error.
The way SMTP handles mail delivery may offer a way. A sender is not notified of successful delivery, only unsuccessful deliveries. That's usually a good thing, but it allows a spammer to send gozillions of messages and use the response or lack of response to clean up his list.
SMTP servers should have built-in anti-spam provisions such that:
Mail should be tagged as spam regardless of whether the addressee exists
Mail tagged as a spam error should be bounced with a special "X-spam-with: msgid" header. It should reflect back to the sending host (not the poor sap in the "From " line). "msgid" is the message id from the sending host.
If a server receives mail tagged with the "X-spam-with:" header, it should find itself in the headers of the message, find who sent it the mail, strip off everything after its point in the delivery chain, and send the mail back with a "X-spam-with: msgid" header (msgid from its header). If it can't find itself, it should treat the message as a spam error, to protect against spammers using the header to send spam.
Eventually, the mail will bounce back to a system that either was the true spamming SMTP host or was victimized somehow.
Why should unwitting ISPs and virus victims be inundated with X-spam-with bounces?
there's no way to tell them from the real thing
the error would be focused back closer to the spot where it originated
it would force people to deal with the problem
Taken together, I think these effects would make spammers anathema to their ISPs (socially unaccepted), would cost them more, and would create the danger of being swamped with bounce messages.
I'm not a physicist. I'm barely a programmer. I wouldn't know a free meson from a Free Mason.
But logically, freedom from terrorist attack has to precede building mega-science superstructures. What a nice target a miles-long power-sucking frozen pipe would make. The same holds for moon bases, undersea research pods, and whatever else we want. If it's there, some terrorist will want to blow it up.
The first duty of government is to defend the liberty of the people. Whether fighting terrorists is better done in Baghdad or in Chicago is left as an exercise to the reader.
Reply to every spam by insisting that before you view their email they have to use Exchange to send it; before you will visit their website they have to run IIS. The failure of their business will be assured.
Oh, but they probably already are running IIS and Exchange.
From 1990 to today, every Gateway owner I've known has had to call tech support at least once. Single user home PC purchases, large institutional buys, it hasn't mattered; something was always wrong enough to require a call to Gateway.
The only way we're going to save Linux is to get it off Grandma's computer.
Do you believe in the principles of Open Source, or not?
Grandma: "I clicked on the little button thingy, and it said something about needing a root."
RealProgrammer: "Oh, that must mean it was asking for the root password. In this system, only the user named "root" can do things that affect other users. Here's the password to type, and I'll fix it."
RealProgrammer leads a world-wide development effort to make a Grandma-friendly And Still Secure Enough Environment (GASSEE). Grandma is a beta tester. She soon learns that some popular, feature-rich, overbloated environments are better than others, and that she likes the ones that let her look under the hood and scratch code on the bare metal. She also likes the idea of giving back to the community, and since she has a lot of free time she takes over management of the GASSEE project, developing a lean and clean 3D X server and tools to manage XF86Config.
Yeah, that was a little over the top, but the point is that OSS principles don't depend on the expertise of the user nor the skill level of an individual developer to work. In fact, you want users of all skill levels and backgrounds. How else can you make it better?
Either Linux can take the scrutiny of Grandma and be improved by it, or Microsoft, SCO, and the RIAA have already won. --
In France our government is doing major cut in funding of many science labs and projects and that means that we will soon be unable to keep up with America's technology.
> --Trojan Defense Successful Three Times in UK Courts
> (28 October 2003)
> Three cases in UK courts have set a significant precedent for
> prosecuting those accused of cyber crimes. In all three cases,
> defendants' attorneys successfully argued that their clients' computers
> had been hijacked by Trojan horse programs and therefore the defendants
> were not responsible for the alleged crimes. While some view the
> precedent as a safeguard against convicting innocent people, others are
> concerned that it gives cyber criminals a blanket defense. The Trojan
> defense has not yet been used in the US court system.
> computerworld The Register (UK)
> [Editor's Note (Schultz): I fear that this will become the
> universally-used defense in cybercrime cases. Juries are not likely to
> know enough to see past this type of alibi.]
Actually the problem will be if _prosecutors_ can't get past the Trojan defense. Juries are routinely forced to learn the technical details of a criminal situation, whether it's a pyramid scheme or a poisoning. A prosecutor has to educate the jury and then convince the jury that the defendant is guilty of cognizant action (or inaction). It's the cognizant inaction part that will most likely break through the Trojan defense.
An analogy is as old as law itself: if I have a dog known to get out of its pen and bite the neighbors, then unless I try to do something about it I'm liable for the damages the dog does.
Another analogy: if I ask you to carry an envelope over to the mailbox, and don't tell you it contains anthrax, then you act legally by placing the envelope in the mailbox. I commit the crime, even if I don't specifically ask you to carry anything but just arrange for it to happen. Knowledge is the key, coupled with the choice to act or not to act.
If the prosecutor can't show that the defendent knew his computer was doing illegal things, then the jury should acquit. If he did know about the illegal activity, the prosecutor still has to show intentional action or inaction. That's how it works for dogs and owners, for letters and mailboxes, and that's how it's supposed to work for computer networks, too.
Slashdot Mirror
I am outraged. We've got dolphins for all of this work.
Where is the Dolphin Workers Union on this? Sitting fat in their own Jacuzzis, that's where, taking handouts from the Man.
Their silence condemns them for the fish-bucket whores they are.
"Stable" used to mean only "Done adding features".
As I recall, the change in meaning came at about the time that Windows 95 was being beta tested. It was called "stable". Win95 was much less prone to crash than Windows 3.1, remember (or, can you believe it)? So anyone hearing it called "stable" would assume that meant it was bug-free.
I just hope the Miller Lite fountain wrestlers get used for EVERYTHING.
(I know the deal is reusing commercials that never got used, but this is more fun)
We Americans do not trust our government. We are very proud of that. It's an intentional act of will, and we believe in it more strongly than just about any other founding principle of our nation. Our very government is constructed in distrust of itself. We are taught by our parents, by our media, and by our government-run schools that government is a necessary evil and not to trust it.
But in spite of that, no, because of our distrust of our own government, we refuse to yield our national sovereignty to the U.N. or anyone else.
The question of whether we should use electronic voting or more laborious hand-counting also devolves to our basic distrust of government. Will it help or hurt? That's the question.
Saying we should hand-count because we don't trust the government misses the point entirely.
Making money is a fine business goal. If it's your only goal, well, I hope that works out for you.
Making a good product is the best way to make money. Quality sells, and it generates repeat customers, and it's cheaper to support. Selling sucky code to make a buck may be "good business", but it's not for me, nor apparently was it for Netscape.
That was a values-based decision. My beef with Sposky is criticizing a values-based decision as if it were merely one of arithmetic.
I'm not attributing any special powers to Marc Andreesen; he's just the guy who wrote the code in question. People are generally proud of their work, so if a programmer says code he wrote as a student isn't good enough, then I'm not going to argue with him.
Hindsight is 20/20. If Marc Andreesen said the code sucked, and needed a rewrite, then it sucked and needed a rewrite. How long would it have taken to add all the latest features to the old code base?
Microsoft had the Mosaic code. They were not going to rewrite it, even though it sucked, because that would not be "good business". They sold the sucky product to win a short-term victory, and they're still doing it today.
Delivering good products should always be the goal. Given the choice between A) competing against Microsoft at repackaging bad code and B) rewriting the code completely, the choice is obvious.
Sposky and Chapman appear to believe that market domination defines correct decisionmaking. Criticize people for not understanding the business they're running, but don't criticize them for having integrity.
In 1989 the Internet was growing at 8% per month. A coworker said that in a few years, home appliances would be on the Internet. I disagreed, saying "Only geeks will use the Internet." Who thought Grandma would ever learn or want to use telnet, ftp, nn, or especially ppp?
Linux use is growing. It's going to keep growing, because using Linux is becoming easier for Grandma and geek alike.
Linux is geeky because its developers and users have thus far been geeks. Linux can be made usable by Grandma, but it can't be done without Grandma's help.
Even if Microsoft, SCO, and Matthew Szulik are right, and Linux is not for the end user, that's OK. Everyone should not run the same OS. But we should reach for the brass ring while our eyes behold it, so that most people do.
Responing to the attack, the Debian developers made immediate full disclosure, thanked the attackers for revealing the flaw, restored the compromised systems to fresh hardware, verified the correctness of the new systems, and went back online.
In a related story, SCO sued Debian because it had been over a day since they sued anyone.
> They could easily make loads more money if they focused instead on a model closer to the Open Source model.
That presumes a zero-sum game. Market share, revenue, and profit are not equivalent. Which would you rather have: your profit on 90% of a $100 billion market, or your profit on 10% of a $1 trillion market?
By growing the market an order of magnitude, your share can drop drastically while your overall profit rises.
The closed source development model can't drive radical market growth any more. I'd be willing to argue that it never has, that the truly new products have historically come from people sharing code. The mechanics and logistics of writing software, debugging it, documenting it, and supporting it are slowed to a crawl when the source is kept hidden.
Current anti-spam measures have sought to limit the effect of spam on normal operation. It's sort of a "greedy" algorithm: everyone does the best they can locally, regardless of what the global outcome is. Tools like SpamAssassin, Bayesian spam controllers, and even the god-like powers of the M$ Butterfly are only in an arms race with spammers. Clearly, a different approach is needed.
My goals are to make spamming socially unacceptable, unprofitable, and dangerous.
From a design perspective, spam is an error condition. It should be treated that way. Any system generating the error should be notified about the error.
The way SMTP handles mail delivery may offer a way. A sender is not notified of successful delivery, only unsuccessful deliveries. That's usually a good thing, but it allows a spammer to send gozillions of messages and use the response or lack of response to clean up his list.
SMTP servers should have built-in anti-spam provisions such that:
Why should unwitting ISPs and virus victims be inundated with X-spam-with bounces?
Taken together, I think these effects would make spammers anathema to their ISPs (socially unaccepted), would cost them more, and would create the danger of being swamped with bounce messages.
I'm not a physicist. I'm barely a programmer. I wouldn't know a free meson from a Free Mason.
But logically, freedom from terrorist attack has to precede building mega-science superstructures. What a nice target a miles-long power-sucking frozen pipe would make. The same holds for moon bases, undersea research pods, and whatever else we want. If it's there, some terrorist will want to blow it up.
The first duty of government is to defend the liberty of the people. Whether fighting terrorists is better done in Baghdad or in Chicago is left as an exercise to the reader.
Reply to every spam by insisting that before you view their email they have to use Exchange to send it; before you will visit their website they have to run IIS. The failure of their business will be assured.
Oh, but they probably already are running IIS and Exchange.
From 1990 to today, every Gateway owner I've known has had to call tech support at least once. Single user home PC purchases, large institutional buys, it hasn't mattered; something was always wrong enough to require a call to Gateway.
The only way we're going to save Linux is to get it off Grandma's computer.
Do you believe in the principles of Open Source, or not?
Yeah, that was a little over the top, but the point is that OSS principles don't depend on the expertise of the user nor the skill level of an individual developer to work. In fact, you want users of all skill levels and backgrounds. How else can you make it better?
Either Linux can take the scrutiny of Grandma and be improved by it, or Microsoft, SCO, and the RIAA have already won.
--
I'd rather have someone write about the flaws ahead of time than discover them by their results.
Information will find its way out, one way or another.
In France our government is doing major cut in funding of many science labs and projects and that means that we will soon be unable to keep up with America's technology.
Vacuously true.They took DNA from something and combined it to make something else. That's not creating life; that's breeding.
Lemme know when they take dirt and make a man, or when they take a man's rib and make a woman.
That will be playing God.--
<disclaimer>I'm not a lawyer.</disclaimer>
This same topic was part of SANS NewsBites
I wrote to them:
Re: SANS NewsBites Vol. 5 Num. 44
> --Trojan Defense Successful Three Times in UK Courts
> (28 October 2003)
> Three cases in UK courts have set a significant precedent for
> prosecuting those accused of cyber crimes. In all three cases,
> defendants' attorneys successfully argued that their clients' computers
> had been hijacked by Trojan horse programs and therefore the defendants
> were not responsible for the alleged crimes. While some view the
> precedent as a safeguard against convicting innocent people, others are
> concerned that it gives cyber criminals a blanket defense. The Trojan
> defense has not yet been used in the US court system.
> computerworld
The Register (UK)
> [Editor's Note (Schultz): I fear that this will become the
> universally-used defense in cybercrime cases. Juries are not likely to
> know enough to see past this type of alibi.]
Actually the problem will be if _prosecutors_ can't get past the Trojan defense. Juries are routinely forced to learn the technical details of a criminal situation, whether it's a pyramid scheme or a poisoning. A prosecutor has to educate the jury and then convince the jury that the defendant is guilty of cognizant action (or inaction). It's the cognizant inaction part that will most likely break through the Trojan defense.
An analogy is as old as law itself: if I have a dog known to get out of its pen and bite the neighbors, then unless I try to do something about it I'm liable for the damages the dog does.
Another analogy: if I ask you to carry an envelope over to the mailbox, and don't tell you it contains anthrax, then you act legally by placing the envelope in the mailbox. I commit the crime, even if I don't specifically ask you to carry anything but just arrange for it to happen. Knowledge is the key, coupled with the choice to act or not to act.
If the prosecutor can't show that the defendent knew his computer was doing illegal things, then the jury should acquit. If he did know about the illegal activity, the prosecutor still has to show intentional action or inaction. That's how it works for dogs and owners, for letters and mailboxes, and that's how it's supposed to work for computer networks, too.