Slashdot Mirror

The problem is like Chewbacca it makes no sense and I sure as hell ain't paying to read their report! Here is what we DO know: 1.-RAM is several orders of magnitude FASTER than NAND, 2.- most intelligent modern OSes do serious caching of the most used programs into RAM to seriously speed performance, 3.- 4-8Gb of RAM will allow the OS to prefetch pretty much everything you use on a daily basis and then some, while 4-8Gb of NAND? Kinda useless.

In certain use cases and in certain use cases ONLY does having a MIXTURE of RAM and NAND make sense. In a mobile user's laptop, one that is constantly on the move? Makes sense. On a server where IOPS are the most important metric? makes sense. On a PC where there is only 2Gb of RAM? Does NOT make sense and would be better served by 4-8Gb of RAM which would be a hell of a lot cheaper than a SSD of any real size.

Hell with all the crap they install on them and the size of cameras nowadays i find plenty of 200-300Gb HDD PCs being brought in to add bigger drives simply because they are overloaded, yet we are talking a cool $500+ to add a SSD of that size or larger easily. ATM unless you are a geek that know about installing to separate partitions so you can use a mixed drive setup, or as I said one of the above use cases SSD just doesn't make sense for the vast majority and trying to claim just because the price of RAM went up a bit suddenly SSDs, which are still frankly insanely priced and are still not really stable is suddenly the better deal? I gotta call bullshit.

Not to mention what TFA neglects is the simple fact that one doesn't need as much memory as they do storage space so comparing the two? More than a little pointless.

When DDR 2 was so cheap I bought 8Gb for my PC, which thanks to Superfetch means ALL of the programs that I use frequently? Instant load, poof, faster than even an SSD could possibly load them because they are already in RAM waiting for me and as we know RAM is several orders of magnitude faster than the fastest SSD. I won't build a PC anymore with less than 3Gb and I usually try to talk the customer into 4Gb, why? Again thanks to intelligent prefetching by the OS the programs they use most often will be preloaded into RAM waiting on them, thus not only making the PC crazy fast but also cutting down on drive spinning which lets the drive park the heads and thus lowers heat and power usage.

Meanwhile the tech they are pushing is so damned unreliable Jeff Atwood at Coding Horror says they should be judged on a hot/crazy scale as they go tits up quite often in return for the crazy speed. Atwood still loves them but I would point out he is the same guy that recommends spending over $400 on a pair of headphones like he does. If you have the money to blow a couple of grand a year on big fast SSDs? I'm happy for you, you are doing better in a dead economy than most. But RAM almost never wears out and can easily last a decade, is still relatively cheap for maxing out a PC, and the performance one gets nowadays for giving the OS plenty of RAM for fetching is really quite stunning. By having plenty of RAM and hybrid sleep my customers have an instant on PC that loads every program they use as fast as they can click the button. What more can you ask for?

The problem with SSDs is that the tech isn't really ready for primetime IMHO, unless you just have some money burning a hole and don't care about the data they'll have on them. Atwood at Coding Horror even says SSDs should be judged on a hot/crazy scale since you are dealing with a device that gives serious performance at an INSANE failure rate. From the looks of things they may be full of shit on those MTBF numbers.

All I know is I have a couple of gamer customers for whom the benchmark is God and both went SSD, not cheap shit either, the biggest most expensive they could find. With BOTH drives what happened is one day they flipped the switch and....nothing. That's it, just dead. No warning, no SMART, just tits up DOA bye bye data. Needless to say they weren't happy.

So i think I'll let others blow the crazy money on a drive that may only last a year, since with the big fat caches on the new HDDs combined with plenty of RAM for Windows 7 to superfetch everything seems to me more than fast enough for my customers. I just can't see myself spending that kind of money then having to be drawn up in a knot or do backup after backup just to keep from having to worry about flipping the switch and watching my data go poof. Faster is nice, but not when it is going really fast right off a cliff.

In the end, they see the "shiny that they want", and will do want they need to get it. Oh, this website needs to install an Active X control and administrator access? Sure, if I get my video/game/screensaver!

Reference : Dancing pigs / Dancing bunnies problem.

You are right, mouse wheel was invented by a Microsoft guy in 1993 (the story is here: http://www.codinghorror.com/blog/2007/05/meet-the-inventor-of-the-mouse-wheel.html).
But this was a long time ago. Current Microsoft bureaucratic hierarchy and stiff internal process guarantee that no significant invention can come out of Redmond anymore.

Just answering your next guess in advance: technology behind Kinect was invented and refined by Israel firm PrimeSense.

Some people call this a good thing, like Jeff Attwood.

(I don't agree with him, though).

I have a much better question....why? While I don't know if it is the same with Linux (I gave up messing with it around Ubuntu 10.4, but I'll assume it is) with Windows and the frankly insane amounts of cache one gets on a drive nowadays combined with Superfetch one will rarely notice your drive! In fact lately I've been using 5900RPM drives as OS drives because with 64Mb caches and plenty of RAM there just isn't enough of a difference in speed to deal with the extra noise and heat, especially if the customer wants it as an HTPC.

So honestly I don't get it. you OC a CPU (or in the case of AMD unlock cores as well as OC) because you get a more expensive CPU at a cheaper price. Same thing with RAM or flashing an HD4830 into an HD4850 which I have done a couple of times so far and works well. But with HDDs you simply add a second in RAID 0 or if you don't mind dealing with the hot/crazy scale and the possibility you may be spending several hundred a year on replacements and be risking data? Well then go SSD. But it isn't like OCing that EcoDrive is gonna turn the thing into a Velociraptor, it is just gonna wear the thing out quicker for less gain than you would have seen adding a RAM stick. I just don't get it, folks with more time on their hands than they know what to do with I guess.

particularly when there are questions regarding reliability and what real-world flash failure looks like (is it still readable? Does the controller start spewing garbage?)

CodingHorror answers this:

1. They fail. A lot. Within months. If you're lucky.
2. The failure is they just die completely and conclusively.

However, they stress the important point:

3. They're so ridiculously fast that you want one anyway. And you'll keep replacing it when, not if, it fails.

For server use, the current fashion is as a gigantic cache in front of magnetic hard disks.

For either desktop or server, "GET REALLY GOOD AT BACKUPS, YOU'LL USE THEM" is the thing to remember.

A new major version increment is no longer equivalent to a new application. There is no Firefox 3, "firefox3.5", Firefox 4 etc. There is only Firefox - which is exactly the way it should be. Normal users doesn't and shouldn't be concerned about version numbers. They should always use the latest version and it is the application/browsers responsibility to keep itself up to date. Why separate updates and security updates? The update process should be as simple, fast, automatic and non-obtrusive as possible. This is a step in the right direction. Read: http://www.codinghorror.com/blog/2011/05/the-infinite-version.html

For the similar reasons, W3C has decided to skip version numbers altogether in the HTML standard. The web is continuously evolving so version number doesn't make sense there. You either supports the latest HTML or not. You cannot choose to use the Internet 3.0 because you still want to use your 3.0 browser. It doesn't work that way. Browsers should always keep up to date with the latest standards instead of clinging on a specific version number. W3C has realized that a standard is not a standard until it's actually used. The can draft together a document explaining how web sites should be compatible with the "semantic web" and call it "The Semantic Web 2.0" but until web sites actually implement it and browsers support it it's not a standard.

As I see it there are two problems that are _not_ related to the above. Please don't confuse them. First of all addons gets "incompatible" when a new major is released which cause problems for people. The upgrade process is not perfect yet, Mozilla is probably working on that. As I understand it all v4 addons automatically gets marked as incompatible with v5 - but AFAIK this is just a safety measure which will probably be changed in the future. 99% of all addons just needs to update a flag to get compatible again. There are addons that automatically can make old addons work again by updating that flag.

The second problem is that some repositories s are not fast enough to keep up with the rapid release cycle. Well, that's their problem really. Use a repository that's faster then or compile yourself... or use an OS that don't want to take away the responsibility of updating itself from the application.

Jeff Atwood has a post about technical debt: http://www.codinghorror.com/blog/2009/02/paying-down-your-technical-debt.html

Keep up to date backups of any important data:
http://www.spinics.net/lists/pgsql/msg122280.html
http://www.codinghorror.com/blog/2011/05/the-hot-crazy-solid-state-drive-scale.html

I'm tempted to get an SSD (or two), but the failure rates seem rather high, and the failure modes too often are worse than normal HDDs (drive totally dead or even "time warp" drive rolls back to a state X days ago : http://www.ocztechnologyforum.com/forum/showthread.php?83778-Time-warp-drive-vanishing-after-3-days-data-gone-on-reboot...I-need-3-to-5-users-with-this-issue-to-help ). The time warp failure mode doesn't puzzle me that much, I can think of reasons why it would happen - but it worries me from a design perspective.

Yes normal spinning disk drives do suddenly fail completely too, but that normally is a result of abuse. So far what normally happens is you have bad sectors and/or the SMART reporting stuff starts giving you some ominous signs).

If the SMART stuff worked well for SSDs, even if SSDs failed every 3 months or so, many would be happy enough - they'd buy a stack of SSDs (yes really) and swap them in whenever they see the SMART warnings.

Actually, it looks like SSDs are currently less reliable than hard disks in practice (though of course that link is to Jeff Atwood saying he'll buy them anyway).

I'm no MS apologist ( I run slack on my laptop and Ubuntu server at work, eucalyptus cloud), but there is a whole lot of inaccuracies here. Any kernel level malware invalidates your "literally impossible" file replacement argument.

And yet, you fail to explain how. And yes, the rest of your comment firmly labels you as a Windows (or at least Windows Registry) apologist.

The original execution of the registry was poor, but the concept of a fast and reliable btree key-value store for all your program settings isn't that idiotic (think dbus, gnomeconf, etc).

ANY centralized database of critical configuration information is inherently fragile. Period. And doubly so with the Windows registry, because it is such a mess.

The modern windows registry has plenty of permissions built in the important areas, although it is admittedly a mess of disorganization still.

Permissions are only good until the filesystem is tricked into ignoring them with a privilege escalation. And since most Windows users still run as Administrator, that isn't even necessary.

There are plenty mechanisms to restore a registry; in fact it can be rebuilt in parts if need be. You can walk the structure and recreate the index. UBCD has an excellent one, for example.

That assumes you both know which of the hundreds or thousands of keys have been affected, and then, what you need to set those keys' values to.

If you want to get on a soapbox against MS, there are plenty of arguments why the OS sucks, from a bone-headed approach to library version control, to ugly API's like the MFC, inconsistent handling of kernel mechanisms/calls, a still evolving/broken application install system, extension based file types, a complete lack of usable logs and diagnostic tools built into the OS, the command line is a joke... I could go on and on.

Please! Don't let me stop you...

But please, don't give the windows guys a swiss cheese argument... there are some smart ones out there, if we want to point and laugh we need to go at them with facts :)

I personally don't think that pointing out the Registry as a big, steaming pile of Windows vulnerability is anything like "swiss cheese", and neither do these people.

But how long does it ACTUALLY last. I'm not talking those MTBF numbers that the manufacturers pull out their butt, but some cold hard "lets see how long it'll go" kind of in the trenches numbers.

Because from what I've seen while SSDs may be satanically fast they also seem to die pretty damned quick. Even Jeff Atwood at coding horror has posted you need to use a "Hot/Crazy scale" for SSD, as in how much money and data/downtime are you willing to risk for the crazy speeds.

Frankly between all the horror stories and watching my two gamer customer blow several hundred on drives that barely lasted them two years I've been telling my customers unless there is a specific reason for needing SSD, such as mobile devices that are gonna get slung around a lot, not to bother with the SSDs at this time. Frankly the HDD tech has gotten so good that often I'm pulling perfectly working drives as people upgrade for increased space long before they kill the drive, hell I have a drawer full from 20Gb on up to 200Gb, all working perfectly.

Also if the article I linked to and the gamers I worked for are any indication SSDs don't "fail gracefully" or give you plenty of advanced warning like HDDs do. With every HDD I've had fail short of being dropped there was plenty of time to get the data off as SMART gave warning long before the point of no return. With both of the gamers it was "flip the switch and its gone" no warning at all.

So does anybody out there have some real world experience and not just the MTBF numbers? I'm sure there are plenty of geeks here at /. that have pounded the hell out of SSD looking for boosted performance, how did they hold up? Are they still running? If not did you get warning before they died? Because if the drive can't be counted on to last at LEAST 3 years reliably in my book it isn't worth messing with or giving to my customers.

It redirects to http://www.skype.com/intl/nl/home

Featuring the "Works on My Machine" certificate. http://www.codinghorror.com/blog/2007/03/the-works-on-my-machine-certification-program.html

I'd really want to use Skype, but its no use as nobody i knows does so. Vendor lockout!?
Luckely here, the Dutch government has ruled that Dutch telecom companies may NOT charge extra for using instant messaging (or similar) apps on their network.

Its a mess right now, but its likely a free (possibly opensource) alternative will either launch or stand out of the crowd in the years to come.

And you have been able to do the same thing in Windows for a decade, by simply setting them up as a normal user and not handing them the password for admin. your point? in the end the simple fact is if a user has rights, they have the right to be stupid and there is no way to take away the "right to be stupid" part without taking away ALL of their rights.

This is why you see much more infections on home users than corporate networks (well run networks that is) as the admins take away their rights, including the right to be stupid. But unless you want to trust the two Steves or the head of the repo or anybody else in charge of "doing no evil" and give away your rights you simply have to give them the right to be stupid. Because no matter how "smart" you make the OS in the end the user actually has to THINK occasionally and not abuse their rights.

In the end you will see more and more "MacDefender" style infections, same as here in the shop I've seen infections go from Windows exploits to third party software to social engineering. Because at the end of the day the user will always be the weakest link and no amount of OS planning or protection will stop the user if they truly want the carrot the malware writer is offering, or simply refuses to think. it is the classic dancing bunnies problem and has been going on nearly as long as there have been PCs. Hell some of the first bugs I had to clean were boot sector floppy bugs, which spread by people copying warez. You offer the dancing bunny and the malware is just an added 'bonus" or in this case you spook the user into thinking they MUST have the malware to protect them from...what else? Malware! In the end you just can't stop stupid, sooner or later the user has to think or you have to take away ALL their rights, there really is no in between.

Sure this is a great addition... for power users who are infallible.

But for Joe Average and power users who fall prey to it (who doesn't?), it doesn't address the primary issue - called the Dancing Bunnies or Dancing Pigs problem. And it's a problem with every OS today - Linux, Windows MacOS X, Android, iOS, and others.

A user will run through many hoops to get what they want. They'll root, jailbreak, install alternative app stores, etc just to save 99 cents for an app. Even if they have to do seemingly complex tasks like install an SSH server, run SSH, type command line commands, etc. It can be amazing how much technical skill the untalented suddenly have.

And the problem is, these are the people that get pwned. Jailbroken iPhones with default SSH passwords. Android phones with botnets installed (courtesy alternate marketplaces), Windows/OS X trojans running botnets, etc. Heck, even Bender skipped his antivirus check for pr0n.

And it's a really difficult problem to solve. Even if these options were global and set reasonably, you can anticipate some app telling you it works better if you do these things to let it get the permissions it wants.

Hell, see the latest Facebook spamming trends, where people are doing things like copying-and-pasting URLs or godawful long javascript blobs. We're at the point where really, the Honor System virus does exist.

Some background on what to expect at as you scale:
        http://www.codinghorror.com/blog/2009/06/scaling-up-vs-scaling-out-hidden-costs.html

I don't recommend Windows for a web startup, but if it is what you know, then it is what you know. I'd say the answer to your question is yes. As a one man show, you won't have time for much IT work. It is a poor allocation of your limited time.

Here is a simplest solution, but as always there are cheaper competitors:
      http://aws.amazon.com/ec2/pricing/

There is this tiny, tiny little gap that the malware cannot cross if the user has a brain: To install the malware, the user has to willingly enter their administrator password. No administrator password, no malware.

The problem is something known as the Dancing Bunnies Problem (or Dancing Pigs)

Users will do even very sophisticated things to do what they want. Even if it involves installing a bunch of malware or opening a bunch of security holes in their PC.

It's how iPhones get jailbroken ("users want apps for FREE"). Or alternative Android Markets are installed (free apps!). Even if they have to install things like OpenSSH and SSH into their phones, they'll do it.

Hell, have you seen some of the Facebook spams these days? "Copy and paste this javascript", etc.

The era where the "Honor System Virus" is now.

We hear all the time that "any trade school code monkey could write that software" or "my nephew could program that" or "it's a small matter of programming". Yet here we have a prime example that it's not that easy, is it? I think people (both individually and in aggregate) *still* don't really understand software. It's understandable, because it really is different. Name another product where the design /is/ the product.

As for "dumbing down" courses, or not expecting people to learn to program in X weeks, maybe we should just admit that most people cannot learn to program, no matter how long you take trying to teach them. Maybe sometimes some children *should* be left behind, or better yet, directed to things they can actually learn to do.

Knowledge workers are more productive with each additional monitor up to four monitors. After that additional gains in productivity trail off.

http://research.microsoft.com/en-us/news/features/vibe.aspx
http://www.nytimes.com/2009/01/15/technology/personaltech/15basics.html
http://www.codinghorror.com/blog/2004/06/multiple-monitors-and-productivity.html

It's a hardware problem, not a software problem:
http://www.codinghorror.com/blog/2007/03/dude-wheres-my-4-gigabytes-of-ram.html

Just run 64-bit Windows / Linux and you'll be fine.

B) Eliminate all the stupid users. This is frowned upon by society.

Great line. I'm making that my sig.

Your sentiments are mirrored in large part by an article at codinghorror, it's a bit dated, but I keep referring back to it as I try to find ways to keep our work network safe from ourselves. The problem as simply as I can restate it is that users with the power to do what they want will also do bad things unintentionally even if they have to work at it. I wonder if there might be a third path however, besides the two you've outlined.

What if the UAC was not activated for tasks, but rather for activity along with the risk it exposes the user to. With ZoneAlarm (which I used to recommend) you get a learning phase and then an alarm for unusual network activity. The same thing could be applied to every file access and the parameters of normal interaction based on internet collected data. I imagine a whitelist sandbox OS where any application can be downloaded and installed, but the system would allow a sandboxed image of the installation and when completed, it would download information about the application, instances of immediate uninstall, instances of virus flagging and potential interactions. Something along the lines of

Snapshots currently use 3.5% of available diskspace.
You've downloaded and installed dancingbunnies.exe which has the following associated information: 85% of users who installed dancingbunnies.exe uninstalled it within 2 hours. It has been flagged by ClamAV, Symmantec and McAfee as a virus. Where dancingbunnies.exe has been installed 72% of users indicated it caused unwanted effects. dancingbunnies.exe has access to: delete any file, change the way your computer works, send email without your permission and download files that may be illegal to have on your computer. You may
[Discard these changes (63% popular)]
[Activate these changes for a limited time before being offered the option to remove them later (23% popular)]
[Activate these changes permanently (14% popular)]

Choosing to discard would remove and delete the system snapshot. Choosing to activate would result in the user running in an instance of the system which would be using a differencing snapshot image. Choosing to activate permanently would discard the differencing snapshot and make the changes permanent.

Two of the actions described are already basically available with varying methods, but I've never seen them brought together into a single system. Microsoft's virtual server seems to (I'm almost certain) do differencing snapshots as described here. Jotti uses multiple scanning tools to identify the AV systems that flag a file as a virus. The third major component, (tracking the usage, acceptance and rejection of software) would become available through the OS vendor tracking databases which mostly already exist if not in this exact form. Recognising what an application would be capable of would require a robust sandboxing system, which I realise is a challenge but don't think is insurmountable one.

Later prompts might include:

The program dancingbunnies.exe has accessed your address book and is trying to send emails on your behalf, would you like to:
[Stop this activity] Safest. (83% of users choose this action for dancingbunnies.exe)
[Remove this software but keep other changes] (9% of of users preferred this option)
[Remove this software and revert] (7% of users preferred this option)
[Allow just this once] (63% of users uninstalled dancingbunnies.exe within 2 hours after allowing this action.)
[Allow just this activity for ten minutes] (25% of users uninstalled within 2 hours of allowing this action)
Allow this activity:
[Permanently] (5% of users uninstalled dancingbunnies.exe within 72 hours of this choice)
[And all others by this program permanently] (0.3% of users uninstalled dancingbunnies.exe within 72 hours of this choice)

Ref: http://www.codinghorror.com/blog/2005/07/the-dancing-bunnies-problem.html

How can you tell the difference between a good, experienced developer and a mediocre, inexperienced developer? The good developer already has "processes" (habits and self-discipline) that she has learned and honed through hard experience, knows they work, and resents when someone tries to force her to change for the sake of change or waste time on things that she has already tried and found wanting. Processes will only hamper good developers. The bad developer also resents "processes", but that's because they don't have any self-discipline. Processes probably won't help bad developers either. The trick is to hire good developers that get along; the only way to tell a good developer from a bad is to look at their code, which also requires . . . good developers. A good place to start, though, is to make sure they can actually program. Another good sign, though, is a good developer will occasionally approach you and suggest possibly trying a new "process" to see if it will make your shop more productive or reduce bugs.

Replace "New Guy" with "applicant" ("experienced" or otherwise) in the title and you will basically have something that tech company interviewers have been noticing for a while:

Like me, the author is having trouble with the fact that 199 out of 200 applicants for every programming job can't write code at all. I repeat: they can't write any code whatsoever.

The article is good reading, and links to the even more controversial supposition: a large percentage of people *cannot* be taught to program. Highly recommended reading; both of those links would make for good slashdot fodder, if they haven't been posted already.

Replace "New Guy" with "applicant" ("experienced" or otherwise) in the title and you will basically have something that tech company interviewers have been noticing for a while:

Like me, the author is having trouble with the fact that 199 out of 200 applicants for every programming job can't write code at all. I repeat: they can't write any code whatsoever.

The article is good reading, and links to the even more controversial supposition: a large percentage of people *cannot* be taught to program. Highly recommended reading; both of those links would make for good slashdot fodder, if they haven't been posted already.

Actually I'd say the problem isn't Windows, it is PEBKAC which NO OS will solve or they would have done so by now. I just got finished cleaning one of these scareware infections where the user uninstalled their working AV to install the malware. Now why would they do that you say? Simple, they saw the number of "infections" reported on the fake scareware page and decided their good AV must not be working (since it wasn't reporting the non existent viruses) and therefor " must have gone bad" like cheese in the fridge and tossed it to install the malware.

Now show me ANY OS that would protect the system from that level of stupid, I dare you. You can't because idiot proofing will always be defeated by the bigger idiot. For Linux here is a nice trick, how to write a Linux virus in 5 easy steps that uses nothing but bog standard social engineering. hell it doesn't even need root to be able to do all the things your average malware writer wants to accomplish. And we know this works because they used similar methods in the KDELook attack, where thousands of KDE users were infected by fake screensavers that were actually malware. Sound familiar?

So it is real simple folks, if the user has install rights then they have the ability to screw themselves, full stop. You can try education, making them jump through hoops like UAC or root prompts, it doesn't matter. it is the classic dancing bunnies problem where if the user WANTS the malware (and that is what it all boils down to, the malware uses fear or social engineering to convince the user they want to install the malware, a classic con game) then by God they're gonna get that malware whether you like it or not!

So in the end you do what you can, make sure they have a backup solution, and be ready to clean up the messes when they happen. it reminds me of how an old Linux admin of mine ended up being threatened with firing and had to show up before the head of the regional office because the PHB over him was demanding he allow the PHB's emails from Melissa without interference. In the end there is only so much you can do, you just can't knock the stupid out of some folks.

I believe there's also a way to add the HttpOnly flag to your session cookie, but I can't remember what it is. It's not as important as those other configuration settings though--all it does is prevent a certain type of XSS attack from exposing the session cookie, described here: http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html

That said, if your website is open to any form of XSS, you have bigger problems.

I'm sure it's much more complicated than this, but off the cuff: You need a manual process to find cases like Penney's. Then, when you find a Penney's, you see all the sites linking to Penney's and they immediately become suspect. Not all of them will be selling links, but a lot will be. If you find a few Penney's's you start to build a spamrank(tm), narrowing in on sites that use stuff like TMX. You make outbound link weight inversely proportional to spamrank(tm, remember), and when you cross some line in your spamrank your outbound links become invisible altogether. Permanently. Additionally, the spamrank would add up like pagerank does on the target site and you make spamrank, say, 10x the weight of pagerank. You buy links, you get punished.

But it sounds like Google hates manual processes, they want to fix the algo. I don't see how that's possible without some crazy AI stuff going on (not that they couldn't go that route, mind you). Whereas I (a person) can look at a page and immediately say "link farm," doing that with a computer would likely be crazy difficult. Mostly because the best spam sites are legit sites, they just also sell links.

Speaking as a small business owner it's frustrating as hell. We've tried going to 'SEO' route, but A) there are a ton of super shady businesses out there selling this crap, and B) THIS IS NOT THE WAY IT SHOULD WORK. It's annoying when Blekko has us #1 for almost every related search term, but on google we don't even hit the first page for half of them. And if I take a handful of the people above us, scan their inbound links, the vast majority are all paid links. ARG. (Not that I think blekko has a better long term strategy, I think it's just as easily gamed, it just hasn't been... yet.)

I guess we just need to get as big as stackoverflow and complain, that way we can get customized changes. /END RANT

I don't think the formula is quite so simple. Basically, no matter how wide the screen, the limit should be 180 degrees of view. With your formula, a 6:1 ratio screen would give you a 405 degree view! I think in practice, they keep the 90 degree field of view and just chop off the top and bottom parts that would have shown up on a 4:3 screen. Example: http://www.codinghorror.com/blog/2007/08/widescreen-and-fov.html

It is trivial to pull a list of API-sourced geometries and run with it, rather than hardcode for 720p and 1080p... or worse yet: 640x480, 800x600, 1024x768. Yeah ok, I was running 1024x768 fifteen years ago, it's kinda tired.

While it certainly shouldn't be impossible, it's not trivial. There are considerations for fixed sized graphical UI elements. You can't just blow things up or even worse shrink them down. HUD displays look terrible and text gets unreadable. There are also field of view issues.

Now I think game makers should be professional enough to take these into account, but it certainly is far from trivially making a couple API calls.

I'm sorry but that is bullshit. I have to deal with those user 6 days a week and frankly as long as they have control over their box they WILL do whatever they please, security be damned. It is the classic dancing bunnies problem and I don't care which OS you use they WILL blow right through your security measures if they want to see the bunny.

I have had a customer open a password protected zip file with me standing there telling them its a virus "because this was sent to me by my BFF Kim and she wouldn't do that" and if you think Linux or any other OS would do better allow me to submit for your consideration How to write a Linux virus in 5 easy steps using the same social engineering which causes the vast majority of infections on Windows.

Bottom line if the user wants to run it they WILL run it, and the only way to prevent that would be to take away ALL rights to the machine and make it into trusted computing. Now since trusted computing (or treacherous computing as RMS calls it) would take away all rights from the user and kill OSes that allowed the four freedoms dead we simply have to accept the fact that stupid is as stupid does.

Not to say adding security isn't a good idea, I'm personally switching my customers and family to Windows 7 and the file and registry virtualization along with low rights mode in Chromium does safeguard against things that don't require user action like JavaScript exploits and drivebys, but frankly nothing will stop the user actively installing malware if they are so inclined. And I can tell you that at my shop I'd say probably 85%+ of the malware on PCs is installed by the user themselves, either by using social engineering or by offering the user something they desire, such as free porn or software. All the security in the world isn't gonna help if the source of the infection is PEBKAC.

Before you break your arm patting yourself on the back congratulating yourself on your super security you might want to read this which shows how to write a Linux virus in just 5 easy steps that will be just as nasty as a Windows bug and then maybe you'll remember the problem isn't Windows but PEBKAC.

I should know I fix the things 6 days a week and I'd say that more than 90% of the bugs that cross my desk were installed by the user either through scare tactics or through the promise of porn or free stuff. I'd say a good 80% of the rest were infected by outdated third party software like Java, Flash and Reader which frankly nobody ever updates. The "your flash is out of date! Run 'pwnme.exe' to get the lates verson!" is quite popular at the moment, as well as "ZOMG! U got teh Viruz! Run 'Viruzfker.exe' to kill the ZOMG Viruz quick!!".

So in conclusion before the smugness chokes us out here let me say this: You better drop to your knees and thanks Linus and RMS that Linux isn't popular because if you got the huge teeming masses of unwashed rabble onto your OS it would come falling down like a house of cards by...oh I'd say 3:45PM tomorrow. Faster than you can say "Oh shit!" there would be emails with "free_titties.sh" and "Happy_Puppies_screensaver.py" with nice little instructions that the user would follow without thought and your precious security would be so much Swiss Cheese.

It is the classic dancing bunnies problem and if anyone could solve it they would be richer than Gates. I have seen an AV practically throw itself in front of a user trying to stop them only to have them completely disable it because the malware offered something they wanted. Linux won't protect from that level of stupidity sorry. Hell you can't even blame it on Windows running as admin anymore since both Vista and 7 don't allow the user to run as admin but instead use the Linux model of only elevating for install yet the users put in their password and install the bugs anyway no matter how much the AV and OS tries to do to stop them.

TLDR you can't solve social engineering with tech, just as you can't solve 419 email scams with filters. Stupid is as stupid does Forest, stupid is as stupid does.

I'm sorry about your dad, and I'm glad you're getting your zest for life back. And I totally agree that having interests away from computers is vital to living a happy, balanced life.

The "one new language a year" pretty much is just an arbitrary rule, but it's pretty common advice. It's turned up in _The Pragmatic Programmer_, Scott Hanselman practices it (http://www.hanselman.com/blog/ProgrammerIntentOrWhatYoureNotGettingAboutRubyAndWhyItsTheTits.aspx), http://norvig.com/21-days.html recommends learning 6 different languages that support different paradigms in 10 years. Eric S. Raymond points to the Norvig essay in the "Learn how to program" section of http://www.catb.org/~esr/faqs/hacker-howto.html. He also mentions that, after you've learned a few, you should be able to learn a new one in just a few days.

OTOH, there's probably a point of diminishing returns, where the only way you're really going to get any better is by stepping away from the computer and getting interested in other things: http://www.codinghorror.com/blog/2007/01/how-to-become-a-better-programmer-by-not-programming.html

Like I said, it's just a general observation, and it wasn't meant to be anything personal at all.

Jesus, what I would have given for co-workers who actually could supply me with input about where my code was bad. I was stuck with a ton of co-workers who sent back code reviews saying only "looks good".

Agreed! On the team I'm currently on, my coworkers assume if they don't understand something in the code, then the code is either (a) good but above their ability, or (b) obviously crap that needs to be tossed, and they side toward (a) or (b) based on who wrote it.

My code tends to fall in the (a) bucket with these folks, so I can't get anyone to actually spend the time trying to understand the code and really get a good idea of what I'm doing (or trying to do). Instead, I get glazed eyes and a "looks good", even when it isn't. It's frustrating.

One of the things I struggle with is how to handle a team that has a very wide range of skill levels. It's been documented that the best programmers are over an order of magnitude more effective than the worst, and that experience doesn't correlate with skill. (So those bad programmers won't get much better.) How do you partition tasks among the team such that your weakest programmers still contribute positively, and don't just end up with marginal "chore" tasks continually? Difficulty: Upper management is watching, and if we don't use our existing resources effectively, we won't get additional resources. And no, we can't trade our existing resources for ones that actually work.

Is it "Programmer's Ego" on my part to recognize a skill chasm like this and try to hoard the toughest bits for myself? I don't write perfect code, I know that much. But if it takes me 2 hours to explain how to do something to someone that would take me 10 minutes to do myself, how do I get any benefit from partitioning the problem?

You forgot some things: in particular, the GPU and DVD
The full story: Revisiting "How Much Power Does My Laptop Really Use"?
Graph

Some data on what other components consume. Not very rigorously determined, but good to make an idea.

Some other data on how much switching from 1.5V to 1.35V to 1.25V DDR3 type of RAM impacts the power consumption at idle time (scroll to the bottom of the page: 1W).

The RAM power consumption will have, though, an impact on how long you can keep a laptop/notebook on idle (so, little CPU, no HDD and LCD, no graphics) before it shuts down and you loose everything you had in RAM (if this matters to someone).

" a new Turbo Boost mode that increases clock speeds dynamically "

Dynamically? I want my Turbo Boost button back. 66 megahertz or bust!

Schlemiel the painter would be proud. Rewriting this with a block of comments describing the problem with this code, though, might be a reasonable excuse for learning how to touch-type prose.

Not necessarily, see this.

Haven't tested it myself, but according to coding horror, Ophcrack can crack "Fgpyyih804423" in 160 seconds. Even seemingly strong passwords can be cracked extremely fast.

Have you seen anybody make these style keyboards with lower profile frames? I have a dell rt7d50 http://www.codinghorror.com/blog/2005/06/keyboarding-dell-minimalist.html (full size layout, minimal bezel beyond keys, no multimedia) and I love the size of it.

The attacker's release notes, hosted by Jeff Atwood : http://www.codinghorror.com/blog/gawker-hack-release-notes.html

coding horror has a good writeup

I would like to play Global Thermonuclear War.

You can: http://www.codinghorror.com/blog/2006/10/defcon-shall-we-play-a-game.html

Hashed passwords provide a degree of protection, so long as you salt the hash, and store a different salt for each password (for maximum protection).

Any programmer that doesn't understand salts, hashing, and encrypting should not bother making software that handles logins, period.

Unless you were intending to be ironic, salted hashes (even with per-user salts) do not offer maximum protection. Use bcrypt instead: http://codahale.com/how-to-safely-store-a-password/

See this thread for additional discussion behind it: http://news.ycombinator.com/item?id=1091104

This has all happened before, and it will all happen again.

Hashed passwords provide a degree of protection, so long as you salt the hash, and store a different salt for each password (for maximum protection).

Any programmer that doesn't understand salts, hashing, and encrypting should not bother making software that handles logins, period.

This has all happened before, and it will all happen again.

Hashed passwords provide a degree of protection, so long as you salt the hash, and store a different salt for each password (for maximum protection).

Any programmer that doesn't understand salts, hashing, and encrypting should not bother making software that handles logins, period.

The Black Sunday hack. Apparently not an urban legend.

As Atwood would say ..
"It's so funny when I hear people being so protective of ideas. (People who want me to sign an NDA to tell me the simplest idea.) To me, ideas are worth nothing unless executed. They are just a multiplier. Execution is worth millions.
To make a business, you need to multiply the two. The most brilliant idea, with no execution, is worth $20. The most brilliant idea takes great execution to be worth $20,000,000. That's why I don't want to hear people's ideas. I'm not interested until I see their execution."