Having spent a little bit of time looking at a sample of video's regarding vaccination on YouTube, I should point out that comparing the videos with a negative view of vaccination to your post is not really fair. The wording used in the article was "misinformation", presumably doing what you have done above which is provide accurate (or at least potentially accurate) information about the potential risks of vaccinations wouldn't count. A moderate number of the videos listed would have you believe anything from there being a significant risk of autism if you have a vaccine, to the fact that vaccines are being used by the UN to reduce the human population to 500 million. Many of the videos contain either false information or simply imply that something is bad without real reasoning.
I doubt that anyone would wish for the risks of vaccines to be hidden from the public, as long as they are shown in a manner that is realistic and in relation to the risks of not vaccinating. As I have said before in a thread above, vaccination isn't really about protecting the individual, its about public health, protecting the population and ensuring that the diseases that are being immunised against are controllable and have minimal impact. Vaccinations are cheap, treatment isnt, but in some cases the population is only really protected if you have 90%+ of the population immunised, as such people need to know that they really are risking others if they decide not to immunise their kids.
Videos and misinformation aside, I cant quite imagine what my reaction would be if I or my children where the ones living with the results of that minimal risk rather than with the benefits of the immunisation, if I may ask; would you counsel for or against the MMR if asked?
...will eventually lead YOU AND ME to pay for the medical and social costs... Immunisations are a public health measure, they are not intended to protect the individual, they are intended to protect society as a whole. If people decide not to get vaccinated (or worse prevent their children from being vaccinated) then the risk does not just effect them and their children but also anyone else who is either not able to be vaccinated (young children etc..) or for whom vaccination wasn't an option previously (the elderly).
The fact that people are ignoring medical because they feel able to form their own opinions based on sound bites and media reports is very dangerous, but given that seemingly credible researchers are also spreading misleading information is even more so. The UK saw a major downturn in the uptake of the MMR vaccine recently due to a scare that linked the vaccine with autism, something later found to be false. The medical advice was that even if the initial report of the link was true, it would still be less dangerous to have the vaccine than not. Now I am sure that there were and will continue to be costs involved in dealing with effects of people not allowing their children to be immunised after this scare, but that is not what concerned me most, what concerned me was that, because a 95% immunisation rate is required for the measles element of the MMR to be fully effective and since only 80% (approx) was achieved due to refusals linked to this scare, for the first time in over a decade we saw measles related deaths and the number of people who caught the disease (and were therefore at risk of all the related complications) increased drastically.
Presumably the standard submitted was sufficient that any person wishing to do so could use it to create a standards compliant PDF viewer/writer without hitting any major technical or partially documented issues or ambiguous 'IP' concerns. The OOXML standard didn't fail because its a Microsoft format, or because it's proprietary, it failed because (reportedly) the standard document contained ambiguous elements and was insufficient in itself for a third party to fully implement the standard in their own applications.
Of course the various other shenanigans (such as alleged bribery attempts and quasi ballet stuffing) that plagued the OOXML submission probably haven't helped either.
First off, fair use doesn't exist everywhere, so for most people making a duplicate of a song, like any other work subject to copyright is an offence.
Secondly, you can state that taking a copy of something is stealing if you wish, that doesn't make the assertion valid, making an unauthorised copy is a violation of copyright, it is not stealing. My previous post covered most of why think that, and you have ignored most of it, but the point you took up is fairly important part of it. It does matter that the owner of a copy or the rights holder is not deprived of a copy, it makes the violation of copyright harder to spot and changes the way in which the victim of a breach of copyright (if you can use that phrase) feels the impact of the copying, this in turn changes method used to reclaim damages and the way in which damage can be assessed.
Copyright violations are wrong, they are illegal, they are not and should not be deemed as theft/stealing.
Here are some other things you could define as 'stealing',
Tax evasion (Deprives the state of cash so is stealing from the tax payer) Littering (Costs the community money to clean up so is stealing from the community) Insurance Fraud(Costs the insurer money so its stealing from your insurer)
In fact you could almost define every violation of the law as stealing in one way or another (less rape, murder and some traffic offences) but that doesn't make it accurate or right, call a spade a spade, that way people know what you mean.
1. to take (the property of another or others) without permission or right, esp. secretly or by force. 1a. To take suggests that the item being taken is no longer wherever it was before being taken, copying does not deprive the original owner of access to the copied item. Its still not right, but it is not the same. For example, stealing a CD deprives someone of the true cost of that CD (maybe £1), it also potentially deprives them of the sale of that CD (say £10). Buying and then copying that CD and distributing the contents causing no actual loss at all, but it does cause significantly more potential loss (£10 x the number of copies). So take and copy are not the same, in this context that is quite important.
1b. 'Intellectual Property' and actual property are so different as to make them incomparable, firstly actual property can be assigned a real value (usually the cost it would require to replace) which is usually determined by how scarce it is, intellectual property has no real value and its scarcity (or lack thereof) is defined artificially by whoever derives a benefit from it. Not to mention that the value of an idea or concept are impossible to accurately value unless you realise them.
1c. Rights are defined differently in different areas and are not the same when referring to real property or intellectual property, for example I can grow and sell potatoes, but my rights extend only to the potatoes up to the point of sale, I can't prevent you from selling them as chips to the public (a derivative work) or using them to grow more potatoes (copying). If I were selling a song or a book then I would have additional rights to that book even after you purchased it. As such rights in both fields are different.
Now as I said, I find the violation of copyright for the purposes of distribution reprehensible, I think it is probably more serious than 'stealing' (although less serious than piracy), but I would deem ripping a song so that it can be used on an MP3 player, or backing up DVD's so that they can be recovered if your 3 year old trashes them as reasonable acts (you would presumably consider both as stealing).
Equating a copyright violation with stealing is disingenuous and in my opinion rather stupid, there is too much difference between the two to make them easily comparable, a massive breach of copyright can be carried out with little or no preparation or skill and can cause significant losses without the recipient or the rights owner of the copied items being aware or concerned. More importantly it is almost impossible to accidentally steal something (because you didn't realise you were doing it) in a manner that leaves no one out of pocket; the average person thinks that it is OK to rip the contents of a CD they own and place the contents onto an MP3 player, of course if copyright infringement is considered stealing then that person has stolen x number of songs, after all the MP3 player would now contain unlicensed copies, that person would be unlikely to realise that they had done anything wrong.
If you selectivity quote parts of a sentence you can claim I mean whatever you wish, doesn't make it true, I stated that vulnerabilities were an indicator as to an OS's security, but that they were insufficient on their own to be definitive.
The quote was
Oh its 'a' measure, and if like BSD you can claim close to 0 vulnerabilities then that is a good indicator that the OS is secure, however it is worth nothing on its own. So I stated it is a single measure (and is not comprehensive or definite) I stated having close to 0 vulnerabilities was a good indicator of security (but not proof of it) I stated that such an indicator is worth nothing on its own.
Lets say you were looking at a list of potential employees for the post of CFO, on that list there are three names.
1) John Doe - 0 convictions for fraud 2) Jane Doe - 8 convictions for fraud 3) Jack Doe - 12 convictions for fraud
Does this list indicate that John is the safest person to employ? probably (you still need more information), does this list indicate that Jane is a safer bet than Jack? No, it indicates that both Jane and Jack are unsafe choices.
In the case of security vulnerabilities, it is much the same, they are not indicators of security, they are indicators of the opposite, vulnerability. The BSD case is unique as the number of vulnerabilities are negligible, they indicate that the OS has fewer flaws than any other, it does not prove that it is secure, it indicates that it may be more secure, however more information would still be needed to prove that.
Now, to turn this around a little, given that the current Mac / Linux vs Windows argument seems to some degree to include the caveat that since there are less Linux and Apple machines out there, one would expect to see less vulnerabilities (if the install base was larger and more lucrative there would be more found), and given that Vista's install base is small, you could use that same argument to suggest that as Vista gains in popularity more vulnerabilities will be identified. I tend to disagree with this because vulnerabilities are only single data points with regard to security, the underlying technology and other security mechanisms are at least as important when determining security.
So to conclude, I categorically do not believe that the number of security vulnerabilities identified in an OS are conclusive proof of a systems security, quite the reverse they are indicators of insecurity, although they can be used in conjunction with other data to give a rounded picture of OS security at any point in time.
Now, this thread is getting a little long, so if you wish to have a more direct discussion of the issues we are trying to address, I would be happy for you to send me a more complete and conclusive document outlining your views, with your consent I will then rebut anything I feel is inaccurate, inappropriate or false and then publish both your original and my rebuttal, Again with your consent I would be happy to make both of these documents available to my customers (and anyone else) so as to ensure that any advice I give with respect to these issues is both in context and transparent and also that an alternate viewpoint is available. My email is visible (albeit with some jiggery pokery) with these posts, as is info about my company, so you can contact me directly via any of the methods you find.
I would appreciate it though if when quoting me in order to inform me what my opinion is that you do so by quoting things n context rather than selectively.
...tends to refer to a building block made out of clay and they are all approximately the same size Hmm, not in my experience, I have 3 distinctly different sized bricks used within the four walls of my house, (I'd go and measure but that's a little too much effort) large ones (in length) used in the exterior walls, those are about 120 years old, smaller wider ones used within a partition wall around a 'hatch' (not half bricks mind you), and modern bricks (the kind Barrat type homes are made out of)where parts of my cellar have been bricked up. Now, I don't know when brick sizes were standardised but I guess its somewhere between 1900 and 1950. The hard part is getting replacement 1870's bricks of the same size and type (to repair ones that have split), mainly as they are expensive and hard to come by, I guess because most of the ones I have come across are reclaimed. If I didn't make it clear, I am in the UK.
As to 'bricking' parts of a PC, you can, but you cant 'brick' a PC, it is always recoverable, (even if a single component is beyond economic repair) because replacement components are available, usually at considerably less than the cost of a replacement PC. I wouldn't consider a PC with a badly flashed BIOS 'bricked' any more than I would see one where heat has damaged the main board so as it requires replacement as 'bricked'. After all the PC is recoverable, a router however that has been badly flashed would require replacement or repair by the vendor.
As my sibling notes, and as a Brit, I would assume bricked (in a non IT context) to be analogous to knifed, bottled or booted, neither of which would indicate turning into the item used, but rather that the item was used in some manner that brought it into close, or often intimate proximity to the person being knifed, bottled or booted. However, I assume it is still considered poor form to use a whole brick when throwing it at an individual (half bricks do as much damage for half the cost in terms of energy and resource after all) so someone being halfbricked may be more appropriate.
In the IT field, rendering something beyond user repair would probably be considered as a definition of 'bricked' and frankly I wouldn't be surprised if this usage was of British origin (After all doesn't bricking mean that the device is now only useful as a brick? sounds like British humour, our colonial cousins would probably prefer to say that it was functionally impaired, or that it had died in service to its owner (or some other sentimental rubbish), not only that, I bet they'd try and sue the manufacturer for the emotional trauma of having had their electronic friend expire in such an appalling way..).
Anyway, given the definition as I understand it, I would see it as having some of the following possible synonym's for a Brit ; broken, knackered, dead, kaput, and that noise you make by inhaling air between your teeth (the last only applies if you are either an IT contractor or a customer facing employee involved in retail technology sales). I would probably go on to say that 'bricked' can only apply to non-user serviceable devices, I can brick my PDA, Routers and Digital Camera, (well if I was an idiot and didn't know what I was doing I could) but not my PC (as I can replace pretty much any part, hardware or software without needing to send it back to the manufacturer).
Oh, and 'it was about the size of a brick' doesn't sound like a phrase I have come across, but then maybe its because I know that there are many different sizes of bricks out there, now if someone could tell me why the bricks used to build my house (in 1870) are so damn expensive to replace and hard to find (in colour and size), Id be happy. In fact 'about the size of a brick' sounds like a suspiciously foreign phrase, possibly French, or German (I bet all the German bricks are the same size!), which would also tally with your slight misuse of shitting bricks (in a public forum a Brit giving an example would surely use '*they* were shitting bricks' (unless of course you are southern, which is almost French anyway)).
I use Debian, frankly I can't remember when I last reinstalled the OS on my main desktop, sure I've dd'd my way to new hardware and update/upgraded along the way, but reinstall? Nope.
I agree that it does not render the MAc bricked, but I'd dispute that reinstalling an OS is routine. It might be simple, fast, easy etc.. but its not and shouldn't have to be routine.
Lets look at that sentence...
if like BSD you can claim close to 0 vulnerabilities then that is a good indicator that the OS is secure, however it is worth nothing on its own. I'd agree that it is a useful indicator, but I don't agree that if OS A has 10 vulnerabilities it is more secure than OS B that has 100. There are too many other factors that come into play when defining secure.
Lets look at that sentence...
if like BSD you can claim close to 0 vulnerabilities then that is a good indicator that the OS is secure, however it is worth nothing on its own. I'd agree that it is a/b. useful indicator, but I don't agree that if OS A has 10 vulnerabilities it is more secure than OS B that has 100. There are too many other factors that come into play when defining secure.
The only thing that slightly perturbs me in this case is the fact that a disgruntled employee / competitor has the potential to cause administrative stress for the company he/she has left (especially if the requirement to have receipts is correct). But then personally I wouldn't agree to an audit from the BSA (and nor would my board..) that would presumably be the end of it, primarily because there is no unlicensed software in use within my organisation and I doubt anyone would go so far as to lie to the police / judge etc.. in order for a warrant to be issued. After all I have a requirement to protect my networks and IT system from untrusted parties.
At least if you get a letter from the BSA or its local equivalent you can refuse to allow them to carry out an audit (the letter I received indicated that they would carry out the audit and then bill me for the service...). I assume that that is no different in the US.
Oh its 'a' measure, and if like BSD you can claim close to 0 vulnerabilities then that is a good indicator that the OS is secure, however it is worth nothing on its own. Security is not just about how many remote exploits there are, or how many bugs where found in XYZ, there are many many facets, an OS needs to address most of them. That includes things like sensible default configurations, sensible privilege escalation, usable GUI's, logging, ability to monitor, encryption. A large proportion of security issues for businesses come from inside their own networks, simple mistakes by a user can put massive holes into corporate security systems.
As an example, if I have a database that is totally secure in every sense against every type of local or remote attack known or conceived, it doesn't mean that that database is secure. If the database implements no sensible privilege system (so everyone is sa/root) and has no capability to log activity, then anyone with legitimate access can take what they want and get away with it. Sure you could argue that that isn't a vulnerability in the database, but it is, all risks that can be mitigated should be mitigated (if it is cost effective, you don't spend £1,000,000 to prevent a potential single £1 loss, but you would spend £1,000,000 to prevent 1,000,000 potential £1 loses, or a couple of potential £500,000 loss).
The key is providing that security, implementing it in a way that isn't a burden on your end users (or they'll ignore it, turn it off or try to bypass it) and allowing the end user to make their own decisions as to how much they require (so they can address the threats that they face, but can enable insecure actions if they feel a requirement to do so), all that with a good default configuration and you have a secure system (give or take).
Security vulnerability counts on their own, or with one or two other metrics are not sufficient to prove that something is secure. However organisations will happily point to a single metric if they feel it proves their case.
My prime concern with GM foods is the copyright / patent element, although this extends beyond GM foods into conventionally modified varieties as well. The fact that in many areas it is now a requirement that the crops grown come from licensed seed types and those types are owned by the suppliers not the grower may cause fairly large problems down the road.
The main issues I see (other than the ones you already pointed out) are the fact that 'heritage' varieties are being lost, simply because the new GM replacements have better guarantee's as to the end product, biodiversity is reduced which in turn makes large scale crop failures more likely (i.e. there is a single point of failure as all the plants are genetically similar, a single biological or environmental threat could destroy an entire crop). I would also suspect that monetizing this seed IP could well lead to higher seed prices (you get a higher yield after all) which may be an issue for smaller farmers, especially subsistence farmers.
AFAIK The health elements of GM seeds have not been fully investigated, nor will they be (no one investigated the health implications of new varieties created conventionally after all) so the potential for problems exists (the BSE crisis in the UK was caused in some degree by modern and more cost effective farming practices after all).
The biggest problem however is not with GM itself but the fact that it it now impossible to have a discussion about any remotely controversial scientific topic without it becoming a contest of marketing efforts, both sides (and there generally are only two that are heard) making false claims or overstating risks or benefits and most importantly trying to turn complex issues into soundbytes.
Ha, I think we are talking ourselves round in circles. Yes I think that Vista is not a benefit in terms of cost vs improvement to he business user (home being a different matter), and I include in that security improvements, I think I have detailed why earlier. I agree that XP doesn't inspire confidence, after all there have been so many blunders over the years that it'd be foolhardy to trust there to be no more, but we heard that SP1 and then SP2 (and now SP3) would address those issues, even though they didn't fully (SP2 certainly made significant advances). I would say though that Vista hasn't earned my trust nor should it have at this point, although it may over time. The whole re-write thing I would take with a pinch of salt, parts have certainly been re-written, other elements don't seem to have, or if they have been then they were re-written by the same people who wrote them the first time and with access to the original code, as demonstrated by the fact that there are still exploits that affect both Windows versions. Most importantly I find it difficult to separate the actual performance of the OS and the hype, both of which damages (in my view) any reputation that Vista is building. I also wouldn't categorise Vista as 'more' secure than Linux or OSX (I note you left off BSD) simply because its almost impossible to compare the two with any confidence or certainty, both can be maintained in a manner that is as secure as the other, but that bears no relation to real life deployments either. Last point (and it was my first point in this thread too), the number of vulnerabilities detected in an OS alone is not a good measure of security, it disregards many other key issues and fails to show anything other than how many issued have been detected *and* released to the public in a certain period, they do not indicate future performance and probably only represent 30% of the potential attack vectors in any case (with the user being the number 1 vector). Vista is certainly more secure than previous Microsoft OS's though.
I see vista as a possible step in the right direction, time will tell. If it does you will see faster migration to it by businesses, if not then the upgrades may happen as and when hardware life cycles allow, and only if the infrastructure is capable of supporting Vista clients.
I agree that if there is a problem it needs sorting out, preferably without anyone having to sue anyone, or any other court intervention, but its not the same a stealing something (arguably its worse) and should not be characterised as such, in this instance it is probably an accident, and may well be an accident on the part of whoever supplied the OS rather than ASUS. We, the F/LOSS community need to try at least to be a little less offensive when it comes to stuff like this. If there is a problem, talk about it, don't shoot first talk later, and the permanent cries of ha! GPL violation, we're going to sue!!! are also counter productive, I'm sure the FSF would agree that legal action is something of a last resort rather than an initial response.
OK, I can see where you are coming from then, I read quite a few of your posts in other areas and you seem quite a sensible kind of person, hence the fact I am continuing this debate and haven't resorted to offensive retorts to some of your more personal comments, however in this case I think you are wrong, and rather than busting FUD (Which is a rather noble aim) you are perpetuating a rather more optimistic view than is warranted, if I were you I would be aiming somewhere in between, i.e. realism.
My point was and is quite simple. Vista is more secure than XP, Vista is not as secure as it is claimed, Vista does not have sufficient benefits to make migration by businesses a realistic proposition at this time, there are a multitude of reasons to use Vista in certain very specific areas, or for specific roles but not as a general purpose OS across an entire business.
If you are a home user, an upgrade to Vista is probably a good recommendation, this is an area where the added security really can benefit the home user, however migration to Open Solaris, BSD, or GNU/Linux would provide the same security benefits, if not more for less cash investment (although probably more investment in terms of time and effort), Ubuntu, Kubuntu etc.. would all be suitable for the average 90% of home users for who the PC is an internet/wordprocessor/digital media store (and the XboX/PS2/pPS/Wii is the games console) and is easy to use and install on your current hardware.
Different OS's are better suited to different environments, IF I were setting up a call center where the primary requirement was the ability to see a web page and run a single application to manage dialling then I would be running an extremely stripped GNU/Linux or BSD environment there, no security or performance issues issues. If I were running a marketing company I'd probably run a smattering of Vista, Mac OSX and whatever the latest and greatest Desktop environment was on GNU/Linux. If I had a global corporation with 40,000 XP boxes and 1,000's of 2k3 servers, I'd leave well alone, at lewast until I needed to upgrade the hardware. If I were setting up a new business for someone else and they wanted windows, I'd use Vista.
I'm not anti-vista because I love XP and cant stand to see it go, I just don't see the value in upgrading at this point without some other compelling reason.
I cant seem to find any confirmation of the 275 killed statistic mentioned in the summary, nor the date from which tasers were approved for use in the US (I assume it will have been state by state..) but if its accurate, and the introduction is with the last 3-5 years then that is a fairly damning figure for a non-lethal weapon (its about the same as three years worth of police related deaths of any kind in the UK and that includes shootings of any type, suicide / other deaths in custody, car accidents etc..).
I suppose though that as a percentage of the number of people tasered in total that its a small number and as such maybe its not the taser that is the issue but the frequency of its use... Saying that I'd rather be tasered than shot, which I assume is the alternative in the US.
As an aside, has anyone else noticed how UK police are starting to look more and more aggressive? It seems that utility belts with military style pouches, stab vests, steel toe capped boots etc.. if worn in a suitably paramilitary fashion (with a high vis of course) really can cause an escalation in tension all on their own. I saw a policeman yesterday (in Tesco's getting himself a sandwich and a salad....) in what I remember from not too many years back as a policeman's uniform, i.e. black trousers, white shit, blue jumper (With 'Police' and loops for a radio on it), hat, shiny shoes etc. I realized that he didn't look even remotely aggressive, quite friendly and approachable. Maybe there would be some benefit in making our police look less tooled up and distant, I mean they can still carry their truncheons and pepper spray, maybe they could also get some slightly covert stab vests, basically anything to make them look less like they are looking for a fight, maybe that would be one way of starting to win back the trust and respect they claim to have lost (they could also start walking their beats rather than driving them, that way they might see a thing or two too.).
I'm not being defensive and I have agreed that Vista is most certainly more secure than XP. However when you claim that because X affects XP but not Vista and therefore Vista is obviously more secure, a rewrite and everything is rosy, I felt it necessary to point out that frankly you are wrong.
Now as I have previously pointed out, migration to Vista supported purely on security grounds, disregarding the multitude of other variables and issues that would impact a business during and after such a migration is simply infeasible. Moreover if you are pointing out that Business should be using Vista because of the rewrite, and its apparent massive benefits, then that argument has been significantly weakened by the fact that almost half of all the issues that have hit XP since Vista's release also had an impact on Vista. In my opinion this indicates that the rewrite wasn't enough of a rewrite, and more likely a code review, using the same code but auditing it some limited fashion prior to inclusion.
To answer your question about whether I find it painful that Vista is more secure, I would say no I don't, I find it painful that the information regarding security in Vista is being pushed in such an over zealous way that if close scrutiny is applied to the information being circulated, it it falls apart. The credibility of such information starts to become suspect, and as such vista's credentials as a secure OS become suspect (unfairly so). I do not have any stake in XP's continued domination in the business nor in Vista's success or failure in supplanting XP on the corporate desktop, I do wonder however why you feel the need to press the issue so forcefully.
Finally, do you actually have an argument or explanation that explains why your single data point is more valid than my six, and also how those six vulnerabilities that escaped removal in the rewrite and policy introductions should shape the business communities views on the validity of the processes apparently in place to prevent such incidents?
Slashdot Mirror
Why aren't they worried about Joe sharing images protected by copyright?
Why aren't they worried about Joe sharing written works under copyright?
Why is it (apparently) not possible to turn this protective 'feature' off if you wish? After all then it would definitely *not* be WD's fault...
Buy them again?
;)
Copyright violating scum.
Having spent a little bit of time looking at a sample of video's regarding vaccination on YouTube, I should point out that comparing the videos with a negative view of vaccination to your post is not really fair. The wording used in the article was "misinformation", presumably doing what you have done above which is provide accurate (or at least potentially accurate) information about the potential risks of vaccinations wouldn't count. A moderate number of the videos listed would have you believe anything from there being a significant risk of autism if you have a vaccine, to the fact that vaccines are being used by the UN to reduce the human population to 500 million. Many of the videos contain either false information or simply imply that something is bad without real reasoning.
I doubt that anyone would wish for the risks of vaccines to be hidden from the public, as long as they are shown in a manner that is realistic and in relation to the risks of not vaccinating. As I have said before in a thread above, vaccination isn't really about protecting the individual, its about public health, protecting the population and ensuring that the diseases that are being immunised against are controllable and have minimal impact. Vaccinations are cheap, treatment isnt, but in some cases the population is only really protected if you have 90%+ of the population immunised, as such people need to know that they really are risking others if they decide not to immunise their kids.
Videos and misinformation aside, I cant quite imagine what my reaction would be if I or my children where the ones living with the results of that minimal risk rather than with the benefits of the immunisation, if I may ask; would you counsel for or against the MMR if asked?
...will eventually lead YOU AND ME to pay for the medical and social costs... Immunisations are a public health measure, they are not intended to protect the individual, they are intended to protect society as a whole. If people decide not to get vaccinated (or worse prevent their children from being vaccinated) then the risk does not just effect them and their children but also anyone else who is either not able to be vaccinated (young children etc..) or for whom vaccination wasn't an option previously (the elderly).The fact that people are ignoring medical because they feel able to form their own opinions based on sound bites and media reports is very dangerous, but given that seemingly credible researchers are also spreading misleading information is even more so. The UK saw a major downturn in the uptake of the MMR vaccine recently due to a scare that linked the vaccine with autism, something later found to be false. The medical advice was that even if the initial report of the link was true, it would still be less dangerous to have the vaccine than not. Now I am sure that there were and will continue to be costs involved in dealing with effects of people not allowing their children to be immunised after this scare, but that is not what concerned me most, what concerned me was that, because a 95% immunisation rate is required for the measles element of the MMR to be fully effective and since only 80% (approx) was achieved due to refusals linked to this scare, for the first time in over a decade we saw measles related deaths and the number of people who caught the disease (and were therefore at risk of all the related complications) increased drastically.
Presumably the standard submitted was sufficient that any person wishing to do so could use it to create a standards compliant PDF viewer/writer without hitting any major technical or partially documented issues or ambiguous 'IP' concerns. The OOXML standard didn't fail because its a Microsoft format, or because it's proprietary, it failed because (reportedly) the standard document contained ambiguous elements and was insufficient in itself for a third party to fully implement the standard in their own applications.
Of course the various other shenanigans (such as alleged bribery attempts and quasi ballet stuffing) that plagued the OOXML submission probably haven't helped either.
First off, fair use doesn't exist everywhere, so for most people making a duplicate of a song, like any other work subject to copyright is an offence.
Secondly, you can state that taking a copy of something is stealing if you wish, that doesn't make the assertion valid, making an unauthorised copy is a violation of copyright, it is not stealing. My previous post covered most of why think that, and you have ignored most of it, but the point you took up is fairly important part of it. It does matter that the owner of a copy or the rights holder is not deprived of a copy, it makes the violation of copyright harder to spot and changes the way in which the victim of a breach of copyright (if you can use that phrase) feels the impact of the copying, this in turn changes method used to reclaim damages and the way in which damage can be assessed.
Copyright violations are wrong, they are illegal, they are not and should not be deemed as theft/stealing.
Here are some other things you could define as 'stealing',
Tax evasion (Deprives the state of cash so is stealing from the tax payer)
Littering (Costs the community money to clean up so is stealing from the community)
Insurance Fraud(Costs the insurer money so its stealing from your insurer)
In fact you could almost define every violation of the law as stealing in one way or another (less rape, murder and some traffic offences) but that doesn't make it accurate or right, call a spade a spade, that way people know what you mean.
1b. 'Intellectual Property' and actual property are so different as to make them incomparable, firstly actual property can be assigned a real value (usually the cost it would require to replace) which is usually determined by how scarce it is, intellectual property has no real value and its scarcity (or lack thereof) is defined artificially by whoever derives a benefit from it. Not to mention that the value of an idea or concept are impossible to accurately value unless you realise them.
1c. Rights are defined differently in different areas and are not the same when referring to real property or intellectual property, for example I can grow and sell potatoes, but my rights extend only to the potatoes up to the point of sale, I can't prevent you from selling them as chips to the public (a derivative work) or using them to grow more potatoes (copying). If I were selling a song or a book then I would have additional rights to that book even after you purchased it. As such rights in both fields are different.
Now as I said, I find the violation of copyright for the purposes of distribution reprehensible, I think it is probably more serious than 'stealing' (although less serious than piracy), but I would deem ripping a song so that it can be used on an MP3 player, or backing up DVD's so that they can be recovered if your 3 year old trashes them as reasonable acts (you would presumably consider both as stealing).
Equating a copyright violation with stealing is disingenuous and in my opinion rather stupid, there is too much difference between the two to make them easily comparable, a massive breach of copyright can be carried out with little or no preparation or skill and can cause significant losses without the recipient or the rights owner of the copied items being aware or concerned.
More importantly it is almost impossible to accidentally steal something (because you didn't realise you were doing it) in a manner that leaves no one out of pocket; the average person thinks that it is OK to rip the contents of a CD they own and place the contents onto an MP3 player, of course if copyright infringement is considered stealing then that person has stolen x number of songs, after all the MP3 player would now contain unlicensed copies, that person would be unlikely to realise that they had done anything wrong.
*Sigh* Good response.
The quote was Oh its 'a' measure, and if like BSD you can claim close to 0 vulnerabilities then that is a good indicator that the OS is secure, however it is worth nothing on its own. So I stated it is a single measure (and is not comprehensive or definite)
I stated having close to 0 vulnerabilities was a good indicator of security (but not proof of it)
I stated that such an indicator is worth nothing on its own.
Lets say you were looking at a list of potential employees for the post of CFO, on that list there are three names.
1) John Doe - 0 convictions for fraud
2) Jane Doe - 8 convictions for fraud
3) Jack Doe - 12 convictions for fraud
Does this list indicate that John is the safest person to employ? probably (you still need more information), does this list indicate that Jane is a safer bet than Jack? No, it indicates that both Jane and Jack are unsafe choices.
In the case of security vulnerabilities, it is much the same, they are not indicators of security, they are indicators of the opposite, vulnerability. The BSD case is unique as the number of vulnerabilities are negligible, they indicate that the OS has fewer flaws than any other, it does not prove that it is secure, it indicates that it may be more secure, however more information would still be needed to prove that.
Now, to turn this around a little, given that the current Mac / Linux vs Windows argument seems to some degree to include the caveat that since there are less Linux and Apple machines out there, one would expect to see less vulnerabilities (if the install base was larger and more lucrative there would be more found), and given that Vista's install base is small, you could use that same argument to suggest that as Vista gains in popularity more vulnerabilities will be identified. I tend to disagree with this because vulnerabilities are only single data points with regard to security, the underlying technology and other security mechanisms are at least as important when determining security.
So to conclude, I categorically do not believe that the number of security vulnerabilities identified in an OS are conclusive proof of a systems security, quite the reverse they are indicators of insecurity, although they can be used in conjunction with other data to give a rounded picture of OS security at any point in time.
Now, this thread is getting a little long, so if you wish to have a more direct discussion of the issues we are trying to address, I would be happy for you to send me a more complete and conclusive document outlining your views, with your consent I will then rebut anything I feel is inaccurate, inappropriate or false and then publish both your original and my rebuttal, Again with your consent I would be happy to make both of these documents available to my customers (and anyone else) so as to ensure that any advice I give with respect to these issues is both in context and transparent and also that an alternate viewpoint is available. My email is visible (albeit with some jiggery pokery) with these posts, as is info about my company, so you can contact me directly via any of the methods you find.
I would appreciate it though if when quoting me in order to inform me what my opinion is that you do so by quoting things n context rather than selectively.
...tends to refer to a building block made out of clay and they are all approximately the same size Hmm, not in my experience, I have 3 distinctly different sized bricks used within the four walls of my house, (I'd go and measure but that's a little too much effort) large ones (in length) used in the exterior walls, those are about 120 years old, smaller wider ones used within a partition wall around a 'hatch' (not half bricks mind you), and modern bricks (the kind Barrat type homes are made out of)where parts of my cellar have been bricked up. Now, I don't know when brick sizes were standardised but I guess its somewhere between 1900 and 1950. The hard part is getting replacement 1870's bricks of the same size and type (to repair ones that have split), mainly as they are expensive and hard to come by, I guess because most of the ones I have come across are reclaimed. If I didn't make it clear, I am in the UK.As to 'bricking' parts of a PC, you can, but you cant 'brick' a PC, it is always recoverable, (even if a single component is beyond economic repair) because replacement components are available, usually at considerably less than the cost of a replacement PC. I wouldn't consider a PC with a badly flashed BIOS 'bricked' any more than I would see one where heat has damaged the main board so as it requires replacement as 'bricked'. After all the PC is recoverable, a router however that has been badly flashed would require replacement or repair by the vendor.
It should also be noted that since this marketing team both carried out work and did so efficiently, it is clear that they were German.
As my sibling notes, and as a Brit, I would assume bricked (in a non IT context) to be analogous to knifed, bottled or booted, neither of which would indicate turning into the item used, but rather that the item was used in some manner that brought it into close, or often intimate proximity to the person being knifed, bottled or booted. However, I assume it is still considered poor form to use a whole brick when throwing it at an individual (half bricks do as much damage for half the cost in terms of energy and resource after all) so someone being halfbricked may be more appropriate.
In the IT field, rendering something beyond user repair would probably be considered as a definition of 'bricked' and frankly I wouldn't be surprised if this usage was of British origin (After all doesn't bricking mean that the device is now only useful as a brick? sounds like British humour, our colonial cousins would probably prefer to say that it was functionally impaired, or that it had died in service to its owner (or some other sentimental rubbish), not only that, I bet they'd try and sue the manufacturer for the emotional trauma of having had their electronic friend expire in such an appalling way..).
Anyway, given the definition as I understand it, I would see it as having some of the following possible synonym's for a Brit ; broken, knackered, dead, kaput, and that noise you make by inhaling air between your teeth (the last only applies if you are either an IT contractor or a customer facing employee involved in retail technology sales). I would probably go on to say that 'bricked' can only apply to non-user serviceable devices, I can brick my PDA, Routers and Digital Camera, (well if I was an idiot and didn't know what I was doing I could) but not my PC (as I can replace pretty much any part, hardware or software without needing to send it back to the manufacturer).
Oh, and 'it was about the size of a brick' doesn't sound like a phrase I have come across, but then maybe its because I know that there are many different sizes of bricks out there, now if someone could tell me why the bricks used to build my house (in 1870) are so damn expensive to replace and hard to find (in colour and size), Id be happy. In fact 'about the size of a brick' sounds like a suspiciously foreign phrase, possibly French, or German (I bet all the German bricks are the same size!), which would also tally with your slight misuse of shitting bricks (in a public forum a Brit giving an example would surely use '*they* were shitting bricks' (unless of course you are southern, which is almost French anyway)).
Thanks
I use Debian, frankly I can't remember when I last reinstalled the OS on my main desktop, sure I've dd'd my way to new hardware and update/upgraded along the way, but reinstall? Nope.
I agree that it does not render the MAc bricked, but I'd dispute that reinstalling an OS is routine. It might be simple, fast, easy etc.. but its not and shouldn't have to be routine.
I agree with you 100% if you use it, pay for it.
The only thing that slightly perturbs me in this case is the fact that a disgruntled employee / competitor has the potential to cause administrative stress for the company he/she has left (especially if the requirement to have receipts is correct). But then personally I wouldn't agree to an audit from the BSA (and nor would my board..) that would presumably be the end of it, primarily because there is no unlicensed software in use within my organisation and I doubt anyone would go so far as to lie to the police / judge etc.. in order for a warrant to be issued. After all I have a requirement to protect my networks and IT system from untrusted parties.
At least if you get a letter from the BSA or its local equivalent you can refuse to allow them to carry out an audit (the letter I received indicated that they would carry out the audit and then bill me for the service...). I assume that that is no different in the US.
Oh its 'a' measure, and if like BSD you can claim close to 0 vulnerabilities then that is a good indicator that the OS is secure, however it is worth nothing on its own. Security is not just about how many remote exploits there are, or how many bugs where found in XYZ, there are many many facets, an OS needs to address most of them. That includes things like sensible default configurations, sensible privilege escalation, usable GUI's, logging, ability to monitor, encryption. A large proportion of security issues for businesses come from inside their own networks, simple mistakes by a user can put massive holes into corporate security systems.
As an example, if I have a database that is totally secure in every sense against every type of local or remote attack known or conceived, it doesn't mean that that database is secure. If the database implements no sensible privilege system (so everyone is sa/root) and has no capability to log activity, then anyone with legitimate access can take what they want and get away with it. Sure you could argue that that isn't a vulnerability in the database, but it is, all risks that can be mitigated should be mitigated (if it is cost effective, you don't spend £1,000,000 to prevent a potential single £1 loss, but you would spend £1,000,000 to prevent 1,000,000 potential £1 loses, or a couple of potential £500,000 loss).
The key is providing that security, implementing it in a way that isn't a burden on your end users (or they'll ignore it, turn it off or try to bypass it) and allowing the end user to make their own decisions as to how much they require (so they can address the threats that they face, but can enable insecure actions if they feel a requirement to do so), all that with a good default configuration and you have a secure system (give or take).
Security vulnerability counts on their own, or with one or two other metrics are not sufficient to prove that something is secure. However organisations will happily point to a single metric if they feel it proves their case.
My prime concern with GM foods is the copyright / patent element, although this extends beyond GM foods into conventionally modified varieties as well. The fact that in many areas it is now a requirement that the crops grown come from licensed seed types and those types are owned by the suppliers not the grower may cause fairly large problems down the road.
The main issues I see (other than the ones you already pointed out) are the fact that 'heritage' varieties are being lost, simply because the new GM replacements have better guarantee's as to the end product, biodiversity is reduced which in turn makes large scale crop failures more likely (i.e. there is a single point of failure as all the plants are genetically similar, a single biological or environmental threat could destroy an entire crop). I would also suspect that monetizing this seed IP could well lead to higher seed prices (you get a higher yield after all) which may be an issue for smaller farmers, especially subsistence farmers.
AFAIK The health elements of GM seeds have not been fully investigated, nor will they be (no one investigated the health implications of new varieties created conventionally after all) so the potential for problems exists (the BSE crisis in the UK was caused in some degree by modern and more cost effective farming practices after all).
The biggest problem however is not with GM itself but the fact that it it now impossible to have a discussion about any remotely controversial scientific topic without it becoming a contest of marketing efforts, both sides (and there generally are only two that are heard) making false claims or overstating risks or benefits and most importantly trying to turn complex issues into soundbytes.
Ha, I think we are talking ourselves round in circles. Yes I think that Vista is not a benefit in terms of cost vs improvement to he business user (home being a different matter), and I include in that security improvements, I think I have detailed why earlier. I agree that XP doesn't inspire confidence, after all there have been so many blunders over the years that it'd be foolhardy to trust there to be no more, but we heard that SP1 and then SP2 (and now SP3) would address those issues, even though they didn't fully (SP2 certainly made significant advances). I would say though that Vista hasn't earned my trust nor should it have at this point, although it may over time. The whole re-write thing I would take with a pinch of salt, parts have certainly been re-written, other elements don't seem to have, or if they have been then they were re-written by the same people who wrote them the first time and with access to the original code, as demonstrated by the fact that there are still exploits that affect both Windows versions. Most importantly I find it difficult to separate the actual performance of the OS and the hype, both of which damages (in my view) any reputation that Vista is building. I also wouldn't categorise Vista as 'more' secure than Linux or OSX (I note you left off BSD) simply because its almost impossible to compare the two with any confidence or certainty, both can be maintained in a manner that is as secure as the other, but that bears no relation to real life deployments either. Last point (and it was my first point in this thread too), the number of vulnerabilities detected in an OS alone is not a good measure of security, it disregards many other key issues and fails to show anything other than how many issued have been detected *and* released to the public in a certain period, they do not indicate future performance and probably only represent 30% of the potential attack vectors in any case (with the user being the number 1 vector). Vista is certainly more secure than previous Microsoft OS's though.
I see vista as a possible step in the right direction, time will tell. If it does you will see faster migration to it by businesses, if not then the upgrades may happen as and when hardware life cycles allow, and only if the infrastructure is capable of supporting Vista clients.
Copyright violation really really isn't stealing.
I agree that if there is a problem it needs sorting out, preferably without anyone having to sue anyone, or any other court intervention, but its not the same a stealing something (arguably its worse) and should not be characterised as such, in this instance it is probably an accident, and may well be an accident on the part of whoever supplied the OS rather than ASUS. We, the F/LOSS community need to try at least to be a little less offensive when it comes to stuff like this. If there is a problem, talk about it, don't shoot first talk later, and the permanent cries of ha! GPL violation, we're going to sue!!! are also counter productive, I'm sure the FSF would agree that legal action is something of a last resort rather than an initial response.
OK, I can see where you are coming from then, I read quite a few of your posts in other areas and you seem quite a sensible kind of person, hence the fact I am continuing this debate and haven't resorted to offensive retorts to some of your more personal comments, however in this case I think you are wrong, and rather than busting FUD (Which is a rather noble aim) you are perpetuating a rather more optimistic view than is warranted, if I were you I would be aiming somewhere in between, i.e. realism.
My point was and is quite simple. Vista is more secure than XP, Vista is not as secure as it is claimed, Vista does not have sufficient benefits to make migration by businesses a realistic proposition at this time, there are a multitude of reasons to use Vista in certain very specific areas, or for specific roles but not as a general purpose OS across an entire business.
If you are a home user, an upgrade to Vista is probably a good recommendation, this is an area where the added security really can benefit the home user, however migration to Open Solaris, BSD, or GNU/Linux would provide the same security benefits, if not more for less cash investment (although probably more investment in terms of time and effort), Ubuntu, Kubuntu etc.. would all be suitable for the average 90% of home users for who the PC is an internet/wordprocessor/digital media store (and the XboX/PS2/pPS/Wii is the games console) and is easy to use and install on your current hardware.
Different OS's are better suited to different environments, IF I were setting up a call center where the primary requirement was the ability to see a web page and run a single application to manage dialling then I would be running an extremely stripped GNU/Linux or BSD environment there, no security or performance issues issues. If I were running a marketing company I'd probably run a smattering of Vista, Mac OSX and whatever the latest and greatest Desktop environment was on GNU/Linux. If I had a global corporation with 40,000 XP boxes and 1,000's of 2k3 servers, I'd leave well alone, at lewast until I needed to upgrade the hardware. If I were setting up a new business for someone else and they wanted windows, I'd use Vista.
I'm not anti-vista because I love XP and cant stand to see it go, I just don't see the value in upgrading at this point without some other compelling reason.
I cant seem to find any confirmation of the 275 killed statistic mentioned in the summary, nor the date from which tasers were approved for use in the US (I assume it will have been state by state..) but if its accurate, and the introduction is with the last 3-5 years then that is a fairly damning figure for a non-lethal weapon (its about the same as three years worth of police related deaths of any kind in the UK and that includes shootings of any type, suicide / other deaths in custody, car accidents etc..).
I suppose though that as a percentage of the number of people tasered in total that its a small number and as such maybe its not the taser that is the issue but the frequency of its use... Saying that I'd rather be tasered than shot, which I assume is the alternative in the US.
As an aside, has anyone else noticed how UK police are starting to look more and more aggressive? It seems that utility belts with military style pouches, stab vests, steel toe capped boots etc.. if worn in a suitably paramilitary fashion (with a high vis of course) really can cause an escalation in tension all on their own. I saw a policeman yesterday (in Tesco's getting himself a sandwich and a salad....) in what I remember from not too many years back as a policeman's uniform, i.e. black trousers, white shit, blue jumper (With 'Police' and loops for a radio on it), hat, shiny shoes etc. I realized that he didn't look even remotely aggressive, quite friendly and approachable. Maybe there would be some benefit in making our police look less tooled up and distant, I mean they can still carry their truncheons and pepper spray, maybe they could also get some slightly covert stab vests, basically anything to make them look less like they are looking for a fight, maybe that would be one way of starting to win back the trust and respect they claim to have lost (they could also start walking their beats rather than driving them, that way they might see a thing or two too.).
I'm not being defensive and I have agreed that Vista is most certainly more secure than XP. However when you claim that because X affects XP but not Vista and therefore Vista is obviously more secure, a rewrite and everything is rosy, I felt it necessary to point out that frankly you are wrong.
Now as I have previously pointed out, migration to Vista supported purely on security grounds, disregarding the multitude of other variables and issues that would impact a business during and after such a migration is simply infeasible. Moreover if you are pointing out that Business should be using Vista because of the rewrite, and its apparent massive benefits, then that argument has been significantly weakened by the fact that almost half of all the issues that have hit XP since Vista's release also had an impact on Vista. In my opinion this indicates that the rewrite wasn't enough of a rewrite, and more likely a code review, using the same code but auditing it some limited fashion prior to inclusion.
To answer your question about whether I find it painful that Vista is more secure, I would say no I don't, I find it painful that the information regarding security in Vista is being pushed in such an over zealous way that if close scrutiny is applied to the information being circulated, it it falls apart. The credibility of such information starts to become suspect, and as such vista's credentials as a secure OS become suspect (unfairly so). I do not have any stake in XP's continued domination in the business nor in Vista's success or failure in supplanting XP on the corporate desktop, I do wonder however why you feel the need to press the issue so forcefully.
Finally, do you actually have an argument or explanation that explains why your single data point is more valid than my six, and also how those six vulnerabilities that escaped removal in the rewrite and policy introductions should shape the business communities views on the validity of the processes apparently in place to prevent such incidents?