I guess I've observed there too many times for such a joke to be funny.
Especially when there's so many better jokes. Like, did you ever come out in the winter to see some guy with his tongue stuck to the sign, going "I thought they were inthructionth!"
You also don't mention what the road to Lick is paved with. Somehow I doubt it's good intentions.
There's a zillion comments in this thread pointing out that the Planet has every right to terminate any contract they want for (nearly) any reason they want. That's true, but it's not the point -- the point is that, if an ISP terminates a contract because they don't like the speech, that information is vital to me when deciding whether I want to host there. If a top five ISP terminates a contract for that reason, then lots of discussion of the decision is merited because it will be setting standards for the entire industry.
Likewise, though it's more farfetched, if the ISP made that decision at the request of the US government, I *definitely* want some discussion about how I can expect my ISP to react if the government ever asks them to stop supporting *my* speech.
Of course, the comments pointing out that we don't know a damn thing about what actually happened are right on target. I'm hoping this story will bring some pressure on the relevant parties to explain it, though, so it's not like it's pointless from that perspective either...
I totally agree about the issues with hiring virus writers, although I can imagine coming down on either side in different cases. I'm just saying the grandparent's metaphors were all backwards, which I'll stick to in the case of doctors. Here's how it actually went, in real life:
1) US bioweapons experts developed anthrax.
2) unknown low-level bad guys released it.
3) US bioweapons experts developed ways to deal with anthrax.
4) doctors delivered the medicine
Again, this is the actual, nonmetaphorical chain of events. See how having the people who developed the problem develop the cure makes sense? Now whether they should have been developing the problem in the first place, and whether it's ethically sound to have the *same* experts working on the disease and the cure, is a separate question...
Actually, I would trust a bioweapons engineer to create a drug designed to block biological weapons far more than I would trust a doctor. What, you were going to put a surgeon or a pediatrician in charge of that team? I would also expect a talented safecracker to know things about safes that the original designers don't know -- and as someone else pointed out, who better to blow up the bridge than a guy who builds bridges?
A poorly thought out simile is like a fish riding a bicycle, for reasons you would do well to contemplate on.
In the meantime, the safecracker metaphor is actually kind of revealing: getting input from the safecracker on how to protect future safes is invaluable, *but* you would of course expect any changes to be thoroughly reviewed by trusted engineers before they were accepted. I wonder if the firms employing old virus writers apply similar precautions?
OK, but if someone found a short perl script that would reveal random selections from recently sent postcards in the mail, that would sure as hell be news. The fact that it can be read in theory by other means doesn't mean that a particularly easy way to read it is irrelevant.
Right, but, Apple *has* made it trivial to install RAM and an airport card in the iBook and Powerbook. The same philosophy looks like it would work here as well: expose a couple of very basic ports (which are the ones most likely to be upgraded), and make the rest require special tools to get at.
I wouldn't be surprised to see that happen in a later release, but then, I haven't played with it, so maybe it would have been harder than I can see from the pictures.
As far as I can tell, throwing it in involves getting past a case that doesn't want you to open it and incidentally voiding your warrantee -- at least, there's a line on the design page about Apple-certified RAM upgrades only, and I haven't seen any mention of how you open it.
I shouldn't talk before I've seen it, but at this point not having a case that allows for upgrades seems like a pointless flaw in an otherwise awe-inspiring product. I guess we'll see, though.
Well, the thing is, $75 in this case only buys you an additional 256 MB. That's not such a sweet deal.
You're right that it wouldn't be a dealbreaker for me, though -- I just have a philosophical objection. I think it would be a lot smarter to offer the upgrade basically at cost (which I imagine would be about $35). An extra $40 isn't worth it if the next computer they buy is a PC.
OK, all you folks who are about to get your first Mac -- yes, do it, it's worth it. But listen, OS X just won't be happy with 256MB of RAM. Throw in another $75 and get 512.
Apple loves overcharging for ram. I don't know why, and it bugs me, so normally I upgrade from a third party right after I get a new computer. That isn't an option here, so just bite the bullet and do it. Otherwise, we're all going to be back here in a month complaining about how slow the mini is, and no one wants that.
Someone else pointed out that this was done via frames before XmlHttpRequest existed -- I myself have written javascript apps that called the server that way, feeling very clever for coming up with the idea, and didn't find out about XHR until Google Suggest popped up, at which point I slapped my forehead.
It closes with a single cross-browser javascript function that first writes the iframe into the document if it doesn't already exist, then calls an arbitrary URL. They have a demo -- very impressive.
One thing you'd have to think carefully about is privacy and security; how do you stop a user finding stuff out about files they're not entitled to read?
Perhaps it would simply work to store information about each file in a database with the same permissions as the file has. Then if the search runs with the user's permissions, which is probably a good idea, it could only read the index for files that the user could read anyway. In case the file permissions change between index runs, you could throw in a check that wouldn't show results that weren't currently readable. That part might be worked around, but would at least prevent accidental exposure.
I'm not trying to be hostile here, but I have a friend whose pastor admitted he was gay and then committed suicide. I'm sure up until that point, most of the members of his church would have said the same thing -- there may be lots of gay people, but none of them are *here*. None of them are people I would know.
The only real gay activity or 'interest' is having gay sex, and that's an interest that many gay people don't admit to or participate in. It's time to stop pretending that most gay people are anything other than our friends and family members-- than people like us.
(I'm going to regret this post -- haven't had my coffee yet.:)
Anyway, this is just a reminder -- it's hard to know for sure, but at a best guess, about one in ten people are gay. Most of them (in the States at least) are afraid to admit it, can't imagine why, so if you have ten friends, there's no way of knowing which one is queer. That means there's a decent chance that one of them is there when you're joking -- and it sounds like 1) you tend to say things that would be hurtful to gays if they were there, and 2) you're not into hurting anyone.
It's a real problem, isn't it? Hard to know what to do. Me, I tend to make jokes about black people -- I can be sure there are none of *those* in the room.
Every time a new exploit travels around the internet, there are posts here saying things like "it's a good thing there was that bug..." or "it's a good thing they used a relatively inefficient search for new hosts..." or "it's a good thing it failed to disguise itself in this way..."
If there's a movement towards greater code reuse, sharing of ideas, and debugging help among the people creating these exploits, we won't just see a speed difference -- we'll see a quality difference. We've been relying on security through malware incompetence for a little too long...
Great link -- it hadn't occured to me, but 3D modelling with simple polygons like those earlier FPS games is probably the easiest application to apply a sketch filter to. Nifty.
Also, there's good news for you -- the page you linked connects to this one, which is a rough replacement OpenGL driver to postprocess any application's OpenGL calls with any sort of filter... *very* cool stuff, though the page isn't dated, and there's no source, so it's hard to tell if it's still alive. Does have a screencap from Quake 3, though, and instructions to try it yourself.
If a university has a 75% drop-out rate should they be funded the same as, less then or more then a university with a 5% drop-out rate? That's worthy of debate, something not possible without this data.
OK, I'm thinking... is there *any* way we could determine a university's dropout rate without the "name, address, birth date, gender, race, and SSN" of every student who has ever attended?
Thanks for the 'think' advice. That was a good idea. If you don't mind, though, I'll keep the tin foil until you can explain any reason to store individual rather than aggregate data for each school.
but, still, it just boils down to making a simple unstated assumption that changes the whole outcome of the data.
Unfortunately this is a trend that is increasing in our society, one takes a fact or group of facts out of context and uses that to prove something.
My god... you just took one isolated fact to make a sweeping generalization about the way our society makes generalizations from isolated facts. Come on, mods, where's the +5 Funny? That comment was comic genius.
Here's the thing -- for the first time, it's possible that a single, clever hacker slightly altered the returns across the state of Florida to convincingly shift the outcome by a percent or two. I agree with you that most likely it didn't happen -- but damn, there's just no way of knowing, is there? The statement "there is not wholesale or widespread fraud in the election" is one that not you, nor anyone else can support right now. The only way to do that is to sniff around, check all the logs and records and whatever, and see if anything interesting pops up.
A better way to phrase it would be, "we'll never know if there was wholesale or widespread fraud in the election, but since it looks like he won, and it's certainly credible that he did, why don't we just go with it?"
That sentiment makes a lot of sense -- but I'm still glad they're checking into it as best they can.
I've been the victim of online credit card theft, and I design ecommerce systems for a living, so I'll speak to that small part of the problem. The solution is mindblowingly simple: never identify yourself to anyone but your credit card company.
I care about this, because it's my ass on the line if my software has any holes in it. Metaphorically, here's how the system works currently: you're buying something from me, so you give me all of your bank information, I write it down someplace and keep it for ever, and then I go later and withdraw the money from your bank. If my files are ever broken into, whoever took them can also go and withdraw money from your bank -- and conversely, if I give you something valuable in exchange for your bank information, and then your account turns out to be empty, I'm SOL.
We do this because it matches the way credit card transactions are done in the real world. The internet gives us a few luxuries, however. Here's how the system should work: you're buying something from me, so I instantly teleport you to your actual bank. You tell them exactly how much money to give me, as soon as I call and confirm the transaction is complete -- the bank verifies that they know you, and you verify that it's your bank, and I don't give a crap how that happens. You then teleport back to my store with a slip of paper with a number on it. I call up your bank and verify that that number means that you transferred the proper amount of money to me.
All of this can be integrated seamlessly into existing online checkouts without changing the experience much, and it reduces the millions of potential points of failure in ecommerce across the internet to about 5 -- one for each credit card company.
Until this system is implemented, I'm saying the problem of online credit card fraud can be blamed entirely on inertia -- the technical solution is there.
This is offtopic, but I hope no one is gambling real money on Neopets. The thing is, my little brother hacked it a couple of years ago, back when he was 13 years old and had that kind of free time. He set up a little web form that would let him submit any score he wanted for any of their games.
Of course, not wanting to spoil anyone's fun, he only used it once to get #11 on some ranking or other, and they may have switched to a non-laughably trivial encryption scheme since then. Still, the best use of Neopets may be to teach you what happens when you compete on a website you don't control with people you don't know...
Slashdot Mirror
I guess I've observed there too many times for such a joke to be funny.
Especially when there's so many better jokes. Like, did you ever come out in the winter to see some guy with his tongue stuck to the sign, going "I thought they were inthructionth!"
You also don't mention what the road to Lick is paved with. Somehow I doubt it's good intentions.
There's a zillion comments in this thread pointing out that the Planet has every right to terminate any contract they want for (nearly) any reason they want. That's true, but it's not the point -- the point is that, if an ISP terminates a contract because they don't like the speech, that information is vital to me when deciding whether I want to host there. If a top five ISP terminates a contract for that reason, then lots of discussion of the decision is merited because it will be setting standards for the entire industry.
...
Likewise, though it's more farfetched, if the ISP made that decision at the request of the US government, I *definitely* want some discussion about how I can expect my ISP to react if the government ever asks them to stop supporting *my* speech.
Of course, the comments pointing out that we don't know a damn thing about what actually happened are right on target. I'm hoping this story will bring some pressure on the relevant parties to explain it, though, so it's not like it's pointless from that perspective either
I totally agree about the issues with hiring virus writers, although I can imagine coming down on either side in different cases. I'm just saying the grandparent's metaphors were all backwards, which I'll stick to in the case of doctors. Here's how it actually went, in real life:
...
1) US bioweapons experts developed anthrax.
2) unknown low-level bad guys released it.
3) US bioweapons experts developed ways to deal with anthrax.
4) doctors delivered the medicine
Again, this is the actual, nonmetaphorical chain of events. See how having the people who developed the problem develop the cure makes sense? Now whether they should have been developing the problem in the first place, and whether it's ethically sound to have the *same* experts working on the disease and the cure, is a separate question
To answer your question, though, yes, I serious.
Actually, I would trust a bioweapons engineer to create a drug designed to block biological weapons far more than I would trust a doctor. What, you were going to put a surgeon or a pediatrician in charge of that team? I would also expect a talented safecracker to know things about safes that the original designers don't know -- and as someone else pointed out, who better to blow up the bridge than a guy who builds bridges?
A poorly thought out simile is like a fish riding a bicycle, for reasons you would do well to contemplate on.
In the meantime, the safecracker metaphor is actually kind of revealing: getting input from the safecracker on how to protect future safes is invaluable, *but* you would of course expect any changes to be thoroughly reviewed by trusted engineers before they were accepted. I wonder if the firms employing old virus writers apply similar precautions?
OK, but if someone found a short perl script that would reveal random selections from recently sent postcards in the mail, that would sure as hell be news. The fact that it can be read in theory by other means doesn't mean that a particularly easy way to read it is irrelevant.
Right, but, Apple *has* made it trivial to install RAM and an airport card in the iBook and Powerbook. The same philosophy looks like it would work here as well: expose a couple of very basic ports (which are the ones most likely to be upgraded), and make the rest require special tools to get at.
I wouldn't be surprised to see that happen in a later release, but then, I haven't played with it, so maybe it would have been harder than I can see from the pictures.
As far as I can tell, throwing it in involves getting past a case that doesn't want you to open it and incidentally voiding your warrantee -- at least, there's a line on the design page about Apple-certified RAM upgrades only, and I haven't seen any mention of how you open it.
I shouldn't talk before I've seen it, but at this point not having a case that allows for upgrades seems like a pointless flaw in an otherwise awe-inspiring product. I guess we'll see, though.
Well, the thing is, $75 in this case only buys you an additional 256 MB. That's not such a sweet deal.
You're right that it wouldn't be a dealbreaker for me, though -- I just have a philosophical objection. I think it would be a lot smarter to offer the upgrade basically at cost (which I imagine would be about $35). An extra $40 isn't worth it if the next computer they buy is a PC.
OK, all you folks who are about to get your first Mac -- yes, do it, it's worth it. But listen, OS X just won't be happy with 256MB of RAM. Throw in another $75 and get 512.
Apple loves overcharging for ram. I don't know why, and it bugs me, so normally I upgrade from a third party right after I get a new computer. That isn't an option here, so just bite the bullet and do it. Otherwise, we're all going to be back here in a month complaining about how slow the mini is, and no one wants that.
B. security through obscurity: don't link to it, don't save a record of it. No links = no crawling/spidering.
That one isn't so reliable anymore. Doesn't the Google toolbar submit pages it visits for indexing?
I kind of see multi-licensing as having a different insurance policy for each fender on your car.
With 20 years of active development, it's probably more like having different insurance policies for each vehicle in your car show.
Someone else pointed out that this was done via frames before XmlHttpRequest existed -- I myself have written javascript apps that called the server that way, feeling very clever for coming up with the idea, and didn't find out about XHR until Google Suggest popped up, at which point I slapped my forehead.
r ame.html
Apple has a great article on how to make javascript RPCs using iframes:
http://developer.apple.com/internet/webcontent/if
It closes with a single cross-browser javascript function that first writes the iframe into the document if it doesn't already exist, then calls an arbitrary URL. They have a demo -- very impressive.
I'm afraid Slashdot being behing the times isn't really a new development. Sorry, fearx.
One thing you'd have to think carefully about is privacy and security; how do you stop a user finding stuff out about files they're not entitled to read?
Perhaps it would simply work to store information about each file in a database with the same permissions as the file has. Then if the search runs with the user's permissions, which is probably a good idea, it could only read the index for files that the user could read anyway. In case the file permissions change between index runs, you could throw in a check that wouldn't show results that weren't currently readable. That part might be worked around, but would at least prevent accidental exposure.
Anything I'm missing?
I'm not trying to be hostile here, but I have a friend whose pastor admitted he was gay and then committed suicide. I'm sure up until that point, most of the members of his church would have said the same thing -- there may be lots of gay people, but none of them are *here*. None of them are people I would know.
The only real gay activity or 'interest' is having gay sex, and that's an interest that many gay people don't admit to or participate in. It's time to stop pretending that most gay people are anything other than our friends and family members-- than people like us.
(I'm going to regret this post -- haven't had my coffee yet. :)
:)
Anyway, this is just a reminder -- it's hard to know for sure, but at a best guess, about one in ten people are gay. Most of them (in the States at least) are afraid to admit it, can't imagine why, so if you have ten friends, there's no way of knowing which one is queer. That means there's a decent chance that one of them is there when you're joking -- and it sounds like 1) you tend to say things that would be hurtful to gays if they were there, and 2) you're not into hurting anyone.
It's a real problem, isn't it? Hard to know what to do. Me, I tend to make jokes about black people -- I can be sure there are none of *those* in the room.
There. That's the part I'm going to regret.
Every time a new exploit travels around the internet, there are posts here saying things like "it's a good thing there was that bug ..." or "it's a good thing they used a relatively inefficient search for new hosts ..." or "it's a good thing it failed to disguise itself in this way ..."
...
If there's a movement towards greater code reuse, sharing of ideas, and debugging help among the people creating these exploits, we won't just see a speed difference -- we'll see a quality difference. We've been relying on security through malware incompetence for a little too long
Great link -- it hadn't occured to me, but 3D modelling with simple polygons like those earlier FPS games is probably the easiest application to apply a sketch filter to. Nifty.
... *very* cool stuff, though the page isn't dated, and there's no source, so it's hard to tell if it's still alive. Does have a screencap from Quake 3, though, and instructions to try it yourself.
Also, there's good news for you -- the page you linked connects to this one, which is a rough replacement OpenGL driver to postprocess any application's OpenGL calls with any sort of filter
If a university has a 75% drop-out rate should they be funded the same as, less then or more then a university with a 5% drop-out rate? That's worthy of debate, something not possible without this data.
... is there *any* way we could determine a university's dropout rate without the "name, address, birth date, gender, race, and SSN" of every student who has ever attended?
OK, I'm thinking
Thanks for the 'think' advice. That was a good idea. If you don't mind, though, I'll keep the tin foil until you can explain any reason to store individual rather than aggregate data for each school.
My god
google: "torrent anime tentacle" 29,000
Unfortunately "torrent" in that context doesn't mean what you think it means.
Here's the thing -- for the first time, it's possible that a single, clever hacker slightly altered the returns across the state of Florida to convincingly shift the outcome by a percent or two. I agree with you that most likely it didn't happen -- but damn, there's just no way of knowing, is there? The statement "there is not wholesale or widespread fraud in the election" is one that not you, nor anyone else can support right now. The only way to do that is to sniff around, check all the logs and records and whatever, and see if anything interesting pops up.
A better way to phrase it would be, "we'll never know if there was wholesale or widespread fraud in the election, but since it looks like he won, and it's certainly credible that he did, why don't we just go with it?"
That sentiment makes a lot of sense -- but I'm still glad they're checking into it as best they can.
I've been the victim of online credit card theft, and I design ecommerce systems for a living, so I'll speak to that small part of the problem. The solution is mindblowingly simple: never identify yourself to anyone but your credit card company.
I care about this, because it's my ass on the line if my software has any holes in it. Metaphorically, here's how the system works currently: you're buying something from me, so you give me all of your bank information, I write it down someplace and keep it for ever, and then I go later and withdraw the money from your bank. If my files are ever broken into, whoever took them can also go and withdraw money from your bank -- and conversely, if I give you something valuable in exchange for your bank information, and then your account turns out to be empty, I'm SOL.
We do this because it matches the way credit card transactions are done in the real world. The internet gives us a few luxuries, however. Here's how the system should work: you're buying something from me, so I instantly teleport you to your actual bank. You tell them exactly how much money to give me, as soon as I call and confirm the transaction is complete -- the bank verifies that they know you, and you verify that it's your bank, and I don't give a crap how that happens. You then teleport back to my store with a slip of paper with a number on it. I call up your bank and verify that that number means that you transferred the proper amount of money to me.
All of this can be integrated seamlessly into existing online checkouts without changing the experience much, and it reduces the millions of potential points of failure in ecommerce across the internet to about 5 -- one for each credit card company.
Until this system is implemented, I'm saying the problem of online credit card fraud can be blamed entirely on inertia -- the technical solution is there.
You worked for Satan at the birth of the .com boom too?
This is offtopic, but I hope no one is gambling real money on Neopets. The thing is, my little brother hacked it a couple of years ago, back when he was 13 years old and had that kind of free time. He set up a little web form that would let him submit any score he wanted for any of their games.
...
Of course, not wanting to spoil anyone's fun, he only used it once to get #11 on some ranking or other, and they may have switched to a non-laughably trivial encryption scheme since then. Still, the best use of Neopets may be to teach you what happens when you compete on a website you don't control with people you don't know