And, btw, you SHOULD use encryption to browse wikipedia.
Great advice, and not only for the reason you stated. Several recent attacks (BEAST, CRIME, BREACH) will use unencrypted connections originating from your browser to discover information transmitted in its encrypted connections.
Find me a bank or online retailer that allows financial accounting data to be submitted over insecure connections instead of SSL.
There are a bunch of ways of working around and/or breaking SSL. Please read up on ssl stripping and the recent series BEAST/CRIME and BREACH. The former will terminate an ssl connection early, rewriting all links and references from http to https. The latter will place an agent script in any http pages requested and use cross-domain requests to disclose secure information.
I think I'll stick with what the IEEE working group came up with[...]
Parent posts' only requirement was to enable network discovery without clients broadcasting probe requests. As long as no hiden SSIDs are involved, this functionality is widely available. Windows (XP and up, as far as I'm aware) will only send probe requests if it is configured to connect to a network with a hidden SSID. iOS is severely broken, Android (again, as far as I'm aware) a bit less so. Long story short: You don't need to send out your MAC address to discover broadcasting networks. You need it to join them, which is an entirely different matter.
I never heard of anyone getting rooted over a voice-only phone call.
Hi. (Online) Security Officer for a large bank here. I deal with Phishing, Malware and the likes on a daily basis. You are partially right: Most of the attacks we observe tend to rely on an online vector. However, mixed-media has seen a great rise throughout 2012, the most popular attack being phishing coupled with voice-only phone calls. From our point of view, we can bring a lot of defense mechanisms into our online services, while phone-based authentication isn't quite up to scratch. Leaving phone-based attacks aside, simply forging your signature on a payment order tends to be easier than obtaining access to your online banking account.
That being said: I don't work for your bank and am not aware about its security deployment. If you are interested in banking online but worried about security, shop around and compare security mechanisms. Whenever possible, favor two-factor solutions whose secondary factor is some device that is not connected to your computer (e.g. PhotoTAN, Flickering or a card reader); avoid mTAN and any variations of printed code matrices.
This sums up the real problem nicely: "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." -- Alexander Fraser Tyler
But it can. If the population of that democracy is well-educated and far-sighted enough to realize how voting itself money from the Public Treasury would undermine the very basis of their community, it may just last. Case in point: Switzerland, whose employment law already dictates a minimum of four weeks' paid vacation per year recently held a public vote whether said minimum should be extended to six weeks'. The result? 67% of the voting public disliked the idea, a resounding no.
Before even considering their cell phones, victims' computers are infected (by way of a drive-by exploit kit, e.g. Blackhole) with a variant of the ZeuS trojan. Upon their next log in at their e-banking site, ZeuS injects HTML and JavaScript into their browser. In this case, it'll inject a prompt for the victim's phone number and operating system. Since that prompt is shown within the (trusted) e-banking application, green address bar and all, it may look somewhat legitimate.
Only after entering their cell details, users will get an SMS directing them to a ZeuS mobile package. That text was solicited (seconds before, by the user themselves), though, and the banking app actually prompts for a confirmation code that'll only be displayed if the user installs said app.
All in all some naiveté is required, but to me, the whole setup is insidious and intricate enough not to ring any alarm bells in your average user.
What I want is a committed rate and the option to pay in advance for a higher committed rate.
My cell's data plan includes 500 MB of data per month. That's not a lot, but it's enough for my push E-Mail, some browsing, Android Market downloads and whatnot. Each month spans a duration of some 2.5 Million seconds. If I had a commited rate, my data plan would be equivalent to (less than) 200 bps. A 2 MB Download would take three hours. Downloading Skype (at some 15 MB) would take approximately a day. And actually using Skype, I might transmit a second of audio every ten and receive another every other ten seconds. I prefer to download Skype in a minute and tone back the data use for the rest of the day. Or use the bandwidth I won't be using while asleep for an hour-long call while I'm awake. Long story short, there's a reason server(-style) bandwidth is sold and metered in mbps and consumer bandwidth is sold in GB/month: completely different usage patterns.
Oh come on, people, please. Have a bit of imagination. Telephone systems and printed CAPTCHAS? This is the precise situation interpretive dance was invented for. Also, since this is France: mimes!
That snipped looks bad. But, if the model was implemented right*, it may be close to best practice. Rails allows you to overload functions. Ideally, Album#destroy would check if the current user is allowed to delete the object and either delete itself or ignore the request if the user isn't authorized to delete it. Implementing security checks at the model level has the great advantage of limiting all security-related functions to a single, easily audit-able, consistent code path. The snippet still lacks reporting for permission (or missing album) errors, so it's not really nice, but possibly still secure. Additionally, photos_controller could be using a before_filter checking if the user is authorized to do whatever he's trying to do. Given the snippet, a matching filter function would have to be rather strange, but it could be done.
* Two problems: The code lacks any exception handling and, as far as I know, relying on the user credentials gathered from the session object in a model is not considered best (or even good) practice. This could be somewhat mitigated if Album#destroy were to allow an optional parameter providing a user [id].
The first paragraph of page 4 answers the question of gender. It's quite fun to get through the first three pages assuming the opposite and finding some aspects of that dynamic quite odd.
Consumers would be far better off if the labelling was required to carry the standard name (HDMI 1.3 or HDMI 1.4 with whatever add-on) and a URI pointing to the standards documentation.
Even simpler: Require the (required/tested) bandwidth to be printed on all devices and cables. Cables would be advertised as capable of 5, 10.2 or however many Gbps, devices would sport a table along the lines of 720p = 4 Gbps, 1080i = 6 Gbps, 1080p = 8 Gbps, 1080p60+3D (highest quality) = Over 9000 Gbps. To pick a cable, consumers could look at the packaging, manual or sticker on their devices, pick the greatest mode both devices support and buy a cable capable of at least that throughput. Problem solved, maximum compatibility achieved.
That was either a couple of decades ago or they eased up on you because of the pre-existing license. As of now, you'll take a written exam consisting of some 40 questions, most about road signs, some about the right of way on strange intersections. Passing that grants you a learner's permit with which you're expected to take about 15 lessons of driver's ed and a mandatory training programme spanning some three evenings before taking the actual exam of some 45 minutes of driving around with an examiner in the passenger seat who will be watching you quite critically. Passing that, you get a license for three years during which you'll have to visit two whole days of training. Finally, at the end of those three years, if you haven't had your license withdrawn, you'll finally get the definitive one. Total cost starts at at least $1k (just exam fees and trainings), usually around $2-3k (including driver's ed).
[...] for 12,000 people, eliminating any chance that they will pay Valve for it [...]
They actually seem to have handed out two copies to every affected account, i.e. 24'000 copies total. If even half of the gift ones end up with people who'll play them, Valve gets an 18'000 player boost to their L4D2 community and 18'000 people who might potentially mention L4D2 to their friends and invite them for a round of play. Valve gets goodwill by the truckload, a large expansion of their player base and tons of inexpensive (but highly valuable word-of-mouth) marketing, those affected by the ban get a free game to play and one to give away -- everybody wins.
In a working direct democracy, the government cannot pass legislation that'll piss a majority of the people off. Unfortunately, and that's not even limited to the US of A, a lot of people are amazingly stupid. But to get back to your examples:
How about another tax hike
Roads, schools, firemen and, well, every other public service need funding. If backed by valid reasons, few people will contest a tax hike.
how about making driking and driving laws so strict that using mouthwash 10 minutes before driving to work will put you over the legal limit
You don't get convicted on a breathalyzer readout (not in Europe, anyways. The strange things you folks overseas do are, well, strange). You'll get taken to the nearest hospital, lose a couple drops of blood and with a bit of a delay you'll be on your way without a charge. Use an alcohol-free mouthwash before your next important appointment and you're good. And again, most people prefer a couple of mouthwash-related blood alcohol tests to hordes of drunk people in control (or lack thereof) of two tons of speeding metal each. Cars are dangerous. Operating dangerous machinery while drunk is deadly.
how about the war on drugs and the laws against certain harmless ones like Pot
That one is quite sad. Basically it boils down to dumb people being afraid of things they don't understand. It's not entirely the politicians' fault, though. Check the voting records of, say, Switzerland, where public votes have been had: the disappointing turnout was some 65% of naysayers. Broaden your horizon: pot consumers tend to be in the 15-30 age bracket, and there's a whole bunch of voters aged 30+ and lots of them don't see a reason to legalize.
how about all the regulations that drive up the costs of consumer goods
Can you spell Nanny State? A lot of people do and really like the concept of it. In any case, it's easier to just regulate everything than find a great balance; and it's easier to just nod things through than propose a better alternative.
how about the laws about speed on straight roads in the middle of nowhere with no traffic
As far as I know, none of the satellite-based have left their trial stages. Save for those, you're good to go: as long as you are concentrated enough to see and react to any speeding cams, patrol cars and wild life from far enough, none of these will bother you. It's quite logical: If you speed only as much as you can actually handle, you won't be arrested because you'll already have slowed down to the speed limit in the event of a checkpoint. If you couldn't manage that, you were demonstrably going faster than you can handle and should get ticketed. In any case, speeding cams get approval ratings of around 70% in the UK. Speed limits probably even higher. This is not the government working against you, it's the government working for the majority of voters.
They don't. They get around 2-3% of every transaction, which is quite enough to make them very profitable. Of course, charging you 15% APR on way too much credit is even more profitable, but not required. If you want to piss them off (and can take a bit of a dive in your credit score), take up one of the numerous "0% APR over 12 months" offers and clear the card right out. Expect to be charged $5 per withdrawal, so head to the bank counter and get those $10k or whatever you're approved for in one swoop instead of ten transactions at the ATM. Deposit all of it into a high-yield savings account (2-3% are quite realistic) or, if you're feeling really ballsy, stocks*. After a year, pay off your $10k in credit card debt and keep the $2-300. Or, if you've gotten another "0% APR" offer, get it and use it to pay off the other card, netting you another 12 months of interest-free capital to play with; totalling $400-$650 with no risk or associated cost.
Oh, and 'cause this is slashdot, we'll need a car analogy: Paying off in full at the end of the month is like hailing a taxi, having it drive to the airport and not tipping: very much okay. Aggregating debt is like taking the taxi at the very back of the row at a train station, having yourself driven to the airport and tipping generously. What I've described above is catching the cab at the front of the line (after the driver has been waiting in there for an hour or so), having yourself driven around the block, getting out after half a mile and not tipping. Heh.
* Stocks are very profitable for long-term investments. If, after a year, your portfolio has not made any progress, you will be deeper in the shitter than you'd be if you'd have stuck to your own cash. You will not be breaking even against a 15% APR on your capital. Do NOT invest more in stocks than you have on hand and can spare. Mortgages, nest eggs and retirement savings (after passing 50 or so) are not in that group.
[...] now bitch how badly WIn 7 runs on a 2008 netbook...
Win 7 runs very satisfyingly on my 2006 (February even) T60p. With all the Aero nonsense of Vista and the useful additions 7 added. I'd say it's about as snappy as XP ever was.
some of HTC's "enhancements" to Android have been anything but
True. To every upside, there's probably a downside. HTC's keyboard is a great example: a lot better when it comes to entering numbers, worse when it comes to exotic umlauts or accents and it lacks the context-sensitive "Next"/"Done"/"Search"/":-)" key. The parts of Sense I'd really like to see on my Nexus One are the Phone App and mayhaps the calendar widget, the rest doesn't strike me as too useful.
On another note, Eclaire in GP should obviously be Eclair, and all instances of [Ee]clair should be FroYo. My bad.
On my Nexus One (running Eclaire right now), I can:
- Copy and paste within the mail app by pressing the menu button, and using the "Select Text" feature. - Copy text messages with a long press onto the message, then "Copy Message Text" - Browse anything I've tried so far. If you'll get me a link to your crashy MSDN page, I'll try it.
The whole smoothness aspect has made a lot of progress from 2.1 to 2.2. Before, animations and all did feel slightly sluggier than on an iPhone 3GS; running eclair everything is as smooth as it gets. Applications launch in what amounts to no wait time. Absolutely marvelous.
Chip off a corner of the Scantron sheet (ensure correct orientation), then, for the visually impaired, distribute a plastic mask/stencil along with the sheet. On that mask, include the candidate names in braille, each next to a hole through which you can directly write onto the sheet. Such masks are easily available with holes for each line (instead of small holes and braille). Adapting them is trivial. If cost is an issue, replace the candidate name on the stencil with numbers, throw in an instruction sheet in braille with the name and number of each candidate and you can reuse the stencil. Write-ins are slightly more complicated if the voter is unable to write by hand. But at that point, expecting a trusted person to help doesn't seem too over-boarding to me.
Many (older) phones have a connector for external antennas. Get four that do plus two matching antennas, set up with a couple of yards of clearance from the control hive and get a better result. Repeat for ten sets of hives or so and it'll start to get real interesting.
In most of the western world, prepaid SIMs have only been sold to users with some sort of proper ID for a couple of years now. I'm fairly sure this is mandated through the whole EU. Most countries even have some sort of nationwide identification cards, which tend to be the single or one of very few ways to, well, prove your identity.
Opera Mini (5 beta, available from the market) can make use of Opera Link, keeping bookmarks and co. in sync through all desktop and mobile instances configured for the same user.
In addition to what Fx and Fx Home do, it also includes a fast rendering engine, better UI, snappier JavaScript, a better developer console, an awesomer bar and a bunch of other stuff. With alternatives like Chrome and Opera, when can we finally put that XULly abomination to rest?
That's just the User-Agent string. The actual fingerprint consists of that and a big bunch of other headers your browser sends out with each request. Language, preferred encoding, plugins; screen resolution, your installed fonts and so on.Changing your standard browser's user-agent to something like you quoted above is a surefire way to be even more unique. Check the panopticlick page for your details. Keep in mind their "bits of identifying information" only apply to a single header. A bit of work and identifying over all of these fields is easily done. Throw in a bit of extra work and users can be singled out even after they change one or two of 'em. Summing all the lines together, I can get some 70 bits of identifying info out of my (almost worst-case) setup: Ubuntu 9.10 running a snapshot of Opera 10.54 with a couple of extra fonts and a weird screen resolution.Cut away user-agent and plugins and we're still at some 35, more than IPv4 addresses out there.
Some time ago, there was a university experiment combining a high-resolution (centered) display with a large-surface but low-res projection, for peripheral vision. Never heard of it again, so apparently it wasn't that successful. IIRC, the high-res part was fixed, though. Small 1080p displays should be available, there's plenty of LCD projectors. Possibly not in an inch, probably not too cheap.
Slashdot Mirror
Great advice, and not only for the reason you stated. Several recent attacks (BEAST, CRIME, BREACH) will use unencrypted connections originating from your browser to discover information transmitted in its encrypted connections.
There are a bunch of ways of working around and/or breaking SSL. Please read up on ssl stripping and the recent series BEAST/CRIME and BREACH. The former will terminate an ssl connection early, rewriting all links and references from http to https. The latter will place an agent script in any http pages requested and use cross-domain requests to disclose secure information.
Parent posts' only requirement was to enable network discovery without clients broadcasting probe requests. As long as no hiden SSIDs are involved, this functionality is widely available. Windows (XP and up, as far as I'm aware) will only send probe requests if it is configured to connect to a network with a hidden SSID. iOS is severely broken, Android (again, as far as I'm aware) a bit less so.
Long story short: You don't need to send out your MAC address to discover broadcasting networks. You need it to join them, which is an entirely different matter.
Hi. (Online) Security Officer for a large bank here. I deal with Phishing, Malware and the likes on a daily basis. You are partially right: Most of the attacks we observe tend to rely on an online vector. However, mixed-media has seen a great rise throughout 2012, the most popular attack being phishing coupled with voice-only phone calls.
From our point of view, we can bring a lot of defense mechanisms into our online services, while phone-based authentication isn't quite up to scratch. Leaving phone-based attacks aside, simply forging your signature on a payment order tends to be easier than obtaining access to your online banking account.
That being said: I don't work for your bank and am not aware about its security deployment. If you are interested in banking online but worried about security, shop around and compare security mechanisms. Whenever possible, favor two-factor solutions whose secondary factor is some device that is not connected to your computer (e.g. PhotoTAN, Flickering or a card reader); avoid mTAN and any variations of printed code matrices.
But it can. If the population of that democracy is well-educated and far-sighted enough to realize how voting itself money from the Public Treasury would undermine the very basis of their community, it may just last. Case in point: Switzerland, whose employment law already dictates a minimum of four weeks' paid vacation per year recently held a public vote whether said minimum should be extended to six weeks'. The result? 67% of the voting public disliked the idea, a resounding no.
Not that dumb, actually:
Before even considering their cell phones, victims' computers are infected (by way of a drive-by exploit kit, e.g. Blackhole) with a variant of the ZeuS trojan. Upon their next log in at their e-banking site, ZeuS injects HTML and JavaScript into their browser. In this case, it'll inject a prompt for the victim's phone number and operating system. Since that prompt is shown within the (trusted) e-banking application, green address bar and all, it may look somewhat legitimate.
Only after entering their cell details, users will get an SMS directing them to a ZeuS mobile package. That text was solicited (seconds before, by the user themselves), though, and the banking app actually prompts for a confirmation code that'll only be displayed if the user installs said app.
All in all some naiveté is required, but to me, the whole setup is insidious and intricate enough not to ring any alarm bells in your average user.
My cell's data plan includes 500 MB of data per month. That's not a lot, but it's enough for my push E-Mail, some browsing, Android Market downloads and whatnot. Each month spans a duration of some 2.5 Million seconds. If I had a commited rate, my data plan would be equivalent to (less than) 200 bps. A 2 MB Download would take three hours. Downloading Skype (at some 15 MB) would take approximately a day. And actually using Skype, I might transmit a second of audio every ten and receive another every other ten seconds.
I prefer to download Skype in a minute and tone back the data use for the rest of the day. Or use the bandwidth I won't be using while asleep for an hour-long call while I'm awake. Long story short, there's a reason server(-style) bandwidth is sold and metered in mbps and consumer bandwidth is sold in GB/month: completely different usage patterns.
Oh come on, people, please. Have a bit of imagination. Telephone systems and printed CAPTCHAS? This is the precise situation interpretive dance was invented for. Also, since this is France: mimes!
That snipped looks bad. But, if the model was implemented right*, it may be close to best practice.
Rails allows you to overload functions. Ideally, Album#destroy would check if the current user is allowed to delete the object and either delete itself or ignore the request if the user isn't authorized to delete it. Implementing security checks at the model level has the great advantage of limiting all security-related functions to a single, easily audit-able, consistent code path. The snippet still lacks reporting for permission (or missing album) errors, so it's not really nice, but possibly still secure.
Additionally, photos_controller could be using a before_filter checking if the user is authorized to do whatever he's trying to do. Given the snippet, a matching filter function would have to be rather strange, but it could be done.
* Two problems: The code lacks any exception handling and, as far as I know, relying on the user credentials gathered from the session object in a model is not considered best (or even good) practice. This could be somewhat mitigated if Album#destroy were to allow an optional parameter providing a user [id].
(Spoiler alert)
The first paragraph of page 4 answers the question of gender. It's quite fun to get through the first three pages assuming the opposite and finding some aspects of that dynamic quite odd.
Even simpler: Require the (required/tested) bandwidth to be printed on all devices and cables. Cables would be advertised as capable of 5, 10.2 or however many Gbps, devices would sport a table along the lines of 720p = 4 Gbps, 1080i = 6 Gbps, 1080p = 8 Gbps, 1080p60+3D (highest quality) = Over 9000 Gbps. To pick a cable, consumers could look at the packaging, manual or sticker on their devices, pick the greatest mode both devices support and buy a cable capable of at least that throughput. Problem solved, maximum compatibility achieved.
That was either a couple of decades ago or they eased up on you because of the pre-existing license. As of now, you'll take a written exam consisting of some 40 questions, most about road signs, some about the right of way on strange intersections. Passing that grants you a learner's permit with which you're expected to take about 15 lessons of driver's ed and a mandatory training programme spanning some three evenings before taking the actual exam of some 45 minutes of driving around with an examiner in the passenger seat who will be watching you quite critically.
Passing that, you get a license for three years during which you'll have to visit two whole days of training. Finally, at the end of those three years, if you haven't had your license withdrawn, you'll finally get the definitive one. Total cost starts at at least $1k (just exam fees and trainings), usually around $2-3k (including driver's ed).
They actually seem to have handed out two copies to every affected account, i.e. 24'000 copies total. If even half of the gift ones end up with people who'll play them, Valve gets an 18'000 player boost to their L4D2 community and 18'000 people who might potentially mention L4D2 to their friends and invite them for a round of play.
Valve gets goodwill by the truckload, a large expansion of their player base and tons of inexpensive (but highly valuable word-of-mouth) marketing, those affected by the ban get a free game to play and one to give away -- everybody wins.
In a working direct democracy, the government cannot pass legislation that'll piss a majority of the people off. Unfortunately, and that's not even limited to the US of A, a lot of people are amazingly stupid. But to get back to your examples:
Roads, schools, firemen and, well, every other public service need funding. If backed by valid reasons, few people will contest a tax hike.
You don't get convicted on a breathalyzer readout (not in Europe, anyways. The strange things you folks overseas do are, well, strange). You'll get taken to the nearest hospital, lose a couple drops of blood and with a bit of a delay you'll be on your way without a charge. Use an alcohol-free mouthwash before your next important appointment and you're good. And again, most people prefer a couple of mouthwash-related blood alcohol tests to hordes of drunk people in control (or lack thereof) of two tons of speeding metal each. Cars are dangerous. Operating dangerous machinery while drunk is deadly.
That one is quite sad. Basically it boils down to dumb people being afraid of things they don't understand. It's not entirely the politicians' fault, though. Check the voting records of, say, Switzerland, where public votes have been had: the disappointing turnout was some 65% of naysayers. Broaden your horizon: pot consumers tend to be in the 15-30 age bracket, and there's a whole bunch of voters aged 30+ and lots of them don't see a reason to legalize.
Can you spell Nanny State? A lot of people do and really like the concept of it. In any case, it's easier to just regulate everything than find a great balance; and it's easier to just nod things through than propose a better alternative.
As far as I know, none of the satellite-based have left their trial stages. Save for those, you're good to go: as long as you are concentrated enough to see and react to any speeding cams, patrol cars and wild life from far enough, none of these will bother you. It's quite logical: If you speed only as much as you can actually handle, you won't be arrested because you'll already have slowed down to the speed limit in the event of a checkpoint. If you couldn't manage that, you were demonstrably going faster than you can handle and should get ticketed.
In any case, speeding cams get approval ratings of around 70% in the UK. Speed limits probably even higher. This is not the government working against you, it's the government working for the majority of voters.
You're probably thinking of these. Not quite $3000, but 0x$1 is a start.
They don't. They get around 2-3% of every transaction, which is quite enough to make them very profitable. Of course, charging you 15% APR on way too much credit is even more profitable, but not required. If you want to piss them off (and can take a bit of a dive in your credit score), take up one of the numerous "0% APR over 12 months" offers and clear the card right out. Expect to be charged $5 per withdrawal, so head to the bank counter and get those $10k or whatever you're approved for in one swoop instead of ten transactions at the ATM. Deposit all of it into a high-yield savings account (2-3% are quite realistic) or, if you're feeling really ballsy, stocks*. After a year, pay off your $10k in credit card debt and keep the $2-300. Or, if you've gotten another "0% APR" offer, get it and use it to pay off the other card, netting you another 12 months of interest-free capital to play with; totalling $400-$650 with no risk or associated cost.
Oh, and 'cause this is slashdot, we'll need a car analogy: Paying off in full at the end of the month is like hailing a taxi, having it drive to the airport and not tipping: very much okay. Aggregating debt is like taking the taxi at the very back of the row at a train station, having yourself driven to the airport and tipping generously. What I've described above is catching the cab at the front of the line (after the driver has been waiting in there for an hour or so), having yourself driven around the block, getting out after half a mile and not tipping. Heh.
* Stocks are very profitable for long-term investments. If, after a year, your portfolio has not made any progress, you will be deeper in the shitter than you'd be if you'd have stuck to your own cash. You will not be breaking even against a 15% APR on your capital. Do NOT invest more in stocks than you have on hand and can spare. Mortgages, nest eggs and retirement savings (after passing 50 or so) are not in that group.
Win 7 runs very satisfyingly on my 2006 (February even) T60p. With all the Aero nonsense of Vista and the useful additions 7 added. I'd say it's about as snappy as XP ever was.
True. To every upside, there's probably a downside. HTC's keyboard is a great example: a lot better when it comes to entering numbers, worse when it comes to exotic umlauts or accents and it lacks the context-sensitive "Next"/"Done"/"Search"/":-)" key. The parts of Sense I'd really like to see on my Nexus One are the Phone App and mayhaps the calendar widget, the rest doesn't strike me as too useful.
On another note, Eclaire in GP should obviously be Eclair, and all instances of [Ee]clair should be FroYo. My bad.
On my Nexus One (running Eclaire right now), I can:
- Copy and paste within the mail app by pressing the menu button, and using the "Select Text" feature.
- Copy text messages with a long press onto the message, then "Copy Message Text"
- Browse anything I've tried so far. If you'll get me a link to your crashy MSDN page, I'll try it.
The whole smoothness aspect has made a lot of progress from 2.1 to 2.2. Before, animations and all did feel slightly sluggier than on an iPhone 3GS; running eclair everything is as smooth as it gets. Applications launch in what amounts to no wait time. Absolutely marvelous.
Chip off a corner of the Scantron sheet (ensure correct orientation), then, for the visually impaired, distribute a plastic mask/stencil along with the sheet. On that mask, include the candidate names in braille, each next to a hole through which you can directly write onto the sheet.
Such masks are easily available with holes for each line (instead of small holes and braille). Adapting them is trivial. If cost is an issue, replace the candidate name on the stencil with numbers, throw in an instruction sheet in braille with the name and number of each candidate and you can reuse the stencil.
Write-ins are slightly more complicated if the voter is unable to write by hand. But at that point, expecting a trusted person to help doesn't seem too over-boarding to me.
Many (older) phones have a connector for external antennas. Get four that do plus two matching antennas, set up with a couple of yards of clearance from the control hive and get a better result. Repeat for ten sets of hives or so and it'll start to get real interesting.
In most of the western world, prepaid SIMs have only been sold to users with some sort of proper ID for a couple of years now. I'm fairly sure this is mandated through the whole EU. Most countries even have some sort of nationwide identification cards, which tend to be the single or one of very few ways to, well, prove your identity.
Opera Mini (5 beta, available from the market) can make use of Opera Link, keeping bookmarks and co. in sync through all desktop and mobile instances configured for the same user.
In addition to what Fx and Fx Home do, it also includes a fast rendering engine, better UI, snappier JavaScript, a better developer console, an awesomer bar and a bunch of other stuff. With alternatives like Chrome and Opera, when can we finally put that XULly abomination to rest?
JavaScript. Detects screen resolution and plugins, too.
That's just the User-Agent string. The actual fingerprint consists of that and a big bunch of other headers your browser sends out with each request. Language, preferred encoding, plugins; screen resolution, your installed fonts and so on.Changing your standard browser's user-agent to something like you quoted above is a surefire way to be even more unique.
Check the panopticlick page for your details. Keep in mind their "bits of identifying information" only apply to a single header. A bit of work and identifying over all of these fields is easily done. Throw in a bit of extra work and users can be singled out even after they change one or two of 'em.
Summing all the lines together, I can get some 70 bits of identifying info out of my (almost worst-case) setup: Ubuntu 9.10 running a snapshot of Opera 10.54 with a couple of extra fonts and a weird screen resolution.Cut away user-agent and plugins and we're still at some 35, more than IPv4 addresses out there.
Some time ago, there was a university experiment combining a high-resolution (centered) display with a large-surface but low-res projection, for peripheral vision. Never heard of it again, so apparently it wasn't that successful. IIRC, the high-res part was fixed, though.
Small 1080p displays should be available, there's plenty of LCD projectors. Possibly not in an inch, probably not too cheap.