I wish more people would come to this conclusion, especially those targeted by the attacks.
However, I'm afraid they're just moaning and complaining of the poor morality of computer criminals. The idea that there may be better and worse ways to run IT systems aren't likely to get through to them nomatter what happens.
Noop. But I can ensure that when I DO important errands like banking, that the amount and target account is correct and not tampered with.
For example, my bank now are expecitng me to use a manual crypto-device and are taking good care to explain that a login-signature should always start with a 9, confirming sum transfered should always be confirmed by signing the amount to transfer (which may not be an 8-digit number starting with 9), and approving a new account, the number to sign is the new account number.
It's never hard to fool users that don't care, but there should at least be ways to make caring about security as easy as possible.
Smartcards doesn't come with a button for approving signatures. You're still quite vulnerable to spyware with them, any software running with your credentials on the machine can access the smartcard and make signatures.
Besides, the point about standardization is missed since few machines have the physical hardware interface-slots in them, so I can't bring my identity with me. A standardized USB interface could work with only software driver updates to any existing machine.
Sorry, I missed the obvious need for a pincode/passphrase-type entry in the really sensitive extended version. Preferably physical, although perhaps entered on the machine can be good enough for most purposes. (If the same person installs spyware and has physical access to your key, you probably have other trust problems as well.) Of course it doesn't protect from high-tech million-dollar scanning equipment that can read keys from the chip anyways, but well, a person with that kind of money have other ways to get to you.
For the low-sensitivity applications, the chance of physically loosing the key easily beats 1) same password at all sites (one site with weak protection and you're screwed) or 2) all passwords stored locally for remembering (spyware targeting credentials and you're screwed).
Of course, the public key cryptography that this requires is also still unclear with respect to quantum computing. There are weaknesses, but it easily beats passwords.
I've long longed for a USB hardware device containing a small crypto-processor, a public/private keypair, and a button. Given a standardized interface (as standardized as USB block-devices) it would make a perfect key-solution to keep in my physical keychain to identify myself in all kinds of circumstances.
* Need to sign a bitcoin-transaction? Let the software queue a request and press the button.
* Need to identify yourself on the web? Again, let the site send a challenge, the browser forward it to the key, and press the button. (Possibly already possible through SSL?)
As an extension, the key could hold two keys of different "level". A common key, not requiring the button to identify me to less-sensitive services, and a button-locked key for more important purposes.
For online banking, extend the key with a small display to show exactly what you're signing, and you get rid of all the manual transactions.
Is there at least something less-standardized for this?
Not playing any game. I'm clearly not involved, or able to really advice anyone on this topic. Just voicing my opinion. This is slashdot.
Who are you trying to depict as unreasonable?
The one refusing an objectively fair compromise. Both, either, or neither, I don't care. For reference, I don't have much bias in the question, I think both sides are partly responsible for the situation.
The point of the proposal is to force both individually to accept, or depict themselves as unreasonable. Doubly so if the other part accepts. I'm not pointing fingers.
Considering objecting in such a straight-forward scenario would probably be a PR-problem for the refusing party, it might just work. Just make sure both parties understand their decision is public.
And yes, I happen to think that the whole RMS Sexism debacle was blown a little out of proportion, but it damaged his reputation as a speaker wherever gender-neutrality is desired.
Both parties want him to Speak, let both parties pay half each. If both parties refuse, stay home, if only one accepts, then go there.
I fully understand why the Palestinians do not wish to pay the "Israeli" share, and the other way around. However, splitting the costs is fair, and all parties win.
Sure, I realize it might be impolite if the Palestinians had already been promised a visit, but I think at least the option of splitting costs should be proposed.
Do they also support commercial RHEL (not in the TFA)? Otherwise, it also happens to be a nice way to endorse "the Linux that doesn't pay the large RedHat developer team that wrote CentOS".
I don't mind CentOS, I use it lots myself, and I have a weak business case at work motivating paying for a RHEL license.
However, frankly, CentOS would not exist without RHEL, and I don't think Microsoft is feeling sorry to endorse the side of the (RedHat) ecosystem that don't pay the RedHat staff.
Do you have a better word for "valuing ones time"? In my vocabulary, it is one valid interpretation of "lazy". Not doing more than necessary to achieve the goal.
The difference lie in motivation, and what the goal IS. (Some people are greatly productive in the goal of doing nothing at all) A person motivated in something else than slacking off, will find the next problem/challenge/task and get at it. Perhaps their motivation does not pull them in the direction you want, but that's a whole different problem.
My guess is the engineers from your experience just weren't motivated, at least not in things that helped you, and they probably had the wrong job position.
TFA explicitly mentions the Statkraft project. However, there seems to be a significant difference between the two; where statkraft is using the salinity to create pressure and power a conventional turbine generator, this article is about creating current directly, which should theoretically improve efficency a lot.
According to TFA a, 50cubic meter/second flow of fresh water could yield up to 100MW.
An interesting thought-experiment would be to imagine a world where the natural laws causes a spontaneous copy of a car to be created every time someone taking it out for a test-drive. What implications would that have on economy, laws and technology? Would the car never have been invented? Would the property-laws look the same?
In any case, that is pretty much the current reality in the world of digital assets, or assets that can easily be digitized.
Note: I do not defend or condone piracy. I think it's generally wrong, but I do understand why it exists;
I think it's also a matter of accessibility.
1. There is simply no legal alternative to Torrent-sites with the same range of content, at the same "same-site"-convenience and instant gratification of a download. Nomatter what price the consumer is willing to pay. 2. For anyone interested in video-content, compatibility with the media-center is key. Due to various DRM-mechanisms and special-delivery-methods of legal alternatives, formats from piracy sources are usually more compatible and "just works". 3. Geographical barriers limit the options in large parts of the world. Outside US, you just cannot get Hulu, and many other ad-driven or otherwise funded source, nomatter what you pay. 4. Release schedules. Much of the Hollywood media (TV and Movies) reaches parts of the World outside US slightly, or sometimes much later than the US premiere. Meanwhile, non-US citizens cannot conveniently access it without resorting to piracy, irregardless of willingness to pay.
While some will never accept any price, I think many of the current pirates wouldn't mind paying (many already pay for anonymity VPN services), if the 4 points above were reasonably addressed.
Supporting Example; Spotify. Before Spotify, a lot of my friends downloaded almost all music from pirate sources, even music they had already purchased. Downloading was simpler than ripping the CD, and you got it in non-DRM format. After Spotify, I hardly ever hear about anyone download pirated music. It's not worth it, since there's already a convenient legal way to get to most music anyways. In Sweden, most of music piracy is gone after Spotify. Many is satisfied with ad-driven Spotify, some purchase it, while some are still trying to get rid of the ads, equivalent of pirating it. Unfortunately, Spotify suffers from problem #3 and is not accessible throughout the world.
Simple. Physical media cannot give me the "instant gratification" of buying downloaded songs. Especially, it puts the burden of actually ripping it onto me, as well as incurr extra costs in manufacturing, shipping etc. Besides, the longevity of CD-formats vary greatly depending on the quality of plastic that is put it. (For example, my father recently discovered some of his 15-years-old CD:s doesn't play back today.) Ripping it losslessly, and backing it up to some cloud-storage is probably both more reliable AND more accessible.
Personally, I've just given up fuzzing around with music since I can never muster up enough interest to decide upon a playlist. Instead I mostly listen to Last.FM and yes, I do get inexplicable head-aches that might be attributed to digital compression. For TV-series however, I often buy the DVD-box when it comes out, just to put it on the shelf and download a pirated version instead. Much more convenient, and I get to skip over all crappy commercials and anti-piracy warnings. Now isn't that irony?
I personally would prefer to BUY in FLAC, even if I later have to transcode. If I buy lossily compressed, I can never get back original quality, but the other way is (relatively) easy. In particular, many of the music-stores are not web-outlets but requires a client-side software. (Itunes for one) If customers demanded it, it would be trivial to implement auto-conversion to the target-device, many already do, while keeping originals in fully-quality format.
And your analogy is a little weak in that when you are issued a COMPANY laptop, you aren't out any money and of course you should only do things related to your job description with it. The paradigm changes once it is hardware that YOU pay for.
Exactly. Is it the companys laptop, or your laptop?
A better analogy would be if Google only served unmodified Chrome viewers.
I too have a problem with the many occasions where they "bust" a myth due to failing to reproduce, while there are credible documented occasions of it actually happening.
That, and all the myths related to human performance, where an "X" gets to represent either an average X, or the best possible X. Especially when many of the myths includes some notion of super-human abilities. Congratulations, you just proved superman/santa-claus/hellboy doesn't really exists. Bravo.
If nothing else, the amount of changed verdicts in the revisits shows pretty clearly that while fun to watch (when they doesn't mess up completely), Mythbusters isn't an exact science.
If only git was a de-centralized VCS, these repositories would already have been cloned in the dozens around the world, and this take-down would be completely futile!
The whole "I trust you, so please go ahead and run your installer with admin-privileges."-model is fundamentally broken for so many reasons. It's not just the install-various-crap-I-did-not-want problem, but also the problem of the "installer" not knowing critical details about you particular config, breaking things horribly, the uninstall-problem, dependency-problem etc.
Package-management systems are usually just marginally better (there's still install/uninstall-scripts that can go haywire, and poor support for isolating 3d-party apps), but at least it's something.
Slashdot Mirror
I wish more people would come to this conclusion, especially those targeted by the attacks.
However, I'm afraid they're just moaning and complaining of the poor morality of computer criminals. The idea that there may be better and worse ways to run IT systems aren't likely to get through to them nomatter what happens.
Noop. But I can ensure that when I DO important errands like banking, that the amount and target account is correct and not tampered with.
For example, my bank now are expecitng me to use a manual crypto-device and are taking good care to explain that a login-signature should always start with a 9, confirming sum transfered should always be confirmed by signing the amount to transfer (which may not be an 8-digit number starting with 9), and approving a new account, the number to sign is the new account number.
It's never hard to fool users that don't care, but there should at least be ways to make caring about security as easy as possible.
Smartcards doesn't come with a button for approving signatures. You're still quite vulnerable to spyware with them, any software running with your credentials on the machine can access the smartcard and make signatures.
Besides, the point about standardization is missed since few machines have the physical hardware interface-slots in them, so I can't bring my identity with me. A standardized USB interface could work with only software driver updates to any existing machine.
Sorry, I missed the obvious need for a pincode/passphrase-type entry in the really sensitive extended version. Preferably physical, although perhaps entered on the machine can be good enough for most purposes. (If the same person installs spyware and has physical access to your key, you probably have other trust problems as well.) Of course it doesn't protect from high-tech million-dollar scanning equipment that can read keys from the chip anyways, but well, a person with that kind of money have other ways to get to you.
For the low-sensitivity applications, the chance of physically loosing the key easily beats 1) same password at all sites (one site with weak protection and you're screwed) or 2) all passwords stored locally for remembering (spyware targeting credentials and you're screwed).
Of course, the public key cryptography that this requires is also still unclear with respect to quantum computing. There are weaknesses, but it easily beats passwords.
I've long longed for a USB hardware device containing a small crypto-processor, a public/private keypair, and a button. Given a standardized interface (as standardized as USB block-devices) it would make a perfect key-solution to keep in my physical keychain to identify myself in all kinds of circumstances.
* Need to sign a bitcoin-transaction? Let the software queue a request and press the button.
* Need to identify yourself on the web? Again, let the site send a challenge, the browser forward it to the key, and press the button. (Possibly already possible through SSL?)
As an extension, the key could hold two keys of different "level". A common key, not requiring the button to identify me to less-sensitive services, and a button-locked key for more important purposes.
For online banking, extend the key with a small display to show exactly what you're signing, and you get rid of all the manual transactions.
Is there at least something less-standardized for this?
What is your real game here?
Not playing any game. I'm clearly not involved, or able to really advice anyone on this topic. Just voicing my opinion. This is slashdot.
Who are you trying to depict as unreasonable?
The one refusing an objectively fair compromise. Both, either, or neither, I don't care. For reference, I don't have much bias in the question, I think both sides are partly responsible for the situation.
The point of the proposal is to force both individually to accept, or depict themselves as unreasonable. Doubly so if the other part accepts. I'm not pointing fingers.
Well, give them a chance.
Considering objecting in such a straight-forward scenario would probably be a PR-problem for the refusing party, it might just work. Just make sure both parties understand their decision is public.
Are you sure they would want to?
And yes, I happen to think that the whole RMS Sexism debacle was blown a little out of proportion, but it damaged his reputation as a speaker wherever gender-neutrality is desired.
Easy solution;
Both parties want him to Speak, let both parties pay half each. If both parties refuse, stay home, if only one accepts, then go there.
I fully understand why the Palestinians do not wish to pay the "Israeli" share, and the other way around. However, splitting the costs is fair, and all parties win.
Sure, I realize it might be impolite if the Palestinians had already been promised a visit, but I think at least the option of splitting costs should be proposed.
Do they also support commercial RHEL (not in the TFA)? Otherwise, it also happens to be a nice way to endorse "the Linux that doesn't pay the large RedHat developer team that wrote CentOS".
I don't mind CentOS, I use it lots myself, and I have a weak business case at work motivating paying for a RHEL license.
However, frankly, CentOS would not exist without RHEL, and I don't think Microsoft is feeling sorry to endorse the side of the (RedHat) ecosystem that don't pay the RedHat staff.
Do you have a better word for "valuing ones time"? In my vocabulary, it is one valid interpretation of "lazy". Not doing more than necessary to achieve the goal.
The difference lie in motivation, and what the goal IS. (Some people are greatly productive in the goal of doing nothing at all) A person motivated in something else than slacking off, will find the next problem/challenge/task and get at it. Perhaps their motivation does not pull them in the direction you want, but that's a whole different problem.
My guess is the engineers from your experience just weren't motivated, at least not in things that helped you, and they probably had the wrong job position.
TFA explicitly mentions the Statkraft project. However, there seems to be a significant difference between the two; where statkraft is using the salinity to create pressure and power a conventional turbine generator, this article is about creating current directly, which should theoretically improve efficency a lot.
According to TFA a, 50cubic meter/second flow of fresh water could yield up to 100MW.
lazy & motivated ~= productive
Lazy can be a good thing. :)
An interesting thought-experiment would be to imagine a world where the natural laws causes a spontaneous copy of a car to be created every time someone taking it out for a test-drive. What implications would that have on economy, laws and technology? Would the car never have been invented? Would the property-laws look the same?
In any case, that is pretty much the current reality in the world of digital assets, or assets that can easily be digitized.
It's both a natural AND a virtual disaster.
And a business besides search engine for pirated content.
Note: I do not defend or condone piracy. I think it's generally wrong, but I do understand why it exists;
I think it's also a matter of accessibility.
1. There is simply no legal alternative to Torrent-sites with the same range of content, at the same "same-site"-convenience and instant gratification of a download. Nomatter what price the consumer is willing to pay.
2. For anyone interested in video-content, compatibility with the media-center is key. Due to various DRM-mechanisms and special-delivery-methods of legal alternatives, formats from piracy sources are usually more compatible and "just works".
3. Geographical barriers limit the options in large parts of the world. Outside US, you just cannot get Hulu, and many other ad-driven or otherwise funded source, nomatter what you pay.
4. Release schedules. Much of the Hollywood media (TV and Movies) reaches parts of the World outside US slightly, or sometimes much later than the US premiere. Meanwhile, non-US citizens cannot conveniently access it without resorting to piracy, irregardless of willingness to pay.
While some will never accept any price, I think many of the current pirates wouldn't mind paying (many already pay for anonymity VPN services), if the 4 points above were reasonably addressed.
Supporting Example; Spotify. Before Spotify, a lot of my friends downloaded almost all music from pirate sources, even music they had already purchased. Downloading was simpler than ripping the CD, and you got it in non-DRM format. After Spotify, I hardly ever hear about anyone download pirated music. It's not worth it, since there's already a convenient legal way to get to most music anyways. In Sweden, most of music piracy is gone after Spotify. Many is satisfied with ad-driven Spotify, some purchase it, while some are still trying to get rid of the ads, equivalent of pirating it. Unfortunately, Spotify suffers from problem #3 and is not accessible throughout the world.
Simple. Physical media cannot give me the "instant gratification" of buying downloaded songs. Especially, it puts the burden of actually ripping it onto me, as well as incurr extra costs in manufacturing, shipping etc. Besides, the longevity of CD-formats vary greatly depending on the quality of plastic that is put it. (For example, my father recently discovered some of his 15-years-old CD:s doesn't play back today.) Ripping it losslessly, and backing it up to some cloud-storage is probably both more reliable AND more accessible.
Personally, I've just given up fuzzing around with music since I can never muster up enough interest to decide upon a playlist. Instead I mostly listen to Last.FM and yes, I do get inexplicable head-aches that might be attributed to digital compression. For TV-series however, I often buy the DVD-box when it comes out, just to put it on the shelf and download a pirated version instead. Much more convenient, and I get to skip over all crappy commercials and anti-piracy warnings. Now isn't that irony?
I personally would prefer to BUY in FLAC, even if I later have to transcode. If I buy lossily compressed, I can never get back original quality, but the other way is (relatively) easy. In particular, many of the music-stores are not web-outlets but requires a client-side software. (Itunes for one) If customers demanded it, it would be trivial to implement auto-conversion to the target-device, many already do, while keeping originals in fully-quality format.
And your analogy is a little weak in that when you are issued a COMPANY laptop, you aren't out any money and of course you should only do things related to your job description with it. The paradigm changes once it is hardware that YOU pay for.
Exactly. Is it the companys laptop, or your laptop?
A better analogy would be if Google only served unmodified Chrome viewers.
I too have a problem with the many occasions where they "bust" a myth due to failing to reproduce, while there are credible documented occasions of it actually happening.
That, and all the myths related to human performance, where an "X" gets to represent either an average X, or the best possible X. Especially when many of the myths includes some notion of super-human abilities. Congratulations, you just proved superman/santa-claus/hellboy doesn't really exists. Bravo.
If nothing else, the amount of changed verdicts in the revisits shows pretty clearly that while fun to watch (when they doesn't mess up completely), Mythbusters isn't an exact science.
If only git was a de-centralized VCS, these repositories would already have been cloned in the dozens around the world, and this take-down would be completely futile!
Oh, wait.
The whole "I trust you, so please go ahead and run your installer with admin-privileges."-model is fundamentally broken for so many reasons. It's not just the install-various-crap-I-did-not-want problem, but also the problem of the "installer" not knowing critical details about you particular config, breaking things horribly, the uninstall-problem, dependency-problem etc.
Package-management systems are usually just marginally better (there's still install/uninstall-scripts that can go haywire, and poor support for isolating 3d-party apps), but at least it's something.
Yeah, they are mostly trouble.
I'm sure someone has already reflected on this, but the thought hit my slow brain at first today:
[li] A project like Firefox could never have succeeded in a web-landscape where license-payments were needed to implement a web browser.
[li] Without Firefox, we would most likely still be stuck with IE.