there are well funded lobby groups and others with too much time on their hand looking for ANYTHING that is wrong.
Errors are only errors if they are reported by the "right" people?
No. Errors that don't change the result (for example, badly formed functions that don't abort on negative numbers) or change the result marginally should be fixed or at least considered. But, "when just one error -- just one -- will usually invalidate a computer program", who cares; clearly all that global warming stuff is absolutely wrong unless you can prove your software has zero defects.
Do you want to know how many questions Linus Torvalds has answered for me? Zero.
Sounds like Linus Torvalds has something to hide. If he's receiving public money, he should be answering any question I have.
I actually _have_ gotten personal responses from Theo DeRaadt on some OpenBSD issues but they all have the general form of "you're not interesting, don't waste my time".
Nevertheless, I rely on OpenBSD. The fact that Theo has neither the time nor the interest in having a deep meaningful conversation with me about his code neither changes the quality of his code nor prevents him from releasing every 6 months, on schedule.
Which is relevant how, again?
I don't think that there is an expectation that scientists stop doing their day jobs to do software support for people. I think there is an expectation that publicly funded research used to set public policy be easily available to all comers.
I think the expectation should be that anything used to set public policy, publicly funded or not, should be easily available to all comers. Unfortunately, that isn't happening any time soon.
I'm a bit frustrated by the apparent contradiction. For the first time perhaps in history in the USA, you have armchair folks trying to do technical audits of scientific tools, research, and publications -- for free.
Um...there's been armchair folks trying to do technical audits pretty much forever. The things that have changed are (a) more armchair folk can now rant on their blogs about how much more they know about atmospheric research than people whose focus is entirely atmospheric research and (b) lobbying arms can fund those bloggers or use such blogs for their own marketing--this really isn't massively different than the yellow journalism or pulp rags of the past; it's just a matter of degree.
I thought the "normal" problem in America is that the population is too apathetic to care and too stupid to provide any critical analysis. And yet we see this happening more and more frequently and the climate-science establishment is circling the wagons instead of celebrating the fact that there are a handful of people that for once give a damn about interesting research tools and methods.
Funny. The vast majority of Americans are too apathetic to care and too stupid to provide critical analysis. I'm certainly in the latter category. The circling the wagons is a backlash against the way evolution has been treated by those with an agenda against it; ie, climatologists have learned the lesson that those with an agenda are perfectly willing to take even easily refutable "facts" and the vast apathetic and stupid American population will give it equal weight as tons of evidence provided by scientists. With a seeming need to fight constantly to "win" in the court of public opinion, is it any surprise that many would rather closet the information against those more interested in trying to sell their snake oil than seeking some truth?
I must concede that there are some downsides to discussing your opinions and findings with others: When people disagree with you, it ends up taking some of your time.
Let me see if I've got this straight. A great set of tools that run on Windows demonstrates how rubbish Windows is. A great set of tools that run on Linux demonstrates how fantastic Linux is.
Yep. As pointed out by the GP, the Sysinternal Windows tools are a by-product of reverse engineering. Specifically, they seem to heavily rely upon the Windows Native API (NTAPI) since the Windows 32 subsytem (Win32) wouldn't readily or at all allow them to do what they do. Since the NTAPI is rather undocumented, it was an impressive feat for the utilities to be created.
However, the fact that an impressive feat was even necessary to obtain Linux-like* parity is the fundamental problem. Doing the same things in Linux are trivial in comparison in most instances because the Linux kernel exposes the information quite freely to user space; and it's generally well documented, so it doesn't even require the semi-heroic effort of understanding the Linux kernel's source code to find out how to use that information or where it is.
Sysinternals is in many ways a good example of fighting against the system because the system is incomplete. Certainly, there are instances were Linux falls into this problem as well as Windows (most of the video subsystem being outside the kernel for most video cards, for example). And even though the source code is available, that obviously doesn't mean that fixing the problem is a simple matter because even if you create a solution, it doesn't mean others will adopt it and absolve you of a good deal of the upkeep. But, in the end, the heroic struggles (and the melodrama) just doesn't exist when the source is available (or even if there's enough documentation and enough functionality exposed to compensate for where the core system lacks). So, that does tend to ruin the "wow" factor when it comes to anyone announcing software for your platform, since unless the software is a new app of an area you're interested in (which on the whole is uncommon), there aren't any effective OS patches to be created that will likely effect you.
*Really, any open source OS would do, but I don't know enough about any others to speak about how they function when it comes to kernel/user space things.
And please explain how the overhead of any middleman between me and a doctor would be more cost-effective.
Even a very basic mathematical analysis shows that any of these systems is less efficient than "customer pays."
If your answer is that the government will have none of the problems that using insurance companies as a middleman have, because the government is good and insurance companies are bad, please try again.
It's like this: routine care has a cost x. Redistribution of money to pay cost x has an additional cost y, no matter who does it. If the customer pays cost x, adding cost y will increase costs.
Average Price = a; Routine care cost = x; Overhead cost from insurance/government = o; Overhead of debt collection = d; Probability customer won't pay = c; Probability insurance won't pay = i; Probability government won't pay = g
For customer pay only: a = (x + d) / (1 - c)
For insurance pay only: a = (x + o + d) / (1 - i)
For government pay only: a = (x + o + d) / (1 - g)
The average price is based not only on overhead but the costs to collect on a debt and the actual payment rate. Customers are more likely to pay in installments while insurance/government is more likely to pay in bulk. Insurance companies are less capable of dealing with short-term dramatic claims (look no further than Hurricane Katrina). Insurance companies are also more risky because there is a lack of standardization on what is covered by insurance. Governments may well force lower payment rates even below the actual cost of a procedure which in the long term will reduce service.
In short, there's more to the issue than a bit of simple math.
That it was introduced 17 years ago doesn't mean that Microsoft has been tardy about fixing it...
So, what you're saying is...if say I made a car, it had one or more acceleration issue for several years, I tried fixing the problems years ago, many times saying the car is now safe, but people still keep telling me they have issues; so, there's nothing "tardy" about my fixing the problem?
No, the real question is, why is it that Toyota had to pull cars off their sales floor, being not allowed to sell a known defective product, and Microsoft is still selling incremental versions of Windows while basically every month for years admitted they're selling a defective product?
You'd rather pay more than the government would take to a third party, to get worse service?
It's going to take quite a bit of convincing for me to believe that this is the case, especially considering the traditional efficiency of U.S. government.
Really, you expect that because the government is paying, quality of service will magically increase?
Nope. But then, clearly the health care system isn't magically increasing qualify of service on its own, either. If we acknowledge that quality won't improve magically, we then have to acknowledge that work must be done, system wide, for improvement. Government is basically the only entity with a reasonable chance of enacting such change. The issue, then, is enough people investing themselves into the enactment so it's done right instead of bitching and moaning that it can't work, sitting back, contributing nothing to what is needed, and watching it fail to fulfill their needs.
And that any possible increase in efficiency would not be offset by the overhead of a single payer system?
Actually, a single payer system would be a lot less overhead. Instead of having to hassle multiple companies with multiple claim form types and hoping that insurance company X actually covers the procedure you just performed (since even if they say up front they will, they might renege based upon "preexisting conditions") or that some lowly person saved up to ahead of time to pay a massive bill (monthly payments aren't desirable), you'll know who to bill, how to bill, and what's covered ahead of time. In short, administration costs drop substantially. Does it solve other wastes in the system (over testing, multi testing, referrals for nearly everything, etc)? No. But, that's something that needs to be worked on over time and it would be if the government were footing the bill.
And you have proof that this will be the case IN THE U.S., whose government cannot even pay for its current obligations,
Well, the US routinely spends more on military spending (not even counting specific spending for actual wars being engaged in) than the rest of the world combined. So, that might have something to do with it.
who routinely has annual deficits greater than the GDP of most countries,
And? The US has a much more massive economy than most countries, combined. Is it any surprise our spending is more massive than most countries as well? Now, does this mean a growing deficit is a good thing? No. But, raw numbers aren't nearly as important as percentages. And it's in percentages where we have to make consideration. Currently, our total debt of ~60% of GDP is bad but not terrible. Truthfully, spending should go down and taxes should go up. To that end, entitlement reform, military spending reform, and tax increases are necessary. That holds true regardless of the health care debate. If anything, however, having a single-payer health care system will reduce the risk in the system. It's the risk of the government defaulting that's the primary reason that huge deficits are bad. Similarly, unstable health care coverage and/or health care rates induce risk, for small businesses especially.
and whose problems will only compound as the population ages?
So...we should stop funding Medicare and let old people die? Or do you acknowledge that we're currently taking care of the elderly and will likely do so, so the real issue is how to reform the system to cost less? The reason France, Japan, etc can fund their system is precisely because a large percentage of their population is hardly using medical services yet they all pay into the system (basically, the same way people have "universal" internet access). Even with an aging population, this isn't a problem for Japan.
Are you seriously trying to use the "climates change through the natural course of events therefor man's activities can not change the climate" argument?
As far as I know there is not scientific evidence discrediting this hypotheses to the point where your comment is justified.
Men have died with electrical burns on their body before natural (lightning strikes). Ergo, there's nothing suspicious about the woman with the electrical wire and her dead husband. It must have been a lightning strike. See the logical fallacy?
Wow. Mars is getting warmer and there are no men on Mars. Ergo, the full extent of global warming on Earth has nothing to do with man.
Again, that is a hypothesis that a sane individual might put forth to explain the observation. I don't believe that has been discredited either.
It rained 1" in my swimming pool last night. But, if I go down to the local pool, there's 5' more water in it than there was yesterday. Obviously, it was the rain alone that did it there as well. See the logical fallacy?
As regards Idiocracy, while hyperbolic, it definitely does call attention to a growing concern for Western society. The lowest-intelligence portions of our society increasingly sit as dependent breeding stock, suckling at the teat of government social programs generationally whilst producing an overabundance of mentally deficient young who then perpetuate the cycle.
While only casually mentioning the way this argument seems to be heading towards a social darwinism push, I'd have to overall have to say, all the stuff you mention is generally a good thing. It's not a good thing in itself, but it proves that we live in a modern society. Oil, coal, etc provide such an abundant amount of work, most people are unnecessary to actually work. At the same time, to maintain a culture of overabundance, it's functionally rather necessary to have overconsumption. From a utilitarian approach, educating most people well (eg fluent in multiple languages and understanding advance calculus) does nothing but insure that every grocery store clerk is incredibly overqualified for their job.
Having said all that, I still think it's a nice ideal for everyone to be well educated, but I'd be content if everyone was given the tools to be well educated if they wished. And it'd be nice if people in general were more involved in politics, but not in the sense of reacting to every emotional outcry or treating politics the same way they treat celebrity gossip. I think, though, it's a fundamental nature of all people to have their own obsessions and in a society of overabundance, those who view themselves as superior are inclined to judge others over their makeup instead of being content that the system still works in spite of the seeming needlessness of 90% of the population. Because, when it comes down to it, you're probably one of those people who are just as useless; and even the ones who are needed are only needed in a chain of dependence on others.
So, overall, my biggest complaint would be when there are actual examples of actual people who are denied an ability to better educate themselves. That's incredibly uncommon in the developed world, but when it happens, then yes, charities, people, and even government should be there to step in and fix the problem. Other than that, I'm perfectly fine with the system still working and 90% of the population being a waste.
A fully patched IE8 running on either Vista or Windows 7 is far safer than Firefox. Why?
- Low privileged mode. IE8 runs with lower rights than the logged in user, Firefox doesn't...
And how many people (or corporations) are running Vista/Windows 7? Yes, it's a great feature if it's available, but once you start adding such caveats, one might as well point out running Firefox under SELinux/Apparmor in Linux is pretty much as secure. Now, if you mean as for the general public having recently (ie, the last few years) bought a computer, you're probably right; they're likely to be using a proper version of Windows and have auto updates set to have the latest patched IE8. Still, the fact that so many people are using XP really should result in at least a marginally more nuanced statement instead of making statements based on one or more grand presumptions.
- DEP is turned on for IE8 by default. Firefox has to be added (or the "all applications" option).
"By default", IE8 isn't even installed on XP or Vista and in all cases there's a need for patching. Truthfully, I'm not certain, but Firefox might be compiled with stack protection anyways, so I'm not even sure if DEP is really necessary for Firefox. If DEP is necessary, then yes, for many home users this is an issue because users might be oblivious to the need to enable DEP. But on corporate networks, at least, it would be par the course of configuration that DEP would be enabled.
- IE8 patches can be deployed from the Domain very easily. Firefox on a corporate network is a pain in the butt...
Why would you need to patch a fully patched IE8?:) Seriously, though, I've heard this complaint, and it seems a valid one. However, if you do run a corporate network, I'm pretty sure the "pain in the butt" nature of deployment isn't going to stop you from choosing Firefox over IE8. Why? Because the risk increase of dealing with infected networks is probably a greater "pain in the butt". But, odds are good that the IT staff have no real say in what's used anyways (consider the repeated statements of IE6 still being used because of corporate intranet applications), so all in all it's a moot point.
Your house is seriously insecure, even if you have a steel door and have window panes are made of bullet-proof glass, you probably live in a stick frame building where a drill and a sawz-all can gain me access to the interior in an hour or two. Yet no one seems to get excited about the insecurity of our houses.
In large part because, as you point out, it's impossible to make a house physically secure (although security guards can hypothetically do a good job). Similarly, it's impossible to make a computer physically secure (after all, it's in a house or building and those security guards still aren't perfect). Meanwhile, software, being a virtual good, can actually provide absolute security within the confines of the computer that runs it being physically secure. Hence, there's a higher standard held on software.
When our houses get robbed, we recognize that the wrongdoing is being done by the criminal. Yet when our computers are hacked, we place the wrongdoing on the provider of the software.
No. In both situations, the wrongdoers are the criminals. The issue comes to the point, really, of whether any blame can be put upon the constructor of your house (or its parts) and the constructor of your computer (or its parts). For homes, if someone sold a lock that, as sold, should be reasonably able to stop being hacksawed through was in fact hacksawed through, you'd still have reason to blame the lock maker. Similarly, software that is clearly defective against what it reasonably should block would leave blame upon the software maker. The issue, then, is merely that Microsoft (and most software makers) regularly admit their software is faulty (the need for Windows Update). The only real thing left, then, is to point out that Microsoft has such a poor reputation, no person should reasonably expect their software to be secure; if that's your position, I agree that blame is being badly cast on Microsoft.
I have never really understood why software is held to such lofty standards, particularly on consumer desktops. It would be one thing if file sharing of your entire filesystem was enabled by default in typical software, but lets be real- hacks these days require really clever methods to exploit systems, and if it wasn't for very intelligent, very dedicated people constantly pounding and poking our software, we wouldn't have to worry at all. Yet an uneducated teenager can break into a house in a few minutes with little more than a stick to break a window, and we seem to all go about our day without any outrage at all.
Again, software can be actually made secure. Most the "easy" exploits have been fixed because they are actually fixable. There's nothing you can do to prevent a teenager from being able to break into a house (well, not legally, anyways); you can in many states/areas shoot the teenager after they enter. The comparison is rather apple and oranges.
MSNBC, CNN, BBC, and all the network news do the same thing. They have a specific slant and the people that tune in to them hear what they want to hear.
Yes and no. Everyone tends to have some sort of slant, but how much they choose to reign in that slant and the extent and kind of the slant actually expressed varies. As far as news goes, I'd say things like the BBC and the Newshour on PBS both do rather good jobs of covering the news, although both express clearly British-centric and American-centric slants. Given your latter point, I think it holds true. I'm more interested, in general, to hear about American interests than, say, the local news of Mumbai, India.
Sounds like your just angry and pick out Fox because Fox News is the undisputed leader in news today, and is smoking all these lefty, old-guard stations. They're the only ones who don't slobber over Obama every day.
Actually, the interesting part about Fox News is it spends much more time focusing on sex stories than other news. This, of course, doesn't excuse CNN/MSNBC which seem to have a faux celebrity fixation. Overall, though, no news should be slobbering over any politician or critiquing policy. It's the job of news to, you know, report news. The real issue, then, is Fox News, CNN, and MSNBC aren't news networks (just MTV isn't music television); they're 10% or less news and 90% opinion or other fluff. The real answer to that, of course, is to stop watching Fox News, CNN, and MSNBC outright.
You just don't like their viewpoint which is fine, but don't pretend what they do is new or unique.
Granted. You should watch "Worldfocus" on PBS (or visit worldfocus.org) to see some strong non-America bias (note, I didn't say anti-America bias). It might give you some more perspective on where bias really lies in many news shows. There's also, of course, Iranian news to watch. If you're one of the people who watch Fox News precisely because you know where their biases lie, you'd probably love Iranian news.
You just got pwned. Mod me up mods.
So, are you more interested in oneupmanship and glory or actual discourse? Modding can be useful to filter needless cruft. But trying to "pwn" people and get a medal for it really seems pointless; if you have enough of an ego to believe you're right on an unprovable subject, why do you feel a need for validation?
Google calling its browser "Chrome(tm)" would be like calling an operating system "Windows(tm)."
More like, 'Google calling its browser "Chrome(tm)" would be like calling a windows based GUI "Windows(tm)."' But, then, you'd have 'Google calling its browser based OS "Chrome OS(tm)" would be like calling a windows based OS "Windows OS".
Additionally, it's quite possible for similar DNA sequences to arise by chance alone, with no kinship. Scientists today assume that such cases are extremely rare -- but why wouldn't they arise if two unrelated organisms face the same selection pressures?
Not really, no. Consider that for protein encoding, there's a mapping of 64 codon combinations to create any of the standard 20 amino acids (and a few stop codons). Ie, if there was a specific protein that there was a selective pressure for and the gene to produce that protein was 20 codons long*, there'd be ~4.85 million possible genes that could exist to create that protein. Now, presumably this is the case because selective pressures have selected our first ancestor as the right balance of protecting against destructive mutation and there being enough phenetic change that selective pressures will actually leave an organism alive after the environment changes. So, one would also presume that the junk areas of DNA also have a certain level of resiliency to mutation (ie, that there's probably a many to few mapping for whatever function they have, although the exact ratio is probably not the same ~3:1 as gene/protein mapping).
In short, even presuming there were a joint selective pressure and that there was something equivalent to "one true path" to the necessary result, the actual encoding is unlikely to be identical in multiple species, regardless.
*Throw in a stop codon, and the actual gene could be much longer and have a lot of junk codons. And this doesn't even get into weird things like badly formed nucleotides in DNA.
Le Guin does not in fact support the 'Disney model', e.g. here:
http://www.ursulakleguin.com/Copyright.html
she describes the Sonny Bono act as "the recent excessive extension of copyright term by the U.S.A, which has imperilled the international copyright system".
The 'Disney model' in this discussion (ie, vs the 'Google model') is about a copyright holder, well, holding a copyright. The 'Google model' is about the "free and open dissemination of information and literature". It sounds like Le Guin is convinced that without a Disney model to finance authors, there can't be a Google model to make the work widely available. Even if such were true, trying to attack the 'Google model' only works towards stopping the "free and open dissemination of information and literature". If Le Guin truly believes that 'the Sonny Bono act as "the recent excessive extension of copyright term by the U.S.A, which has imperilled the international copyright system"', work towards reducing copyright's term should be where she should be petitioning. But, then, I guess, she thinks she can possibly win a PR fight against Google and not against Disney.
She just doesn't want to be screwed over by Google in a land grab deal negotiated by an 'Authors Guild' that doesn't represent her.
If the 'Authors Guild' doesn't represent her, then it doesn't represent her. She can readily issue a takedown message toward her book with Google as if the Authors Guild negotiation had not been signed or existed. Google brazenly putting up books without getting an author's permission, directly or indirectly, is no different than ROM sites putting up ROMs without seeking approval of the copyright holder. Takedown messages tend to be the extent of the legal action, but there's nothing stopping Le Guin from suing Google is she feels so strongly about it.
The big advantage of commercial software is that the sales revenue allows you to pay people to write it.
Yes, but there are also significant disadvantages. I'd say that there are about 5 major ways for a person to make software available to themself.
Write it themself or pay an independent vendor/developer.
Hire a vendor that specializes in such software and produces software for others in your industry.
Buy packaged, commercial software, including possible code modification by the seller, oneself, or a separate vendor, if possible, or glue and workarounds if not.
Form a consortium to produce the software under either a consortium wide use license or an open license.
Rely upon the kindness of strangers to write the code for you.
In the real world, all five variations tend to happen in an industry. Option (1) has the main disadvantages of duplicating work which is obviously more costly. Option (2) cuts down on duplicated work, but since an industry-wide vendor has a quasi-monopolistic position and all software is custom, there's a good bit of markup on what you can buy. Option (3) sounds great, especially if need no modification done or little modification and the code is available, as usually a boxed solution is a good deal cheaper than a custom one; however, option (3) in many ways is a special case of option (5)--ie, you're restricted mainly by what's already available and many times no company is producing software close enough to what you need and it's really non-trivial to shoehorn the available software to your needs ("if you build it, they will come" might hold true, but "if you want it, it will be build" doesn't generally hold true). Option (4) seems like an attractive offer, as it can cut down on a lot of costs and needless markup, but one company can effectively run the consortium for their ends, there can be a solid lack of direction which can eat through money, and (in the case of an open license) the software created can significantly reduce the barriers to entry for newcomers. Meanwhile, option (5) alone is usually wishful thinking, unless the software is already mostly made and you're willing to consider option (1) or (2) for improvement.
In short, the story is more complex than "commercial" or not.
Another advantage is that if you pay people to do something, you can hold them accountable for their work and hence increase productivity.
That highly depends. "Fly-by-night" contractors, vendors, etc don't necessarily suffer much from accountability. Once they have your money, they'll provide enough of a piece of software that at least some companies are unlikely to sue over substandard work because the actual return from a lawsuit is less than the costs. And while you can try to blacklist companies/individuals, it's quite possible they'll just move on to another industry while new "fly-by-night" companies/individuals take their place.
In short, accountability really only works if you presume that you can avoid paying them at all or that they have an expectation of multiple/continuous payment and you can deprive them of that. There's enough one-off scenarios, though, that a lot of accountability does not exist in many spheres of industry (or politics, for that matter).
In the end the fact remains: there's no such thing as a free lunch.
Just because you don't eat for free at the local soup kitchen doesn't mean you have to get your lunch from a fast food joint.
There should be zero copies of IE6 in the wild right now. I don't care how big your corporation is, how shitty the "enterprise" software you purchased back in '99 is, but figure it the fuck out and get your people off IE6 right now. And then? There's no excuse for this bullshit, and I don't want to hear any sob stories.
IE7 has been out now for over 3 years, if you can't figure out how to move to it by now, you should be fired.
I see. So, because IE6 is so horrible, people should...use a newer version? Why not uninstall it? Oh, that's right, you can't without hacking the installation and/or directly deleting OS files. And if you do, you break all sorts of that "enterprise" software. Meanwhile, if you do upgrade, you're generally just as at risk with IE even if you don't run iexplore.exe.
So, for a different reason, I agree with PCWorld. Not using iexplore.exe would give companies a false sense of security. The only solutions to solving the long-term problems with IE is to either rip out its components as best you can and deal with the consequences (like making sure updates don't reconstitute parts of it later) or stop using Windows. I don't think most companies are really in a position that the latter is a viable option, and I'm not really should how viable the former really is.
Well, if we're being precise, rationality in game theory is concerned with maximizing the expected return. This may involve making many small, relatively safe bets, or it may involve making a larger, more risky bet. It all depends on the probabilities and expected returns of the various outcomes being considered.
Even more technically, rationality in game theory is based upon Rational Choice Theory, in which "'rationality' simply means that a person reasons before taking an action" and of which all its model "all assume individuals choose the best action according to stable preference functions and constraints facing them." To that end, there are both risk aversion and gain maximization strategies. The issue then becomes that a Vice Principal or most middle management in general has very little possibility to maximally gain if they're generally unqualified for very high management positions* or if simply those positions don't grant you very much advantage over your current position. Hence, I'd argue that most managers are in fact risk aversion, CEOs are more risk taking, and companies (and schools) try to make higher positions look tempting enough so that middle management doesn't just slide into heavily risk aversion behavior.
*Consider that in a situation where you could have an 85% of continuing as normal for years if you're risk aversion, then to overall commit a series of actions that only has about a 50% chance of succeeding, the reward would have to be a 70% reward. I'm not sure, but I don't think the Principal or Superintendent makes 170% of what the Vice Principal makes.
Looking further, on Salary.com, I get some funny results for the United States. Median Elementary School Teacher pay: $50,227. Median High School Teacher pay: $52,372. Median Assistant Principal pay: $75,402. Median Prinicipal pay: $73,536. Median Superintendent pay: $74,733.
In short, on probability it makes sense for teachers to go from 85% safe to 63% safe (or 99% safe to 73% safe) but management looks like it should try to stay as safe as possible, unless it's eyeing to leave the school system for a better management position.
That's why I say that management tends to select against rationality. Most managers I've seen do not make any sort of rational calculation of probabilities and outcomes when making decisions. They leave these things to "gut instincts". Time and again, scientific studies have shown that gut instincts can be quite easily and predictably manipulated.
And, I'd argue that that is risk aversion. The idea is pretty simple. If you're a common person in a position of authority, you can take the "gut instincts" position and most other common people will not retaliate against your decision, no matter how irrational, because they would have made the same decision. Look no further than how many people in the US seem to choose Presidents based upon "I could sit and have a drink with him", not "he's more qualified than me and would make better decisions than me"**. Being able to shoot from the hip and make generally agreeable statements and positions is more likely to make you popular than being considerate and stable, carefully weighing your choices. Since, short of gross negligence/rule violation/law violation, a Vice Principal is only likely to be fired because of voter pressure on the School Board, gut instincts seems like the natural way to act for the position.
You misunderstand rationality in game theory. Rationality in game theory is more concerned with risk avoidance, not gain maximization* (ie, managers would rather have a consistent fuck up than a high achiever that might crash and burn or simply leave the company**). More importantly, most management seems more interested in short-term risk avoidance and not long-term risk avoidance (think the difference between a person playing chess who makes the best trade-off for one round, purely on the value of a piece, vs the strategist who predicts many moves ahead and considered the value of many pieces in unison for the later state in the game).
* This is an important point about rationality in game theory, actually. Consider the classic Prisoner's Dilemma.
** Look no further than how people consider Steve Jobs relationship with Apple and the tech market at large. There's a good deal of irrationality going on there. Whether there's hyper-rationality going on is another matter I'm not sure about.
At my school, we were actually given copies of the policy to read and at least at one time to sign to verify we read it (or we gave it to our parents, I forget which). One of the more amusing sections was the section that covered the sort of weapons that weren't allowed on school grounds, including things like most firearms (explosive or otherwise propellants), incendiary devices, grenades, exploding missiles, etc. How it was worded, at the time, I was pretty certain that one could probably construct something valid under the rules which clearly went against the intent.
Never the less, my point would be not so much that I disagree with the spirit of what you say. If I had tried to bring an effective weapon on school property, I doubt pointing out the clear legalize of the school policy would have protected me, just like I'm sure in this situation the school will warp some clear legalize to make what was done against policy. But, then, that seems to be the general rule of things when there's an outrage on when something is done and there doesn't exist a rule or law to cover it (the cyber-bullying suicide thing comes to mind). The only real solution to that is, in the long term, enough parental involvement so the person in question is fired and it's made clear that people are more interested in seeing the rules/policy/law followed and amending it as necessary (I don't think this situation requires the latter) than getting a cheap thrill with vengeance. That doesn't solve the problem, but hopefully it'll minimize it.
Of course, given this is the internet and one is now much more likely to hear about all the worst abuses of power in schools and such, perhaps it's the outrage that is what really should be changed. Yes, abuse likely happened, but getting in a froth over this infraction of rule enforcement in some search for perfect justice might be a bit much. Calmness might be the better course.
I don't think you can frame this as game theory; the staff of the school are not reacting in this way in order to maximize their personal benefit (or minimize their personal loss). Whilst I concede that some people do think in this way, teaching selects out that characteristic by being an underpaid and overworked profession for the level of education and aptitude they have.
Teaching may select out that characteristic, but management seems to select for that characteristic. The person in question was Vice Principal. If the theory holds true that bad engineers in companies are promoted to management to avoid causing actual damage, you can easily imagine what happens in schools. (And yes, like most stereotypes, even if it were generally true, it's almost certainly not absolutely true. But, what sort of person would spend years to get a degree to teach, just to take the position of Vice Principal and be stuck primarily discipling children? And if they're not a teacher at all, why, as a manager, would they want to work in a school?)
...if net neutrality law prevented them from throttling P2P traffic...
Nothing about net neutrality law prevents them from throttling P2P traffic per se. The issue is quite simple: if the heuristic of throttling is based purely on amount of use, regardless of what that use is or from/to whom it is, it should be fine. The trouble comes in when a company throttle certain types of traffic or from/to certain providers. P2P might be the threat of the day, but there's still plenty of large volume ftp sites out there, and there's no real reason to not throttle them for a user if they use ftp more than P2P.
Quite simply, developing special technology for one application or set of applications is stupid anyways; it means having to create a new tool each time the public shifts in their heavy data usage. Well, it's not really stupid if the throttling is targeted specifically to cut down on bandwidth available for a competitor's or partner's competitor's product. But, then, that's precisely what net neutrality is designed to address. Having said that, I'm not sure how you can address things like VoIP or other emergent low-latency demanding software without special exceptions in the net neutrality law (and regular revisions), but the whole P2P throttling thing for bandwidth reasons is clearly a red herring.
Publishing new zero-day exploits just puts it in the hands of the black hats sooner. Obviously a black hat who learns a new exploit is under no pressure to announce it and ruin the value of his find.
More correctly, I think, publishing information new zero-day flaws puts in the hands of many more black hats sooner; ie, as you point out, some might very well already known the flaw and are unlikely to tell anyone, even other black hats, about it.
I think immediate disclosure has some problems, and it should depend on how it was found and it it's already been exploited.
The problem is, just because you don't know if a flaw is being exploited doesn't mean it isn't. The only real step to avoid the flaw not being exploited is to not use the software in question, and the only way for users to make that choice is to know the flaw exists.
I think the software owner needs some grace to look at the issue. Then they need to either fix it, advise for work arounds, or advise on how to block or recognize attempts to exploit it.
Why should the software owner receive any grace to look at the issue? The fact is, effectively the software owner has had the grace to fix the flaw since the very moment they created the software (which presumably was a while before they released it). Personally, I'm more concerned with giving users protection than giving software owners grace. Now, I can understand trying to get the software owner's help to fix, advise to work around, or advise how to block or recognize attempts to exploit the flaw, but that's in the realm of a reporter asking those questions of an individual/company and at most likely giving them a 24 hour window for a response before they print their article.
If the person who found and reported it believes it's being actively exploited or the software owner is not going to respond in a timely manner (ie Microsoft), then yes I agree they should disclose enough details to allow the public to protect itself.
Which comes back to the issue of a timely manner. I can see, in a few rare circumstances, where a reporter of a flaw might wait more than that 24 hour window I mentioned (for example, to advise and give some time to governments, large banks, or other institutions for which exploits could lead to severe (read "nearly economy wide or equivalent") social harm), but even that window isn't much longer (perhaps 48 or 72 hours?). Even then, this window is more of a courtesy than a real necessity. Again, the point is more really to obtain information to help contain the risk or obtain confirmation that someone in a position over a lot of critical infrastructure has taken, probably drastic, steps to remove or reduce the risk of the flaw. Waiting around for a fix or binding oneself to the whim of a vendor might help the vendor, but for users who actually care about their security it does them no favors; and those that don't care don't really have a position to complain about the reporter if they chose to use flawed software (complaining about the exploiter is another issue).
Publishing exploit code is a bad idea all the way around.
Almost granted. I can imagine in some special circumstances that exploit code or near exploit code might be necessary to prove to security experts and the public at large that a flaw is real. And while it sounds nice to just give the code to a few trusted security experts under some sort of NDA, I think the SCO case has shown how much you can trust people under NDAs when it comes to verifying the code claims of a potentially biased individual/company. Sometimes, a great deal of transparency is necessary for seemingly extraordinary claims*.
*Look no further than the steps that are still being taken when it comes to global warming. One could point out that not enough data is being released even if one can reasonably argue th
Well let's see... Saddam already gassed a Kurdish population that resulted in over 5,000 deaths.
...in the late 80s using components* sold by Europe and the US to Saddam in his fight against Iran.
Let's also not forget the mass graves that numbered to be in the hundreds of thousands.
Which is admittedly quite horrible, but we didn't bother to do anything in the first Iraq War over those atrocities. And we sure as hell didn't go to Iraq under the banner of vengence or justice for those deaths. The bedwetting came from doom and gloom predictions involving the death of someone they actually cared about: themselves.
He may not have been after nuclear weapons, but would you sit idly by and take his word for it? No sane/rational person would.
And of course, we didn't take his word for it. Instead, we (ie, the US, the UN, and Europe partially separately and partially jointly) had inspectors, convert intelligence, spy satellites, and analysts to check on his activities. And even though Saddam repeatedly kicked out the inspectors, all the collected intelligence left most of Europe and the UN convinced that while Saddam had desires for chemical and nuclear weapons, he was still being effectively sanctioned against actual acquisition and construction of them. Even the US intelligence was sketchy at best, at best implying he might have some of the components necessary to construct either chemical or nuclear weapons, but that he was not an imminent threat (ie, it would take at least a few years to get to the point of actually constructing such weapons, even under the most optimistic circumstances and known intelligence).
In fact, after his atrocities on the human race, every breath of oxygen he took afterward was an insult to Humanity.
That is quite so. Having said that, if you're willing to acknowledge that the US should be the policeman of the world, you should also be for the US joining the ICC (unless of course you believe the US should effectively become the judge and jury of the world as well). As well, neocons should have been quite honest in their intentions to seize Saddam for crimes against humanity instead of bolstering a rather fictitious threat. Of course, seizing Saddam wouldn't have required invading Iraq or toppling the government per se**, although it might have been necessary to maintain stability in the region.
*My understanding is, under international law, it was illegal in Europe and the US to sell chemical weapons (or more specifically, WMDs (chemical, biological, or nuclear weapons)) to other countries. However, if a chemical weapon required components A, B, and C, the US could sell to Iraq difficult to produce component A, a European country (I think France was one that did this) could sell to Iraq difficult to produce component B, and Iraq could buy or produce component C relatively trivially. In short, the US and Europe conspired to provide Iraq with chemical weapons in their fight against Iran. Now admittedly, the US and Europe didn't do this to specifically help Saddam facilitate gassing his own people (although at that point, both the US and Europe knew that Saddam wasn't above things like torture, killing his own people, etc), but the main reason the sale of WMDs are outlawed by treaty by so many countries is WMDs are indiscriminate, mass killers (admittedly conventional explosives are too to an extent...which is why there's been a lot of international push to ban the sale or use of anti-personnel mines and things like cluster bombs); ie, the US and Europe apparently wasn't overly concerned about mass Iranian civilian deaths. So, I'd say they were partially morally culpable regardless of Saddam's actual target.
**Saddam was, in many ways, effectively the government, but one of his sons (presuming they weren't arrested as well) or another person in his regime (again, all those who weren't arrest
Make no mistake, China is agressively attacking foreign systems and common software. They are stockpiling these zero-day exploits as potential weapons. They use one until it's discovered and patched, then wait until they have another high priority and then unwrap the next one.
When you see Symantec or Microsoft reporting an "undisclosed source" on new vulnerabilities, it's usually our own government that reported it after investigating a compromise.
When you think about it that way, public disclosure of a vulnerability ASAP (ie, even before telling the vendor) is actually responsible disclosure. For many 0-day flaws, the only real protection is to stop using the effected application. And while many people are willing to take the risk and continue to use the application, clearly companies like Google (and Microsoft, for that matter) have a lot to lose if a country like China were to obtain information about its customers through one of it's employees innocent use of an application.
In short, for all the discussion of the hypothetical black hats who would use every vulnerability available to them, especially the ones not public yet, I think this presents a pretty clear picture of a real state-backed black hat doing just that.
Slashdot Mirror
No. Errors that don't change the result (for example, badly formed functions that don't abort on negative numbers) or change the result marginally should be fixed or at least considered. But, "when just one error -- just one -- will usually invalidate a computer program", who cares; clearly all that global warming stuff is absolutely wrong unless you can prove your software has zero defects.
Sounds like Linus Torvalds has something to hide. If he's receiving public money, he should be answering any question I have.
Which is relevant how, again?
I think the expectation should be that anything used to set public policy, publicly funded or not, should be easily available to all comers. Unfortunately, that isn't happening any time soon.
Um...there's been armchair folks trying to do technical audits pretty much forever. The things that have changed are (a) more armchair folk can now rant on their blogs about how much more they know about atmospheric research than people whose focus is entirely atmospheric research and (b) lobbying arms can fund those bloggers or use such blogs for their own marketing--this really isn't massively different than the yellow journalism or pulp rags of the past; it's just a matter of degree.
Funny. The vast majority of Americans are too apathetic to care and too stupid to provide critical analysis. I'm certainly in the latter category. The circling the wagons is a backlash against the way evolution has been treated by those with an agenda against it; ie, climatologists have learned the lesson that those with an agenda are perfectly willing to take even easily refutable "facts" and the vast apathetic and stupid American population will give it equal weight as tons of evidence provided by scientists. With a seeming need to fight constantly to "win" in the court of public opinion, is it any surprise that many would rather closet the information against those more interested in trying to sell their snake oil than seeking some truth?
Or a lo
Yep. As pointed out by the GP, the Sysinternal Windows tools are a by-product of reverse engineering. Specifically, they seem to heavily rely upon the Windows Native API (NTAPI) since the Windows 32 subsytem (Win32) wouldn't readily or at all allow them to do what they do. Since the NTAPI is rather undocumented, it was an impressive feat for the utilities to be created.
However, the fact that an impressive feat was even necessary to obtain Linux-like* parity is the fundamental problem. Doing the same things in Linux are trivial in comparison in most instances because the Linux kernel exposes the information quite freely to user space; and it's generally well documented, so it doesn't even require the semi-heroic effort of understanding the Linux kernel's source code to find out how to use that information or where it is.
Sysinternals is in many ways a good example of fighting against the system because the system is incomplete. Certainly, there are instances were Linux falls into this problem as well as Windows (most of the video subsystem being outside the kernel for most video cards, for example). And even though the source code is available, that obviously doesn't mean that fixing the problem is a simple matter because even if you create a solution, it doesn't mean others will adopt it and absolve you of a good deal of the upkeep. But, in the end, the heroic struggles (and the melodrama) just doesn't exist when the source is available (or even if there's enough documentation and enough functionality exposed to compensate for where the core system lacks). So, that does tend to ruin the "wow" factor when it comes to anyone announcing software for your platform, since unless the software is a new app of an area you're interested in (which on the whole is uncommon), there aren't any effective OS patches to be created that will likely effect you.
*Really, any open source OS would do, but I don't know enough about any others to speak about how they function when it comes to kernel/user space things.
Average Price = a; Routine care cost = x; Overhead cost from insurance/government = o; Overhead of debt collection = d; Probability customer won't pay = c; Probability insurance won't pay = i; Probability government won't pay = g
The average price is based not only on overhead but the costs to collect on a debt and the actual payment rate. Customers are more likely to pay in installments while insurance/government is more likely to pay in bulk. Insurance companies are less capable of dealing with short-term dramatic claims (look no further than Hurricane Katrina). Insurance companies are also more risky because there is a lack of standardization on what is covered by insurance. Governments may well force lower payment rates even below the actual cost of a procedure which in the long term will reduce service.
In short, there's more to the issue than a bit of simple math.
So, what you're saying is...if say I made a car, it had one or more acceleration issue for several years, I tried fixing the problems years ago, many times saying the car is now safe, but people still keep telling me they have issues; so, there's nothing "tardy" about my fixing the problem?
No, the real question is, why is it that Toyota had to pull cars off their sales floor, being not allowed to sell a known defective product, and Microsoft is still selling incremental versions of Windows while basically every month for years admitted they're selling a defective product?
Nope. But then, clearly the health care system isn't magically increasing qualify of service on its own, either. If we acknowledge that quality won't improve magically, we then have to acknowledge that work must be done, system wide, for improvement. Government is basically the only entity with a reasonable chance of enacting such change. The issue, then, is enough people investing themselves into the enactment so it's done right instead of bitching and moaning that it can't work, sitting back, contributing nothing to what is needed, and watching it fail to fulfill their needs.
Actually, a single payer system would be a lot less overhead. Instead of having to hassle multiple companies with multiple claim form types and hoping that insurance company X actually covers the procedure you just performed (since even if they say up front they will, they might renege based upon "preexisting conditions") or that some lowly person saved up to ahead of time to pay a massive bill (monthly payments aren't desirable), you'll know who to bill, how to bill, and what's covered ahead of time. In short, administration costs drop substantially. Does it solve other wastes in the system (over testing, multi testing, referrals for nearly everything, etc)? No. But, that's something that needs to be worked on over time and it would be if the government were footing the bill.
Well, the US routinely spends more on military spending (not even counting specific spending for actual wars being engaged in) than the rest of the world combined. So, that might have something to do with it.
And? The US has a much more massive economy than most countries, combined. Is it any surprise our spending is more massive than most countries as well? Now, does this mean a growing deficit is a good thing? No. But, raw numbers aren't nearly as important as percentages. And it's in percentages where we have to make consideration. Currently, our total debt of ~60% of GDP is bad but not terrible. Truthfully, spending should go down and taxes should go up. To that end, entitlement reform, military spending reform, and tax increases are necessary. That holds true regardless of the health care debate. If anything, however, having a single-payer health care system will reduce the risk in the system. It's the risk of the government defaulting that's the primary reason that huge deficits are bad. Similarly, unstable health care coverage and/or health care rates induce risk, for small businesses especially.
So...we should stop funding Medicare and let old people die? Or do you acknowledge that we're currently taking care of the elderly and will likely do so, so the real issue is how to reform the system to cost less? The reason France, Japan, etc can fund their system is precisely because a large percentage of their population is hardly using medical services yet they all pay into the system (basically, the same way people have "universal" internet access). Even with an aging population, this isn't a problem for Japan.
Now, there is something to say about the obesit
Men have died with electrical burns on their body before natural (lightning strikes). Ergo, there's nothing suspicious about the woman with the electrical wire and her dead husband. It must have been a lightning strike. See the logical fallacy?
It rained 1" in my swimming pool last night. But, if I go down to the local pool, there's 5' more water in it than there was yesterday. Obviously, it was the rain alone that did it there as well. See the logical fallacy?
I knew it! 9/11 was a naturist conspiracy!
While only casually mentioning the way this argument seems to be heading towards a social darwinism push, I'd have to overall have to say, all the stuff you mention is generally a good thing. It's not a good thing in itself, but it proves that we live in a modern society. Oil, coal, etc provide such an abundant amount of work, most people are unnecessary to actually work. At the same time, to maintain a culture of overabundance, it's functionally rather necessary to have overconsumption. From a utilitarian approach, educating most people well (eg fluent in multiple languages and understanding advance calculus) does nothing but insure that every grocery store clerk is incredibly overqualified for their job.
Having said all that, I still think it's a nice ideal for everyone to be well educated, but I'd be content if everyone was given the tools to be well educated if they wished. And it'd be nice if people in general were more involved in politics, but not in the sense of reacting to every emotional outcry or treating politics the same way they treat celebrity gossip. I think, though, it's a fundamental nature of all people to have their own obsessions and in a society of overabundance, those who view themselves as superior are inclined to judge others over their makeup instead of being content that the system still works in spite of the seeming needlessness of 90% of the population. Because, when it comes down to it, you're probably one of those people who are just as useless; and even the ones who are needed are only needed in a chain of dependence on others.
So, overall, my biggest complaint would be when there are actual examples of actual people who are denied an ability to better educate themselves. That's incredibly uncommon in the developed world, but when it happens, then yes, charities, people, and even government should be there to step in and fix the problem. Other than that, I'm perfectly fine with the system still working and 90% of the population being a waste.
And how many people (or corporations) are running Vista/Windows 7? Yes, it's a great feature if it's available, but once you start adding such caveats, one might as well point out running Firefox under SELinux/Apparmor in Linux is pretty much as secure. Now, if you mean as for the general public having recently (ie, the last few years) bought a computer, you're probably right; they're likely to be using a proper version of Windows and have auto updates set to have the latest patched IE8. Still, the fact that so many people are using XP really should result in at least a marginally more nuanced statement instead of making statements based on one or more grand presumptions.
"By default", IE8 isn't even installed on XP or Vista and in all cases there's a need for patching. Truthfully, I'm not certain, but Firefox might be compiled with stack protection anyways, so I'm not even sure if DEP is really necessary for Firefox. If DEP is necessary, then yes, for many home users this is an issue because users might be oblivious to the need to enable DEP. But on corporate networks, at least, it would be par the course of configuration that DEP would be enabled.
Why would you need to patch a fully patched IE8? :) Seriously, though, I've heard this complaint, and it seems a valid one. However, if you do run a corporate network, I'm pretty sure the "pain in the butt" nature of deployment isn't going to stop you from choosing Firefox over IE8. Why? Because the risk increase of dealing with infected networks is probably a greater "pain in the butt". But, odds are good that the IT staff have no real say in what's used anyways (consider the repeated statements of IE6 still being used because of corporate intranet applications), so all in all it's a moot point.
In large part because, as you point out, it's impossible to make a house physically secure (although security guards can hypothetically do a good job). Similarly, it's impossible to make a computer physically secure (after all, it's in a house or building and those security guards still aren't perfect). Meanwhile, software, being a virtual good, can actually provide absolute security within the confines of the computer that runs it being physically secure. Hence, there's a higher standard held on software.
No. In both situations, the wrongdoers are the criminals. The issue comes to the point, really, of whether any blame can be put upon the constructor of your house (or its parts) and the constructor of your computer (or its parts). For homes, if someone sold a lock that, as sold, should be reasonably able to stop being hacksawed through was in fact hacksawed through, you'd still have reason to blame the lock maker. Similarly, software that is clearly defective against what it reasonably should block would leave blame upon the software maker. The issue, then, is merely that Microsoft (and most software makers) regularly admit their software is faulty (the need for Windows Update). The only real thing left, then, is to point out that Microsoft has such a poor reputation, no person should reasonably expect their software to be secure; if that's your position, I agree that blame is being badly cast on Microsoft.
Again, software can be actually made secure. Most the "easy" exploits have been fixed because they are actually fixable. There's nothing you can do to prevent a teenager from being able to break into a house (well, not legally, anyways); you can in many states/areas shoot the teenager after they enter. The comparison is rather apple and oranges.
Yes and no. Everyone tends to have some sort of slant, but how much they choose to reign in that slant and the extent and kind of the slant actually expressed varies. As far as news goes, I'd say things like the BBC and the Newshour on PBS both do rather good jobs of covering the news, although both express clearly British-centric and American-centric slants. Given your latter point, I think it holds true. I'm more interested, in general, to hear about American interests than, say, the local news of Mumbai, India.
Actually, the interesting part about Fox News is it spends much more time focusing on sex stories than other news. This, of course, doesn't excuse CNN/MSNBC which seem to have a faux celebrity fixation. Overall, though, no news should be slobbering over any politician or critiquing policy. It's the job of news to, you know, report news. The real issue, then, is Fox News, CNN, and MSNBC aren't news networks (just MTV isn't music television); they're 10% or less news and 90% opinion or other fluff. The real answer to that, of course, is to stop watching Fox News, CNN, and MSNBC outright.
Granted. You should watch "Worldfocus" on PBS (or visit worldfocus.org) to see some strong non-America bias (note, I didn't say anti-America bias). It might give you some more perspective on where bias really lies in many news shows. There's also, of course, Iranian news to watch. If you're one of the people who watch Fox News precisely because you know where their biases lie, you'd probably love Iranian news.
So, are you more interested in oneupmanship and glory or actual discourse? Modding can be useful to filter needless cruft. But trying to "pwn" people and get a medal for it really seems pointless; if you have enough of an ego to believe you're right on an unprovable subject, why do you feel a need for validation?
More like, 'Google calling its browser "Chrome(tm)" would be like calling a windows based GUI "Windows(tm)."' But, then, you'd have 'Google calling its browser based OS "Chrome OS(tm)" would be like calling a windows based OS "Windows OS".
Not really, no. Consider that for protein encoding, there's a mapping of 64 codon combinations to create any of the standard 20 amino acids (and a few stop codons). Ie, if there was a specific protein that there was a selective pressure for and the gene to produce that protein was 20 codons long*, there'd be ~4.85 million possible genes that could exist to create that protein. Now, presumably this is the case because selective pressures have selected our first ancestor as the right balance of protecting against destructive mutation and there being enough phenetic change that selective pressures will actually leave an organism alive after the environment changes. So, one would also presume that the junk areas of DNA also have a certain level of resiliency to mutation (ie, that there's probably a many to few mapping for whatever function they have, although the exact ratio is probably not the same ~3:1 as gene/protein mapping).
In short, even presuming there were a joint selective pressure and that there was something equivalent to "one true path" to the necessary result, the actual encoding is unlikely to be identical in multiple species, regardless.
*Throw in a stop codon, and the actual gene could be much longer and have a lot of junk codons. And this doesn't even get into weird things like badly formed nucleotides in DNA.
The existence of mirrors is a physical impossibility and a lie!
The 'Disney model' in this discussion (ie, vs the 'Google model') is about a copyright holder, well, holding a copyright. The 'Google model' is about the "free and open dissemination of information and literature". It sounds like Le Guin is convinced that without a Disney model to finance authors, there can't be a Google model to make the work widely available. Even if such were true, trying to attack the 'Google model' only works towards stopping the "free and open dissemination of information and literature". If Le Guin truly believes that 'the Sonny Bono act as "the recent excessive extension of copyright term by the U.S.A, which has imperilled the international copyright system"', work towards reducing copyright's term should be where she should be petitioning. But, then, I guess, she thinks she can possibly win a PR fight against Google and not against Disney.
If the 'Authors Guild' doesn't represent her, then it doesn't represent her. She can readily issue a takedown message toward her book with Google as if the Authors Guild negotiation had not been signed or existed. Google brazenly putting up books without getting an author's permission, directly or indirectly, is no different than ROM sites putting up ROMs without seeking approval of the copyright holder. Takedown messages tend to be the extent of the legal action, but there's nothing stopping Le Guin from suing Google is she feels so strongly about it.
Yes, but there are also significant disadvantages. I'd say that there are about 5 major ways for a person to make software available to themself.
In the real world, all five variations tend to happen in an industry. Option (1) has the main disadvantages of duplicating work which is obviously more costly. Option (2) cuts down on duplicated work, but since an industry-wide vendor has a quasi-monopolistic position and all software is custom, there's a good bit of markup on what you can buy. Option (3) sounds great, especially if need no modification done or little modification and the code is available, as usually a boxed solution is a good deal cheaper than a custom one; however, option (3) in many ways is a special case of option (5)--ie, you're restricted mainly by what's already available and many times no company is producing software close enough to what you need and it's really non-trivial to shoehorn the available software to your needs ("if you build it, they will come" might hold true, but "if you want it, it will be build" doesn't generally hold true). Option (4) seems like an attractive offer, as it can cut down on a lot of costs and needless markup, but one company can effectively run the consortium for their ends, there can be a solid lack of direction which can eat through money, and (in the case of an open license) the software created can significantly reduce the barriers to entry for newcomers. Meanwhile, option (5) alone is usually wishful thinking, unless the software is already mostly made and you're willing to consider option (1) or (2) for improvement.
In short, the story is more complex than "commercial" or not.
That highly depends. "Fly-by-night" contractors, vendors, etc don't necessarily suffer much from accountability. Once they have your money, they'll provide enough of a piece of software that at least some companies are unlikely to sue over substandard work because the actual return from a lawsuit is less than the costs. And while you can try to blacklist companies/individuals, it's quite possible they'll just move on to another industry while new "fly-by-night" companies/individuals take their place.
In short, accountability really only works if you presume that you can avoid paying them at all or that they have an expectation of multiple/continuous payment and you can deprive them of that. There's enough one-off scenarios, though, that a lot of accountability does not exist in many spheres of industry (or politics, for that matter).
Just because you don't eat for free at the local soup kitchen doesn't mean you have to get your lunch from a fast food joint.
I see. So, because IE6 is so horrible, people should...use a newer version? Why not uninstall it? Oh, that's right, you can't without hacking the installation and/or directly deleting OS files. And if you do, you break all sorts of that "enterprise" software. Meanwhile, if you do upgrade, you're generally just as at risk with IE even if you don't run iexplore.exe.
So, for a different reason, I agree with PCWorld. Not using iexplore.exe would give companies a false sense of security. The only solutions to solving the long-term problems with IE is to either rip out its components as best you can and deal with the consequences (like making sure updates don't reconstitute parts of it later) or stop using Windows. I don't think most companies are really in a position that the latter is a viable option, and I'm not really should how viable the former really is.
Even more technically, rationality in game theory is based upon Rational Choice Theory, in which "'rationality' simply means that a person reasons before taking an action" and of which all its model "all assume individuals choose the best action according to stable preference functions and constraints facing them." To that end, there are both risk aversion and gain maximization strategies. The issue then becomes that a Vice Principal or most middle management in general has very little possibility to maximally gain if they're generally unqualified for very high management positions* or if simply those positions don't grant you very much advantage over your current position. Hence, I'd argue that most managers are in fact risk aversion, CEOs are more risk taking, and companies (and schools) try to make higher positions look tempting enough so that middle management doesn't just slide into heavily risk aversion behavior.
*Consider that in a situation where you could have an 85% of continuing as normal for years if you're risk aversion, then to overall commit a series of actions that only has about a 50% chance of succeeding, the reward would have to be a 70% reward. I'm not sure, but I don't think the Principal or Superintendent makes 170% of what the Vice Principal makes.
Looking further, on Salary.com, I get some funny results for the United States. Median Elementary School Teacher pay: $50,227. Median High School Teacher pay: $52,372. Median Assistant Principal pay: $75,402. Median Prinicipal pay: $73,536. Median Superintendent pay: $74,733.
In short, on probability it makes sense for teachers to go from 85% safe to 63% safe (or 99% safe to 73% safe) but management looks like it should try to stay as safe as possible, unless it's eyeing to leave the school system for a better management position.
And, I'd argue that that is risk aversion. The idea is pretty simple. If you're a common person in a position of authority, you can take the "gut instincts" position and most other common people will not retaliate against your decision, no matter how irrational, because they would have made the same decision. Look no further than how many people in the US seem to choose Presidents based upon "I could sit and have a drink with him", not "he's more qualified than me and would make better decisions than me"**. Being able to shoot from the hip and make generally agreeable statements and positions is more likely to make you popular than being considerate and stable, carefully weighing your choices. Since, short of gross negligence/rule violation/law violation, a Vice Principal is only likely to be fired because of voter pressure on the School Board, gut instincts seems like the natural way to act for the position.
**The latest election of Barack Ob
You misunderstand rationality in game theory. Rationality in game theory is more concerned with risk avoidance, not gain maximization* (ie, managers would rather have a consistent fuck up than a high achiever that might crash and burn or simply leave the company**). More importantly, most management seems more interested in short-term risk avoidance and not long-term risk avoidance (think the difference between a person playing chess who makes the best trade-off for one round, purely on the value of a piece, vs the strategist who predicts many moves ahead and considered the value of many pieces in unison for the later state in the game).
* This is an important point about rationality in game theory, actually. Consider the classic Prisoner's Dilemma.
** Look no further than how people consider Steve Jobs relationship with Apple and the tech market at large. There's a good deal of irrationality going on there. Whether there's hyper-rationality going on is another matter I'm not sure about.
At my school, we were actually given copies of the policy to read and at least at one time to sign to verify we read it (or we gave it to our parents, I forget which). One of the more amusing sections was the section that covered the sort of weapons that weren't allowed on school grounds, including things like most firearms (explosive or otherwise propellants), incendiary devices, grenades, exploding missiles, etc. How it was worded, at the time, I was pretty certain that one could probably construct something valid under the rules which clearly went against the intent.
Never the less, my point would be not so much that I disagree with the spirit of what you say. If I had tried to bring an effective weapon on school property, I doubt pointing out the clear legalize of the school policy would have protected me, just like I'm sure in this situation the school will warp some clear legalize to make what was done against policy. But, then, that seems to be the general rule of things when there's an outrage on when something is done and there doesn't exist a rule or law to cover it (the cyber-bullying suicide thing comes to mind). The only real solution to that is, in the long term, enough parental involvement so the person in question is fired and it's made clear that people are more interested in seeing the rules/policy/law followed and amending it as necessary (I don't think this situation requires the latter) than getting a cheap thrill with vengeance. That doesn't solve the problem, but hopefully it'll minimize it.
Of course, given this is the internet and one is now much more likely to hear about all the worst abuses of power in schools and such, perhaps it's the outrage that is what really should be changed. Yes, abuse likely happened, but getting in a froth over this infraction of rule enforcement in some search for perfect justice might be a bit much. Calmness might be the better course.
Teaching may select out that characteristic, but management seems to select for that characteristic. The person in question was Vice Principal. If the theory holds true that bad engineers in companies are promoted to management to avoid causing actual damage, you can easily imagine what happens in schools. (And yes, like most stereotypes, even if it were generally true, it's almost certainly not absolutely true. But, what sort of person would spend years to get a degree to teach, just to take the position of Vice Principal and be stuck primarily discipling children? And if they're not a teacher at all, why, as a manager, would they want to work in a school?)
Nothing about net neutrality law prevents them from throttling P2P traffic per se. The issue is quite simple: if the heuristic of throttling is based purely on amount of use, regardless of what that use is or from/to whom it is, it should be fine. The trouble comes in when a company throttle certain types of traffic or from/to certain providers. P2P might be the threat of the day, but there's still plenty of large volume ftp sites out there, and there's no real reason to not throttle them for a user if they use ftp more than P2P.
Quite simply, developing special technology for one application or set of applications is stupid anyways; it means having to create a new tool each time the public shifts in their heavy data usage. Well, it's not really stupid if the throttling is targeted specifically to cut down on bandwidth available for a competitor's or partner's competitor's product. But, then, that's precisely what net neutrality is designed to address. Having said that, I'm not sure how you can address things like VoIP or other emergent low-latency demanding software without special exceptions in the net neutrality law (and regular revisions), but the whole P2P throttling thing for bandwidth reasons is clearly a red herring.
More correctly, I think, publishing information new zero-day flaws puts in the hands of many more black hats sooner; ie, as you point out, some might very well already known the flaw and are unlikely to tell anyone, even other black hats, about it.
The problem is, just because you don't know if a flaw is being exploited doesn't mean it isn't. The only real step to avoid the flaw not being exploited is to not use the software in question, and the only way for users to make that choice is to know the flaw exists.
Why should the software owner receive any grace to look at the issue? The fact is, effectively the software owner has had the grace to fix the flaw since the very moment they created the software (which presumably was a while before they released it). Personally, I'm more concerned with giving users protection than giving software owners grace. Now, I can understand trying to get the software owner's help to fix, advise to work around, or advise how to block or recognize attempts to exploit the flaw, but that's in the realm of a reporter asking those questions of an individual/company and at most likely giving them a 24 hour window for a response before they print their article.
Which comes back to the issue of a timely manner. I can see, in a few rare circumstances, where a reporter of a flaw might wait more than that 24 hour window I mentioned (for example, to advise and give some time to governments, large banks, or other institutions for which exploits could lead to severe (read "nearly economy wide or equivalent") social harm), but even that window isn't much longer (perhaps 48 or 72 hours?). Even then, this window is more of a courtesy than a real necessity. Again, the point is more really to obtain information to help contain the risk or obtain confirmation that someone in a position over a lot of critical infrastructure has taken, probably drastic, steps to remove or reduce the risk of the flaw. Waiting around for a fix or binding oneself to the whim of a vendor might help the vendor, but for users who actually care about their security it does them no favors; and those that don't care don't really have a position to complain about the reporter if they chose to use flawed software (complaining about the exploiter is another issue).
Almost granted. I can imagine in some special circumstances that exploit code or near exploit code might be necessary to prove to security experts and the public at large that a flaw is real. And while it sounds nice to just give the code to a few trusted security experts under some sort of NDA, I think the SCO case has shown how much you can trust people under NDAs when it comes to verifying the code claims of a potentially biased individual/company. Sometimes, a great deal of transparency is necessary for seemingly extraordinary claims*.
*Look no further than the steps that are still being taken when it comes to global warming. One could point out that not enough data is being released even if one can reasonably argue th
...in the late 80s using components* sold by Europe and the US to Saddam in his fight against Iran.
Which is admittedly quite horrible, but we didn't bother to do anything in the first Iraq War over those atrocities. And we sure as hell didn't go to Iraq under the banner of vengence or justice for those deaths. The bedwetting came from doom and gloom predictions involving the death of someone they actually cared about: themselves.
And of course, we didn't take his word for it. Instead, we (ie, the US, the UN, and Europe partially separately and partially jointly) had inspectors, convert intelligence, spy satellites, and analysts to check on his activities. And even though Saddam repeatedly kicked out the inspectors, all the collected intelligence left most of Europe and the UN convinced that while Saddam had desires for chemical and nuclear weapons, he was still being effectively sanctioned against actual acquisition and construction of them. Even the US intelligence was sketchy at best, at best implying he might have some of the components necessary to construct either chemical or nuclear weapons, but that he was not an imminent threat (ie, it would take at least a few years to get to the point of actually constructing such weapons, even under the most optimistic circumstances and known intelligence).
That is quite so. Having said that, if you're willing to acknowledge that the US should be the policeman of the world, you should also be for the US joining the ICC (unless of course you believe the US should effectively become the judge and jury of the world as well). As well, neocons should have been quite honest in their intentions to seize Saddam for crimes against humanity instead of bolstering a rather fictitious threat. Of course, seizing Saddam wouldn't have required invading Iraq or toppling the government per se**, although it might have been necessary to maintain stability in the region.
*My understanding is, under international law, it was illegal in Europe and the US to sell chemical weapons (or more specifically, WMDs (chemical, biological, or nuclear weapons)) to other countries. However, if a chemical weapon required components A, B, and C, the US could sell to Iraq difficult to produce component A, a European country (I think France was one that did this) could sell to Iraq difficult to produce component B, and Iraq could buy or produce component C relatively trivially. In short, the US and Europe conspired to provide Iraq with chemical weapons in their fight against Iran. Now admittedly, the US and Europe didn't do this to specifically help Saddam facilitate gassing his own people (although at that point, both the US and Europe knew that Saddam wasn't above things like torture, killing his own people, etc), but the main reason the sale of WMDs are outlawed by treaty by so many countries is WMDs are indiscriminate, mass killers (admittedly conventional explosives are too to an extent...which is why there's been a lot of international push to ban the sale or use of anti-personnel mines and things like cluster bombs); ie, the US and Europe apparently wasn't overly concerned about mass Iranian civilian deaths. So, I'd say they were partially morally culpable regardless of Saddam's actual target.
**Saddam was, in many ways, effectively the government, but one of his sons (presuming they weren't arrested as well) or another person in his regime (again, all those who weren't arrest
When you think about it that way, public disclosure of a vulnerability ASAP (ie, even before telling the vendor) is actually responsible disclosure. For many 0-day flaws, the only real protection is to stop using the effected application. And while many people are willing to take the risk and continue to use the application, clearly companies like Google (and Microsoft, for that matter) have a lot to lose if a country like China were to obtain information about its customers through one of it's employees innocent use of an application.
In short, for all the discussion of the hypothetical black hats who would use every vulnerability available to them, especially the ones not public yet, I think this presents a pretty clear picture of a real state-backed black hat doing just that.