Domain: rossde.com
Stories and comments across the archive that link to rossde.com.
Comments · 19
-
Attorney-Client Privelege
If I were involved in a lawsuit (civil, not criminal) and wanted to send relevant documentation to my attorney, I would definitely want end-to-end encryption. After all, there have been real instances of attorneys and their private investigators engaging in illegal practices in attempts to gain sensitive data about their opponents.
For other reasons why end-to-end encryption might be important to non-terrorists, see my http://www.rossde.com/PGP/pgp_....
-
Streaming Radio
I listen to streaming radio, plus one non-broadcast source. These are mostly classical streams; but I also listen to Greek, big-band, Irish, and news streams. A list of streams is near the bottom of my Web page at http://www.rossde.com/music.ht....
I listen to streams without capturing them. Depending on the characteristics of the stream, I use RealPlayer, VideoLAN, or Winamp. To me, Windows Media Player® is an abomination; I do not use it. On vary rare occasions, I go to YouTube; sometimes I capture a YouTube stream and save it on my PC.
I have a large collection of vinyl, cassettes, and CDs. Sometimes, I play the CDs on my PC. The others I can only play when my wife is not watching TV since the cassette deck and vinyl turntable share speakers with the TV. I also listen to a classical radio station (KUSC) or a news radio station (KNX) in my car, but hills surrounding my house make radio reception inside my house problematical.
As for those who claim to be old (e.g., in their 40s), I will be 75 in less than two months.
-
Public OpenPGP Keys
I download a public OpenPGP key from a key server. Each key consists of over 2,000 apparently meaningless upper- and lower-case letters, numerals, and the symbols + and
/.I select a 8-10 character string from within the key. Before using the result, I check to make sure that the special characters + and / are allowed in the password. If the string has those characters but they are not allowed in the password, I delete them and extend the string with additional characters from the key.
For more information about OpenPGP, including links to key servers, see my http://www.rossde.com/PGP/inde....
-
Age Discrimination is Real
For almost 14 years, there has been a justice on the U.S. Supreme Court who used to chair the U.S. Equal Employment Opportunity Commission (EEOC). While heading the EEOC he held up some 20,000 age-discrimination complaints until the statute of limitations for filing lawsuits expired.
Yet there are ways to hide your age until you actually sign-on as an employee. Never discuss any part of your career that ended more than 10 years ago. Touch up your gray hair; Clairol (or some other brand) is your friend. Men should touch up their mustaches and beards, too. (But DO NOT resort to comb-overs, toupees, or other ways to hide your baldness.) You can readily claim your college degrees, but do not mention when you earned them.
Another area for caution is your salary history. Avoid discussing this. Take the position that you prefer to consider total compensation, including fringe benefits. Also indicate that past compensation might have been earned for an effort different from the one you are being considered. If you need the job and are willing to work for less than you used to make, do not allow your prospective employer use your past salary to disqualify you.
Also, remember that old dogs do indeed learn new tricks. If you are experienced in three computer languages and three operating systems, the next one will be very easy to learn. In any case, the old tricks are sometimes very valuable.
See my http://www.rossde.com/unemploy.... This might be somewhat dated, but the overall content could prove useful.
-
Prior-Use
Columbia Pictures' claim of some form of intellectual property rights to the term "Pixels" must be invalid on the basis of prior use. Over 10 years ago, one of my copyrighted Web pages used the term "pixels". The Internet Archive contains a copy of that page dated 10 February 2005; that copy contains the notice "Copyright © 2003-2004 by David E. Ross".
The current page is http://www.rossde.com/internet....
-
Frankfurt Second Worst on My List
I have flown to and from or changed planes in 26 airports. Frankfurt Airport (Rhein-Main-Flughafen, FRA) was the second-worst next to the armpit of airports, which is Kona International (KOA) in Hawai'i. Flying from Los Angeles (LAX) to Budapest (BUD) my wife and I had to change planes in FRA. With 12 security stations, only four were open. It took us over 30 minutes in line to reach a security station. Some passengers booked on our plane to BUD missed the flight because they were still stuck in line at security. No, they did not arrive at the FRA airport late; they too were merely changing planes. If you already passed through security at a prior airport, you remain within the security "shell" when changing planes in a well-designed airport and are not subject to another security check.
See my "Avoid Kona and Frankfurt Airports" at http://www.rossde.com/editoria....
-
Learn to Recognize Abusive Employers and Jump Away
I went to work for System Development Corporation (SDC) in 1969. SDC was actually the company that established computer programming as being distinct from building computers; before then, the only people programming were the engineers who built the computers. SDC was a good company with good pay and good benefits. Then, SDC sold itself to the Burroughs Corporation, which succeeded in a hostile takeover of Sperry Univac and became Unisys.
At Unisys, we found ourselves in an environment that treated highly experienced technicians and professionals as if we were assembly line workers. Unisys even imposed work rules on us salaried employees that are actually legal only for hourly wage-earners. I should have recognized the abuse sooner than I did and "jumped ship". I could have timed a change for when shortage of software experts made job jumping very profitable. Instead I stuck it out until mass layoffs were very near.
When Burroughs and Sperry Univac merged, the resulting Unisys had more than 120,000 employees. Today, Unisys has less than 25,000.
I must disagree with the replies that indicate programming is poorly paid. I earned sufficient pay that I was able to retire very comfortably before I was 62.
I would suggest that programmers learn how to test rigorously the software they create. This requires that they also write software specifications that are testable, after which they should learn to write formal test procedures. They can then advance into becoming requirements analysts and software test engineers (except in states where "engineer" is a career that requires a license). There are too few analysts and testers, who are often paid much more than programmers. Large computer-based projects are failing because of a lack of clear, objective, and testable specifications. Attempts to put those projects into actual use are disastrous because of a lack of testing.
For some details about my career, see http://www.rossde.com/retired.....
-
If It Is Private, Keep It Private
I never use cloud resources. Too many users have been severely inconvenienced if not outright burned by cloud services that have been hacked, suppressed by some government, gone out of business, or gone down for several hours. I keep all my data where I can access it, either on my PC or on a removable hard drive that I store remotely from my PC but easily reached.
I encrypt my most sensitive data. No, I do not rely on some corporation's declaration: "Trust us. We are good. We will protect you." Instead, I use an OpenPGP application that has been reviewed by outside experts and that I have installed on my PC. The data on my removable hard drive are encrypted. Some of my PC files are also encrypted. My pass-phrase, without which my private key is useless for decryption, exists only in my head and in an envelope in my safe deposit box at a bank. My private key is on my PC in a non-standard location. If somehow someone else were to access my private key, I have a much greater problem than the compromise of my sensitive data.
See my http://www.rossde.com/PGP
-
Actual Experience Against "Responsible Disclosure"
Historically, so-called "responsible disclosure" has resulted in delayed fixes. As long as the flaw is not public and causing a drum-beat of demands for a fix and a possible loss of customers, the developer organization too often treats security vulnerabilities the same as any other bug.
Worse, those who report security vulnerabilities responsibly and later go public because the fixes are excessively delayed often find themselves branded as villains instead of heroes. Consider the case of Michael Lynn and Cisco in 2005. Lynn informed Cisco of a vulnerability in Cisco's routers. When Cisco failed to fully inform its customers of the significance of the security patch, Lynn decided to go public at the 2005 Black Hat conference in Las Vegas. Cisco pressured Lynn's employer to fire him and also filed a lawsuit against Lynn.
Then there was the 2011 case of Patrick Webster, who notified the Pillar Administration (major administrator of retirement plans in Australia) of a security vulnerability in their server. When the Pillar Administration ignored Webster, he used the vulnerability to extract personal data from about 500 accounts from his own pension plan (a client of the Pillar Administration). Webster made no use of the extracted personal data, did not disseminate the data, and did not go public. He merely sent the data to the Pillar Administration to prove the existence of the vulnerability. As a result, the Pillar Administration notified Webster's own pension plan, which in turn filed a criminal complaint against Webster. Further, his pension plan then demanded that Webster reimburse them for the cost of fixing the vulnerability and sent letters to other account holders, implying that Webster caused the security vulnerability.
For more details, see my "Shoot the Messenger or Why Internet Security Eludes Us" at http://www.rossde.com/editoria....
-
Think Back to the 1930s
The Crimea is Putin's Sudetenland.
The Ukraine will be Putin's Czechoslovakia.
See http://www.rossde.com/editoria.... -
It's Not Your E-mail Address, It's Your Name
When I receive misdirected E-mail, it almost always results from someone selecting the wrong David or wrong Ross from their address book. That is, both the intended recipient and I are both known to the sender. The sender's address book is organized by names, not by E-mail addresses.
I used to get phone calls in the middle of the night for a David Ross who was an attorney, either in private practice or in the District Attorney's office. The caller would be drunk and picked out the wrong David Ross from the phone book. Again, this was a problem with my name, not with my phone number.
There are apparently many, many David Rosses. I have met two others face-to-face, both times in doctors' offices. I have exchanged E-mail with several others. I even created a Web page about this situation at http://www.rossde.com/Ross.html.
How do I handle misdirected E-mail? On the first occasion, I reply quoting the original message. I tell the sender they have the wrong David Ross. If there is one of those caveats about condfendiality and deleting misdirected messages, I also inform the sender that such warnings are unenforceable, that the sender must bear full responsibility for ensuring correct addressing of such messages.
On subsequent instances from the same sender, I use a small application that returns the message in a format that indicates the stated E-mail address is invalid. That is, the message will appear as if bounced. If that does not work, I finally threaten to make any subsequent messages public by posting them on a newsgroup.
-
Three Steps
First, get written specifications from a town official who has the authority to approve the results. The specifications should indicate the sources of content and how the town expects the Web site to be hosted. The specifications should be testable; that is, it should be possible to determine whether or not the result indeed implements what was wanted. You definitely do not want to put in any effort that will then be rejected. If you get a negative response, you want to point to the specification as justification for what you created.
Second, read what experts have said about proper Web design. The most important thing is to adhere to W3C specifications; see http://www.w3.org/. That way, any problems by end-users in viewing the result can be attributed to the users' browsers and not to your creation. Also peruse Jacob Nielsen's Web site at http://www.useit.com/, especially his http://www.useit.com/alertbox/9605.html and http://www.useit.com/homepageusability/guidelines.html. While the Viewable with Any Browser Campaign at http://www.anybrowser.org/campaign/index.html is somewhat dated, much of it is still relevant. Finally, there are my own "Professional" Web Developers at http://www.rossde.com/internet/Webdevelopers.html (where I dissect the errors committed by professional Web developers) and My Web Page Design Criteria at http://www.rossde.com/internet/web_design.html (where I describe how I design my own Web pages). In my "Professional" Web Developers, pay special attention to Accessibility to make sure you do not violate the Americans with Disabilities Act. My two Web pages that I cite here contain links to external Web sites with more information that may prove quite valuable.
Third, test your results. Use the W3C validators. Use http://validator.w3.org/ to make sure you have no HTML/XHTML errors. Use http://jigsaw.w3.org/css-validator/ to make sure you have not CSS errors.
-
Three Steps
First, get written specifications from a town official who has the authority to approve the results. The specifications should indicate the sources of content and how the town expects the Web site to be hosted. The specifications should be testable; that is, it should be possible to determine whether or not the result indeed implements what was wanted. You definitely do not want to put in any effort that will then be rejected. If you get a negative response, you want to point to the specification as justification for what you created.
Second, read what experts have said about proper Web design. The most important thing is to adhere to W3C specifications; see http://www.w3.org/. That way, any problems by end-users in viewing the result can be attributed to the users' browsers and not to your creation. Also peruse Jacob Nielsen's Web site at http://www.useit.com/, especially his http://www.useit.com/alertbox/9605.html and http://www.useit.com/homepageusability/guidelines.html. While the Viewable with Any Browser Campaign at http://www.anybrowser.org/campaign/index.html is somewhat dated, much of it is still relevant. Finally, there are my own "Professional" Web Developers at http://www.rossde.com/internet/Webdevelopers.html (where I dissect the errors committed by professional Web developers) and My Web Page Design Criteria at http://www.rossde.com/internet/web_design.html (where I describe how I design my own Web pages). In my "Professional" Web Developers, pay special attention to Accessibility to make sure you do not violate the Americans with Disabilities Act. My two Web pages that I cite here contain links to external Web sites with more information that may prove quite valuable.
Third, test your results. Use the W3C validators. Use http://validator.w3.org/ to make sure you have no HTML/XHTML errors. Use http://jigsaw.w3.org/css-validator/ to make sure you have not CSS errors.
-
Social Networks: Pathetic
I consider my self a pioneer in the use of computers but also modern. My experience covers the range from plug boards and punched cards to client-server networks and remote operation of PCs.
I do not participate in any social network. I have little interest in "friending" someone I never met face-to-face. I do not tweet. Now retired, I have no real use for LinkedIn. See my http://www.rossde.com/internet/surf.html#missing.
-
Re:PGP NOT Understood
If Mac OS X's Mail client automatically supports PGP, it is not necessary to obtain any certificate from an outside source. With an OpenPGP application installed on your own computer -- Mac, PC, UNIX, Linux, etc -- you generate your own certificate. See my http://www.rossde.com/PGP/index.html.
-
Re:whoop dee doo
For the uninformed: http://www.rossde.com/internet/sniffing.html
gewg_
-
Re:SMTP sucks
How about https://keyserver.pgp.com/ or http://www.rossde.com/PGP/pgp_keyserv.html or http://pgp.mit.edu/ or roll your own at http://pks.sourceforge.net/ if you are so inclined.
-
Re:I'd have some Q's for this symposium
I hope they're relevant.
Well the submisison is basically a cut-n-paste from the website. The about section says there will be a Hot Games' session will preview unreleased titles from major game companies and indie developers. (The website also says The program will be made available early June. So it's a litte early.)
The question is: will there be booth babes? No really.
So there is suttlebut about a huge show case of the 'latest and greatest' games with forthcoming release. The graphical theory and practice, at the state of the art, is already a focus of SIGGRAPH. Some video game engines approach implementation of 'last years' ideas, but most are not more techically sophisticated than generic toolkit $FOO running on OpenGL / Direct X shaders.
The reason to have a showcase such as this is to demo innovative User Interface design and game play hacking, both arguably harder to get right than NURBS modeling and bit pushing. Yet we've seen how innovative game publishers are in UI and gameplay. Doom 3 or Halo 2, anyone? They mention indie developers, but as I see it this is another game company's wet dream. As this is an ACM event, the subtle dilluting of the SIGGRAPH conference is in keeping with the corporate ethos of ACM. But, will this be any different than publishers hoping to expand their market via word of mouth?
I would more belive the utility of such a presentation if it looked at current, past and soon to be released games. Games that are either the epitome of a UI approach or possesing distinctive gameplay would be a usefull topic. Things like the products of Carnegie Mellon's Experimental Gameplay Project, where gameplay is actually researched, would be welcome. Eventaully, this could develop into it's own ACM Special Interest Group conference. As it stands this special session sounds like chance to sit and drool at the latest and shiniest grandchild of Wolfenstien 3D. I'd like to give it the benefit of the doubt, but there will be more skankily clad women in EA's 'presentation' than indie developers total.
Will single player games (or 1-4 on the console) continue to thrive or is the future in MMORPG's
At this point I seriously doubt that any real stats will come out of it. Until they start listing presenters and papers, I'm betting that the only answer to this is 'yes, if you buy our game.' -
so much for freedom in Canada
this pathetic act brought to the light some important issues about the canadiadn society:
Canadians have no ethics.
Their laws are just there to mock the working guy.
Freedom and power of change belong to a gerontocracy than wont give up their posts till they die, hence, those who want change for better are condemned to evolve into something worse than their precessors.
Just in case here another page that was banned:
http://www.rossde.com/editorials/edtl_Canada_censo r.html
God bless the freedom of speech in the US.
Canada envies the US, is not that they are better than them in any way whatsoever.
Moving or going to work in Canada?.
www.canadaimmigrants.com