Having witnessed the damage caused by a line break in a very small 800 psi gas line, I can only imagine what kind of damage could be wrought with an open line of 4350 psi. No, I'm not talking about fiery explosions and the like...I'm talking about enough pressure concentrated in a small area to cut metal and sever limbs.
It appears that Amazon may, in fact, be within their legal rights to do this, according to this legal interpretation of Amazon policy:
On the final webpage before completing a purchase, Amazon.com states that "[w]hen you click the 'Place your order' button, we'll send you an e-mail message acknowledging receipt of your order. Your contract to purchase an item will not be complete until we send you an e-mail notifying you that the item has been shipped."16 This communicates that the buyer, by proceeding through the shopping cart system and placing an order, is making an offer that will form a contract only after vendor acceptance.
Look, I'm certainly not an apologist for Cox. But I've fought this same battle for many years with several different ISPs, and it's a losing battle. And I found this little gem amusing as well:
I'm paying for my bandwith, why can't I use it for what I want?
I think that comment pretty much sums this up as a non-story about a petulant user who is pissed that he can't get around Cox's roadblocks. I won't say it's been a waste of my time, though, as I'm sitting here posting a response. I find it amusing that there are still people out there trying to fight this silly battle. They came for port 25, and...well, you know the rest of the tale.
It's not clear to me that Cox actually scanned the message body in its determination that the e-mail in question was spam. There could have been any number of indicators that caused Cox to reject the outbound message.
I also note that Cox's TOS specifically prohibits the hosting of servers:
Servers. You may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server-like functionality in connection with the Service, unless expressly authorized by Cox.
A more accurate title for this story would be: "User in violation of Cox TOS upset over Cox efforts to enforce TOS."
My advice to said user? Buck up and get business-level service, or find yourself a real hosting service for your mail server.
Of course, it goes without saying that IANAL. However, I do have some personal experience with irrevocable trusts. And they are, for all intents and purposes, irrevocable. But the difference here is that an irrevocable trust explicitly states that it's irrevocable (and, BTW, it's not a contract, same as the GPL). The GPL relies on implicit smoke and mirrors to ensure its irrevocability.
That's too bad...it would have just been simple to have explicitly stated it in the GPL, rather than leaving it up to judicial interpretation.
Of course, there's also the practical implications of all this: Once something escapes to the Internet, it's there for perpetuity. So I do question the wisdom of someone who thinks they can actually delete something off the Internet.
Still, I don't believe this issue is as cut and dry as the FSF legal minds would have everyone to believe.
Just curious, but have you ever tried making it at home NOW? These days they have some pretty spiffy ice cream makers in the $40 range.
We pass up the fancy-schmancy ice cream makers and make paint-can ice cream:
1) Fill paint can with ice water/salt 2) Fill ziplock bag with ice cream ingredients 3) Ziplock bag into paint can, pound on lid 4) Let kids play soccer with it 5) Eat and enjoy!
...who programs GM computers for performance applications, I'll buy into GM "embracing" open source when they release the programming specs and memory layout for their PCMs, ECMs, and TCMs (powertrain, engine, and transmission control modules). Short of that, their use of WordPress really doesn't impress me (pun intended).
Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer.
Wait a second...this so-called "privacy breach" requires a user to sign up,give away personal information, and download and install software?
Oh, the horror!
Give...me...a...freaking...BREAK! Whining and bitching because someone is too lazy to read a 54-page privacy document? Intimidated by such a beast? Then DON'T INSTALL THE SOFTWARE!
If there ever was a story that needed to be tagged "nothing to see here, move along," this is it. When will the public wake up and figure out that they expose themselves to nefarious evil-whoring overloads whenever they download and install unknown software from the Internet?
I worked for Sears (retail) for about 4 years. I never experienced any of the issues related here, which just goes to show you that there are always both sides of the story.
In fact, the Sears I worked at (in Houston) went out of their way to accommodate us (most of us high school or college students at the time). The supervisors were, for the most part, reasonable to work with, and nobody put undue demands on us to perform. I wasn't commissioned sales, but I probably knew everybody in the store, and I don't recall anybody relating horror stories like those mentioned already.
I'm not saying the stories related here didn't happen...but let's be fair: Mod up four or five "negative" stories without counterbalance?
Considering that the wholesale cost for a registrar to purchase a domain name is approximately USD6, I doubt it'll be a registrar that will be in existence in the near future.
Then using this logic, it would be appropriate and fair for Secunia to list every project that is using PHP with the tainted function. Hundreds? Thousands? Tens of thousands? Where are those vulnerability reports?
Again, this goes back to my argument that Secunia simply cherry-picks its reports, penalizing those projects that are most open with their changelogs and issue tracking, often listing so-called "vulnerabilities" after said vulnerabilities have already been addressed (as in this case).
Is Secunia presenting slanted information with the expectation it will be misused?
Here's one even better: We use GeSHi (Generic Syntax Highlighter) in WikkaWiki. We often scour the so-called "security vulnerability" databases because we've found many inaccuracies. In this specific case, Secunia issued this statement:
> we noticed the following entry in the changelog for GeSHi 1.0.7.18 and > are about to issue an advisory based on this information. > > "Committed security fix for htmlspecialchars vulnerability. Also makes > supporting multiple languages a lot easier" > http://sourceforge.net/project/shownotes.php?release_id=489035 > > To serve our mutual customers best we would appreciate to receive your > comments on this issue before we publish our advisory.
WTF? This was a vulnerability in PHP's htmlspecialchars() function, NOT GeSHi. Yet, Secunia was planning on milking this vulnerability in order to boost its "vulnerability count" at the expense of a project that had absolutely NOTHING to do with the vulnerability.
You see, these so-called "vulnerability experts" try to wring out as many vulnerabilities as possible, because we all know that the most effective "vulnerability expert" will be the one with the most posted vulnerabilities. So they go on fishing expeditions to uncover vulnerabilities that really don't exist.
Or an even worse practice: "bottom-fishing" changelogs and bug trackers in order to discover vulnerabilities that have already been addressed. Here's another instance where Secunia was caught trying to boost its street cred through disingenuous reporting: They apparently scoured our bug tracking database and discovered an issue (already fixed!) and falsely implied in their report that the content of wiki pages marked private might be accessible via RSS. This was clearly false, as the original bug report indicated that the page name (not content) could be accessed. Secunia later corrected the false report.
We've caught Secunia doing this on several occasions. My advice to anyone who is involved in an OSS project is to regularly scour the vulnerability databases and challenge each and every advisory that you believe is not accurate. You might be surprised at the amount of so-called "vulnerability intelligence" out there that is blatantly false, outdated, or inaccurate.
and this doesn't give me confidence in the SM team
Then you should probably stay away from Debian, Sendmail, Apache, or...well, hell, just stay away from Open Source, period, if a server/distro compromise is the measuring stick you use to measure "confidence."
I work at a school district in IT, and I can assure you that some (too many) teachers can barely teach, let alone manage to run a classroom with computers.
I work at a school district as a math teacher. I also have several years of experience in IT industry, and have a master's degree in CS. I can assure you that *most* of our IT people know little to nothing about anything that doesn't involve Microsoft or Novell. Which means I just deal with IT problems myself, because I can usually *not* count on getting any level of help beyond the simple scripted responses one gets when they e-mail technical support.
Why do I bring this up? Because this sword you swing cuts both ways: I'm *definitely* not one of the teachers you describe, and *you* definitely don't sound like one of the IT people I describe. I think it's fair to say that not many teachers *or* school district IT employees are what you and I would describe as "computer literate beyond the most basic level."
BTW, your comment about installing software leads me to believe that this student may have also violated an AUP that specifically prohibits the installation of programs other than those endoresed by the school district. Regardless of how one reads "installation," it's a safe bet that no one would argue that copying an.exe to a Windows drive, even if it does not access the registry, constitutes "installation."
But now we have a situation where by posing as a registrar, they can speculate at pennies per year per domain -- which makes it economic for them to sit on vast farms of domains.
You might be interested to know that registrars pay USD6.42 for a.com domain name (USD4.85 for a.net domain name) from Verisign. So a 1,000,000 domain-name portfolio doesn't come cheap!
Setting up a registrar requires a significant up-front security (either actual cash or letter of credit) equal to the number of anticipated monthly registrations x the number of years x the USD registration fee. In addition, you must pay ICANN about $10,000/year for accreditation, and demonstrate at least USD70,000 in working capital. It is not a trivial undertaking.
What many speculators do is "test-drive" domains by taking advantage of the 5-day grace period that Verisign allows before a domain name must be paid for. Even then, a registrar will pay $6.42 to continue to hold onto a domain after the grace period.
What a silly, inaccurate post. Despite what the parent is inferring, no ICANN-accredited registrar can simply steal a domain name you rightfully own and appropriate it for themselves or someone else. A "throwaway domain"? What, exactly, is that? A domain I register might be very dear to me, and I certainly wouldn't consider it a "throwaway domain." Properly registered and locked against transfer, it doesn't really matter what registrar you use.
Sure, there are differing levels of customer service, but other than that, there is simply nothing to support the parent's claims.
There might even be some libelous elements to the parent post, considering that the parent has not provided any evidence that supports his claims.
C'mon, moderators. Don't fall victim to slashthink.
One difference between scalping and speculation is that scalping, by its very definition (selling something at a value greater than face value) benefits the seller only one time. After the sale, the previous owner no longer benefits from the item scalped.
Speculation, OTOH, can enable a speculator to derive a continuous flow of income from whatever it is they are speculating on. A real estate speculator may derive cash flow from leases, or might parcel a piece of real estate and sell off over a period of time, taking advantage of appreciation along the way.
A domain name speculator may derive cash flow from clickthroughs on their domain name portfolio.
So what, exactly, is so wrong with selling something for more than face value? Isn't this the exact principle that free enterprise is built upon: You sell something for more than its worth in order to derive a profit or benefit. Tickets, widgets, or garage sale items: It's all the same in the end.
I always get a chuckle at the slashthink that surrounds the topic of domain name speculation, because there are very few arguments ever offered that logically support the argument that domain name speculation is "a bad thing."
BTW, I am not a domain name speculator (or squatter, or whatever you want to call it). I just find the arguments against the practice specious, disingenuous, and trivial.
Stocks - you buy it and a company gets an investment to spend and improve their business
A publicly-owned corporation does not benefit directly from the machinations of the stock market. When you buy a stock (except in the case of an IPO or reissue), you do not enrich the company.
Gold - meh, we don't need it, everything is based on 1s and 0s. No-one misses it if you 'buy' some and it remains sitting in some bank vault somewhere
You don't need it, maybe. But millions are made on precious metal speculation, so someone is benefiting..
Coins/stamps - Millions of almost identical ones. To most people they don't have much value or use.
Just as a personal domain name doesn't have much use for most people (other than perhaps the domain owner)?
Art - it was designed to be collected and displayed
Really? Care to provide a resource for this?
Domains - squatters (which is what they are) don't improve it after they buy it. In real estate terms they leave it to rot with minimal attention and invest nothing in it
It doesn't appear your arguments support your conclusion. Please try again, and this time let's not engage in slashthink.
Those of you who will mod me down for this know, deep in your hearts, that I'm right, but just can't get over the fact that someone else thought of the idea before you did.
While you're at it, you should try to save some time and just do away with all types of speculation (real estate, stocks, arbitrage, gold, coins, stamps, art, etc.). Or maybe there's some significant difference between domain name speculation and other types of speculation (all of which are quite legal, BTW)?
Slashdot Mirror
Having witnessed the damage caused by a line break in a very small 800 psi gas line, I can only imagine what kind of damage could be wrought with an open line of 4350 psi. No, I'm not talking about fiery explosions and the like...I'm talking about enough pressure concentrated in a small area to cut metal and sever limbs.
No contract, no legal obligation to deliver. Shitty customer service? Sure. But that's an argument for another day.
If this study is representative, then I'd say it's rather widespread.
(For those too lazy to RTFA, this study estimates 1-2% of the content in Medline is duplicated to some degree.)
I think that comment pretty much sums this up as a non-story about a petulant user who is pissed that he can't get around Cox's roadblocks. I won't say it's been a waste of my time, though, as I'm sitting here posting a response. I find it amusing that there are still people out there trying to fight this silly battle. They came for port 25, and...well, you know the rest of the tale.
I also note that Cox's TOS specifically prohibits the hosting of servers:
A more accurate title for this story would be: "User in violation of Cox TOS upset over Cox efforts to enforce TOS."
My advice to said user? Buck up and get business-level service, or find yourself a real hosting service for your mail server.
Of course, it goes without saying that IANAL. However, I do have some personal experience with irrevocable trusts. And they are, for all intents and purposes, irrevocable. But the difference here is that an irrevocable trust explicitly states that it's irrevocable (and, BTW, it's not a contract, same as the GPL). The GPL relies on implicit smoke and mirrors to ensure its irrevocability.
That's too bad...it would have just been simple to have explicitly stated it in the GPL, rather than leaving it up to judicial interpretation.
Of course, there's also the practical implications of all this: Once something escapes to the Internet, it's there for perpetuity. So I do question the wisdom of someone who thinks they can actually delete something off the Internet.
Still, I don't believe this issue is as cut and dry as the FSF legal minds would have everyone to believe.
Just curious, but have you ever tried making it at home NOW? These days they have some pretty spiffy ice cream makers in the $40 range.
We pass up the fancy-schmancy ice cream makers and make paint-can ice cream:
1) Fill paint can with ice water/salt
2) Fill ziplock bag with ice cream ingredients
3) Ziplock bag into paint can, pound on lid
4) Let kids play soccer with it
5) Eat and enjoy!
You can friend people along with creating profiles
Huh? You mean I have to RTFA to figure out what this means?
Where's a grammar Nazi when you need them most...
...who programs GM computers for performance applications, I'll buy into GM "embracing" open source when they release the programming specs and memory layout for their PCMs, ECMs, and TCMs (powertrain, engine, and transmission control modules). Short of that, their use of WordPress really doesn't impress me (pun intended).
From TFA:
Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer.
Wait a second...this so-called "privacy breach" requires a user to sign up, give away personal information, and download and install software?
Oh, the horror!
Give...me...a...freaking...BREAK! Whining and bitching because someone is too lazy to read a 54-page privacy document? Intimidated by such a beast? Then DON'T INSTALL THE SOFTWARE!
If there ever was a story that needed to be tagged "nothing to see here, move along," this is it. When will the public wake up and figure out that they expose themselves to nefarious evil-whoring overloads whenever they download and install unknown software from the Internet?
I worked for Sears (retail) for about 4 years. I never experienced any of the issues related here, which just goes to show you that there are always both sides of the story.
/. What am I thinking...
In fact, the Sears I worked at (in Houston) went out of their way to accommodate us (most of us high school or college students at the time). The supervisors were, for the most part, reasonable to work with, and nobody put undue demands on us to perform. I wasn't commissioned sales, but I probably knew everybody in the store, and I don't recall anybody relating horror stories like those mentioned already.
I'm not saying the stories related here didn't happen...but let's be fair: Mod up four or five "negative" stories without counterbalance?
Oh, wait, this is
What registrar registers a domain for $2?
Considering that the wholesale cost for a registrar to purchase a domain name is approximately USD6, I doubt it'll be a registrar that will be in existence in the near future.
So, IOW, careful application of DeMorgan's Theorem results in the simplification of some of Wolfram's functions.
And the impact of this is...what, exactly? Aren't the original functions and new functions still equivalent?
Then using this logic, it would be appropriate and fair for Secunia to list every project that is using PHP with the tainted function. Hundreds? Thousands? Tens of thousands? Where are those vulnerability reports?
Again, this goes back to my argument that Secunia simply cherry-picks its reports, penalizing those projects that are most open with their changelogs and issue tracking, often listing so-called "vulnerabilities" after said vulnerabilities have already been addressed (as in this case).
Here's one even better: We use GeSHi (Generic Syntax Highlighter) in WikkaWiki. We often scour the so-called "security vulnerability" databases because we've found many inaccuracies. In this specific case, Secunia issued this statement:
WTF? This was a vulnerability in PHP's htmlspecialchars() function, NOT GeSHi. Yet, Secunia was planning on milking this vulnerability in order to boost its "vulnerability count" at the expense of a project that had absolutely NOTHING to do with the vulnerability.
You see, these so-called "vulnerability experts" try to wring out as many vulnerabilities as possible, because we all know that the most effective "vulnerability expert" will be the one with the most posted vulnerabilities. So they go on fishing expeditions to uncover vulnerabilities that really don't exist.
Or an even worse practice: "bottom-fishing" changelogs and bug trackers in order to discover vulnerabilities that have already been addressed. Here's another instance where Secunia was caught trying to boost its street cred through disingenuous reporting: They apparently scoured our bug tracking database and discovered an issue (already fixed!) and falsely implied in their report that the content of wiki pages marked private might be accessible via RSS. This was clearly false, as the original bug report indicated that the page name (not content) could be accessed. Secunia later corrected the false report.
We've caught Secunia doing this on several occasions. My advice to anyone who is involved in an OSS project is to regularly scour the vulnerability databases and challenge each and every advisory that you believe is not accurate. You might be surprised at the amount of so-called "vulnerability intelligence" out there that is blatantly false, outdated, or inaccurate.
...Acme brand laptops. For some reason, they seem impervious to bricking.
and this doesn't give me confidence in the SM team
Then you should probably stay away from Debian, Sendmail, Apache, or...well, hell, just stay away from Open Source, period, if a server/distro compromise is the measuring stick you use to measure "confidence."
I work at a school district in IT, and I can assure you that some (too many) teachers can barely teach, let alone manage to run a classroom with computers.
.exe to a Windows drive, even if it does not access the registry, constitutes "installation."
I work at a school district as a math teacher. I also have several years of experience in IT industry, and have a master's degree in CS. I can assure you that *most* of our IT people know little to nothing about anything that doesn't involve Microsoft or Novell. Which means I just deal with IT problems myself, because I can usually *not* count on getting any level of help beyond the simple scripted responses one gets when they e-mail technical support.
Why do I bring this up? Because this sword you swing cuts both ways: I'm *definitely* not one of the teachers you describe, and *you* definitely don't sound like one of the IT people I describe. I think it's fair to say that not many teachers *or* school district IT employees are what you and I would describe as "computer literate beyond the most basic level."
BTW, your comment about installing software leads me to believe that this student may have also violated an AUP that specifically prohibits the installation of programs other than those endoresed by the school district. Regardless of how one reads "installation," it's a safe bet that no one would argue that copying an
But now we have a situation where by posing as a registrar, they can speculate at pennies per year per domain -- which makes it economic for them to sit on vast farms of domains.
.com domain name (USD4.85 for a .net domain name) from Verisign. So a 1,000,000 domain-name portfolio doesn't come cheap!
You might be interested to know that registrars pay USD6.42 for a
Setting up a registrar requires a significant up-front security (either actual cash or letter of credit) equal to the number of anticipated monthly registrations x the number of years x the USD registration fee. In addition, you must pay ICANN about $10,000/year for accreditation, and demonstrate at least USD70,000 in working capital. It is not a trivial undertaking.
What many speculators do is "test-drive" domains by taking advantage of the 5-day grace period that Verisign allows before a domain name must be paid for. Even then, a registrar will pay $6.42 to continue to hold onto a domain after the grace period.
Sorry...parent is "implying," not "inferring."
The Grammar Nazi can rest easy now...
What a silly, inaccurate post. Despite what the parent is inferring, no ICANN-accredited registrar can simply steal a domain name you rightfully own and appropriate it for themselves or someone else. A "throwaway domain"? What, exactly, is that? A domain I register might be very dear to me, and I certainly wouldn't consider it a "throwaway domain." Properly registered and locked against transfer, it doesn't really matter what registrar you use.
Sure, there are differing levels of customer service, but other than that, there is simply nothing to support the parent's claims.
There might even be some libelous elements to the parent post, considering that the parent has not provided any evidence that supports his claims.
C'mon, moderators. Don't fall victim to slashthink.
One difference between scalping and speculation is that scalping, by its very definition (selling something at a value greater than face value) benefits the seller only one time. After the sale, the previous owner no longer benefits from the item scalped.
Speculation, OTOH, can enable a speculator to derive a continuous flow of income from whatever it is they are speculating on. A real estate speculator may derive cash flow from leases, or might parcel a piece of real estate and sell off over a period of time, taking advantage of appreciation along the way.
A domain name speculator may derive cash flow from clickthroughs on their domain name portfolio.
So what, exactly, is so wrong with selling something for more than face value? Isn't this the exact principle that free enterprise is built upon: You sell something for more than its worth in order to derive a profit or benefit. Tickets, widgets, or garage sale items: It's all the same in the end.
I always get a chuckle at the slashthink that surrounds the topic of domain name speculation, because there are very few arguments ever offered that logically support the argument that domain name speculation is "a bad thing."
BTW, I am not a domain name speculator (or squatter, or whatever you want to call it). I just find the arguments against the practice specious, disingenuous, and trivial.
Real Estate - you can buy it, improve it, sell it on to someone who is unable to improve it themselves
Or, you can hold on to it, prevent it from being used by anyone else in the hopes that its value will appreciate or that you will gain some indirect benefits.
Stocks - you buy it and a company gets an investment to spend and improve their business
A publicly-owned corporation does not benefit directly from the machinations of the stock market. When you buy a stock (except in the case of an IPO or reissue), you do not enrich the company.
Gold - meh, we don't need it, everything is based on 1s and 0s. No-one misses it if you 'buy' some and it remains sitting in some bank vault somewhere
You don't need it, maybe. But millions are made on precious metal speculation, so someone is benefiting..
Coins/stamps - Millions of almost identical ones. To most people they don't have much value or use.
Just as a personal domain name doesn't have much use for most people (other than perhaps the domain owner)?
Art - it was designed to be collected and displayed
Really? Care to provide a resource for this?
Domains - squatters (which is what they are) don't improve it after they buy it. In real estate terms they leave it to rot with minimal attention and invest nothing in it
It doesn't appear your arguments support your conclusion. Please try again, and this time let's not engage in slashthink.
Those of you who will mod me down for this know, deep in your hearts, that I'm right, but just can't get over the fact that someone else thought of the idea before you did.
Point is proven.
Domain name farming should be killed.
While you're at it, you should try to save some time and just do away with all types of speculation (real estate, stocks, arbitrage, gold, coins, stamps, art, etc.). Or maybe there's some significant difference between domain name speculation and other types of speculation (all of which are quite legal, BTW)?