The laptop's optical drive is already external (USB), and I usually leave it at home anyway. I don't have quite the same luxury of leaving the HDD at home. In order to use an internal SSD, I would have to put the HDD in a USB enclosure and carry it everywhere.
or use a hybrid drive
I would have bought my most recent laptop with a hybrid drive if Dell offered a hybrid drive as an option. Which maker of compact (11.6" class) laptops with a hybrid drive should I choose next time? If I were to replace the HDD with a hybrid drive and sell on the HDD, where would I get a good price for the HDD?
if you want both kinds of storage in an older laptop.
It's not even just "an older laptop" that lacks support for "modern PCIe/NVMe SSDS". A Dell Inspiron 11 3000 series laptop purchased new in 2018 still doesn't have an NVMe slot according to this photo with the bottom cover removed. A search on Crucial.com shows only SATA SSDs, intended to replace the HDD, not supplement it.
Wouldn't the use case for AIM, Skype, and Discord be equally served with an extension to the IRC protocol that lets a user choose to store chat history on the server?
The idea that we should enumerate and scan for every single on of the billions of executable that we don't want to run instead of code-signing the couple-dozen we do want to run has always been an absurdity.
That'd be fine if there were some counterpart to trust on first use (TOFU) or domain validation (DV) in the code signing certificate management policies of popular operating systems. Mac OS X used to use TOFU, where the user could choose to trust a particular app signed with a self-signed publisher certificate, and then the OS would trust updates signed with the same certificate. But in 10.7, with the introduction of Gatekeeper and Mac App Store, Apple switched to the single-CA model that macOS uses to this day. Apple's certificate is $99 per year, and Authenticode CAs for Windows tended to charge a similar amount last I checked. This poses a financial burden for free software developers and good-faith hobbyist proprietary freeware developers, who find it difficult to afford the necessary certificates and renewals thereto when distributing their work to the public in executable form across multiple operating systems.
It's like designing a door to your office to recognize criminals instead of giving keys to your employees.
In your analogy, how much does it cost to issue each key?
More importantly, RAM that is not being used is sitting idle and not benefiting anyone.
Some amount of free RAM decreases latency when starting a new process or when making a large allocation in an existing process, such as opening a large document, as the memory manager doesn't have to block the process while mass-dumping pages to swap. (Disk cache on the bubble for being evicted helps the same way.) And a laptop with two RAM slots could theoretically power down one slot on demand in order to decrease battery current draw. (I'm not aware of any that actually do.)
My experience has been that the typical system is either I/O or throughput constrained (or just insanely overspecced) rather than being short on RAM. YMMV though.
Mileage does vary. As DRAM prices doubled over the course of 2017, PC makers continued to skimp on RAM in budget models. Just this year, Dell finally increased the RAM of Inspiron 11 3000 series laptops on its deals page from 2 GB to 4 GB. In my experience, Xubuntu is happy with 2 GB, but Windows 10 really needs the 4 GB. This goes double if you run many applications built with Microsoft Electron, such as Slack, Skype, Discord, Atom editor, or Visual Studio Code. Each of these contains a separate copy of Chromium, and none of them share memory the way web applications open in Chromium/Google Chrome or Firefox can.
With modern PCIe/NVMe SSDS, this is even less pronounced.
On a desktop, that's fine, as you can fit both an SSD boot drive and a conventional HDD for bulk data in the case, or an internal SSD and an HDD in a USB enclosure. But I was under the impression that most laptops lack space/slots for both SSD and HDD. Change my mind.
DANE requires DNSSEC, and adoption of DNSSEC requires domain name registrars and DNS zone hosts to make it cheap and easy. Right now many don't. For example, last I checked, GoDaddy considered DNSSEC to be a "premium" feature not included in the zone hosting bundled with registration. I'd assume this is to discourage use of DANE in favor of GoDaddy's CA, but I'm interested in defenses of why this is mere incompetence on GoDaddy's part.
As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts
Has the Watchtower Bible and Tract Society taken over 1Password? I wouldn't trust that organization with my online accounts for several reasons.
Not quite, but Electronic Frontier Foundation is sponsoring the Let's Encrypt CA. In addition, many of the same companies sponsor both EFF (source) and LE (source). Fastly and DigitalOcean, for example, sponsor both organizations.
once negotiated it prevent interception of the message being TRANSPORTED over the network. In order to do this self-signed certificates are perfectly adequate.
"Negotiation" of a TLS connection includes the client accepting the certificate that the server presents. This is fine over a LAN, as (say) a printer can write the fingerprint of its self-signed certificate to paper in text and QR code form, or a home server appliance can use a composite, VGA, or HDMI output or a built-in status LCD to display the fingerprint. But it's less fine at Internet scale unless there's some convenient means of out-of-band communication between the operators of the client and the server. How would it be practical for every MTA operator to verify every other MTA's self-signed certificate through out-of-band communication?
In the case of http caching, HSTS, cert pinning, etc all BROKE caching.
I'm not sure what you're getting at here. Nothing related to HTTPS affects client-side caching in any way. Besides, Chrome phased out key pinning by version 67 anyway in favor of Certificate Transparency because it was too easy for someone to exploit a misissued certificate for hostile pinning (source).
HTTPS breaks only intermediate caching by intercepting proxies. There are cases where operators of intercepting proxies have (ab)used their position to insert advertisements into documents that a user is viewing, Comcast being among them. If a user does want to opt into use of a proxy, web browsers still allow installation of a proxy's private root certificate.
Define "gone". If your definition is "zero", then no app distribution channel of any size will ever reach it. Google Play has extremely low rates of PHA (potentially-harmful apps -- a somewhat broader category than "malware") now, and it's being driven down year by year.
I'd start by defining "gone" as the probability of encountering a PHA on Google Play Store being less than that on Apple's App Store during the same month.
Like Pascal, SQL uses single equals as the equality comparison operator. But this is a Java story, and Bing is trying to claim that assertions expressed as code embedded in prose should be expressed as assignments, not as comparisons that evaluate to true.
These "shared libraries that would store the same information in all processes" are part of the problem. I imagine that some of them are required for interfacing with the operating system.
So I propose a benchmark: Open 10 tabs with one Firefox content process and exercise them for a while. Then open 10 tabs with four Firefox content processes and do the same. How does the RAM use compare?
This contrast can also be seen in the success of "Pirates" while the movie industry tried to fight "Movie pirates"
If I had nothing to lose, I'd start a BitTorrent tracker specializing in works that that glorify pirates, such as One Piece and Pirates of the Caribbean. A notice at the bottom of every page: "Your claims against us are estopped by unclean hands until your legal department stops mistakenly referring to infringement as piracy."
we should still make time to pretend and imagine things that don't exist. Whether that means writing a book, playing d&d, or even role playing in and outside of a video game universe.
There's a big difference between role-playing in a universe of your own creation and role-playing in a universe whose exclusive rights are owned by a multinational conglomerate.
In there you'll see you can happily use your computer while those nasty background services you incorrectly claim are making the hourglass spin (they don't, that's the whole point of background service) are quickly loaded.
I can technically "use" File Explorer once I log in, but if I actually try to open anything, the process will be told to get in line for use of the HDD behind all the other updater processes that are trying to use the HDD right now.
You're comparing an update check to something that actively scans every file when it is accessed.
The antivirus "actively scans" the update check executable "when it is accessed." And once the update check is running, it reads the existing main executable to see which version is installed, which causes the antivirus to "actively scan[]" the main executable "when it is accessed." That's two scans per updater at every login.
It may surprise you to know that Core2Duos haven't gotten any slower
Agreed. But the updaters of newer versions of popular Windows applications have become more bloated. Whether it's a Core 2 Duo or the latest i7 matters little because it's not the CPU; it's the HDD. And unless the PC owner splurges for an SSD and an external enclosure for his existing HDD, the laws of physics limit how many random inputs and outputs per second (IOPS) you can get out of an HDD.
My Core 2 Duo laptop running Debian is still snappy. But Debian has the advantage that only one updater is running at once (APT), compared to a separate updater for each application on Windows. Even if background update (such as unattended-upgrades) is enabled, APT is single-threaded, which gives other applications a chance to use the HDD while APT is using the CPU. In addition, unattended-upgrades doesn't run at every login; it runs only once daily.
You want benchmarks? Make some.
Microsoft already made some of the tools used in my benchmark. Since Windows 8, Task Manager displays what fraction of time is spent servicing disk I/O requests. When a bunch of updaters are running, that's pegged at 100%, which can take a minute or more. Before that, one could look at the HDD access light or just listen to the HDD's head moving back and forth and use a stopwatch from pressing Enter on the password screen to when it settles.
Or use some common sense such as examining the CPU time or memory footprint of the processes on any machine so you can see how completely and utterly irrelevant they actually are.
In my experience, CPU time and memory footprint are less relevant to responsiveness at login than HDD usage time.
Side note: Yes you absolutely should tell those pensioners to throw away Vista, and if their Core2Duos can't run Windows 7 or Linux then throw away the entire PC.
Agreed. But in most cases, an Xfce-based GNU/Linux distribution (such as Debian Xfce or Xubuntu) works well on older hardware, with the exception of oddball laptop hardware without good Linux drivers. So for someone whose PC's preinstalled operating system's support period has ended, my advice is "backup user profiles, wipe, and Linux".
Which language does that? An equal sign in Java or whatever else changes the value of a variable. If you want to assert that the sum of two things equals the sum of something else, something of the form a + b = c + d won't work because a + b isn't an lvalue.
They've been working hard to make the new, more secure and (importantly) concurrent system up to scratch.
Let me know when this hard work results in enough functionality in the system to allow a WebExtension counterpart to the defunct Keybinder extension, even if only for disabling accidental presses Ctrl+Q or Ctrl+Shift+Q for quit when I was aiming for Ctrl+Tab or Ctrl+Shift+Tab. (No, Restore Previous Session didn't restore text entered into a Slashdot comment composition form last I checked.) That's reportedly waiting on a fix for long-standing bug 1325692.
What's more, folks are going on like processes are intrinsically expensive.
On Windows, starting a process is expensive for two reasons: spawn semantics instead of fork semantics, and the common practice of real-time antivirus. On any system, RAM owned by a process and not shared with other processes is expensive, particularly if it causes cached disk sectors to get evicted to make room or (worse) leads to swapping.
so many programs think they need to do it at logon - while the owner waits, staring at a spinning hourglass.
you clearly missed the absurdity of disabling something that uses effectively no resources for "performance gains".
You claim that the dozen updaters that run every time the user logs in are "something that uses effectively no resources". I doubt this claim. This goes double for Windows, on which it's common practice for Windows Defender or some other real-time virus scanner to scan every executable every time it runs.
To resolve this, I'm interested in benchmarks of the most common automatic updaters on the decade-old yet paid-for PCs that pensioners have, many of which have a Core 2 Duo CPU and a conventional HDD. Data I'm looking for include CPU time, peak resident RAM, random disk I/Os, and network data sent and received. I know a Core 2 Duo can still be useful on the web of 2018; I'm typing this very comment into a Core 2 Duo laptop running Debian (which has been upgraded from 2 GB RAM to 4 GB; cache made a difference).
I have had a telephone interview. But I was under the impression that most employers who conduct first interviews over telephone, email, text chat, or VoIP require the second interview to be in person.
"cars"
This requires both owning a car and operating a car. Owning a car requires one to be already in a job that pays enough to afford to buy a car. My current job does not. Operating a car requires a driver's license, and obtaining a driver's license requires 50 to 120 hours (depending on state or province) of supervised driving on a learner's permit with a licensed driver in the front passenger seat. Unless I'm missing something, this in turn appears to require either A. having parents who drive or B. spending thousands on driving school.
"trains"
There are no passenger train stations in my home town. How would I go about using a passenger train station other than those in my home town?
"airplanes"
Do employers reimburse the candidate for the round-trip airfare to and from the location of a second interview? If not, flying requires one to be already in a job that pays enough to afford airfare.
In hacker jargon, unlike in Java itself, a naked comparison expression implies an assertion that its value is true. For example, in this case: "It is true that commercial support equals a subscription."
Slashdot Mirror
Replace the optical drive with a hard disk caddy
The laptop's optical drive is already external (USB), and I usually leave it at home anyway. I don't have quite the same luxury of leaving the HDD at home. In order to use an internal SSD, I would have to put the HDD in a USB enclosure and carry it everywhere.
or use a hybrid drive
I would have bought my most recent laptop with a hybrid drive if Dell offered a hybrid drive as an option. Which maker of compact (11.6" class) laptops with a hybrid drive should I choose next time? If I were to replace the HDD with a hybrid drive and sell on the HDD, where would I get a good price for the HDD?
if you want both kinds of storage in an older laptop.
It's not even just "an older laptop" that lacks support for "modern PCIe/NVMe SSDS". A Dell Inspiron 11 3000 series laptop purchased new in 2018 still doesn't have an NVMe slot according to this photo with the bottom cover removed. A search on Crucial.com shows only SATA SSDs, intended to replace the HDD, not supplement it.
Wouldn't the use case for AIM, Skype, and Discord be equally served with an extension to the IRC protocol that lets a user choose to store chat history on the server?
So if I want to sue someone who has harmed me, I should try to win an election and get legislation passed as my remedy?
The reason for legislation is to get the harm done to you officially recognized as actionable harm in the first place.
The idea that we should enumerate and scan for every single on of the billions of executable that we don't want to run instead of code-signing the couple-dozen we do want to run has always been an absurdity.
That'd be fine if there were some counterpart to trust on first use (TOFU) or domain validation (DV) in the code signing certificate management policies of popular operating systems. Mac OS X used to use TOFU, where the user could choose to trust a particular app signed with a self-signed publisher certificate, and then the OS would trust updates signed with the same certificate. But in 10.7, with the introduction of Gatekeeper and Mac App Store, Apple switched to the single-CA model that macOS uses to this day. Apple's certificate is $99 per year, and Authenticode CAs for Windows tended to charge a similar amount last I checked. This poses a financial burden for free software developers and good-faith hobbyist proprietary freeware developers, who find it difficult to afford the necessary certificates and renewals thereto when distributing their work to the public in executable form across multiple operating systems.
It's like designing a door to your office to recognize criminals instead of giving keys to your employees.
In your analogy, how much does it cost to issue each key?
More importantly, RAM that is not being used is sitting idle and not benefiting anyone.
Some amount of free RAM decreases latency when starting a new process or when making a large allocation in an existing process, such as opening a large document, as the memory manager doesn't have to block the process while mass-dumping pages to swap. (Disk cache on the bubble for being evicted helps the same way.) And a laptop with two RAM slots could theoretically power down one slot on demand in order to decrease battery current draw. (I'm not aware of any that actually do.)
My experience has been that the typical system is either I/O or throughput constrained (or just insanely overspecced) rather than being short on RAM. YMMV though.
Mileage does vary. As DRAM prices doubled over the course of 2017, PC makers continued to skimp on RAM in budget models. Just this year, Dell finally increased the RAM of Inspiron 11 3000 series laptops on its deals page from 2 GB to 4 GB. In my experience, Xubuntu is happy with 2 GB, but Windows 10 really needs the 4 GB. This goes double if you run many applications built with Microsoft Electron, such as Slack, Skype, Discord, Atom editor, or Visual Studio Code. Each of these contains a separate copy of Chromium, and none of them share memory the way web applications open in Chromium/Google Chrome or Firefox can.
With modern PCIe/NVMe SSDS, this is even less pronounced.
On a desktop, that's fine, as you can fit both an SSD boot drive and a conventional HDD for bulk data in the case, or an internal SSD and an HDD in a USB enclosure. But I was under the impression that most laptops lack space/slots for both SSD and HDD. Change my mind.
DANE requires DNSSEC, and adoption of DNSSEC requires domain name registrars and DNS zone hosts to make it cheap and easy. Right now many don't. For example, last I checked, GoDaddy considered DNSSEC to be a "premium" feature not included in the zone hosting bundled with registration. I'd assume this is to discourage use of DANE in favor of GoDaddy's CA, but I'm interested in defenses of why this is mere incompetence on GoDaddy's part.
As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts
Has the Watchtower Bible and Tract Society taken over 1Password? I wouldn't trust that organization with my online accounts for several reasons.
Is the EFF trying to sell certificates now?
Not quite, but Electronic Frontier Foundation is sponsoring the Let's Encrypt CA. In addition, many of the same companies sponsor both EFF (source) and LE (source). Fastly and DigitalOcean, for example, sponsor both organizations.
once negotiated it prevent interception of the message being TRANSPORTED over the network. In order to do this self-signed certificates are perfectly adequate.
"Negotiation" of a TLS connection includes the client accepting the certificate that the server presents. This is fine over a LAN, as (say) a printer can write the fingerprint of its self-signed certificate to paper in text and QR code form, or a home server appliance can use a composite, VGA, or HDMI output or a built-in status LCD to display the fingerprint. But it's less fine at Internet scale unless there's some convenient means of out-of-band communication between the operators of the client and the server. How would it be practical for every MTA operator to verify every other MTA's self-signed certificate through out-of-band communication?
In the case of http caching, HSTS, cert pinning, etc all BROKE caching.
I'm not sure what you're getting at here. Nothing related to HTTPS affects client-side caching in any way. Besides, Chrome phased out key pinning by version 67 anyway in favor of Certificate Transparency because it was too easy for someone to exploit a misissued certificate for hostile pinning (source).
HTTPS breaks only intermediate caching by intercepting proxies. There are cases where operators of intercepting proxies have (ab)used their position to insert advertisements into documents that a user is viewing, Comcast being among them. If a user does want to opt into use of a proxy, web browsers still allow installation of a proxy's private root certificate.
Your agency could have bought expert support for Moodle from a U.S. support partner.
Define "gone". If your definition is "zero", then no app distribution channel of any size will ever reach it. Google Play has extremely low rates of PHA (potentially-harmful apps -- a somewhat broader category than "malware") now, and it's being driven down year by year.
I'd start by defining "gone" as the probability of encountering a PHA on Google Play Store being less than that on Apple's App Store during the same month.
Like Pascal, SQL uses single equals as the equality comparison operator. But this is a Java story, and Bing is trying to claim that assertions expressed as code embedded in prose should be expressed as assignments, not as comparisons that evaluate to true.
These "shared libraries that would store the same information in all processes" are part of the problem. I imagine that some of them are required for interfacing with the operating system.
So I propose a benchmark: Open 10 tabs with one Firefox content process and exercise them for a while. Then open 10 tabs with four Firefox content processes and do the same. How does the RAM use compare?
This contrast can also be seen in the success of "Pirates" while the movie industry tried to fight "Movie pirates"
If I had nothing to lose, I'd start a BitTorrent tracker specializing in works that that glorify pirates, such as One Piece and Pirates of the Caribbean. A notice at the bottom of every page: "Your claims against us are estopped by unclean hands until your legal department stops mistakenly referring to infringement as piracy."
we should still make time to pretend and imagine things that don't exist. Whether that means writing a book, playing d&d, or even role playing in and outside of a video game universe.
There's a big difference between role-playing in a universe of your own creation and role-playing in a universe whose exclusive rights are owned by a multinational conglomerate.
In there you'll see you can happily use your computer while those nasty background services you incorrectly claim are making the hourglass spin (they don't, that's the whole point of background service) are quickly loaded.
I can technically "use" File Explorer once I log in, but if I actually try to open anything, the process will be told to get in line for use of the HDD behind all the other updater processes that are trying to use the HDD right now.
You're comparing an update check to something that actively scans every file when it is accessed.
The antivirus "actively scans" the update check executable "when it is accessed." And once the update check is running, it reads the existing main executable to see which version is installed, which causes the antivirus to "actively scan[]" the main executable "when it is accessed." That's two scans per updater at every login.
It may surprise you to know that Core2Duos haven't gotten any slower
Agreed. But the updaters of newer versions of popular Windows applications have become more bloated. Whether it's a Core 2 Duo or the latest i7 matters little because it's not the CPU; it's the HDD. And unless the PC owner splurges for an SSD and an external enclosure for his existing HDD, the laws of physics limit how many random inputs and outputs per second (IOPS) you can get out of an HDD.
My Core 2 Duo laptop running Debian is still snappy. But Debian has the advantage that only one updater is running at once (APT), compared to a separate updater for each application on Windows. Even if background update (such as unattended-upgrades ) is enabled, APT is single-threaded, which gives other applications a chance to use the HDD while APT is using the CPU. In addition, unattended-upgrades doesn't run at every login; it runs only once daily.
You want benchmarks? Make some.
Microsoft already made some of the tools used in my benchmark. Since Windows 8, Task Manager displays what fraction of time is spent servicing disk I/O requests. When a bunch of updaters are running, that's pegged at 100%, which can take a minute or more. Before that, one could look at the HDD access light or just listen to the HDD's head moving back and forth and use a stopwatch from pressing Enter on the password screen to when it settles.
Or use some common sense such as examining the CPU time or memory footprint of the processes on any machine so you can see how completely and utterly irrelevant they actually are.
In my experience, CPU time and memory footprint are less relevant to responsiveness at login than HDD usage time.
Side note: Yes you absolutely should tell those pensioners to throw away Vista, and if their Core2Duos can't run Windows 7 or Linux then throw away the entire PC.
Agreed. But in most cases, an Xfce-based GNU/Linux distribution (such as Debian Xfce or Xubuntu) works well on older hardware, with the exception of oddball laptop hardware without good Linux drivers. So for someone whose PC's preinstalled operating system's support period has ended, my advice is "backup user profiles, wipe, and Linux".
No, you' make an assertion with an equal sign.
Which language does that? An equal sign in Java or whatever else changes the value of a variable. If you want to assert that the sum of two things equals the sum of something else, something of the form a + b = c + d won't work because a + b isn't an lvalue.
Yeah, but who cares about Windows?
Desktop and laptop users, apparently. Its usage share greatly exceeds that of macOS or X11/Linux.
They've been working hard to make the new, more secure and (importantly) concurrent system up to scratch.
Let me know when this hard work results in enough functionality in the system to allow a WebExtension counterpart to the defunct Keybinder extension, even if only for disabling accidental presses Ctrl+Q or Ctrl+Shift+Q for quit when I was aiming for Ctrl+Tab or Ctrl+Shift+Tab. (No, Restore Previous Session didn't restore text entered into a Slashdot comment composition form last I checked.) That's reportedly waiting on a fix for long-standing bug 1325692.
What's more, folks are going on like processes are intrinsically expensive.
On Windows, starting a process is expensive for two reasons: spawn semantics instead of fork semantics, and the common practice of real-time antivirus. On any system, RAM owned by a process and not shared with other processes is expensive, particularly if it causes cached disk sectors to get evicted to make room or (worse) leads to swapping.
so many programs think they need to do it at logon - while the owner waits, staring at a spinning hourglass.
you clearly missed the absurdity of disabling something that uses effectively no resources for "performance gains".
You claim that the dozen updaters that run every time the user logs in are "something that uses effectively no resources". I doubt this claim. This goes double for Windows, on which it's common practice for Windows Defender or some other real-time virus scanner to scan every executable every time it runs.
To resolve this, I'm interested in benchmarks of the most common automatic updaters on the decade-old yet paid-for PCs that pensioners have, many of which have a Core 2 Duo CPU and a conventional HDD. Data I'm looking for include CPU time, peak resident RAM, random disk I/Os, and network data sent and received. I know a Core 2 Duo can still be useful on the web of 2018; I'm typing this very comment into a Core 2 Duo laptop running Debian (which has been upgraded from 2 GB RAM to 4 GB; cache made a difference).
Which are these "bunch of domains" so that I can repeat the process mapping each to 0.0.0.0 in hosts or Pi-hole?
"telephones", "email"
I have had a telephone interview. But I was under the impression that most employers who conduct first interviews over telephone, email, text chat, or VoIP require the second interview to be in person.
"cars"
This requires both owning a car and operating a car. Owning a car requires one to be already in a job that pays enough to afford to buy a car. My current job does not. Operating a car requires a driver's license, and obtaining a driver's license requires 50 to 120 hours (depending on state or province) of supervised driving on a learner's permit with a licensed driver in the front passenger seat. Unless I'm missing something, this in turn appears to require either A. having parents who drive or B. spending thousands on driving school.
"trains"
There are no passenger train stations in my home town. How would I go about using a passenger train station other than those in my home town?
"airplanes"
Do employers reimburse the candidate for the round-trip airfare to and from the location of a second interview? If not, flying requires one to be already in a job that pays enough to afford airfare.
You are correct that I have never relocated for a job before.
You get the job FIRST, then you move.
How do "LOTS of people" sit an in-person interview before moving?
Zero. It is on the computer already.
How did the mapping from products and addresses to tax rates get onto the computer in the first place?
In hacker jargon, unlike in Java itself, a naked comparison expression implies an assertion that its value is true. For example, in this case: "It is true that commercial support equals a subscription."