By now, everybody developing browser components should know that you do not provide functions which can execute arbitrary programs.
Usually, it's Microsoft doing this, with Outlook, IE, Office, etc. launching other applications. This is the source of most of the vulnerabilities involving web browsing. Now we have Google competing to offer similar security holes.
SiteTruth rates SiteTruth itself as "Site ownership identified but not verified." (a yellow question mark), which is correct - there's a valid name and address on the web site, but no third party verification of business identity. That's a neutral rating by our standards. The red circle with a bar through it is a bad rating. To get a good rating, a green checkmark, some third party has to verify business identity. A valid BBBonline seal (and yes, we check) or an SSL cert with a name and address will do it. We're working on verification via credit card processors for sites using off-site payment systems. Click on any rating icon for the full explanation of a rating.
The standard we're enforcing is rather low. Insisting that a business have a valid, published, name and address isn't an obstacle to any legitimate business.
Yes, the standards we're enforcing are slightly higher than those of California law. They're consistent with the Consumer's Union WebWatch guidelines ("Web sites should clearly disclose the physical location where they are produced, including an address, a telephone number or e-mail address") and the European Electronic Commerce Directive (Member States shall ensure that the service provider (defined as "any natural or legal person providing an information society service") shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information: (a) the name of the service provider; (b) the geographic address at which the service provider is established.) There's little support in law for anonymous businesses. If you're running a business without a published, valid name and address, there's something wrong.
All we ask for is a "Contact" or "About" page with a name and address in a format that would work on a mailed envelope. We can find that in HTML text; you don't have to do anything special for SiteTruth.
Name and address is just the first stage. Once we have a solid name and address, we can match it against business databases - state incorporation records, D/B/A names, criminal records, and credit ratings. We're doing some of that now, and will be doing more.
It seems the blacklist would work perfectly if nationalcity.com.userpro.io, or just userpro.io was blocked.
Notice that they're using "userpro.tw" and "directories.io" as well. And "prouserbase.tw", "udll.tw", "usersetup.io", "kloot.hk", and more. That phish operation has a domain farm with hundreds of domains known, and probably many more that haven't been reported yet.
Blacklists aren't really working any more. As with spam, where each spam message is now different, and as with viruses, where the smarter ones are different for each copy, the more advanced phishing sites now generate multiple sites, not just one site.
PhishTank is fooled by this. It assumes that a "phish site" is a unique URL. The phishing sites are now wise to that trick; many sites generate a new URL for each user, and some even generate a new domain. Current domains in PhishTank include "session-97701.nationalcity.com.userpro.io", "session-300962.nationalcity.com.userpro.io", "session-5489554.nationalcity.com.userpro.tw", "session-2721837.nationalcity.com.directories.io", etc. There are presumably many, many more that no user has reported yet. So the blacklist defense is failing.
It's thus too late for approaches based on manual detection. In the early days of spam, we all reported spam sites to SpamCop, which then blocked them. That stopped working years ago. The same has now happened for phishing sites.
The hard line approach is to implement something that prevents putting in credit card or bank information into forms unless the target page has a solid SSL certificate. (And not one those "Instant SSL - Domain Control Only Validated" cheapo certs that mean nothing, either.) It's getting harder to make even that work, with more and more Javascript processing going on in the browser. The browser may not be able to detect that the user is filling in a form.
We (SiteTruth), of course, are trying to promote the idea that you don't want to deal with a website unless the business behind the website can be clearly identified, so we do have a bias here. Nor do we have all the answers. But from the amount of activity in this area of security in the last month, it's becoming clear that some major tightening-up on business legitimacy on the web is needed.
"On the Internet, no one knows if you're a dog" just isn't good enough any more.
Yes, the DirecTV receivers for mobile use have an "Integrated GPS... to automatically enable local channels while in your home designated market area". Cross the area boundary and your TV reception cuts off.
If you've got automount running, UMS devices should just magically appear as storage when plugged in. Works fine in Suse 10.1, anyway. For MTP devices, libmtp [sourceforge.net] works fine. I just got a Samsung YP-T9 and replaced the MTP firmware with UMS firmware by transferring it with mtp-sendfile from libmtp. (There's also mtpfs [adebenham.com] which is supposed to make an MTP device look like a file system. I haven't tried it, it uses FUSE (user-space filesystem) which I haven't got installed at the moment and libmtp did the job.)
On the YP-T9 after transferring, I can play the files directly from the file viewer menu, but I need to run the "update library" to get them to show up under the music menu. (The player also plays Ogg Vorbis files just fine, but the current firmware doesn't seem to recognize Ogg metadata the way it does MP3 metadata. Sigh.) The same seems to be true if I transfer files from Windows in UMS mode.
That's why Linux on the desktop isn't going anywhere. The end user, not the developer, gets stuck with integration. Any questions?
This is sad.
As a programming language, Javascript makes Visual Basic look good.
The wierd thing is that we went through all this with Java almost a decade ago.
"Gears" is supposed to do roughly the same things Java was originally supposed to do.
Java went in a strange direction. "Applets" in the browser were never very popular. Java desktop applications were not widely successful, although a whole office suite was written in Java. Java ended up being the replacement for COBOL; it's what runs the business logic on the server.
The real innovation in Gears is providing a local database, instead of files, as the basic storage medium. That's not new in the Microsoft world (many apps use Jet, Microsoft's little database), but the open source world is still mostly in the flat file era for local storage. SQLite gets you locking, atomic transactions, structured data, and search capability. And you can get at those files via SQL; you don't have to access them through Gears and JavaScript. We may see bindings to the Gears back end for other languages. The middleware portion of this may be more important than the browser-based user interface.
'Press a button, it's on. Press it again, it's off. There are no other modes.'
Power controls like that are always a pain. You have to look to see if they're on to turn them off. And if they have other states, like "booting", "shutting down", or "crashed", it's even worse. Two buttons, "On" and "Off", please.
The database for domestic violence offenders is available. It's used by gun dealers. If we're going to have those restrictions for sex offenders, they should also apply for criminals.
News is what someone doesn't want published
on
It's Not News, It's Fark
·
· Score: 4, Insightful
All else is publicity.
It's a big issue, ignoring this commercial for "Fark" (which I hadn't heard mentioned in years). There are very few US newspapers left with much news.
The New York Times and the Wall Street Journal are about it.
The San Jose Mercury News used to be one of the last remaining local papers with real reporting, but since Knight-Ridder sold it to some suburban throwaway publisher, it's had very little real content.
Most of the reporters are gone.
The real test is this: did the story originate with a press release or a press conference? If it did, it's publicity. Take a printed newspaper and mark the non-wire-service ads for which this is not the case. There won't be many such stories. In some papers, there won't be any.
There are applications for this sort of thing, but finger-painting isn't it.
Given that the basic property of this device is that output resolution is good and screen size is large, and input resolution is poor but you can use multiple touches, an obvious application is video editing. An interface for quickly putting together a news show would find a high-end market. There are tools for this now, like Avid NewsCutter, but they rely heavily on keyboard commands and have too many modes.
The big advantage of multi-touch is that it's a way out of the mode limitations of a single-pointer interface. Right now, your options are usually verb-object (get into mode, select thing), or object-verb (select thing, go to menu to indicate what to do with it.) This breaks down when you need to talk about more than one thing at a time. With multi-touch, there are more options.
Somebody will probably do a DJ console with this interface.
"Semantic search" is actually a dumbed-down version of what, in AI, used to be called "natural language question answering systems". The first one that
was sort of useful was Bobrow's "Baseball", which, unlike Eliza, actually did something useful. "Baseball" had a small database of baseball statistics, and could answer questions like "How many games did the Orioles play in June?". I'm surprised that someone doesn't have a natural language query system for sports statistics on the web today. It's not out of reach technically, because the underlying data is well-structured. Sports fans would use it.
What something like this is really doing is translating natural language to SQL. "How many games did the Orioles play in June?" translates to something like SELECT COUNT(*) FROM games.baseball WHERE (hometeam="Orioles" OR awayteam="Orioles") AND month(gamedate) = 6 AND baseballseason(gamedate) = baseballseason(NOW());
There are existing tools for this, and there have been for years.
"Semantic search" is a dumbed down version of that because it doesn't try to answer the question. It just tries to spew back material which appears to contain an answer to the question. It's like talking to a politician, sales rep, or Jesus freak. "Ask Jeeves" was about as close as we ever got in the WWW era.
The problem with semantic search is that standalone queries have to be stated with more clarity and precision than most users are likely to achieve.
The original article suggested "What is palladium used for?" as a query. That's a completely different query from "What is the Palladium used for?". As a standalone query, the best answer is probably "Worship of the goddess Pallas Athene". Which is probably not what the user wanted. With location hints, one might guess that the user wanted information about some theater or nightclub named the Palladium. But that's a guess; sometimes it will be wrong.
This leads to systems that engage in dialogue with the user. Probably by asking the user multiple choice questions. That's quite feasible, but it usually just means funneling the user into some kind of "wizard"-like sequence of dialog boxes. Many sites have "product selectors" like that.
Another approach, which seems to be where Google is going, is to collect vast amounts of information about the user's previous behavior, which can be used as additional context for search requests. That's likely to help, but it makes downsides. If everybody gets a different answer when searching for something, you can't tell other people what to search for to find something.
Asking the same question again, after doing other things, might get you a different answer. It's probably going to do the wrong thing some of the time.
Given the model that "search is a box into which you type in what you want, more or less", that could drive users nuts.
And none of this really applies to shopping-related searches, which aren't formal queries at all.
Contract transfer is complex. In general, you can sell an asset, like a loan due you, but not an obligation, like a loan you owe. There's something called a "bulk transfer of a business" in the US, where one business takes over another, both assets and liabilities. But that's not what happened here. GoDaddy didn't acquire RegisterFly, nor are they taking on RegisterFly's liabilities (like the class action suit).
The point here is that domain owners who find themselves with GoDaddy as a registrar probably aren't bound by GoDaddy's terms, which include "You agree that You will not transfer any domain name registered through Go Daddy to another domain name registrar during the first sixty (60) days from its initial registration date", unless and until they actually buy something from GoDaddy.
But GoDaddy is a reasonable business, and a BBBonline member, so this probably won't be a problem most of the time. Trouble will probably be related to domains where RegisterFly screwed up the domain ownership info so badly that it's hard to demonstrate ownership.
Although it's a paid service, there's a useful tool in that situation. DomainTools has their own copy of the WHOIS database, including the history of changes, and you can buy access to that.
What this is really about was finding some registrar willing to take on the customer support load of cleaning up the mess. ICANN doesn't have a call center.
There are some interesting implications to this deal. For one thing, domain owners whose domains are now administered by GoDaddy have no contractual obligations to GoDaddy. So they should be able to transfer those domains anywhere, immediately.
Meanwhile, RegisterFly still hasn't complied with the court order issued Friday to put a notice on their web site within 48 hours that they are no longer a domain egistrar. They're even still taking registrations. I just tried their domain registration page, and it works at least up to the "checkout" point. So RegisterFly is probably in contempt of court.
It's not that hard to program shared-memory multiprocessors. Most of the problems we have doing that stem from the fact that C and C++ provide essentially no support for doing so; they shove the problem off to the operating system. The fundamental problem there is that the language has no idea which locks lock what.
Compare Ada, Java, etc.
Non-shared memory machines, though, are tough. If each CPU has plenty of memory, as in a (I hate to say it) Beowulf cluster, it's not too bad. But collections of small memory CPUs are a pain to program. Until recently, this was a headache only for people trying to use one of the weirder supercomputers like an NCube or a Connection Machine. Then came the Cell, and the PS3. With 256K per processor, you have to organize your program like an assembly line, where work units are pumped through the processor in sequence. For some applications this fits. For some it doesn't. And for some it adds a year to development time as the application logic is redesigned to fit this painful hardware. (Meanwhile, the XBox 360 programmers, who have a conventional 3-CPU shared memory multiprocessor, ship first.)
Actually, the real progress in massive parallelism is in graphic cards. The operations needed are well understood, so the hardware can be matched to the job.
If you want to see the details of that business model, read the 10-K filing of Marchex, the publicly traded domain farmer.
Some highlights:
"Our proprietary network is comprised of more than 200,000 Web sites."
We deliver pay-per-click advertising listings that are reflective of our merchant advertisers' products and services to online users in response to their keyword search queries, and in response to their typing of specific Web Sites into their browser (direct navigation). These pay-per-click listings are generally ordered in the search results based on the amount our merchant advertisers choose to pay for a targeted placement."
"We optimize key attributes of merchant advertiser Web sites to ensure the greatest opportunity for proper indexing, listing and inclusion in the editorial results of algorithmic search engines."
"We believe we are among the leaders in the direct navigation market due to our proprietary ownership of online user traffic, which totaled more than 31 million unique visitors in the month of December 2006."
"Online users can navigate the Web sites through a number of ways. For example, an online user who is specifically interested in traveling to Beijing may enter www.beijing.com directly into the Web address or URL box of their Internet browser. Once the user has arrived at the Web site they will find listings and information related to Beijing. As the user finds relevant information and clicks on a particular listing, we receive a pay-per-click fee."
"We expect new laws and regulations directly applicable to our business practices to be adopted in the near future. "
"We have largely incurred net losses since our inception, and we may incur net losses in the foreseeable future."
"A significant amount of revenue attributed to our domain name assets comes through our agreement with Yahoo! and its subsidiaries."
"Name Development acquired previously-owned Internet domain names that had expired and had been offered for sale by Internet domain name registrars following the period of permitted reclamation by their prior owners."
"The Federal Trade Commission, or FTC, has recently reviewed the way in which search engines disclose paid placements or paid inclusion practices to Internet users. In 2002, the FTC issued guidance recommending that all search engine companies ensure that all paid search results are clearly distinguished from non-paid results, that the use of paid inclusion is clearly and conspicuously explained and disclosed and that other disclosures are made to avoid misleading users about the possible effects of paid placement or paid inclusion listings on search results. Such disclosures if ultimately mandated by the FTC or voluntarily made by us may reduce the desirability of our paid placement and paid inclusion services. We believe that some users will conclude that paid search results are not subject to the same relevancy requirements as non-paid search results, and will view paid search results less favorably. If such FTC disclosure reduces the desirability of our paid placement and paid inclusion services, and "click-throughs" of our paid search results decrease, our business could be adversely affected."
It's not a very profitable business. You'd think that, given how little they actually do, they'd be making sizable amounts of money, but they're not. They have substantial revenue ($127 million), but their operating costs and compensation eat up almost all of that.
Many web businesses do not list a mailing address on their site.
Yes. And SiteTruth downgrades their rating accordingly. That's by intent. We're in California, and apply California law on Internet businesses:
"Before accepting any payment or processing any debit or credit charge or funds transfer, the vendor shall disclose to the buyer in writing or by electronic means of communication, such as e-mail or an on-screen notice, the vendor's return and refund policy, the legal name under which the business is conducted and, except as provided in paragraph (3) [about registered post office boxes], the complete street address from which the business is actually conducted. ...
Any violation of the provisions of this section is a misdemeanor punishable by imprisonment in the county jail not exceeding six months, by a fine not exceeding one thousand dollars ($1,000), or by both that imprisonment and fine."
That law gets used, too. It's rare to have a prosecution for just failing to disclose business location. But businesses where consumer complaints reach the level that prosecutors get interested have been cited for that violation. It's easy to prove and carries a jail term. That tends to get a business owner's attention.
One of the things we do with SiteTruth is filter out sites like this.
SiteTruth is looking for the name and address of the business behind any web site that's selling something. If we can't find a name and address in a place most users would look, it's an illegal business (see California B&P code section 17538, European Directive on Electronic Commerce, etc.) So they get a rating - a big red circle with a bar through it. And they go to the bottom of the search rankings.
If they do give a name and address, we look it up in business databases, and try to tie it to a corporation or a business license. "Millions of Addresses, Thousands of Sites, One Business" is something we can see - if huge numbers of domains map to one real-world business, that just screams "domain spammer".
We're still in alpha test, so you have to go to our web site to see this, but in time there will be toolbars to squelch this junk at the browser level.
This summer's movies so far don't look good. Right now, we have two #3 sequels, and two zombie movies. One of which is a #3 sequel. Last week we had a #3 sequel. On the "serious" movie side, we have two movies about pregnancy and abortion. Coming up next week is a a #3 sequel to a remake of a heist movie.
Compared to that, another all-CG Star [Wars|Trek|Gate] TV show sounds good. But that's relative.
Just wait. In a few months, the MPAA will be screaming again that DVD sales are down because of piracy.
Re:Roland the Plogger again
on
Driving on Starch
·
· Score: 2, Informative
Read the research web site, not the press release or the Roland the Plogger misinterpretation. This research involves several approaches of cracking cellulose from agricultural waste down to something more useful.
Starches and cellulose are both glucose chains.
The back end of the process is supposed to be a scheme for getting hydrogen from sugar. Their goal is C5H10O5 + 7 H2O --> 12 H2 + 6 CO2, driven by some synthetic enzymes. But they're vague on how far they've actually progressed in this direction. The web site references published papers for the cellulose research, but not for the hydrogen-from-sugar scheme.
Roland the Plogger again
on
Driving on Starch
·
· Score: 4, Interesting
It's Roland the Plogger again, wrong as usual.
It's been possible to convert cellulose to ethanol using enzymes for a while now. The problem is that making the enzymes is still too expensive for this to be
useful as a fuel process. This Wikipedia article provides some background on that. It's a good idea. If the cost of making the enzymes can be brought down, there's plenty of agricultural waste (straw, bagasse, corn cobs, wood chips) available at low or even negative (it costs money to dispose of it) cost. Venture capital is going into developing cost-effective processes.
But it's not likely to be done in a car's fuel tank. Something more like a brewery scaled up to oil refinery size is more like it.
By now, everybody developing browser components should know that you do not provide functions which can execute arbitrary programs.
Usually, it's Microsoft doing this, with Outlook, IE, Office, etc. launching other applications. This is the source of most of the vulnerabilities involving web browsing. Now we have Google competing to offer similar security holes.
SiteTruth rates SiteTruth itself as "Site ownership identified but not verified." (a yellow question mark), which is correct - there's a valid name and address on the web site, but no third party verification of business identity. That's a neutral rating by our standards. The red circle with a bar through it is a bad rating. To get a good rating, a green checkmark, some third party has to verify business identity. A valid BBBonline seal (and yes, we check) or an SSL cert with a name and address will do it. We're working on verification via credit card processors for sites using off-site payment systems. Click on any rating icon for the full explanation of a rating.
The standard we're enforcing is rather low. Insisting that a business have a valid, published, name and address isn't an obstacle to any legitimate business. Yes, the standards we're enforcing are slightly higher than those of California law. They're consistent with the Consumer's Union WebWatch guidelines ("Web sites should clearly disclose the physical location where they are produced, including an address, a telephone number or e-mail address") and the European Electronic Commerce Directive (Member States shall ensure that the service provider (defined as "any natural or legal person providing an information society service") shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information: (a) the name of the service provider; (b) the geographic address at which the service provider is established.) There's little support in law for anonymous businesses. If you're running a business without a published, valid name and address, there's something wrong.
All we ask for is a "Contact" or "About" page with a name and address in a format that would work on a mailed envelope. We can find that in HTML text; you don't have to do anything special for SiteTruth.
Name and address is just the first stage. Once we have a solid name and address, we can match it against business databases - state incorporation records, D/B/A names, criminal records, and credit ratings. We're doing some of that now, and will be doing more.
It seems the blacklist would work perfectly if nationalcity.com.userpro.io, or just userpro.io was blocked.
Notice that they're using "userpro.tw" and "directories.io" as well. And "prouserbase.tw", "udll.tw", "usersetup.io", "kloot.hk", and more. That phish operation has a domain farm with hundreds of domains known, and probably many more that haven't been reported yet.
CastleCops identifies this as a botnet. One that buys domains with stolen credit card numbers.
Blacklists aren't really working any more. As with spam, where each spam message is now different, and as with viruses, where the smarter ones are different for each copy, the more advanced phishing sites now generate multiple sites, not just one site.
PhishTank is fooled by this. It assumes that a "phish site" is a unique URL. The phishing sites are now wise to that trick; many sites generate a new URL for each user, and some even generate a new domain. Current domains in PhishTank include "session-97701.nationalcity.com.userpro.io", "session-300962.nationalcity.com.userpro.io", "session-5489554.nationalcity.com.userpro.tw", "session-2721837.nationalcity.com.directories.io", etc. There are presumably many, many more that no user has reported yet. So the blacklist defense is failing.
It's thus too late for approaches based on manual detection. In the early days of spam, we all reported spam sites to SpamCop, which then blocked them. That stopped working years ago. The same has now happened for phishing sites.
The hard line approach is to implement something that prevents putting in credit card or bank information into forms unless the target page has a solid SSL certificate. (And not one those "Instant SSL - Domain Control Only Validated" cheapo certs that mean nothing, either.) It's getting harder to make even that work, with more and more Javascript processing going on in the browser. The browser may not be able to detect that the user is filling in a form.
We (SiteTruth), of course, are trying to promote the idea that you don't want to deal with a website unless the business behind the website can be clearly identified, so we do have a bias here. Nor do we have all the answers. But from the amount of activity in this area of security in the last month, it's becoming clear that some major tightening-up on business legitimacy on the web is needed.
"On the Internet, no one knows if you're a dog" just isn't good enough any more.
Obviously, what MLB would like is a GPS unit in the receiver to enforce their area restrictions.
Like this.
Yes, the DirecTV receivers for mobile use have an "Integrated GPS ... to automatically enable local channels while in your home designated market area". Cross the area boundary and your TV reception cuts off.
The original article provides the context.
It's a typical sports story, except it's about video games. Donkey Kong, of all things, a coin-op arcade game from 1981.
If you've got automount running, UMS devices should just magically appear as storage when plugged in. Works fine in Suse 10.1, anyway. For MTP devices, libmtp [sourceforge.net] works fine. I just got a Samsung YP-T9 and replaced the MTP firmware with UMS firmware by transferring it with mtp-sendfile from libmtp. (There's also mtpfs [adebenham.com] which is supposed to make an MTP device look like a file system. I haven't tried it, it uses FUSE (user-space filesystem) which I haven't got installed at the moment and libmtp did the job.)
On the YP-T9 after transferring, I can play the files directly from the file viewer menu, but I need to run the "update library" to get them to show up under the music menu. (The player also plays Ogg Vorbis files just fine, but the current firmware doesn't seem to recognize Ogg metadata the way it does MP3 metadata. Sigh.) The same seems to be true if I transfer files from Windows in UMS mode.
That's why Linux on the desktop isn't going anywhere. The end user, not the developer, gets stuck with integration. Any questions?
This is sad. As a programming language, Javascript makes Visual Basic look good.
The wierd thing is that we went through all this with Java almost a decade ago. "Gears" is supposed to do roughly the same things Java was originally supposed to do.
Java went in a strange direction. "Applets" in the browser were never very popular. Java desktop applications were not widely successful, although a whole office suite was written in Java. Java ended up being the replacement for COBOL; it's what runs the business logic on the server.
The real innovation in Gears is providing a local database, instead of files, as the basic storage medium. That's not new in the Microsoft world (many apps use Jet, Microsoft's little database), but the open source world is still mostly in the flat file era for local storage. SQLite gets you locking, atomic transactions, structured data, and search capability. And you can get at those files via SQL; you don't have to access them through Gears and JavaScript. We may see bindings to the Gears back end for other languages. The middleware portion of this may be more important than the browser-based user interface.
Incidentally, no one seems to have mentioned that Google has launched a replacement for SourceForge.
'Press a button, it's on. Press it again, it's off. There are no other modes.'
Power controls like that are always a pain. You have to look to see if they're on to turn them off. And if they have other states, like "booting", "shutting down", or "crashed", it's even worse. Two buttons, "On" and "Off", please.
That's called a "common carrier". Which is what US telephony was until "deregulation".
The database for domestic violence offenders is available. It's used by gun dealers. If we're going to have those restrictions for sex offenders, they should also apply for criminals.
All else is publicity.
It's a big issue, ignoring this commercial for "Fark" (which I hadn't heard mentioned in years). There are very few US newspapers left with much news. The New York Times and the Wall Street Journal are about it.
The San Jose Mercury News used to be one of the last remaining local papers with real reporting, but since Knight-Ridder sold it to some suburban throwaway publisher, it's had very little real content. Most of the reporters are gone.
The real test is this: did the story originate with a press release or a press conference? If it did, it's publicity. Take a printed newspaper and mark the non-wire-service ads for which this is not the case. There won't be many such stories. In some papers, there won't be any.
This needs to be expanded to include domestic violence offenders. That would be really valuable for dating sites.
There are applications for this sort of thing, but finger-painting isn't it.
Given that the basic property of this device is that output resolution is good and screen size is large, and input resolution is poor but you can use multiple touches, an obvious application is video editing. An interface for quickly putting together a news show would find a high-end market. There are tools for this now, like Avid NewsCutter, but they rely heavily on keyboard commands and have too many modes.
The big advantage of multi-touch is that it's a way out of the mode limitations of a single-pointer interface. Right now, your options are usually verb-object (get into mode, select thing), or object-verb (select thing, go to menu to indicate what to do with it.) This breaks down when you need to talk about more than one thing at a time. With multi-touch, there are more options.
Somebody will probably do a DJ console with this interface.
"Semantic search" is actually a dumbed-down version of what, in AI, used to be called "natural language question answering systems". The first one that was sort of useful was Bobrow's "Baseball", which, unlike Eliza, actually did something useful. "Baseball" had a small database of baseball statistics, and could answer questions like "How many games did the Orioles play in June?". I'm surprised that someone doesn't have a natural language query system for sports statistics on the web today. It's not out of reach technically, because the underlying data is well-structured. Sports fans would use it.
What something like this is really doing is translating natural language to SQL. "How many games did the Orioles play in June?" translates to something like SELECT COUNT(*) FROM games.baseball WHERE (hometeam="Orioles" OR awayteam="Orioles") AND month(gamedate) = 6 AND baseballseason(gamedate) = baseballseason(NOW()); There are existing tools for this, and there have been for years.
"Semantic search" is a dumbed down version of that because it doesn't try to answer the question. It just tries to spew back material which appears to contain an answer to the question. It's like talking to a politician, sales rep, or Jesus freak. "Ask Jeeves" was about as close as we ever got in the WWW era.
The problem with semantic search is that standalone queries have to be stated with more clarity and precision than most users are likely to achieve. The original article suggested "What is palladium used for?" as a query. That's a completely different query from "What is the Palladium used for?". As a standalone query, the best answer is probably "Worship of the goddess Pallas Athene". Which is probably not what the user wanted. With location hints, one might guess that the user wanted information about some theater or nightclub named the Palladium. But that's a guess; sometimes it will be wrong.
This leads to systems that engage in dialogue with the user. Probably by asking the user multiple choice questions. That's quite feasible, but it usually just means funneling the user into some kind of "wizard"-like sequence of dialog boxes. Many sites have "product selectors" like that.
Another approach, which seems to be where Google is going, is to collect vast amounts of information about the user's previous behavior, which can be used as additional context for search requests. That's likely to help, but it makes downsides. If everybody gets a different answer when searching for something, you can't tell other people what to search for to find something. Asking the same question again, after doing other things, might get you a different answer. It's probably going to do the wrong thing some of the time. Given the model that "search is a box into which you type in what you want, more or less", that could drive users nuts.
And none of this really applies to shopping-related searches, which aren't formal queries at all.
Unclear what they're doing with new orders. Reselling eNom, maybe?
Contract transfer is complex. In general, you can sell an asset, like a loan due you, but not an obligation, like a loan you owe. There's something called a "bulk transfer of a business" in the US, where one business takes over another, both assets and liabilities. But that's not what happened here. GoDaddy didn't acquire RegisterFly, nor are they taking on RegisterFly's liabilities (like the class action suit).
The point here is that domain owners who find themselves with GoDaddy as a registrar probably aren't bound by GoDaddy's terms, which include "You agree that You will not transfer any domain name registered through Go Daddy to another domain name registrar during the first sixty (60) days from its initial registration date", unless and until they actually buy something from GoDaddy.
But GoDaddy is a reasonable business, and a BBBonline member, so this probably won't be a problem most of the time. Trouble will probably be related to domains where RegisterFly screwed up the domain ownership info so badly that it's hard to demonstrate ownership.
Although it's a paid service, there's a useful tool in that situation. DomainTools has their own copy of the WHOIS database, including the history of changes, and you can buy access to that.
What this is really about was finding some registrar willing to take on the customer support load of cleaning up the mess. ICANN doesn't have a call center.
There are some interesting implications to this deal. For one thing, domain owners whose domains are now administered by GoDaddy have no contractual obligations to GoDaddy. So they should be able to transfer those domains anywhere, immediately.
Meanwhile, RegisterFly still hasn't complied with the court order issued Friday to put a notice on their web site within 48 hours that they are no longer a domain egistrar. They're even still taking registrations. I just tried their domain registration page, and it works at least up to the "checkout" point. So RegisterFly is probably in contempt of court.
It's not that hard to program shared-memory multiprocessors. Most of the problems we have doing that stem from the fact that C and C++ provide essentially no support for doing so; they shove the problem off to the operating system. The fundamental problem there is that the language has no idea which locks lock what. Compare Ada, Java, etc.
Non-shared memory machines, though, are tough. If each CPU has plenty of memory, as in a (I hate to say it) Beowulf cluster, it's not too bad. But collections of small memory CPUs are a pain to program. Until recently, this was a headache only for people trying to use one of the weirder supercomputers like an NCube or a Connection Machine. Then came the Cell, and the PS3. With 256K per processor, you have to organize your program like an assembly line, where work units are pumped through the processor in sequence. For some applications this fits. For some it doesn't. And for some it adds a year to development time as the application logic is redesigned to fit this painful hardware. (Meanwhile, the XBox 360 programmers, who have a conventional 3-CPU shared memory multiprocessor, ship first.)
Actually, the real progress in massive parallelism is in graphic cards. The operations needed are well understood, so the hardware can be matched to the job.
If you want to see the details of that business model, read the 10-K filing of Marchex, the publicly traded domain farmer.
Some highlights:
It's not a very profitable business. You'd think that, given how little they actually do, they'd be making sizable amounts of money, but they're not. They have substantial revenue ($127 million), but their operating costs and compensation eat up almost all of that.
Many web businesses do not list a mailing address on their site.
Yes. And SiteTruth downgrades their rating accordingly. That's by intent. We're in California, and apply California law on Internet businesses: "Before accepting any payment or processing any debit or credit charge or funds transfer, the vendor shall disclose to the buyer in writing or by electronic means of communication, such as e-mail or an on-screen notice, the vendor's return and refund policy, the legal name under which the business is conducted and, except as provided in paragraph (3) [about registered post office boxes], the complete street address from which the business is actually conducted.
...
Any violation of the provisions of this section is a misdemeanor punishable by imprisonment in the county jail not exceeding six months, by a fine not exceeding one thousand dollars ($1,000), or by both that imprisonment and fine."
That law gets used, too. It's rare to have a prosecution for just failing to disclose business location. But businesses where consumer complaints reach the level that prosecutors get interested have been cited for that violation. It's easy to prove and carries a jail term. That tends to get a business owner's attention.
Anonymity is for individuals. Not businesses.
One of the things we do with SiteTruth is filter out sites like this.
SiteTruth is looking for the name and address of the business behind any web site that's selling something. If we can't find a name and address in a place most users would look, it's an illegal business (see California B&P code section 17538, European Directive on Electronic Commerce, etc.) So they get a rating - a big red circle with a bar through it. And they go to the bottom of the search rankings.
If they do give a name and address, we look it up in business databases, and try to tie it to a corporation or a business license. "Millions of Addresses, Thousands of Sites, One Business" is something we can see - if huge numbers of domains map to one real-world business, that just screams "domain spammer".
We're still in alpha test, so you have to go to our web site to see this, but in time there will be toolbars to squelch this junk at the browser level.
Think of it as "spam filtering 2.0".
This summer's movies so far don't look good. Right now, we have two #3 sequels, and two zombie movies. One of which is a #3 sequel. Last week we had a #3 sequel. On the "serious" movie side, we have two movies about pregnancy and abortion. Coming up next week is a a #3 sequel to a remake of a heist movie.
Compared to that, another all-CG Star [Wars|Trek|Gate] TV show sounds good. But that's relative.
Just wait. In a few months, the MPAA will be screaming again that DVD sales are down because of piracy.
Read the research web site, not the press release or the Roland the Plogger misinterpretation. This research involves several approaches of cracking cellulose from agricultural waste down to something more useful. Starches and cellulose are both glucose chains.
The back end of the process is supposed to be a scheme for getting hydrogen from sugar. Their goal is C5H10O5 + 7 H2O --> 12 H2 + 6 CO2, driven by some synthetic enzymes. But they're vague on how far they've actually progressed in this direction. The web site references published papers for the cellulose research, but not for the hydrogen-from-sugar scheme.
It's Roland the Plogger again, wrong as usual.
It's been possible to convert cellulose to ethanol using enzymes for a while now. The problem is that making the enzymes is still too expensive for this to be useful as a fuel process. This Wikipedia article provides some background on that. It's a good idea. If the cost of making the enzymes can be brought down, there's plenty of agricultural waste (straw, bagasse, corn cobs, wood chips) available at low or even negative (it costs money to dispose of it) cost. Venture capital is going into developing cost-effective processes.
But it's not likely to be done in a car's fuel tank. Something more like a brewery scaled up to oil refinery size is more like it.