You're sort of getting at how evolution works, but I have to nitpick your word choices. The whole idea is that evolution is random and patterns only emerge when those random mutations lead to statistically significant implications for survival and reproduction.

So it's misleading to say anything "evolved for a reason" because evolution isn't an intelligent process -- it doesn't do things because of reasons. It's also not exactly true that "[c]urrently inactive DNA was active in the past" because every generation is bound to produce lots of random genetic mutations which have no impact on our survival, in many cases because they have no impact on our physiology whatsoever. The commented (computer) code analogy is very apt here.

However, what you're hinting at isn't just that "we have it", it's more precisely that "we all have it." The fact that a large portion of the human population all has the same inactive DNA in this position does imply that it was active in the past, and that it was beneficial in the past, because that's the only way the same DNA could end up in every person's genome. If it had never been active or useful, then we would all have had to (randomly) mutate the same useless code in that spot, which would be statistically very improbable.

As lame as this clearly is, I can't really fault Microsoft entirely; I think this is just a product of the deteriorating state of advertising and marketing in general.

Time was, you only had to take an advertiser's claims with one grain of salt, but in the last few decades it seems like there's been a kind of hyper-inflation; now, you can't even read an advertisement critically to filter the hyperbole and extract some useful information, because there isn't any left. After years of being unabashedly lied to by advertisers, we now have no choice but to assume that all advertising is pure, unadulterated lies.

It's a little sad; it only took a few companies abusing the consumers' trust to ruin it for everyone.

Your argument rests on the premise that the average US household has a choice for broadband internet service, which is not generally true. So, how consumers feel about the price is irrelevant; the vast majority of them will have no meaningful way to express their disapproval, short of going back to dialup, which would be far more painful.

I think part of the problem is that a lot of people still don't think of computer security in general, and virus/malware/etc protection in particular, as an ongoing necessity. People's computers slow down, crash, display popups or whatever, they go out and buy some product to "fix it", and think of it as a one-time deal. They don't think of it as a "subscription" and don't expect to have to renew it.

And yet again we see the amusing derision of an AC who sets up straw men to rant at, intentionally misreading the parent. I didn't say refuse, I said charge accordingly.

Whether you label it an added cost for the extra work of IE6 compatibility, or a discount for standards-only work, doesn't matter.

And really, every developer should already be doing this to some extent, in that they have to charge according to the time it will take them to do the work. Since IE6 compatibility requires more work, it should cost more. For most shops, the difference would probably just be breaking down the line items of the quote, so the client can see that if they just drop that requirement, the work becomes much easier and therefore cheaper.

There seems like a pretty clear free-market solution to this problem: developing sites that support IE6, with all the requisite hacks and workarounds, is harder. It takes longer, and should cost more. If developers just attach an appropriate premium to this extra work, businesses start having a financial incentive to stop demanding it.

"Well boss, I got a quote for that intranet app we need developed, and it turns out our IE6 requirement adds 35% to the total cost." "Hrm.. and what's your estimate of the cost of migrating?" "Migrating would cost us more than the 35% on this one project. But looking a year or two out, paying that kind of premium on all future development contracts, switching is way cheaper, and will probably reduce IT expenses for security issues to boot." "Right. Start working on that."

There are plenty of accurate analogies to explain this situation. Resorting instead to such a foolish and misleading one just makes all open source advocates look disingenuous and dishonest, when those are exactly (some of) the traits of Microsoft that we condemn.

IANAC(ryptogrpher), but..

it seems like the question yet remains whether deriving x (the password, source data, whatever) given both hashes f(x) and g(x) is easier or harder than having only one of the two (just like the question of whether f(g(x)) is harder than f(x)).

On the one hand, I can visualize that as having a smaller set of possible x that, when hashed, yield not only f(x) but also g(x). That reduction in the ratio of collision-hit-x's to all-possible-x's seems like it would at least make brute force harder.

On the other hand, I can also visualize that having g(x) in addition to f(x) is just more data to work with, which seems like it would make the problem easier; i.e. g(x) might not give many clues about x by itself, but combined with clues from a different algorithm f(x), maybe it'd be easier to find x?

Can any real cryptographers comment?

oh my... I am slightly embarrassed at how hard I laughed at this.