Set up a video camera with a long zoom lens from a hundred feet. Hit record. Wait for them to blink. Play back the video footage on a tablet. Steal their car or phone or whatever.
No paper cutouts needed. Now if they had two cameras, it might actually be a slight challenge.
I don't even know what the "Old Spice Guy" is. That line of ads didn't have enough impact to get even a single mention by anyone I know, including my 459 Facebook friends, or any of the folks I converse with around the halls at work, or at church, or.... So maybe the line of ads was effective among the market segment who actually still watches commercials, but that market segment is rapidly dwindling.
Consider Coke and Pepsi. The difference between them really is minor, and yet they evoke incredibly strong preferences in just about anyone I've ever met.
IMO, Coke and Pepsi taste nothing alike. Coke has a much stronger bite to its flavor—almost a tartness—that Pepsi does not have. They are a commodity from a functional perspective. From a flavor perspective, not so much.
Are you sure about that? People seem to hold strongly onto laundry detergent brands.
Yes, I'm sure. People typically buy what they are used to buying, so the main advantage to advertising of products in an established commodity market is hooking new buyers who haven't formed an opinion yet or to introduce new products.
So what is interesting about deodorant?
Nothing. Which is why I haven't put up with watching a deodorant ad in about ten years.
There is no product so lowly or humble that interesting advertising cannot be created for it.
Your threshold for "interesting" must be a lot lower than mine. Unless I'm either learning something new or being seriously entertained, it isn't interesting. And nobody seems to care about the first one, which pretty much leaves "seriously entertained". Statistically speaking, such ads, though memorable, don't result in a lasting brand impression, which makes them not particularly useful.
I have a degree in communications. I'm well aware of that purpose of advertising. However, as I understand it, those subconscious effects primarily change a person's impulse buying choice between commodity products (products for which there is little to no differentiation between vendors' goods). The more expensive the buy, the less likely people are to buy on impulse. The more differentiation between goods, the more likely people are to have a strong preference.
The problem is that although there's still a lot of impulse buying, it is mostly for stuff that would piss people off if they had to watch ads for it, like laundry detergent. These days, the ads people would choose to watch, if they were allowed to choose ads (but were forced to watch ads), would be ads for products that are actually interesting. Unfortunately, apart from informing the customer of what is out there on the market (which sites like Amazon can do much better), those ads are unlikely to sway their buying decision because of the instant availability of reviews and other information that provide much better differentiation than ads possibly could.
As the amount of available ad-free content grows, people get more annoyed by ads, and tolerate them less, choosing ad-free alternatives instead. This futher compounds the problem, both by reducing the number of people who see the ads and by associating a negative emotion (annoyance) with the product being advertised, which is likely to do more harm than good. And even if people don't get annoyed at the ads for commodity producers like Coke or Tide, they can't possibly provide enough advertising dollars to support all of the world's media needs.
Incidentally, the opinion that advertising's effetiveness is waning is supportedbystudies.
Now I will admit that there is still the possibility of replacing some of that ad revenue with money from product placement, but there aren't enough companies who could benefit from that to pay the bills long-term, IMO, and that doesn't work nearly as well for non-entertainment content (news, for example). And it certainly won't work as a means of paying the cost of developing software, maintaining websites, etc.
Unless, of course, this post was a paid product advertisement for Tide, in which case... well, call me a shill.
The problem is, we already have that. It's called Amazon's suggestions. And it usually does a pretty good job. What it does not do is provide a reason for the product vendors to spend money on financing unrelated things like TV shows.
Unfortunately for companies like Google and Facebook, the only way targeted advertising can work well is if it is done by a company that actually sells products and knows what a given person has actually been buying. You can't realistically hope to guess what someone is going to be interested in buying based on what they search for or what they talk about (unless they're searching product listings, and even then, without the ability to delete stuff from your search history, searches are useless). It just doesn't work that way. I talk about computers all the time. That doesn't mean I'm in the market for buying a Dell. I'm pretty much a Mac-only house except for a couple of Linux boxen (either old junk hardware or self-built). And I rarely buy software; I have software that does what I need. And I rarely buy computer peripherals. So pretty much anything I talk about on Facebook or search for through Google is going to be a red herring.
Worse, in a world where just about everything has product reviews on Amazon, if you don't make a good product, it doesn't matter how much advertising you do. When buying products that cost more than a few bucks, most people research the product through such a site. Thus, we're rapidly moving to a point where R&D spending is crucial to sales, and advertising only matters if the potential buyer has never heard of your product.
Which leads me to the ultimate realization that, at least in the long term, advertising is dead. With the availability of better alternatives that do a great job of showing you things that you want to buy (and only while you're in a shopping mood), there's just no room for advertising in a modern society. Apart from advertising to encourage consumption of cheap trinkets like cans of Coke or movie tickets or whatever, advertising can't realistically provide much benefit to the advertisers above what they get from "people who bought X also bought Y", coupled with reviews. And even then, the value is dubious unless the viewers just happen to be hungry or in the mood to go watch a movie in a crowded theater with a sticky floor and screaming kids throwing popcorn at them.
Unfortunately for Big Media, this means that in the fairly near future, content creators are going to have to face up to reality and choose one of two paths: direct sales or patronage. Ad-supported content is on the way out, and the sooner everyone acknowledges this, the sooner we can move on to more sustainable business models.
When you find such a thing there should only be one action. Report it. Period. End of story.
That's a good way to get flooded with so many reports that the real bugs can't get fixed. Most of the time, price variations between merchants in a game are, in fact, deliberate. Unless you can prove that these people cannot possibly have been unaware that the pricing was in error (e.g. a negative or zero price), your argument makes no sense.
Yes, I'm quite aware of what the GP is saying. What I'm saying is that more often than not these days, plain text input isn't sufficient. So you have two choices: HTML input or some alternative scheme like BBCode. And as soon as you find yourself using either one, mere quoting isn't sufficient. You have to do validation.
The iframe tag is less than ideal because the content must be provided out-of-band in a separate request. I mean sure, you can usually jam most things in so that they'll fit, but it isn't really ideal for content inserted dynamically.
Also, if I read the spec correctly, this has almost all of the same flaws as Mozilla's content security policies (minus the requirement that you must use a separate server to provide the content). Specifically, it's all-or-nothing. Either you allow scripts or you don't. A more rational policy would be "no content-provided scripts". That is, the browser drops any javascript: URLs in content-provided href attributes (or similar constructs in HTML and CSS), and does not parse the values of any attributes that are interpreted as being scripts (e.g. the onclick attribute), but does allow trusted scripts (from outside the sandbox) to install handlers that trigger behavior. Without that, there are almost certainly a number of site designs that cannot practically use the iframe sandbox.
This is why the correct solution is always whitelisting, not blacklisting. Whitelist the allowed tags, attributes, CSS subsets, etc. that you consider safe. This way, anything added to the specification is likely to get stripped out by your filtering code.
For example, I'm working on a website in which users provide content in a subset of HTML/XML. The only tags I'm allowing are p, span, div, select, and a couple of custom tags. The only attributes I'm allowing are the chosen value for the select element, the values for the option elements (which actually get replaced about a quarter second after the browser loads the content), the id attribute, and the class attribute. Everything else goes away and never gets served back, even to the same user.
The fundamental problem with trying to prevent users from doing XSS using content security policies is that to do it right, you need something more fine-grained than "this entire page may not contain JavaScript". Any real-world site is going to contain JavaScript, even if it is only a simple onclick element that executes an actual JavaScript function from a.js file provided by the server. So a truly no-js policy on the whole document would be a useless policy. And since the user-served content comes from the same server, a policy that limits it to content from a single server is also a useless policy. The policy logic needs to be at the element level in order to be useful, e.g. nothing in this user-provided div element is allowed to provide any JavaScript. And even at the element level, you would still need to do sanity checking on the server—parsing, specifically—to ensure that the user doesn't specify HTML content with extra close tags to break out of the sandboxed div or whatever.
Also, such a policy engine would have to be designed in such a way that it allows things like onclick handlers to be added to those elements using JavaScript code after the fact (just not through the onclick HTML attribute). Otherwise, you could not usefully allow user-provided HTML on any interestingly dynamic site (e.g. contentEditable). With such a design, you might be able to come up with a way to provide user-provided content in an iframe element using a data provider script running on a server in a different subdomain (assuming you don't run afoul of the browser's cross-domain security policies) so that they would not be able to provide code themselves, but your own scripts could still add executable handlers into them. However, it would be a colossal hack, with very steep costs, both in terms of needing an SSL wildcard cert and in terms of making your site performance much, much worse (because you'd need an extra HTTP request for each one of those iframe elements).
Ultimately, what this comes down to is a fundamental flaw in the way HTML's JavaScript support was designed. Under the hood, if you assign a handler to an element, you assign a function pointer/reference, but at the HTML level, you assign a string that gets parsed and turned into a new function, which gets assigned to the actual object's attribute. If HTML had been designed for security, the syntax would be onclick="function_name", which would prevent you from encoding any arbitrary JavaScript code into those attributes. WIth that change, a content security policy at the document level would be feasible. Unfortunately, HTML isn't designed for security—it is designed for the designer's convenience—which means that anybody taking arbitrary third-party HTML and incorporating it into a website must either do so with human intervention or must use some sort of whitelisting technique. Anything else borders on madness.
Validation is required, too, in many cases. XSS is a good example. Quoting prevents somebody who only has the ability to write plain text from being able to insert arbitrary HTML. Quoting does nothing if the users are able to actually provide HTML (e.g. any website built around contentEditable).
In the latter case, if your server does nothing but quote user-generated HTML properly, you're wide open to XSS attacks, because they do not require malformed content. Merely the fact that your server is serving the data means that any scripts on the page are trusted, including onclick handlers, onmouseover handlers, etc. Thus, you must completely parse the HTML content, rip out any such handlers, any "javascript:" links, etc., and emit the HTML in a sanitized form. This combines quoting (for any mangled structure that your parser turned into text, but that some browsers might otherwise have interpreted as code) with validation (for whitelisting allowable attributes and attribute values).
You should take a look at some of the newer color laser printers. By the time I started looking into them two or three years ago, the quality from at least some manufacturers had already come up to the point where they look remarkably similar to inkjet printing (unless you look at the way the light reflects off the paper at a steep angle or something). The test of a laser printer is to see what sort of print samples they use. Good printer vendors use a photograph. Great printer vendors use a properly lit portrait of a fair-skinned human face. That takes serious faith in your printer's output quality.:-)
I'm using a current-generation Konica Minolta printer (9600x600 DPI), and I regularly use it for color photo printing (well, book covers, but photographic book covers). I have zero tolerance for gradient banding, and I wouldn't have bought the printer if its gradient reproduction were anything less than outstanding.
Similarly, in my limited experience (floor sample) with Brother's laser printers, they're also good enough for photo-quality printing, though admittedly the photograph they chose was a fairly bold one, so I can't comment on how well their printers do on lighter gradients.
This is not to say that all color laser printers are up to the task. I've never gotten prints with what I considered to be acceptable gradients from any HP printer (color or black-and-white) that I've used (laser or otherwise). And the one print sample I saw from a Samsung printer (at a MacWorld Expo) was blotchy, dark, and had terrible contrast. So you do have to be careful, but decent, photo-quality laser printers are out there, and they're not too expensive, either.
No, the GP wrote that small cars are only more dangerous than large cars if most of the cars on the road are large. That's not true. They would still be more dangerous even if all of the cars were small or large on any given road.
A jury system is a "check" on the power of the government to enforce unjust laws. Basically weakens the ability of the government to just toss people into jail without opposition. (Unless they call it "indefinite detainment" under the NDAA.)
In a criminal trial, yes. In a civil trial, not so much. To my knowledge, tautologically speaking, no one has ever been jailed as a result of a civil trial other than for misconduct during the trial process (contempt of court, etc.)....
Sure, if you take a big car with no safety features and compare it to a smaller car with safety features, the smaller car is going to be safer. That goes without saying. That said, a modern big car with equivalent safety features would be safer than a modern small car. You have to compare apples to apples.
They're only more dangerous if every other fucking idiot on the road is going grocery shopping in their fucking Dodge Ram with the two wheels side-by-side rather than a normal human-sized car.
That's completely untrue. Larger vehicles with more mass, all other things being equal, would be safer when you crash into almost anything—trees, guard rails, etc.—because more mass = more inertia, which means it can more easily overcome the resting inertia of whatever it hits. Mind you, none of this helps if you hit a bridge abutment, but most of the things you might hit are not nearly that solid.
I've had the same ink clogging problems with Epson and Canon inkjet printers for the same reason. The problem there is not Lexmark. The problem is that inkjet technology is a fundamentally unreliable design except for moderately high-volume printing, and is way too expensive to use for high-volume printing.
They could solve the problem of course. They'd need a water or alcohol tank to flush the nozzles when the printer has been sitting there for more than a few hours, and a waste tank to hold the resulting ink (instead of the sponge that they use now). But fixing the problem would mean that they couldn't sell you a new printer every year when the heads fail.
No, inkjet printers should die. Color laser printers are almost as cheap (and much cheaper in the long run) and don't have nearly the level of reliability problems.
Likewise. I have a Samsung TV with a bright red light that's on whenever the device is off (WHY?) and a Samsung with lighted buttons where the power button's light doesn't ever turn off (WHY?). Both are covered with electric tape.
I swear, every time I think electronics manufacturers can't get dumber, they prove me wrong. The worst part of it is the realization that a simple firmware fix would make the difference between these being great devices and making me want to fly to South Korea and smack all their engineers upside the head repeatedly with a clue-by-four....
The NC version of the license is the only one I would ever willingly use, and that's coming from someone who is very familiar with copyright law. There's no misinformation involved. It simply doesn't bother me whether the definition of commercial use is precisely defined or vague, and honestly, I'd prefer that it be deliberately vague. If you are anywhere near that line, you should ask for permission. If you aren't anywhere near that line, you don't have to.
The only situation where it shouldn't be obvious would be posting something on a website on which you also sell ads. My rule on that is pretty simple: if you are an individual and those ads are basically intended to cover your bandwidth bill, you're fine. If you're a company or other organization, or if you are an individual who is making a living off of ad revenue, you're clearly on the other side of that line. If you're worried, ask.
You might be able to keep a call going during takeoff and landing, but otherwise, cellular phones are not likely to be usable for voice calls except on airplanes that provide internal picocells. You'd drop the call every minute or two. First, cellular phones have about a 10,000 foot ceiling, give or take, depending on how the towers are aimed. Second, cellular handoff barely works reliably at city street speeds, much less ten times that. Third, the cellular phone network isn't expecting a single phone to simultaneously see a couple of dozen towers spread out across a large distance. And because the ground isn't nearby to reduce signal propagation, it is even possible that GSM phones would suddenly be able to "see" towers beyond the 22 mile range limit, which could cause all sorts of fun problems that would not normally occur with phones near the ground.
Text messages, on the other hand, would probably work, albeit sporadically.
The usual way this happens is that they let the family go through the library and pick anything they want, then they sell what's left in a lot at auction to a used bookstore owner. This doesn't work for digital books, which makes digital books no more valuable than borrowing the book from a library or watching a streaming video from Netflix. Without permanence and individual transferability, there is no real value to "owning" a copy of the content, because no one will ever want the entire collection enough to pay any significant amount of money for it. Individuals won't because they won't like everything (and thus will consider parts of the collection as having zero value), and dealers won't because they won't be able to parcel it out and no individual will be willing to pay them much for it (because they won't like everything and...).
For this reason, I try fairly hard not to accumulate digital books, music, movies, or non-transferrable digital software downloads. If there are alternatives, I tend to choose them even if they are more expensive, because those alternatives have actual value beyond the value of their temporary utility.
I suppose updating your BIOS is not extremely common in the Windows world, though I've done more than one BIOS update over the years despite having used only a single-digit number of devices that actually have a BIOS, so it isn't that rare. And I would agree that updating the BIOS on server hardware is particularly exceptional.
The problem is that whatever standard somebody comes up with for servers is liable to trickle down into consumer goods. We'd be better off deciding on a single set of good, sane standards that everyone can live with, including consumer product makers. Coming from the Mac world, where nearly every piece of hardware has seen at least one EFI or SMC update, making it "almost impossible" seems like a very bad idea for general-purpose hardware.
Steps to defeat:
Set up a video camera with a long zoom lens from a hundred feet. Hit record. Wait for them to blink. Play back the video footage on a tablet. Steal their car or phone or whatever.
No paper cutouts needed. Now if they had two cameras, it might actually be a slight challenge.
Actually, Bruce Willis has done no such thing. According to his wife, the story is made up.
If a story sounds too good to be true, it usually is.
I don't even know what the "Old Spice Guy" is. That line of ads didn't have enough impact to get even a single mention by anyone I know, including my 459 Facebook friends, or any of the folks I converse with around the halls at work, or at church, or.... So maybe the line of ads was effective among the market segment who actually still watches commercials, but that market segment is rapidly dwindling.
IMO, Coke and Pepsi taste nothing alike. Coke has a much stronger bite to its flavor—almost a tartness—that Pepsi does not have. They are a commodity from a functional perspective. From a flavor perspective, not so much.
Yes, I'm sure. People typically buy what they are used to buying, so the main advantage to advertising of products in an established commodity market is hooking new buyers who haven't formed an opinion yet or to introduce new products.
Nothing. Which is why I haven't put up with watching a deodorant ad in about ten years.
Your threshold for "interesting" must be a lot lower than mine. Unless I'm either learning something new or being seriously entertained, it isn't interesting. And nobody seems to care about the first one, which pretty much leaves "seriously entertained". Statistically speaking, such ads, though memorable, don't result in a lasting brand impression, which makes them not particularly useful.
I have a degree in communications. I'm well aware of that purpose of advertising. However, as I understand it, those subconscious effects primarily change a person's impulse buying choice between commodity products (products for which there is little to no differentiation between vendors' goods). The more expensive the buy, the less likely people are to buy on impulse. The more differentiation between goods, the more likely people are to have a strong preference.
The problem is that although there's still a lot of impulse buying, it is mostly for stuff that would piss people off if they had to watch ads for it, like laundry detergent. These days, the ads people would choose to watch, if they were allowed to choose ads (but were forced to watch ads), would be ads for products that are actually interesting. Unfortunately, apart from informing the customer of what is out there on the market (which sites like Amazon can do much better), those ads are unlikely to sway their buying decision because of the instant availability of reviews and other information that provide much better differentiation than ads possibly could.
As the amount of available ad-free content grows, people get more annoyed by ads, and tolerate them less, choosing ad-free alternatives instead. This futher compounds the problem, both by reducing the number of people who see the ads and by associating a negative emotion (annoyance) with the product being advertised, which is likely to do more harm than good. And even if people don't get annoyed at the ads for commodity producers like Coke or Tide, they can't possibly provide enough advertising dollars to support all of the world's media needs.
Incidentally, the opinion that advertising's effetiveness is waning is supported by studies.
Now I will admit that there is still the possibility of replacing some of that ad revenue with money from product placement, but there aren't enough companies who could benefit from that to pay the bills long-term, IMO, and that doesn't work nearly as well for non-entertainment content (news, for example). And it certainly won't work as a means of paying the cost of developing software, maintaining websites, etc.
Unless, of course, this post was a paid product advertisement for Tide, in which case... well, call me a shill.
The problem is, we already have that. It's called Amazon's suggestions. And it usually does a pretty good job. What it does not do is provide a reason for the product vendors to spend money on financing unrelated things like TV shows.
Unfortunately for companies like Google and Facebook, the only way targeted advertising can work well is if it is done by a company that actually sells products and knows what a given person has actually been buying. You can't realistically hope to guess what someone is going to be interested in buying based on what they search for or what they talk about (unless they're searching product listings, and even then, without the ability to delete stuff from your search history, searches are useless). It just doesn't work that way. I talk about computers all the time. That doesn't mean I'm in the market for buying a Dell. I'm pretty much a Mac-only house except for a couple of Linux boxen (either old junk hardware or self-built). And I rarely buy software; I have software that does what I need. And I rarely buy computer peripherals. So pretty much anything I talk about on Facebook or search for through Google is going to be a red herring.
Worse, in a world where just about everything has product reviews on Amazon, if you don't make a good product, it doesn't matter how much advertising you do. When buying products that cost more than a few bucks, most people research the product through such a site. Thus, we're rapidly moving to a point where R&D spending is crucial to sales, and advertising only matters if the potential buyer has never heard of your product.
Which leads me to the ultimate realization that, at least in the long term, advertising is dead. With the availability of better alternatives that do a great job of showing you things that you want to buy (and only while you're in a shopping mood), there's just no room for advertising in a modern society. Apart from advertising to encourage consumption of cheap trinkets like cans of Coke or movie tickets or whatever, advertising can't realistically provide much benefit to the advertisers above what they get from "people who bought X also bought Y", coupled with reviews. And even then, the value is dubious unless the viewers just happen to be hungry or in the mood to go watch a movie in a crowded theater with a sticky floor and screaming kids throwing popcorn at them.
Unfortunately for Big Media, this means that in the fairly near future, content creators are going to have to face up to reality and choose one of two paths: direct sales or patronage. Ad-supported content is on the way out, and the sooner everyone acknowledges this, the sooner we can move on to more sustainable business models.
That's a good way to get flooded with so many reports that the real bugs can't get fixed. Most of the time, price variations between merchants in a game are, in fact, deliberate. Unless you can prove that these people cannot possibly have been unaware that the pricing was in error (e.g. a negative or zero price), your argument makes no sense.
Yes, I'm quite aware of what the GP is saying. What I'm saying is that more often than not these days, plain text input isn't sufficient. So you have two choices: HTML input or some alternative scheme like BBCode. And as soon as you find yourself using either one, mere quoting isn't sufficient. You have to do validation.
The iframe tag is less than ideal because the content must be provided out-of-band in a separate request. I mean sure, you can usually jam most things in so that they'll fit, but it isn't really ideal for content inserted dynamically.
Also, if I read the spec correctly, this has almost all of the same flaws as Mozilla's content security policies (minus the requirement that you must use a separate server to provide the content). Specifically, it's all-or-nothing. Either you allow scripts or you don't. A more rational policy would be "no content-provided scripts". That is, the browser drops any javascript: URLs in content-provided href attributes (or similar constructs in HTML and CSS), and does not parse the values of any attributes that are interpreted as being scripts (e.g. the onclick attribute), but does allow trusted scripts (from outside the sandbox) to install handlers that trigger behavior. Without that, there are almost certainly a number of site designs that cannot practically use the iframe sandbox.
This is why the correct solution is always whitelisting, not blacklisting. Whitelist the allowed tags, attributes, CSS subsets, etc. that you consider safe. This way, anything added to the specification is likely to get stripped out by your filtering code.
For example, I'm working on a website in which users provide content in a subset of HTML/XML. The only tags I'm allowing are p, span, div, select, and a couple of custom tags. The only attributes I'm allowing are the chosen value for the select element, the values for the option elements (which actually get replaced about a quarter second after the browser loads the content), the id attribute, and the class attribute. Everything else goes away and never gets served back, even to the same user.
The fundamental problem with trying to prevent users from doing XSS using content security policies is that to do it right, you need something more fine-grained than "this entire page may not contain JavaScript". Any real-world site is going to contain JavaScript, even if it is only a simple onclick element that executes an actual JavaScript function from a .js file provided by the server. So a truly no-js policy on the whole document would be a useless policy. And since the user-served content comes from the same server, a policy that limits it to content from a single server is also a useless policy. The policy logic needs to be at the element level in order to be useful, e.g. nothing in this user-provided div element is allowed to provide any JavaScript. And even at the element level, you would still need to do sanity checking on the server—parsing, specifically—to ensure that the user doesn't specify HTML content with extra close tags to break out of the sandboxed div or whatever.
Also, such a policy engine would have to be designed in such a way that it allows things like onclick handlers to be added to those elements using JavaScript code after the fact (just not through the onclick HTML attribute). Otherwise, you could not usefully allow user-provided HTML on any interestingly dynamic site (e.g. contentEditable). With such a design, you might be able to come up with a way to provide user-provided content in an iframe element using a data provider script running on a server in a different subdomain (assuming you don't run afoul of the browser's cross-domain security policies) so that they would not be able to provide code themselves, but your own scripts could still add executable handlers into them. However, it would be a colossal hack, with very steep costs, both in terms of needing an SSL wildcard cert and in terms of making your site performance much, much worse (because you'd need an extra HTTP request for each one of those iframe elements).
Ultimately, what this comes down to is a fundamental flaw in the way HTML's JavaScript support was designed. Under the hood, if you assign a handler to an element, you assign a function pointer/reference, but at the HTML level, you assign a string that gets parsed and turned into a new function, which gets assigned to the actual object's attribute. If HTML had been designed for security, the syntax would be onclick="function_name", which would prevent you from encoding any arbitrary JavaScript code into those attributes. WIth that change, a content security policy at the document level would be feasible. Unfortunately, HTML isn't designed for security—it is designed for the designer's convenience—which means that anybody taking arbitrary third-party HTML and incorporating it into a website must either do so with human intervention or must use some sort of whitelisting technique. Anything else borders on madness.
Validation is required, too, in many cases. XSS is a good example. Quoting prevents somebody who only has the ability to write plain text from being able to insert arbitrary HTML. Quoting does nothing if the users are able to actually provide HTML (e.g. any website built around contentEditable).
In the latter case, if your server does nothing but quote user-generated HTML properly, you're wide open to XSS attacks, because they do not require malformed content. Merely the fact that your server is serving the data means that any scripts on the page are trusted, including onclick handlers, onmouseover handlers, etc. Thus, you must completely parse the HTML content, rip out any such handlers, any "javascript:" links, etc., and emit the HTML in a sanitized form. This combines quoting (for any mangled structure that your parser turned into text, but that some browsers might otherwise have interpreted as code) with validation (for whitelisting allowable attributes and attribute values).
You should take a look at some of the newer color laser printers. By the time I started looking into them two or three years ago, the quality from at least some manufacturers had already come up to the point where they look remarkably similar to inkjet printing (unless you look at the way the light reflects off the paper at a steep angle or something). The test of a laser printer is to see what sort of print samples they use. Good printer vendors use a photograph. Great printer vendors use a properly lit portrait of a fair-skinned human face. That takes serious faith in your printer's output quality. :-)
I'm using a current-generation Konica Minolta printer (9600x600 DPI), and I regularly use it for color photo printing (well, book covers, but photographic book covers). I have zero tolerance for gradient banding, and I wouldn't have bought the printer if its gradient reproduction were anything less than outstanding.
Similarly, in my limited experience (floor sample) with Brother's laser printers, they're also good enough for photo-quality printing, though admittedly the photograph they chose was a fairly bold one, so I can't comment on how well their printers do on lighter gradients.
This is not to say that all color laser printers are up to the task. I've never gotten prints with what I considered to be acceptable gradients from any HP printer (color or black-and-white) that I've used (laser or otherwise). And the one print sample I saw from a Samsung printer (at a MacWorld Expo) was blotchy, dark, and had terrible contrast. So you do have to be careful, but decent, photo-quality laser printers are out there, and they're not too expensive, either.
Neither of the devices in question has a hard switch. If they did, I'd be able to turn off the light.... :-)
No, the GP wrote that small cars are only more dangerous than large cars if most of the cars on the road are large. That's not true. They would still be more dangerous even if all of the cars were small or large on any given road.
In a criminal trial, yes. In a civil trial, not so much. To my knowledge, tautologically speaking, no one has ever been jailed as a result of a civil trial other than for misconduct during the trial process (contempt of court, etc.)....
Sure, if you take a big car with no safety features and compare it to a smaller car with safety features, the smaller car is going to be safer. That goes without saying. That said, a modern big car with equivalent safety features would be safer than a modern small car. You have to compare apples to apples.
That's completely untrue. Larger vehicles with more mass, all other things being equal, would be safer when you crash into almost anything—trees, guard rails, etc.—because more mass = more inertia, which means it can more easily overcome the resting inertia of whatever it hits. Mind you, none of this helps if you hit a bridge abutment, but most of the things you might hit are not nearly that solid.
I've had the same ink clogging problems with Epson and Canon inkjet printers for the same reason. The problem there is not Lexmark. The problem is that inkjet technology is a fundamentally unreliable design except for moderately high-volume printing, and is way too expensive to use for high-volume printing.
They could solve the problem of course. They'd need a water or alcohol tank to flush the nozzles when the printer has been sitting there for more than a few hours, and a waste tank to hold the resulting ink (instead of the sponge that they use now). But fixing the problem would mean that they couldn't sell you a new printer every year when the heads fail.
No, inkjet printers should die. Color laser printers are almost as cheap (and much cheaper in the long run) and don't have nearly the level of reliability problems.
Likewise. I have a Samsung TV with a bright red light that's on whenever the device is off (WHY?) and a Samsung with lighted buttons where the power button's light doesn't ever turn off (WHY?). Both are covered with electric tape.
I swear, every time I think electronics manufacturers can't get dumber, they prove me wrong. The worst part of it is the realization that a simple firmware fix would make the difference between these being great devices and making me want to fly to South Korea and smack all their engineers upside the head repeatedly with a clue-by-four....
We could call it the Richard M. Stallman award for activistic excellence.
The NC version of the license is the only one I would ever willingly use, and that's coming from someone who is very familiar with copyright law. There's no misinformation involved. It simply doesn't bother me whether the definition of commercial use is precisely defined or vague, and honestly, I'd prefer that it be deliberately vague. If you are anywhere near that line, you should ask for permission. If you aren't anywhere near that line, you don't have to.
The only situation where it shouldn't be obvious would be posting something on a website on which you also sell ads. My rule on that is pretty simple: if you are an individual and those ads are basically intended to cover your bandwidth bill, you're fine. If you're a company or other organization, or if you are an individual who is making a living off of ad revenue, you're clearly on the other side of that line. If you're worried, ask.
Darn the TSA.
Ba-da-bump.
You might be able to keep a call going during takeoff and landing, but otherwise, cellular phones are not likely to be usable for voice calls except on airplanes that provide internal picocells. You'd drop the call every minute or two. First, cellular phones have about a 10,000 foot ceiling, give or take, depending on how the towers are aimed. Second, cellular handoff barely works reliably at city street speeds, much less ten times that. Third, the cellular phone network isn't expecting a single phone to simultaneously see a couple of dozen towers spread out across a large distance. And because the ground isn't nearby to reduce signal propagation, it is even possible that GSM phones would suddenly be able to "see" towers beyond the 22 mile range limit, which could cause all sorts of fun problems that would not normally occur with phones near the ground.
Text messages, on the other hand, would probably work, albeit sporadically.
The usual way this happens is that they let the family go through the library and pick anything they want, then they sell what's left in a lot at auction to a used bookstore owner. This doesn't work for digital books, which makes digital books no more valuable than borrowing the book from a library or watching a streaming video from Netflix. Without permanence and individual transferability, there is no real value to "owning" a copy of the content, because no one will ever want the entire collection enough to pay any significant amount of money for it. Individuals won't because they won't like everything (and thus will consider parts of the collection as having zero value), and dealers won't because they won't be able to parcel it out and no individual will be willing to pay them much for it (because they won't like everything and...).
For this reason, I try fairly hard not to accumulate digital books, music, movies, or non-transferrable digital software downloads. If there are alternatives, I tend to choose them even if they are more expensive, because those alternatives have actual value beyond the value of their temporary utility.
I suppose updating your BIOS is not extremely common in the Windows world, though I've done more than one BIOS update over the years despite having used only a single-digit number of devices that actually have a BIOS, so it isn't that rare. And I would agree that updating the BIOS on server hardware is particularly exceptional.
The problem is that whatever standard somebody comes up with for servers is liable to trickle down into consumer goods. We'd be better off deciding on a single set of good, sane standards that everyone can live with, including consumer product makers. Coming from the Mac world, where nearly every piece of hardware has seen at least one EFI or SMC update, making it "almost impossible" seems like a very bad idea for general-purpose hardware.