I'm using simple design (only, not low bandwidth) here "since a few days." It did make a difference.
However, I don't use disk caching on either main browser (konqueror and iceweasel/firefox/GranParadiso), in part because I run the connections of both thru privoxy, which I have setup to enforce (among other things) my light text on dark background preferences, and I want a refresh to really be a refresh, not reuse disk-cached content, either there or on other pages I visit after any privoxy changes (and my bandwidth is decent enough it normally makes little difference anyway). Thus, my browsing experience is already different than most, based on my privoxy config.
Anyway, if you're not seeing any changes at all, perhaps your browser is using cached pages, and disabling cache and refreshing might just do the trick. Otherwise, it's always possible to run privoxy (or firefox and greasemonkey works for many, IIRC there's even a/. specific script for it) or some other custom-filtering/rewriting proxy, and rewrite what you don't like, just as I do most of the web now, enforcing my light on dark preferences without changing the colors/too/ much (red is still red, for instance, just darkened to a brick red if it's background, brightened to bright red if it's text).
BTW, I had to filter the rss-feed recently too, creating a new filter just for it, as/. broke it somehow. The links had the title after them, which wasn't working -- clicking them would redirect to a 404/not-found -- so I had to filter it back to just the numeric link. Now it works just fine, and as a bonus, I killed the redirect thru whatever click-tracker it was they were using as well, thus allowing the page to load faster as well as avoiding the tracker. =:^)
[mods, please don't mod this one up beyond 1. I'm not using my karma bonus either, as I don't want anyone coming across the whole open post at work, without seeing the warning first, just in case there's a humorless censor policy involved. But I stand by my posts and therefore it's not AC. If I lose a potential job as a result, so be it, I'd be unhappy working there anyway.]
I expect all cookies are "tracking cookies" to the malware detector, tho it may not see the per-session cookies at all, because most browsers keep those in memory only -- they never hit disk.
FWIW, for cookies, a decent browser these days allows per-site choice. You set a default (which is off, here, or ask, I'd never consider on a valid cookie default), and then have per-site exceptions. For ask, the default answer to the prompt should then be no, with the remember my choice set, so it remembers it for that site. In this way, in a week or two, the sites one normally makes the rounds of are already set and the level of bother drops dramatically.
Another option that helps is the turn all cookies into session cookies option (IOW, don't honor the expires tag, since no tag is assumed by convention to mean session only). The way I work it here, I have privoxy set to session cookies only, thus stripping the expires tag off of all cookies it sees (it doesn't handle https at all, passing it straight thru unfiltered, so those cookies get thru with the expires tag intact.) Then I set the browser's cookie options as I want, normally off with exceptions tho that's not so critical now, and don't worry about it, because they'll all be forgotten at the end of the session anyway. If I want a particular site's cookies saved, I set an exception in privoxy first, so the cookies for that site now come in with expires tags, and then set the browser options to save cookies for that site (the option can usually handle downn to specific URLs if desired, but per-site is generally good enough and much less management hassle).
If all cookies are treated as session cookies, it eliminates the cookie issues on shopping sites and the like, but login cookies aren't saved between sessions, so you have to login once every new browser session.
FWIW on the condoms thing, it's simply the oil vs water based lube deal. Oil eats rubber, so for both condoms and rubber/silicon/plastic sex toys, oil-based lubes, including vaseline, are a no-no. Water based lubes such as the various glycerin/water based lubricating jellies (KY, and most of the stuff you'd see at sex shops these days too, since oil damage to both condoms and toys is well known in the industry, and it can be a literally life and death thing when you're depending on that condom to prevent AIDS) are fine with rubber, etc. However, water/glycerin based tends to dry out faster than oil under conditions where lube may be needed in the first place, and applying more can make it too thick after awhile, so if that is found to be an issue, rather than going back to oil as one may be tempted to do, consider simply keeping a squirt bottle of water or water pre-thinned lube around, to renew the moisture level only, when necessary.
Wow, I feel like I was just browsing around, and just came across and edited a wikipedia article on some kink or another now, for some reason! =:^)
Well, I suppose whether or not "even fairly healthy people" get infected with "low grade malware" does kind of depend on what one defines as malware. Some of those detectors at one point labeled all cookies as malware. I don't necessarily agree with that, and even then, cookies (along with scripting and the like) are controllable per-site these days, and I'd not call the cookies I choose to allow (/. login cookies, state (AZ) cookie for my bank, Linux Weekly News login cookie, Gentoo bugzilla login cookie, a limited few others), "malware".
Web beacons aka web bugs I'd consider low-level malware, tho I run privoxy to kill many of those, and I doubt they come up on the malware detectors.
But it's worth reposting something I wrote as a reply to someone claiming "because of his browsing habits" wasn't correct, when he picked up Antivirus 2008, and saw comments to that effect when he googled getting rid of it. Excerpt and summary (follow the link for the full post):
Also, browsing habits could well be defined as inclusive of the platform you choose to browse from, and almost certainly would include your choice of browser. You don't here of so many getting infected running say firefox on MS, and even fewer running any of the even semi-common Linux platform browsers...
[C]hanging just one of [the four:] adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!
(FWIW, yes, I do acknowledge that firefox with scripting on and using un-updated plugins like Adobe Acrobat that have had recent holes... does get people infected occasionally, and that a few of them have been running it on Linux. From what I've seen, that's often a PEBCAK issue. You can't blame a condom for breaking if you lubed with Vaseline!)
Interesting. You actually get infections to clean up, and not just one here and there, but to the point you can talk about "malware infection level" as if it's routine?
There's apparently millions like you, so you're not alone by far, and I'm glad that you're so honest about it, on a tech site where a lot of users (including me) either have never had an infection or wouldn't admit to it if they had, but wow, you're perhaps the first poster I've seen, certainly the first/. poster I've seen, that treats it as so absolutely routine that they can talk about the level of it as if it was the level of the water in the nearest river, or the level of traffic on the highway outside the window. That's sad and shocking, yet refreshingly honest and encouraging, that it has actually gotten to that point. There's plenty/. posters that talk about "the malware infection level" on the computers people bring to them for cleaning, but this is the first time I've seen anyone talk about it that way on their own machines. It's normally "that other guy's machine, poor uneducated user!"
(Me? I've never had an infection as I always cared enough about security to spend a decent amount of time and energy staying current on security matters, etc, and since MS did what they did with eXPrivacy, I upgraded to Linux instead of that, and haven't looked back. The only proprietaryware I run is a 1993 update of Master of Orion, original DOS version, now run in (freedomware) DOSBOX. No proprietaryware kernel modules. No flash, nothing, as I can't agree to the EULAs, and I trust those who have such total disregard for what I consider natural and inalienable human rights as to assume that I'd even/consider/ agreeing to such things about as much as I trust other malware writers -- they obviously have about the same regard for my value as a free and thinking human being.
Actually, come to think of it, so do many of the ad providers, targeting the programmable zombie level of humanity, those who can be influenced to buy something just because they see an ad telling them they need/want it a few times, instead of appealing to logic and reason. Really, that's part of the problem. It's the same programmable zombies that ads are the most effective with, that malware is most effective with. They don't seem to care or to even/want/ to care, or neither one would be particularly effective, much like a disease in a population where the vaccination level has reached an effective level, just a one-off here or there, not enough to maintain viability. That is, after all, what caring enough to get and act on the necessary knowledge to secure a computer is all about; it's a kind of vaccination of the populace, and were it to ever get to effective levels, neither ads as we know them nor malware would be viable any longer. Knowledge is indeed a powerful thing, but most people simply don't care, and, it's impossible to actually get enough to care, because doing so, where possible at all, is incredibly labor intensive.
So I suppose ads and malware, much like poverty and evil, will always be with us...
FWIW, neither konqueror nor iceweasel/firefox responded to the detection page here. First, I had meta-refresh turned off on konqueror so I had to turn it back on, but when neither it nor iceweasel responded, I put two and two together...
My strong preference is light text on a dark background, about opposite the scheme most of the web uses by default. What's worse, it's all too common for a site author to simply assume either a white background or black text, and set one without setting both so one is still the default, thus rendering it either light on light or dark on dark and making it nearly or entirely unreadable.
But the easiest solution, simply setting up an !important user CSS setup, doesn't account for changing colors at all -- I didn't want/all/ pages to be white text on a black background, just light on dark. If the page set a red background, I wanted to darken it, not make it black. Similarly, if a page set 0000ff (pure, rather darkish, blue, the eye not being as sensitive to blue as to red or green) text, I wanted perhaps robin's egg blue text, not white.
As a result I've setup a rather complex privoxy filterset that tries to keep the basic colors, while darkening light backgrounds and lightening dark text. A bright red background gets darkened to brick red or the like, for instance, just as I want.
Great... until I realized that loading bright background images with the now wrong assumptions (that my text would be dark, either by default or because the page made it that way before the filter rewrote it) rather killed things. Unfortunately, the dynamic adjustment of brightness idea doesn't work so well on images, so I'm left with little alternative but filtering those set as background.
Similarly with sites setting link:visited and the like. My browser default link colors take into account my preferences, but the page author doesn't know them. Rather than hassle setting up a whole colorset filter for those as I did for text and backgrounds, however, I simply killed any link: stylesheet directives. Now they (usually, as with the entire set, I still have to adjust the filters once in awhile) get filtered out and the browser default link colors take over. =:^)
The originally unintended but quite useful side effect is that this attack doesn't work on my browsers as filtered thru privoxy, because it depends on using as a telltale a feature I've filtered out of the incoming page. =:^)
Of course it's still possible to avoid privoxy filtering with the use of a secure connection. Back on MSWormOS I used to use The Proxomitron, which could make use of the SSLeay libs to handle SSL[1] connections too. As luck would have it, that's on the recently updated privoxy todo list, as well. I've been WAITING for that!
[1] This was NOT a man-in-the-middle attack, as the browser-proxy connection was entirely over localhost and therefore at the client endpoint. There was thus no more danger to have that connection unencrypted than there was for the browser itself to be handling the unencrypted content. The connection between the proxy and the server at the far end was still encrypted as usual, and thus resistant to MitM attacks. All this assuming the proxy code is as trusted as the browser code, of course, and that the proxy would detect problems with the certificate similar to the way a browser would, and would throw up an appropriate notification page if it detected any funny business, just as would the browser. I'm actually not entirely sure The Proxomitron had integrated certification checking and warning code, but it was of course possible to configure either it or the browser to bypass the mechanism and filtering for individual sites, like my bank. But given that privoxy is under SPI much as Debian is, and based on public reputation and the fact it/is/ open source, I expect privoxy will do the right thing, in addition of course to having it be a compile-time option for those uncomfortable with the idea.
Easy enough (well, in theory anyway, actually doing it is possible but beyond many). You know that rotating antenna you mentioned? Motorize it and hook it to a computer, possibly the same one running the DVR program (MythTV, of course =:^). Program the computer to rotate the antenna as necessary to pickup the desired channels and trigger that ~30 seconds (or whatever the rotation time is) before the program starts. If it's timed right, you could even record back to back on different directional channels, as the rotation will happen during the commercials.
FWIW, years ago (80s), living out on the Navajo reservation in the middle of nowhere in New Mexico (50 miles from town one direction, a couple miles from the trading post aka convenience store, and 30 miles from a small town and hospital in the other direction, Farmington being the 50 mile town for anyone familiar with NW NM or wanting to look at a map), one of my neighbors had a nice big tall antenna (with a power booster) they used to rotate to pick up Farmington, Window Rock and Gallup stations. It worked surprisingly well. I just went back to visit a couple months ago and it's still about the same. I've no idea what they'll get out there now, with digital only, tho.
But personally, no TV here for years. The zombie programming repeating ads just got too much for me, altho I guess MythTV takes care of that reasonably well now, if I wanted to bother. But they thing is, they're targeting the ad-programmable zombie, not the folks that actually enjoy thinking for themselves, so computers and the net are a better fit in any case.
Except... the "recent court rulings" you refer to were at the circuit court or lower. Bliski is now accepted for SCOTUS term 2010, so regardless of how that comes down and certainly nobody knows at this point, it's business as usual for the various software patenters.
And realistically, while we can hope the entire software patent policy gets cremated, it's not all that likely to happen. We can hope tho, particularly since the SCOTUS has never actually ruled that they were allowed in the first place and they originally weren't.
Meh. I use privoxy and already have quite extensive filters that rewrite the normal dark text on a light background to my preferred light text on a dark background. So I haven't seen any serious issues with the slashdot site at all.
OTOH, I *DID* have a problem with the rss feed links not working because they include the title in the link, and that just doesn't seem to work. (It seems to work as just the http://whatever.slashdot.org/story/yy/mm/dd/storyid/, but not with the title tacked on to the URL after storyid/.) However, that too I fixed with a privoxy filter, tho I've had to tweak it a couple times for cases that didn't fit my original filter, thus making unparsable the entire rss xml file after application of the (then) defective filter.
Actually, my bank does pretty much just that. Every year when they send out the new TOS (or when they otherwise make changes), in addition to sending out the complete version, they have an additional little pamphlet that explains what changed in (no doubt PR reviewed, but it's better than nothing) plain English, as well as listing the new legal terms with the changes in BOLD. (I don't recall whether they actually list the old terms or not, thus completing the parallel to diff, however.)
They're also pretty good about explaining exactly what to do if you don't like the new terms, and wish to keep the old terms (tho of course that normally means no new transactions on the account). Unlike some of the institutions making headlines out there, they do NOT force terms changes on old balances, and not only do they give you an opt-out (with the result of effectively canceling the account for new transactions) on old balances, I've yet to see them change the actual interest rate terms on them at all. That's NOT to say the interest rate itself can't change, but if it does, it's in accordance with the rules active when you made the purchase or otherwise established the balance. (The terms that can and do change are things like NSF fees charges, the specific terms under which foreign currency transactions occur, etc, plus of course rather more flexibility on any new balance terms.)
I've actually been quite pleased with them. The only thing I don't particularly like is the double-period balance (or whatever it's called, I don't think that's quite right) interest calculation method on the CC account, but I've solved that by simply paying off every month, save for I think one month near the beginning, thus incurring interest charges on new purchases for exactly one month. They've lost way more in interest from me deciding I will NOT carry over a balance even if I might have for a couple months otherwise, than they gained from that single month of interest on new purchases. But the double-period balance method (or whatever it's called) is set to become illegal next year, IIRC. I've been thinking about calling them up and asking them to remove it on the account now, and I probably would if I had a big purchase that I planned to take several months to pay off planned, but for now, it's just effective incentive not to carry a balance. =:^)
But the online banking works well with Konqueror from KDE 3, and has for years (not even requiring flash, which I don't have as it's proprietary and I couldn't accept the EULA, except for a single non-vital function, getting those "disposable card numbers"). I tell people I like them mostly because I never have to see them, since I have direct deposit and do all my banking online. =:^)
Plus, (and while I've avoided mentioning the name, this will give it away to some) it's the bank that SCO was all set to sue before it decided to try Chrysler, etc, instead. That SCO hated 'em was an extra special bonus for me as their customer. =;^)
You DO realize that PIN stands for "Personal Identification Number" and that ATM is short for "Automated Teller Machine", right?
So expanding the above, we have:
"When a personal identification number number is typed into an automated teller machine machine"...
WTF? Do you stutter stutter all all the time time when you type type?
(OTOH, I must admit for years I used the term "hot water heater"... until someone called my attention to the fact that it/actually/ was a "cold water heater". Why would someone wish to heat water that's already hot? It's not designed to be a steam generator and in fact if it gets to that point it's rather dangerous. Of course, here in Phoenix in the summer, it often/is/ a "hot water heater", or at least a "warm water heater", tho it then then becomes more a water storage unit than a water heating unit.)
While investigator licensing is likely a bit of a revenue generator in some states, there's actually a decent justification for it, the same as for a contractor's license, etc.
The justification is that licensed is de facto regulated. Even if the original license is normally a formality (say a few hours' training and a fee, if even the training at all), as long as a record is kept of complaints registered per license and with a bit of cooperation between states even better, given a license, it's possible to track who has had a license and for how long, as well as the number of complaints against them. If there's a serious complaint, the license can be pulled.
This is information educated consumers can and often do use, tho admittedly, more often for licenses for those covered by doctor's licenses, etc, then for contractors. Still, insurance and etc likely won't cover work (and may disqualify house coverage for work performed) by unlicensed contractors, and there are often ads from the contractor's associations, etc asking you to verify contractor's numbers, etc. If you feel you've been wronged by a licensed contractor, you can at least file a complaint. You're out of even that luck if you hired someone off the street.
The PI licenses are in theory much the same. They can regulate at least some of the most egregious violations of privacy, in theory, it makes them more careful about stalking, etc, both protecting the investigated, and it provides some assurance for the buyer of professional qualifications as well. At least, that's the theory, and it/can/ be the practice. If some states just use it as a revenue generator and don't do much to enforce rules, investigate complaints, and verify against other states, they're abusing the process and it/is/ simply a revenue generator for them. But that's not the way it has to be, and some states do put a few teeth into their consumer protection laws, so it's not always that way.
Here, we actually have a case of the law working as it should. MediaSentry didn't register as an investigator in the states it's now trying to bring evidence against residents of, they abused the system and got caught, and now the RIAA is being made to pay a price for hiring them to provide evidence to be used in court, without checking on that.
Hopefully the judge sees it that way as well, and throws out the illegally obtained evidence. We'll see.
While I use reiserfs(3) here and therefore have no personal bone in this, I regularly run live git kernels (tho only from -rc2 or so) and follow LWN religiously, plus kernel trap, H Online, LKML itself, and others, somewhat less religiously. I'm thus reasonably confident I've kept up with this and most other major kernel issues of late.
The ext4 "big blowup" occurred during the 2.6.29 development cycle. Some fixes were put in immediately, but some were too big or weren't going to be ready in time, so they went into 2.6.30, which is just about ready to come out, maybe another couple weeks.
So ext4 is still getting major "non-routine-maintenance-only" changes. By my reckoning, that makes it absolutely not-production-ready. Testing, fine, but not production. Here's what I'd consider ready to even look at for production, and even then, depending on the usage, the recommendation could be wait some more: Give ext4 one full kernel release cycle with no further issues and nothing other than routine updates and changes. Then/start/ considering it. Since some major changes went in for 2.6.30, that means that 2.6.31 would be the first possible full cycle without anything but routine maintenance changes, and it will be at least 2.6.32 before I'd consider it for anything but temporary data, for/me/. That's assuming there's no more non-routine changes still coming in 2.6.31, which would of course put it off yet another full cycle, to 2.6.33.
Again, that's the first I'd even/begin/ to consider it for production. As you've probably already noted if you've read the other comments, many sites are way more conservative than that, requiring six months (2-3 kernel release cycles) to two full years (about 10-11, possibly 12 kernel release cycles) with nothing but routine maintenance updates before they'll trust a filesystem. That's fine and I can certainly see 6-9 months, but personally, beyond a year, I'd consider the odds of screwed backups (even with tested 3X backups, onsite and 2X offsite) coincidentally hitting at the same time as a Katrina at my main ops site more worrisome than the stability of my production operational filesystem.
So I'd say no earlier than 2.6.32... and that's provided 2.6.31 brings no non-routine ext4 changes at all.
I won't attempt to cover the potential advantages and etc. That's covered well enough elsewhere. If you don't already know it's going to be a performance win based on your previous research and testing, you're putting the cart before the horse and you shouldn't even be/thinking/ about ext4 for your/productions/ systems yet. As I said, an OK-to-break testing system, sure, but you don't go changing a production system with no clear idea of what the benefits are going to be, and without knowing from previous testing that they are concrete, and WILL be there in your deployment scenario.
FWIW/YMMV, but that's the policy I'd be using if it were my ass on the line.
Consider that a lot of the recent attacks are scripted ad based -- ads from some of the big distributors and hosted on some of the big sites, too. It's to the point I don't trust/any/ scripted ad, at least third party, even on sites I'd otherwise normally trust.
But that's only the latest reason. Since IE/Netscape 4 days at least, most browser exploits have required scripting enabled, even if the exploit was actually in something else (a plugin or activex component, say). While I don't worry too much about turning scripting on on most of the sites I visit, it's simply practicing safe computing to have it off by default, and only turn it on where it's actually needed. NoScript is the simplest way I've seen yet to have that "just work" the way I want it to, with sane defaults and exposing just the right level of tweaking ability to keep some stuff (untrusted) off no matter what, keep the rest off by default, but turn on enough to have the critical scripted parts of the page work when I want/need them to.
Also, someone else in the thread mentioned Google Analytics. I don't normally like tracking of any sort, and as they said, NoScript is worth it just to be able to put that in the untrusted list, so it doesn't get run no matter what I do with the rest of the page. Of course it's not the only one, but it's the most visible/common one.
While I seldom surf porn sites (newsgroups are where it's at) and don't do warez at all (I don't install anything that's not freedomware, no slaveryware here, warez or conventional proprietary), it's nice not to have to worry about security issues following the random google link or whatever. If I allowed scripting by default, I'd be a lot more worried about it than I have to be, since I don't.
The same thing that happens to flash-only sites for those of us that don't do flash. We see the closed front door and go elsewhere, more welcoming. I know there's several store sites and manufacturer's sites I've not purchased product from, simply because they made it too hard, when there's plenty of competition willing to take my dollars.
As long as there's plenty of competition out there, and the net is good for that if nothing else, there's plenty more sites where that one came from. Even if all commercial sites disappeared (it's not going to happen), the web functioned well enough without advertising before, and it can do it again. Just as there'll always be singers with or without the RIAA, actors and movies with or without the MPAA, and software, freedomware, with or without proprietaryware and the BSA, there'll always be people wanting to put up pages about what they know and love, with or without ad sponsorship. Some would even argue it'd be a dramatic improvement! But, I think it's safe prediction that's not going to happen, tho there will be continued change and adjustment, there'll always be some form of site ad sponsorship.
Most or all the replies have an element of truth in them, but there's one element that's still missing, I believe. (This is a partial repost of reasoning I used in another reply elsewhere, but presumably you won't see that one.)
As a long-time proxy-based (privoxy, formerly junkbusters, and I used the Proxomitron before that) ad-blocker, I've realized how often there's actually ad-blocking helpful comments, how standardized ad sizes tend to be, and how many times they come from centralized and thus easily blocked domains (your point), all of which are easily obfuscated if desired.
My conclusion has been that the thought leaders likely to most consistently adblock are NOT the target for the ads anyway. (People that actually like to think for themselves, those likely to adblock, aren't programmable zombie enough. Note the proliferation of crap on TV as contrasted with the rarity of programs actually designed to appeal to the thinking man. The thinking man is NOT the target, the programmable zombie, who hit with enough repetitions of that ad for a new car he doesn't need and can't afford, then actually comes to believe he needs one and goes and buys it as a result, THAT'S the target.)
Since we're not the target and the ads don't really work that well on us anyway, we negatively affect the hit ratings, and it hurts little to allow us to block them. Meanwhile, as thought leaders, if we like the content we're likely to link it somewhere where thought followers, aka the programmable zombies that the ads DO target, are likely to see it. As thought followers, they'll do what they do, hopefully, follow the link. Once there, they'll see the ads that the thought leader who posted the link blocked, and as thought followers, aka programmable zombies, aka useful ad targets, they'll see the ads and hopefully buy the product or otherwise alter their behavior as the ad purchaser intended.
I've actual personal experience related to this as well. At one point I needed an image illustrating a concept I was posting (to one of the newsgroups) about. I'd seen the image I had in mind before, and googled it, finding several sites with it. I verified one of them and linked it in my post. To my later dismay upon checking replies, several of them mentioned the work/family inappropriate ad content on the page I had linked! I never knew, as I'd adblocked it! Had the site obfuscated its ads so the blocker hadn't worked, I'd have seen them, and chosen a different link to post. As they hadn't, they lost the one ad-view, that of a thought leader who would have been unlikely in the extreme to have followed any of the ads anyway, but gained many more, all those who followed the link I posted, who obviously weren't so strident in their dislike of ads and who thus still saw them. Of course I've no way of knowing since anyone who followed them wouldn't likely post saying so, but it's reasonably possible someone who followed my link found the pr0n ads enticing enough to follow, and maybe even pay for a membership. For that site, the strategy worked! Had they obfuscated ads so my blocker hadn't worked, they'd have gotten my view, but only mine, as I'd have chosen another link to post.
So there's a reason they make it/somewhat/ easy for those who/really/ want to block ads to do so. It doesn't hurt them since such people aren't the target and likely wouldn't respond to the ad anyway (and in fact, such views only lower their click-thru and/or purchase ratios), while at the same time increasing chances such respected thought leaders will link their content, thus making it AND the ads viewable to more people, those programmable zombie types actually influenced by the ads to purchase the product or whatever.
OK, this is long, but you asked. An honest question deserves an equally honest answer...
If it comes to it (which it won't), the web got along fine without ads before, it can do it again.
Seriously. The same principle that applies to the RIAA/MPAA/BSA types and the proprietary software types also applies to the web. A LOT of people can and DO enjoy creating content and sharing it with others.
How many garage bands are there that pay good money for instruments, and hall themselves and their instruments half way across the state most weekends, spending their own time and gas, all for the privilege of playing for a group of fans, perhaps a few free beers, and a dinner? Many don't even get their gas money back! Given the odds of making it big, these guys certainly aren't doing it for the money!
How many FLOSS community contributors are there out there? How many actually get paid for it? How many of those actually getting paid were doing it before, and would be doing it now even without the pay, altho perhaps not at the same level of contribution?
How many skilled actors and tech people are there out there doing community theater? How many folks out there shooting video of it and putting it up on various sites, not for pay, but because they ENJOY both the creation and the sharing with others of something they are decently good at?
How many people out there have their own site up, just to share what they're interested in, without ads, or with ads only because it's convenient?
In all these cases, the world got by without the big money machines involved before. If it comes to it, it'll get by without them again. The end of the labels, the end of the proprietary software giants, the end of the movie industry... the end of the ad-supported web... the end of the ad-industry in general, sure, any one or all of these combined would mean HUGE changes, but the world wouldn't end. Perhaps the world as we know it would end, but really, to some extent, that's happening continuously. No big deal. Things change. Life moves on.
But, as I said, while change is likely the only constant (well, with death and taxes, but they change too, just don't go away), these things aren't likely to go away, only change a bit, adapting with the times. In the particular case of ads, the entire industry as we know it is supported on the assumption that "there's a sucker born every minute" (for which the wikipedia entry is interesting, FWIW). The existence of the entire industry is apparently predicated on most people's programmability; hit them often enough with the message that they really NEED/WANT that new car, even tho their current car is quite functional and they only JUST made enough payments so it's worth more than they actually owe on it, and they'll actually start to believe it. Thus the constant repetition! The ad industry does NOT want actual thinkers. They prefer programmable zombies. Thus the plethora of junk on TV, paid for by the REAL customers, the ad industry (the viewers are the product, the programs the bait). They do NOT respect us as individual humans, thinkers, people to make the world a better place, only as effectively programmable product.
Unfortunately, experience demonstrates the ad industry is correct... for most people anyway. People don't mind it. In fact, most apparently enjoy being programmed. After all, if they're told what to think, what to buy, what's in fashion, what their goals should be, they don't have to expend the effort of trying to figure it out for themselves! Since that continues to be demonstrated fact, like the poor, the programmable zombies will always be with us, it's reasonable to assume the entire industry bent on exploiting them will also be with us. It'll change, sure, change being the only constant, but it'll always be with us.
So yes, various browsers might add ad-blockers, but the average programmable zombie won't care enough about it to keep it updated, and the ad-industry, ever eager to exploit this great human res
A sharp 3rd party ad serving outfit is going to have a server close to my location, saving hops; it's also going to serve up ads that relate to my "geographic" -- featuring local/regional outlets, promotions, products, etc.
While the location-specific ads bit makes sense, the third-party-server bit is troublesome for at least two reasons.
First, privacy. Multi-site third-party ad-servers get a far more cohesive and therefore troublesome view of the sites and pages a particular user visits, than a single-site server with a view of metrics only for that site. This, and what doubleclick has tried doing with it, is the reason I have doubleclick blocked X ways from Sunday (normal ad-blocking, privoxy filtering on the doubleclick domain, many of their individual domains null-routed via/etc/hosts file, I haven't null-routed them via DNS yet or blocked them at the firewall/router, but I've thought about it).
Second, if a site is functioning well enough to get the page itself in reasonable time, there's a reasonable assumption it should be able to manage its ads, scripts, etc, similarly. There's no way to guarantee the same thing from third party sites. With "waiting for doubleclick.net" so common it's now a cultural idiom, common enough I've seen it in sigs, this is obviously a particularly frustrating element for a significant share of the population. I know I didn't really start blocking ads until third party ads became popular, and even then, null-routing via hosts file (which obviously applies ONLY to third-party hosted ads) was sufficient for several years.
The situation got progressively worse from there, until we have the mess (ad-propagated-malware, flash ads, scripting abuses, display:block abuse, etc, on top of third party never-loads and user profiling/tracking) we see today.
But privoxy, formerly junkbusters, handles it pretty well, busting the junk! =:^)
I'm not sure what you mean by roll-over ads, but if I'm correct, you're talking about the CSS display:block and possibly similar "animated" stuff, usually using a scripted timer to deactivate (and possibly to activate in the first place, thus rollover, tho I've never seen that since I seldom have scripting actually on, except on sites where it has been demonstrated not to give me problems or annoyances).
Such things, and really, any CSS element, can be disabled by simply rewriting any display option to display:none, or adding it to the element if not already there. I don't happen to run a browser based adblock of any sort as I was doing something similar using privoxy (on Linux, and the Proxomitron before that, on MSWormOS) before those sorts of browser-based features arrived, and they're more powerful and flexible anyway, but certainly, with the personal proxies, it's normally easy enough to setup a filter to do that rewrite dynamically, which is what I've done.
In fact, it was only a few days ago that I came across a site using display:block, and setup the generic display:none rewrite, because that site had the block set to apply for 15-20 seconds (the text said 15, the code said 20) using javascript, which, not being enabled, didn't unblock. Making things worse, while the site/had/ coded a click here to continue button, that was scripted as well, so it wasn't working either! Well, any site that's doing that sort of thing is a site not worth trusting with scripting in the first place in my book, so no, I was NOT going to turn it on for them. But a few minutes and one privoxy filter addition later, viola! No more display:block! That filterset is set to apply globally unless I've setup an exception, but I don't expect I'll be setting up many exceptions to display:block rewriting!
A couple days later, I noted I'd followed another RSS feed (courtesy of another site) link to the site, and sure enough, no more trouble! If I hadn't known about the filter I'd put in place a couple days earlier, I'd have been none-the-wiser that they were even doing it at all!
But as mentioned, the display:none trick can be used for any sort of CSS element, or at least I've used it on several now, before this, more site-specific, and never had a problem. It's great to be able to disable whole elements, poof, without screwing up the formatting, and unlike trying to filter certain other undesired (non-CSS) elements (such as various table tags, where auto-parsing to find the appropriate/tag can be troublesome), the CSS namespace is specific enough and the attributes engineered well enough, one can usually do it without disabling anything actually desired on the page at the same time.
Wow. Rather have a 9/11 every year, than abandon our principles. That's strong stuff.
I've stated that I'd rather me, or my own mother, daughter/son, or wife (or even all of us), die in another 9/11 should it come to that, than surrender our ideals, which is what we did when we started torturing folks and doing wiretaps without authorization. Yes, in that regard, the terrorists unfortunately won, as they convinced us at least for a time to give up what had kept us in the right and therefore what made it worth fighting for.
But a 9/11 every year? You put me to shame! I hadn't gone that far, probably because while I recognized it wasn't very significant overall, it still seemed more significant than it was, grand-scheme. But you've forced a rethink, and I yes, I now agree with you, 100%.
Were that there were more like us.
BTW, that's why, while I couldn't vote for McCain as he was endorsing all the wrong positions (tho at least he didn't compromise on torture, which given his own history, it would have been a sad day if he had), I ended up unable to vote Obama either, after he voted for the telecom immunity bill. Seems I had good reason not to, now, as well, given further compromises in the same direction. Too bad, really, given what could have been.
Oh, well. I can't say I expected any different after that telecom vote. I predicted he'd win about the time of Iowa, as historically, the optimist generally does and I realized by that point that he was consistently the optimistic candidate (which he remained), but after that vote, I couldn't in good conscience support him, even if I did predict he'd win.
If Google announced they killed a kitten for every search... I'd ignore it like I ignore other stupid announcements that simply won't/don't work in real life.
As for viruses and keyloggers, doesn't "every Internet" (envision former senator Ted "Tubes" Stevens, saying it) already come with a free set of those? That's what firewalls, security updates, and common computer sense (which unfortunately isn't so common) are for.
Now "no matter what" is a pretty ridiculous claim for something like this, certainly, just as are most "absolute" claims without qualification of/some/ kind, but you didn't make things any better.
No kidding. My video card is the last upgrade I have left on this upgrade cycle. As such, I'm still running a Radeon 92xx, r2xx chip (your 96xx is r3xx) -- for some time the best hardware available with 100% freedomware drivers. It's AGP as my mobo is from the AGP/PCI-X (not PCI-E) generation, right before they introduced PCI-E. The card has a single-link DVI and a VGA out.
Until I upgraded monitors last year, I was running dual CRTs, 21" and 22", 1600x1200 each. I'm now running dual LCDs, 1920x1200 each,, stacked for 1920x2400 total, one on the DVI and one on the VGA out.
It's reasonable in 2D and I even get decently impressive composite, giving me transparency in KDE 3.5. KDE 4.2 is much slower, even with the same XRender composite settings. Unfortunately I can't turn on the OpenGL rendering and get all the real fancy effects, because its rendering viewport on that card is limited to 2048 px square and I'm displaying 2400 px vertical.
According to the xorg/dri wiki, currently there's generally full support up thru the r500 chips, the top of the line of which almost corresponds with the top of the x1xxx series cards (x1900, etc, the exceptions being x12xx and x2100, which are r6xx series chips). The hd series cards are all r6xx and r7xx chips, for which support is developing at a rather furious pace but which aren't fully supported yet -- try end of the year.
That's generally fine with me as the hd series, r6xx/r7xx chips, are pretty much PCI-E only and if/where they may not be, it's unlikely the AGP will let them really shine in any case. Plus, the r570/580 chips and x1900/1950 cards should be relatively cheap, now.
All this on a dual socket original Opteron 2xx series mobo, Tyan s2885, purchased in 2003, now upgraded to dual dual-core Opteron 290s (top of the line, 2.8 GHz), 8 gigs RAM, running quad-spindle Linux md/mdp kernel RAID (RAID-0,1,6, depending on the data I'm storing on it). I'm near maxed out on everything except the graphics card now, and I'll be upgrading it this year, then probably running it another several years before my next upgrade cycle. It's a pretty solid system that save for the graphics card easily meets my needs now, and should for years with the graphics update. It's not unlikely I'll have run the mobo a full decade, 2013, by the time I shut it down for the last time. But given what I paid for it ($400+, mobo only), it/should/ be a good board. Still, at just under 6 years now, I've already run it longer and upgraded it farther (upgrading to dual-cores was a bonus) than I expected I would.
Harrumph! Last time I tried that they killed the mod anyway! I suppose it's part of the same rule changes that gave me fifteen modpoints to use in three days instead of five. It would have been nice to at least get a warning before they did it, but no, I guess the "you'll cancel your mod" warning must have disappeared with the same changes, as all I got was a note after I posted (anonymously) that it had undone the mods I had made.
Maybe they changed that rule back. I hope so! It seems to me the cost of having to post anon in that case, having the post start at zero and not having any modpoints applied to it apply to your account, is enough sacrifice.
Slashdot Mirror
Thanks for the update. =:^)
I'm using simple design (only, not low bandwidth) here "since a few days." It did make a difference.
However, I don't use disk caching on either main browser (konqueror and iceweasel/firefox/GranParadiso), in part because I run the connections of both thru privoxy, which I have setup to enforce (among other things) my light text on dark background preferences, and I want a refresh to really be a refresh, not reuse disk-cached content, either there or on other pages I visit after any privoxy changes (and my bandwidth is decent enough it normally makes little difference anyway). Thus, my browsing experience is already different than most, based on my privoxy config.
Anyway, if you're not seeing any changes at all, perhaps your browser is using cached pages, and disabling cache and refreshing might just do the trick. Otherwise, it's always possible to run privoxy (or firefox and greasemonkey works for many, IIRC there's even a /. specific script for it) or some other custom-filtering/rewriting proxy, and rewrite what you don't like, just as I do most of the web now, enforcing my light on dark preferences without changing the colors /too/ much (red is still red, for instance, just darkened to a brick red if it's background, brightened to bright red if it's text).
BTW, I had to filter the rss-feed recently too, creating a new filter just for it, as /. broke it somehow. The links had the title after them, which wasn't working -- clicking them would redirect to a 404/not-found -- so I had to filter it back to just the numeric link. Now it works just fine, and as a bonus, I killed the redirect thru whatever click-tracker it was they were using as well, thus allowing the page to load faster as well as avoiding the tracker. =:^)
[mods, please don't mod this one up beyond 1. I'm not using my karma bonus either, as I don't want anyone coming across the whole open post at work, without seeing the warning first, just in case there's a humorless censor policy involved. But I stand by my posts and therefore it's not AC. If I lose a potential job as a result, so be it, I'd be unhappy working there anyway.]
I expect all cookies are "tracking cookies" to the malware detector, tho it may not see the per-session cookies at all, because most browsers keep those in memory only -- they never hit disk.
FWIW, for cookies, a decent browser these days allows per-site choice. You set a default (which is off, here, or ask, I'd never consider on a valid cookie default), and then have per-site exceptions. For ask, the default answer to the prompt should then be no, with the remember my choice set, so it remembers it for that site. In this way, in a week or two, the sites one normally makes the rounds of are already set and the level of bother drops dramatically.
Another option that helps is the turn all cookies into session cookies option (IOW, don't honor the expires tag, since no tag is assumed by convention to mean session only). The way I work it here, I have privoxy set to session cookies only, thus stripping the expires tag off of all cookies it sees (it doesn't handle https at all, passing it straight thru unfiltered, so those cookies get thru with the expires tag intact.) Then I set the browser's cookie options as I want, normally off with exceptions tho that's not so critical now, and don't worry about it, because they'll all be forgotten at the end of the session anyway. If I want a particular site's cookies saved, I set an exception in privoxy first, so the cookies for that site now come in with expires tags, and then set the browser options to save cookies for that site (the option can usually handle downn to specific URLs if desired, but per-site is generally good enough and much less management hassle).
If all cookies are treated as session cookies, it eliminates the cookie issues on shopping sites and the like, but login cookies aren't saved between sessions, so you have to login once every new browser session.
FWIW on the condoms thing, it's simply the oil vs water based lube deal. Oil eats rubber, so for both condoms and rubber/silicon/plastic sex toys, oil-based lubes, including vaseline, are a no-no. Water based lubes such as the various glycerin/water based lubricating jellies (KY, and most of the stuff you'd see at sex shops these days too, since oil damage to both condoms and toys is well known in the industry, and it can be a literally life and death thing when you're depending on that condom to prevent AIDS) are fine with rubber, etc. However, water/glycerin based tends to dry out faster than oil under conditions where lube may be needed in the first place, and applying more can make it too thick after awhile, so if that is found to be an issue, rather than going back to oil as one may be tempted to do, consider simply keeping a squirt bottle of water or water pre-thinned lube around, to renew the moisture level only, when necessary.
Wow, I feel like I was just browsing around, and just came across and edited a wikipedia article on some kink or another now, for some reason! =:^)
Well, I suppose whether or not "even fairly healthy people" get infected with "low grade malware" does kind of depend on what one defines as malware. Some of those detectors at one point labeled all cookies as malware. I don't necessarily agree with that, and even then, cookies (along with scripting and the like) are controllable per-site these days, and I'd not call the cookies I choose to allow (/. login cookies, state (AZ) cookie for my bank, Linux Weekly News login cookie, Gentoo bugzilla login cookie, a limited few others), "malware".
Web beacons aka web bugs I'd consider low-level malware, tho I run privoxy to kill many of those, and I doubt they come up on the malware detectors.
But it's worth reposting something I wrote as a reply to someone claiming "because of his browsing habits" wasn't correct, when he picked up Antivirus 2008, and saw comments to that effect when he googled getting rid of it. Excerpt and summary (follow the link for the full post):
(FWIW, yes, I do acknowledge that firefox with scripting on and using un-updated plugins like Adobe Acrobat that have had recent holes... does get people infected occasionally, and that a few of them have been running it on Linux. From what I've seen, that's often a PEBCAK issue. You can't blame a condom for breaking if you lubed with Vaseline!)
http://slashdot.org/comments.pl?sid=1029657&cid=25760993
Interesting. You actually get infections to clean up, and not just one here and there, but to the point you can talk about "malware infection level" as if it's routine?
There's apparently millions like you, so you're not alone by far, and I'm glad that you're so honest about it, on a tech site where a lot of users (including me) either have never had an infection or wouldn't admit to it if they had, but wow, you're perhaps the first poster I've seen, certainly the first /. poster I've seen, that treats it as so absolutely routine that they can talk about the level of it as if it was the level of the water in the nearest river, or the level of traffic on the highway outside the window. That's sad and shocking, yet refreshingly honest and encouraging, that it has actually gotten to that point. There's plenty /. posters that talk about "the malware infection level" on the computers people bring to them for cleaning, but this is the first time I've seen anyone talk about it that way on their own machines. It's normally "that other guy's machine, poor uneducated user!"
(Me? I've never had an infection as I always cared enough about security to spend a decent amount of time and energy staying current on security matters, etc, and since MS did what they did with eXPrivacy, I upgraded to Linux instead of that, and haven't looked back. The only proprietaryware I run is a 1993 update of Master of Orion, original DOS version, now run in (freedomware) DOSBOX. No proprietaryware kernel modules. No flash, nothing, as I can't agree to the EULAs, and I trust those who have such total disregard for what I consider natural and inalienable human rights as to assume that I'd even /consider/ agreeing to such things about as much as I trust other malware writers -- they obviously have about the same regard for my value as a free and thinking human being.
Actually, come to think of it, so do many of the ad providers, targeting the programmable zombie level of humanity, those who can be influenced to buy something just because they see an ad telling them they need/want it a few times, instead of appealing to logic and reason. Really, that's part of the problem. It's the same programmable zombies that ads are the most effective with, that malware is most effective with. They don't seem to care or to even /want/ to care, or neither one would be particularly effective, much like a disease in a population where the vaccination level has reached an effective level, just a one-off here or there, not enough to maintain viability. That is, after all, what caring enough to get and act on the necessary knowledge to secure a computer is all about; it's a kind of vaccination of the populace, and were it to ever get to effective levels, neither ads as we know them nor malware would be viable any longer. Knowledge is indeed a powerful thing, but most people simply don't care, and, it's impossible to actually get enough to care, because doing so, where possible at all, is incredibly labor intensive.
So I suppose ads and malware, much like poverty and evil, will always be with us...
Another privoxy user. =:^)
FWIW, neither konqueror nor iceweasel/firefox responded to the detection page here. First, I had meta-refresh turned off on konqueror so I had to turn it back on, but when neither it nor iceweasel responded, I put two and two together...
My strong preference is light text on a dark background, about opposite the scheme most of the web uses by default. What's worse, it's all too common for a site author to simply assume either a white background or black text, and set one without setting both so one is still the default, thus rendering it either light on light or dark on dark and making it nearly or entirely unreadable.
But the easiest solution, simply setting up an !important user CSS setup, doesn't account for changing colors at all -- I didn't want /all/ pages to be white text on a black background, just light on dark. If the page set a red background, I wanted to darken it, not make it black. Similarly, if a page set 0000ff (pure, rather darkish, blue, the eye not being as sensitive to blue as to red or green) text, I wanted perhaps robin's egg blue text, not white.
As a result I've setup a rather complex privoxy filterset that tries to keep the basic colors, while darkening light backgrounds and lightening dark text. A bright red background gets darkened to brick red or the like, for instance, just as I want.
Great... until I realized that loading bright background images with the now wrong assumptions (that my text would be dark, either by default or because the page made it that way before the filter rewrote it) rather killed things. Unfortunately, the dynamic adjustment of brightness idea doesn't work so well on images, so I'm left with little alternative but filtering those set as background.
Similarly with sites setting link:visited and the like. My browser default link colors take into account my preferences, but the page author doesn't know them. Rather than hassle setting up a whole colorset filter for those as I did for text and backgrounds, however, I simply killed any link: stylesheet directives. Now they (usually, as with the entire set, I still have to adjust the filters once in awhile) get filtered out and the browser default link colors take over. =:^)
The originally unintended but quite useful side effect is that this attack doesn't work on my browsers as filtered thru privoxy, because it depends on using as a telltale a feature I've filtered out of the incoming page. =:^)
Of course it's still possible to avoid privoxy filtering with the use of a secure connection. Back on MSWormOS I used to use The Proxomitron, which could make use of the SSLeay libs to handle SSL[1] connections too. As luck would have it, that's on the recently updated privoxy todo list, as well. I've been WAITING for that!
[1] This was NOT a man-in-the-middle attack, as the browser-proxy connection was entirely over localhost and therefore at the client endpoint. There was thus no more danger to have that connection unencrypted than there was for the browser itself to be handling the unencrypted content. The connection between the proxy and the server at the far end was still encrypted as usual, and thus resistant to MitM attacks. All this assuming the proxy code is as trusted as the browser code, of course, and that the proxy would detect problems with the certificate similar to the way a browser would, and would throw up an appropriate notification page if it detected any funny business, just as would the browser. I'm actually not entirely sure The Proxomitron had integrated certification checking and warning code, but it was of course possible to configure either it or the browser to bypass the mechanism and filtering for individual sites, like my bank. But given that privoxy is under SPI much as Debian is, and based on public reputation and the fact it /is/ open source, I expect privoxy will do the right thing, in addition of course to having it be a compile-time option for those uncomfortable with the idea.
Easy enough (well, in theory anyway, actually doing it is possible but beyond many). You know that rotating antenna you mentioned? Motorize it and hook it to a computer, possibly the same one running the DVR program (MythTV, of course =:^). Program the computer to rotate the antenna as necessary to pickup the desired channels and trigger that ~30 seconds (or whatever the rotation time is) before the program starts. If it's timed right, you could even record back to back on different directional channels, as the rotation will happen during the commercials.
FWIW, years ago (80s), living out on the Navajo reservation in the middle of nowhere in New Mexico (50 miles from town one direction, a couple miles from the trading post aka convenience store, and 30 miles from a small town and hospital in the other direction, Farmington being the 50 mile town for anyone familiar with NW NM or wanting to look at a map), one of my neighbors had a nice big tall antenna (with a power booster) they used to rotate to pick up Farmington, Window Rock and Gallup stations. It worked surprisingly well. I just went back to visit a couple months ago and it's still about the same. I've no idea what they'll get out there now, with digital only, tho.
But personally, no TV here for years. The zombie programming repeating ads just got too much for me, altho I guess MythTV takes care of that reasonably well now, if I wanted to bother. But they thing is, they're targeting the ad-programmable zombie, not the folks that actually enjoy thinking for themselves, so computers and the net are a better fit in any case.
Except... the "recent court rulings" you refer to were at the circuit court or lower. Bliski is now accepted for SCOTUS term 2010, so regardless of how that comes down and certainly nobody knows at this point, it's business as usual for the various software patenters.
And realistically, while we can hope the entire software patent policy gets cremated, it's not all that likely to happen. We can hope tho, particularly since the SCOTUS has never actually ruled that they were allowed in the first place and they originally weren't.
Meh. I use privoxy and already have quite extensive filters that rewrite the normal dark text on a light background to my preferred light text on a dark background. So I haven't seen any serious issues with the slashdot site at all.
OTOH, I *DID* have a problem with the rss feed links not working because they include the title in the link, and that just doesn't seem to work. (It seems to work as just the http://whatever.slashdot.org/story/yy/mm/dd/storyid/, but not with the title tacked on to the URL after storyid/.) However, that too I fixed with a privoxy filter, tho I've had to tweak it a couple times for cases that didn't fit my original filter, thus making unparsable the entire rss xml file after application of the (then) defective filter.
Actually, my bank does pretty much just that. Every year when they send out the new TOS (or when they otherwise make changes), in addition to sending out the complete version, they have an additional little pamphlet that explains what changed in (no doubt PR reviewed, but it's better than nothing) plain English, as well as listing the new legal terms with the changes in BOLD. (I don't recall whether they actually list the old terms or not, thus completing the parallel to diff, however.)
They're also pretty good about explaining exactly what to do if you don't like the new terms, and wish to keep the old terms (tho of course that normally means no new transactions on the account). Unlike some of the institutions making headlines out there, they do NOT force terms changes on old balances, and not only do they give you an opt-out (with the result of effectively canceling the account for new transactions) on old balances, I've yet to see them change the actual interest rate terms on them at all. That's NOT to say the interest rate itself can't change, but if it does, it's in accordance with the rules active when you made the purchase or otherwise established the balance. (The terms that can and do change are things like NSF fees charges, the specific terms under which foreign currency transactions occur, etc, plus of course rather more flexibility on any new balance terms.)
I've actually been quite pleased with them. The only thing I don't particularly like is the double-period balance (or whatever it's called, I don't think that's quite right) interest calculation method on the CC account, but I've solved that by simply paying off every month, save for I think one month near the beginning, thus incurring interest charges on new purchases for exactly one month. They've lost way more in interest from me deciding I will NOT carry over a balance even if I might have for a couple months otherwise, than they gained from that single month of interest on new purchases. But the double-period balance method (or whatever it's called) is set to become illegal next year, IIRC. I've been thinking about calling them up and asking them to remove it on the account now, and I probably would if I had a big purchase that I planned to take several months to pay off planned, but for now, it's just effective incentive not to carry a balance. =:^)
But the online banking works well with Konqueror from KDE 3, and has for years (not even requiring flash, which I don't have as it's proprietary and I couldn't accept the EULA, except for a single non-vital function, getting those "disposable card numbers"). I tell people I like them mostly because I never have to see them, since I have direct deposit and do all my banking online. =:^)
Plus, (and while I've avoided mentioning the name, this will give it away to some) it's the bank that SCO was all set to sue before it decided to try Chrysler, etc, instead. That SCO hated 'em was an extra special bonus for me as their customer. =;^)
> When a PIN number is typed into an ATM machine
You DO realize that PIN stands for "Personal Identification Number" and that ATM is short for "Automated Teller Machine", right?
So expanding the above, we have:
"When a personal identification number number is typed into an automated teller machine machine"...
WTF? Do you stutter stutter all all the time time when you type type?
(OTOH, I must admit for years I used the term "hot water heater"... until someone called my attention to the fact that it /actually/ was a "cold water heater". Why would someone wish to heat water that's already hot? It's not designed to be a steam generator and in fact if it gets to that point it's rather dangerous. Of course, here in Phoenix in the summer, it often /is/ a "hot water heater", or at least a "warm water heater", tho it then then becomes more a water storage unit than a water heating unit.)
Just something to think about.
While investigator licensing is likely a bit of a revenue generator in some states, there's actually a decent justification for it, the same as for a contractor's license, etc.
The justification is that licensed is de facto regulated. Even if the original license is normally a formality (say a few hours' training and a fee, if even the training at all), as long as a record is kept of complaints registered per license and with a bit of cooperation between states even better, given a license, it's possible to track who has had a license and for how long, as well as the number of complaints against them. If there's a serious complaint, the license can be pulled.
This is information educated consumers can and often do use, tho admittedly, more often for licenses for those covered by doctor's licenses, etc, then for contractors. Still, insurance and etc likely won't cover work (and may disqualify house coverage for work performed) by unlicensed contractors, and there are often ads from the contractor's associations, etc asking you to verify contractor's numbers, etc. If you feel you've been wronged by a licensed contractor, you can at least file a complaint. You're out of even that luck if you hired someone off the street.
The PI licenses are in theory much the same. They can regulate at least some of the most egregious violations of privacy, in theory, it makes them more careful about stalking, etc, both protecting the investigated, and it provides some assurance for the buyer of professional qualifications as well. At least, that's the theory, and it /can/ be the practice. If some states just use it as a revenue generator and don't do much to enforce rules, investigate complaints, and verify against other states, they're abusing the process and it /is/ simply a revenue generator for them. But that's not the way it has to be, and some states do put a few teeth into their consumer protection laws, so it's not always that way.
Here, we actually have a case of the law working as it should. MediaSentry didn't register as an investigator in the states it's now trying to bring evidence against residents of, they abused the system and got caught, and now the RIAA is being made to pay a price for hiring them to provide evidence to be used in court, without checking on that.
Hopefully the judge sees it that way as well, and throws out the illegally obtained evidence. We'll see.
While I use reiserfs(3) here and therefore have no personal bone in this, I regularly run live git kernels (tho only from -rc2 or so) and follow LWN religiously, plus kernel trap, H Online, LKML itself, and others, somewhat less religiously. I'm thus reasonably confident I've kept up with this and most other major kernel issues of late.
The ext4 "big blowup" occurred during the 2.6.29 development cycle. Some fixes were put in immediately, but some were too big or weren't going to be ready in time, so they went into 2.6.30, which is just about ready to come out, maybe another couple weeks.
So ext4 is still getting major "non-routine-maintenance-only" changes. By my reckoning, that makes it absolutely not-production-ready. Testing, fine, but not production. Here's what I'd consider ready to even look at for production, and even then, depending on the usage, the recommendation could be wait some more: Give ext4 one full kernel release cycle with no further issues and nothing other than routine updates and changes. Then /start/ considering it. Since some major changes went in for 2.6.30, that means that 2.6.31 would be the first possible full cycle without anything but routine maintenance changes, and it will be at least 2.6.32 before I'd consider it for anything but temporary data, for /me/. That's assuming there's no more non-routine changes still coming in 2.6.31, which would of course put it off yet another full cycle, to 2.6.33.
Again, that's the first I'd even /begin/ to consider it for production. As you've probably already noted if you've read the other comments, many sites are way more conservative than that, requiring six months (2-3 kernel release cycles) to two full years (about 10-11, possibly 12 kernel release cycles) with nothing but routine maintenance updates before they'll trust a filesystem. That's fine and I can certainly see 6-9 months, but personally, beyond a year, I'd consider the odds of screwed backups (even with tested 3X backups, onsite and 2X offsite) coincidentally hitting at the same time as a Katrina at my main ops site more worrisome than the stability of my production operational filesystem.
So I'd say no earlier than 2.6.32... and that's provided 2.6.31 brings no non-routine ext4 changes at all.
I won't attempt to cover the potential advantages and etc. That's covered well enough elsewhere. If you don't already know it's going to be a performance win based on your previous research and testing, you're putting the cart before the horse and you shouldn't even be /thinking/ about ext4 for your /productions/ systems yet. As I said, an OK-to-break testing system, sure, but you don't go changing a production system with no clear idea of what the benefits are going to be, and without knowing from previous testing that they are concrete, and WILL be there in your deployment scenario.
FWIW/YMMV, but that's the policy I'd be using if it were my ass on the line.
I rarely find /. funny-mods funny and have them scored down in prefs, but THAT'S (insightfully) funny! I wish I had modpoints!
Yes, there's that much of a risk.
Consider that a lot of the recent attacks are scripted ad based -- ads from some of the big distributors and hosted on some of the big sites, too. It's to the point I don't trust /any/ scripted ad, at least third party, even on sites I'd otherwise normally trust.
But that's only the latest reason. Since IE/Netscape 4 days at least, most browser exploits have required scripting enabled, even if the exploit was actually in something else (a plugin or activex component, say). While I don't worry too much about turning scripting on on most of the sites I visit, it's simply practicing safe computing to have it off by default, and only turn it on where it's actually needed. NoScript is the simplest way I've seen yet to have that "just work" the way I want it to, with sane defaults and exposing just the right level of tweaking ability to keep some stuff (untrusted) off no matter what, keep the rest off by default, but turn on enough to have the critical scripted parts of the page work when I want/need them to.
Also, someone else in the thread mentioned Google Analytics. I don't normally like tracking of any sort, and as they said, NoScript is worth it just to be able to put that in the untrusted list, so it doesn't get run no matter what I do with the rest of the page. Of course it's not the only one, but it's the most visible/common one.
While I seldom surf porn sites (newsgroups are where it's at) and don't do warez at all (I don't install anything that's not freedomware, no slaveryware here, warez or conventional proprietary), it's nice not to have to worry about security issues following the random google link or whatever. If I allowed scripting by default, I'd be a lot more worried about it than I have to be, since I don't.
Scripted? That might be why I don't get them, as I keep that off by default.
The same thing that happens to flash-only sites for those of us that don't do flash. We see the closed front door and go elsewhere, more welcoming. I know there's several store sites and manufacturer's sites I've not purchased product from, simply because they made it too hard, when there's plenty of competition willing to take my dollars.
As long as there's plenty of competition out there, and the net is good for that if nothing else, there's plenty more sites where that one came from. Even if all commercial sites disappeared (it's not going to happen), the web functioned well enough without advertising before, and it can do it again. Just as there'll always be singers with or without the RIAA, actors and movies with or without the MPAA, and software, freedomware, with or without proprietaryware and the BSA, there'll always be people wanting to put up pages about what they know and love, with or without ad sponsorship. Some would even argue it'd be a dramatic improvement! But, I think it's safe prediction that's not going to happen, tho there will be continued change and adjustment, there'll always be some form of site ad sponsorship.
Most or all the replies have an element of truth in them, but there's one element that's still missing, I believe. (This is a partial repost of reasoning I used in another reply elsewhere, but presumably you won't see that one.)
As a long-time proxy-based (privoxy, formerly junkbusters, and I used the Proxomitron before that) ad-blocker, I've realized how often there's actually ad-blocking helpful comments, how standardized ad sizes tend to be, and how many times they come from centralized and thus easily blocked domains (your point), all of which are easily obfuscated if desired.
My conclusion has been that the thought leaders likely to most consistently adblock are NOT the target for the ads anyway. (People that actually like to think for themselves, those likely to adblock, aren't programmable zombie enough. Note the proliferation of crap on TV as contrasted with the rarity of programs actually designed to appeal to the thinking man. The thinking man is NOT the target, the programmable zombie, who hit with enough repetitions of that ad for a new car he doesn't need and can't afford, then actually comes to believe he needs one and goes and buys it as a result, THAT'S the target.)
Since we're not the target and the ads don't really work that well on us anyway, we negatively affect the hit ratings, and it hurts little to allow us to block them. Meanwhile, as thought leaders, if we like the content we're likely to link it somewhere where thought followers, aka the programmable zombies that the ads DO target, are likely to see it. As thought followers, they'll do what they do, hopefully, follow the link. Once there, they'll see the ads that the thought leader who posted the link blocked, and as thought followers, aka programmable zombies, aka useful ad targets, they'll see the ads and hopefully buy the product or otherwise alter their behavior as the ad purchaser intended.
I've actual personal experience related to this as well. At one point I needed an image illustrating a concept I was posting (to one of the newsgroups) about. I'd seen the image I had in mind before, and googled it, finding several sites with it. I verified one of them and linked it in my post. To my later dismay upon checking replies, several of them mentioned the work/family inappropriate ad content on the page I had linked! I never knew, as I'd adblocked it! Had the site obfuscated its ads so the blocker hadn't worked, I'd have seen them, and chosen a different link to post. As they hadn't, they lost the one ad-view, that of a thought leader who would have been unlikely in the extreme to have followed any of the ads anyway, but gained many more, all those who followed the link I posted, who obviously weren't so strident in their dislike of ads and who thus still saw them. Of course I've no way of knowing since anyone who followed them wouldn't likely post saying so, but it's reasonably possible someone who followed my link found the pr0n ads enticing enough to follow, and maybe even pay for a membership. For that site, the strategy worked! Had they obfuscated ads so my blocker hadn't worked, they'd have gotten my view, but only mine, as I'd have chosen another link to post.
So there's a reason they make it /somewhat/ easy for those who /really/ want to block ads to do so. It doesn't hurt them since such people aren't the target and likely wouldn't respond to the ad anyway (and in fact, such views only lower their click-thru and/or purchase ratios), while at the same time increasing chances such respected thought leaders will link their content, thus making it AND the ads viewable to more people, those programmable zombie types actually influenced by the ads to purchase the product or whatever.
OK, this is long, but you asked. An honest question deserves an equally honest answer...
If it comes to it (which it won't), the web got along fine without ads before, it can do it again.
Seriously. The same principle that applies to the RIAA/MPAA/BSA types and the proprietary software types also applies to the web. A LOT of people can and DO enjoy creating content and sharing it with others.
How many garage bands are there that pay good money for instruments, and hall themselves and their instruments half way across the state most weekends, spending their own time and gas, all for the privilege of playing for a group of fans, perhaps a few free beers, and a dinner? Many don't even get their gas money back! Given the odds of making it big, these guys certainly aren't doing it for the money!
How many FLOSS community contributors are there out there? How many actually get paid for it? How many of those actually getting paid were doing it before, and would be doing it now even without the pay, altho perhaps not at the same level of contribution?
How many skilled actors and tech people are there out there doing community theater? How many folks out there shooting video of it and putting it up on various sites, not for pay, but because they ENJOY both the creation and the sharing with others of something they are decently good at?
How many people out there have their own site up, just to share what they're interested in, without ads, or with ads only because it's convenient?
In all these cases, the world got by without the big money machines involved before. If it comes to it, it'll get by without them again. The end of the labels, the end of the proprietary software giants, the end of the movie industry... the end of the ad-supported web... the end of the ad-industry in general, sure, any one or all of these combined would mean HUGE changes, but the world wouldn't end. Perhaps the world as we know it would end, but really, to some extent, that's happening continuously. No big deal. Things change. Life moves on.
But, as I said, while change is likely the only constant (well, with death and taxes, but they change too, just don't go away), these things aren't likely to go away, only change a bit, adapting with the times. In the particular case of ads, the entire industry as we know it is supported on the assumption that "there's a sucker born every minute" (for which the wikipedia entry is interesting, FWIW). The existence of the entire industry is apparently predicated on most people's programmability; hit them often enough with the message that they really NEED/WANT that new car, even tho their current car is quite functional and they only JUST made enough payments so it's worth more than they actually owe on it, and they'll actually start to believe it. Thus the constant repetition! The ad industry does NOT want actual thinkers. They prefer programmable zombies. Thus the plethora of junk on TV, paid for by the REAL customers, the ad industry (the viewers are the product, the programs the bait). They do NOT respect us as individual humans, thinkers, people to make the world a better place, only as effectively programmable product.
Unfortunately, experience demonstrates the ad industry is correct... for most people anyway. People don't mind it. In fact, most apparently enjoy being programmed. After all, if they're told what to think, what to buy, what's in fashion, what their goals should be, they don't have to expend the effort of trying to figure it out for themselves! Since that continues to be demonstrated fact, like the poor, the programmable zombies will always be with us, it's reasonable to assume the entire industry bent on exploiting them will also be with us. It'll change, sure, change being the only constant, but it'll always be with us.
So yes, various browsers might add ad-blockers, but the average programmable zombie won't care enough about it to keep it updated, and the ad-industry, ever eager to exploit this great human res
A sharp 3rd party ad serving outfit is going to have a server close to my location, saving hops; it's also going to serve up ads that relate to my "geographic" -- featuring local/regional outlets, promotions, products, etc.
While the location-specific ads bit makes sense, the third-party-server bit is troublesome for at least two reasons.
First, privacy. Multi-site third-party ad-servers get a far more cohesive and therefore troublesome view of the sites and pages a particular user visits, than a single-site server with a view of metrics only for that site. This, and what doubleclick has tried doing with it, is the reason I have doubleclick blocked X ways from Sunday (normal ad-blocking, privoxy filtering on the doubleclick domain, many of their individual domains null-routed via /etc/hosts file, I haven't null-routed them via DNS yet or blocked them at the firewall/router, but I've thought about it).
Second, if a site is functioning well enough to get the page itself in reasonable time, there's a reasonable assumption it should be able to manage its ads, scripts, etc, similarly. There's no way to guarantee the same thing from third party sites. With "waiting for doubleclick.net" so common it's now a cultural idiom, common enough I've seen it in sigs, this is obviously a particularly frustrating element for a significant share of the population. I know I didn't really start blocking ads until third party ads became popular, and even then, null-routing via hosts file (which obviously applies ONLY to third-party hosted ads) was sufficient for several years.
The situation got progressively worse from there, until we have the mess (ad-propagated-malware, flash ads, scripting abuses, display:block abuse, etc, on top of third party never-loads and user profiling/tracking) we see today.
But privoxy, formerly junkbusters, handles it pretty well, busting the junk! =:^)
I'm not sure what you mean by roll-over ads, but if I'm correct, you're talking about the CSS display:block and possibly similar "animated" stuff, usually using a scripted timer to deactivate (and possibly to activate in the first place, thus rollover, tho I've never seen that since I seldom have scripting actually on, except on sites where it has been demonstrated not to give me problems or annoyances).
Such things, and really, any CSS element, can be disabled by simply rewriting any display option to display:none, or adding it to the element if not already there. I don't happen to run a browser based adblock of any sort as I was doing something similar using privoxy (on Linux, and the Proxomitron before that, on MSWormOS) before those sorts of browser-based features arrived, and they're more powerful and flexible anyway, but certainly, with the personal proxies, it's normally easy enough to setup a filter to do that rewrite dynamically, which is what I've done.
In fact, it was only a few days ago that I came across a site using display:block, and setup the generic display:none rewrite, because that site had the block set to apply for 15-20 seconds (the text said 15, the code said 20) using javascript, which, not being enabled, didn't unblock. Making things worse, while the site /had/ coded a click here to continue button, that was scripted as well, so it wasn't working either! Well, any site that's doing that sort of thing is a site not worth trusting with scripting in the first place in my book, so no, I was NOT going to turn it on for them. But a few minutes and one privoxy filter addition later, viola! No more display:block! That filterset is set to apply globally unless I've setup an exception, but I don't expect I'll be setting up many exceptions to display:block rewriting!
A couple days later, I noted I'd followed another RSS feed (courtesy of another site) link to the site, and sure enough, no more trouble! If I hadn't known about the filter I'd put in place a couple days earlier, I'd have been none-the-wiser that they were even doing it at all!
But as mentioned, the display:none trick can be used for any sort of CSS element, or at least I've used it on several now, before this, more site-specific, and never had a problem. It's great to be able to disable whole elements, poof, without screwing up the formatting, and unlike trying to filter certain other undesired (non-CSS) elements (such as various table tags, where auto-parsing to find the appropriate /tag can be troublesome), the CSS namespace is specific enough and the attributes engineered well enough, one can usually do it without disabling anything actually desired on the page at the same time.
Wow. Rather have a 9/11 every year, than abandon our principles. That's strong stuff.
I've stated that I'd rather me, or my own mother, daughter/son, or wife (or even all of us), die in another 9/11 should it come to that, than surrender our ideals, which is what we did when we started torturing folks and doing wiretaps without authorization. Yes, in that regard, the terrorists unfortunately won, as they convinced us at least for a time to give up what had kept us in the right and therefore what made it worth fighting for.
But a 9/11 every year? You put me to shame! I hadn't gone that far, probably because while I recognized it wasn't very significant overall, it still seemed more significant than it was, grand-scheme. But you've forced a rethink, and I yes, I now agree with you, 100%.
Were that there were more like us.
BTW, that's why, while I couldn't vote for McCain as he was endorsing all the wrong positions (tho at least he didn't compromise on torture, which given his own history, it would have been a sad day if he had), I ended up unable to vote Obama either, after he voted for the telecom immunity bill. Seems I had good reason not to, now, as well, given further compromises in the same direction. Too bad, really, given what could have been.
Oh, well. I can't say I expected any different after that telecom vote. I predicted he'd win about the time of Iowa, as historically, the optimist generally does and I realized by that point that he was consistently the optimistic candidate (which he remained), but after that vote, I couldn't in good conscience support him, even if I did predict he'd win.
If Google announced they killed a kitten for every search... I'd ignore it like I ignore other stupid announcements that simply won't/don't work in real life.
As for viruses and keyloggers, doesn't "every Internet" (envision former senator Ted "Tubes" Stevens, saying it) already come with a free set of those? That's what firewalls, security updates, and common computer sense (which unfortunately isn't so common) are for.
Now "no matter what" is a pretty ridiculous claim for something like this, certainly, just as are most "absolute" claims without qualification of /some/ kind, but you didn't make things any better.
No kidding. My video card is the last upgrade I have left on this upgrade cycle. As such, I'm still running a Radeon 92xx, r2xx chip (your 96xx is r3xx) -- for some time the best hardware available with 100% freedomware drivers. It's AGP as my mobo is from the AGP/PCI-X (not PCI-E) generation, right before they introduced PCI-E. The card has a single-link DVI and a VGA out.
Until I upgraded monitors last year, I was running dual CRTs, 21" and 22", 1600x1200 each. I'm now running dual LCDs, 1920x1200 each,, stacked for 1920x2400 total, one on the DVI and one on the VGA out.
It's reasonable in 2D and I even get decently impressive composite, giving me transparency in KDE 3.5. KDE 4.2 is much slower, even with the same XRender composite settings. Unfortunately I can't turn on the OpenGL rendering and get all the real fancy effects, because its rendering viewport on that card is limited to 2048 px square and I'm displaying 2400 px vertical.
According to the xorg/dri wiki, currently there's generally full support up thru the r500 chips, the top of the line of which almost corresponds with the top of the x1xxx series cards (x1900, etc, the exceptions being x12xx and x2100, which are r6xx series chips). The hd series cards are all r6xx and r7xx chips, for which support is developing at a rather furious pace but which aren't fully supported yet -- try end of the year.
That's generally fine with me as the hd series, r6xx/r7xx chips, are pretty much PCI-E only and if/where they may not be, it's unlikely the AGP will let them really shine in any case. Plus, the r570/580 chips and x1900/1950 cards should be relatively cheap, now.
All this on a dual socket original Opteron 2xx series mobo, Tyan s2885, purchased in 2003, now upgraded to dual dual-core Opteron 290s (top of the line, 2.8 GHz), 8 gigs RAM, running quad-spindle Linux md/mdp kernel RAID (RAID-0,1,6, depending on the data I'm storing on it). I'm near maxed out on everything except the graphics card now, and I'll be upgrading it this year, then probably running it another several years before my next upgrade cycle. It's a pretty solid system that save for the graphics card easily meets my needs now, and should for years with the graphics update. It's not unlikely I'll have run the mobo a full decade, 2013, by the time I shut it down for the last time. But given what I paid for it ($400+, mobo only), it /should/ be a good board. Still, at just under 6 years now, I've already run it longer and upgraded it farther (upgrading to dual-cores was a bonus) than I expected I would.
> (Anon because I've modded.)
Harrumph! Last time I tried that they killed the mod anyway! I suppose it's part of the same rule changes that gave me fifteen modpoints to use in three days instead of five. It would have been nice to at least get a warning before they did it, but no, I guess the "you'll cancel your mod" warning must have disappeared with the same changes, as all I got was a note after I posted (anonymously) that it had undone the mods I had made.
Maybe they changed that rule back. I hope so! It seems to me the cost of having to post anon in that case, having the post start at zero and not having any modpoints applied to it apply to your account, is enough sacrifice.