Slashdot Mirror

The GP had a point. You remember what they jokingly referred to the CGA as? Crappy Graphics Adapater, because it had 4 colors: black, white, cyan, and magenta.
http://en.wikipedia.org/wiki/Color_Graphics_Adapter

Hell, even my Apple ][ had (graphics) Page Flipping plus 6 colors: black, white, green, violet, orange, blue
http://www.codinghorror.com/blog/2006/01/i-heart-cheatsheets.html

Not to mention it is totally nuts from a malware writer's POV. You have roughly 93% of the business and home desktops running WinOS, with a good portion of those still running the "Hey, let's all run as admin everybody!" XP, and with the huge amounts of home users now on fast connections with NO clue as to whether they are up to date or even if their AV works, jumping through all those hoops to base your malware on a specific CPU would not only be silly it would be purposely limiting your target.

If everyone wants to know what the big targets of the future is gonna be, let this old PC repair guy fill you in: On the home front it'll be Adobe everything, thanks to them not working with MSFT to have updates to their software pushed through Windows Updates so it is ALWAYS out of date, drive by malware courtesy of social sites like FaceBook, JavaScript malware o' the day pushed by the above, and on the mobile side I'm expecting a huge iOS and Android bug any day now, even though with the shitty USA phone networks you won't be getting as much as with a cable or DSL connection, simply because all the malware guys want to go "I did it! Yep, it was me!", and finally don't forget the EVER popular "ZOMG! U Got teh Viruz!!! Run thiz and turn off your broken AV pleasz!" fake AV crap that still spreads like the clap.

So there you go. While some researcher my think the "next wave" will be some uber super hacker shit, I'm willing to bet the pickings are just too easy the way things are for most malware guys to care. Maybe when 2014 rolls around and folks have to either buy new machines or upgrade away from XP will we see things change, as UAC, ASLR, and DEP does make it harder for malware along with WoW on x64, but right now there are still hundreds of millions on XP, and if you add in the ones that will happily turn off their AV just to see the dancing bunnies or will run "special codecs" to see teh prons, well that is a hell of a lot of easy pickings. Remember folks, criminals are just like any other predator and are inherently lazy. If they can nail lots of prey without hardly any work than that is what they WILL do, and working on these machines 6 days a week I can tell you there is a LOT of easy prey out there. No "super uber CPU specific hacks" required.

Jeff Atwood had a post on a remarkably similar subject last Friday:
http://www.codinghorror.com/blog/2010/10/the-keyboard-cult.html
that references the geekhack site.

Eye had trained mine for coding but eye still had to correct it but could dictate ~70%.
http://www.codinghorror.com/.a/6a0120a85dcdae970b013484af3871970c-800wi

And Windows DOES have a privilege escalation check. It's called UAC. Lots of people disable it because of poorly-written software that needs admin rights all the time, but it is there.

The problem is the dancing bunnies problem. And there's only one way around that - an iOS-style walled garden, where Microsoft approves every Windows app that can run manually.

While it's easy to shift blame onto the user, this completely overlooks the fact that a system designed with the capability of executing foreign code without any kind of privilege escalation check is just asking for trouble. No one should have to worry about those puppies or that porn in the first place.

It's the dancing bunnies problem in computer security. The nutshell is that even with Linux, users will open up a terminal and follow the magic script which includes all these bizarre cryptic invokations like gunzip, tar, chmod, sudo, and other weird things because they want to see their dancing bunnies, dammit!

I think rwa2's example is perfect, but if you want to expand the lesson, put a second copy (with slightly different message) in a file called DancingBunnies!.bat

This will help to explain another common method for viruses to spread.

Jeff Atwood hit on this issue in a blog post last year: http://www.codinghorror.com/blog/2009/06/url-shorteners-destroying-the-web-since-2002.html

I just liked how it described facebook as an intranet. Further the article posits that facebook will follow the path of AOL. I am not agreeing or disagreeing, just sharing a link.

http://www.codinghorror.com/blog/2007/06/avoiding-walled-gardens-on-the-internet.html

Bingo! everyone is looking at this from a technical aspect, and its not a technical problem its a case of the dancing Bunnies. The user KNOWS it is quite possibly hinky and they don't care because they want to see the bunnies. As long as the user has ANY abilities to actually place software on the machine, in other words if we don't all want to live in walled iGardens, then we will simply have these problems...period. Because that is why social engineering works, they wave the bunny, and the user happily bypasses any roadblocks to see said bunny.

There's a lot of recruiter hate going on here but it seems to miss the real problem. Having spent the last 6 years on the hiring side, it's very obvious that Jeff Atwood's FizzBuzz problem is too hard for 90% of the people applying for programming positions out there. When you end up with a situation like this, traditional hiring methods just don't work. Job board postings will get you hundreds of resumes in a single day but the quality is really crap and it is prohibitively expensive to do traditional interviews for every single resume received. HR recruiters, hated as they are, actually do provide higher quality candidates than posting on the job boards. However, it's something like an increase from 1% quality candidates to 5% quality. Still very poor.

We've ended up using a multi-prong approach to hiring ourselves. Besides using recruiters and posting to SIG boards, we've also optimized our candidate screening to handle the flood that comes in from job board postings. Since you can't tell much from resumes (some candidates lie, but an amazing number of good developers are also very bad at writing resumes), we try to call in all but the worst of the resumes received. Then we sit them through an automated testing system (we use Codility). Candidates that pass the equivalent of the FizzBuzz problem are then interviewed by technical interviewers that go over the code with them detail and attempt to thoroughly assess their true skill level. That automated testing step filters out the equivalent of 90% of our candidates, resulting in an almost 90% savings in our HR costs. It's very expensive to have good technical people spending hours interviewing after all, and they tend to hate it anyway.

It's not perfect. There are of course great people who get rejected or who even refuse to take an automated test. However, automated candidate testing means the difference between our top technical people spending 10% of their time interviewing or 100% of their time interviewing. With the scarcity of really good technical talent, we obviously chose to optimize our techie time.

There are multiple people out there (including Linus Torvolds, Jeff Atwood, and some random poster in this story)

BTW, if you want citations:

Linus on his Intel:

In fact, I can't recall the last time that a new tech toy I got made such a dramatic difference in performance and just plain usability of a machine of mine. ...
Everything performs well. You can put that disk in a machine, and suddenly you almost don't even need to care whether things were in your page cache or not. Firefox starts up pretty much as snappily in the cold-cache case as it does hot-cache. You can do package installation and big untars, and you don't even notice it, because your desktop doesn't get laggy or anything.

Jeff Atwood (admittedly, where I saw Linus quoted):

And, frankly, I was blown away by the performance difference compared to the 300 GB Velociraptor I had in my system before. That drive is not exactly chopped liver; it's incredibly fast by magnetic platter drive standards. ...
In my humble opinion, $200 - $300 for a SSD is easily the most cost effective performance increase you can buy for a computer of anything remotely resembling recent vintage. Whether you prefer the 80 GB X25-M SSD or the 128 GB Crucial SSD, it's money well invested for people like us who are obsessive about how their computer performs.

Trust me, you will feel the performance difference of a modern SSD in day to day computing. That's far more than I can say for most of today's CPU and memory upgrades. The transition from magnetic storage to solid state storage is nothing less than a breakthrough.

Random /.'er rabtech:

I can tell you that installing an SSD in my work laptop was the single greatest (relative) performance jump I've ever seen, starting with my 8086/1MB/CGA machine until the present day, including all processor/memory/graphics upgrades I've ever done.

I think you should first decide which platform you want to work on then go for the tools commonly used on that. Platforms are basically Linux, Windows, or cellular/iphone/android. With your lack of tool experience and your absence it'll be a tough sell, so you've got to demonstrate you've got desire and motivation. I would first start working on something and setup a website showing off your work. Put your software on sourceforge or equivalent. Make it seem like you're busy and you've got things filling up your day.

You left out SQL on your list of languages. Knowing SQL is a must for probably 80% of the jobs out there. Try out MySQL or Postgres.

I would avoid pursuing a web developer only job. They are commonly populated by teams with young graphic designers and programmers. I think older people 40+ are discriminated against among those circles.

One other thing. It's been a while since you've interviewed for a programming job. Interviewing has changed a lot since the 1980's. Today there is a kind of interviewing culture (or perhaps "language") you should know about. Long gone are the days when recruiters took your word when you said you knew X, Y, and Z. Today you are generally expected to code on the whiteboard and get into nitty gritty details of algorithms and containers. This can really hit you hard if you've not thought about the material in years. Do some interviewing research. Google, Microsoft, Amazon seem to have the model everyone emulates. Read up on Programming Pearls, Programming Interviews Exposed, and reading list and blogs like codinghorror.com

You should know about the riddle/puzzle interviewing fad that swept the industry between the late 1990's and early 2000's. Ala How Would You Move Mount Fuji. The riddle interview fad has mostly passed (at least for programmers), but you never know if you'll get hit with one.

Coding Horror recently posted an article about the current voice recognition technology.

http://www.codinghorror.com/blog/2010/06/whatever-happened-to-voice-recognition.html

There is a poem which got transcribed, and the title became like this:

"a poem by Mike Bliss --> a poem by like myth"

The rest of the poem is equally funny. So basically you better transcribe it manually.

here:

http://slashdot.org/comments.pl?sid=1702818&cid=32752126

It was an hilarious presentation in the spirit of his first publication... http://www.codinghorror.com/blog/2008/01/the-enduring-art-of-computer-programming.html (scroll down to Potrzebie)

to repeat (w/o the geocoord)

a successor to TeX which he has been working on for some time

scratch tex78 and tex82

so making up for assumptions which don't fit the internet age

jokes about measuring and math in TeX .4pt == .3999pt

maxdimen too small, 1sp too large

tunnel vision caused by computers of the day

subset of XML uses Unicode automatic everything

all directions and all dimensions

hypertext

text audio video sensors GPScoords accelerometers haptics

midi input to score and back to music

no macros --- menu driven like Word but enhanced

spoken command and gestures

\i \TeX (wrapped on a sphere)

spoken name accompanied by (optional) ringing bell

not programmed directly

1289 bugs in TeX
571 bugs in metafont

Project Marianne

www.projectmarianne.com

Project Biturgical

written in Scheme using all buzzwords

pricing - monthly subscription on cloud

first year one month free

pricing based on internet speed

will change everyday

life is too short to reread anything

will benefit world's economy, user's can sell documents

network of certified consultants

online help
    - for dummies
    - for wizards
    - personalized on-line

symbolic equations
graphics
maps
satellite photos

\i\TeX hyper document

math mode like mathml --- must evaluate

avatars

hyperbolic geometry

videoconferencing

world-class photo retouching

character, face, speech recignition

cognition

output format:
    - lasercutters
    - embroidering machines
    - 3D printers
    - plasma cutters

interactive cookbook

life as hypertext document

released next month

pending patent applications

Paper tape last several decades at minimum, and possibly much longer depending on paper quality.

http://en.wikipedia.org/wiki/Punched_tape

Punched paper tape is tried and true technology, but is slow and highly mechanical.

There's a newer variant of paper tape designed for archival purposes, that's not punched, but rather has lots of small dots printed on it.

Many DIY approaches skip the tape approach, and instead archive large amounts of data to ordinary printer paper...

http://www.codinghorror.com/blog/2009/07/the-paper-data-storage-option.html

Ron

Open source solves the broken window fallacy in the software market. Seriously. Does anyone believe that Bill Gates or Steve Jobs are ridiculously rich because their companies' software is that much better? That they really earned all the money they have? Linux and other OSS has saved the world probably on the order of trillions of USD which has been put to other uses (curing cancer, researching alternative energy, feeding the poor, etc, etc). On top of that, it has made it possible for people who could never afford the outrageous prices of Microsoft or Apple to be able to use a computer.

Coding Horror already answered the question of this article over three years ago:

The lack of open source software billionaires is by design. It's part of the intent of open source software -- to balance the scales by devaluing the obscene profit margins that exist in the commercial software business. Duplicating software is about as close to legally printing money as a company can get; profit margins regularly exceed 80 percent.

To ask where the open source billionaires are is to demonstrate a profound misunderstanding of how open source software works. If you wanted to become obscenely rich by starting an open source software company, I'm sorry, but you picked the wrong industry. You'll make a living, perhaps even a lucrative one. But you won't become Bill Gates rich, or Paul Allen rich, by siphoning away the exorbitant profit margins commercial software vendors have enjoyed for so many years.

It's a bad idea to roll your own. In fact, Joel Spolsky (Who's comment this blog post is the basis of) even went on to explain that in some cases, that's a complete lie (http://www.codinghorror.com/blog/2008/10/programming-is-hard-lets-go-shopping.html)

So really "It's a bad idea to roll your own, except when it's a good idea".

Have you thought about trying Eyefinity? As it seems to me Eyefinity is gonna be the way things end up, as it is cheaper to go triple monitors than it is to make one mega screen. And if you are wanting it for coding according to Jeff Atwood you just can't beat coding on triple monitors.

He... It make sense, since "Hardware is cheap and programers are expensive".

http://www.codinghorror.com/blog/2008/12/hardware-is-cheap-programmers-are-expensive.html

My main problem with IE is not speed, is rather fast. The real problem with IE is how broken, unsafe and unstandard is. Making it faster, will just make it faster to infect computers, show poorly rendered pages, and ignoring standard CSS3 keys.

Look at this tables, the support for CSS3:
http://msdn.microsoft.com/en-us/library/cc351024(VS.85).aspx

Some say it doesn't... well at least 80% of the time (according to the (in)famous Standish Group report). ;-) I am so looking forward to seeing Bilski being told to get stuffed by the SCOTUS. I am also worried that the SCOTUS may twist this into something worse... "look on the bright side of life, da dum, da dum, da dum da dum da dum!"

Case in point, look at what happened when Valve temporarily slashed the price on Left 4 Dead a while back - from full retail price down to $15-20, IIRC. Sales that weekend skyrocketed.

I was going to reply with this exact example. According to Jeff Atwood quoted an article saying that the sale didn't just dramatically increase sales and didn't even "just" cause more copies to be sold than launch, but brought in more raw revenue than launch day did.

In general terms, used properly, a Windows system running without an antivirus package is adequately secure.

The problem is that Windows users tend to have terrible security hygiene. They turn security features off, never update, and click the dancing bunnies. That's a separate, social issue. Never try to apply a technical solution to a social problem.

I agree with your overall point, but this argument doesn't hold much weight. If people are going to click it anyway, why not provide them with some sort of protection, even if it's not perfect?

It's like saying, in an uppity British lord accent, "Condoms? I have no need for the finickity things, and nor should anyone, poor or not! After all, I stay clean! Why aren't the rest of you as clean as me? Buck up I say, tally ho, pip pip".

That's right. If you:

• run as a non-administrator;
• keep your software updated;
• don't run suspicious code;
• and don't use known-buggy programs like Internet Explorer

why would you be more insecure under Windows than you be doing the same thing under OS X or Linux? Sure, the greater market share of Windows leads to more effort being put into creating malware for it, and that presumably increases the overall risk slightly. But that's a minor point. In general terms, used properly, a Windows system running without an antivirus package is adequately secure.

The problem is that Windows users tend to have terrible security hygiene. They turn security features off, never update, and click the dancing bunnies. That's a separate, social issue. Never try to apply a technical solution to a social problem.

These days, the Windows security model is pretty good; you can attach a security descriptor to practically any kernel object, and the NT kernel has supported ACLs since day one. Slashdot needs to stop living in 1999. We're not talking about Windows 98. You can't crash a machine by pinging it, and it doesn't blue screen every day. Hell, you can even keep it up long than 49.7 days!

Bashing Windows today for the faults of the system a decade just makes you look ridiculous. It's like bashing Linux for not having hardware hot-plugging, or bashing Macs for not having preemptive multitasking. It's ludicrous. You want to bash Microsoft for pervasive DRM? Fine. You want to bash them for outrageous market segmentation? You want to bash them for their traditional embrace-extend-extinguish approach to standards? Fine. Want to bash them for still not having a real package manager in the OS? fine. Those are all still issues. But security and robustness aren't.

Am I the only one who *doesn't* get eye-strain reading text on LCD's hour after hour ?

I'm beginning to wonder whether the difference is actually Mac vs PC and the font rendering technologies. I use a Mac all day, reading text on LCDs, and it doesn't bother me in the slightest. Perhaps it's because the fonts look nicer (yeah, I know, it's an opinion, not a fact) to my eye on the Mac. I've lost count of the number of times I've spent days poring over PDFs and somehow managed to not notice this 'eye strain' that LCDs apparently cause. I actually *prefer* to read documents on the screen rather than printed out on paper...

I'm also pretty convinced I'd get a lot more wound up over the slow refresh of the e-ink displays than the supposed eyestrain from LCDs...

Simon.

Zeus Smoky Bacon Edition or Zeus Kenny Loggins edition? Bacon is delicious, but I also love that Footloose song...

Or as Atwood put it: You can write fortran in any language

Excellent and horrible coders exist no matter what language you choose.

The logic that a single language can spoil your mind would only lead to you experiencing fewer languages in order to avoid damaging your precious brain!

I'd wager that most of the top programmers in the world have written significant amounts of code in at least 10 different languages.

I instinctively assume anything that needs to use underhanded advertising must not be able to stand on its merits.

Here is another fun page: "Most IT experts agree that such failures occur far more often than they should. What's more, the failures are universally unprejudiced: they happen in every country; to large companies and small; in commercial, nonprofit, and governmental organizations; and without regard to status or reputation."

I only question why, when large projects are almost universally over-budget or fail altogether, we persist in being surprised and outraged every time? The simple fact is, we don't know how to do it, any more than we know how to land on mars; that is, we can do it, sometimes, but you better know going in it is likely to end in tears.

(In general, it seems to me that most of the problems in government have direct parallels in private industry because they flow from the same underlying cause; the unaffordability of medicare/medicaid corresponds to skyrocketing premiums in the private market; social security corresponds to slashing pensions and now even 401k matches in private industry. But private industry does hold a trump card - they can always cut their losses by tossing people aside and moving on, whereas government is the safety net.)

No, subpixel rendering methodologies are the key difference in Microsoft and Apple anti-aliasing methods. The article you originally provided demonstrates rendering differences in the subpixel algorithms. The pixel-level rendering is almost identical.

Uh-huh. I suppose that's why the line of Mac text is 14 pixels wider than the line of Windows text? "Almost" indeed.

Provide them. Start with legibility studies.

I'll do even better: here's a side-by-side comparison. That's OS X's Helvetica on top, Windows 7's Arial on bottom, both at 5 pixels high. As you can see, OS X does indeed turn off subpixel rendering at that size, but it doesn't help. Notice the letters running together. Also notice the inability to distinguish "t" from "f", "i", or "l"; "e" from "u", "o", and "s"; and "h" from "b".

Next, a source that demonstrates that OS X "ignores" TrueType hints that Apple created in the first place. Then a source showing Microsoft offers higher technical fidelity in any aspect.

"Font hinting is the method preferred by Microsoft. Unhinted font is used on OS X and Linux."
"without any hints or grid-fitting but with subpixel accuracy (similar to rendering in Mac OS X)"
"I recently spoke with a renowned font designer, and he complained that Apple ignores the hinting he (and other designers) specifically puts into his fonts."
"Apple's rendering approach on Mac OS X ignores almost all the hints in a TrueType font"

Admittedly, these are claims about Apple's renderer, not source code snippets from the renderer itself. Perhaps everyone is wrong. Do you have a better source demonstrating that Apple does respect the hints?

Then, show that the Microsoft rendering engine is anything more than a closest-fit grid snap.

A moment's thought should illustrate why a "closest-fit grid snap" would not produce anything looking remotely legible, but in case that isn't enough, here's Microsoft's overview of their rasterizer's operation, which includes: "Adjusting the outline description to the pixel grid (based on hinting information)."

If you're designing for print, you should never use an algorithm that shows different character placement and properties. If it's illegible at low resolutions on screen, increase the resolution or zoom in your document editor. You don't need on-screen legibility at tiny sizes if you're designing for print.

As I explained in my original post in this thread, that's fine for work such as graphic design where those details matter, but the average office worker writing a letter or spreadsheet cares more about reading the text than matching the printed page pixel-for-pixel. Newsflash: not everyone works in the same industry as you.

You've yet to demonstrate a single inaccuracy.

I've got to hand it to you: your powers of denial are impressive. Subpixel rendering? Snap-to-grid? Yes, you're batting a thousand, all right.

Cutler personally hated UNIX. NT was his anti-UNIX.

Good reading here.

Isn't this technology ('supercache' or whatever you wish to call it) carried over from Vista?

I thought it was big news back when Vista first came out...

http://www.codinghorror.com/blog/2006/09/why-does-vista-use-all-my-memory.html
http://forums.overclockers.com.au/showthread.php?t=640296

Bingo! Give that man a ceeegar! As a PC repairman I have managed to cut down my users infection rates by a good 80-85% by changing their habits. Autoupdates enabled, Firefox instead of IE, ABP installed, updated Comodo AV/Firewall installed, but I can't get it any lower than that. Why? PEBKAC, that's why.

I have actually sat beside a user and said "Don't open that. It is a password protected .zip file sent by email. It is a virus" and had the user go "Ohhhh you worry too much! This is from my BBF Kim! She wouldn't do anything like that!" and guess what? She opened it, infected her PC with one of those lovely rogue AV programs and drug the whole network down to a crawl as it pounded the hell out of the other PCs looking for exploitable boxes. Needless to say dealing with those users I wear this face pretty much daily.

Dealing with the PEBKACs I can tell you that Linux would NOT help in those cases! I even tried it once, put a "must click on everything that has porn in the title!" user on PCLOS just to see if it would help. He had the whole machine borked so bad it wouldn't boot in under 3 days. How? He decided he didn't like Synaptic and instead Googled "Linux programs" and installed a bunch of shit from Freshmeat and ended up in dependency hell.

With Windows 7, Comodo, and Firefox I have managed to seriously cut down the infection rate of my stupidest customers, but in the end stupid is as stupid does. All the best security in the world won't help the dancing bunnies problem if your user wants to see the bunnies. No matter how foolproof you design you WILL find out there are always bigger and better fools.

Paraphrasing Gunnery Sergeant Hartman:

"There is no religious bigotry here. I do not look down on Muslims, Christians, Jews, and Scientologists. You are all equally worthless."

the "buy more hardware" meme is a terrible message to be sent to less experienced programmers.

If Jeff Atwoods says so, then it must be true... Damn! I better move to a Microsoft stack right now!

I was looking for an old page called something like "Ten reasons VB is a terrible programming language" (I can probably only remember 3 or 4 off the top of my head -- Arrays, no logical shortcuts, no bulit-in hashs, True = -1). Couldn't find it, but did find an interesting quote:

For example, I personally believe that Visual Basic did more for programming than Object-Oriented Languages did. Yet people laugh at VB and say it's a bad language, and they've been talking about OO languages for decades.
And no, Visual Basic wasn't a great language, but I think the easy database interfaces in VB were fundamentally more important than object orientation is, for example.

-- Linus Torvalds

Intuitively, longer sessions can lead to session hijacking. This implies that it's safer to reconnect. I'm sure ssh has some way to prevent session hijacking though.

Failures in gov.uk IT projects are down to antiquated software development methods.

Only in software development is a 34% success rate (in 2004) considered a vast improvement (100%) over a decade previously.

What are rather ambitious projects are persistently entrusted to the waterfall method of development ; the first problem being that people seem to just smunge the first three steps into one and have subject-matter experts produce a handful of word documents describing what they think is the best technical architecture.

And then wonder why they don't get something that works. The second problem being using the waterfall method at all. I don't think I've yet seen a successful project that used it for anything more complex than a glorified file download service.

I guess waterfall persists because it allows people to get the design phase out of the way and then go back to being terribly busy with their existing non-optimized tools and process. Iterative methods mean those nasty developer people popping up all the time and asking questions that are too hard for a Monday morning ; and you can't even get rid of them when the software has been delivered!

But government likes a process consisting of clearly delineated steps. Heck, they even invented one.

And either require the user to remember - you guessed it - yet another password, or they keep the decrypt key on the hard drive where anyone can can find it.

"But at least the user only has to remember one password, instead of many."

That is an improvement, but god willing they'll also be making good backups and won't suffer catastrophic data loss, else they've lost all their passwords.

I know it's taboo to write passwords on post-its. At an office I'd agree that post-its and the undersides of staplers are the worst places ever to keep passwords. But why is it so bad at home? If someone breaks into your home, wouldn't you try to change as many passwords as you can remember just to be safe anyways?

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

As has been pointed out elsewhere in such discussions, admin access is not essential for malware: it can download files, send out spam, set itself to start on login, and mess with your personal files even running as a local user.

Secondly, you've highlighted *should*, which is important. If people are used to clicking "Yes" (or entering their password) to do things, they'll do it for malware without a second thought. "DancingBunnies.exe needs you to become an admin to install. Continue?" Or, if Linux hits the mainstream, "To install DancingBunnies.deb, you need to...".

Secure != convenient. That's why most people in offices think their IT guy's a jerk, and why Windows remains popular.

So why is exchange using between 5GB (on a systems with 4GB installed RAM) and 18GB (on a system with 16GB installed RAM) of RAM

As I understand it, there is a performance penalty involved with paging data into RAM. By leaving the pages in RAM after programs exit or release memory, the the next time that data is read, it can be accessed faster because it doesn't need to be paged into RAM again. That "extra" (the amount of memory being "used" over the physical memory) is not actively being used and does not serve to degrade performance. It's just paged out. Linux and FreeBSD will do this too, and I'm pretty sure that Windows was a latecomer in implementing this kind of memory management strategy.

Check this article out. It's about Vista, but relevant.

I, I, I, me, me, me....

Yes, because I don't presume that everyone else will see things the way I do.

last I checked MacOS has given up on the commandline,

You obviously didn't check very thoroughly. Look under Applications/Utilities/Terminal. Among other things, recent versions of OS X include all sorts of interesting developer toys, like Ruby on Rails, which are available at the commandline.

Yes, that's right, they include these things. Not as a separate install, they're actually already there.

Linux still has to catchup on some things(Wireless, Graphics, Standards).

Wireless -- show me a wireless card without a native Linux driver (not easy, these days) and I'll show you a wireless card which supports ndiswrapper. When comparing the "ease of use" of this process, keep in mind that most laptops will ship with wireless enabled -- if you truly want an apples-to-apples comparison, buy a Laptop with Ubuntu preloaded and tell me what part Linux needs to "catch up on".

Graphics -- nVidia shares their driver base between all OSes, and Linux is actually used on a majority of high-end CAD workstations.

Standards -- big giant citation needed. Which standards, in particular, are you talking about?

Double-click and shortcuts beat commandline any day,

Oh, where to begin?

Single-click beats double-click, first of all. Even Microsoft is starting to realize this.

And by what measure? I specified exactly what I think the commandline is better at, and what I think the GUI is better at.

whatever though you are arguing about using the commandline for like .002% who actually need to get that deep.

Those ".002%" -- actually much larger, I would guess -- are also the people who write the software which makes things easier for you. Making it easier for us, the developers, is a Good Thing.

If you have to use commandline for anything more than roughly 2% of your use, than you have failed.

Or I've found a really interesting 2%. Again, you're making vast, unfounded assumptions.

Adobe and Office have improved the GUI to make it more affective

But hey, while you're at it, if you can't even tell the difference between affective and effective, you've failed.

as things become more automated you will see less and less of the commandline or the need for that IT guy to get into those deep settings to fix stuff.

And just who do you think is creating that automation to begin with?

But hey, let's actually check some assumptions, since you mentioned a study. Here's an interesting one:

I don't think anyone would argue that learning keyboard shortcuts is faster than using the mouse to navigate and learn a program. Clearly it isn't -- it's quite painful, as anyone who has ever been stranded at a Unix command prompt can probably tell you.

However, as Tog himself notes, when the keyboard shortcut is already memorized and well understood, it's a clear productivity win.

In other words, once you've learned it, the keyboard wins, even in a GUI app. Once you've learned the commandline, I'd argue it's often much faster than a GUI.

The guy that thinks that Stackoverflow, essentially a simplified web forum that could be designed by a semi-literate PHP monkey in 48 hours of work, is a major feat of software engineering?

Your point is addressed here:
http://www.codinghorror.com/blog/archives/001284.html

If stackoverflow is so simple, why is there no other site that does the job as well?

If you don't want to deal with the bugs the easiest way is to not allow them to get them in the first place. being a PC repairman I had this same problem with my dad, who frankly could tear up a Sherman tank with a toothbrush. Run them as a limited user and set up Comodo EasyVPN (with admin privileges of course) so you can install any software they might "need" and you should be good to go. Now the only time I have to go deal with my dad's computers is when he picks up a new piece of hardware like a camera.

Here is the link for the 32bit version of EasyVPN, they also have an x64 if like me you have moved past 32bit. Your family will love how you can "magically" install stuff without having to be there, and you'll love not having them tear up the PC when you're not around. A win/win in my book.

But in my experience trying to "educate" users is like pissing in the wind, bud. You see there is this thing called "social engineering" and the dancing bunny problem. You see they WANT to see the bunnies, and no matter how many times you say it's a trap! they will completely ignore you and go right ahead and do whatever they need to in order to see the bunnies. So as long as they are allowed admin rights then this will be your expression more often than not. Better to just be the "installer monkey" and keep them in a nice locked down limited user account.

There's an old adage that advises, "never try to apply a technical solution to a social problem." It's true here: there were no attacks that an encrypted connection to Facebook would have mitigated; toolbar installation was the user's choice, not some drive-by download; finally, product offers and hidden $10-per-month charges didn't even have anything to do with computing, except incidentally.

While improving technical security is worthwhile, it's not something that would have helped here. You can't solve the dancing bunny problem without preventing users from choosing what to do with their own machines. You'd have to implement draconian and pervasive DRM, and effective give people appliances when before they had general-purpose computers. That's a cure worse than the disease.

This problem is social, and needs a social solution. Legislation is how we collectively solve social problems. There's nothing inherently scary or sinister about law. It makes us civilized. Reading about the exploits of this CEO and the thousands like him, I can't help but think we need a lot more civilization right now.

Great, you can use this certificate:

http://www.codinghorror.com/blog/archives/000818.html

I've struggled mightily with my Radeon 9200 video card under Ubuntu. I don't get any acceleration. Often the resolution goes back to default VESA, at 800 x 600 @ 60Hz. Irritating but livable.

Viewing any Flash movies ends the browsing session, taking all resources and preventing any other loads. The only way to fix it is to close the tab. If I didn't have Flashblock, surfing would be impossible. No Flash. Think about that for a minute.

Yes, I've installed the proprietary drivers AND the Flash drivers. I'm not an idiot. I have a fair bit of Unix / Linux experience.

Support has ranged from "lol get a better card" to "ATI has proprietary drivers and doesn't work under Ubuntu. It's their fault for not supporting a GPL framework" to "your computer is too old and you should buy another one". I note that Voodoo cards are supported.

So realistically, the attitude is "buy $100 - $500 worth of stuff that may or may not work in order to get the free program to work."

Personally, I'm looking forward to when my wife gets her new laptop so I can get the XP licence back and actually be able to use my computer. Ubuntu's been a pain in the ass for the last two years, and I'm sick of it.

What good is having the "OS safe" if the user is totally pwned? And don't forget these people have NO problem with inputting their password, be it their personal one or root. With social engineering it all comes down to Dancing Bunnies Problem and as someone who has been working PC repair since the days of Win3.x i can tell you that all it takes is the right carrot and they WILL jump through hoops to run it. And the malware writer doesn't care about root as long as he can spew spam on the network you know.

So again this is why the "year of the Linux desktop" is a truly bad idea. I have to deal with "average Windows users" all damned day long and believe me, it really don't take much with those folks to totally pwn a system. Limewire with Lesbian_avi.exe, screensavers from their 'good friends", hell the Velma that I based the "Velma Problem" on is a perfect example. Read this and tell me again how Linux security would help with THAT level of dumbass?

Yeah, forgot about the passage of time. I couldn't find this more recent article from jeff atwood when I first posted it.

http://www.codinghorror.com/blog/archives/001304.html

With ssd right now, the manufacturer makes a big difference in quality and reliability.

Linux (and other free/open source software) really only comes in one version: AWESOME!

How does the absolute intake compare to what it was before the experiment though?

I'm reminded of a sale Valve had for L4D a few months after it was released; Jeff Atwood relayed the results. In short, Valve cut the price of L4D in half, and the result brought in more money (not just more sales!) than the launch day.

So how did World of Goo's experiment do in absolute numbers? Did the revenue increase or decrease from before the experiment? Certainly sales increased, but that's a far cry from revenue increasing.