Bullshit. Proxies handle HTTPS all the time. They can do all kinds of things with it, like see what the outbound IP is, what internal machine it comes from, how much bandwidth is being used (approximate, with an upper bound, but still), what port it's going to (usually 443 of course), how long the connection stays open, and so forth. It can log all that info. It can block connections to undesirable (because of malware / inappropriate user of resources / illegal / whatever) hosts. It can raise flags in the case of too many connections, or too much data, or data at unusual times, or... you get the idea.
A proxy just routes all the connections through one machine. It doesn't imply a need to be able to read data that flows over those connections. Some *uses* of proxies to require that ability - for example, anti-exfiltration systems that look for sensitive data somebody is trying to sneak out - but those can be fooled by concealing / encrypting the data at the application layer anyhow.
So... did you blow the whistle on them? Item A, I mean. If my employer blatantly lied to me like that, I'd damn well have walked out of that job and into a courtroom over it.
Of course, I live in the US, which has a well-deserved reputation for litigiousness. Also, where that kind of shit is generally considered legal anyhow. On the other hand, I *do* have the skills needed to check and see if they're doing it, and so far, that hasn't been a problem. Hell, at my current employer, we have to use a VPN (yes, even on our company-issued machines in the company office) if we want to access *internal* resources. Everything else goes out directly.
There's also the (experimental, draft, whatever" standard of "HTTP Public Key Pinning". Same idea as HTTP Strict Transport Security (which is becoming more widely supported, though not yet widely implemented server-side), but where HSTS merely requires that future connections to a given site must be over HTTPS (this blocks things like SSL stripping), HPKP requires that for a connection to the site to be trusted (now or in the future), the thumbprint of its public key (or that of the signing cert, perhaps, for agility) must be as specified in the header.
Of course, like HSTS, it's a trust-on-first-use scenario; if the proxy begins editing the HPKP headers (which it could do easily; just set them to the cert it's using to intercept all your connections), everything will appear fine until/unless you try connecting *without* that proxy in the way. Of course, if HPKP is implemented (in both client and server) before the proxy learns to handle it, you're going to get a whole lot of certificate errors...
When MS was developing their GPU acceleration for IE, it was a complete shitshow. Tons of very common drivers (the current ones for about half of the at-the-time dominant GeForce 8x00 series, if I remember the story right) were buggy, and would either cause glitches or just not render anything at all. A few others failed in other interesting ways, including crashing the browser.
They were able to get on NVidia's case and demand updated drivers that weren't shit, at least for that particular application. Google could probably do the same on Windows, and indeed may have done so (I know more 'softies than Googlers). But for Linux? Good luck. The open-source drivers would probably get fixed pretty fast for common cards, but obscure ones might take ages and the proprietary ones might never.
I think it was MS who had a bug in the past where if I got a certificate issues for "google.com\0.attacker.com", I could present that certificate for a request to "google.com" (due to DNS hijacking or a MitM attack) and it would pass validation because the CN was handled as a C-style string and treated the null byte as a terminator. Fixed long ago, but still. People have been messing up cert validation for as long as it's been around.
The scary thing is how many mobile apps just don't *do* cert validation. Either it's completely disabled, or they crippled it in some way (I've seen both not checking the trust chain and not checking that the cert is valid for the target site). The usual reasons are "oh, we just did that for testing" (but I'm looking at your release version...) or "yeah, one of the servers it connects to uses a self-signed cert" (fine, add explicit trust *for that cert* but don't just disable chain-of-trust checks!) Another common problem is leaving completely broken or outdated options enabled (export ciphers - 40-bit symmetric crypto, easily breakable with a home PC - ot SSLv2 or other such similarly stupid things). Even if your platform/framework/library has a perfectly bug-free TLS implementation, few people ever seem to actually use it correctly.
Took me a moment to realize you were talking about fuel cells in the "36%" part; maybe you forgot a few words? Anyhow, no worry.
Yeah, heat-based engines have pretty poor efficiency. We just can't get the "cold side" to be very low in practice. I'm not sure if we'll ever really beat this problem. There are lots of other systems out there, though...
Mind you, electrics have their own host of inefficiencies. There's resistive losses (both within and outside the battery), losses to regulation circuitry, some of the same drivetrain losses as a car (avoiding a conventional transmission surely helps, but there is still some friction in the moving bits, as always), and probably a ton of other things I haven't thought of. I can well believe the inefficiencies of a conventional ICE-based car are several times as bad as those of an electric, though, which means a factor of 5x improvement in battery capacity could let batteries substantially beat hydrocarbon fuels on a usable-energy-per-volume metric, and be within one order of magnitude on mass as well.
With the sole exception of WP7 (which received three major updates - NoDo (sometimes called 7.1), Mango (7.5), and 7.8 - and a number of small ones (security fixes and the like), I really don't see how you can argue that at all. OK, there's the Kin, which sold horribly (arguably, both MS and Verizon were *trying* to kill it by the end) and was discontinued immediately; I don't know what (if any) updates it got. However, Zunes all received plenty of updates. Xboxes of all generations received updates. WP8 has received three updates so far and it is confirmed all of them will get WP8.1 as well. Windows RT devices receive both the standard Windows patch Tuesday updates, and have received a number of firmware updates; they also got the 8.1 update.
At this point in iOS's life cycle, its devices didn't get updates past two years since release either. Microsoft is doing just fine on updates. The only place Apple has an advantage over them is the ability to force updates out without letting the carriers dither and sit on them for months (which some carriers have done for a few WP updates, to be sure). However, since WP8 update 3 went RTM, MS has allowed people to opt into receiving updates immediately, bypassing the OEM and carrier update processes.
No it can't. It can be used in non-free ways, but your contributions, and the code base you were contributing to, will forever be free. You can't retroactively close source and make something proprietary. You (or somebody else) will always be able to take that code and do something free with it.
Not at all. It could just be boring. Also possibly terrifying (but not actually dangerous and hence not "bad"), although some people would find that "cool", I guess...
As in, "Hey, lets go for a joyride!" "Sounds good, anywhere in particular?" "Nah, I've got it covered though" *pushes button* "Siri, directions to the nearest 7-11"?
... 600/mo is pretty standard around here. I don't know where you are, maybe that's high for rent + utilities + whatever other services you get, but it would be considered quite reasonable many places. I pay more than that on rent alone, and live not far from a university campus
Also, with the prices you game, tuition still comes out to be more than housing. Just saying...
Actually, astrology should be pretty falsifiable. I realize it's full of weasel-wording and vagueness, but there still must be claims that can be compared against a control group who doesn't know their "sign" and doesn't give a damn. You don't even need to demonstrate that the claims are *wrong*, per se - although it'd be great if you could - just that they apply equally well to people of other "signs" and/or to people who don't know (depending on whether the claim is a suggestion that you should do something, or that something will happen).
We have good statistical models for determining whether something is differentiable from randomness, and even better ones for determining whether two groups of events can be said to differ from one another to any degree of confidence. If you want to claim that (for example) two particular astrological signs are more romantically compatible, that should be a dead easy thing to statistically test. Eliminate those couples where either partner paid any attention to astrology, if you want to avoid the risk of that biasing the results.
This type of statistical analyses of populations is the standard approach of the social sciences. With large enough sample sizes, the error can be very low, comparable to that of observational or "hard" science. For that matter, past a certain point, physics is all statistical modeling anyhow. This is not a bad thing; it's how science works.
Some cheese, yogurt, and meat will get your gut back to its old self at least as well as any so-called "probiotic" will. I took such things only for a very short period of my life, while traveling in an area where a lot of the food was unhealthy and could make you sick constantly (diarrhea mostly, but not exclusively), and there wasn't much access to "natural" sources of gut bacteria to replace what we were losing. With that said, I doubt it made any difference, or at least any positive one.
I will also grant that some people can't eat the foods mentioned above, or the handful of other helpful ones. For them, bacteria-in-a-pill (sounds so much less pleasant than "probiotics", doesn't it?) may be what they need. There's no justification for a mass market of the things, though!
It has nothing to do with organicness. It's simply that produce which is grown "organically" typically has a much shorter shelf life (this is not to say that the ways mass-market produce gets an extended shelf life are good, mind you) and consequently must be picked ripe and sold immediately. Mass-market produce is picked quite unripe and transported long distances, "ripening" (to the extent that they can) in transit, in storage, or simply on the shelves (or, considering the unripeness of a lot of what's on the shelves, on *my* shelves at home). That's what causes the taste difference.
If you don't believe me, go look up some studies. People have done double-blind taste tests, and found that the "organicness" of food was undetectable, while picking it ripe and eating it quickly made all the difference. Or heck, go find out for yourself! There's almost certainly a farmer's market near where you live, it's probably cheaper than Whole Foods, and you'll find it's just as good.
Ah, but if one company needs to invest in researchers and designers and architects, and the other doesn't, the other can spend more money hiring good software developers (and reverse engineers, admittedly, but I can RE in one afternoon an algorithm that took months of work to develop). So there's no guarantee that the first mover will have the better software. They will of course still have the first-mover advantage, but that doesn't guarantee success.
Personally, I favor a compromise. The computer industry moves really fast. A year or so of R&D should not result in a patent that will be in effect for the next 5-10 generations of software and hardware. "Reinvented... ON A COMPUTER!" absolutely should not. But there's something to be said for a short-term protection. Two or three years, maybe five at most, would give people plenty of time to profit from their R&D (before the fast pace of the industry obsoletes them) while still allowing the industry to build on those patented "inventions" and bring new products to market a few years later even if the don't want to pay the licensing costs (note that they could certainly *begin* development prior to the patent expiring, just not release a product using it). Obviously (well, to most people) this should not apply to applications that simply digitize existing algorithms, either, but there's a lot to be said for rewarding the ability to develop new solutions to problems (or creating new markets where people hadn't thought it was possible at all) with a short-term monopoly. Reverse engineering really is quite easy.
You're free to use either one the way you want. You're free to modify either one the way you want.
One of them, you're free to relicense a fork of the code (even as proprietary) if you want. The other one, you can know that any code you contribute to it will forever be free.
They are both "free". They are different flavors of free, but they are both free in every way that matters to users. The *only* difference is in the way you can re-distribute them. That is a licensing (specifically, a matter of the copyright license) issue.
If you claim that BSD, or MIT, or even something like MS-PL are "not free"... well, you're crazy. Also, a prime example of the problems I was talking about at the start of the thread.
I see nothing ad-hominem about pointing out that the leader of one of the organizations in question has frequently gone on the record attacking major projects supported by members of the other organization, and attacking those members' ethics in general. There was an article just a few days ago about Stallman denouncing LLVM/Clang, despite its technical merits and open-source nature, because it's not his preferred *flavor* of "free software". Never mind that just as anybody can fork it and make the fork proprietary, so can anybody fork it and make the fork copyleft. Also never mind that there are plenty of examples closing permissively-licensed software and having the open-source version (which may or may not have been relicensed copyleft) win anyhow.
Zealotry can have it's uses, but that doesn't mean that the zealots are right. It doesn't mean they're wrong, either. Some of Stallman's predictions have come eerily accurate. Others have been way off the mark. I'm of the opinion that cooperation and technical excellence in open-source development, regardless of whether or not it's copyleft, is more important than dividing the community over licensing issues. Stallman disagrees. This is an issue between the OSI and the FSF. That's not ad-hominem, it's a statement of fact pertinent to the discussion at hand.
But hey, if *you* want to have an argument about whether or not I'm making logically unsupported attacks.. well, you can go have one in the corner by yourself, while the rest of us discuss the actual topic. Try to keep it down, will you?
I respect Stallman's accomplishments, and I can see the logic of his arguments, but I sometimes feel that he's too divisive within the F/LOSS community. Infighting - which is easy for outside forces to exploit - could weaken all sides of the movement. This lawsuit is a key example of a situation where by combining forces, they can achieve more than either those who take a pragmatic or a principled stand (what I see as the key differences between the OSI and FSF) could achieve alone. I hope to see more such efforts (and of course, I hope they prevail in this suit).
Yes, actually; some malicious sites used the same exploit as the jailbreak for drive-by malware installations. The hilarious thing is that the only way to defend against it (either early, before Apple released the fix, or after they dropped support for older devices so the patch was never officially available) was to jailbreak your phone and use the elevated access to patch the vulnerability yourself.
There were also exploits which targeted jailbroken iOS devices, since a number of the security defaults post-jailbreak were really stupid (SSH server running with a default password, for example).
These days target iOS with malware is pretty stupid, though; why go for under 20% of the market when you can target over 70% instead? Same risk (get your ass locked away for 10 years), much bigger payout. Malware is business, nothing more. There have been plenty of POCs of iOS malware*, but most of them don't get weaponized because the risk isn't worth the reward.
* Note: most of these POCs don't have or need root, so they aren't useful for jailbreaking.
... That is an explicit requirement of Apple's approval process, just in case you've been living under a rock for the last seven or so years. Actually, the requirement is that they can't run *arbitrary* code - you're allowed to include a (Turing-complete) game emulator in an app, so long as it can only load the game(s) included with the app - in practice it's the same thing. An app that can load arbitrary ROM images would be prohibited. So would one that includes its own JS engine (this is why Chrome on iOS actually uses the performance-crippled version of Safari's engine that is all third-party apps can access) or user-accessible scripting language.
You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it. Not even necessarily the *user's* money either, although genuine mobile botnets are less common than on PCs.
When writing malware, why would you target the player with 25% marketshare if you could target the one with 70% instead? That's voluntarily giving up about 2/3 of your potential income. Even if it was much harder to exploit Android (which it really isn't), they would still be the preferred target, because the return on investment is so much higher.
This is the same reason malware for Windows is so valuable, and exploits for that platform are more commonly weaponized than on other platforms. Malware authors are a lot less likely to invest a bunch of development time, and then risk jail time, to try and take over the #2 platform, even though a working exploit on Windows actually costs a lot more (or is alternatively harder to find) than on OS X. Of course, most malware isn't "exploits" in any proper sense anyhow, it's just Trojans. Those work equally well on all platforms, desktop and mobile. They're still illegal though, so again, not many people are going to go for anything but the biggest potential bag of money. The risk is the same anyhow...
CP isn't something you sue over (lawsuits are civil issues, at least this side of the water...). It's something you file charges over. Unfortunately, doing that usually requires an identifiable victim. Who knows exactly whose (childrens') pictures are in that collection? Also, I'm not exactly sure how you file charges against a government agency.
Now, you could sue to shut down the program, and cite the collection ("manufacture" in legal terms) of CP as one of the reasons, but that just, at most, gets the program de-funded. Although I suppose doing so probably makes it easier to get discovery needed for actual criminal cases...?
Except, we're pretty sure we *can* get CNT to nearly 300 GPa and then weave them together (preserving upwards of 80% of the tensile strength). 5/4ths of 3 * 70GPa is 262.5 GPa; we can probably manage to mass-manufacture CNT at that strength if we put the money into it. Not now, today, of course. Probably not for some years to even begin serious production, decades to complete it. Whatever. That's still within my lifetime. My children would grow up observing the greatest project the human race has ever undertaken. Every single estimate of the economics of space (and of long-distance Earth travel, for that matter) would need to be re-evaluated. The economic advantages of such a thing would be astonishing, to say nothing of the purely scientific and exploratory capabilities it would grant. (It would also potentially have a tremendous military impact, as it would make lofting materials for precision kinetic strikes quite easy...)
And you want to say we can't do it, because you ran the numbers and concluded that an acceptable margin of error on safety is... too close to the theoretical maximum?
Eh... things like automatic power of attorney and being automatically an inheritor of the other's estate (assuming no children and/or will stating otherwise) are pretty damn important legal considerations that we give to married couples under law. So is the right to stay in the country, for that matter. There are hundreds of others, actually.
Mind you, I'm not convinced that things like the federal income tax deduction for marriage is required (I understand the historical reasoning behind it, but I don't feel that a financial incentive towards marriage makes a lot of sense in today's world). I think it makes a lot of sense to give legal recognition of families, simply on the basis that society is composed of human beings, and forming life-partnership bonds with other humans is a thing that we do. In an ideal world, we wouldn't need civil marriage, but in the world we have, it's the easiest and most obvious solution to the problem. Now, if certain assholes would stop trying to ruin it for the rest of us...
Slashdot Mirror
Bullshit. Proxies handle HTTPS all the time. They can do all kinds of things with it, like see what the outbound IP is, what internal machine it comes from, how much bandwidth is being used (approximate, with an upper bound, but still), what port it's going to (usually 443 of course), how long the connection stays open, and so forth. It can log all that info. It can block connections to undesirable (because of malware / inappropriate user of resources / illegal / whatever) hosts. It can raise flags in the case of too many connections, or too much data, or data at unusual times, or... you get the idea.
A proxy just routes all the connections through one machine. It doesn't imply a need to be able to read data that flows over those connections. Some *uses* of proxies to require that ability - for example, anti-exfiltration systems that look for sensitive data somebody is trying to sneak out - but those can be fooled by concealing / encrypting the data at the application layer anyhow.
So... did you blow the whistle on them? Item A, I mean. If my employer blatantly lied to me like that, I'd damn well have walked out of that job and into a courtroom over it.
Of course, I live in the US, which has a well-deserved reputation for litigiousness. Also, where that kind of shit is generally considered legal anyhow. On the other hand, I *do* have the skills needed to check and see if they're doing it, and so far, that hasn't been a problem. Hell, at my current employer, we have to use a VPN (yes, even on our company-issued machines in the company office) if we want to access *internal* resources. Everything else goes out directly.
There's also the (experimental, draft, whatever" standard of "HTTP Public Key Pinning". Same idea as HTTP Strict Transport Security (which is becoming more widely supported, though not yet widely implemented server-side), but where HSTS merely requires that future connections to a given site must be over HTTPS (this blocks things like SSL stripping), HPKP requires that for a connection to the site to be trusted (now or in the future), the thumbprint of its public key (or that of the signing cert, perhaps, for agility) must be as specified in the header.
Of course, like HSTS, it's a trust-on-first-use scenario; if the proxy begins editing the HPKP headers (which it could do easily; just set them to the cert it's using to intercept all your connections), everything will appear fine until/unless you try connecting *without* that proxy in the way. Of course, if HPKP is implemented (in both client and server) before the proxy learns to handle it, you're going to get a whole lot of certificate errors...
AMD releases their specs... the Catalyst driver may not be open-source, but the open-source radeon* drivers are usually not far behind it.
When MS was developing their GPU acceleration for IE, it was a complete shitshow. Tons of very common drivers (the current ones for about half of the at-the-time dominant GeForce 8x00 series, if I remember the story right) were buggy, and would either cause glitches or just not render anything at all. A few others failed in other interesting ways, including crashing the browser.
They were able to get on NVidia's case and demand updated drivers that weren't shit, at least for that particular application. Google could probably do the same on Windows, and indeed may have done so (I know more 'softies than Googlers). But for Linux? Good luck. The open-source drivers would probably get fixed pretty fast for common cards, but obscure ones might take ages and the proprietary ones might never.
I think it was MS who had a bug in the past where if I got a certificate issues for "google.com\0.attacker.com", I could present that certificate for a request to "google.com" (due to DNS hijacking or a MitM attack) and it would pass validation because the CN was handled as a C-style string and treated the null byte as a terminator. Fixed long ago, but still. People have been messing up cert validation for as long as it's been around.
The scary thing is how many mobile apps just don't *do* cert validation. Either it's completely disabled, or they crippled it in some way (I've seen both not checking the trust chain and not checking that the cert is valid for the target site). The usual reasons are "oh, we just did that for testing" (but I'm looking at your release version...) or "yeah, one of the servers it connects to uses a self-signed cert" (fine, add explicit trust *for that cert* but don't just disable chain-of-trust checks!) Another common problem is leaving completely broken or outdated options enabled (export ciphers - 40-bit symmetric crypto, easily breakable with a home PC - ot SSLv2 or other such similarly stupid things). Even if your platform/framework/library has a perfectly bug-free TLS implementation, few people ever seem to actually use it correctly.
Took me a moment to realize you were talking about fuel cells in the "36%" part; maybe you forgot a few words? Anyhow, no worry.
Yeah, heat-based engines have pretty poor efficiency. We just can't get the "cold side" to be very low in practice. I'm not sure if we'll ever really beat this problem. There are lots of other systems out there, though...
Mind you, electrics have their own host of inefficiencies. There's resistive losses (both within and outside the battery), losses to regulation circuitry, some of the same drivetrain losses as a car (avoiding a conventional transmission surely helps, but there is still some friction in the moving bits, as always), and probably a ton of other things I haven't thought of. I can well believe the inefficiencies of a conventional ICE-based car are several times as bad as those of an electric, though, which means a factor of 5x improvement in battery capacity could let batteries substantially beat hydrocarbon fuels on a usable-energy-per-volume metric, and be within one order of magnitude on mass as well.
With the sole exception of WP7 (which received three major updates - NoDo (sometimes called 7.1), Mango (7.5), and 7.8 - and a number of small ones (security fixes and the like), I really don't see how you can argue that at all. OK, there's the Kin, which sold horribly (arguably, both MS and Verizon were *trying* to kill it by the end) and was discontinued immediately; I don't know what (if any) updates it got. However, Zunes all received plenty of updates. Xboxes of all generations received updates. WP8 has received three updates so far and it is confirmed all of them will get WP8.1 as well. Windows RT devices receive both the standard Windows patch Tuesday updates, and have received a number of firmware updates; they also got the 8.1 update.
At this point in iOS's life cycle, its devices didn't get updates past two years since release either. Microsoft is doing just fine on updates. The only place Apple has an advantage over them is the ability to force updates out without letting the carriers dither and sit on them for months (which some carriers have done for a few WP updates, to be sure). However, since WP8 update 3 went RTM, MS has allowed people to opt into receiving updates immediately, bypassing the OEM and carrier update processes.
No it can't. It can be used in non-free ways, but your contributions, and the code base you were contributing to, will forever be free. You can't retroactively close source and make something proprietary. You (or somebody else) will always be able to take that code and do something free with it.
Not at all. It could just be boring. Also possibly terrifying (but not actually dangerous and hence not "bad"), although some people would find that "cool", I guess...
As in, "Hey, lets go for a joyride!" "Sounds good, anywhere in particular?" "Nah, I've got it covered though" *pushes button* "Siri, directions to the nearest 7-11"?
Because that would be hilarious.
... 600/mo is pretty standard around here. I don't know where you are, maybe that's high for rent + utilities + whatever other services you get, but it would be considered quite reasonable many places. I pay more than that on rent alone, and live not far from a university campus
Also, with the prices you game, tuition still comes out to be more than housing. Just saying...
Actually, astrology should be pretty falsifiable. I realize it's full of weasel-wording and vagueness, but there still must be claims that can be compared against a control group who doesn't know their "sign" and doesn't give a damn. You don't even need to demonstrate that the claims are *wrong*, per se - although it'd be great if you could - just that they apply equally well to people of other "signs" and/or to people who don't know (depending on whether the claim is a suggestion that you should do something, or that something will happen).
We have good statistical models for determining whether something is differentiable from randomness, and even better ones for determining whether two groups of events can be said to differ from one another to any degree of confidence. If you want to claim that (for example) two particular astrological signs are more romantically compatible, that should be a dead easy thing to statistically test. Eliminate those couples where either partner paid any attention to astrology, if you want to avoid the risk of that biasing the results.
This type of statistical analyses of populations is the standard approach of the social sciences. With large enough sample sizes, the error can be very low, comparable to that of observational or "hard" science. For that matter, past a certain point, physics is all statistical modeling anyhow. This is not a bad thing; it's how science works.
Some cheese, yogurt, and meat will get your gut back to its old self at least as well as any so-called "probiotic" will. I took such things only for a very short period of my life, while traveling in an area where a lot of the food was unhealthy and could make you sick constantly (diarrhea mostly, but not exclusively), and there wasn't much access to "natural" sources of gut bacteria to replace what we were losing. With that said, I doubt it made any difference, or at least any positive one.
I will also grant that some people can't eat the foods mentioned above, or the handful of other helpful ones. For them, bacteria-in-a-pill (sounds so much less pleasant than "probiotics", doesn't it?) may be what they need. There's no justification for a mass market of the things, though!
It has nothing to do with organicness. It's simply that produce which is grown "organically" typically has a much shorter shelf life (this is not to say that the ways mass-market produce gets an extended shelf life are good, mind you) and consequently must be picked ripe and sold immediately. Mass-market produce is picked quite unripe and transported long distances, "ripening" (to the extent that they can) in transit, in storage, or simply on the shelves (or, considering the unripeness of a lot of what's on the shelves, on *my* shelves at home). That's what causes the taste difference.
If you don't believe me, go look up some studies. People have done double-blind taste tests, and found that the "organicness" of food was undetectable, while picking it ripe and eating it quickly made all the difference. Or heck, go find out for yourself! There's almost certainly a farmer's market near where you live, it's probably cheaper than Whole Foods, and you'll find it's just as good.
Ah, but if one company needs to invest in researchers and designers and architects, and the other doesn't, the other can spend more money hiring good software developers (and reverse engineers, admittedly, but I can RE in one afternoon an algorithm that took months of work to develop). So there's no guarantee that the first mover will have the better software. They will of course still have the first-mover advantage, but that doesn't guarantee success.
Personally, I favor a compromise. The computer industry moves really fast. A year or so of R&D should not result in a patent that will be in effect for the next 5-10 generations of software and hardware. "Reinvented... ON A COMPUTER!" absolutely should not. But there's something to be said for a short-term protection. Two or three years, maybe five at most, would give people plenty of time to profit from their R&D (before the fast pace of the industry obsoletes them) while still allowing the industry to build on those patented "inventions" and bring new products to market a few years later even if the don't want to pay the licensing costs (note that they could certainly *begin* development prior to the patent expiring, just not release a product using it). Obviously (well, to most people) this should not apply to applications that simply digitize existing algorithms, either, but there's a lot to be said for rewarding the ability to develop new solutions to problems (or creating new markets where people hadn't thought it was possible at all) with a short-term monopoly. Reverse engineering really is quite easy.
You're free to use either one the way you want.
You're free to modify either one the way you want.
One of them, you're free to relicense a fork of the code (even as proprietary) if you want.
The other one, you can know that any code you contribute to it will forever be free.
They are both "free". They are different flavors of free, but they are both free in every way that matters to users.
The *only* difference is in the way you can re-distribute them. That is a licensing (specifically, a matter of the copyright license) issue.
If you claim that BSD, or MIT, or even something like MS-PL are "not free"... well, you're crazy. Also, a prime example of the problems I was talking about at the start of the thread.
I see nothing ad-hominem about pointing out that the leader of one of the organizations in question has frequently gone on the record attacking major projects supported by members of the other organization, and attacking those members' ethics in general. There was an article just a few days ago about Stallman denouncing LLVM/Clang, despite its technical merits and open-source nature, because it's not his preferred *flavor* of "free software". Never mind that just as anybody can fork it and make the fork proprietary, so can anybody fork it and make the fork copyleft. Also never mind that there are plenty of examples closing permissively-licensed software and having the open-source version (which may or may not have been relicensed copyleft) win anyhow.
Zealotry can have it's uses, but that doesn't mean that the zealots are right. It doesn't mean they're wrong, either. Some of Stallman's predictions have come eerily accurate. Others have been way off the mark. I'm of the opinion that cooperation and technical excellence in open-source development, regardless of whether or not it's copyleft, is more important than dividing the community over licensing issues. Stallman disagrees. This is an issue between the OSI and the FSF. That's not ad-hominem, it's a statement of fact pertinent to the discussion at hand.
But hey, if *you* want to have an argument about whether or not I'm making logically unsupported attacks.. well, you can go have one in the corner by yourself, while the rest of us discuss the actual topic. Try to keep it down, will you?
I respect Stallman's accomplishments, and I can see the logic of his arguments, but I sometimes feel that he's too divisive within the F/LOSS community. Infighting - which is easy for outside forces to exploit - could weaken all sides of the movement. This lawsuit is a key example of a situation where by combining forces, they can achieve more than either those who take a pragmatic or a principled stand (what I see as the key differences between the OSI and FSF) could achieve alone. I hope to see more such efforts (and of course, I hope they prevail in this suit).
Yes, actually; some malicious sites used the same exploit as the jailbreak for drive-by malware installations. The hilarious thing is that the only way to defend against it (either early, before Apple released the fix, or after they dropped support for older devices so the patch was never officially available) was to jailbreak your phone and use the elevated access to patch the vulnerability yourself.
There were also exploits which targeted jailbroken iOS devices, since a number of the security defaults post-jailbreak were really stupid (SSH server running with a default password, for example).
These days target iOS with malware is pretty stupid, though; why go for under 20% of the market when you can target over 70% instead? Same risk (get your ass locked away for 10 years), much bigger payout. Malware is business, nothing more. There have been plenty of POCs of iOS malware*, but most of them don't get weaponized because the risk isn't worth the reward.
* Note: most of these POCs don't have or need root, so they aren't useful for jailbreaking.
... That is an explicit requirement of Apple's approval process, just in case you've been living under a rock for the last seven or so years. Actually, the requirement is that they can't run *arbitrary* code - you're allowed to include a (Turing-complete) game emulator in an app, so long as it can only load the game(s) included with the app - in practice it's the same thing. An app that can load arbitrary ROM images would be prohibited. So would one that includes its own JS engine (this is why Chrome on iOS actually uses the performance-crippled version of Safari's engine that is all third-party apps can access) or user-accessible scripting language.
You don't understand how malware works, do you? It's a market. Money, the almighty buck, is the driving force of it. Not even necessarily the *user's* money either, although genuine mobile botnets are less common than on PCs.
When writing malware, why would you target the player with 25% marketshare if you could target the one with 70% instead? That's voluntarily giving up about 2/3 of your potential income. Even if it was much harder to exploit Android (which it really isn't), they would still be the preferred target, because the return on investment is so much higher.
This is the same reason malware for Windows is so valuable, and exploits for that platform are more commonly weaponized than on other platforms. Malware authors are a lot less likely to invest a bunch of development time, and then risk jail time, to try and take over the #2 platform, even though a working exploit on Windows actually costs a lot more (or is alternatively harder to find) than on OS X. Of course, most malware isn't "exploits" in any proper sense anyhow, it's just Trojans. Those work equally well on all platforms, desktop and mobile. They're still illegal though, so again, not many people are going to go for anything but the biggest potential bag of money. The risk is the same anyhow...
CP isn't something you sue over (lawsuits are civil issues, at least this side of the water...). It's something you file charges over. Unfortunately, doing that usually requires an identifiable victim. Who knows exactly whose (childrens') pictures are in that collection? Also, I'm not exactly sure how you file charges against a government agency.
Now, you could sue to shut down the program, and cite the collection ("manufacture" in legal terms) of CP as one of the reasons, but that just, at most, gets the program de-funded. Although I suppose doing so probably makes it easier to get discovery needed for actual criminal cases...?
Except, we're pretty sure we *can* get CNT to nearly 300 GPa and then weave them together (preserving upwards of 80% of the tensile strength). 5/4ths of 3 * 70GPa is 262.5 GPa; we can probably manage to mass-manufacture CNT at that strength if we put the money into it. Not now, today, of course. Probably not for some years to even begin serious production, decades to complete it. Whatever. That's still within my lifetime. My children would grow up observing the greatest project the human race has ever undertaken. Every single estimate of the economics of space (and of long-distance Earth travel, for that matter) would need to be re-evaluated. The economic advantages of such a thing would be astonishing, to say nothing of the purely scientific and exploratory capabilities it would grant. (It would also potentially have a tremendous military impact, as it would make lofting materials for precision kinetic strikes quite easy...)
And you want to say we can't do it, because you ran the numbers and concluded that an acceptable margin of error on safety is... too close to the theoretical maximum?
Eh... things like automatic power of attorney and being automatically an inheritor of the other's estate (assuming no children and/or will stating otherwise) are pretty damn important legal considerations that we give to married couples under law. So is the right to stay in the country, for that matter. There are hundreds of others, actually.
Mind you, I'm not convinced that things like the federal income tax deduction for marriage is required (I understand the historical reasoning behind it, but I don't feel that a financial incentive towards marriage makes a lot of sense in today's world). I think it makes a lot of sense to give legal recognition of families, simply on the basis that society is composed of human beings, and forming life-partnership bonds with other humans is a thing that we do. In an ideal world, we wouldn't need civil marriage, but in the world we have, it's the easiest and most obvious solution to the problem. Now, if certain assholes would stop trying to ruin it for the rest of us...