Posts by doublelayer

Re: People who want things to be free . . .

I've argued that proprietary software is good and worth supporting in other comments in this topic, but I'm afraid I'll have to take the other side on this one:

"What does it mean for all of the other software developers who want to make a living in a market where competing products are given away for free? It means those people go hungry."

This tends not to be a great argument. The argument boils down to "never do anything that will cause problems for someone doing the same thing". People write free software because they enjoy doing it and they want the result. It's not a crime that they give it away, and it means that anyone who wants it can get a copy. Sure, now someone can't make the same thing and sell it, but nobody was required to have that opportunity or to keep that opportunity in existence. Developers can make their own product that does something different and try to sell it, they could add their feature to my code if the license permits and sell that as a fork, or they can find a different project to work on. I'm not going to hide my code so that someone else can make money by reinventing and selling it.

Consider a parallel. I'm going to open a restaurant on a street that will sell good food for cheap prices. What does this mean for the existing restaurants that charge more for their food? Probably, it means they will lose some business from customers coming over to my place. This will be a problem for them, but it's not my responsibility to refrain from opening a restaurant or charge higher prices so they can keep everything the same. If they find that I'm more popular, they might have to change their plan to appeal to their customers. The same thing is true of software. If someone finds that people don't express much interest in a certain kind of software because it already exists, they can develop their version anyway and attempt to convince people that their innovations are better than what's out there, or they can turn their attention to something else where the existing options are not sufficient. Both options have worked. Your own list provides examples:

"web browser": Anyone using Brave out there? I don't, but people do. That's a new browser, with commercial elements, from a company that thought they could do a better job than the existing browsers. People use it, even though other ones are free.

"PC OS, or smartphone OS": In both cases, those are not universally open source products even though both have open source components. And of course people are developing new ones, in some cases commercial ones. Sailfish OS, for example, is a commercial smartphone OS and they made some money selling it as a core for Russia's government phone system. It's not that popular, but it has been done.

"Server OS": People make new server OSes all the time. Can you name a cloud provider that doesn't have their own variant of Linux, which they think has some advantage which will attract people to their cloud?

"database": This article is about a commercial database writer. In this article is a link to an older article that lists a bunch of other modern, commercial database companies. Most of those are still around and still commercial.

"FTP client": Yes, probably there are more of those being written, but you may be right that there's not a lot of companies building that as their core product. Is that such a problem? Are there features you want or need in an FTP client that you can't get and are willing to pay for? I can't think of any, so if I had infinite resources to hire programmers, I wouldn't ask any of them to write a new FTP client. Many pieces of software are in this area where, unless they have a new idea, we don't really need a ton of new options when the existing ones could be maintained and do just as well.

And this is based on all the consulting jobs out there for someone who wrote code that we're already using for free? It might work for some people, and it has worked out well for people who write most used components: the corporate involvement with Linux, for example. It doesn't work that way for every developer, and it certainly would not for the many programmers who work in the areas where proprietary software is more common than open source is. You don't have to hire the original developer to consult unless you need a lot of knowledge. If a bit of knowledge will do, you can have somebody else consult and have them read the code first. After all, if Microsoft Office was free and open source, would you be in line to ask the developers to work for you because you need their help to make Word do something, or would you just use the programs the way a paying user does today?

The same thing is true for creative workers. I'm interested to see the reports of an author who makes their money from paid performances of their books. How about the person who takes photos selling tickets to watch them display those photos on stage? How about the movie actors inviting people to watch them put on a stage performance of the movie, minus the special effects, scenes that don't fit in an auditorium, scenes involving too much stuff, etc. Your statement only really applies to music performers, and it doesn't necessarily work great for them either. What happens if a bandmember gets injured and can't perform for a while. What if somebody wrote the music or lyrics but doesn't play in the band? It sounds like you'd just hope their friends are generous and share the money, because without copyright, those people wouldn't benefit from their work, even when there is a source of money that remains.

I had a similar problem with it. I fully agree that free software, using licenses that are compatible with the FSF/OSI's definitions, is very nice. I use and donate to a lot of such software, and I view the license as an asset. Where I disagreed with the FSF was in the attitude that proprietary software was either evil or should be prohibited. As I understand some of the things that caused Stallman to start advocating for this, his problem was of theft of his work for inclusion into proprietary software, which makes a lot more sense as something to hate than the existence of the proprietary software altogether. And yet, a lot of the prominent people in the movement would frequently argue against something simply on the basis that somebody was selling it, with several proprietary companies being characterized as complete monsters (I think you all know the main one, but they weren't the only one).

Then again, he's not the only person to have taken such a view and there are people who take a much stronger stance in opposition to the existence of copyright. They usually fail to provide any explanation of how they think the free creative work will happen, which might be wise of them because, when I've seen a plan, it has never had any plausibility.

In MariaDB's case, I will not pretend it's open source, and I won't be picking it for its license freedom. I may still choose it as a useful piece of software, though, because I'm not opposed to buying some software if it's useful for my purposes.

Re: Universal... what?

And yet, I'll still take the everything badly version. Maybe it's because I haven't seen that many alternatives that accomplish the one thing well approach. Many of the ports that came before USB appeared to take the "one thing just about as badly" approach.

Re: Biometrics!

Generally, yes, at least for fingerprints. What often happens is that there is a separate processor reserved for storing the biometric in a secure memory region and also contains the encryption key for the device. If the fingerprint matches the stored representation, it releases the encryption key. If that processor thinks that the situation doesn't call for one (for example right after it's been restarted), it declines to read the fingerprint and requires the user to enter a code. It can also be instructed by the phone not to scan if the system thinks the fingerprint is not acceptable at the moment.

Facial recognition may work differently. Fingerprint sensor chips are more common, whereas the image recognition part may just run on the main processor. It probably depends on the specific device and how they built it. In that case, it's still storing an encryption key somewhere, hopefully on a part of memory that's not easily read from an external device, and using that key if the algorithm decides there is a match.

Re: LLMs: plagiarism devices

So, in your mind, if I can find a single document talking about a war that doesn't call it by a certain name, that name is forbidden under all circumstances? A civil war is a war which occurs between groups in the same country. Before the American Civil War, they were one country. After the American Civil War, they were one country. It was a civil war, and it was the only one to occur in that country, thus The Civil War is a perfectly appropriate title for it. The alternate names you suggest are not great, especially for a global audience:

"the War of Secession": You're going to have to tack on some more adjectives, as there have been a lot of secessions over the years. And, given that this secession completely failed, maybe that's not the best name.

"War Between The States": This works a bit better, but it's more words for the same concept as "civil war".

"War of Southern Independence": Without independence happening. That's kind of like talking about World War II as "The War of the Abolition of Poland" even though, at the end of it, there was still a Poland.

"The Late Rebellion": This is just silly. That phrase worked a decade after the war since "late" meant "recent". Right now, that war is no longer recent and we tend not to use "late" for that purpose anymore.

"The War of 61 to 65 (most accurate)": Come on, if you're posting here, you should already know that you can't just use two-digit years, and you should probably also know the benefits of uniquely identifiers. If we're going with that, I can name the first post-independence civil war in the Democratic Republic of the Congo (1961-1965), or depending how early you're willing to go, the Burmese-Siamese war which ended in 1665 and started, depending on your definitions, in 1661 or 1662.

Re: LLMs: plagiarism devices

And we're still talking about different things. There is a moral argument about whether fighting is justified when your chance of victory is small enough, and there's a related one about forcing others to fight for you under those conditions. Neither falls under your "might makes right" case, which usually applies to an argument which declares that the victorious side's rationale for fighting the war is the moral one, not necessarily that their conduct during the war was moral. Similar, you can choose to interpret "wasted lives" in a number of ways. It can be a moral judgement on whether the battles should have been fought. You can also read it as an amoral argument: if you waste some lives in a bad military tactic, then you don't have those lives for other battles which are more important or more likely to lead to victory. Or you can take it as a moral judgement for the opposite side: if you don't waste lives on a resistance that fails, you will have more people to resist the post-war situation which may have a greater chance of success, which is a tactic that has been used several times in world history.

The fact that you called it "The War Against Northern Aggression" suggests you may have an opinion on the causes of the war, but that doesn't make that the topic they were asking about.

Re: LLMs: plagiarism devices

It didn't sound like a moral premise to me. It sounded like a premise of pragmatism. Not "was it right for [insert side here] to do what they did during the war", but "did [insert side here] have a reasonable chance of victory against the tactics used by the other side". You could have a group incapable of victory using their tactics whether or not that group is also morally right. In short, you appear to be arguing about the causes of the war against someone talking about the practices during the war.

Re: Education itself is partly to blame here.

"But we need to remember that we got into using assignments so education could become an "industry" and make money."

At least sometimes, we got into assignments so that students could learn better. There are a lot of things in life that don't fit as well in an exam as they do in a longer assignment. Since we're mostly IT people here, a good example is computer science. Of course I did computer science exams, and they're worth doing, but I didn't write big programs for those. The exams often had us writing code on paper and eventually stepped up to a text editor, but we weren't testing things and we weren't called on to innovate. When they assigned us projects, we were doing both of those. Which better represents the way that knowledge will be used once you have the credential? Similarly, both exams and assignments sometimes included adding or modifying an existing codebase. The exams had small ones so you could actually read and understand them in the three hours this question shared with all the others, whereas the assigned ones had much larger ones, in some cases up to ten thousand lines. When I started working, I often had codebases to learn and integrate my code in, and they were rarely three pages long.

Exams are useful in some cases, but there are many activities that education should simulate which don't fit in the exam format.

Re: Artificial Irony detector required

I don't know. My only guess is that he didn't use GPT to do his grading work, he used it to judge students and didn't even bother grading them. I'm not sure that's a big enough technical inaccuracy to justify downvotes, but it's all I can think of.

I wonder if any teacher has yet used GPT to actually grade an assignment. It will do it, of course, but I'm hoping that's at least below the threshold where even the less informed realize that's a terrible idea.

Re: re. Why not go back to oral exams for the Finals?

You have to be careful before using any kind of automated analysis to see if it's reliable enough to use to punish people. People hate it if some algorithm they can't control or audit is used to decide that they're guilty, and they have a reason to feel that way. Existing tools that check for plagiarism aren't affected by this, because even if it puts a high plagiarism score on a document, it can be made to tell the professor and the student where the words were copied from. They can check that to see if the program has screwed up by referring to the student's own work, by not recognizing the use of quotes, or by just being wrong.

If a statistical model says "92.537% confidence that this writing does not match the historical corpus from this student", what can you do to test whether that's true? How high is that confidence when you compare a student's carefully-written essays against the one that they ended up doing all at once while lacking sleep? How accurate is it when comparing an essay written by multiple people against the essays made by individuals? How confident is it when comparing a student's essay from a literary analysis class to their readme for a computer science project, and what happens when it goes from essays with no references to a heavily-cited work performing a meta-analysis? Unless you have all those answers and they're all in the 0-1% range, it's likely that this will punish completely innocent students.

Re: The hubris...

No, it's required behavior from RFC 3986

The userinfo subcomponent may consist of a user name and, optionally,

scheme-specific information about how to gain authorization to access

the resource. The user information, if present, is followed by a

commercial at-sign ("@") that delimits it from the host.

Do you really feel it's more patronizing for them to follow specified behavior rather than send up warning screens for stuff that's explicitly specified and is in fact used in that way by several systems that accept HTTP authentication?

Re: Have I understood this correctly?

No, but ICANN does and they will use that power if you give them enough money. You too can own your own new TLD if you have a large amount of cash that you wouldn't mind never seeing again. You can probably get some of it back from scammers, though.

Re: Speakin of .com

The ship has sailed on that. Most filesystems don't have a place to embed that data, and it's not just Windows. I don't have fields for that in most Linux filesystems, and when that is available, the system doesn't use it.

I'm also having trouble figuring out why that's better; just like a file extension, it's a free format string that anyone can change. If that was used to identify file types, the ban would apply to that one instead. This also decreases the extensibility, since there is a defined list of authorized types. I've checked out IANA's list, and it's missing several types that people like to distinguish. I see a few types that name a specific script format, but for example both Python and Rust files don't have a type and would probably be labeled text/plain. We'd either have to constantly apply to add types to that list, make up new type designations and hope that everyone figures out to use them, or just ignore the type and use a different indicator.

Several reasons. The first reason is what I already said above: the part they think they're reading is login information because it's before the @ sign. Incidentally, paths can be anything as well, no need for those to be ASCII. Only the domain part of the address might have a restriction against Unicode, but it might not.

As for mixtures, nothing in any specification prevents someone from having a username with multiple kinds of Unicode characters. There are many languages where that is common, where Latin letters are used so they're using some bytes from ASCII's English area, but there are other letters, diacritics, or symbols which are found elsewhere in the Unicode codespace. If they tried to make a database of languages so they could ban sequences not associated with a language, it would be a lot of work that would likely just annoy people whose language hadn't been inserted yet. I'm allowed to have a path or username on my system consist of mixed alphabets, and if the browser couldn't support that, they're breaking the standards that implement Unicode support.

Re: pointless

I don't do bans of large sets for exactly this reason. I wouldn't block an address just because it chose one of those TLDs. This is more about what I think when I see one. If I see a .com address, I'm thinking that it might be legitimate, if I see a .xyz domain I think there's a lower chance but it may be real, and if I see a .top or .buzz domain I assume it's a scam unless I have information that it's not. I'm sure some legitimate sites use those TLDs, but I don't think I've seen that many, which keeps me from using them either.

Re: What is this file extension thing

That introduces three problems. First, you have to open the file and read from it in order to know what can be done with it. You'd have to have a big database of magic byte sequences and an easy way of adding new ones. If anything did that automatically, you'd likely see performance dropping from extra reads, and that would get worse if there's a network link somewhere in the process.

The other problems are related, and they come because the user lacks information about what the file claims to be. The simpler problem is just inconvenience, since a user can generally understand what is contained in a file that uses a standard extension, but would have to read your file, hopefully with the same magic number database that you have, in order to figure that out using your method. The extension can also indicate something that your database probably doesn't, such as whether this file which your database correctly identifies as "plain ASCII text" is text, configuration, or source code, and if it's code, what language it's for. If you've sent a large collection of files, they may not really want to do that to every one of them to figure out which is which, and a good name that indicates the type makes that easier. The other side of the coin is worse: if the user recognizes an extension, they have a pretty good idea of what program will try to read the file if they open it. If I have a .zip file, I know my archive compressor of choice will try to open that. If somebody sent me a different kind of file with the .zip extension, the archive program will give me an error message. What can't happen is that the .zip file is an executable in disguise and will execute, since my software won't just execute a file without the correct extension set (admittedly, that extension is an empty string on my system, but it has to have a bit set so that evens it out a bit). The extension system is far from perfect, but I prefer that to guessing every file's contents and taking automatic action based on that guess.

Re: Speakin of .com

"The fact that the mime-type was "text/plain" mattered not one jot. Presumably MS looked at names, not actual information (standards - what are they?)"

Blanket bans may not be a great idea, but if you're going to have one, of course you'd use the file extension instead of the type. If the user saves the attachment and clicks on it, the OS is not going to crawl through the email database, check the type, and use that to open the file. It's going to look at the extension to do that. The type won't stay with the file, and Windows Explorer and many other GUI file managers have established years ago that they will use the extension for that purpose. Of course, your file wouldn't have executed, but people became worried after viruses, most famously Iloveyou, used a .vbs attachment and users who just blindly opened it, so they ended up using a big hammer to try to block anything that could execute just by clicking on a file.

Re: pointless

I will admit that .xyz is one of the new TLDs that has a larger proportion of non-scam users. Unfortunately, that's not quite the same as saying that scammers aren't very common there.

It isn't a TLD I would choose for projects unless I really couldn't find a viable one in an older TLD, and in that case, I'd also be checking who was using the older variants of my domain on those TLDs for fear that a name collision would work to my detriment. I'm wondering why you or your friend chose the .xyz domain? If it was because the name was taken in all the more typical TLDs, did you find this less concerning than I would? Unless the suffix has some connection that makes an interesting pattern, I'm not sure why else you picked it.

No, because in the example, the domain name only uses ASCII. The unicode part is not interpreted as part of the domain because Chrome has interpreted it as a username, meaning that this runs on any TLD, whether it supports internationalized domains or not.

Re: What's it like for making actual phone calls?

I have not used this, but I am still confident that I can answer your question: it's fine. I've used a bunch of phones in recent years, from my own devices to work ones and ones I set up for friends or family. Some iPhones, some Android, one KaiOS, and one feature phone. While some people don't make phone calls often, I am not one of them, so I've made calls on most devices. They are all basically fine.

While some may disagree that making phone calls is the "main purpose for a phone" nowadays, what's much less questioned is that phone calls are a pretty basic feature. It's using well-tested protocols and, if the phone can't manage a call, it's going to have problems with the other services that people who don't use the calls will notice. Unless you need something unusual, it's going to handle your calling needs fine. Of course, if calls are your primary use case for a phone, you might be better off buying an incredibly cheap device which will also manage calls just fine, since the extra money on this ridiculously expensive device is likely not to benefit you.

"pointing the finger at one country or one of only 4 countries is what we call propaganda."

No, it would be if we just made that up. There are people who put a lot of effort into figuring out who did various things, and they know more than you do about the people and organizations responsible for attacks. They're not perfect, but your assumption based on nothing, or more likely some existing ideological point, is less reliable than their years of research.

"As I said you never know where it's coming from as it's untraceable once you start routing through hacked servers."

They sometimes think so too. Sometimes they're right. Often, they didn't do as much hiding their tracks as they should have and it really is traceable. And sometimes, they announce it publicly and provide proof, often in the form of stolen data that wasn't already out there. That makes it much more traceable.

"You can't even use reverse engineering and say oh it's like something previously used by x country because you have no idea if the previous one was actually used by x country.": Except, again, when it is announced by X country that they did something, either publicly for some propaganda purpose or, much more frequently, by accident. And in other cases, while there is no confirmation from the country, there's plenty of evidence for a reasonable observer to conclude that it's likely. While you are correct that there's always some chance that someone else did it, you are acting like it's a hunch at best when in reality it's so many clues that it's pretty obvious if you've read the analysis.

"The original comment was volume has dropped from someone wanting to sell solutions. They can't say efficiency because why would you want their solution?"

I gave you several reasons why volume will have dropped, from the loss of personnel, decrease in organization, and more difficulty making profits. That will have driven some away and caused problems for those that remain. I expect that their next step will be to increase the volume to try to make up from that. Perhaps I'll be wrong and their problems with efficiency will put more of them off, continuing to drop the levels. Given that Russia's economy isn't the best for people who can write code, I don't have much hope for that.

"What is exactly restricting them from exchanging bitcoin for USD in another country?"

Starting with the perspective of a Russia-based criminal. Some countries will require them to be identified before it can happen. Criminals don't like being identified. Those are out. Some exchanges in other countries will not require them to be identified, but will have some trouble transferring a bunch of cash to where they are. That makes exchanging there useless if the criminals wish to remain in Russia. Some exchanges are happy to transfer to Russia, but having been used to circumvent sanctions, they find it hard to quickly cash out large values because other exchanges don't do business with them. That works, but is inefficient.

"Do you have this weird idea that they only have Russian bank accounts? If they were Russian in the first place that is."

They may well have stolen accounts from other people in other countries, but they can't just transfer money from those accounts into theirs because sanctions restrict transfers, Russian government policy limits the viability of transfers, and criminals don't like announcing their identity in a bank ledger that any law enforcement can look at.

"Do you think all Russians live in Russia": No, but the people who choose to conduct ransomware from Russia tend to live there. They do it because Russia provides them protection from international law enforcement. Being Russian outside Russia doesn't give you that freedom.

"and if it was Russia they couldn't transfer it to someone they know in another country to exchange and spend?"

They could, and they certainly do to other participants who are not in Russia, but most of the time, criminals want money for their own spending, not to send to others. If your friend buys you something but it's stuck in a country you don't live in and can't travel to for fear that the police there know you've committed crimes, how useful is it? If you were very restricted, you might do some things that way, but you can't typically buy a luxury car in another country and just mail it over. You can buy one for cash inside the country, though.

"Bitcoins don't live in one country. That was the entire point of what I was saying.": The part you missed is that they want other currencies, and although Bitcoin is global and decentralized, the businesses that exchange it for cash are neither. If those exchanges can't handle the business or refuse to do so, then there are problems. For the same reason, I can give you some banknotes in a number of popular currencies and you can take and spend them anywhere, but if you have my bank card but you're in a country with sanctions, it's likely not going to give you any spending power because my bank won't transfer money there. There is value in the account, but if you can't access that value efficiently, it reduces the current value to you.

Re: "Cybersecurity" -- A Popular Meme For Our Time!

You could use WORM tapes, but probably the easier option is to use whatever medium you want, then keep it disconnected so it can't be modified later. It doesn't matter what hardware is used if it's stored in a box and someone has to physically take it out for it to be read or written.

Russia and countries around it have been a particularly large source of ransomware organizations. Agglomeration is common in a lot of industries, and ransomware is not immune to it. A lot of that also had to do with the fact that Russia never extradites and usually ignores a report of ransomware going on, so they feel safe there.

The war has caused a few problems for those organizations:

1. Many of them operated internationally in post-Soviet states. While a lot of core activity, especially financial activity, was conducted in Russia to take advantage of the legal assistance, there were technically-aware people without jobs in other countries who participated. Ukraine was one where a number of prominent players were located. Those players have a harder time operating ransomware when bombs are dropping, and some of them are not so happy to work with Russian groups that support the war. Other countries may also have taken sides. Statistics are hard to find, but several groups have splintered over political differences which weaken their ability to operate.

2. The ransom payments come in in cryptocurrency, but nobody wants cryptocurrency. It's not very useful to buy things, so most of the criminals who have some want to turn it into cash quickly. Some have more resources and can afford to change it into cash much later when people aren't looking, but that's still what they want to do eventually. To exchange cryptocurrency for cash, you need organizations that have access to lots of cash and people who want to speculate on the crypto for a while, and exchanges based in Russia have restrictions on both for a while. Other countries have exchanges that can be used, but many of them weren't willing to act in the anonymous way that criminals appreciate.

3. The people who can provide the exchange they need are not as nice as the ones they used to work with. Now that the private exchanges don't have the capacity that they once did, operators can still find some people who can exchange it, but they're likely to have significantly larger criminal organizations attached, in some cases the Russian government or another government (if North Korea isn't doing it yet, they're missing an opportunity). Those are riskier and more expensive for small organizations. Russian ransomware operators may be confident that their government doesn't plan on arresting them for other countries, but they are still breaking the law and Russia might want their services for other operations or might appreciate a chunk of their money. The lack of options does restrict them in some ways, though of course it also motivates them to make up in volume for the drop in efficiency.

Re: For non US readers re robocalls ...

Some scammers like to fake a number that's similar to yours, with a similar geographic code but a different number at the end. They appear to think that people are more likely to answer local unknown numbers rather than random ones. If your number starts with the same digits as your father's, or if there is some link between your number and the location of that landline, they might have hit your father's number because of the reduced option set.

A few years ago, I was expecting this would eventually happen to me because scammers were copying a ridiculously long prefix from my number and changing only the last three digits. By chance, I happen to know two people who have numbers in that set, although I'm only in contact with one of them, so I figured it was only a matter of time before they chose one of those. It didn't happen, and now my infrequent robocallers copy fewer digits of my number before randomizing.

Re: Acronym-Ignorant

"There is a place, perhaps, for tests that are well beyond the capabilities of any student to complete and score 100%. If that was the norm, then no child would be upset that they hadn't completed everything perfectly, (because that would not be expected) and there would be a scale for determining relative capabilities and progress all the way to the top."

I've certainly experienced professors who gave those, and I didn't appreciate them. That's perhaps not a big surprise given that getting lots of questions that are intentionally unanswerable with the education provided feels pointless. However, I think there are some big problems with doing that consistently.

It's not the way that many other things work. If you get several tasks at work, you will be expected to complete them all satisfactorily. If you can't, you need to go to some effort to prove why you can't and ideally that nobody can, or your boss will be angry with you. If you were faced with a manager who constantly asked you to do impossible or impractical things, what would you do? I don't mean the occasional request which proves untenable, or even a request where they first ask you to comment on its feasibility; I mean that almost every goal they provide you is presented as a straightforward task despite being infeasible to complete. I can't answer for you, but I would assume that it indicated they didn't have an understanding of what was practical and they were demonstrating their ignorance. I'd be concerned that pointing that out wouldn't be taken nicely, that failing to do all these things would make them angry, and I'd likely try to get a new boss. If it turned out that the manager concerned was testing me, I would find it disrespectful and pointless.

It also gives students a bad understanding of their success. Most of the time, they should be able to get 100% of the test completed if they put in enough effort to learn the material. If a test is set up where the best students are getting 35%, as some of my professors liked to do, every student leaves the test wondering if they've just failed the course. They'll be worried about that, and some of them will try to learn all the things covered in tests they were never expected to know. If that stuff isn't expected, it's probably either so advanced that the student doesn't have the basis to understand it yet or it's useless enough that it's not planned to teach them at all. Either way, they're likely to waste their time as a consequence of not understanding that they did fine.

This leaves us another option for how to make a test more difficult, one that I've personally seen infrequently but others have reported: just make the quantity untenable. Have a one-hour test with a hundred questions, and see what happens. Once again, a work parallel is useful here. We all know that you can get your work done well or you can rush through it and probably make some mistakes, but at least in that case, you'll be choosing between the options based on a situation you can understand and plan for. Not so with the overly long test, where you have to guess whether twenty perfect proofs and eighty blanks is better than sixty quick guesses and forty blanks. You're not really learning about whether the student can do the activity. Nor are you really learning about their time management skills. You're learning what their last-minute guess was and judging them on that.

I think it's mostly because companies want to spend rather little on the gift, and if they gave their employees a bonus of the amount they're going to spend, the employees might find it more insulting than getting nothing. If your employer gave you a £20 bonus, I'm imagining several people who would find that disappointing and would react with indignation. While getting significantly more in cash is best for everyone, there are cases where companies, or more often some group within them, can't or won't spend more on such a thing. An event with free food might be a better use of that amount of money, but it doesn't work for people who work remotely or if such things are just unpopular.

Re: As usual, hire a female CEO when the company is collapsing

Probably in some cases, but for many countries, there's not a lot of chances to put a scapegoat in power since there's an election in the way. Unlike a company, where a small group of people can name someone CEO in a couple days if they want to, if there's a general election, then you can't just decide who the winner will be. For this reason, Thatcher couldn't have been a perfect example because a lot of people voted for her, and she's likely not to have been an example at all, since picking a scapegoat during a general election would nearly always be harmful to the party. Before it comes up, the situation about Truss fits this much better but is likely also not an example. If Truss had been named without a general election because something bad had been set in motion and she was intended to take the blame, that would fit the pattern. As far as I understand it, this was not the case, she had to campaign for the position, and the problems leading to her resignation were created after her appointment, not before it.

It has been seen before, though, and it can frequently not involve gender at all. For example, if a military wants to start a coup and to have an excuse, one tactic they have used is to put in a leader who will make unpopular decisions, so they can spin the removal of that leader as their duty rather than a power grab. This is not always the case in coups, as often the military doesn't particularly care about being subtle and, if they have the power to name a leader, they may skip the scapegoat process. A related tactic is to try to convince the existing leader to make unpopular decisions rather than replacing them, which has happened more frequently.

Re: So let the Open Source 'community' teach the European Community

That requires the copyright holder to be easily contacted and simply lands them with the responsibility for maintaining their license. Do they want to pay for a lawyer to sue a company that doesn't obey the licenses so that I can have access to a system that they don't even use? I'm sure their sympathies will be with me, but I'm not so sure their willingness to go to legal action will.

Theoretically, the GPL gives me the right to retain my own lawyer without even consulting the original copyright holder (assuming for example that the copyright holder is dead, didn't put a contact method in their documentation, or has gotten tired of emails and no longer pays attention to them. If I were rich in money and time, maybe I'd try it. I'm not, and in my case I and the company responsible are in different countries, so they're likely to get away with it if they ignore enough emails. Having talked to this company before, I know from experience that they're very good at ignoring emails.

The company I'm talking about is quite small, but it's not as if this only happens when someone hasn't been paying attention. Massive companies ignore their open source license requirements all the time. Only rarely does some foundation go to lengths to enforce them. Most of the time, there are no consequences for anybody.

It's vague, and I don't support it in any case, but I think there would be a difference. If the law doesn't specify it, lawyers will create it. Here's the argument I expect they'd use:

The Windows NT code has been updated. Customers have to install the update from NT4 to NT10, which is the currently supported version although the version numbers aren't the clearest. As of now, they have the option to run the version of the NT code contained in the Windows 10 or 11 products, which they can buy whenever they want, so we have protected them. That open source code, since it has not been updated, is not protected and its author is still taking donations for its upkeep, so they are more liable than we are.

Should that work? No, the logic is flawed and it produces bad results. I'm afraid you might get it anyway, though, which is why this legislation either needs to be written to handle this situation correctly or scrapped altogether.