Posts by Doctor Syntax 42029 publicly visible posts • joined 16 Jun 2014
"Increasing taxes hasn't worked yet ... what make you think it'll ever work?"
Define "work". If taxes stopped everything being taxed "because it's not good for you" governments would run out of money. So "not being good for you" is an excuse to raise taxes which does exactly what it's intended to do: shift money into the government's coffers.
"Kernael contributors do not get paid."
I think most of them do by their regular employers. However Linus does not have any influence over that and, as you say, he doesn't get to sack them either.
This is surely a unique situation and I doubt that any of those who come here to advise us of how he's doing it wrong would have the first idea of how to manage it, I know I certainly wouldn't but at least I know that.
Possibly the entire secret of Linux's success isn't the original code that attracted a mass of contributors but the fact that Linus himself turned out to have the ability to manage it and that the occasional rant is part of that ability.
" I don't think there are many organizations that would tolerate an employee constantly publicly berating people online."
Just reflect a moment what would happen in an ordinary organisation.
Torvalds would do one or more of the following:
- Write programmers' annual reviews
- Conduct recruitment interviews of programmers
- Recommend programmers for dismissal
- Recommend programmers for promotion
- Recommend programmers for pay rises
He has none of these conventional management aids to maintain quality. All he has is the ability to accept or reject code and to comment on it. By that means he is able to manage a team orders of magnitude greater than by use of such conventional management aids which leads to the further point that in such an organisation:
- He would have no time to do any real work.
Or to put it another way: how would you manage the Linux project (and remember before you reply that a lot of work is already delegated to the likes of Greg Kroah-Hartman).
"Show me a kernel fork making constructive progress"
Microsoft appear to be trying it. https://www.theregister.co.uk/2017/07/31/windows_subsystem_for_linux_to_debut_in_windows_10_fall_creators_update/
Whether it's making constructive progress is a different matter.
"without rants"
And as it's behind closed doors we aren't going to know.
A lot of trucks (here in the US at least) have a toll free number listed with "how's my driving?"
Also in the UK. Presumably the recorded response is "You're a fine one to complain. You drove close enough to read the number and either you're either phoning or you wrote the number down whilst driving.
"Because it is a small step from your personal vehicle driving itself, to all vehicles being fleet-owned and being called on-demand."
Old Will got there before us:
GLENDOWER: I can call spirits from the vasty deep.
HOTSPUR: Why, so can I, or so can any man;/ But will they come when you do call for them?
That's the point. Try calling in rush hour and see if you get your fleet-owned automomous car.
"He'll be out of that circus we call the White House pretty soon."
I think I've cottoned on to Trump's plan. He's implementing Andy Warhol's everybody will be famous for 15 minutes idea. He's gradually revving up the revolving door so that the entire US population will have held a USG post for 15 minutes by the end of his term of office.
I've no problem with any company making money from releasing FLOSS who, after all, are the largest contributors. In fact, a commercial vendor is more likely to respond to users than an independent developer who has nothing to lose or gain from the responses to their work.
In Red Hat's case, however, I can't avoid the thought that, as things have worked out, they are now (AFAIK) the only resort for those who need a commercial vendor-supported distro and want it to be systemd-free. Is that irony or a clever ploy?
"The logical conclusion is that governments will outlaw the use of any encryption that isn't specifically approved by them."
I have no problem with them doing that providing they meet my requirement: a full year before doing so they must publish every detail they use for online access including user names, passwords, etc for all their online services including banking, online ordering etc.
"you could just nip to the Post Office and buy a stamp."
There are at least 3 options for TPTB to deal with that:
1. In some cases a spray* can render the envelope temporarily clear enough to photograph the contents. That's why a good envelope has a pattern printed on the inside.
2. Steam it open and reseal.
3. Rip it open and fake a replacement envelope.
* Possibly something nasty like a halogenated hydrocarbon - it's a long time since I saw it so I've forgotten the details.
"The key to the system is to take legitimate-looking code and change just a few tiny parts of it to convert the software into attack code. Even changing small details can fool AV engines, he said"
There's something self-contradictory here.
Start with something legitimate. Make small changes. Small changes can fool AV engines. But if the AV engine were white-listing the legitimate code than those small changes should fool the white-listing. And if you weren't counting on white-listing why bother to start with legitimate-looking code in the first place?
"If you put the onus on software companies to patch bugs that affect software in ways it was never designed to be used you'd quickly find software prices would skyrocket to insane levels"
I hope you didn't mean that in the way I read it. Exploits of vulnerabilities are ways the software was never designed to be used.
It's like insisting that the security issues in Telnet get fixed. They *did* get fixed, and the result is called "ssh".
And domestic routers etc. still get shipped with telnet & no ssh.
In the real world what gets done is what's convenient, not necessarily what's best.
"comparing what they make with anything honest work might conceivably get them is nothing short of delusional."
Although my OP might have been somewhat tongue in cheek it does reflect the point of the article: in order to make ransomware work the operators need to be professionally business-like in their approach. As such they could probably equally well operate a legitimate business so that the comparison with employment isn't really justified.
Of course they wouldn't make the same returns from a legitimate business. However the NSA will be trying to track them and will probably succeed in at least some cases. The consequence is that if they try to spend the proceeds or maybe lured by a sting operation somewhere where they can be made amenable to the US authorities - and that seems to be a rather large slice of the world - then they could end up looking at multi-decade prison sentence.
I should add that at one stage (early 80s) I used a network which was designed to be wired up with 75 Ohm TV coax. It consisted of small boxes, allegedly each contained a Z80 with an RS232 connector, a TV connector & a small stub of TV coax with another connector on it. These were daisy-chained with more TV coax. I can't remember what the head end was like but it must have broken out a batch of RS232s to connect to the host, a Z8000 box.
A few years later, and another job not a million miles from Euston, I came across a very much grown up version, again strung together with coax but definitely not TV coax, doing much the same job. In that case the head end had a room to itself but still fed the serial lines through to a server. And that gig also had some of the original hose-pipe sized Ethernet as well.
"Kellogs run a TV commercial, do you change to Kellogs?"
If I watch anything on a commercial channel I'll fast forward through the adds so I wouldn't see it. If that wasn't the case and I did see the ad it would have no effect unless I was already buying Kellogs in which case I'd get pissed off with the ad so quickly I'd change to BrandX.
Next question.
"Worse yet, the device communicates via cleartext, so attackers would be able to falsify readings, disable alarms, or perform any other originally supported operation."
This gains it the highest approval rating from both our house-trained Home Secs (I'm counting the one currently installed in number 10).
@Jonathan 27
Back in the '80s when we first used RCS I checked after a few months & discovered we'd been releasing changes on average of every 2 weeks for our in-house application system so I'm not impressed by your idea of every 2 months as continuous release*. This was for adding functionality for business reasons (mostly requests from the beancounters which was handy because it kept them from complaining that we were a cost centre). OTOH we did expect a much slower rate of churn on the underlying platform, OS & RDBMS.
*We also had the same team as developers, DBAdmin & Unix Admin so I'm not impressed with the idea of DevOps as the latest shiny. Everything old is new again.
